379 	if (ssh->kex->ext_info_c)  in kex_send_newkeys()
389 	struct kex *kex = ssh->kex;  in kex_input_ext_info()  local
409 				kex->rsa_sha2 = 256;  in kex_input_ext_info()
414 				kex->rsa_sha2 = 512;  in kex_input_ext_info()
428 	struct kex *kex = ssh->kex;  in kex_input_newkeys()  local
438 	kex->done = 1;  in kex_input_newkeys()
439 	sshbuf_reset(kex->peer);  in kex_input_newkeys()
441 	kex->flags &= ~KEX_INIT_SENT;  in kex_input_newkeys()
442 	free(kex->name);  in kex_input_newkeys()
443 	kex->name = NULL;  in kex_input_newkeys()
451 	struct kex *kex = ssh->kex;  in kex_send_kexinit()  local
454 	if (kex == NULL)  in kex_send_kexinit()
456 	if (kex->flags & KEX_INIT_SENT)  in kex_send_kexinit()
458 	kex->done = 0;  in kex_send_kexinit()
461 	if (sshbuf_len(kex->my) < KEX_COOKIE_LEN)  in kex_send_kexinit()
463 	if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL)  in kex_send_kexinit()
468 	    (r = sshpkt_putb(ssh, kex->my)) != 0 ||  in kex_send_kexinit()
472 	kex->flags |= KEX_INIT_SENT;  in kex_send_kexinit()
481 	struct kex *kex = ssh->kex;  in kex_input_kexinit()  local
488 	if (kex == NULL)  in kex_input_kexinit()
493 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)  in kex_input_kexinit()
518 	if (!(kex->flags & KEX_INIT_SENT))  in kex_input_kexinit()
524 	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)  in kex_input_kexinit()
525 		return (kex->kex[kex->kex_type])(ssh);  in kex_input_kexinit()
531 kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)  in kex_new()
533 	struct kex *kex;  in kex_new()  local
537 	if ((kex = calloc(1, sizeof(*kex))) == NULL)  in kex_new()
539 	if ((kex->peer = sshbuf_new()) == NULL ||  in kex_new()
540 	    (kex->my = sshbuf_new()) == NULL) {  in kex_new()
544 	if ((r = kex_prop2buf(kex->my, proposal)) != 0)  in kex_new()
546 	kex->done = 0;  in kex_new()
550 	*kexp = kex;  in kex_new()
553 		kex_free(kex);  in kex_new()
589 kex_free(struct kex *kex)  in kex_free()  argument
594 	if (kex->dh)  in kex_free()
595 		DH_free(kex->dh);  in kex_free()
597 	if (kex->ec_client_key)  in kex_free()
598 		EC_KEY_free(kex->ec_client_key);  in kex_free()
602 		kex_free_newkeys(kex->newkeys[mode]);  in kex_free()
603 		kex->newkeys[mode] = NULL;  in kex_free()
605 	sshbuf_free(kex->peer);  in kex_free()
606 	sshbuf_free(kex->my);  in kex_free()
607 	free(kex->session_id);  in kex_free()
608 	free(kex->client_version_string);  in kex_free()
609 	free(kex->server_version_string);  in kex_free()
610 	free(kex->failed_choice);  in kex_free()
611 	free(kex->hostkey_alg);  in kex_free()
612 	free(kex->name);  in kex_free()
613 	free(kex);  in kex_free()
621 	if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0)  in kex_setup()
624 		kex_free(ssh->kex);  in kex_setup()
625 		ssh->kex = NULL;  in kex_setup()
638 	if (ssh->kex == NULL) {  in kex_start_rekex()
642 	if (ssh->kex->done == 0) {  in kex_start_rekex()
646 	ssh->kex->done = 0;  in kex_start_rekex()
713 choose_kex(struct kex *k, char *client, char *server)  in choose_kex()
731 choose_hostkeyalg(struct kex *k, char *client, char *server)  in choose_hostkeyalg()
773 	struct kex *kex = ssh->kex;  in kex_choose_conf()  local
781 	debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");  in kex_choose_conf()
782 	if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)  in kex_choose_conf()
784 	debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server");  in kex_choose_conf()
785 	if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)  in kex_choose_conf()
788 	if (kex->server) {  in kex_choose_conf()
797 	if (kex->server) {  in kex_choose_conf()
801 		kex->ext_info_c = (ext != NULL);  in kex_choose_conf()
806 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],  in kex_choose_conf()
808 		kex->failed_choice = peer[PROPOSAL_KEX_ALGS];  in kex_choose_conf()
812 	if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],  in kex_choose_conf()
814 		kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS];  in kex_choose_conf()
823 		kex->newkeys[mode] = newkeys;  in kex_choose_conf()
824 		ctos = (!kex->server && mode == MODE_OUT) ||  in kex_choose_conf()
825 		    (kex->server && mode == MODE_IN);  in kex_choose_conf()
831 			kex->failed_choice = peer[nenc];  in kex_choose_conf()
840 			kex->failed_choice = peer[nmac];  in kex_choose_conf()
846 			kex->failed_choice = peer[ncomp];  in kex_choose_conf()
858 		newkeys = kex->newkeys[mode];  in kex_choose_conf()
869 	kex->we_need = need;  in kex_choose_conf()
870 	kex->dh_need = dh_need;  in kex_choose_conf()
887 	struct kex *kex = ssh->kex;  in derive_key()  local
895 	if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)  in derive_key()
903 	if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||  in derive_key()
907 	    ssh_digest_update(hashctx, kex->session_id,  in derive_key()
908 	    kex->session_id_len) != 0 ||  in derive_key()
922 		if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||  in derive_key()
951 	struct kex *kex = ssh->kex;  in kex_derive_keys()  local
957 		if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,  in kex_derive_keys()
965 		ctos = (!kex->server && mode == MODE_OUT) ||  in kex_derive_keys()
966 		    (kex->server && mode == MODE_IN);  in kex_derive_keys()
967 		kex->newkeys[mode]->enc.iv  = keys[ctos ? 0 : 1];  in kex_derive_keys()
968 		kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];  in kex_derive_keys()
969 		kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];  in kex_derive_keys()