upstream commit

remove roaming support; ok djm@ Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
2016-01-14 16:17:39 +00:00 · 2016-01-14 16:17:39 +00:00 · a306863831
parent 6ef49e83e3
commit a306863831
23 changed files with 37 additions and 831 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -95,8 +95,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	platform-pledge.o
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
-	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
+	sshconnect.o sshconnect1.o sshconnect2.o mux.o
 	roaming_common.o roaming_client.o
 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	audit.o audit-bsm.o audit-linux.o platform.o \
@ -109,7 +108,6 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
 	sftp-server.o sftp-common.o \
 	roaming_common.o roaming_serv.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 	sandbox-solaris.o
@ -180,14 +178,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
 ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
 	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o
+ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o
-	$(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+	$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
-	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
 	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -484,8 +482,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
 UNITTESTS_TEST_KEX_OBJS=\
 	regress/unittests/kex/tests.o \
-	regress/unittests/kex/test_kex.o \
+	regress/unittests/kex/test_kex.o
 	roaming_dummy.o
 regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
    regress/unittests/test_helper/libtest_helper.a libssh.a
--- a/clientloop.c
+++ b/clientloop.c
@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.280 2016/01/14 16:17:39 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -111,7 +111,6 @@
 #include "sshpty.h"
 #include "match.h"
 #include "msg.h"
 #include "roaming.h"
 #include "ssherr.h"
 #include "hostfile.h"
@ -756,7 +755,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
 static void
 client_process_net_input(fd_set *readset)
 {
-	int len, cont = 0;
+	int len;
 	char buf[SSH_IOBUFSZ];
 	/*
@ -765,8 +764,8 @@ client_process_net_input(fd_set *readset)
 	 */
 	if (FD_ISSET(connection_in, readset)) {
 		/* Read as much as possible. */
-		len = roaming_read(connection_in, buf, sizeof(buf), &cont);
+		len = read(connection_in, buf, sizeof(buf));
-		if (len == 0 && cont == 0) {
+		if (len == 0) {
 			/*
 			 * Received EOF.  The remote host has closed the
 			 * connection.
--- a/kex.c
+++ b/kex.c
@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.115 2015/12/13 22:42:23 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.116 2016/01/14 16:17:39 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
 *
@ -49,7 +49,6 @@
 #include "misc.h"
 #include "dispatch.h"
 #include "monitor.h"
 #include "roaming.h"
 #include "ssherr.h"
 #include "sshbuf.h"
@ -748,17 +747,6 @@ kex_choose_conf(struct ssh *ssh)
 		sprop=peer;
 	}
 	/* Check whether server offers roaming */
 	if (!kex->server) {
 		char *roaming = match_list(KEX_RESUME,
 		    peer[PROPOSAL_KEX_ALGS], NULL);
 		if (roaming) {
 			kex->roaming = 1;
 			free(roaming);
 		}
 	}
 	/* Check whether client supports ext_info_c */
 	if (kex->server) {
 		char *ext;
--- a/kex.h
+++ b/kex.h
@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.74 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.75 2016/01/14 16:17:39 markus Exp $ */
 /*
 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@ -54,7 +54,6 @@
 #define	KEX_DH14		"diffie-hellman-group14-sha1"
 #define	KEX_DHGEX_SHA1		"diffie-hellman-group-exchange-sha1"
 #define	KEX_DHGEX_SHA256	"diffie-hellman-group-exchange-sha256"
 #define	KEX_RESUME		"resume@appgate.com"
 #define	KEX_ECDH_SHA2_NISTP256	"ecdh-sha2-nistp256"
 #define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
 #define	KEX_ECDH_SHA2_NISTP521	"ecdh-sha2-nistp521"
@ -133,7 +132,6 @@ struct kex {
 	int	hostkey_type;
 	int	hostkey_nid;
 	u_int	kex_type;
 	int	roaming;
 	int	rsa_sha2;
 	int	ext_info_c;
 	struct sshbuf *my;
--- a/monitor.c
+++ b/monitor.c
@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.155 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.156 2016/01/14 16:17:39 markus Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -100,7 +100,6 @@
 #include "monitor_fdpass.h"
 #include "compat.h"
 #include "ssh2.h"
 #include "roaming.h"
 #include "authfd.h"
 #include "match.h"
 #include "ssherr.h"
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.86 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.87 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -80,7 +80,6 @@
 #include "channels.h"
 #include "session.h"
 #include "servconf.h"
 #include "roaming.h"
 #include "ssherr.h"
--- a/opacket.c
+++ b/opacket.c
@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out)
 		fatal("%s: ssh_packet_set_connection failed", __func__);
 }
 void
 packet_backup_state(void)
 {
 	ssh_packet_backup_state(active_state, backup_state);
 }
 void
 packet_restore_state(void)
 {
 	ssh_packet_restore_state(active_state, backup_state);
 }
 u_int
 packet_get_char(void)
 {
--- a/opacket.h
+++ b/opacket.h
@ -39,8 +39,6 @@ do { \
 void	 packet_close(void);
 u_int	 packet_get_char(void);
 u_int	 packet_get_int(void);
 void	 packet_backup_state(void);
 void	 packet_restore_state(void);
 void     packet_set_connection(int, int);
 int	 packet_read_seqnr(u_int32_t *);
 int	 packet_read_poll_seqnr(u_int32_t *);
--- a/packet.c
+++ b/packet.c
@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.221 2015/12/11 04:21:12 mmcc Exp $ */
+/* $OpenBSD: packet.c,v 1.222 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -83,7 +83,6 @@
 #include "channels.h"
 #include "ssh.h"
 #include "packet.h"
 #include "roaming.h"
 #include "ssherr.h"
 #include "sshbuf.h"
@ -1279,7 +1278,7 @@ int
 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
 	struct session_state *state = ssh->state;
-	int len, r, ms_remain, cont;
+	int len, r, ms_remain;
 	fd_set *setp;
 	char buf[8192];
 	struct timeval timeout, start, *timeoutp = NULL;
@ -1349,11 +1348,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		if (r == 0)
 			return SSH_ERR_CONN_TIMEOUT;
 		/* Read data from the socket. */
-		do {
+		len = read(state->connection_in, buf, sizeof(buf));
 			cont = 0;
 			len = roaming_read(state->connection_in, buf,
 			    sizeof(buf), &cont);
 		} while (len == 0 && cont);
 		if (len == 0) {
 			r = SSH_ERR_CONN_CLOSED;
 			goto out;
@ -2025,19 +2020,18 @@ ssh_packet_write_poll(struct ssh *ssh)
 {
 	struct session_state *state = ssh->state;
 	int len = sshbuf_len(state->output);
-	int cont, r;
+	int r;
 	if (len > 0) {
-		cont = 0;
+		len = write(state->connection_out,
-		len = roaming_write(state->connection_out,
+		    sshbuf_ptr(state->output), len);
 		    sshbuf_ptr(state->output), len, &cont);
 		if (len == -1) {
 			if (errno == EINTR || errno == EAGAIN ||
 			    errno == EWOULDBLOCK)
 				return 0;
 			return SSH_ERR_SYSTEM_ERROR;
 		}
-		if (len == 0 && !cont)
+		if (len == 0)
 			return SSH_ERR_CONN_CLOSED;
 		if ((r = sshbuf_consume(state->output, len)) != 0)
 			return r;
@ -2314,58 +2308,6 @@ ssh_packet_get_output(struct ssh *ssh)
 	return (void *)ssh->state->output;
 }
 /* XXX TODO update roaming to new API (does not work anyway) */
 /*
 * Save the state for the real connection, and use a separate state when
 * resuming a suspended connection.
 */
 void
 ssh_packet_backup_state(struct ssh *ssh,
    struct ssh *backup_state)
 {
 	struct ssh *tmp;
 	close(ssh->state->connection_in);
 	ssh->state->connection_in = -1;
 	close(ssh->state->connection_out);
 	ssh->state->connection_out = -1;
 	if (backup_state)
 		tmp = backup_state;
 	else
 		tmp = ssh_alloc_session_state();
 	backup_state = ssh;
 	ssh = tmp;
 }
 /* XXX FIXME FIXME FIXME */
 /*
 * Swap in the old state when resuming a connecion.
 */
 void
 ssh_packet_restore_state(struct ssh *ssh,
    struct ssh *backup_state)
 {
 	struct ssh *tmp;
 	u_int len;
 	int r;
 	tmp = backup_state;
 	backup_state = ssh;
 	ssh = tmp;
 	ssh->state->connection_in = backup_state->state->connection_in;
 	backup_state->state->connection_in = -1;
 	ssh->state->connection_out = backup_state->state->connection_out;
 	backup_state->state->connection_out = -1;
 	len = sshbuf_len(backup_state->state->input);
 	if (len > 0) {
 		if ((r = sshbuf_putb(ssh->state->input,
 		    backup_state->state->input)) != 0)
 			fatal("%s: %s", __func__, ssh_err(r));
 		sshbuf_reset(backup_state->state->input);
 		add_recv_bytes(len);
 	}
 }
 /* Reset after_authentication and reset compression in post-auth privsep */
 static int
 ssh_packet_set_postauth(struct ssh *ssh)
@ -2515,11 +2457,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
 	    (r = sshbuf_put_stringb(m, state->output)) != 0)
 		return r;
 	if (compat20) {
 		if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 ||
 		    (r = sshbuf_put_u64(m, get_recv_bytes())) != 0)
 			return r;
 	}
 	return 0;
 }
@ -2646,7 +2583,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 	size_t ssh1keylen, rlen, slen, ilen, olen;
 	int r;
 	u_int ssh1cipher = 0;
 	u_int64_t sent_bytes = 0, recv_bytes = 0;
 	if (!compat20) {
 		if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 ||
@ -2711,12 +2647,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 	    (r = sshbuf_put(state->output, output, olen)) != 0)
 		return r;
 	if (compat20) {
 		if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 ||
 		    (r = sshbuf_get_u64(m, &recv_bytes)) != 0)
 			return r;
 		roam_set_bytes(sent_bytes, recv_bytes);
 	}
 	if (sshbuf_len(m))
 		return SSH_ERR_INVALID_FORMAT;
 	debug3("%s: done", __func__);
--- a/packet.h
+++ b/packet.h
@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.67 2015/12/11 03:24:25 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.68 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -149,10 +149,6 @@ int	 ssh_packet_need_rekeying(struct ssh *);
 void	 ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t);
 time_t	 ssh_packet_get_rekey_timeout(struct ssh *);
 /* XXX FIXME */
 void	 ssh_packet_backup_state(struct ssh *, struct ssh *);
 void	 ssh_packet_restore_state(struct ssh *, struct ssh *);
 void	*ssh_packet_get_input(struct ssh *);
 void	*ssh_packet_get_output(struct ssh *);
--- a/readconf.c
+++ b/readconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.247 2016/01/14 14:34:34 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.248 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -152,7 +152,7 @@ typedef enum {
 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
 	oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-	oVisualHostKey, oUseRoaming,
+	oVisualHostKey,
 	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
@ -263,7 +263,7 @@ static struct {
 	{ "localcommand", oLocalCommand },
 	{ "permitlocalcommand", oPermitLocalCommand },
 	{ "visualhostkey", oVisualHostKey },
-	{ "useroaming", oUseRoaming },
+	{ "useroaming", oDeprecated },
 	{ "kexalgorithms", oKexAlgorithms },
 	{ "ipqos", oIPQoS },
 	{ "requesttty", oRequestTTY },
@ -1425,10 +1425,6 @@ parse_keytypes:
 		}
 		break;
 	case oUseRoaming:
 		intptr = &options->use_roaming;
 		goto parse_flag;
 	case oRequestTTY:
 		intptr = &options->request_tty;
 		multistate_ptr = multistate_requesttty;
@ -1713,7 +1709,6 @@ initialize_options(Options * options)
 	options->tun_remote = -1;
 	options->local_command = NULL;
 	options->permit_local_command = -1;
 	options->use_roaming = 0;
 	options->add_keys_to_agent = -1;
 	options->visual_host_key = -1;
 	options->ip_qos_interactive = -1;
@ -1889,7 +1884,6 @@ fill_default_options(Options * options)
 		options->tun_remote = SSH_TUNID_ANY;
 	if (options->permit_local_command == -1)
 		options->permit_local_command = 0;
 	options->use_roaming = 0;
 	if (options->visual_host_key == -1)
 		options->visual_host_key = 0;
 	if (options->ip_qos_interactive == -1)
--- a/readconf.h
+++ b/readconf.h
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.112 2015/11/15 22:26:49 jcs Exp $ */
+/* $OpenBSD: readconf.h,v 1.113 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -137,8 +137,6 @@ typedef struct {
 	int	permit_local_command;
 	int	visual_host_key;
 	int	use_roaming;
 	int	request_tty;
 	int	proxy_use_fdpass;
--- a/roaming.h
+++ b/roaming.h
@ -1,45 +0,0 @@
 /* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */
 /*
 * Copyright (c) 2004-2009 AppGate Network Security AB
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #ifndef ROAMING_H
 #define ROAMING_H
 #define DEFAULT_ROAMBUF	65536
 #define MAX_ROAMBUF	(2*1024*1024) /* XXX arbitrary */
 #define ROAMING_REQUEST	"roaming@appgate.com"
 extern int roaming_enabled;
 extern int resume_in_progress;
 void	request_roaming(void);
 int	get_snd_buf_size(void);
 int	get_recv_buf_size(void);
 void	add_recv_bytes(u_int64_t);
 int	wait_for_roaming_reconnect(void);
 void	roaming_reply(int, u_int32_t, void *);
 void	set_out_buffer_size(size_t);
 ssize_t	roaming_write(int, const void *, size_t, int *);
 ssize_t	roaming_read(int, void *, size_t, int *);
 size_t	roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
 u_int64_t	get_recv_bytes(void);
 u_int64_t	get_sent_bytes(void);
 void	roam_set_bytes(u_int64_t, u_int64_t);
 void	resend_bytes(int, u_int64_t *);
 void	calculate_new_key(u_int64_t *, u_int64_t, u_int64_t);
 int	resume_kex(void);
 #endif /* ROAMING */
--- a/roaming_client.c
+++ b/roaming_client.c
@ -1,271 +0,0 @@
 /* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */
 /*
 * Copyright (c) 2004-2009 AppGate Network Security AB
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <signal.h>
 #include <string.h>
 #include <unistd.h>
 #include "xmalloc.h"
 #include "buffer.h"
 #include "channels.h"
 #include "cipher.h"
 #include "dispatch.h"
 #include "clientloop.h"
 #include "log.h"
 #include "match.h"
 #include "misc.h"
 #include "packet.h"
 #include "ssh.h"
 #include "key.h"
 #include "kex.h"
 #include "readconf.h"
 #include "roaming.h"
 #include "ssh2.h"
 #include "sshconnect.h"
 #include "digest.h"
 /* import */
 extern Options options;
 extern char *host;
 extern struct sockaddr_storage hostaddr;
 extern int session_resumed;
 static u_int32_t roaming_id;
 static u_int64_t cookie;
 static u_int64_t lastseenchall;
 static u_int64_t key1, key2, oldkey1, oldkey2;
 void
 roaming_reply(int type, u_int32_t seq, void *ctxt)
 {
 	if (type == SSH2_MSG_REQUEST_FAILURE) {
 		logit("Server denied roaming");
 		return;
 	}
 	verbose("Roaming enabled");
 	roaming_id = packet_get_int();
 	cookie = packet_get_int64();
 	key1 = oldkey1 = packet_get_int64();
 	key2 = oldkey2 = packet_get_int64();
 	set_out_buffer_size(packet_get_int() + get_snd_buf_size());
 	roaming_enabled = 1;
 }
 void
 request_roaming(void)
 {
 	packet_start(SSH2_MSG_GLOBAL_REQUEST);
 	packet_put_cstring(ROAMING_REQUEST);
 	packet_put_char(1);
 	packet_put_int(get_recv_buf_size());
 	packet_send();
 	client_register_global_confirm(roaming_reply, NULL);
 }
 static void
 roaming_auth_required(void)
 {
 	u_char digest[SSH_DIGEST_MAX_LENGTH];
 	Buffer b;
 	u_int64_t chall, oldchall;
 	chall = packet_get_int64();
 	oldchall = packet_get_int64();
 	if (oldchall != lastseenchall) {
 		key1 = oldkey1;
 		key2 = oldkey2;
 	}
 	lastseenchall = chall;
 	buffer_init(&b);
 	buffer_put_int64(&b, cookie);
 	buffer_put_int64(&b, chall);
 	if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0)
 		fatal("%s: ssh_digest_buffer failed", __func__);
 	buffer_free(&b);
 	packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
 	packet_put_int64(key1 ^ get_recv_bytes());
 	packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1));
 	packet_send();
 	oldkey1 = key1;
 	oldkey2 = key2;
 	calculate_new_key(&key1, cookie, chall);
 	calculate_new_key(&key2, cookie, chall);
 	debug("Received %llu bytes", (unsigned long long)get_recv_bytes());
 	debug("Sent roaming_auth packet");
 }
 int
 resume_kex(void)
 {
 	/*
 	 * This should not happen - if the client sends the kex method
 	 * resume@appgate.com then the kex is done in roaming_resume().
 	 */
 	return 1;
 }
 static int
 roaming_resume(void)
 {
 	u_int64_t recv_bytes;
 	char *str = NULL, *kexlist = NULL, *c;
 	int i, type;
 	int timeout_ms = options.connection_timeout * 1000;
 	u_int len;
 	u_int32_t rnd = 0;
 	resume_in_progress = 1;
 	/* Exchange banners */
 	ssh_exchange_identification(timeout_ms);
 	packet_set_nonblocking();
 	/* Send a kexinit message with resume@appgate.com as only kex algo */
 	packet_start(SSH2_MSG_KEXINIT);
 	for (i = 0; i < KEX_COOKIE_LEN; i++) {
 		if (i % 4 == 0)
 			rnd = arc4random();
 		packet_put_char(rnd & 0xff);
 		rnd >>= 8;
 	}
 	packet_put_cstring(KEX_RESUME);
 	for (i = 1; i < PROPOSAL_MAX; i++) {
 		/* kex algorithm added so start with i=1 and not 0 */
 		packet_put_cstring(""); /* Not used when we resume */
 	}
 	packet_put_char(1); /* first kex_packet follows */
 	packet_put_int(0); /* reserved */
 	packet_send();
 	/* Assume that resume@appgate.com will be accepted */
 	packet_start(SSH2_MSG_KEX_ROAMING_RESUME);
 	packet_put_int(roaming_id);
 	packet_send();
 	/* Read the server's kexinit and check for resume@appgate.com */
 	if ((type = packet_read()) != SSH2_MSG_KEXINIT) {
 		debug("expected kexinit on resume, got %d", type);
 		goto fail;
 	}
 	for (i = 0; i < KEX_COOKIE_LEN; i++)
 		(void)packet_get_char();
 	kexlist = packet_get_string(&len);
 	if (!kexlist
 	    || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) {
 		debug("server doesn't allow resume");
 		goto fail;
 	}
 	free(str);
 	for (i = 1; i < PROPOSAL_MAX; i++) {
 		/* kex algorithm taken care of so start with i=1 and not 0 */
 		free(packet_get_string(&len));
 	}
 	i = packet_get_char(); /* first_kex_packet_follows */
 	if (i && (c = strchr(kexlist, ',')))
 		*c = 0;
 	if (i && strcmp(kexlist, KEX_RESUME)) {
 		debug("server's kex guess (%s) was wrong, skipping", kexlist);
 		(void)packet_read(); /* Wrong guess - discard packet */
 	}
 	/*
 	 * Read the ROAMING_AUTH_REQUIRED challenge from the server and
 	 * send ROAMING_AUTH
 	 */
 	if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) {
 		debug("expected roaming_auth_required, got %d", type);
 		goto fail;
 	}
 	roaming_auth_required();
 	/* Read ROAMING_AUTH_OK from the server */
 	if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) {
 		debug("expected roaming_auth_ok, got %d", type);
 		goto fail;
 	}
 	recv_bytes = packet_get_int64() ^ oldkey2;
 	debug("Peer received %llu bytes", (unsigned long long)recv_bytes);
 	resend_bytes(packet_get_connection_out(), &recv_bytes);
 	resume_in_progress = 0;
 	session_resumed = 1; /* Tell clientloop */
 	return 0;
 fail:
 	free(kexlist);
 	if (packet_get_connection_in() == packet_get_connection_out())
 		close(packet_get_connection_in());
 	else {
 		close(packet_get_connection_in());
 		close(packet_get_connection_out());
 	}
 	return 1;
 }
 int
 wait_for_roaming_reconnect(void)
 {
 	static int reenter_guard = 0;
 	int timeout_ms = options.connection_timeout * 1000;
 	int c;
 	if (reenter_guard != 0)
 		fatal("Server refused resume, roaming timeout may be exceeded");
 	reenter_guard = 1;
 	fprintf(stderr, "[connection suspended, press return to resume]");
 	fflush(stderr);
 	packet_backup_state();
 	/* TODO Perhaps we should read from tty here */
 	while ((c = fgetc(stdin)) != EOF) {
 		if (c == 'Z' - 64) {
 			kill(getpid(), SIGTSTP);
 			continue;
 		}
 		if (c != '\n' && c != '\r')
 			continue;
 		if (ssh_connect(host, NULL, &hostaddr, options.port,
 		    options.address_family, 1, &timeout_ms,
 		    options.tcp_keep_alive, options.use_privileged_port) == 0 &&
 		    roaming_resume() == 0) {
 			packet_restore_state();
 			reenter_guard = 0;
 			fprintf(stderr, "[connection resumed]\n");
 			fflush(stderr);
 			return 0;
 		}
 		fprintf(stderr, "[reconnect failed, press return to retry]");
 		fflush(stderr);
 	}
 	fprintf(stderr, "[exiting]\n");
 	fflush(stderr);
 	exit(0);
 }
--- a/roaming_common.c
+++ b/roaming_common.c
@ -1,241 +0,0 @@
 /* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */
 /*
 * Copyright (c) 2004-2009 AppGate Network Security AB
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "includes.h"
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 #include <errno.h>
 #include <stdarg.h>
 #include <string.h>
 #include <unistd.h>
 #include "atomicio.h"
 #include "log.h"
 #include "packet.h"
 #include "xmalloc.h"
 #include "cipher.h"
 #include "buffer.h"
 #include "roaming.h"
 #include "digest.h"
 static size_t out_buf_size = 0;
 static char *out_buf = NULL;
 static size_t out_start;
 static size_t out_last;
 static u_int64_t write_bytes = 0;
 static u_int64_t read_bytes = 0;
 int roaming_enabled = 0;
 int resume_in_progress = 0;
 int
 get_snd_buf_size(void)
 {
 	int fd = packet_get_connection_out();
 	int optval;
 	socklen_t optvallen = sizeof(optval);
 	if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0)
 		optval = DEFAULT_ROAMBUF;
 	return optval;
 }
 int
 get_recv_buf_size(void)
 {
 	int fd = packet_get_connection_in();
 	int optval;
 	socklen_t optvallen = sizeof(optval);
 	if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0)
 		optval = DEFAULT_ROAMBUF;
 	return optval;
 }
 void
 set_out_buffer_size(size_t size)
 {
 	if (size == 0 || size > MAX_ROAMBUF)
 		fatal("%s: bad buffer size %lu", __func__, (u_long)size);
 	/*
 	 * The buffer size can only be set once and the buffer will live
 	 * as long as the session lives.
 	 */
 	if (out_buf == NULL) {
 		out_buf_size = size;
 		out_buf = xmalloc(size);
 		out_start = 0;
 		out_last = 0;
 	}
 }
 u_int64_t
 get_recv_bytes(void)
 {
 	return read_bytes;
 }
 void
 add_recv_bytes(u_int64_t num)
 {
 	read_bytes += num;
 }
 u_int64_t
 get_sent_bytes(void)
 {
 	return write_bytes;
 }
 void
 roam_set_bytes(u_int64_t sent, u_int64_t recvd)
 {
 	read_bytes = recvd;
 	write_bytes = sent;
 }
 static void
 buf_append(const char *buf, size_t count)
 {
 	if (count > out_buf_size) {
 		buf += count - out_buf_size;
 		count = out_buf_size;
 	}
 	if (count < out_buf_size - out_last) {
 		memcpy(out_buf + out_last, buf, count);
 		if (out_start > out_last)
 			out_start += count;
 		out_last += count;
 	} else {
 		/* data will wrap */
 		size_t chunk = out_buf_size - out_last;
 		memcpy(out_buf + out_last, buf, chunk);
 		memcpy(out_buf, buf + chunk, count - chunk);
 		out_last = count - chunk;
 		out_start = out_last + 1;
 	}
 }
 ssize_t
 roaming_write(int fd, const void *buf, size_t count, int *cont)
 {
 	ssize_t ret;
 	ret = write(fd, buf, count);
 	if (ret > 0 && !resume_in_progress) {
 		write_bytes += ret;
 		if (out_buf_size > 0)
 			buf_append(buf, ret);
 	}
 	if (out_buf_size > 0 &&
 	    (ret == 0 || (ret == -1 && errno == EPIPE))) {
 		if (wait_for_roaming_reconnect() != 0) {
 			ret = 0;
 			*cont = 1;
 		} else {
 			ret = -1;
 			errno = EAGAIN;
 		}
 	}
 	return ret;
 }
 ssize_t
 roaming_read(int fd, void *buf, size_t count, int *cont)
 {
 	ssize_t ret = read(fd, buf, count);
 	if (ret > 0) {
 		if (!resume_in_progress) {
 			read_bytes += ret;
 		}
 	} else if (out_buf_size > 0 &&
 	    (ret == 0 || (ret == -1 && (errno == ECONNRESET
 	    || errno == ECONNABORTED || errno == ETIMEDOUT
 	    || errno == EHOSTUNREACH)))) {
 		debug("roaming_read failed for %d  ret=%ld  errno=%d",
 		    fd, (long)ret, errno);
 		ret = 0;
 		if (wait_for_roaming_reconnect() == 0)
 			*cont = 1;
 	}
 	return ret;
 }
 size_t
 roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf,
    size_t count)
 {
 	size_t ret = atomicio(f, fd, buf, count);
 	if (f == vwrite && ret > 0 && !resume_in_progress) {
 		write_bytes += ret;
 	} else if (f == read && ret > 0 && !resume_in_progress) {
 		read_bytes += ret;
 	}
 	return ret;
 }
 void
 resend_bytes(int fd, u_int64_t *offset)
 {
 	size_t available, needed;
 	if (out_start < out_last)
 		available = out_last - out_start;
 	else
 		available = out_buf_size;
 	needed = write_bytes - *offset;
 	debug3("resend_bytes: resend %lu bytes from %llu",
 	    (unsigned long)needed, (unsigned long long)*offset);
 	if (needed > available)
 		fatal("Needed to resend more data than in the cache");
 	if (out_last < needed) {
 		int chunkend = needed - out_last;
 		atomicio(vwrite, fd, out_buf + out_buf_size - chunkend,
 		    chunkend);
 		atomicio(vwrite, fd, out_buf, out_last);
 	} else {
 		atomicio(vwrite, fd, out_buf + (out_last - needed), needed);
 	}
 }
 /*
 * Caclulate a new key after a reconnect
 */
 void
 calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
 {
 	u_char hash[SSH_DIGEST_MAX_LENGTH];
 	Buffer b;
 	buffer_init(&b);
 	buffer_put_int64(&b, *key);
 	buffer_put_int64(&b, cookie);
 	buffer_put_int64(&b, challenge);
 	if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0)
 		fatal("%s: digest_buffer failed", __func__);
 	buffer_clear(&b);
 	buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
 	*key = buffer_get_int64(&b);
 	buffer_free(&b);
 }
--- a/roaming_dummy.c
+++ b/roaming_dummy.c
@ -1,72 +0,0 @@
 /* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */
 /*
 * Copyright (c) 2004-2009 AppGate Network Security AB
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 /*
 * This file is included in the client programs which should not
 * support roaming.
 */
 #include "includes.h"
 #include <sys/types.h>
 #include <unistd.h>
 #include "roaming.h"
 int resume_in_progress = 0;
 u_int64_t
 get_recv_bytes(void)
 {
 	return 0;
 }
 u_int64_t
 get_sent_bytes(void)
 {
 	return 0;
 }
 void
 roam_set_bytes(u_int64_t sent, u_int64_t recvd)
 {
 }
 ssize_t
 roaming_write(int fd, const void *buf, size_t count, int *cont)
 {
 	return write(fd, buf, count);
 }
 ssize_t
 roaming_read(int fd, void *buf, size_t count, int *cont)
 {
 	if (cont)
 		*cont = 0;
 	return read(fd, buf, count);
 }
 void
 add_recv_bytes(u_int64_t num)
 {
 }
 int
 resume_kex(void)
 {
 	return 1;
 }
--- a/roaming_serv.c
+++ b/roaming_serv.c
@ -1,31 +0,0 @@
 /* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */
 /*
 * Copyright (c) 2004-2009 AppGate Network Security AB
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include "includes.h"
 #include <sys/types.h>
 #include "roaming.h"
 /*
 * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred.
 */
 int
 wait_for_roaming_reconnect(void)
 {
 	return 1;
 }
--- a/serverloop.c
+++ b/serverloop.c
@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.180 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: serverloop.c,v 1.181 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -78,7 +78,6 @@
 #include "dispatch.h"
 #include "auth-options.h"
 #include "serverloop.h"
 #include "roaming.h"
 #include "ssherr.h"
 extern ServerOptions options;
@ -399,11 +398,8 @@ process_input(fd_set *readset)
 	/* Read and buffer any input data from the client. */
 	if (FD_ISSET(connection_in, readset)) {
-		int cont = 0;
+		len = read(connection_in, buf, sizeof(buf));
 		len = roaming_read(connection_in, buf, sizeof(buf), &cont);
 		if (len == 0) {
 			if (cont)
 				return;
 			verbose("Connection closed by %.100s",
 			    get_remote_ipaddr());
 			connection_closed = 1;
--- a/ssh.c
+++ b/ssh.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.434 2016/01/14 14:34:34 deraadt Exp $ */
+/* $OpenBSD: ssh.c,v 1.435 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -105,7 +105,6 @@
 #include "match.h"
 #include "msg.h"
 #include "uidswap.h"
 #include "roaming.h"
 #include "version.h"
 #include "ssherr.h"
 #include "myproposal.h"
--- a/ssh2.h
+++ b/ssh2.h
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh2.h,v 1.16 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: ssh2.h,v 1.17 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@ -165,13 +165,6 @@
 #define SSH2_EXTENDED_DATA_STDERR			1
 /* kex messages for resume@appgate.com */
 #define SSH2_MSG_KEX_ROAMING_RESUME			30
 #define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED		31
 #define SSH2_MSG_KEX_ROAMING_AUTH			32
 #define SSH2_MSG_KEX_ROAMING_AUTH_OK			33
 #define SSH2_MSG_KEX_ROAMING_AUTH_FAIL			34
 /* Certificate types for OpenSSH certificate keys extension */
 #define SSH2_CERT_TYPE_USER				1
 #define SSH2_CERT_TYPE_HOST				2
--- a/sshconnect.c
+++ b/sshconnect.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.269 2015/11/20 01:45:29 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.270 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -59,7 +59,6 @@
 #include "readconf.h"
 #include "atomicio.h"
 #include "dns.h"
 #include "roaming.h"
 #include "monitor_fdpass.h"
 #include "ssh2.h"
 #include "version.h"
@ -532,7 +531,7 @@ send_client_banner(int connection_out, int minor1)
 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
 		    PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
 	}
-	if (roaming_atomicio(vwrite, connection_out, client_version_string,
+	if (atomicio(vwrite, connection_out, client_version_string,
 	    strlen(client_version_string)) != strlen(client_version_string))
 		fatal("write: %.100s", strerror(errno));
 	chop(client_version_string);
@ -592,7 +591,7 @@ ssh_exchange_identification(int timeout_ms)
 				}
 			}
-			len = roaming_atomicio(read, connection_in, &buf[i], 1);
+			len = atomicio(read, connection_in, &buf[i], 1);
 			if (len != 1 && errno == EPIPE)
 				fatal("ssh_exchange_identification: "
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.235 2015/12/11 02:31:47 mmcc Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.236 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@ -219,10 +219,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
 	if (options.use_roaming && !kex->roaming) {
 		debug("Roaming not allowed by server");
 		options.use_roaming = 0;
 	}
 	/* remove ext-info from the KEX proposals for rekeying */
 	myproposal[PROPOSAL_KEX_ALGS] =
 	    compat_kex_proposal(options.kex_algorithms);
--- a/sshd.c
+++ b/sshd.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.462 2015/12/10 17:08:40 mmcc Exp $ */
+/* $OpenBSD: sshd.c,v 1.463 2016/01/14 16:17:40 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -121,7 +121,6 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
 #include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
 #include "ssherr.h"
@ -437,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 	    options.version_addendum, newline);
 	/* Send our protocol version identification. */
-	if (roaming_atomicio(vwrite, sock_out, server_version_string,
+	if (atomicio(vwrite, sock_out, server_version_string,
 	    strlen(server_version_string))
 	    != strlen(server_version_string)) {
 		logit("Could not write ident string to %s", get_remote_ipaddr());
@ -447,7 +446,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 	/* Read other sides version identification. */
 	memset(buf, 0, sizeof(buf));
 	for (i = 0; i < sizeof(buf) - 1; i++) {
-		if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) {
+		if (atomicio(read, sock_in, &buf[i], 1) != 1) {
 			logit("Did not receive identification string from %s",
 			    get_remote_ipaddr());
 			cleanup_exit(255);