41 int	_ssh_exchange_banner(struct ssh *);
42 int	_ssh_send_banner(struct ssh *, struct sshbuf *);
43 int	_ssh_read_banner(struct ssh *, struct sshbuf *);
44 int	_ssh_order_hostkeyalgs(struct ssh *);
45 int	_ssh_verify_host_key(struct sshkey *, struct ssh *);
46 struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
47 struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
48 int	_ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
82 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)  in ssh_init()
85 	struct ssh *ssh;  in ssh_init()  local
95 	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL)  in ssh_init()
98 		ssh_packet_set_server(ssh);  in ssh_init()
102 	if ((r = kex_ready(ssh, proposal)) != 0) {  in ssh_init()
103 		ssh_free(ssh);  in ssh_init()
106 	ssh->kex->server = is_server;  in ssh_init()
109 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;  in ssh_init()
110 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;  in ssh_init()
111 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;  in ssh_init()
112 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;  in ssh_init()
113 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;  in ssh_init()
114 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;  in ssh_init()
115 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;  in ssh_init()
117 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;  in ssh_init()
120 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;  in ssh_init()
121 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;  in ssh_init()
122 		ssh->kex->load_host_public_key=&_ssh_host_public_key;  in ssh_init()
123 		ssh->kex->load_host_private_key=&_ssh_host_private_key;  in ssh_init()
124 		ssh->kex->sign=&_ssh_host_key_sign;  in ssh_init()
127 		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;  in ssh_init()
128 		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;  in ssh_init()
129 		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;  in ssh_init()
130 		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;  in ssh_init()
131 		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;  in ssh_init()
132 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;  in ssh_init()
133 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;  in ssh_init()
135 		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;  in ssh_init()
138 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;  in ssh_init()
139 		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;  in ssh_init()
140 		ssh->kex->verify_host_key =&_ssh_verify_host_key;  in ssh_init()
142 	*sshp = ssh;  in ssh_init()
147 ssh_free(struct ssh *ssh)  in ssh_free()  argument
151 	if (ssh == NULL)  in ssh_free()
158 	while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) {  in ssh_free()
159 		TAILQ_REMOVE(&ssh->public_keys, k, next);  in ssh_free()
160 		if (ssh->kex && ssh->kex->server)  in ssh_free()
164 	while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) {  in ssh_free()
165 		TAILQ_REMOVE(&ssh->private_keys, k, next);  in ssh_free()
168 	ssh_packet_close(ssh);  in ssh_free()
169 	free(ssh);  in ssh_free()
173 ssh_set_app_data(struct ssh *ssh, void *app_data)  in ssh_set_app_data()  argument
175 	ssh->app_data = app_data;  in ssh_set_app_data()
179 ssh_get_app_data(struct ssh *ssh)  in ssh_get_app_data()  argument
181 	return ssh->app_data;  in ssh_get_app_data()
186 ssh_add_hostkey(struct ssh *ssh, struct sshkey *key)  in ssh_add_hostkey()  argument
192 	if (ssh->kex->server) {  in ssh_add_hostkey()
202 		TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next);  in ssh_add_hostkey()
206 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
212 		TAILQ_INSERT_TAIL(&ssh->public_keys, k, next);  in ssh_add_hostkey()
220 ssh_set_verify_host_key_callback(struct ssh *ssh,  in ssh_set_verify_host_key_callback()  argument
221     int (*cb)(struct sshkey *, struct ssh *))  in ssh_set_verify_host_key_callback()
223 	if (cb == NULL || ssh->kex == NULL)  in ssh_set_verify_host_key_callback()
226 	ssh->kex->verify_host_key = cb;  in ssh_set_verify_host_key_callback()
232 ssh_input_append(struct ssh *ssh, const u_char *data, size_t len)  in ssh_input_append()  argument
234 	return sshbuf_put(ssh_packet_get_input(ssh), data, len);  in ssh_input_append()
238 ssh_packet_next(struct ssh *ssh, u_char *typep)  in ssh_packet_next()  argument
249 	if (sshbuf_len(ssh->kex->client_version) == 0 ||  in ssh_packet_next()
250 	    sshbuf_len(ssh->kex->server_version) == 0)  in ssh_packet_next()
251 		return _ssh_exchange_banner(ssh);  in ssh_packet_next()
264 		if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0)  in ssh_packet_next()
268 		    ssh->dispatch[type] != NULL) {  in ssh_packet_next()
269 			if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0)  in ssh_packet_next()
279 ssh_packet_payload(struct ssh *ssh, size_t *lenp)  in ssh_packet_payload()  argument
281 	return sshpkt_ptr(ssh, lenp);  in ssh_packet_payload()
285 ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len)  in ssh_packet_put()  argument
289 	if ((r = sshpkt_start(ssh, type)) != 0 ||  in ssh_packet_put()
290 	    (r = sshpkt_put(ssh, data, len)) != 0 ||  in ssh_packet_put()
291 	    (r = sshpkt_send(ssh)) != 0)  in ssh_packet_put()
297 ssh_output_ptr(struct ssh *ssh, size_t *len)  in ssh_output_ptr()  argument
299 	struct sshbuf *output = ssh_packet_get_output(ssh);  in ssh_output_ptr()
306 ssh_output_consume(struct ssh *ssh, size_t len)  in ssh_output_consume()  argument
308 	return sshbuf_consume(ssh_packet_get_output(ssh), len);  in ssh_output_consume()
312 ssh_output_space(struct ssh *ssh, size_t len)  in ssh_output_space()  argument
314 	return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len));  in ssh_output_space()
318 ssh_input_space(struct ssh *ssh, size_t len)  in ssh_input_space()  argument
320 	return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len));  in ssh_input_space()
325 _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_read_banner()  argument
327 	struct sshbuf *input = ssh_packet_get_input(ssh);  in _ssh_read_banner()
361 		if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {  in _ssh_read_banner()
363 			if ((r = sshbuf_put(ssh_packet_get_output(ssh),  in _ssh_read_banner()
391 	compat_banner(ssh, remote_version);  in _ssh_read_banner()
408 _ssh_send_banner(struct ssh *ssh, struct sshbuf *banner)  in _ssh_send_banner()  argument
415 	if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0)  in _ssh_send_banner()
428 _ssh_exchange_banner(struct ssh *ssh)  in _ssh_exchange_banner()  argument
430 	struct kex *kex = ssh->kex;  in _ssh_exchange_banner()
440 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
441 			r = _ssh_send_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
443 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
444 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
445 			r = _ssh_read_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
447 		if (sshbuf_len(ssh->kex->server_version) == 0)  in _ssh_exchange_banner()
448 			r = _ssh_read_banner(ssh, ssh->kex->server_version);  in _ssh_exchange_banner()
450 		    sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
451 		    sshbuf_len(ssh->kex->client_version) == 0)  in _ssh_exchange_banner()
452 			r = _ssh_send_banner(ssh, ssh->kex->client_version);  in _ssh_exchange_banner()
457 	if (sshbuf_len(ssh->kex->server_version) != 0 &&  in _ssh_exchange_banner()
458 	    sshbuf_len(ssh->kex->client_version) != 0) {  in _ssh_exchange_banner()
459 		if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 ||  in _ssh_exchange_banner()
460 		    (r = kex_send_kexinit(ssh)) != 0)  in _ssh_exchange_banner()
467 _ssh_host_public_key(int type, int nid, struct ssh *ssh)  in _ssh_host_public_key()  argument
472 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_host_public_key()
482 _ssh_host_private_key(int type, int nid, struct ssh *ssh)  in _ssh_host_private_key()  argument
487 	TAILQ_FOREACH(k, &ssh->private_keys, next) {  in _ssh_host_private_key()
497 _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh)  in _ssh_verify_host_key()  argument
502 	TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_verify_host_key()
512 _ssh_order_hostkeyalgs(struct ssh *ssh)  in _ssh_order_hostkeyalgs()  argument
521 	if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)  in _ssh_order_hostkeyalgs()
537 		TAILQ_FOREACH(k, &ssh->public_keys, next) {  in _ssh_order_hostkeyalgs()
549 		debug2_f("orig/%d    %s", ssh->kex->server, orig);  in _ssh_order_hostkeyalgs()
550 		debug2_f("replace/%d %s", ssh->kex->server, replace);  in _ssh_order_hostkeyalgs()
554 		r = kex_prop2buf(ssh->kex->my, proposal);  in _ssh_order_hostkeyalgs()
564 _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,  in _ssh_host_key_sign()  argument
569 	    alg, NULL, NULL, ssh->compat);  in _ssh_host_key_sign()