/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c

Bug Summary

File:	src/usr.bin/ssh/ssh-keyscan/../packet.c
Warning:	line 1671, column 3 Value stored to 'r' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name packet.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/ssh/ssh-keyscan/obj -resource-dir /usr/local/lib/clang/13.0.0 -I /usr/src/usr.bin/ssh/ssh-keyscan/.. -D WITH_OPENSSL -D WITH_ZLIB -D ENABLE_PKCS11 -D HAVE_DLOPEN -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -fdebug-compilation-dir=/usr/src/usr.bin/ssh/ssh-keyscan/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/ssh/ssh-keyscan/../packet.c

1	/* $OpenBSD: packet.c,v 1.304 2022/01/01 01:55:30 jsg Exp $ */
2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved
6	* This file contains code implementing the packet protocol and communication
7	* with the other side. This same code is used both on client and server side.
8	*
9	* As far as I am concerned, the code I have written for this software
10	* can be used freely for any purpose. Any derived versions of this
11	* software must be clearly marked as such, and if the derived work is
12	* incompatible with the protocol description in the RFC file, it must be
13	* called by a name other than "ssh" or "Secure Shell".
14	*
15	*
16	* SSH2 packet format added by Markus Friedl.
17	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
18	*
19	* Redistribution and use in source and binary forms, with or without
20	* modification, are permitted provided that the following conditions
21	* are met:
22	* 1. Redistributions of source code must retain the above copyright
23	* notice, this list of conditions and the following disclaimer.
24	* 2. Redistributions in binary form must reproduce the above copyright
25	* notice, this list of conditions and the following disclaimer in the
26	* documentation and/or other materials provided with the distribution.
27	*
28	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
29	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
30	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
31	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
32	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
33	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
37	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38	*/
39
40	#include <sys/types.h>
41	#include <sys/queue.h>
42	#include <sys/socket.h>
43	#include <sys/time.h>
44	#include <netinet/in.h>
45	#include <netinet/ip.h>
46
47	#include <errno(*__errno()).h>
48	#include <netdb.h>
49	#include <stdarg.h>
50	#include <stdio.h>
51	#include <stdlib.h>
52	#include <string.h>
53	#include <unistd.h>
54	#include <limits.h>
55	#include <poll.h>
56	#include <signal.h>
57	#include <time.h>
58
59	#ifdef WITH_ZLIB1
60	#include <zlib.h>
61	#endif
62
63	#include "xmalloc.h"
64	#include "compat.h"
65	#include "ssh2.h"
66	#include "cipher.h"
67	#include "sshkey.h"
68	#include "kex.h"
69	#include "digest.h"
70	#include "mac.h"
71	#include "log.h"
72	#include "canohost.h"
73	#include "misc.h"
74	#include "channels.h"
75	#include "ssh.h"
76	#include "packet.h"
77	#include "ssherr.h"
78	#include "sshbuf.h"
79
80	#ifdef PACKET_DEBUG
81	#define DBG(x) x
82	#else
83	#define DBG(x)
84	#endif
85
86	#define PACKET_MAX_SIZE(256 * 1024) (256 * 1024)
87
88	struct packet_state {
89	u_int32_t seqnr;
90	u_int32_t packets;
91	u_int64_t blocks;
92	u_int64_t bytes;
93	};
94
95	struct packet {
96	TAILQ_ENTRY(packet)struct { struct packet tqe_next; struct packet *tqe_prev; } next;
97	u_char type;
98	struct sshbuf *payload;
99	};
100
101	struct session_state {
102	/*
103	* This variable contains the file descriptors used for
104	* communicating with the other side. connection_in is used for
105	* reading; connection_out for writing. These can be the same
106	* descriptor, in which case it is assumed to be a socket.
107	*/
108	int connection_in;
109	int connection_out;
110
111	/* Protocol flags for the remote side. */
112	u_int remote_protocol_flags;
113
114	/* Encryption context for receiving data. Only used for decryption. */
115	struct sshcipher_ctx *receive_context;
116
117	/* Encryption context for sending data. Only used for encryption. */
118	struct sshcipher_ctx *send_context;
119
120	/* Buffer for raw input data from the socket. */
121	struct sshbuf *input;
122
123	/* Buffer for raw output data going to the socket. */
124	struct sshbuf *output;
125
126	/* Buffer for the partial outgoing packet being constructed. */
127	struct sshbuf *outgoing_packet;
128
129	/* Buffer for the incoming packet currently being processed. */
130	struct sshbuf *incoming_packet;
131
132	/* Scratch buffer for packet compression/decompression. */
133	struct sshbuf *compression_buffer;
134
135	#ifdef WITH_ZLIB1
136	/* Incoming/outgoing compression dictionaries */
137	z_stream compression_in_stream;
138	z_stream compression_out_stream;
139	#endif
140	int compression_in_started;
141	int compression_out_started;
142	int compression_in_failures;
143	int compression_out_failures;
144
145	/* default maximum packet size */
146	u_int max_packet_size;
147
148	/* Flag indicating whether this module has been initialized. */
149	int initialized;
150
151	/* Set to true if the connection is interactive. */
152	int interactive_mode;
153
154	/* Set to true if we are the server side. */
155	int server_side;
156
157	/* Set to true if we are authenticated. */
158	int after_authentication;
159
160	int keep_alive_timeouts;
161
162	/* The maximum time that we will wait to send or receive a packet */
163	int packet_timeout_ms;
164
165	/* Session key information for Encryption and MAC */
166	struct newkeys *newkeys[MODE_MAX];
167	struct packet_state p_read, p_send;
168
169	/* Volume-based rekeying */
170	u_int64_t max_blocks_in, max_blocks_out, rekey_limit;
171
172	/* Time-based rekeying */
173	u_int32_t rekey_interval; /* how often in seconds */
174	time_t rekey_time; /* time of last rekeying */
175
176	/* roundup current message to extra_pad bytes */
177	u_char extra_pad;
178
179	/* XXX discard incoming data after MAC error */
180	u_int packet_discard;
181	size_t packet_discard_mac_already;
182	struct sshmac *packet_discard_mac;
183
184	/* Used in packet_read_poll2() */
185	u_int packlen;
186
187	/* Used in packet_send2 */
188	int rekeying;
189
190	/* Used in ssh_packet_send_mux() */
191	int mux;
192
193	/* Used in packet_set_interactive */
194	int set_interactive_called;
195
196	/* Used in packet_set_maxsize */
197	int set_maxsize_called;
198
199	/* One-off warning about weak ciphers */
200	int cipher_warning_done;
201
202	/* Hook for fuzzing inbound packets */
203	ssh_packet_hook_fn *hook_in;
204	void *hook_in_ctx;
205
206	TAILQ_HEAD(, packet)struct { struct packet tqh_first; struct packet *tqh_last; } outgoing;
207	};
208
209	struct ssh *
210	ssh_alloc_session_state(void)
211	{
212	struct ssh ssh = NULL((void)0);
213	struct session_state state = NULL((void)0);
214
215	if ((ssh = calloc(1, sizeof(ssh))) == NULL((void)0) \|\|
216	(state = calloc(1, sizeof(state))) == NULL((void)0) \|\|
217	(ssh->kex = kex_new()) == NULL((void*)0) \|\|
218	(state->input = sshbuf_new()) == NULL((void*)0) \|\|
219	(state->output = sshbuf_new()) == NULL((void*)0) \|\|
220	(state->outgoing_packet = sshbuf_new()) == NULL((void*)0) \|\|
221	(state->incoming_packet = sshbuf_new()) == NULL((void*)0))
222	goto fail;
223	TAILQ_INIT(&state->outgoing)do { (&state->outgoing)->tqh_first = ((void*)0); (& state->outgoing)->tqh_last = &(&state->outgoing )->tqh_first; } while (0);
224	TAILQ_INIT(&ssh->private_keys)do { (&ssh->private_keys)->tqh_first = ((void*)0); ( &ssh->private_keys)->tqh_last = &(&ssh-> private_keys)->tqh_first; } while (0);
225	TAILQ_INIT(&ssh->public_keys)do { (&ssh->public_keys)->tqh_first = ((void*)0); ( &ssh->public_keys)->tqh_last = &(&ssh->public_keys )->tqh_first; } while (0);
226	state->connection_in = -1;
227	state->connection_out = -1;
228	state->max_packet_size = 32768;
229	state->packet_timeout_ms = -1;
230	state->p_send.packets = state->p_read.packets = 0;
231	state->initialized = 1;
232	/*
233	* ssh_packet_send2() needs to queue packets until
234	* we've done the initial key exchange.
235	*/
236	state->rekeying = 1;
237	ssh->state = state;
238	return ssh;
239	fail:
240	if (ssh) {
241	kex_free(ssh->kex);
242	free(ssh);
243	}
244	if (state) {
245	sshbuf_free(state->input);
246	sshbuf_free(state->output);
247	sshbuf_free(state->incoming_packet);
248	sshbuf_free(state->outgoing_packet);
249	free(state);
250	}
251	return NULL((void*)0);
252	}
253
254	void
255	ssh_packet_set_input_hook(struct ssh ssh, ssh_packet_hook_fn hook, void *ctx)
256	{
257	ssh->state->hook_in = hook;
258	ssh->state->hook_in_ctx = ctx;
259	}
260
261	/* Returns nonzero if rekeying is in progress */
262	int
263	ssh_packet_is_rekeying(struct ssh *ssh)
264	{
265	return ssh->state->rekeying \|\|
266	(ssh->kex != NULL((void*)0) && ssh->kex->done == 0);
267	}
268
269	/*
270	* Sets the descriptors used for communication.
271	*/
272	struct ssh *
273	ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
274	{
275	struct session_state *state;
276	const struct sshcipher *none = cipher_by_name("none");
277	int r;
278
279	if (none == NULL((void*)0)) {
280	error_f("cannot load cipher 'none'")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 280, 1, SYSLOG_LEVEL_ERROR, ((void*)0), "cannot load cipher 'none'" );
281	return NULL((void*)0);
282	}
283	if (ssh == NULL((void*)0))
284	ssh = ssh_alloc_session_state();
285	if (ssh == NULL((void*)0)) {
286	error_f("could not allocate state")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 286, 1, SYSLOG_LEVEL_ERROR, ((void*)0), "could not allocate state" );
287	return NULL((void*)0);
288	}
289	state = ssh->state;
290	state->connection_in = fd_in;
291	state->connection_out = fd_out;
292	if ((r = cipher_init(&state->send_context, none,
293	(const u_char )"", 0, NULL((void)0), 0, CIPHER_ENCRYPT1)) != 0 \|\|
294	(r = cipher_init(&state->receive_context, none,
295	(const u_char )"", 0, NULL((void)0), 0, CIPHER_DECRYPT0)) != 0) {
296	error_fr(r, "cipher_init failed")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 296, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "cipher_init failed" );
297	free(ssh); /* XXX need ssh_free_session_state? */
298	return NULL((void*)0);
299	}
300	state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL((void*)0);
301	/*
302	* Cache the IP address of the remote connection for use in error
303	* messages that might be generated after the connection has closed.
304	*/
305	(void)ssh_remote_ipaddr(ssh);
306	return ssh;
307	}
308
309	void
310	ssh_packet_set_timeout(struct ssh *ssh, int timeout, int count)
311	{
312	struct session_state *state = ssh->state;
313
314	if (timeout <= 0 \|\| count <= 0) {
315	state->packet_timeout_ms = -1;
316	return;
317	}
318	if ((INT_MAX2147483647 / 1000) / count < timeout)
319	state->packet_timeout_ms = INT_MAX2147483647;
320	else
321	state->packet_timeout_ms = timeout * count * 1000;
322	}
323
324	void
325	ssh_packet_set_mux(struct ssh *ssh)
326	{
327	ssh->state->mux = 1;
328	ssh->state->rekeying = 0;
329	kex_free(ssh->kex);
330	ssh->kex = NULL((void*)0);
331	}
332
333	int
334	ssh_packet_get_mux(struct ssh *ssh)
335	{
336	return ssh->state->mux;
337	}
338
339	int
340	ssh_packet_set_log_preamble(struct ssh ssh, const char fmt, ...)
341	{
342	va_list args;
343	int r;
344
345	free(ssh->log_preamble);
346	if (fmt == NULL((void*)0))
347	ssh->log_preamble = NULL((void*)0);
348	else {
349	va_start(args, fmt)__builtin_va_start(args, fmt);
350	r = vasprintf(&ssh->log_preamble, fmt, args);
351	va_end(args)__builtin_va_end(args);
352	if (r < 0 \|\| ssh->log_preamble == NULL((void*)0))
353	return SSH_ERR_ALLOC_FAIL-2;
354	}
355	return 0;
356	}
357
358	int
359	ssh_packet_stop_discard(struct ssh *ssh)
360	{
361	struct session_state *state = ssh->state;
362	int r;
363
364	if (state->packet_discard_mac) {
365	char buf[1024];
366	size_t dlen = PACKET_MAX_SIZE(256 * 1024);
367
368	if (dlen > state->packet_discard_mac_already)
369	dlen -= state->packet_discard_mac_already;
370	memset(buf, 'a', sizeof(buf));
371	while (sshbuf_len(state->incoming_packet) < dlen)
372	if ((r = sshbuf_put(state->incoming_packet, buf,
373	sizeof(buf))) != 0)
374	return r;
375	(void) mac_compute(state->packet_discard_mac,
376	state->p_read.seqnr,
377	sshbuf_ptr(state->incoming_packet), dlen,
378	NULL((void*)0), 0);
379	}
380	logit("Finished discarding for %.200s port %d",sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 381, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Finished discarding for %.200s port %d" , ssh_remote_ipaddr(ssh), ssh_remote_port(ssh))
381	ssh_remote_ipaddr(ssh), ssh_remote_port(ssh))sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 381, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Finished discarding for %.200s port %d" , ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
382	return SSH_ERR_MAC_INVALID-30;
383	}
384
385	static int
386	ssh_packet_start_discard(struct ssh ssh, struct sshenc enc,
387	struct sshmac *mac, size_t mac_already, u_int discard)
388	{
389	struct session_state *state = ssh->state;
390	int r;
391
392	if (enc == NULL((void*)0) \|\| !cipher_is_cbc(enc->cipher) \|\| (mac && mac->etm)) {
393	if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
394	return r;
395	return SSH_ERR_MAC_INVALID-30;
396	}
397	/*
398	* Record number of bytes over which the mac has already
399	* been computed in order to minimize timing attacks.
400	*/
401	if (mac && mac->enabled) {
402	state->packet_discard_mac = mac;
403	state->packet_discard_mac_already = mac_already;
404	}
405	if (sshbuf_len(state->input) >= discard)
406	return ssh_packet_stop_discard(ssh);
407	state->packet_discard = discard - sshbuf_len(state->input);
408	return 0;
409	}
410
411	/* Returns 1 if remote host is connected via socket, 0 if not. */
412
413	int
414	ssh_packet_connection_is_on_socket(struct ssh *ssh)
415	{
416	struct session_state *state;
417	struct sockaddr_storage from, to;
418	socklen_t fromlen, tolen;
419
420	if (ssh == NULL((void)0) \|\| ssh->state == NULL((void)0))
421	return 0;
422
423	state = ssh->state;
424	if (state->connection_in == -1 \|\| state->connection_out == -1)
425	return 0;
426	/* filedescriptors in and out are the same, so it's a socket */
427	if (state->connection_in == state->connection_out)
428	return 1;
429	fromlen = sizeof(from);
430	memset(&from, 0, sizeof(from));
431	if (getpeername(state->connection_in, (struct sockaddr *)&from,
432	&fromlen) == -1)
433	return 0;
434	tolen = sizeof(to);
435	memset(&to, 0, sizeof(to));
436	if (getpeername(state->connection_out, (struct sockaddr *)&to,
437	&tolen) == -1)
438	return 0;
439	if (fromlen != tolen \|\| memcmp(&from, &to, fromlen) != 0)
440	return 0;
441	if (from.ss_family != AF_INET2 && from.ss_family != AF_INET624)
442	return 0;
443	return 1;
444	}
445
446	void
447	ssh_packet_get_bytes(struct ssh ssh, u_int64_t ibytes, u_int64_t *obytes)
448	{
449	if (ibytes)
450	*ibytes = ssh->state->p_read.bytes;
451	if (obytes)
452	*obytes = ssh->state->p_send.bytes;
453	}
454
455	int
456	ssh_packet_connection_af(struct ssh *ssh)
457	{
458	return get_sock_af(ssh->state->connection_out);
459	}
460
461	/* Sets the connection into non-blocking mode. */
462
463	void
464	ssh_packet_set_nonblocking(struct ssh *ssh)
465	{
466	/* Set the socket into non-blocking mode. */
467	set_nonblock(ssh->state->connection_in);
468
469	if (ssh->state->connection_out != ssh->state->connection_in)
470	set_nonblock(ssh->state->connection_out);
471	}
472
473	/* Returns the socket used for reading. */
474
475	int
476	ssh_packet_get_connection_in(struct ssh *ssh)
477	{
478	return ssh->state->connection_in;
479	}
480
481	/* Returns the descriptor used for writing. */
482
483	int
484	ssh_packet_get_connection_out(struct ssh *ssh)
485	{
486	return ssh->state->connection_out;
487	}
488
489	/*
490	* Returns the IP-address of the remote host as a string. The returned
491	* string must not be freed.
492	*/
493
494	const char *
495	ssh_remote_ipaddr(struct ssh *ssh)
496	{
497	int sock;
498
499	/* Check whether we have cached the ipaddr. */
500	if (ssh->remote_ipaddr == NULL((void*)0)) {
501	if (ssh_packet_connection_is_on_socket(ssh)) {
502	sock = ssh->state->connection_in;
503	ssh->remote_ipaddr = get_peer_ipaddr(sock);
504	ssh->remote_port = get_peer_port(sock);
505	ssh->local_ipaddr = get_local_ipaddr(sock);
506	ssh->local_port = get_local_port(sock);
507	} else {
508	ssh->remote_ipaddr = xstrdup("UNKNOWN");
509	ssh->remote_port = 65535;
510	ssh->local_ipaddr = xstrdup("UNKNOWN");
511	ssh->local_port = 65535;
512	}
513	}
514	return ssh->remote_ipaddr;
515	}
516
517	/* Returns the port number of the remote host. */
518
519	int
520	ssh_remote_port(struct ssh *ssh)
521	{
522	(void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
523	return ssh->remote_port;
524	}
525
526	/*
527	* Returns the IP-address of the local host as a string. The returned
528	* string must not be freed.
529	*/
530
531	const char *
532	ssh_local_ipaddr(struct ssh *ssh)
533	{
534	(void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
535	return ssh->local_ipaddr;
536	}
537
538	/* Returns the port number of the local host. */
539
540	int
541	ssh_local_port(struct ssh *ssh)
542	{
543	(void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */
544	return ssh->local_port;
545	}
546
547	/* Returns the routing domain of the input socket, or NULL if unavailable */
548	const char *
549	ssh_packet_rdomain_in(struct ssh *ssh)
550	{
551	if (ssh->rdomain_in != NULL((void*)0))
552	return ssh->rdomain_in;
553	if (!ssh_packet_connection_is_on_socket(ssh))
554	return NULL((void*)0);
555	ssh->rdomain_in = get_rdomain(ssh->state->connection_in);
556	return ssh->rdomain_in;
557	}
558
559	/* Closes the connection and clears and frees internal data structures. */
560
561	static void
562	ssh_packet_close_internal(struct ssh *ssh, int do_close)
563	{
564	struct session_state *state = ssh->state;
565	u_int mode;
566
567	if (!state->initialized)
568	return;
569	state->initialized = 0;
570	if (do_close) {
571	if (state->connection_in == state->connection_out) {
572	close(state->connection_out);
573	} else {
574	close(state->connection_in);
575	close(state->connection_out);
576	}
577	}
578	sshbuf_free(state->input);
579	sshbuf_free(state->output);
580	sshbuf_free(state->outgoing_packet);
581	sshbuf_free(state->incoming_packet);
582	for (mode = 0; mode < MODE_MAX; mode++) {
583	kex_free_newkeys(state->newkeys[mode]); /* current keys */
584	state->newkeys[mode] = NULL((void*)0);
585	ssh_clear_newkeys(ssh, mode); /* next keys */
586	}
587	#ifdef WITH_ZLIB1
588	/* compression state is in shared mem, so we can only release it once */
589	if (do_close && state->compression_buffer) {
590	sshbuf_free(state->compression_buffer);
591	if (state->compression_out_started) {
592	z_streamp stream = &state->compression_out_stream;
593	debug("compress outgoing: "sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 598, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_in, (unsigned long long)stream->total_out , stream->total_in == 0 ? 0.0 : (double) stream->total_out / stream->total_in)
594	"raw data %llu, compressed %llu, factor %.2f",sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 598, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_in, (unsigned long long)stream->total_out , stream->total_in == 0 ? 0.0 : (double) stream->total_out / stream->total_in)
595	(unsigned long long)stream->total_in,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 598, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_in, (unsigned long long)stream->total_out , stream->total_in == 0 ? 0.0 : (double) stream->total_out / stream->total_in)
596	(unsigned long long)stream->total_out,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 598, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_in, (unsigned long long)stream->total_out , stream->total_in == 0 ? 0.0 : (double) stream->total_out / stream->total_in)
597	stream->total_in == 0 ? 0.0 :sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 598, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_in, (unsigned long long)stream->total_out , stream->total_in == 0 ? 0.0 : (double) stream->total_out / stream->total_in)
598	(double) stream->total_out / stream->total_in)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 598, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress outgoing: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_in, (unsigned long long)stream->total_out , stream->total_in == 0 ? 0.0 : (double) stream->total_out / stream->total_in);
599	if (state->compression_out_failures == 0)
600	deflateEnd(stream);
601	}
602	if (state->compression_in_started) {
603	z_streamp stream = &state->compression_in_stream;
604	debug("compress incoming: "sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 609, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, (unsigned long long)stream->total_in , stream->total_out == 0 ? 0.0 : (double) stream->total_in / stream->total_out)
605	"raw data %llu, compressed %llu, factor %.2f",sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 609, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, (unsigned long long)stream->total_in , stream->total_out == 0 ? 0.0 : (double) stream->total_in / stream->total_out)
606	(unsigned long long)stream->total_out,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 609, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, (unsigned long long)stream->total_in , stream->total_out == 0 ? 0.0 : (double) stream->total_in / stream->total_out)
607	(unsigned long long)stream->total_in,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 609, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, (unsigned long long)stream->total_in , stream->total_out == 0 ? 0.0 : (double) stream->total_in / stream->total_out)
608	stream->total_out == 0 ? 0.0 :sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 609, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, (unsigned long long)stream->total_in , stream->total_out == 0 ? 0.0 : (double) stream->total_in / stream->total_out)
609	(double) stream->total_in / stream->total_out)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 609, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "compress incoming: " "raw data %llu, compressed %llu, factor %.2f", (unsigned long long)stream->total_out, (unsigned long long)stream->total_in , stream->total_out == 0 ? 0.0 : (double) stream->total_in / stream->total_out);
610	if (state->compression_in_failures == 0)
611	inflateEnd(stream);
612	}
613	}
614	#endif /* WITH_ZLIB */
615	cipher_free(state->send_context);
616	cipher_free(state->receive_context);
617	state->send_context = state->receive_context = NULL((void*)0);
618	if (do_close) {
619	free(ssh->local_ipaddr);
620	ssh->local_ipaddr = NULL((void*)0);
621	free(ssh->remote_ipaddr);
622	ssh->remote_ipaddr = NULL((void*)0);
623	free(ssh->state);
624	ssh->state = NULL((void*)0);
625	kex_free(ssh->kex);
626	ssh->kex = NULL((void*)0);
627	}
628	}
629
630	void
631	ssh_packet_close(struct ssh *ssh)
632	{
633	ssh_packet_close_internal(ssh, 1);
634	}
635
636	void
637	ssh_packet_clear_keys(struct ssh *ssh)
638	{
639	ssh_packet_close_internal(ssh, 0);
640	}
641
642	/* Sets remote side protocol flags. */
643
644	void
645	ssh_packet_set_protocol_flags(struct ssh *ssh, u_int protocol_flags)
646	{
647	ssh->state->remote_protocol_flags = protocol_flags;
648	}
649
650	/* Returns the remote protocol flags set earlier by the above function. */
651
652	u_int
653	ssh_packet_get_protocol_flags(struct ssh *ssh)
654	{
655	return ssh->state->remote_protocol_flags;
656	}
657
658	/*
659	* Starts packet compression from the next packet on in both directions.
660	* Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
661	*/
662
663	static int
664	ssh_packet_init_compression(struct ssh *ssh)
665	{
666	if (!ssh->state->compression_buffer &&
667	((ssh->state->compression_buffer = sshbuf_new()) == NULL((void*)0)))
668	return SSH_ERR_ALLOC_FAIL-2;
669	return 0;
670	}
671
672	#ifdef WITH_ZLIB1
673	static int
674	start_compression_out(struct ssh *ssh, int level)
675	{
676	if (level < 1 \|\| level > 9)
677	return SSH_ERR_INVALID_ARGUMENT-10;
678	debug("Enabling compression at level %d.", level)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 678, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "Enabling compression at level %d." , level);
679	if (ssh->state->compression_out_started == 1)
680	deflateEnd(&ssh->state->compression_out_stream);
681	switch (deflateInit(&ssh->state->compression_out_stream, level)deflateInit_((&ssh->state->compression_out_stream), (level), "1.2.11", (int)sizeof(z_stream))) {
682	case Z_OK0:
683	ssh->state->compression_out_started = 1;
684	break;
685	case Z_MEM_ERROR(-4):
686	return SSH_ERR_ALLOC_FAIL-2;
687	default:
688	return SSH_ERR_INTERNAL_ERROR-1;
689	}
690	return 0;
691	}
692
693	static int
694	start_compression_in(struct ssh *ssh)
695	{
696	if (ssh->state->compression_in_started == 1)
697	inflateEnd(&ssh->state->compression_in_stream);
698	switch (inflateInit(&ssh->state->compression_in_stream)inflateInit_((&ssh->state->compression_in_stream), "1.2.11" , (int)sizeof(z_stream))) {
699	case Z_OK0:
700	ssh->state->compression_in_started = 1;
701	break;
702	case Z_MEM_ERROR(-4):
703	return SSH_ERR_ALLOC_FAIL-2;
704	default:
705	return SSH_ERR_INTERNAL_ERROR-1;
706	}
707	return 0;
708	}
709
710	/* XXX remove need for separate compression buffer */
711	static int
712	compress_buffer(struct ssh ssh, struct sshbuf in, struct sshbuf *out)
713	{
714	u_char buf[4096];
715	int r, status;
716
717	if (ssh->state->compression_out_started != 1)
718	return SSH_ERR_INTERNAL_ERROR-1;
719
720	/* This case is not handled below. */
721	if (sshbuf_len(in) == 0)
722	return 0;
723
724	/* Input is the contents of the input buffer. */
725	if ((ssh->state->compression_out_stream.next_in =
726	sshbuf_mutable_ptr(in)) == NULL((void*)0))
727	return SSH_ERR_INTERNAL_ERROR-1;
728	ssh->state->compression_out_stream.avail_in = sshbuf_len(in);
729
730	/* Loop compressing until deflate() returns with avail_out != 0. */
731	do {
732	/* Set up fixed-size output buffer. */
733	ssh->state->compression_out_stream.next_out = buf;
734	ssh->state->compression_out_stream.avail_out = sizeof(buf);
735
736	/* Compress as much data into the buffer as possible. */
737	status = deflate(&ssh->state->compression_out_stream,
738	Z_PARTIAL_FLUSH1);
739	switch (status) {
740	case Z_MEM_ERROR(-4):
741	return SSH_ERR_ALLOC_FAIL-2;
742	case Z_OK0:
743	/* Append compressed data to output_buffer. */
744	if ((r = sshbuf_put(out, buf, sizeof(buf) -
745	ssh->state->compression_out_stream.avail_out)) != 0)
746	return r;
747	break;
748	case Z_STREAM_ERROR(-2):
749	default:
750	ssh->state->compression_out_failures++;
751	return SSH_ERR_INVALID_FORMAT-4;
752	}
753	} while (ssh->state->compression_out_stream.avail_out == 0);
754	return 0;
755	}
756
757	static int
758	uncompress_buffer(struct ssh ssh, struct sshbuf in, struct sshbuf *out)
759	{
760	u_char buf[4096];
761	int r, status;
762
763	if (ssh->state->compression_in_started != 1)
764	return SSH_ERR_INTERNAL_ERROR-1;
765
766	if ((ssh->state->compression_in_stream.next_in =
767	sshbuf_mutable_ptr(in)) == NULL((void*)0))
768	return SSH_ERR_INTERNAL_ERROR-1;
769	ssh->state->compression_in_stream.avail_in = sshbuf_len(in);
770
771	for (;;) {
772	/* Set up fixed-size output buffer. */
773	ssh->state->compression_in_stream.next_out = buf;
774	ssh->state->compression_in_stream.avail_out = sizeof(buf);
775
776	status = inflate(&ssh->state->compression_in_stream,
777	Z_PARTIAL_FLUSH1);
778	switch (status) {
779	case Z_OK0:
780	if ((r = sshbuf_put(out, buf, sizeof(buf) -
781	ssh->state->compression_in_stream.avail_out)) != 0)
782	return r;
783	break;
784	case Z_BUF_ERROR(-5):
785	/*
786	* Comments in zlib.h say that we should keep calling
787	* inflate() until we get an error. This appears to
788	* be the error that we get.
789	*/
790	return 0;
791	case Z_DATA_ERROR(-3):
792	return SSH_ERR_INVALID_FORMAT-4;
793	case Z_MEM_ERROR(-4):
794	return SSH_ERR_ALLOC_FAIL-2;
795	case Z_STREAM_ERROR(-2):
796	default:
797	ssh->state->compression_in_failures++;
798	return SSH_ERR_INTERNAL_ERROR-1;
799	}
800	}
801	/* NOTREACHED */
802	}
803
804	#else /* WITH_ZLIB */
805
806	static int
807	start_compression_out(struct ssh *ssh, int level)
808	{
809	return SSH_ERR_INTERNAL_ERROR-1;
810	}
811
812	static int
813	start_compression_in(struct ssh *ssh)
814	{
815	return SSH_ERR_INTERNAL_ERROR-1;
816	}
817
818	static int
819	compress_buffer(struct ssh ssh, struct sshbuf in, struct sshbuf *out)
820	{
821	return SSH_ERR_INTERNAL_ERROR-1;
822	}
823
824	static int
825	uncompress_buffer(struct ssh ssh, struct sshbuf in, struct sshbuf *out)
826	{
827	return SSH_ERR_INTERNAL_ERROR-1;
828	}
829	#endif /* WITH_ZLIB */
830
831	void
832	ssh_clear_newkeys(struct ssh *ssh, int mode)
833	{
834	if (ssh->kex && ssh->kex->newkeys[mode]) {
835	kex_free_newkeys(ssh->kex->newkeys[mode]);
836	ssh->kex->newkeys[mode] = NULL((void*)0);
837	}
838	}
839
840	int
841	ssh_set_newkeys(struct ssh *ssh, int mode)
842	{
843	struct session_state *state = ssh->state;
844	struct sshenc *enc;
845	struct sshmac *mac;
846	struct sshcomp *comp;
847	struct sshcipher_ctx **ccp;
848	struct packet_state *ps;
849	u_int64_t *max_blocks;
850	const char *wmsg;
851	int r, crypt_type;
852	const char *dir = mode == MODE_OUT ? "out" : "in";
853
854	debug2_f("mode %d", mode)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 854, 1, SYSLOG_LEVEL_DEBUG2, ((void*)0), "mode %d", mode);
855
856	if (mode == MODE_OUT) {
857	ccp = &state->send_context;
858	crypt_type = CIPHER_ENCRYPT1;
859	ps = &state->p_send;
860	max_blocks = &state->max_blocks_out;
861	} else {
862	ccp = &state->receive_context;
863	crypt_type = CIPHER_DECRYPT0;
864	ps = &state->p_read;
865	max_blocks = &state->max_blocks_in;
866	}
867	if (state->newkeys[mode] != NULL((void*)0)) {
868	debug_f("rekeying %s, input %llu bytes %llu blocks, "sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 873, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks)
869	"output %llu bytes %llu blocks", dir,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 873, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks)
870	(unsigned long long)state->p_read.bytes,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 873, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks)
871	(unsigned long long)state->p_read.blocks,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 873, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks)
872	(unsigned long long)state->p_send.bytes,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 873, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks)
873	(unsigned long long)state->p_send.blocks)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 873, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "rekeying %s, input %llu bytes %llu blocks, " "output %llu bytes %llu blocks", dir, (unsigned long long)state ->p_read.bytes, (unsigned long long)state->p_read.blocks , (unsigned long long)state->p_send.bytes, (unsigned long long )state->p_send.blocks);
874	kex_free_newkeys(state->newkeys[mode]);
875	state->newkeys[mode] = NULL((void*)0);
876	}
877	/* note that both bytes and the seqnr are not reset */
878	ps->packets = ps->blocks = 0;
879	/* move newkeys from kex to state */
880	if ((state->newkeys[mode] = ssh->kex->newkeys[mode]) == NULL((void*)0))
881	return SSH_ERR_INTERNAL_ERROR-1;
882	ssh->kex->newkeys[mode] = NULL((void*)0);
883	enc = &state->newkeys[mode]->enc;
884	mac = &state->newkeys[mode]->mac;
885	comp = &state->newkeys[mode]->comp;
886	if (cipher_authlen(enc->cipher) == 0) {
887	if ((r = mac_init(mac)) != 0)
888	return r;
889	}
890	mac->enabled = 1;
891	DBG(debug_f("cipher_init: %s", dir));
892	cipher_free(*ccp);
893	ccp = NULL((void)0);
894	if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len,
895	enc->iv, enc->iv_len, crypt_type)) != 0)
896	return r;
897	if (!state->cipher_warning_done &&
898	(wmsg = cipher_warning_message(ccp)) != NULL((void)0)) {
899	error("Warning: %s", wmsg)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 899, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Warning: %s", wmsg );
900	state->cipher_warning_done = 1;
901	}
902	/* Deleting the keys does not gain extra security */
903	/* explicit_bzero(enc->iv, enc->block_size);
904	explicit_bzero(enc->key, enc->key_len);
905	explicit_bzero(mac->key, mac->key_len); */
906	if ((comp->type == COMP_ZLIB1 \|\|
907	(comp->type == COMP_DELAYED2 &&
908	state->after_authentication)) && comp->enabled == 0) {
909	if ((r = ssh_packet_init_compression(ssh)) < 0)
910	return r;
911	if (mode == MODE_OUT) {
912	if ((r = start_compression_out(ssh, 6)) != 0)
913	return r;
914	} else {
915	if ((r = start_compression_in(ssh)) != 0)
916	return r;
917	}
918	comp->enabled = 1;
919	}
920	/*
921	* The 2^(blocksize*2) limit is too expensive for 3DES,
922	* so enforce a 1GB limit for small blocksizes.
923	* See RFC4344 section 3.2.
924	*/
925	if (enc->block_size >= 16)
926	max_blocks = (u_int64_t)1 << (enc->block_size2);
927	else
928	*max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
929	if (state->rekey_limit)
930	max_blocks = MINIMUM(max_blocks,(((max_blocks) < (state->rekey_limit / enc->block_size )) ? (max_blocks) : (state->rekey_limit / enc->block_size ))
931	state->rekey_limit / enc->block_size)(((max_blocks) < (state->rekey_limit / enc->block_size )) ? (max_blocks) : (state->rekey_limit / enc->block_size ));
932	debug("rekey %s after %llu blocks", dir,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 933, 0, SYSLOG_LEVEL_DEBUG1, ((void)0), "rekey %s after %llu blocks" , dir, (unsigned long long)max_blocks)
933	(unsigned long long)max_blocks)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 933, 0, SYSLOG_LEVEL_DEBUG1, ((void)0), "rekey %s after %llu blocks" , dir, (unsigned long long)*max_blocks);
934	return 0;
935	}
936
937	#define MAX_PACKETS(1U<<31) (1U<<31)
938	static int
939	ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
940	{
941	struct session_state *state = ssh->state;
942	u_int32_t out_blocks;
943
944	/* XXX client can't cope with rekeying pre-auth */
945	if (!state->after_authentication)
946	return 0;
947
948	/* Haven't keyed yet or KEX in progress. */
949	if (ssh_packet_is_rekeying(ssh))
950	return 0;
951
952	/* Peer can't rekey */
953	if (ssh->compat & SSH_BUG_NOREKEY0x00008000)
954	return 0;
955
956	/*
957	* Permit one packet in or out per rekey - this allows us to
958	* make progress when rekey limits are very small.
959	*/
960	if (state->p_send.packets == 0 && state->p_read.packets == 0)
961	return 0;
962
963	/* Time-based rekeying */
964	if (state->rekey_interval != 0 &&
965	(int64_t)state->rekey_time + state->rekey_interval <= monotime())
966	return 1;
967
968	/*
969	* Always rekey when MAX_PACKETS sent in either direction
970	* As per RFC4344 section 3.1 we do this after 2^31 packets.
971	*/
972	if (state->p_send.packets > MAX_PACKETS(1U<<31) \|\|
973	state->p_read.packets > MAX_PACKETS(1U<<31))
974	return 1;
975
976	/* Rekey after (cipher-specific) maximum blocks */
977	out_blocks = ROUNDUP(outbound_packet_len,((((outbound_packet_len)+((state->newkeys[MODE_OUT]->enc .block_size)-1))/(state->newkeys[MODE_OUT]->enc.block_size ))*(state->newkeys[MODE_OUT]->enc.block_size))
978	state->newkeys[MODE_OUT]->enc.block_size)((((outbound_packet_len)+((state->newkeys[MODE_OUT]->enc .block_size)-1))/(state->newkeys[MODE_OUT]->enc.block_size ))*(state->newkeys[MODE_OUT]->enc.block_size));
979	return (state->max_blocks_out &&
980	(state->p_send.blocks + out_blocks > state->max_blocks_out)) \|\|
981	(state->max_blocks_in &&
982	(state->p_read.blocks > state->max_blocks_in));
983	}
984
985	int
986	ssh_packet_check_rekey(struct ssh *ssh)
987	{
988	if (!ssh_packet_need_rekeying(ssh, 0))
989	return 0;
990	debug3_f("rekex triggered")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 990, 1, SYSLOG_LEVEL_DEBUG3, ((void*)0), "rekex triggered");
991	return kex_start_rekex(ssh);
992	}
993
994	/*
995	* Delayed compression for SSH2 is enabled after authentication:
996	* This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
997	* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
998	*/
999	static int
1000	ssh_packet_enable_delayed_compress(struct ssh *ssh)
1001	{
1002	struct session_state *state = ssh->state;
1003	struct sshcomp comp = NULL((void)0);
1004	int r, mode;
1005
1006	/*
1007	* Remember that we are past the authentication step, so rekeying
1008	* with COMP_DELAYED will turn on compression immediately.
1009	*/
1010	state->after_authentication = 1;
1011	for (mode = 0; mode < MODE_MAX; mode++) {
1012	/* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
1013	if (state->newkeys[mode] == NULL((void*)0))
1014	continue;
1015	comp = &state->newkeys[mode]->comp;
1016	if (comp && !comp->enabled && comp->type == COMP_DELAYED2) {
1017	if ((r = ssh_packet_init_compression(ssh)) != 0)
1018	return r;
1019	if (mode == MODE_OUT) {
1020	if ((r = start_compression_out(ssh, 6)) != 0)
1021	return r;
1022	} else {
1023	if ((r = start_compression_in(ssh)) != 0)
1024	return r;
1025	}
1026	comp->enabled = 1;
1027	}
1028	}
1029	return 0;
1030	}
1031
1032	/* Used to mute debug logging for noisy packet types */
1033	int
1034	ssh_packet_log_type(u_char type)
1035	{
1036	switch (type) {
1037	case SSH2_MSG_CHANNEL_DATA94:
1038	case SSH2_MSG_CHANNEL_EXTENDED_DATA95:
1039	case SSH2_MSG_CHANNEL_WINDOW_ADJUST93:
1040	return 0;
1041	default:
1042	return 1;
1043	}
1044	}
1045
1046	/*
1047	* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
1048	*/
1049	int
1050	ssh_packet_send2_wrapped(struct ssh *ssh)
1051	{
1052	struct session_state *state = ssh->state;
1053	u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH64];
1054	u_char tmp, padlen, pad = 0;
1055	u_int authlen = 0, aadlen = 0;
1056	u_int len;
1057	struct sshenc enc = NULL((void)0);
1058	struct sshmac mac = NULL((void)0);
1059	struct sshcomp comp = NULL((void)0);
1060	int r, block_size;
1061
1062	if (state->newkeys[MODE_OUT] != NULL((void*)0)) {
1063	enc = &state->newkeys[MODE_OUT]->enc;
1064	mac = &state->newkeys[MODE_OUT]->mac;
1065	comp = &state->newkeys[MODE_OUT]->comp;
1066	/* disable mac for authenticated encryption */
1067	if ((authlen = cipher_authlen(enc->cipher)) != 0)
1068	mac = NULL((void*)0);
1069	}
1070	block_size = enc ? enc->block_size : 8;
1071	aadlen = (mac && mac->enabled && mac->etm) \|\| authlen ? 4 : 0;
1072
1073	type = (sshbuf_ptr(state->outgoing_packet))[5];
1074	if (ssh_packet_log_type(type))
1075	debug3("send packet: type %u", type)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1075, 0, SYSLOG_LEVEL_DEBUG3, ((void*)0), "send packet: type %u" , type);
1076	#ifdef PACKET_DEBUG
1077	fprintf(stderr(&__sF[2]), "plain: ");
1078	sshbuf_dump(state->outgoing_packet, stderr(&__sF[2]));
1079	#endif
1080
1081	if (comp && comp->enabled) {
1082	len = sshbuf_len(state->outgoing_packet);
1083	/* skip header, compress only payload */
1084	if ((r = sshbuf_consume(state->outgoing_packet, 5)) != 0)
1085	goto out;
1086	sshbuf_reset(state->compression_buffer);
1087	if ((r = compress_buffer(ssh, state->outgoing_packet,
1088	state->compression_buffer)) != 0)
1089	goto out;
1090	sshbuf_reset(state->outgoing_packet);
1091	if ((r = sshbuf_put(state->outgoing_packet,
1092	"\0\0\0\0\0", 5)) != 0 \|\|
1093	(r = sshbuf_putb(state->outgoing_packet,
1094	state->compression_buffer)) != 0)
1095	goto out;
1096	DBG(debug("compression: raw %d compressed %zd", len,
1097	sshbuf_len(state->outgoing_packet)));
1098	}
1099
1100	/* sizeof (packet_len + pad_len + payload) */
1101	len = sshbuf_len(state->outgoing_packet);
1102
1103	/*
1104	* calc size of padding, alloc space, get random data,
1105	* minimum padding is 4 bytes
1106	*/
1107	len -= aadlen; /* packet length is not encrypted for EtM modes */
1108	padlen = block_size - (len % block_size);
1109	if (padlen < 4)
1110	padlen += block_size;
1111	if (state->extra_pad) {
1112	tmp = state->extra_pad;
1113	state->extra_pad =
1114	ROUNDUP(state->extra_pad, block_size)((((state->extra_pad)+((block_size)-1))/(block_size))*(block_size ));
1115	/* check if roundup overflowed */
1116	if (state->extra_pad < tmp)
1117	return SSH_ERR_INVALID_ARGUMENT-10;
1118	tmp = (len + padlen) % state->extra_pad;
1119	/* Check whether pad calculation below will underflow */
1120	if (tmp > state->extra_pad)
1121	return SSH_ERR_INVALID_ARGUMENT-10;
1122	pad = state->extra_pad - tmp;
1123	DBG(debug3_f("adding %d (len %d padlen %d extra_pad %d)",
1124	pad, len, padlen, state->extra_pad));
1125	tmp = padlen;
1126	padlen += pad;
1127	/* Check whether padlen calculation overflowed */
1128	if (padlen < tmp)
1129	return SSH_ERR_INVALID_ARGUMENT-10; /* overflow */
1130	state->extra_pad = 0;
1131	}
1132	if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0)
1133	goto out;
1134	if (enc && !cipher_ctx_is_plaintext(state->send_context)) {
1135	/* random padding */
1136	arc4random_buf(cp, padlen);
1137	} else {
1138	/* clear padding */
1139	explicit_bzero(cp, padlen);
1140	}
1141	/* sizeof (packet_len + pad_len + payload + padding) */
1142	len = sshbuf_len(state->outgoing_packet);
1143	cp = sshbuf_mutable_ptr(state->outgoing_packet);
1144	if (cp == NULL((void*)0)) {
1145	r = SSH_ERR_INTERNAL_ERROR-1;
1146	goto out;
1147	}
1148	/* packet_length includes payload, padding and padding length field */
1149	POKE_U32(cp, len - 4)do { const u_int32_t __v = (len - 4); ((u_char )(cp))[0] = ( __v >> 24) & 0xff; ((u_char )(cp))[1] = (__v >> 16) & 0xff; ((u_char )(cp))[2] = (__v >> 8) & 0xff; ((u_char )(cp))[3] = __v & 0xff; } while (0);
1150	cp[4] = padlen;
1151	DBG(debug("send: len %d (includes padlen %d, aadlen %d)",
1152	len, padlen, aadlen));
1153
1154	/* compute MAC over seqnr and packet(length fields, payload, padding) */
1155	if (mac && mac->enabled && !mac->etm) {
1156	if ((r = mac_compute(mac, state->p_send.seqnr,
1157	sshbuf_ptr(state->outgoing_packet), len,
1158	macbuf, sizeof(macbuf))) != 0)
1159	goto out;
1160	DBG(debug("done calc MAC out #%d", state->p_send.seqnr));
1161	}
1162	/* encrypt packet and append to output buffer. */
1163	if ((r = sshbuf_reserve(state->output,
1164	sshbuf_len(state->outgoing_packet) + authlen, &cp)) != 0)
1165	goto out;
1166	if ((r = cipher_crypt(state->send_context, state->p_send.seqnr, cp,
1167	sshbuf_ptr(state->outgoing_packet),
1168	len - aadlen, aadlen, authlen)) != 0)
1169	goto out;
1170	/* append unencrypted MAC */
1171	if (mac && mac->enabled) {
1172	if (mac->etm) {
1173	/* EtM: compute mac over aadlen + cipher text */
1174	if ((r = mac_compute(mac, state->p_send.seqnr,
1175	cp, len, macbuf, sizeof(macbuf))) != 0)
1176	goto out;
1177	DBG(debug("done calc MAC(EtM) out #%d",
1178	state->p_send.seqnr));
1179	}
1180	if ((r = sshbuf_put(state->output, macbuf, mac->mac_len)) != 0)
1181	goto out;
1182	}
1183	#ifdef PACKET_DEBUG
1184	fprintf(stderr(&__sF[2]), "encrypted: ");
1185	sshbuf_dump(state->output, stderr(&__sF[2]));
1186	#endif
1187	/* increment sequence number for outgoing packets */
1188	if (++state->p_send.seqnr == 0)
1189	logit("outgoing seqnr wraps around")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1189, 0, SYSLOG_LEVEL_INFO, ((void*)0), "outgoing seqnr wraps around" );
1190	if (++state->p_send.packets == 0)
1191	if (!(ssh->compat & SSH_BUG_NOREKEY0x00008000))
1192	return SSH_ERR_NEED_REKEY-39;
1193	state->p_send.blocks += len / block_size;
1194	state->p_send.bytes += len;
1195	sshbuf_reset(state->outgoing_packet);
1196
1197	if (type == SSH2_MSG_NEWKEYS21)
1198	r = ssh_set_newkeys(ssh, MODE_OUT);
1199	else if (type == SSH2_MSG_USERAUTH_SUCCESS52 && state->server_side)
1200	r = ssh_packet_enable_delayed_compress(ssh);
1201	else
1202	r = 0;
1203	out:
1204	return r;
1205	}
1206
1207	/* returns non-zero if the specified packet type is usec by KEX */
1208	static int
1209	ssh_packet_type_is_kex(u_char type)
1210	{
1211	return
1212	type >= SSH2_MSG_TRANSPORT_MIN1 &&
1213	type <= SSH2_MSG_TRANSPORT_MAX49 &&
1214	type != SSH2_MSG_SERVICE_REQUEST5 &&
1215	type != SSH2_MSG_SERVICE_ACCEPT6 &&
1216	type != SSH2_MSG_EXT_INFO7;
1217	}
1218
1219	int
1220	ssh_packet_send2(struct ssh *ssh)
1221	{
1222	struct session_state *state = ssh->state;
1223	struct packet *p;
1224	u_char type;
1225	int r, need_rekey;
1226
1227	if (sshbuf_len(state->outgoing_packet) < 6)
1228	return SSH_ERR_INTERNAL_ERROR-1;
1229	type = sshbuf_ptr(state->outgoing_packet)[5];
1230	need_rekey = !ssh_packet_type_is_kex(type) &&
1231	ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet));
1232
1233	/*
1234	* During rekeying we can only send key exchange messages.
1235	* Queue everything else.
1236	*/
1237	if ((need_rekey \|\| state->rekeying) && !ssh_packet_type_is_kex(type)) {
1238	if (need_rekey)
1239	debug3_f("rekex triggered")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1239, 1, SYSLOG_LEVEL_DEBUG3, ((void*)0), "rekex triggered" );
1240	debug("enqueue packet: %u", type)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1240, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "enqueue packet: %u" , type);
1241	p = calloc(1, sizeof(*p));
1242	if (p == NULL((void*)0))
1243	return SSH_ERR_ALLOC_FAIL-2;
1244	p->type = type;
1245	p->payload = state->outgoing_packet;
1246	TAILQ_INSERT_TAIL(&state->outgoing, p, next)do { (p)->next.tqe_next = ((void)0); (p)->next.tqe_prev = (&state->outgoing)->tqh_last; (&state->outgoing )->tqh_last = (p); (&state->outgoing)->tqh_last = &(p)->next.tqe_next; } while (0);
1247	state->outgoing_packet = sshbuf_new();
1248	if (state->outgoing_packet == NULL((void*)0))
1249	return SSH_ERR_ALLOC_FAIL-2;
1250	if (need_rekey) {
1251	/*
1252	* This packet triggered a rekey, so send the
1253	* KEXINIT now.
1254	* NB. reenters this function via kex_start_rekex().
1255	*/
1256	return kex_start_rekex(ssh);
1257	}
1258	return 0;
1259	}
1260
1261	/* rekeying starts with sending KEXINIT */
1262	if (type == SSH2_MSG_KEXINIT20)
1263	state->rekeying = 1;
1264
1265	if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
1266	return r;
1267
1268	/* after a NEWKEYS message we can send the complete queue */
1269	if (type == SSH2_MSG_NEWKEYS21) {
1270	state->rekeying = 0;
1271	state->rekey_time = monotime();
1272	while ((p = TAILQ_FIRST(&state->outgoing)((&state->outgoing)->tqh_first))) {
1273	type = p->type;
1274	/*
1275	* If this packet triggers a rekex, then skip the
1276	* remaining packets in the queue for now.
1277	* NB. re-enters this function via kex_start_rekex.
1278	*/
1279	if (ssh_packet_need_rekeying(ssh,
1280	sshbuf_len(p->payload))) {
1281	debug3_f("queued packet triggered rekex")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1281, 1, SYSLOG_LEVEL_DEBUG3, ((void*)0), "queued packet triggered rekex" );
1282	return kex_start_rekex(ssh);
1283	}
1284	debug("dequeue packet: %u", type)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1284, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "dequeue packet: %u" , type);
1285	sshbuf_free(state->outgoing_packet);
1286	state->outgoing_packet = p->payload;
1287	TAILQ_REMOVE(&state->outgoing, p, next)do { if (((p)->next.tqe_next) != ((void)0)) (p)->next. tqe_next->next.tqe_prev = (p)->next.tqe_prev; else (& state->outgoing)->tqh_last = (p)->next.tqe_prev; (p )->next.tqe_prev = (p)->next.tqe_next; ; ; } while (0);
1288	memset(p, 0, sizeof(*p));
1289	free(p);
1290	if ((r = ssh_packet_send2_wrapped(ssh)) != 0)
1291	return r;
1292	}
1293	}
1294	return 0;
1295	}
1296
1297	/*
1298	* Waits until a packet has been received, and returns its type. Note that
1299	* no other data is processed until this returns, so this function should not
1300	* be used during the interactive session.
1301	*/
1302
1303	int
1304	ssh_packet_read_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
1305	{
1306	struct session_state *state = ssh->state;
1307	int len, r, ms_remain;
1308	struct pollfd pfd;
1309	char buf[8192];
1310	struct timeval start;
1311	struct timespec timespec, timespecp = NULL((void)0);
1312
1313	DBG(debug("packet_read()"));
1314
1315	/*
1316	* Since we are blocking, ensure that all written packets have
1317	* been sent.
1318	*/
1319	if ((r = ssh_packet_write_wait(ssh)) != 0)
1320	goto out;
1321
1322	/* Stay in the loop until we have received a complete packet. */
1323	for (;;) {
1324	/* Try to read a packet from the buffer. */
1325	r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);
1326	if (r != 0)
1327	break;
1328	/* If we got a packet, return it. */
1329	if (*typep != SSH_MSG_NONE0)
1330	break;
1331	/*
1332	* Otherwise, wait for some data to arrive, add it to the
1333	* buffer, and try again.
1334	*/
1335	pfd.fd = state->connection_in;
1336	pfd.events = POLLIN0x0001;
1337
1338	if (state->packet_timeout_ms > 0) {
1339	ms_remain = state->packet_timeout_ms;
1340	timespecp = &timespec;
1341	}
1342	/* Wait for some data to arrive. */
1343	for (;;) {
1344	if (state->packet_timeout_ms > 0) {
1345	ms_to_timespec(&timespec, ms_remain);
1346	monotime_tv(&start);
1347	}
1348	if ((r = ppoll(&pfd, 1, timespecp, NULL((void*)0))) >= 0)
1349	break;
1350	if (errno(__errno()) != EAGAIN35 && errno(__errno()) != EINTR4) {
1351	r = SSH_ERR_SYSTEM_ERROR-24;
1352	goto out;
1353	}
1354	if (state->packet_timeout_ms <= 0)
1355	continue;
1356	ms_subtract_diff(&start, &ms_remain);
1357	if (ms_remain <= 0) {
1358	r = 0;
1359	break;
1360	}
1361	}
1362	if (r == 0) {
1363	r = SSH_ERR_CONN_TIMEOUT-53;
1364	goto out;
1365	}
1366	/* Read data from the socket. */
1367	len = read(state->connection_in, buf, sizeof(buf));
1368	if (len == 0) {
1369	r = SSH_ERR_CONN_CLOSED-52;
1370	goto out;
1371	}
1372	if (len == -1) {
1373	r = SSH_ERR_SYSTEM_ERROR-24;
1374	goto out;
1375	}
1376
1377	/* Append it to the buffer. */
1378	if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0)
1379	goto out;
1380	}
1381	out:
1382	return r;
1383	}
1384
1385	int
1386	ssh_packet_read(struct ssh *ssh)
1387	{
1388	u_char type;
1389	int r;
1390
1391	if ((r = ssh_packet_read_seqnr(ssh, &type, NULL((void*)0))) != 0)
1392	fatal_fr(r, "read")sshfatal("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1392, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "read");
1393	return type;
1394	}
1395
1396	/*
1397	* Waits until a packet has been received, verifies that its type matches
1398	* that given, and gives a fatal error and exits if there is a mismatch.
1399	*/
1400
1401	int
1402	ssh_packet_read_expect(struct ssh *ssh, u_int expected_type)
1403	{
1404	int r;
1405	u_char type;
1406
1407	if ((r = ssh_packet_read_seqnr(ssh, &type, NULL((void*)0))) != 0)
1408	return r;
1409	if (type != expected_type) {
1410	if ((r = sshpkt_disconnect(ssh,
1411	"Protocol error: expected packet type %d, got %d",
1412	expected_type, type)) != 0)
1413	return r;
1414	return SSH_ERR_PROTOCOL_ERROR-55;
1415	}
1416	return 0;
1417	}
1418
1419	static int
1420	ssh_packet_read_poll2_mux(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
1421	{
1422	struct session_state *state = ssh->state;
1423	const u_char *cp;
1424	size_t need;
1425	int r;
1426
1427	if (ssh->kex)
1428	return SSH_ERR_INTERNAL_ERROR-1;
1429	*typep = SSH_MSG_NONE0;
1430	cp = sshbuf_ptr(state->input);
1431	if (state->packlen == 0) {
1432	if (sshbuf_len(state->input) < 4 + 1)
1433	return 0; /* packet is incomplete */
1434	state->packlen = PEEK_U32(cp)(((u_int32_t)(((const u_char )(cp))[0]) << 24) \| ((u_int32_t )(((const u_char )(cp))[1]) << 16) \| ((u_int32_t)(((const u_char )(cp))[2]) << 8) \| (u_int32_t)(((const u_char )(cp))[3]));
1435	if (state->packlen < 4 + 1 \|\|
1436	state->packlen > PACKET_MAX_SIZE(256 * 1024))
1437	return SSH_ERR_MESSAGE_INCOMPLETE-3;
1438	}
1439	need = state->packlen + 4;
1440	if (sshbuf_len(state->input) < need)
1441	return 0; /* packet is incomplete */
1442	sshbuf_reset(state->incoming_packet);
1443	if ((r = sshbuf_put(state->incoming_packet, cp + 4,
1444	state->packlen)) != 0 \|\|
1445	(r = sshbuf_consume(state->input, need)) != 0 \|\|
1446	(r = sshbuf_get_u8(state->incoming_packet, NULL((void*)0))) != 0 \|\|
1447	(r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
1448	return r;
1449	if (ssh_packet_log_type(*typep))
1450	debug3_f("type %u", typep)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1450, 1, SYSLOG_LEVEL_DEBUG3, ((void)0), "type %u", *typep );
1451	/* sshbuf_dump(state->incoming_packet, stderr); */
1452	/* reset for next packet */
1453	state->packlen = 0;
1454	return r;
1455	}
1456
1457	int
1458	ssh_packet_read_poll2(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
1459	{
1460	struct session_state *state = ssh->state;
1461	u_int padlen, need;
1462	u_char *cp;
1463	u_int maclen, aadlen = 0, authlen = 0, block_size;
1464	struct sshenc enc = NULL((void)0);
1465	struct sshmac mac = NULL((void)0);
1466	struct sshcomp comp = NULL((void)0);
1467	int r;
1468
1469	if (state->mux)
1470	return ssh_packet_read_poll2_mux(ssh, typep, seqnr_p);
1471
1472	*typep = SSH_MSG_NONE0;
1473
1474	if (state->packet_discard)
1475	return 0;
1476
1477	if (state->newkeys[MODE_IN] != NULL((void*)0)) {
1478	enc = &state->newkeys[MODE_IN]->enc;
1479	mac = &state->newkeys[MODE_IN]->mac;
1480	comp = &state->newkeys[MODE_IN]->comp;
1481	/* disable mac for authenticated encryption */
1482	if ((authlen = cipher_authlen(enc->cipher)) != 0)
1483	mac = NULL((void*)0);
1484	}
1485	maclen = mac && mac->enabled ? mac->mac_len : 0;
1486	block_size = enc ? enc->block_size : 8;
1487	aadlen = (mac && mac->enabled && mac->etm) \|\| authlen ? 4 : 0;
1488
1489	if (aadlen && state->packlen == 0) {
1490	if (cipher_get_length(state->receive_context,
1491	&state->packlen, state->p_read.seqnr,
1492	sshbuf_ptr(state->input), sshbuf_len(state->input)) != 0)
1493	return 0;
1494	if (state->packlen < 1 + 4 \|\|
1495	state->packlen > PACKET_MAX_SIZE(256 * 1024)) {
1496	#ifdef PACKET_DEBUG
1497	sshbuf_dump(state->input, stderr(&__sF[2]));
1498	#endif
1499	logit("Bad packet length %u.", state->packlen)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1499, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Bad packet length %u." , state->packlen);
1500	if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
1501	return r;
1502	return SSH_ERR_CONN_CORRUPT-54;
1503	}
1504	sshbuf_reset(state->incoming_packet);
1505	} else if (state->packlen == 0) {
1506	/*
1507	* check if input size is less than the cipher block size,
1508	* decrypt first block and extract length of incoming packet
1509	*/
1510	if (sshbuf_len(state->input) < block_size)
1511	return 0;
1512	sshbuf_reset(state->incoming_packet);
1513	if ((r = sshbuf_reserve(state->incoming_packet, block_size,
1514	&cp)) != 0)
1515	goto out;
1516	if ((r = cipher_crypt(state->receive_context,
1517	state->p_send.seqnr, cp, sshbuf_ptr(state->input),
1518	block_size, 0, 0)) != 0)
1519	goto out;
1520	state->packlen = PEEK_U32(sshbuf_ptr(state->incoming_packet))(((u_int32_t)(((const u_char )(sshbuf_ptr(state->incoming_packet )))[0]) << 24) \| ((u_int32_t)(((const u_char )(sshbuf_ptr (state->incoming_packet)))[1]) << 16) \| ((u_int32_t) (((const u_char )(sshbuf_ptr(state->incoming_packet)))[2] ) << 8) \| (u_int32_t)(((const u_char )(sshbuf_ptr(state ->incoming_packet)))[3]));
1521	if (state->packlen < 1 + 4 \|\|
1522	state->packlen > PACKET_MAX_SIZE(256 * 1024)) {
1523	#ifdef PACKET_DEBUG
1524	fprintf(stderr(&__sF[2]), "input: \n");
1525	sshbuf_dump(state->input, stderr(&__sF[2]));
1526	fprintf(stderr(&__sF[2]), "incoming_packet: \n");
1527	sshbuf_dump(state->incoming_packet, stderr(&__sF[2]));
1528	#endif
1529	logit("Bad packet length %u.", state->packlen)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1529, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Bad packet length %u." , state->packlen);
1530	return ssh_packet_start_discard(ssh, enc, mac, 0,
1531	PACKET_MAX_SIZE(256 * 1024));
1532	}
1533	if ((r = sshbuf_consume(state->input, block_size)) != 0)
1534	goto out;
1535	}
1536	DBG(debug("input: packet len %u", state->packlen+4));
1537
1538	if (aadlen) {
1539	/* only the payload is encrypted */
1540	need = state->packlen;
1541	} else {
1542	/*
1543	* the payload size and the payload are encrypted, but we
1544	* have a partial packet of block_size bytes
1545	*/
1546	need = 4 + state->packlen - block_size;
1547	}
1548	DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d,"
1549	" aadlen %d", block_size, need, maclen, authlen, aadlen));
1550	if (need % block_size != 0) {
1551	logit("padding error: need %d block %d mod %d",sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1552, 0, SYSLOG_LEVEL_INFO, ((void*)0), "padding error: need %d block %d mod %d" , need, block_size, need % block_size)
1552	need, block_size, need % block_size)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1552, 0, SYSLOG_LEVEL_INFO, ((void*)0), "padding error: need %d block %d mod %d" , need, block_size, need % block_size);
1553	return ssh_packet_start_discard(ssh, enc, mac, 0,
1554	PACKET_MAX_SIZE(256 * 1024) - block_size);
1555	}
1556	/*
1557	* check if the entire packet has been received and
1558	* decrypt into incoming_packet:
1559	* 'aadlen' bytes are unencrypted, but authenticated.
1560	* 'need' bytes are encrypted, followed by either
1561	* 'authlen' bytes of authentication tag or
1562	* 'maclen' bytes of message authentication code.
1563	*/
1564	if (sshbuf_len(state->input) < aadlen + need + authlen + maclen)
1565	return 0; /* packet is incomplete */
1566	#ifdef PACKET_DEBUG
1567	fprintf(stderr(&__sF[2]), "read_poll enc/full: ");
1568	sshbuf_dump(state->input, stderr(&__sF[2]));
1569	#endif
1570	/* EtM: check mac over encrypted input */
1571	if (mac && mac->enabled && mac->etm) {
1572	if ((r = mac_check(mac, state->p_read.seqnr,
1573	sshbuf_ptr(state->input), aadlen + need,
1574	sshbuf_ptr(state->input) + aadlen + need + authlen,
1575	maclen)) != 0) {
1576	if (r == SSH_ERR_MAC_INVALID-30)
1577	logit("Corrupted MAC on input.")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1577, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Corrupted MAC on input." );
1578	goto out;
1579	}
1580	}
1581	if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need,
1582	&cp)) != 0)
1583	goto out;
1584	if ((r = cipher_crypt(state->receive_context, state->p_read.seqnr, cp,
1585	sshbuf_ptr(state->input), need, aadlen, authlen)) != 0)
1586	goto out;
1587	if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0)
1588	goto out;
1589	if (mac && mac->enabled) {
1590	/* Not EtM: check MAC over cleartext */
1591	if (!mac->etm && (r = mac_check(mac, state->p_read.seqnr,
1592	sshbuf_ptr(state->incoming_packet),
1593	sshbuf_len(state->incoming_packet),
1594	sshbuf_ptr(state->input), maclen)) != 0) {
1595	if (r != SSH_ERR_MAC_INVALID-30)
1596	goto out;
1597	logit("Corrupted MAC on input.")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1597, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Corrupted MAC on input." );
1598	if (need + block_size > PACKET_MAX_SIZE(256 * 1024))
1599	return SSH_ERR_INTERNAL_ERROR-1;
1600	return ssh_packet_start_discard(ssh, enc, mac,
1601	sshbuf_len(state->incoming_packet),
1602	PACKET_MAX_SIZE(256 * 1024) - need - block_size);
1603	}
1604	/* Remove MAC from input buffer */
1605	DBG(debug("MAC #%d ok", state->p_read.seqnr));
1606	if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
1607	goto out;
1608	}
1609	if (seqnr_p != NULL((void*)0))
1610	*seqnr_p = state->p_read.seqnr;
1611	if (++state->p_read.seqnr == 0)
1612	logit("incoming seqnr wraps around")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1612, 0, SYSLOG_LEVEL_INFO, ((void*)0), "incoming seqnr wraps around" );
1613	if (++state->p_read.packets == 0)
1614	if (!(ssh->compat & SSH_BUG_NOREKEY0x00008000))
1615	return SSH_ERR_NEED_REKEY-39;
1616	state->p_read.blocks += (state->packlen + 4) / block_size;
1617	state->p_read.bytes += state->packlen + 4;
1618
1619	/* get padlen */
1620	padlen = sshbuf_ptr(state->incoming_packet)[4];
1621	DBG(debug("input: padlen %d", padlen));
1622	if (padlen < 4) {
1623	if ((r = sshpkt_disconnect(ssh,
1624	"Corrupted padlen %d on input.", padlen)) != 0 \|\|
1625	(r = ssh_packet_write_wait(ssh)) != 0)
1626	return r;
1627	return SSH_ERR_CONN_CORRUPT-54;
1628	}
1629
1630	/* skip packet size + padlen, discard padding */
1631	if ((r = sshbuf_consume(state->incoming_packet, 4 + 1)) != 0 \|\|
1632	((r = sshbuf_consume_end(state->incoming_packet, padlen)) != 0))
1633	goto out;
1634
1635	DBG(debug("input: len before de-compress %zd",
1636	sshbuf_len(state->incoming_packet)));
1637	if (comp && comp->enabled) {
1638	sshbuf_reset(state->compression_buffer);
1639	if ((r = uncompress_buffer(ssh, state->incoming_packet,
1640	state->compression_buffer)) != 0)
1641	goto out;
1642	sshbuf_reset(state->incoming_packet);
1643	if ((r = sshbuf_putb(state->incoming_packet,
1644	state->compression_buffer)) != 0)
1645	goto out;
1646	DBG(debug("input: len after de-compress %zd",
1647	sshbuf_len(state->incoming_packet)));
1648	}
1649	/*
1650	* get packet type, implies consume.
1651	* return length of payload (without type field)
1652	*/
1653	if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
1654	goto out;
1655	if (ssh_packet_log_type(*typep))
1656	debug3("receive packet: type %u", typep)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1656, 0, SYSLOG_LEVEL_DEBUG3, ((void)0), "receive packet: type %u" , *typep);
1657	if (typep < SSH2_MSG_MIN1 \|\| typep >= SSH2_MSG_LOCAL_MIN192) {
1658	if ((r = sshpkt_disconnect(ssh,
1659	"Invalid ssh2 packet type: %d", *typep)) != 0 \|\|
1660	(r = ssh_packet_write_wait(ssh)) != 0)
1661	return r;
1662	return SSH_ERR_PROTOCOL_ERROR-55;
1663	}
1664	if (state->hook_in != NULL((void*)0) &&
1665	(r = state->hook_in(ssh, state->incoming_packet, typep,
1666	state->hook_in_ctx)) != 0)
1667	return r;
1668	if (*typep == SSH2_MSG_USERAUTH_SUCCESS52 && !state->server_side)
1669	r = ssh_packet_enable_delayed_compress(ssh);
1670	else
1671	r = 0;
	Value stored to 'r' is never read
1672	#ifdef PACKET_DEBUG
1673	fprintf(stderr(&__sF[2]), "read/plain[%d]:\r\n", *typep);
1674	sshbuf_dump(state->incoming_packet, stderr(&__sF[2]));
1675	#endif
1676	/* reset for next packet */
1677	state->packlen = 0;
1678
1679	if ((r = ssh_packet_check_rekey(ssh)) != 0)
1680	return r;
1681	out:
1682	return r;
1683	}
1684
1685	int
1686	ssh_packet_read_poll_seqnr(struct ssh ssh, u_char typep, u_int32_t *seqnr_p)
1687	{
1688	struct session_state *state = ssh->state;
1689	u_int reason, seqnr;
1690	int r;
1691	u_char *msg;
1692
1693	for (;;) {
1694	msg = NULL((void*)0);
1695	r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
1696	if (r != 0)
1697	return r;
1698	if (*typep) {
1699	state->keep_alive_timeouts = 0;
1700	DBG(debug("received packet type %d", *typep));
1701	}
1702	switch (*typep) {
1703	case SSH2_MSG_IGNORE2:
1704	debug3("Received SSH2_MSG_IGNORE")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1704, 0, SYSLOG_LEVEL_DEBUG3, ((void*)0), "Received SSH2_MSG_IGNORE" );
1705	break;
1706	case SSH2_MSG_DEBUG4:
1707	if ((r = sshpkt_get_u8(ssh, NULL((void*)0))) != 0 \|\|
1708	(r = sshpkt_get_string(ssh, &msg, NULL((void*)0))) != 0 \|\|
1709	(r = sshpkt_get_string(ssh, NULL((void)0), NULL((void)0))) != 0) {
1710	free(msg);
1711	return r;
1712	}
1713	debug("Remote: %.900s", msg)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1713, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "Remote: %.900s", msg);
1714	free(msg);
1715	break;
1716	case SSH2_MSG_DISCONNECT1:
1717	if ((r = sshpkt_get_u32(ssh, &reason)) != 0 \|\|
1718	(r = sshpkt_get_string(ssh, &msg, NULL((void*)0))) != 0)
1719	return r;
1720	/* Ignore normal client exit notifications */
1721	do_log2(ssh->state->server_side &&sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1726, 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void*)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg)
1722	reason == SSH2_DISCONNECT_BY_APPLICATION ?sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1726, 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void*)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg)
1723	SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1726, 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void*)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg)
1724	"Received disconnect from %s port %d:"sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1726, 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void*)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg)
1725	"%u: %.400s", ssh_remote_ipaddr(ssh),sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1726, 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void*)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg)
1726	ssh_remote_port(ssh), reason, msg)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1726, 0, ssh->state->server_side && reason == 11 ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ((void*)0), "Received disconnect from %s port %d:" "%u: %.400s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), reason , msg);
1727	free(msg);
1728	return SSH_ERR_DISCONNECTED-29;
1729	case SSH2_MSG_UNIMPLEMENTED3:
1730	if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
1731	return r;
1732	debug("Received SSH2_MSG_UNIMPLEMENTED for %u",sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1733, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "Received SSH2_MSG_UNIMPLEMENTED for %u" , seqnr)
1733	seqnr)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1733, 0, SYSLOG_LEVEL_DEBUG1, ((void*)0), "Received SSH2_MSG_UNIMPLEMENTED for %u" , seqnr);
1734	break;
1735	default:
1736	return 0;
1737	}
1738	}
1739	}
1740
1741	/*
1742	* Buffers the given amount of input characters. This is intended to be used
1743	* together with packet_read_poll.
1744	*/
1745
1746	int
1747	ssh_packet_process_incoming(struct ssh ssh, const char buf, u_int len)
1748	{
1749	struct session_state *state = ssh->state;
1750	int r;
1751
1752	if (state->packet_discard) {
1753	state->keep_alive_timeouts = 0; /* ?? */
1754	if (len >= state->packet_discard) {
1755	if ((r = ssh_packet_stop_discard(ssh)) != 0)
1756	return r;
1757	}
1758	state->packet_discard -= len;
1759	return 0;
1760	}
1761	if ((r = sshbuf_put(ssh->state->input, buf, len)) != 0)
1762	return r;
1763
1764	return 0;
1765	}
1766
1767	int
1768	ssh_packet_remaining(struct ssh *ssh)
1769	{
1770	return sshbuf_len(ssh->state->incoming_packet);
1771	}
1772
1773	/*
1774	* Sends a diagnostic message from the server to the client. This message
1775	* can be sent at any time (but not while constructing another message). The
1776	* message is printed immediately, but only if the client is being executed
1777	* in verbose mode. These messages are primarily intended to ease debugging
1778	* authentication problems. The length of the formatted message must not
1779	* exceed 1024 bytes. This will automatically call ssh_packet_write_wait.
1780	*/
1781	void
1782	ssh_packet_send_debug(struct ssh ssh, const char fmt,...)
1783	{
1784	char buf[1024];
1785	va_list args;
1786	int r;
1787
1788	if ((ssh->compat & SSH_BUG_DEBUG0x00000040))
1789	return;
1790
1791	va_start(args, fmt)__builtin_va_start(args, fmt);
1792	vsnprintf(buf, sizeof(buf), fmt, args);
1793	va_end(args)__builtin_va_end(args);
1794
1795	debug3("sending debug message: %s", buf)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1795, 0, SYSLOG_LEVEL_DEBUG3, ((void*)0), "sending debug message: %s" , buf);
1796
1797	if ((r = sshpkt_start(ssh, SSH2_MSG_DEBUG4)) != 0 \|\|
1798	(r = sshpkt_put_u8(ssh, 0)) != 0 \|\| /* always display */
1799	(r = sshpkt_put_cstring(ssh, buf)) != 0 \|\|
1800	(r = sshpkt_put_cstring(ssh, "")) != 0 \|\|
1801	(r = sshpkt_send(ssh)) != 0 \|\|
1802	(r = ssh_packet_write_wait(ssh)) != 0)
1803	fatal_fr(r, "send DEBUG")sshfatal("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1803, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), "send DEBUG");
1804	}
1805
1806	void
1807	sshpkt_fmt_connection_id(struct ssh ssh, char s, size_t l)
1808	{
1809	snprintf(s, l, "%.200s%s%s port %d",
1810	ssh->log_preamble ? ssh->log_preamble : "",
1811	ssh->log_preamble ? " " : "",
1812	ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
1813	}
1814
1815	/*
1816	* Pretty-print connection-terminating errors and exit.
1817	*/
1818	static void
1819	sshpkt_vfatal(struct ssh ssh, int r, const char fmt, va_list ap)
1820	{
1821	char tag = NULL((void)0), remote_id[512];
1822	int oerrno = errno(*__errno());
1823
1824	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
1825
1826	switch (r) {
1827	case SSH_ERR_CONN_CLOSED-52:
1828	ssh_packet_clear_keys(ssh);
1829	logdie("Connection closed by %s", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1829, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Connection closed by %s" , remote_id);
1830	case SSH_ERR_CONN_TIMEOUT-53:
1831	ssh_packet_clear_keys(ssh);
1832	logdie("Connection %s %s timed out",sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1833, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Connection %s %s timed out" , ssh->state->server_side ? "from" : "to", remote_id)
1833	ssh->state->server_side ? "from" : "to", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1833, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Connection %s %s timed out" , ssh->state->server_side ? "from" : "to", remote_id);
1834	case SSH_ERR_DISCONNECTED-29:
1835	ssh_packet_clear_keys(ssh);
1836	logdie("Disconnected from %s", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1836, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Disconnected from %s" , remote_id);
1837	case SSH_ERR_SYSTEM_ERROR-24:
1838	if (errno(*__errno()) == ECONNRESET54) {
1839	ssh_packet_clear_keys(ssh);
1840	logdie("Connection reset by %s", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1840, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Connection reset by %s" , remote_id);
1841	}
1842	/* FALLTHROUGH */
1843	case SSH_ERR_NO_CIPHER_ALG_MATCH-31:
1844	case SSH_ERR_NO_MAC_ALG_MATCH-32:
1845	case SSH_ERR_NO_COMPRESS_ALG_MATCH-33:
1846	case SSH_ERR_NO_KEX_ALG_MATCH-34:
1847	case SSH_ERR_NO_HOSTKEY_ALG_MATCH-35:
1848	if (ssh && ssh->kex && ssh->kex->failed_choice) {
1849	ssh_packet_clear_keys(ssh);
1850	errno(*__errno()) = oerrno;
1851	logdie("Unable to negotiate with %s: %s. "sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1853, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice )
1852	"Their offer: %s", remote_id, ssh_err(r),sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1853, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice )
1853	ssh->kex->failed_choice)sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1853, 0, SYSLOG_LEVEL_ERROR, ((void*)0), "Unable to negotiate with %s: %s. " "Their offer: %s", remote_id, ssh_err(r), ssh->kex->failed_choice );
1854	}
1855	/* FALLTHROUGH */
1856	default:
1857	if (vasprintf(&tag, fmt, ap) == -1) {
1858	ssh_packet_clear_keys(ssh);
1859	logdie_f("could not allocate failure message")sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1859, 1, SYSLOG_LEVEL_ERROR, ((void*)0), "could not allocate failure message" );
1860	}
1861	ssh_packet_clear_keys(ssh);
1862	errno(*__errno()) = oerrno;
1863	logdie_r(r, "%s%sConnection %s %s",sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1865, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s%sConnection %s %s" , tag != ((void)0) ? tag : "", tag != ((void)0) ? ": " : "" , ssh->state->server_side ? "from" : "to", remote_id)
1864	tag != NULL ? tag : "", tag != NULL ? ": " : "",sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1865, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s%sConnection %s %s" , tag != ((void)0) ? tag : "", tag != ((void)0) ? ": " : "" , ssh->state->server_side ? "from" : "to", remote_id)
1865	ssh->state->server_side ? "from" : "to", remote_id)sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1865, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "%s%sConnection %s %s" , tag != ((void)0) ? tag : "", tag != ((void)0) ? ": " : "" , ssh->state->server_side ? "from" : "to", remote_id);
1866	}
1867	}
1868
1869	void
1870	sshpkt_fatal(struct ssh ssh, int r, const char fmt, ...)
1871	{
1872	va_list ap;
1873
1874	va_start(ap, fmt)__builtin_va_start(ap, fmt);
1875	sshpkt_vfatal(ssh, r, fmt, ap);
1876	/* NOTREACHED */
1877	va_end(ap)__builtin_va_end(ap);
1878	logdie_f("should have exited")sshlogdie("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1878, 1, SYSLOG_LEVEL_ERROR, ((void*)0), "should have exited" );
1879	}
1880
1881	/*
1882	* Logs the error plus constructs and sends a disconnect packet, closes the
1883	* connection, and exits. This function never returns. The error message
1884	* should not contain a newline. The length of the formatted message must
1885	* not exceed 1024 bytes.
1886	*/
1887	void
1888	ssh_packet_disconnect(struct ssh ssh, const char fmt,...)
1889	{
1890	char buf[1024], remote_id[512];
1891	va_list args;
1892	static int disconnecting = 0;
1893	int r;
1894
1895	if (disconnecting) /* Guard against recursive invocations. */
1896	fatal("packet_disconnect called recursively.")sshfatal("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1896, 0, SYSLOG_LEVEL_FATAL, ((void*)0), "packet_disconnect called recursively." );
1897	disconnecting = 1;
1898
1899	/*
1900	* Format the message. Note that the caller must make sure the
1901	* message is of limited size.
1902	*/
1903	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
1904	va_start(args, fmt)__builtin_va_start(args, fmt);
1905	vsnprintf(buf, sizeof(buf), fmt, args);
1906	va_end(args)__builtin_va_end(args);
1907
1908	/* Display the error locally */
1909	logit("Disconnecting %s: %.100s", remote_id, buf)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 1909, 0, SYSLOG_LEVEL_INFO, ((void*)0), "Disconnecting %s: %.100s" , remote_id, buf);
1910
1911	/*
1912	* Send the disconnect message to the other side, and wait
1913	* for it to get sent.
1914	*/
1915	if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0)
1916	sshpkt_fatal(ssh, r, "%s", __func__);
1917
1918	if ((r = ssh_packet_write_wait(ssh)) != 0)
1919	sshpkt_fatal(ssh, r, "%s", __func__);
1920
1921	/* Close the connection. */
1922	ssh_packet_close(ssh);
1923	cleanup_exit(255);
1924	}
1925
1926	/*
1927	* Checks if there is any buffered output, and tries to write some of
1928	* the output.
1929	*/
1930	int
1931	ssh_packet_write_poll(struct ssh *ssh)
1932	{
1933	struct session_state *state = ssh->state;
1934	int len = sshbuf_len(state->output);
1935	int r;
1936
1937	if (len > 0) {
1938	len = write(state->connection_out,
1939	sshbuf_ptr(state->output), len);
1940	if (len == -1) {
1941	if (errno(__errno()) == EINTR4 \|\| errno(__errno()) == EAGAIN35)
1942	return 0;
1943	return SSH_ERR_SYSTEM_ERROR-24;
1944	}
1945	if (len == 0)
1946	return SSH_ERR_CONN_CLOSED-52;
1947	if ((r = sshbuf_consume(state->output, len)) != 0)
1948	return r;
1949	}
1950	return 0;
1951	}
1952
1953	/*
1954	* Calls packet_write_poll repeatedly until all pending output data has been
1955	* written.
1956	*/
1957	int
1958	ssh_packet_write_wait(struct ssh *ssh)
1959	{
1960	int ret, r, ms_remain = 0;
1961	struct timeval start;
1962	struct timespec timespec, timespecp = NULL((void)0);
1963	struct session_state *state = ssh->state;
1964	struct pollfd pfd;
1965
1966	if ((r = ssh_packet_write_poll(ssh)) != 0)
1967	return r;
1968	while (ssh_packet_have_data_to_write(ssh)) {
1969	pfd.fd = state->connection_out;
1970	pfd.events = POLLOUT0x0004;
1971
1972	if (state->packet_timeout_ms > 0) {
1973	ms_remain = state->packet_timeout_ms;
1974	timespecp = &timespec;
1975	}
1976	for (;;) {
1977	if (state->packet_timeout_ms > 0) {
1978	ms_to_timespec(&timespec, ms_remain);
1979	monotime_tv(&start);
1980	}
1981	if ((ret = ppoll(&pfd, 1, timespecp, NULL((void*)0))) >= 0)
1982	break;
1983	if (errno(__errno()) != EAGAIN35 && errno(__errno()) != EINTR4)
1984	break;
1985	if (state->packet_timeout_ms <= 0)
1986	continue;
1987	ms_subtract_diff(&start, &ms_remain);
1988	if (ms_remain <= 0) {
1989	ret = 0;
1990	break;
1991	}
1992	}
1993	if (ret == 0)
1994	return SSH_ERR_CONN_TIMEOUT-53;
1995	if ((r = ssh_packet_write_poll(ssh)) != 0)
1996	return r;
1997	}
1998	return 0;
1999	}
2000
2001	/* Returns true if there is buffered data to write to the connection. */
2002
2003	int
2004	ssh_packet_have_data_to_write(struct ssh *ssh)
2005	{
2006	return sshbuf_len(ssh->state->output) != 0;
2007	}
2008
2009	/* Returns true if there is not too much data to write to the connection. */
2010
2011	int
2012	ssh_packet_not_very_much_data_to_write(struct ssh *ssh)
2013	{
2014	if (ssh->state->interactive_mode)
2015	return sshbuf_len(ssh->state->output) < 16384;
2016	else
2017	return sshbuf_len(ssh->state->output) < 128 * 1024;
2018	}
2019
2020	void
2021	ssh_packet_set_tos(struct ssh *ssh, int tos)
2022	{
2023	if (!ssh_packet_connection_is_on_socket(ssh) \|\| tos == INT_MAX2147483647)
2024	return;
2025	set_sock_tos(ssh->state->connection_in, tos);
2026	}
2027
2028	/* Informs that the current session is interactive. Sets IP flags for that. */
2029
2030	void
2031	ssh_packet_set_interactive(struct ssh *ssh, int interactive, int qos_interactive, int qos_bulk)
2032	{
2033	struct session_state *state = ssh->state;
2034
2035	if (state->set_interactive_called)
2036	return;
2037	state->set_interactive_called = 1;
2038
2039	/* Record that we are in interactive mode. */
2040	state->interactive_mode = interactive;
2041
2042	/* Only set socket options if using a socket. */
2043	if (!ssh_packet_connection_is_on_socket(ssh))
2044	return;
2045	set_nodelay(state->connection_in);
2046	ssh_packet_set_tos(ssh, interactive ? qos_interactive : qos_bulk);
2047	}
2048
2049	/* Returns true if the current connection is interactive. */
2050
2051	int
2052	ssh_packet_is_interactive(struct ssh *ssh)
2053	{
2054	return ssh->state->interactive_mode;
2055	}
2056
2057	int
2058	ssh_packet_set_maxsize(struct ssh *ssh, u_int s)
2059	{
2060	struct session_state *state = ssh->state;
2061
2062	if (state->set_maxsize_called) {
2063	logit_f("called twice: old %d new %d",sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2064, 1, SYSLOG_LEVEL_INFO, ((void*)0), "called twice: old %d new %d" , state->max_packet_size, s)
2064	state->max_packet_size, s)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2064, 1, SYSLOG_LEVEL_INFO, ((void*)0), "called twice: old %d new %d" , state->max_packet_size, s);
2065	return -1;
2066	}
2067	if (s < 4 * 1024 \|\| s > 1024 * 1024) {
2068	logit_f("bad size %d", s)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2068, 1, SYSLOG_LEVEL_INFO, ((void*)0), "bad size %d", s);
2069	return -1;
2070	}
2071	state->set_maxsize_called = 1;
2072	debug_f("setting to %d", s)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2072, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "setting to %d", s );
2073	state->max_packet_size = s;
2074	return s;
2075	}
2076
2077	int
2078	ssh_packet_inc_alive_timeouts(struct ssh *ssh)
2079	{
2080	return ++ssh->state->keep_alive_timeouts;
2081	}
2082
2083	void
2084	ssh_packet_set_alive_timeouts(struct ssh *ssh, int ka)
2085	{
2086	ssh->state->keep_alive_timeouts = ka;
2087	}
2088
2089	u_int
2090	ssh_packet_get_maxsize(struct ssh *ssh)
2091	{
2092	return ssh->state->max_packet_size;
2093	}
2094
2095	void
2096	ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
2097	{
2098	debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2099, 0, SYSLOG_LEVEL_DEBUG3, ((void*)0), "rekey after %llu bytes, %u seconds" , (unsigned long long)bytes, (unsigned int)seconds)
2099	(unsigned int)seconds)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2099, 0, SYSLOG_LEVEL_DEBUG3, ((void*)0), "rekey after %llu bytes, %u seconds" , (unsigned long long)bytes, (unsigned int)seconds);
2100	ssh->state->rekey_limit = bytes;
2101	ssh->state->rekey_interval = seconds;
2102	}
2103
2104	time_t
2105	ssh_packet_get_rekey_timeout(struct ssh *ssh)
2106	{
2107	time_t seconds;
2108
2109	seconds = ssh->state->rekey_time + ssh->state->rekey_interval -
2110	monotime();
2111	return (seconds <= 0 ? 1 : seconds);
2112	}
2113
2114	void
2115	ssh_packet_set_server(struct ssh *ssh)
2116	{
2117	ssh->state->server_side = 1;
2118	ssh->kex->server = 1; /* XXX unify? */
2119	}
2120
2121	void
2122	ssh_packet_set_authenticated(struct ssh *ssh)
2123	{
2124	ssh->state->after_authentication = 1;
2125	}
2126
2127	void *
2128	ssh_packet_get_input(struct ssh *ssh)
2129	{
2130	return (void *)ssh->state->input;
2131	}
2132
2133	void *
2134	ssh_packet_get_output(struct ssh *ssh)
2135	{
2136	return (void *)ssh->state->output;
2137	}
2138
2139	/* Reset after_authentication and reset compression in post-auth privsep */
2140	static int
2141	ssh_packet_set_postauth(struct ssh *ssh)
2142	{
2143	int r;
2144
2145	debug_f("called")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2145, 1, SYSLOG_LEVEL_DEBUG1, ((void*)0), "called");
2146	/* This was set in net child, but is not visible in user child */
2147	ssh->state->after_authentication = 1;
2148	ssh->state->rekeying = 0;
2149	if ((r = ssh_packet_enable_delayed_compress(ssh)) != 0)
2150	return r;
2151	return 0;
2152	}
2153
2154	/* Packet state (de-)serialization for privsep */
2155
2156	/* turn kex into a blob for packet state serialization */
2157	static int
2158	kex_to_blob(struct sshbuf m, struct kex kex)
2159	{
2160	int r;
2161
2162	if ((r = sshbuf_put_u32(m, kex->we_need)) != 0 \|\|
2163	(r = sshbuf_put_cstring(m, kex->hostkey_alg)) != 0 \|\|
2164	(r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 \|\|
2165	(r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 \|\|
2166	(r = sshbuf_put_u32(m, kex->kex_type)) != 0 \|\|
2167	(r = sshbuf_put_stringb(m, kex->my)) != 0 \|\|
2168	(r = sshbuf_put_stringb(m, kex->peer)) != 0 \|\|
2169	(r = sshbuf_put_stringb(m, kex->client_version)) != 0 \|\|
2170	(r = sshbuf_put_stringb(m, kex->server_version)) != 0 \|\|
2171	(r = sshbuf_put_stringb(m, kex->session_id)) != 0 \|\|
2172	(r = sshbuf_put_u32(m, kex->flags)) != 0)
2173	return r;
2174	return 0;
2175	}
2176
2177	/* turn key exchange results into a blob for packet state serialization */
2178	static int
2179	newkeys_to_blob(struct sshbuf m, struct ssh ssh, int mode)
2180	{
2181	struct sshbuf *b;
2182	struct sshcipher_ctx *cc;
2183	struct sshcomp *comp;
2184	struct sshenc *enc;
2185	struct sshmac *mac;
2186	struct newkeys *newkey;
2187	int r;
2188
2189	if ((newkey = ssh->state->newkeys[mode]) == NULL((void*)0))
2190	return SSH_ERR_INTERNAL_ERROR-1;
2191	enc = &newkey->enc;
2192	mac = &newkey->mac;
2193	comp = &newkey->comp;
2194	cc = (mode == MODE_OUT) ? ssh->state->send_context :
2195	ssh->state->receive_context;
2196	if ((r = cipher_get_keyiv(cc, enc->iv, enc->iv_len)) != 0)
2197	return r;
2198	if ((b = sshbuf_new()) == NULL((void*)0))
2199	return SSH_ERR_ALLOC_FAIL-2;
2200	if ((r = sshbuf_put_cstring(b, enc->name)) != 0 \|\|
2201	(r = sshbuf_put_u32(b, enc->enabled)) != 0 \|\|
2202	(r = sshbuf_put_u32(b, enc->block_size)) != 0 \|\|
2203	(r = sshbuf_put_string(b, enc->key, enc->key_len)) != 0 \|\|
2204	(r = sshbuf_put_string(b, enc->iv, enc->iv_len)) != 0)
2205	goto out;
2206	if (cipher_authlen(enc->cipher) == 0) {
2207	if ((r = sshbuf_put_cstring(b, mac->name)) != 0 \|\|
2208	(r = sshbuf_put_u32(b, mac->enabled)) != 0 \|\|
2209	(r = sshbuf_put_string(b, mac->key, mac->key_len)) != 0)
2210	goto out;
2211	}
2212	if ((r = sshbuf_put_u32(b, comp->type)) != 0 \|\|
2213	(r = sshbuf_put_cstring(b, comp->name)) != 0)
2214	goto out;
2215	r = sshbuf_put_stringb(m, b);
2216	out:
2217	sshbuf_free(b);
2218	return r;
2219	}
2220
2221	/* serialize packet state into a blob */
2222	int
2223	ssh_packet_get_state(struct ssh ssh, struct sshbuf m)
2224	{
2225	struct session_state *state = ssh->state;
2226	int r;
2227
2228	if ((r = kex_to_blob(m, ssh->kex)) != 0 \|\|
2229	(r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 \|\|
2230	(r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 \|\|
2231	(r = sshbuf_put_u64(m, state->rekey_limit)) != 0 \|\|
2232	(r = sshbuf_put_u32(m, state->rekey_interval)) != 0 \|\|
2233	(r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 \|\|
2234	(r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 \|\|
2235	(r = sshbuf_put_u32(m, state->p_send.packets)) != 0 \|\|
2236	(r = sshbuf_put_u64(m, state->p_send.bytes)) != 0 \|\|
2237	(r = sshbuf_put_u32(m, state->p_read.seqnr)) != 0 \|\|
2238	(r = sshbuf_put_u64(m, state->p_read.blocks)) != 0 \|\|
2239	(r = sshbuf_put_u32(m, state->p_read.packets)) != 0 \|\|
2240	(r = sshbuf_put_u64(m, state->p_read.bytes)) != 0 \|\|
2241	(r = sshbuf_put_stringb(m, state->input)) != 0 \|\|
2242	(r = sshbuf_put_stringb(m, state->output)) != 0)
2243	return r;
2244
2245	return 0;
2246	}
2247
2248	/* restore key exchange results from blob for packet state de-serialization */
2249	static int
2250	newkeys_from_blob(struct sshbuf m, struct ssh ssh, int mode)
2251	{
2252	struct sshbuf b = NULL((void)0);
2253	struct sshcomp *comp;
2254	struct sshenc *enc;
2255	struct sshmac *mac;
2256	struct newkeys newkey = NULL((void)0);
2257	size_t keylen, ivlen, maclen;
2258	int r;
2259
2260	if ((newkey = calloc(1, sizeof(newkey))) == NULL((void)0)) {
2261	r = SSH_ERR_ALLOC_FAIL-2;
2262	goto out;
2263	}
2264	if ((r = sshbuf_froms(m, &b)) != 0)
2265	goto out;
2266	#ifdef DEBUG_PK
2267	sshbuf_dump(b, stderr(&__sF[2]));
2268	#endif
2269	enc = &newkey->enc;
2270	mac = &newkey->mac;
2271	comp = &newkey->comp;
2272
2273	if ((r = sshbuf_get_cstring(b, &enc->name, NULL((void*)0))) != 0 \|\|
2274	(r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 \|\|
2275	(r = sshbuf_get_u32(b, &enc->block_size)) != 0 \|\|
2276	(r = sshbuf_get_string(b, &enc->key, &keylen)) != 0 \|\|
2277	(r = sshbuf_get_string(b, &enc->iv, &ivlen)) != 0)
2278	goto out;
2279	if ((enc->cipher = cipher_by_name(enc->name)) == NULL((void*)0)) {
2280	r = SSH_ERR_INVALID_FORMAT-4;
2281	goto out;
2282	}
2283	if (cipher_authlen(enc->cipher) == 0) {
2284	if ((r = sshbuf_get_cstring(b, &mac->name, NULL((void*)0))) != 0)
2285	goto out;
2286	if ((r = mac_setup(mac, mac->name)) != 0)
2287	goto out;
2288	if ((r = sshbuf_get_u32(b, (u_int *)&mac->enabled)) != 0 \|\|
2289	(r = sshbuf_get_string(b, &mac->key, &maclen)) != 0)
2290	goto out;
2291	if (maclen > mac->key_len) {
2292	r = SSH_ERR_INVALID_FORMAT-4;
2293	goto out;
2294	}
2295	mac->key_len = maclen;
2296	}
2297	if ((r = sshbuf_get_u32(b, &comp->type)) != 0 \|\|
2298	(r = sshbuf_get_cstring(b, &comp->name, NULL((void*)0))) != 0)
2299	goto out;
2300	if (sshbuf_len(b) != 0) {
2301	r = SSH_ERR_INVALID_FORMAT-4;
2302	goto out;
2303	}
2304	enc->key_len = keylen;
2305	enc->iv_len = ivlen;
2306	ssh->kex->newkeys[mode] = newkey;
2307	newkey = NULL((void*)0);
2308	r = 0;
2309	out:
2310	free(newkey);
2311	sshbuf_free(b);
2312	return r;
2313	}
2314
2315	/* restore kex from blob for packet state de-serialization */
2316	static int
2317	kex_from_blob(struct sshbuf m, struct kex *kexp)
2318	{
2319	struct kex *kex;
2320	int r;
2321
2322	if ((kex = kex_new()) == NULL((void*)0))
2323	return SSH_ERR_ALLOC_FAIL-2;
2324	if ((r = sshbuf_get_u32(m, &kex->we_need)) != 0 \|\|
2325	(r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL((void*)0))) != 0 \|\|
2326	(r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 \|\|
2327	(r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 \|\|
2328	(r = sshbuf_get_u32(m, &kex->kex_type)) != 0 \|\|
2329	(r = sshbuf_get_stringb(m, kex->my)) != 0 \|\|
2330	(r = sshbuf_get_stringb(m, kex->peer)) != 0 \|\|
2331	(r = sshbuf_get_stringb(m, kex->client_version)) != 0 \|\|
2332	(r = sshbuf_get_stringb(m, kex->server_version)) != 0 \|\|
2333	(r = sshbuf_get_stringb(m, kex->session_id)) != 0 \|\|
2334	(r = sshbuf_get_u32(m, &kex->flags)) != 0)
2335	goto out;
2336	kex->server = 1;
2337	kex->done = 1;
2338	r = 0;
2339	out:
2340	if (r != 0 \|\| kexp == NULL((void*)0)) {
2341	kex_free(kex);
2342	if (kexp != NULL((void*)0))
2343	kexp = NULL((void)0);
2344	} else {
2345	kex_free(*kexp);
2346	*kexp = kex;
2347	}
2348	return r;
2349	}
2350
2351	/*
2352	* Restore packet state from content of blob 'm' (de-serialization).
2353	* Note that 'm' will be partially consumed on parsing or any other errors.
2354	*/
2355	int
2356	ssh_packet_set_state(struct ssh ssh, struct sshbuf m)
2357	{
2358	struct session_state *state = ssh->state;
2359	const u_char input, output;
2360	size_t ilen, olen;
2361	int r;
2362
2363	if ((r = kex_from_blob(m, &ssh->kex)) != 0 \|\|
2364	(r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 \|\|
2365	(r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 \|\|
2366	(r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 \|\|
2367	(r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 \|\|
2368	(r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 \|\|
2369	(r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 \|\|
2370	(r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 \|\|
2371	(r = sshbuf_get_u64(m, &state->p_send.bytes)) != 0 \|\|
2372	(r = sshbuf_get_u32(m, &state->p_read.seqnr)) != 0 \|\|
2373	(r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 \|\|
2374	(r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 \|\|
2375	(r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0)
2376	return r;
2377	/*
2378	* We set the time here so that in post-auth privsep child we
2379	* count from the completion of the authentication.
2380	*/
2381	state->rekey_time = monotime();
2382	/* XXX ssh_set_newkeys overrides p_read.packets? XXX */
2383	if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 \|\|
2384	(r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
2385	return r;
2386
2387	if ((r = ssh_packet_set_postauth(ssh)) != 0)
2388	return r;
2389
2390	sshbuf_reset(state->input);
2391	sshbuf_reset(state->output);
2392	if ((r = sshbuf_get_string_direct(m, &input, &ilen)) != 0 \|\|
2393	(r = sshbuf_get_string_direct(m, &output, &olen)) != 0 \|\|
2394	(r = sshbuf_put(state->input, input, ilen)) != 0 \|\|
2395	(r = sshbuf_put(state->output, output, olen)) != 0)
2396	return r;
2397
2398	if (sshbuf_len(m))
2399	return SSH_ERR_INVALID_FORMAT-4;
2400	debug3_f("done")sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2400, 1, SYSLOG_LEVEL_DEBUG3, ((void*)0), "done");
2401	return 0;
2402	}
2403
2404	/* NEW API */
2405
2406	/* put data to the outgoing packet */
2407
2408	int
2409	sshpkt_put(struct ssh ssh, const void v, size_t len)
2410	{
2411	return sshbuf_put(ssh->state->outgoing_packet, v, len);
2412	}
2413
2414	int
2415	sshpkt_putb(struct ssh ssh, const struct sshbuf b)
2416	{
2417	return sshbuf_putb(ssh->state->outgoing_packet, b);
2418	}
2419
2420	int
2421	sshpkt_put_u8(struct ssh *ssh, u_char val)
2422	{
2423	return sshbuf_put_u8(ssh->state->outgoing_packet, val);
2424	}
2425
2426	int
2427	sshpkt_put_u32(struct ssh *ssh, u_int32_t val)
2428	{
2429	return sshbuf_put_u32(ssh->state->outgoing_packet, val);
2430	}
2431
2432	int
2433	sshpkt_put_u64(struct ssh *ssh, u_int64_t val)
2434	{
2435	return sshbuf_put_u64(ssh->state->outgoing_packet, val);
2436	}
2437
2438	int
2439	sshpkt_put_string(struct ssh ssh, const void v, size_t len)
2440	{
2441	return sshbuf_put_string(ssh->state->outgoing_packet, v, len);
2442	}
2443
2444	int
2445	sshpkt_put_cstring(struct ssh ssh, const void v)
2446	{
2447	return sshbuf_put_cstring(ssh->state->outgoing_packet, v);
2448	}
2449
2450	int
2451	sshpkt_put_stringb(struct ssh ssh, const struct sshbuf v)
2452	{
2453	return sshbuf_put_stringb(ssh->state->outgoing_packet, v);
2454	}
2455
2456	#ifdef WITH_OPENSSL1
2457	int
2458	sshpkt_put_ec(struct ssh ssh, const EC_POINT v, const EC_GROUP *g)
2459	{
2460	return sshbuf_put_ec(ssh->state->outgoing_packet, v, g);
2461	}
2462
2463
2464	int
2465	sshpkt_put_bignum2(struct ssh ssh, const BIGNUM v)
2466	{
2467	return sshbuf_put_bignum2(ssh->state->outgoing_packet, v);
2468	}
2469	#endif /* WITH_OPENSSL */
2470
2471	/* fetch data from the incoming packet */
2472
2473	int
2474	sshpkt_get(struct ssh ssh, void valp, size_t len)
2475	{
2476	return sshbuf_get(ssh->state->incoming_packet, valp, len);
2477	}
2478
2479	int
2480	sshpkt_get_u8(struct ssh ssh, u_char valp)
2481	{
2482	return sshbuf_get_u8(ssh->state->incoming_packet, valp);
2483	}
2484
2485	int
2486	sshpkt_get_u32(struct ssh ssh, u_int32_t valp)
2487	{
2488	return sshbuf_get_u32(ssh->state->incoming_packet, valp);
2489	}
2490
2491	int
2492	sshpkt_get_u64(struct ssh ssh, u_int64_t valp)
2493	{
2494	return sshbuf_get_u64(ssh->state->incoming_packet, valp);
2495	}
2496
2497	int
2498	sshpkt_get_string(struct ssh ssh, u_char valp, size_t lenp)
2499	{
2500	return sshbuf_get_string(ssh->state->incoming_packet, valp, lenp);
2501	}
2502
2503	int
2504	sshpkt_get_string_direct(struct ssh ssh, const u_char valp, size_t lenp)
2505	{
2506	return sshbuf_get_string_direct(ssh->state->incoming_packet, valp, lenp);
2507	}
2508
2509	int
2510	sshpkt_peek_string_direct(struct ssh ssh, const u_char valp, size_t lenp)
2511	{
2512	return sshbuf_peek_string_direct(ssh->state->incoming_packet, valp, lenp);
2513	}
2514
2515	int
2516	sshpkt_get_cstring(struct ssh ssh, char valp, size_t lenp)
2517	{
2518	return sshbuf_get_cstring(ssh->state->incoming_packet, valp, lenp);
2519	}
2520
2521	int
2522	sshpkt_getb_froms(struct ssh ssh, struct sshbuf *valp)
2523	{
2524	return sshbuf_froms(ssh->state->incoming_packet, valp);
2525	}
2526
2527	#ifdef WITH_OPENSSL1
2528	int
2529	sshpkt_get_ec(struct ssh ssh, EC_POINT v, const EC_GROUP *g)
2530	{
2531	return sshbuf_get_ec(ssh->state->incoming_packet, v, g);
2532	}
2533
2534	int
2535	sshpkt_get_bignum2(struct ssh ssh, BIGNUM *valp)
2536	{
2537	return sshbuf_get_bignum2(ssh->state->incoming_packet, valp);
2538	}
2539	#endif /* WITH_OPENSSL */
2540
2541	int
2542	sshpkt_get_end(struct ssh *ssh)
2543	{
2544	if (sshbuf_len(ssh->state->incoming_packet) > 0)
2545	return SSH_ERR_UNEXPECTED_TRAILING_DATA-23;
2546	return 0;
2547	}
2548
2549	const u_char *
2550	sshpkt_ptr(struct ssh ssh, size_t lenp)
2551	{
2552	if (lenp != NULL((void*)0))
2553	*lenp = sshbuf_len(ssh->state->incoming_packet);
2554	return sshbuf_ptr(ssh->state->incoming_packet);
2555	}
2556
2557	/* start a new packet */
2558
2559	int
2560	sshpkt_start(struct ssh *ssh, u_char type)
2561	{
2562	u_char buf[6]; /* u32 packet length, u8 pad len, u8 type */
2563
2564	DBG(debug("packet_start[%d]", type));
2565	memset(buf, 0, sizeof(buf));
2566	buf[sizeof(buf) - 1] = type;
2567	sshbuf_reset(ssh->state->outgoing_packet);
2568	return sshbuf_put(ssh->state->outgoing_packet, buf, sizeof(buf));
2569	}
2570
2571	static int
2572	ssh_packet_send_mux(struct ssh *ssh)
2573	{
2574	struct session_state *state = ssh->state;
2575	u_char type, *cp;
2576	size_t len;
2577	int r;
2578
2579	if (ssh->kex)
2580	return SSH_ERR_INTERNAL_ERROR-1;
2581	len = sshbuf_len(state->outgoing_packet);
2582	if (len < 6)
2583	return SSH_ERR_INTERNAL_ERROR-1;
2584	cp = sshbuf_mutable_ptr(state->outgoing_packet);
2585	type = cp[5];
2586	if (ssh_packet_log_type(type))
2587	debug3_f("type %u", type)sshlog("/usr/src/usr.bin/ssh/ssh-keyscan/../packet.c", __func__ , 2587, 1, SYSLOG_LEVEL_DEBUG3, ((void*)0), "type %u", type);
2588	/* drop everything, but the connection protocol */
2589	if (type >= SSH2_MSG_CONNECTION_MIN80 &&
2590	type <= SSH2_MSG_CONNECTION_MAX127) {
2591	POKE_U32(cp, len - 4)do { const u_int32_t __v = (len - 4); ((u_char )(cp))[0] = ( __v >> 24) & 0xff; ((u_char )(cp))[1] = (__v >> 16) & 0xff; ((u_char )(cp))[2] = (__v >> 8) & 0xff; ((u_char )(cp))[3] = __v & 0xff; } while (0);
2592	if ((r = sshbuf_putb(state->output,
2593	state->outgoing_packet)) != 0)
2594	return r;
2595	/* sshbuf_dump(state->output, stderr); */
2596	}
2597	sshbuf_reset(state->outgoing_packet);
2598	return 0;
2599	}
2600
2601	/*
2602	* 9.2. Ignored Data Message
2603	*
2604	* byte SSH_MSG_IGNORE
2605	* string data
2606	*
2607	* All implementations MUST understand (and ignore) this message at any
2608	* time (after receiving the protocol version). No implementation is
2609	* required to send them. This message can be used as an additional
2610	* protection measure against advanced traffic analysis techniques.
2611	*/
2612	int
2613	sshpkt_msg_ignore(struct ssh *ssh, u_int nbytes)
2614	{
2615	u_int32_t rnd = 0;
2616	int r;
2617	u_int i;
2618
2619	if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE2)) != 0 \|\|
2620	(r = sshpkt_put_u32(ssh, nbytes)) != 0)
2621	return r;
2622	for (i = 0; i < nbytes; i++) {
2623	if (i % 4 == 0)
2624	rnd = arc4random();
2625	if ((r = sshpkt_put_u8(ssh, (u_char)rnd & 0xff)) != 0)
2626	return r;
2627	rnd >>= 8;
2628	}
2629	return 0;
2630	}
2631
2632	/* send it */
2633
2634	int
2635	sshpkt_send(struct ssh *ssh)
2636	{
2637	if (ssh->state && ssh->state->mux)
2638	return ssh_packet_send_mux(ssh);
2639	return ssh_packet_send2(ssh);
2640	}
2641
2642	int
2643	sshpkt_disconnect(struct ssh ssh, const char fmt,...)
2644	{
2645	char buf[1024];
2646	va_list args;
2647	int r;
2648
2649	va_start(args, fmt)__builtin_va_start(args, fmt);
2650	vsnprintf(buf, sizeof(buf), fmt, args);
2651	va_end(args)__builtin_va_end(args);
2652
2653	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT1)) != 0 \|\|
2654	(r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR2)) != 0 \|\|
2655	(r = sshpkt_put_cstring(ssh, buf)) != 0 \|\|
2656	(r = sshpkt_put_cstring(ssh, "")) != 0 \|\|
2657	(r = sshpkt_send(ssh)) != 0)
2658	return r;
2659	return 0;
2660	}
2661
2662	/* roundup current message to pad bytes */
2663	int
2664	sshpkt_add_padding(struct ssh *ssh, u_char pad)
2665	{
2666	ssh->state->extra_pad = pad;
2667	return 0;
2668	}