newkeys
if ((r = choose_enc(&newkeys->enc, cprop[nenc],
authlen = cipher_authlen(newkeys->enc.cipher);
(r = choose_mac(ssh, &newkeys->mac, cprop[nmac],
if ((r = choose_comp(&newkeys->comp, cprop[ncomp],
newkeys->enc.name,
authlen == 0 ? newkeys->mac.name : "<implicit>",
newkeys->comp.name);
newkeys = kex->newkeys[mode];
need = MAXIMUM(need, newkeys->enc.key_len);
need = MAXIMUM(need, newkeys->enc.block_size);
need = MAXIMUM(need, newkeys->enc.iv_len);
need = MAXIMUM(need, newkeys->mac.key_len);
dh_need = MAXIMUM(dh_need, cipher_seclen(newkeys->enc.cipher));
dh_need = MAXIMUM(dh_need, newkeys->enc.block_size);
dh_need = MAXIMUM(dh_need, newkeys->enc.iv_len);
dh_need = MAXIMUM(dh_need, newkeys->mac.key_len);
kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1];
kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];
kex_free_newkeys(struct newkeys *newkeys)
if (newkeys == NULL)
if (newkeys->enc.key) {
explicit_bzero(newkeys->enc.key, newkeys->enc.key_len);
free(newkeys->enc.key);
newkeys->enc.key = NULL;
if (newkeys->enc.iv) {
explicit_bzero(newkeys->enc.iv, newkeys->enc.iv_len);
free(newkeys->enc.iv);
newkeys->enc.iv = NULL;
free(newkeys->enc.name);
explicit_bzero(&newkeys->enc, sizeof(newkeys->enc));
free(newkeys->comp.name);
explicit_bzero(&newkeys->comp, sizeof(newkeys->comp));
mac_clear(&newkeys->mac);
if (newkeys->mac.key) {
explicit_bzero(newkeys->mac.key, newkeys->mac.key_len);
free(newkeys->mac.key);
newkeys->mac.key = NULL;
free(newkeys->mac.name);
explicit_bzero(&newkeys->mac, sizeof(newkeys->mac));
freezero(newkeys, sizeof(*newkeys));
kex_free_newkeys(kex->newkeys[mode]);
kex->newkeys[mode] = NULL;
struct newkeys *newkeys;
if ((newkeys = calloc(1, sizeof(*newkeys))) == NULL) {
kex->newkeys[mode] = newkeys;
struct newkeys *newkeys[MODE_MAX];
void kex_free_newkeys(struct newkeys *);
state->newkeys[MODE_OUT]->enc.block_size);
if (state->newkeys[mode] == NULL)
comp = &state->newkeys[mode]->comp;
if (state->newkeys[MODE_OUT] != NULL) {
enc = &state->newkeys[MODE_OUT]->enc;
mac = &state->newkeys[MODE_OUT]->mac;
comp = &state->newkeys[MODE_OUT]->comp;
if (state->newkeys[MODE_IN] != NULL) {
enc = &state->newkeys[MODE_IN]->enc;
mac = &state->newkeys[MODE_IN]->mac;
comp = &state->newkeys[MODE_IN]->comp;
struct newkeys *newkeys[MODE_MAX];
struct newkeys *newkey;
if ((newkey = ssh->state->newkeys[mode]) == NULL)
struct newkeys *newkey = NULL;
ssh->kex->newkeys[mode] = newkey;
state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL;
kex_free_newkeys(state->newkeys[mode]); /* current keys */
state->newkeys[mode] = NULL;
if (ssh->kex && ssh->kex->newkeys[mode]) {
kex_free_newkeys(ssh->kex->newkeys[mode]);
ssh->kex->newkeys[mode] = NULL;
if (state->newkeys[mode] != NULL) {
kex_free_newkeys(state->newkeys[mode]);
state->newkeys[mode] = NULL;
if ((state->newkeys[mode] = ssh->kex->newkeys[mode]) == NULL)
ssh->kex->newkeys[mode] = NULL;
enc = &state->newkeys[mode]->enc;
mac = &state->newkeys[mode]->mac;
comp = &state->newkeys[mode]->comp;