upstream commit

sync ssh-keysign, ssh-keygen and some dependencies to the
 new buffer/key API; mostly mechanical, ok markus@

dns.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.32 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.33 2015/01/15 09:40:00 djm Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -38,7 +38,8 @@
 #include <stdlib.h>
 
 #include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
+#include "ssherr.h"
 #include "dns.h"
 #include "log.h"
 #include "digest.h"
@@ -78,9 +79,9 @@ dns_result_totext(unsigned int res)
  */
 static int
 dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
-    u_char **digest, u_int *digest_len, Key *key)
+    u_char **digest, size_t *digest_len, struct sshkey *key)
 {
-	int success = 0;
+	int r, success = 0;
 	int fp_alg = -1;
 
 	switch (key->type) {
@@ -121,9 +122,10 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
 	}
 
 	if (*algorithm && *digest_type) {
-		*digest = key_fingerprint_raw(key, fp_alg, digest_len);
+		if ((r = sshkey_fingerprint_raw(key, fp_alg, digest,
-		if (*digest == NULL)
+		    digest_len)) != 0)
-			fatal("dns_read_key: null from key_fingerprint_raw()");
+			fatal("%s: sshkey_fingerprint_raw: %s", __func__,
+			   ssh_err(r));
 		success = 1;
 	} else {
 		*digest = NULL;
@@ -139,7 +141,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
  */
 static int
 dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
-    u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len)
+    u_char **digest, size_t *digest_len, u_char *rdata, int rdata_len)
 {
 	int success = 0;
 
@@ -200,7 +202,7 @@ is_numeric_hostname(const char *hostname)
  */
 int
 verify_host_key_dns(const char *hostname, struct sockaddr *address,
-    Key *hostkey, int *flags)
+    struct sshkey *hostkey, int *flags)
 {
 	u_int counter;
 	int result;
@@ -209,12 +211,12 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
 	u_int8_t hostkey_algorithm;
 	u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED;
 	u_char *hostkey_digest;
-	u_int hostkey_digest_len;
+	size_t hostkey_digest_len;
 
 	u_int8_t dnskey_algorithm;
 	u_int8_t dnskey_digest_type;
 	u_char *dnskey_digest;
-	u_int dnskey_digest_len;
+	size_t dnskey_digest_len;
 
 	*flags = 0;
 
@@ -310,13 +312,13 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
  * Export the fingerprint of a key as a DNS resource record
  */
 int
-export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
+export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
 {
 	u_int8_t rdata_pubkey_algorithm = 0;
 	u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;
 	u_int8_t dtype;
 	u_char *rdata_digest;
-	u_int i, rdata_digest_len;
+	size_t i, rdata_digest_len;
 	int success = 0;
 
 	for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
@@ -324,7 +326,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
 		if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
 		    &rdata_digest, &rdata_digest_len, key)) {
 			if (generic) {
-				fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ",
+				fprintf(f, "%s IN TYPE%d \\# %zu %02x %02x ",
 				    hostname, DNS_RDATATYPE_SSHFP,
 				    2 + rdata_digest_len,
 				    rdata_pubkey_algorithm, rdata_digest_type);

dns.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.h,v 1.13 2014/04/20 09:24:26 logan Exp $ */
+/* $OpenBSD: dns.h,v 1.14 2015/01/15 09:40:00 djm Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -50,7 +50,8 @@ enum sshfp_hashes {
 #define DNS_VERIFY_MATCH	0x00000002
 #define DNS_VERIFY_SECURE	0x00000004
 
-int	verify_host_key_dns(const char *, struct sockaddr *, Key *, int *);
+int	verify_host_key_dns(const char *, struct sockaddr *,
-int	export_dns_rr(const char *, Key *, FILE *, int);
+    struct sshkey *, int *);
+int	export_dns_rr(const char *, struct sshkey *, FILE *, int);
 
 #endif /* DNS_H */

hostfile.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.58 2014/10/20 03:43:01 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.59 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,10 +51,11 @@
 
 #include "xmalloc.h"
 #include "match.h"
-#include "key.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "log.h"
 #include "misc.h"
+#include "ssherr.h"
 #include "digest.h"
 #include "hmac.h"
 
@@ -155,15 +156,16 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
  */
 
 int
-hostfile_read_key(char **cpp, int *bitsp, Key *ret)
+hostfile_read_key(char **cpp, u_int *bitsp, struct sshkey *ret)
 {
 	char *cp;
+	int r;
 
 	/* Skip leading whitespace. */
 	for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
 		;
 
-	if (key_read(ret, &cp) != 1)
+	if ((r = sshkey_read(ret, &cp)) != 0)
 		return 0;
 
 	/* Skip trailing whitespace. */
@@ -172,15 +174,13 @@ hostfile_read_key(char **cpp, int *bitsp, Key *ret)
 
 	/* Return results. */
 	*cpp = cp;
-	if (bitsp != NULL) {
+	if (bitsp != NULL)
-		if ((*bitsp = key_size(ret)) <= 0)
+		*bitsp = sshkey_size(ret);
-			return 0;
-	}
 	return 1;
 }
 
 static int
-hostfile_check_key(int bits, const Key *key, const char *host,
+hostfile_check_key(int bits, const struct sshkey *key, const char *host,
     const char *filename, u_long linenum)
 {
 #ifdef WITH_SSH1
@@ -249,8 +249,8 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
 	u_long linenum = 0, num_loaded = 0;
 	char *cp, *cp2, *hashed_host;
 	HostkeyMarker marker;
-	Key *key;
+	struct sshkey *key;
-	int kbits;
+	u_int kbits;
 
 	if ((f = fopen(path, "r")) == NULL)
 		return;
@@ -296,13 +296,19 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
 		 * Extract the key from the line.  This will skip any leading
 		 * whitespace.  Ignore badly formatted lines.
 		 */
-		key = key_new(KEY_UNSPEC);
+		if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
+			error("%s: sshkey_new failed", __func__);
+			break;
+		}
 		if (!hostfile_read_key(&cp, &kbits, key)) {
-			key_free(key);
+			sshkey_free(key);
 #ifdef WITH_SSH1
-			key = key_new(KEY_RSA1);
+			if ((key = sshkey_new(KEY_RSA1)) == NULL) {
+				error("%s: sshkey_new failed", __func__);
+				break;
+			}
 			if (!hostfile_read_key(&cp, &kbits, key)) {
-				key_free(key);
+				sshkey_free(key);
 				continue;
 			}
 #else
@@ -315,7 +321,7 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
 		debug3("%s: found %skey type %s in file %s:%lu", __func__,
 		    marker == MRK_NONE ? "" :
 		    (marker == MRK_CA ? "ca " : "revoked "),
-		    key_type(key), path, linenum);
+		    sshkey_type(key), path, linenum);
 		hostkeys->entries = xrealloc(hostkeys->entries,
 		    hostkeys->num_entries + 1, sizeof(*hostkeys->entries));
 		hostkeys->entries[hostkeys->num_entries].host = xstrdup(host);
@@ -339,7 +345,7 @@ free_hostkeys(struct hostkeys *hostkeys)
 	for (i = 0; i < hostkeys->num_entries; i++) {
 		free(hostkeys->entries[i].host);
 		free(hostkeys->entries[i].file);
-		key_free(hostkeys->entries[i].key);
+		sshkey_free(hostkeys->entries[i].key);
 		explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
 	}
 	free(hostkeys->entries);
@@ -348,18 +354,18 @@ free_hostkeys(struct hostkeys *hostkeys)
 }
 
 static int
-check_key_not_revoked(struct hostkeys *hostkeys, Key *k)
+check_key_not_revoked(struct hostkeys *hostkeys, struct sshkey *k)
 {
-	int is_cert = key_is_cert(k);
+	int is_cert = sshkey_is_cert(k);
 	u_int i;
 
 	for (i = 0; i < hostkeys->num_entries; i++) {
 		if (hostkeys->entries[i].marker != MRK_REVOKE)
 			continue;
-		if (key_equal_public(k, hostkeys->entries[i].key))
+		if (sshkey_equal_public(k, hostkeys->entries[i].key))
 			return -1;
 		if (is_cert &&
-		    key_equal_public(k->cert->signature_key,
+		    sshkey_equal_public(k->cert->signature_key,
 		    hostkeys->entries[i].key))
 			return -1;
 	}
@@ -383,11 +389,11 @@ check_key_not_revoked(struct hostkeys *hostkeys, Key *k)
  */
 static HostStatus
 check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
-    Key *k, int keytype, const struct hostkey_entry **found)
+    struct sshkey *k, int keytype, const struct hostkey_entry **found)
 {
 	u_int i;
 	HostStatus end_return = HOST_NEW;
-	int want_cert = key_is_cert(k);
+	int want_cert = sshkey_is_cert(k);
 	HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
 	int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
 
@@ -411,7 +417,7 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
 			break;
 		}
 		if (want_cert) {
-			if (key_equal_public(k->cert->signature_key,
+			if (sshkey_equal_public(k->cert->signature_key,
 			    hostkeys->entries[i].key)) {
 				/* A matching CA exists */
 				end_return = HOST_OK;
@@ -420,7 +426,7 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
 				break;
 			}
 		} else {
-			if (key_equal(k, hostkeys->entries[i].key)) {
+			if (sshkey_equal(k, hostkeys->entries[i].key)) {
 				end_return = HOST_OK;
 				if (found != NULL)
 					*found = hostkeys->entries + i;
@@ -441,7 +447,7 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
 }
 
 HostStatus
-check_key_in_hostkeys(struct hostkeys *hostkeys, Key *key,
+check_key_in_hostkeys(struct hostkeys *hostkeys, struct sshkey *key,
     const struct hostkey_entry **found)
 {
 	if (key == NULL)
@@ -463,11 +469,11 @@ lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype,
  */
 
 int
-add_host_to_hostfile(const char *filename, const char *host, const Key *key,
+add_host_to_hostfile(const char *filename, const char *host,
-    int store_hash)
+    const struct sshkey *key, int store_hash)
 {
 	FILE *f;
-	int success = 0;
+	int r, success = 0;
 	char *hashed_host = NULL;
 
 	if (key == NULL)
@@ -485,12 +491,12 @@ add_host_to_hostfile(const char *filename, const char *host, const Key *key,
 	}
 	fprintf(f, "%s ", store_hash ? hashed_host : host);
 
-	if (key_write(key, f)) {
+	if ((r = sshkey_write(key, f)) != 0) {
+		error("%s: saving key in %s failed: %s",
+		    __func__, filename, ssh_err(r));
+	} else
 		success = 1;
-	} else {
+	fputs("\n", f);
-		error("add_host_to_hostfile: saving key in %s failed", filename);
-	}
-	fprintf(f, "\n");
 	fclose(f);
 	return success;
 }

hostfile.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */
+/* $OpenBSD: hostfile.h,v 1.21 2015/01/15 09:40:00 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -26,7 +26,7 @@ struct hostkey_entry {
 	char *host;
 	char *file;
 	u_long line;
-	Key *key;
+	struct sshkey *key;
 	HostkeyMarker marker;
 };
 struct hostkeys;
@@ -35,13 +35,14 @@ struct hostkeys *init_hostkeys(void);
 void	 load_hostkeys(struct hostkeys *, const char *, const char *);
 void	 free_hostkeys(struct hostkeys *);
 
-HostStatus check_key_in_hostkeys(struct hostkeys *, Key *,
+HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *,
     const struct hostkey_entry **);
 int	 lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
     const struct hostkey_entry **);
 
-int	 hostfile_read_key(char **, int *, Key *);
+int	 hostfile_read_key(char **, u_int *, struct sshkey *);
-int	 add_host_to_hostfile(const char *, const char *, const Key *, int);
+int	 add_host_to_hostfile(const char *, const char *,
+    const struct sshkey *, int);
 
 #define HASH_MAGIC	"|1|"
 #define HASH_DELIM	'|'

kex.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.65 2015/01/13 19:31:40 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.66 2015/01/15 09:40:00 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -27,6 +27,8 @@
 #define KEX_H
 
 #include "mac.h"
+#include "buffer.h" /* XXX for typedef */
+#include "key.h" /* XXX for typedef */
 
 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 #include <openssl/ec.h>

msg.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: msg.c,v 1.15 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: msg.c,v 1.16 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -34,17 +34,18 @@
 #include <unistd.h>
 #include <stdarg.h>
 
-#include "buffer.h"
+#include "sshbuf.h"
+#include "ssherr.h"
 #include "log.h"
 #include "atomicio.h"
 #include "msg.h"
 #include "misc.h"
 
 int
-ssh_msg_send(int fd, u_char type, Buffer *m)
+ssh_msg_send(int fd, u_char type, struct sshbuf *m)
 {
 	u_char buf[5];
-	u_int mlen = buffer_len(m);
+	u_int mlen = sshbuf_len(m);
 
 	debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff);
 
@@ -54,7 +55,7 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
 		error("ssh_msg_send: write");
 		return (-1);
 	}
-	if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen) {
+	if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(m), mlen) != mlen) {
 		error("ssh_msg_send: write");
 		return (-1);
 	}
@@ -62,10 +63,11 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
 }
 
 int
-ssh_msg_recv(int fd, Buffer *m)
+ssh_msg_recv(int fd, struct sshbuf *m)
 {
-	u_char buf[4];
+	u_char buf[4], *p;
 	u_int msg_len;
+	int r;
 
 	debug3("ssh_msg_recv entering");
 
@@ -79,9 +81,12 @@ ssh_msg_recv(int fd, Buffer *m)
 		error("ssh_msg_recv: read: bad msg_len %u", msg_len);
 		return (-1);
 	}
-	buffer_clear(m);
+	sshbuf_reset(m);
-	buffer_append_space(m, msg_len);
+	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) {
-	if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
+		error("%s: buffer error: %s", __func__, ssh_err(r));
+		return -1;
+	}
+	if (atomicio(read, fd, p, msg_len) != msg_len) {
 		error("ssh_msg_recv: read: %s", strerror(errno));
 		return (-1);
 	}

msg.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: msg.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: msg.h,v 1.5 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,8 @@
 #ifndef SSH_MSG_H
 #define SSH_MSG_H
 
-int	 ssh_msg_send(int, u_char, Buffer *);
+struct sshbuf;
-int	 ssh_msg_recv(int, Buffer *);
+int	 ssh_msg_send(int, u_char, struct sshbuf *);
+int	 ssh_msg_recv(int, struct sshbuf *);
 
 #endif

readconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.226 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.227 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,11 +51,10 @@
 #include "cipher.h"
 #include "pathnames.h"
 #include "log.h"
-#include "key.h"
+#include "sshkey.h"
 #include "misc.h"
 #include "readconf.h"
 #include "match.h"
-#include "buffer.h"
 #include "kex.h"
 #include "mac.h"
 #include "uidswap.h"

readconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.105 2014/12/21 22:27:56 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.106 2015/01/15 09:40:00 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -93,7 +93,7 @@ typedef struct {
 	int     num_identity_files;	/* Number of files for RSA/DSA identities. */
 	char   *identity_files[SSH_MAX_IDENTITY_FILES];
 	int    identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
-	Key    *identity_keys[SSH_MAX_IDENTITY_FILES];
+	struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
 
 	/* Local TCP/IP forward requests. */
 	int     num_local_forwards;

ssh-keysign.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.45 2015/01/08 10:14:08 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.46 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -43,11 +43,11 @@
 
 #include "xmalloc.h"
 #include "log.h"
-#include "key.h"
+#include "sshkey.h"
 #include "ssh.h"
 #include "ssh2.h"
 #include "misc.h"
-#include "buffer.h"
+#include "sshbuf.h"
 #include "authfile.h"
 #include "msg.h"
 #include "canohost.h"
@@ -63,64 +63,73 @@ uid_t original_real_uid;
 extern char *__progname;
 
 static int
-valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
+valid_request(struct passwd *pw, char *host, struct sshkey **ret,
-    u_int datalen)
+    u_char *data, size_t datalen)
 {
-	Buffer b;
+	struct sshbuf *b;
-	Key *key = NULL;
+	struct sshkey *key = NULL;
-	u_char *pkblob;
+	u_char type, *pkblob;
-	u_int blen, len;
+	char *p;
-	char *pkalg, *p;
+	size_t blen, len;
-	int pktype, fail;
+	char *pkalg, *luser;
+	int r, pktype, fail;
 
 	if (ret != NULL)
 		*ret = NULL;
 	fail = 0;
 
-	buffer_init(&b);
+	if ((b = sshbuf_from(data, datalen)) == NULL)
-	buffer_append(&b, data, datalen);
+		fatal("%s: sshbuf_from failed", __func__);
 
 	/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */
-	p = buffer_get_string(&b, &len);
+	if ((r = sshbuf_get_string(b, NULL, &len)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	if (len != 20 && len != 32)
 		fail++;
-	free(p);
 
-	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
+	if ((r = sshbuf_get_u8(b, &type)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	if (type != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 
 	/* server user */
-	buffer_skip_string(&b);
+	if ((r = sshbuf_skip_string(b)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
 	/* service */
-	p = buffer_get_string(&b, NULL);
+	if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	if (strcmp("ssh-connection", p) != 0)
 		fail++;
 	free(p);
 
 	/* method */
-	p = buffer_get_string(&b, NULL);
+	if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	if (strcmp("hostbased", p) != 0)
 		fail++;
 	free(p);
 
 	/* pubkey */
-	pkalg = buffer_get_string(&b, NULL);
+	if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 ||
-	pkblob = buffer_get_string(&b, &blen);
+	    (r = sshbuf_get_string(b, &pkblob, &blen)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
-	pktype = key_type_from_name(pkalg);
+	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC)
 		fail++;
-	else if ((key = key_from_blob(pkblob, blen)) == NULL)
+	else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
+		error("%s: bad key blob: %s", __func__, ssh_err(r));
 		fail++;
-	else if (key->type != pktype)
+	} else if (key->type != pktype)
 		fail++;
 	free(pkalg);
 	free(pkblob);
 
 	/* client host name, handle trailing dot */
-	p = buffer_get_string(&b, &len);
+	if ((r = sshbuf_get_cstring(b, &p, &len)) != 0)
-	debug2("valid_request: check expect chost %s got %s", host, p);
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	debug2("%s: check expect chost %s got %s", __func__, host, p);
 	if (strlen(host) != len - 1)
 		fail++;
 	else if (p[len - 1] != '.')
@@ -130,21 +139,22 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
 	free(p);
 
 	/* local user */
-	p = buffer_get_string(&b, NULL);
+	if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
-	if (strcmp(pw->pw_name, p) != 0)
+	if (strcmp(pw->pw_name, luser) != 0)
 		fail++;
-	free(p);
+	free(luser);
 
 	/* end of message */
-	if (buffer_len(&b) != 0)
+	if (sshbuf_len(b) != 0)
 		fail++;
-	buffer_free(&b);
+	sshbuf_free(b);
 
-	debug3("valid_request: fail %d", fail);
+	debug3("%s: fail %d", __func__, fail);
 
 	if (fail && key != NULL)
-		key_free(key);
+		sshkey_free(key);
 	else
 		*ret = key;
 
@@ -154,15 +164,15 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
 int
 main(int argc, char **argv)
 {
-	Buffer b;
+	struct sshbuf *b;
 	Options options;
 #define NUM_KEYTYPES 4
-	Key *keys[NUM_KEYTYPES], *key = NULL;
+	struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
 	struct passwd *pw;
 	int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
-	u_char *signature, *data;
+	u_char *signature, *data, rver;
 	char *host, *fp;
-	u_int slen, dlen;
+	size_t slen, dlen;
 #ifdef WITH_OPENSSL
 	u_int32_t rnd[256];
 #endif
@@ -232,18 +242,23 @@ main(int argc, char **argv)
 	if (!found)
 		fatal("no hostkey found");
 
-	buffer_init(&b);
+	if ((b = sshbuf_new()) == NULL)
-	if (ssh_msg_recv(STDIN_FILENO, &b) < 0)
+		fatal("%s: sshbuf_new failed", __func__);
+	if (ssh_msg_recv(STDIN_FILENO, b) < 0)
 		fatal("ssh_msg_recv failed");
-	if (buffer_get_char(&b) != version)
+	if ((r = sshbuf_get_u8(b, &rver)) != 0)
-		fatal("bad version");
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	fd = buffer_get_int(&b);
+	if (rver != version)
-	if ((fd == STDIN_FILENO) || (fd == STDOUT_FILENO))
+		fatal("bad version: received %d, expected %d", rver, version);
+	if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
 		fatal("bad fd");
 	if ((host = get_local_name(fd)) == NULL)
 		fatal("cannot get local name for fd");
 
-	data = buffer_get_string(&b, &dlen);
+	if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	if (valid_request(pw, host, &key, data, dlen) < 0)
 		fatal("not a valid request");
 	free(host);
@@ -251,26 +266,27 @@ main(int argc, char **argv)
 	found = 0;
 	for (i = 0; i < NUM_KEYTYPES; i++) {
 		if (keys[i] != NULL &&
-		    key_equal_public(key, keys[i])) {
+		    sshkey_equal_public(key, keys[i])) {
 			found = 1;
 			break;
 		}
 	}
 	if (!found) {
-		fp = key_fingerprint(key, options.fingerprint_hash,
+		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
 		fatal("no matching hostkey found for key %s %s",
-		    key_type(key), fp);
+		    sshkey_type(key), fp ? fp : "");
 	}
 
-	if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
+	if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, 0)) != 0)
-		fatal("key_sign failed");
+		fatal("sshkey_sign failed: %s", ssh_err(r));
 	free(data);
 
 	/* send reply */
-	buffer_clear(&b);
+	sshbuf_reset(b);
-	buffer_put_string(&b, signature, slen);
+	if ((r = sshbuf_put_string(b, signature, slen)) != 0)
-	if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
 		fatal("ssh_msg_send failed");
 
 	return (0);

ssh-pkcs11.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.14 2014/06/24 01:13:21 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.15 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -38,7 +38,7 @@
 
 #include "log.h"
 #include "misc.h"
-#include "key.h"
+#include "sshkey.h"
 #include "ssh-pkcs11.h"
 #include "xmalloc.h"
 
@@ -385,12 +385,12 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
  * keysp points to an (possibly empty) array with *nkeys keys.
  */
 static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG,
-    CK_ATTRIBUTE [], CK_ATTRIBUTE [3], Key ***, int *)
+    CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *)
 	__attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE))));
 
 static int
 pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
-    Key ***keysp, int *nkeys)
+    struct sshkey ***keysp, int *nkeys)
 {
 	CK_OBJECT_CLASS	pubkey_class = CKO_PUBLIC_KEY;
 	CK_OBJECT_CLASS	cert_class = CKO_CERTIFICATE;
@@ -422,12 +422,12 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
 }
 
 static int
-pkcs11_key_included(Key ***keysp, int *nkeys, Key *key)
+pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)
 {
 	int i;
 
 	for (i = 0; i < *nkeys; i++)
-		if (key_equal(key, (*keysp)[i]))
+		if (sshkey_equal(key, (*keysp)[i]))
 			return (1);
 	return (0);
 }
@@ -435,9 +435,9 @@ pkcs11_key_included(Key ***keysp, int *nkeys, Key *key)
 static int
 pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
     CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],
-    Key ***keysp, int *nkeys)
+    struct sshkey ***keysp, int *nkeys)
 {
-	Key			*key;
+	struct sshkey		*key;
 	RSA			*rsa;
 	X509 			*x509;
 	EVP_PKEY		*evp;
@@ -517,16 +517,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
 		}
 		if (rsa && rsa->n && rsa->e &&
 		    pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
-			key = key_new(KEY_UNSPEC);
+			key = sshkey_new(KEY_UNSPEC);
 			key->rsa = rsa;
 			key->type = KEY_RSA;
 			key->flags |= SSHKEY_FLAG_EXT;
 			if (pkcs11_key_included(keysp, nkeys, key)) {
-				key_free(key);
+				sshkey_free(key);
 			} else {
 				/* expand key array and add key */
 				*keysp = xrealloc(*keysp, *nkeys + 1,
-				    sizeof(Key *));
+				    sizeof(struct sshkey *));
 				(*keysp)[*nkeys] = key;
 				*nkeys = *nkeys + 1;
 				debug("have %d keys", *nkeys);
@@ -544,7 +544,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
 
 /* register a new provider, fails if provider already exists */
 int
-pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp)
+pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
 {
 	int nkeys, need_finalize = 0;
 	struct pkcs11_provider *p = NULL;

ssh-pkcs11.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.h,v 1.3 2014/04/29 18:01:49 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11.h,v 1.4 2015/01/15 09:40:00 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -16,7 +16,7 @@
  */
 int	pkcs11_init(int);
 void	pkcs11_terminate(void);
-int	pkcs11_add_provider(char *, char *, Key ***);
+int	pkcs11_add_provider(char *, char *, struct sshkey ***);
 int	pkcs11_del_provider(char *);
 
 #if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11)