41 int	_ssh_exchange_banner(struct ssh *);
42 int	_ssh_send_banner(struct ssh *, struct sshbuf *);
43 int	_ssh_read_banner(struct ssh *, struct sshbuf *);
44 int	_ssh_order_hostkeyalgs(struct ssh *);
45 int	_ssh_verify_host_key(struct sshkey *, struct ssh *);
46 struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
47 struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
48 int	_ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
82 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)  in ssh_init()
86 	struct ssh *ssh;  in ssh_init()  local
96 	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL)  in ssh_init()
99 		ssh_packet_set_server(ssh);  in ssh_init()
103 	kex_proposal_populate_entries(ssh, populated,  in ssh_init()
109 	r = kex_ready(ssh, populated);  in ssh_init()
112 		ssh_free(ssh);  in ssh_init()
116 	ssh->kex->server = is_server;  in ssh_init()
119 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;  in ssh_init()
120 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;  in ssh_init()
121 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;  in ssh_init()
122 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;  in ssh_init()
123 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;  in ssh_init()
124 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;  in ssh_init()
125 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;  in ssh_init()
127 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;  in ssh_init()
130 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;  in ssh_init()
131 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;  in ssh_init()
132 		ssh->kex->load_host_public_key=&_ssh_host_public_key;  in ssh_init()
133 		ssh->kex->load_host_private_key=&_ssh_host_private_key;  in ssh_init()
134 		ssh->kex->sign=&_ssh_host_key_sign;  in ssh_init()
137 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;  in ssh_init()
138 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;  in ssh_init()
139 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;  in ssh_init()
140 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;  in ssh_init()
141 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;  in ssh_init()
142 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;  in ssh_init()
143 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;  in ssh_init()
145 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;  in ssh_init()
148 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;  in ssh_init()
149 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;  in ssh_init()
150 		ssh->kex->verify_host_key =&_ssh_verify_host_key;  in ssh_init()
152 	*sshp = ssh;  in ssh_init()
157 ssh_free(struct ssh *ssh)  in ssh_free()  argument
161 	if (ssh == NULL)  in ssh_free()
168 	while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) {  in ssh_free()
169 		TAILQ_REMOVE(&ssh->public_keys, k, next);  in ssh_free()
170 		if (ssh->kex && ssh->kex->server)  in ssh_free()
174 	while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) {  in ssh_free()
175 		TAILQ_REMOVE(&ssh->private_keys, k, next);  in ssh_free()
178 	ssh_packet_close(ssh);  in ssh_free()
179 	free(ssh);  in ssh_free()
183 ssh_set_app_data(struct ssh *ssh, void *app_data)  in ssh_set_app_data()  argument
185 	ssh->app_data = app_data;  in ssh_set_app_data()
189 ssh_get_app_data(struct ssh *ssh)  in ssh_get_app_data()  argument
191 	return ssh->app_data;  in ssh_get_app_data()
196 ssh_add_hostkey(struct ssh *ssh, struct sshkey *key)  in ssh_add_hostkey()  argument
202 	if (ssh->kex->server) {  in ssh_add_hostkey()
212 		TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next);  in ssh_add_hostkey()
216 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
222 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
230 ssh_set_verify_host_key_callback(struct ssh *ssh,  in ssh_set_verify_host_key_callback()  argument
231     int (*cb)(struct sshkey *, struct ssh *))  in ssh_set_verify_host_key_callback()
233 	if (cb == NULL || ssh->kex == NULL)  in ssh_set_verify_host_key_callback()
236 	ssh->kex->verify_host_key = cb;  in ssh_set_verify_host_key_callback()
242 ssh_input_append(struct ssh *ssh, const u_char *data, size_t len)  in ssh_input_append()  argument
244 	return sshbuf_put(ssh_packet_get_input(ssh), data, len);  in ssh_input_append()
248 ssh_packet_next(struct ssh *ssh, u_char *typep)  in ssh_packet_next()  argument
259 	if (sshbuf_len(ssh->kex->client_version) == 0 ||  in ssh_packet_next()
260 	    sshbuf_len(ssh->kex->server_version) == 0)  in ssh_packet_next()
261 		return _ssh_exchange_banner(ssh);  in ssh_packet_next()
274 		if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0)  in ssh_packet_next()
278 		    ssh->dispatch[type] != NULL) {  in ssh_packet_next()
279 			if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0)  in ssh_packet_next()
289 ssh_packet_payload(struct ssh *ssh, size_t *lenp)  in ssh_packet_payload()  argument
291 	return sshpkt_ptr(ssh, lenp);  in ssh_packet_payload()
295 ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len)  in ssh_packet_put()  argument
299 	if ((r = sshpkt_start(ssh, type)) != 0 ||  in ssh_packet_put()
300 	    (r = sshpkt_put(ssh, data, len)) != 0 ||  in ssh_packet_put()
301 	    (r = sshpkt_send(ssh)) != 0)  in ssh_packet_put()
307 ssh_output_ptr(struct ssh *ssh, size_t *len)  in ssh_output_ptr()  argument
309 	struct sshbuf *output = ssh_packet_get_output(ssh);  in ssh_output_ptr()
316 ssh_output_consume(struct ssh *ssh, size_t len)  in ssh_output_consume()  argument
318 	return sshbuf_consume(ssh_packet_get_output(ssh), len);  in ssh_output_consume()
322 ssh_output_space(struct ssh *ssh, size_t len)  in ssh_output_space()  argument
324 	return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len));  in ssh_output_space()
328 ssh_input_space(struct ssh *ssh, size_t len)  in ssh_input_space()  argument
330 	return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len));  in ssh_input_space()
335 _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_read_banner()  argument
337 	struct sshbuf *input = ssh_packet_get_input(ssh);  in _ssh_read_banner()
371 		if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {  in _ssh_read_banner()
373 			if ((r = sshbuf_put(ssh_packet_get_output(ssh),  in _ssh_read_banner()
401 	compat_banner(ssh, remote_version);  in _ssh_read_banner()
418 _ssh_send_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_send_banner()  argument
425 	if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0)  in _ssh_send_banner()
438 _ssh_exchange_banner(struct ssh *ssh)  in _ssh_exchange_banner()  argument
440 	struct kex *kex = ssh->kex;  in _ssh_exchange_banner()
450 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
451 			r = _ssh_send_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
453 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
454 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
455 			r = _ssh_read_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
457 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
458 			r = _ssh_read_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
460 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
461 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
462 			r = _ssh_send_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
467 	if (sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
468 	    sshbuf_len(ssh->kex->client_version) != 0) {  in _ssh_exchange_banner()
469 		if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 ||  in _ssh_exchange_banner()
470 		    (r = kex_send_kexinit(ssh)) != 0)  in _ssh_exchange_banner()
477 _ssh_host_public_key(int type, int nid, struct ssh *ssh)  in _ssh_host_public_key()  argument
482 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_host_public_key()
492 _ssh_host_private_key(int type, int nid, struct ssh *ssh)  in _ssh_host_private_key()  argument
497 	TAILQ_FOREACH(k, &ssh->private_keys, next) {  in _ssh_host_private_key()
507 _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh)  in _ssh_verify_host_key()  argument
512 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_verify_host_key()
522 _ssh_order_hostkeyalgs(struct ssh *ssh)  in _ssh_order_hostkeyalgs()  argument
531 	if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)  in _ssh_order_hostkeyalgs()
547 		TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_order_hostkeyalgs()
559 		debug2_f("orig/%d    %s", ssh->kex->server, orig);  in _ssh_order_hostkeyalgs()
560 		debug2_f("replace/%d %s", ssh->kex->server, replace);  in _ssh_order_hostkeyalgs()
564 		r = kex_prop2buf(ssh->kex->my, proposal);  in _ssh_order_hostkeyalgs()
574 _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,  in _ssh_host_key_sign()  argument
579 	    alg, NULL, NULL, ssh->compat);  in _ssh_host_key_sign()