463 	if (ssh->kex->ext_info_c && (ssh->kex->flags & KEX_INITIAL) != 0)  in kex_send_newkeys()
473 	struct kex *kex = ssh->kex;  in kex_input_ext_info()  local
498 			kex->server_sig_algs = val;  in kex_input_ext_info()
511 	struct kex *kex = ssh->kex;  in kex_input_newkeys()  local
521 	kex->done = 1;  in kex_input_newkeys()
522 	kex->flags &= ~KEX_INITIAL;  in kex_input_newkeys()
523 	sshbuf_reset(kex->peer);  in kex_input_newkeys()
525 	kex->flags &= ~KEX_INIT_SENT;  in kex_input_newkeys()
526 	free(kex->name);  in kex_input_newkeys()
527 	kex->name = NULL;  in kex_input_newkeys()
535 	struct kex *kex = ssh->kex;  in kex_send_kexinit()  local
538 	if (kex == NULL) {  in kex_send_kexinit()
542 	if (kex->flags & KEX_INIT_SENT)  in kex_send_kexinit()
544 	kex->done = 0;  in kex_send_kexinit()
547 	if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) {  in kex_send_kexinit()
549 		    sshbuf_len(kex->my), KEX_COOKIE_LEN);  in kex_send_kexinit()
552 	if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) {  in kex_send_kexinit()
559 	    (r = sshpkt_putb(ssh, kex->my)) != 0 ||  in kex_send_kexinit()
565 	kex->flags |= KEX_INIT_SENT;  in kex_send_kexinit()
573 	struct kex *kex = ssh->kex;  in kex_input_kexinit()  local
580 	if (kex == NULL) {  in kex_input_kexinit()
586 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)  in kex_input_kexinit()
617 	if (!(kex->flags & KEX_INIT_SENT))  in kex_input_kexinit()
623 	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)  in kex_input_kexinit()
624 		return (kex->kex[kex->kex_type])(ssh);  in kex_input_kexinit()
626 	error("%s: unknown kex type %u", __func__, kex->kex_type);  in kex_input_kexinit()
630 struct kex *
633 	struct kex *kex;  in kex_new()  local
635 	if ((kex = calloc(1, sizeof(*kex))) == NULL ||  in kex_new()
636 	    (kex->peer = sshbuf_new()) == NULL ||  in kex_new()
637 	    (kex->my = sshbuf_new()) == NULL ||  in kex_new()
638 	    (kex->client_version = sshbuf_new()) == NULL ||  in kex_new()
639 	    (kex->server_version = sshbuf_new()) == NULL) {  in kex_new()
640 		kex_free(kex);  in kex_new()
643 	return kex;  in kex_new()
677 kex_free(struct kex *kex)  in kex_free()  argument
681 	if (kex == NULL)  in kex_free()
685 	DH_free(kex->dh);  in kex_free()
687 	EC_KEY_free(kex->ec_client_key);  in kex_free()
691 		kex_free_newkeys(kex->newkeys[mode]);  in kex_free()
692 		kex->newkeys[mode] = NULL;  in kex_free()
694 	sshbuf_free(kex->peer);  in kex_free()
695 	sshbuf_free(kex->my);  in kex_free()
696 	sshbuf_free(kex->client_version);  in kex_free()
697 	sshbuf_free(kex->server_version);  in kex_free()
698 	sshbuf_free(kex->client_pub);  in kex_free()
699 	free(kex->session_id);  in kex_free()
700 	free(kex->failed_choice);  in kex_free()
701 	free(kex->hostkey_alg);  in kex_free()
702 	free(kex->name);  in kex_free()
703 	free(kex);  in kex_free()
711 	if ((r = kex_prop2buf(ssh->kex->my, proposal)) != 0)  in kex_ready()
713 	ssh->kex->flags = KEX_INITIAL;  in kex_ready()
727 		kex_free(ssh->kex);  in kex_setup()
728 		ssh->kex = NULL;  in kex_setup()
741 	if (ssh->kex == NULL) {  in kex_start_rekex()
745 	if (ssh->kex->done == 0) {  in kex_start_rekex()
749 	ssh->kex->done = 0;  in kex_start_rekex()
819 choose_kex(struct kex *k, char *client, char *server)  in choose_kex()
839 choose_hostkeyalg(struct kex *k, char *client, char *server)  in choose_hostkeyalg()
884 	struct kex *kex = ssh->kex;  in kex_choose_conf()  local
892 	debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");  in kex_choose_conf()
893 	if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)  in kex_choose_conf()
895 	debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server");  in kex_choose_conf()
896 	if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)  in kex_choose_conf()
899 	if (kex->server) {  in kex_choose_conf()
908 	if (kex->server && (kex->flags & KEX_INITIAL)) {  in kex_choose_conf()
912 		kex->ext_info_c = (ext != NULL);  in kex_choose_conf()
917 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],  in kex_choose_conf()
919 		kex->failed_choice = peer[PROPOSAL_KEX_ALGS];  in kex_choose_conf()
923 	if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],  in kex_choose_conf()
925 		kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS];  in kex_choose_conf()
934 		kex->newkeys[mode] = newkeys;  in kex_choose_conf()
935 		ctos = (!kex->server && mode == MODE_OUT) ||  in kex_choose_conf()
936 		    (kex->server && mode == MODE_IN);  in kex_choose_conf()
942 			kex->failed_choice = peer[nenc];  in kex_choose_conf()
951 			kex->failed_choice = peer[nmac];  in kex_choose_conf()
957 			kex->failed_choice = peer[ncomp];  in kex_choose_conf()
969 		newkeys = kex->newkeys[mode];  in kex_choose_conf()
980 	kex->we_need = need;  in kex_choose_conf()
981 	kex->dh_need = dh_need;  in kex_choose_conf()
997 	struct kex *kex = ssh->kex;  in derive_key()  local
1005 	if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)  in derive_key()
1013 	if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||  in derive_key()
1017 	    ssh_digest_update(hashctx, kex->session_id,  in derive_key()
1018 	    kex->session_id_len) != 0 ||  in derive_key()
1033 		if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||  in derive_key()
1063 	struct kex *kex = ssh->kex;  in kex_derive_keys()  local
1069 	if (kex->session_id == NULL) {  in kex_derive_keys()
1070 		kex->session_id_len = hashlen;  in kex_derive_keys()
1071 		kex->session_id = malloc(kex->session_id_len);  in kex_derive_keys()
1072 		if (kex->session_id == NULL)  in kex_derive_keys()
1074 		memcpy(kex->session_id, hash, kex->session_id_len);  in kex_derive_keys()
1077 		if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,  in kex_derive_keys()
1085 		ctos = (!kex->server && mode == MODE_OUT) ||  in kex_derive_keys()
1086 		    (kex->server && mode == MODE_IN);  in kex_derive_keys()
1087 		kex->newkeys[mode]->enc.iv  = keys[ctos ? 0 : 1];  in kex_derive_keys()
1088 		kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];  in kex_derive_keys()
1089 		kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];  in kex_derive_keys()
1097 	struct kex *kex = ssh->kex;  in kex_load_hostkey()  local
1101 	if (kex->load_host_public_key == NULL ||  in kex_load_hostkey()
1102 	    kex->load_host_private_key == NULL) {  in kex_load_hostkey()
1106 	*pubp = kex->load_host_public_key(kex->hostkey_type,  in kex_load_hostkey()
1107 	    kex->hostkey_nid, ssh);  in kex_load_hostkey()
1108 	*prvp = kex->load_host_private_key(kex->hostkey_type,  in kex_load_hostkey()
1109 	    kex->hostkey_nid, ssh);  in kex_load_hostkey()
1118 	struct kex *kex = ssh->kex;  in kex_verify_host_key()  local
1120 	if (kex->verify_host_key == NULL) {  in kex_verify_host_key()
1124 	if (server_host_key->type != kex->hostkey_type ||  in kex_verify_host_key()
1125 	    (kex->hostkey_type == KEY_ECDSA &&  in kex_verify_host_key()
1126 	    server_host_key->ecdsa_nid != kex->hostkey_nid))  in kex_verify_host_key()
1128 	if (kex->verify_host_key(server_host_key, ssh) == -1)  in kex_verify_host_key()
1151 	if (!ssh->kex->server)  in send_error()
1174 	struct sshbuf *our_version = ssh->kex->server ?  in kex_exchange_identification()
1175 	    ssh->kex->server_version : ssh->kex->client_version;  in kex_exchange_identification()
1176 	struct sshbuf *peer_version = ssh->kex->server ?  in kex_exchange_identification()
1177 	    ssh->kex->client_version : ssh->kex->server_version;  in kex_exchange_identification()
1294 		if (ssh->kex->server) {  in kex_exchange_identification()
1350 	if (ssh->kex->server && (ssh->compat & SSH_BUG_PROBE) != 0) {  in kex_exchange_identification()
1357 	if (ssh->kex->server && (ssh->compat & SSH_BUG_SCANNER) != 0) {  in kex_exchange_identification()