===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/cipher-chachapoly.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- src/usr.bin/ssh/cipher-chachapoly.c	2014/01/31 16:39:19	1.4
+++ src/usr.bin/ssh/cipher-chachapoly.c	2014/06/24 01:13:21	1.5
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: cipher-chachapoly.c,v 1.4 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: cipher-chachapoly.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */
 
 #include <sys/types.h>
 #include <stdarg.h> /* needed for log.h */
@@ -22,16 +22,18 @@
 #include <stdio.h>  /* needed for misc.h */
 
 #include "log.h"
-#include "misc.h"
+#include "sshbuf.h"
+#include "ssherr.h"
 #include "cipher-chachapoly.h"
 
-void chachapoly_init(struct chachapoly_ctx *ctx,
+int chachapoly_init(struct chachapoly_ctx *ctx,
     const u_char *key, u_int keylen)
 {
 	if (keylen != (32 + 32)) /* 2 x 256 bit keys */
-		fatal("%s: invalid keylen %u", __func__, keylen);
+		return SSH_ERR_INVALID_ARGUMENT;
 	chacha_keysetup(&ctx->main_ctx, key, 256);
 	chacha_keysetup(&ctx->header_ctx, key + 32, 256);
+	return 0;
 }
 
 /*
@@ -50,14 +52,14 @@
 	u_char seqbuf[8];
 	const u_char one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 }; /* NB little-endian */
 	u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
-	int r = -1;
+	int r = SSH_ERR_INTERNAL_ERROR;
 
 	/*
 	 * Run ChaCha20 once to generate the Poly1305 key. The IV is the
 	 * packet sequence number.
 	 */
 	memset(poly_key, 0, sizeof(poly_key));
-	put_u64(seqbuf, seqnr);
+	POKE_U64(seqbuf, seqnr);
 	chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL);
 	chacha_encrypt_bytes(&ctx->main_ctx,
 	    poly_key, poly_key, sizeof(poly_key));
@@ -69,8 +71,10 @@
 		const u_char *tag = src + aadlen + len;
 
 		poly1305_auth(expected_tag, src, aadlen + len, poly_key);
-		if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0)
+		if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) {
+			r = SSH_ERR_MAC_INVALID;
 			goto out;
+		}
 	}
 	/* Crypt additional data */
 	if (aadlen) {
@@ -86,7 +90,6 @@
 		    poly_key);
 	}
 	r = 0;
-
  out:
 	explicit_bzero(expected_tag, sizeof(expected_tag));
 	explicit_bzero(seqbuf, sizeof(seqbuf));
@@ -102,11 +105,11 @@
 	u_char buf[4], seqbuf[8];
 
 	if (len < 4)
-		return -1; /* Insufficient length */
-	put_u64(seqbuf, seqnr);
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	POKE_U64(seqbuf, seqnr);
 	chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL);
 	chacha_encrypt_bytes(&ctx->header_ctx, cp, buf, 4);
-	*plenp = get_u32(buf);
+	*plenp = PEEK_U32(buf);
 	return 0;
 }