42 int	_ssh_exchange_banner(struct ssh *);
43 int	_ssh_send_banner(struct ssh *, struct sshbuf *);
44 int	_ssh_read_banner(struct ssh *, struct sshbuf *);
45 int	_ssh_order_hostkeyalgs(struct ssh *);
46 int	_ssh_verify_host_key(struct sshkey *, struct ssh *);
47 struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
48 struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
49 int	_ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
87 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)  in ssh_init()
91 	struct ssh *ssh;  in ssh_init()  local
101 	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL)  in ssh_init()
104 		ssh_packet_set_server(ssh);  in ssh_init()
108 	kex_proposal_populate_entries(ssh, populated,  in ssh_init()
114 	r = kex_ready(ssh, populated);  in ssh_init()
117 		ssh_free(ssh);  in ssh_init()
121 	ssh->kex->server = is_server;  in ssh_init()
124 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;  in ssh_init()
125 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;  in ssh_init()
126 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;  in ssh_init()
127 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;  in ssh_init()
128 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;  in ssh_init()
129 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;  in ssh_init()
130 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;  in ssh_init()
132 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;  in ssh_init()
135 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;  in ssh_init()
136 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;  in ssh_init()
137 		ssh->kex->load_host_public_key=&_ssh_host_public_key;  in ssh_init()
138 		ssh->kex->load_host_private_key=&_ssh_host_private_key;  in ssh_init()
139 		ssh->kex->sign=&_ssh_host_key_sign;  in ssh_init()
142 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;  in ssh_init()
143 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;  in ssh_init()
144 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;  in ssh_init()
145 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;  in ssh_init()
146 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;  in ssh_init()
147 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;  in ssh_init()
148 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;  in ssh_init()
150 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;  in ssh_init()
153 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;  in ssh_init()
154 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;  in ssh_init()
155 		ssh->kex->verify_host_key =&_ssh_verify_host_key;  in ssh_init()
157 	*sshp = ssh;  in ssh_init()
162 ssh_free(struct ssh *ssh)  in ssh_free()  argument
166 	if (ssh == NULL)  in ssh_free()
173 	while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) {  in ssh_free()
174 		TAILQ_REMOVE(&ssh->public_keys, k, next);  in ssh_free()
175 		if (ssh->kex && ssh->kex->server)  in ssh_free()
179 	while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) {  in ssh_free()
180 		TAILQ_REMOVE(&ssh->private_keys, k, next);  in ssh_free()
183 	ssh_packet_close(ssh);  in ssh_free()
184 	free(ssh);  in ssh_free()
188 ssh_set_app_data(struct ssh *ssh, void *app_data)  in ssh_set_app_data()  argument
190 	ssh->app_data = app_data;  in ssh_set_app_data()
194 ssh_get_app_data(struct ssh *ssh)  in ssh_get_app_data()  argument
196 	return ssh->app_data;  in ssh_get_app_data()
201 ssh_add_hostkey(struct ssh *ssh, struct sshkey *key)  in ssh_add_hostkey()  argument
207 	if (ssh->kex->server) {  in ssh_add_hostkey()
217 		TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next);  in ssh_add_hostkey()
221 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
227 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
235 ssh_set_verify_host_key_callback(struct ssh *ssh,  in ssh_set_verify_host_key_callback()  argument
236     int (*cb)(struct sshkey *, struct ssh *))  in ssh_set_verify_host_key_callback()
238 	if (cb == NULL || ssh->kex == NULL)  in ssh_set_verify_host_key_callback()
241 	ssh->kex->verify_host_key = cb;  in ssh_set_verify_host_key_callback()
247 ssh_input_append(struct ssh *ssh, const u_char *data, size_t len)  in ssh_input_append()  argument
249 	return sshbuf_put(ssh_packet_get_input(ssh), data, len);  in ssh_input_append()
253 ssh_packet_next(struct ssh *ssh, u_char *typep)  in ssh_packet_next()  argument
264 	if (sshbuf_len(ssh->kex->client_version) == 0 ||  in ssh_packet_next()
265 	    sshbuf_len(ssh->kex->server_version) == 0)  in ssh_packet_next()
266 		return _ssh_exchange_banner(ssh);  in ssh_packet_next()
279 		if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0)  in ssh_packet_next()
283 		    ssh->dispatch[type] != NULL) {  in ssh_packet_next()
284 			if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0)  in ssh_packet_next()
294 ssh_packet_payload(struct ssh *ssh, size_t *lenp)  in ssh_packet_payload()  argument
296 	return sshpkt_ptr(ssh, lenp);  in ssh_packet_payload()
300 ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len)  in ssh_packet_put()  argument
304 	if ((r = sshpkt_start(ssh, type)) != 0 ||  in ssh_packet_put()
305 	    (r = sshpkt_put(ssh, data, len)) != 0 ||  in ssh_packet_put()
306 	    (r = sshpkt_send(ssh)) != 0)  in ssh_packet_put()
312 ssh_output_ptr(struct ssh *ssh, size_t *len)  in ssh_output_ptr()  argument
314 	struct sshbuf *output = ssh_packet_get_output(ssh);  in ssh_output_ptr()
321 ssh_output_consume(struct ssh *ssh, size_t len)  in ssh_output_consume()  argument
323 	return sshbuf_consume(ssh_packet_get_output(ssh), len);  in ssh_output_consume()
327 ssh_output_space(struct ssh *ssh, size_t len)  in ssh_output_space()  argument
329 	return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len));  in ssh_output_space()
333 ssh_input_space(struct ssh *ssh, size_t len)  in ssh_input_space()  argument
335 	return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len));  in ssh_input_space()
340 _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_read_banner()  argument
342 	struct sshbuf *input = ssh_packet_get_input(ssh);  in _ssh_read_banner()
376 		if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {  in _ssh_read_banner()
378 			if ((r = sshbuf_put(ssh_packet_get_output(ssh),  in _ssh_read_banner()
406 	compat_banner(ssh, remote_version);  in _ssh_read_banner()
423 _ssh_send_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_send_banner()  argument
430 	if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0)  in _ssh_send_banner()
443 _ssh_exchange_banner(struct ssh *ssh)  in _ssh_exchange_banner()  argument
445 	struct kex *kex = ssh->kex;  in _ssh_exchange_banner()
455 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
456 			r = _ssh_send_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
458 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
459 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
460 			r = _ssh_read_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
462 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
463 			r = _ssh_read_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
465 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
466 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
467 			r = _ssh_send_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
472 	if (sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
473 	    sshbuf_len(ssh->kex->client_version) != 0) {  in _ssh_exchange_banner()
474 		if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 ||  in _ssh_exchange_banner()
475 		    (r = kex_send_kexinit(ssh)) != 0)  in _ssh_exchange_banner()
482 _ssh_host_public_key(int type, int nid, struct ssh *ssh)  in _ssh_host_public_key()  argument
487 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_host_public_key()
497 _ssh_host_private_key(int type, int nid, struct ssh *ssh)  in _ssh_host_private_key()  argument
502 	TAILQ_FOREACH(k, &ssh->private_keys, next) {  in _ssh_host_private_key()
512 _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh)  in _ssh_verify_host_key()  argument
517 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_verify_host_key()
527 _ssh_order_hostkeyalgs(struct ssh *ssh)  in _ssh_order_hostkeyalgs()  argument
536 	if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)  in _ssh_order_hostkeyalgs()
552 		TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_order_hostkeyalgs()
564 		debug2_f("orig/%d    %s", ssh->kex->server, orig);  in _ssh_order_hostkeyalgs()
565 		debug2_f("replace/%d %s", ssh->kex->server, replace);  in _ssh_order_hostkeyalgs()
569 		r = kex_prop2buf(ssh->kex->my, proposal);  in _ssh_order_hostkeyalgs()
579 _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,  in _ssh_host_key_sign()  argument
584 	    alg, NULL, NULL, ssh->compat);  in _ssh_host_key_sign()