static int crypt_set_algorithms1(ssh_session session) { int i = 0; struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab(); /* right now, we force 3des-cbc to be taken */ while (ssh_ciphertab[i].name && strcmp(ssh_ciphertab[i].name, "3des-cbc-ssh1")) { i++; } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "cipher 3des-cbc-ssh1 not found!"); return -1; } session->next_crypto->out_cipher = cipher_new(i); if (session->next_crypto->out_cipher == NULL) { ssh_set_error(session, SSH_FATAL, "No space left"); return SSH_ERROR; } session->next_crypto->in_cipher = cipher_new(i); if (session->next_crypto->in_cipher == NULL) { ssh_set_error(session, SSH_FATAL, "No space left"); return SSH_ERROR; } return SSH_OK; }
/* it allocates a new cipher structure based on its offset into the global table */ static struct ssh_cipher_struct *cipher_new(int offset) { struct ssh_cipher_struct *cipher = NULL; cipher = malloc(sizeof(struct ssh_cipher_struct)); if (cipher == NULL) { return NULL; } /* note the memcpy will copy the pointers : so, you shouldn't free them */ memcpy(cipher, &ssh_get_ciphertab()[offset], sizeof(*cipher)); return cipher; }
int crypt_set_algorithms_server(ssh_session session){ const char *method = NULL; int i = 0; struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab(); struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab(); if (session == NULL) { return SSH_ERROR; } /* * We must scan the kex entries to find crypto algorithms and set their * appropriate structure */ /* out */ method = session->next_crypto->kex_methods[SSH_CRYPT_S_C]; for (i = 0; ssh_ciphertab[i].name != NULL; i++) { int cmp; cmp = strcmp(method, ssh_ciphertab[i].name); if (cmp == 0) { break; } } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session,SSH_FATAL,"crypt_set_algorithms_server : " "no crypto algorithm function found for %s",method); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET,"Set output algorithm %s",method); session->next_crypto->out_cipher = cipher_new(i); if (session->next_crypto->out_cipher == NULL) { ssh_set_error_oom(session); return SSH_ERROR; } i=0; if (session->next_crypto->out_cipher->aead_encrypt != NULL){ /* this cipher has integrated MAC */ method = "aead-poly1305"; } else { /* we must scan the kex entries to find hmac algorithms and set their appropriate structure */ /* out */ method = session->next_crypto->kex_methods[SSH_MAC_S_C]; } /* HMAC algorithm selection */ while (ssh_hmactab[i].name && strcmp(method, ssh_hmactab[i].name)) { i++; } if (ssh_hmactab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "crypt_set_algorithms_server: no hmac algorithm function found for %s", method); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", method); session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type; /* in */ i=0; method = session->next_crypto->kex_methods[SSH_CRYPT_C_S]; for (i = 0; ssh_ciphertab[i].name; i++) { int cmp; cmp = strcmp(method, ssh_ciphertab[i].name); if (cmp == 0) { break; } } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server :" "no crypto algorithm function found for %s",method); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET,"Set input algorithm %s",method); session->next_crypto->in_cipher = cipher_new(i); if (session->next_crypto->in_cipher == NULL) { ssh_set_error_oom(session); return SSH_ERROR; } i=0; if (session->next_crypto->in_cipher->aead_encrypt != NULL){ /* this cipher has integrated MAC */ method = "aead-poly1305"; } else { /* we must scan the kex entries to find hmac algorithms and set their appropriate structure */ method = session->next_crypto->kex_methods[SSH_MAC_C_S]; } for (i = 0; ssh_hmactab[i].name != NULL; i++) { int cmp; cmp = strcmp(method, ssh_hmactab[i].name); if (cmp == 0) { break; } } if (ssh_hmactab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "crypt_set_algorithms_server: no hmac algorithm function found for %s", method); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", method); session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type; i=0; /* compression */ method = session->next_crypto->kex_methods[SSH_COMP_C_S]; if(strcmp(method,"zlib") == 0){ SSH_LOG(SSH_LOG_PACKET,"enabling C->S compression"); session->next_crypto->do_compress_in=1; } if(strcmp(method,"*****@*****.**") == 0){ SSH_LOG(SSH_LOG_PACKET,"enabling C->S delayed compression"); if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) { session->next_crypto->do_compress_in = 1; } else { session->next_crypto->delayed_compress_in = 1; } } method = session->next_crypto->kex_methods[SSH_COMP_S_C]; if(strcmp(method,"zlib") == 0){ SSH_LOG(SSH_LOG_PACKET, "enabling S->C compression"); session->next_crypto->do_compress_out=1; } if(strcmp(method,"*****@*****.**") == 0){ SSH_LOG(SSH_LOG_PACKET,"enabling S->C delayed compression"); if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) { session->next_crypto->do_compress_out = 1; } else { session->next_crypto->delayed_compress_out = 1; } } method = session->next_crypto->kex_methods[SSH_HOSTKEYS]; session->srv.hostkey = ssh_key_type_from_name(method); return SSH_OK; }
static int crypt_set_algorithms2(ssh_session session){ const char *wanted; int i = 0; struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab(); struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab(); int cmp; /* * We must scan the kex entries to find crypto algorithms and set their * appropriate structure. */ /* out */ wanted = session->next_crypto->kex_methods[SSH_CRYPT_C_S]; while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) { i++; } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "crypt_set_algorithms2: no crypto algorithm function found for %s", wanted); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET, "Set output algorithm to %s", wanted); session->next_crypto->out_cipher = cipher_new(i); if (session->next_crypto->out_cipher == NULL) { ssh_set_error_oom(session); return SSH_ERROR; } i = 0; if (session->next_crypto->out_cipher->aead_encrypt != NULL){ /* this cipher has integrated MAC */ wanted = "aead-poly1305"; } else { /* * We must scan the kex entries to find hmac algorithms and set their * appropriate structure. */ /* out */ wanted = session->next_crypto->kex_methods[SSH_MAC_C_S]; } for (i = 0; ssh_hmactab[i].name != NULL; i++) { cmp = strcmp(wanted, ssh_hmactab[i].name); if (cmp == 0) { break; } } if (ssh_hmactab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "crypt_set_algorithms2: no hmac algorithm function found for %s", wanted); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", wanted); session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type; /* in */ wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C]; for (i = 0; ssh_ciphertab[i].name != NULL; i++) { cmp = strcmp(wanted, ssh_ciphertab[i].name); if (cmp == 0) { break; } } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "Crypt_set_algorithms: no crypto algorithm function found for %s", wanted); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET, "Set input algorithm to %s", wanted); session->next_crypto->in_cipher = cipher_new(i); if (session->next_crypto->in_cipher == NULL) { ssh_set_error_oom(session); return SSH_ERROR; } if (session->next_crypto->in_cipher->aead_encrypt != NULL){ /* this cipher has integrated MAC */ wanted = "aead-poly1305"; } else { /* we must scan the kex entries to find hmac algorithms and set their appropriate structure */ wanted = session->next_crypto->kex_methods[SSH_MAC_S_C]; } for (i = 0; ssh_hmactab[i].name != NULL; i++) { cmp = strcmp(wanted, ssh_hmactab[i].name); if (cmp == 0) { break; } } if (ssh_hmactab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "crypt_set_algorithms2: no hmac algorithm function found for %s", wanted); return SSH_ERROR; } SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", wanted); session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type; i = 0; /* compression */ if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib") == 0) { session->next_crypto->do_compress_out = 1; } if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib") == 0) { session->next_crypto->do_compress_in = 1; } if (strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "*****@*****.**") == 0) { session->next_crypto->delayed_compress_out = 1; } if (strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "*****@*****.**") == 0) { session->next_crypto->delayed_compress_in = 1; } return SSH_OK; }
// TODO Obviously too much cut and paste here int crypt_set_algorithms_server(ssh_session session){ char *server = NULL; char *client = NULL; char *match = NULL; int i = 0; struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab(); if (session == NULL) { return SSH_ERROR; } /* we must scan the kex entries to find crypto algorithms and set their appropriate structure */ enter_function(); /* out */ server = session->server_kex.methods[SSH_CRYPT_S_C]; if(session->client_kex.methods) { client = session->client_kex.methods[SSH_CRYPT_S_C]; } else { ssh_log(session,SSH_LOG_PROTOCOL, "Client KEX empty"); } /* That's the client algorithms that are more important */ match = ssh_find_matching(server,client); if(!match){ ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server); free(match); leave_function(); return SSH_ERROR; } while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name)) i++; if(!ssh_ciphertab[i].name){ ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server); free(match); leave_function(); return SSH_ERROR; } ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",match); SAFE_FREE(match); session->next_crypto->out_cipher = cipher_new(i); if (session->next_crypto->out_cipher == NULL) { ssh_set_error(session, SSH_FATAL, "No space left"); leave_function(); return SSH_ERROR; } i=0; /* in */ client=session->client_kex.methods[SSH_CRYPT_C_S]; server=session->server_kex.methods[SSH_CRYPT_S_C]; match=ssh_find_matching(server,client); if(!match){ ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server); free(match); leave_function(); return SSH_ERROR; } while(ssh_ciphertab[i].name && strcmp(match,ssh_ciphertab[i].name)) i++; if(!ssh_ciphertab[i].name){ ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no crypto algorithm function found for %s",server); free(match); leave_function(); return SSH_ERROR; } ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",match); SAFE_FREE(match); session->next_crypto->in_cipher = cipher_new(i); if (session->next_crypto->in_cipher == NULL) { ssh_set_error(session, SSH_FATAL, "No space left"); leave_function(); return SSH_ERROR; } /* compression */ client=session->client_kex.methods[SSH_CRYPT_C_S]; server=session->server_kex.methods[SSH_CRYPT_C_S]; match=ssh_find_matching(server,client); if(match && !strcmp(match,"zlib")){ ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression"); session->next_crypto->do_compress_in=1; } SAFE_FREE(match); client=session->client_kex.methods[SSH_CRYPT_S_C]; server=session->server_kex.methods[SSH_CRYPT_S_C]; match=ssh_find_matching(server,client); if(match && !strcmp(match,"zlib")){ ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n"); session->next_crypto->do_compress_out=1; } SAFE_FREE(match); server=session->server_kex.methods[SSH_HOSTKEYS]; client=session->client_kex.methods[SSH_HOSTKEYS]; match=ssh_find_matching(server,client); if(match && !strcmp(match,"ssh-dss")) session->hostkeys=SSH_KEYTYPE_DSS; else if(match && !strcmp(match,"ssh-rsa")) session->hostkeys=SSH_KEYTYPE_RSA; else { ssh_set_error(session, SSH_FATAL, "Cannot know what %s is into %s", match ? match : NULL, server); SAFE_FREE(match); leave_function(); return SSH_ERROR; } SAFE_FREE(match); leave_function(); return SSH_OK; }
static int crypt_set_algorithms2(ssh_session session){ const char *wanted; int i = 0; struct crypto_struct *ssh_ciphertab=ssh_get_ciphertab(); /* we must scan the kex entries to find crypto algorithms and set their appropriate structure */ /* out */ wanted = session->client_kex.methods[SSH_CRYPT_C_S]; while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) { i++; } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "Crypt_set_algorithms2: no crypto algorithm function found for %s", wanted); return SSH_ERROR; } ssh_log(session, SSH_LOG_PACKET, "Set output algorithm to %s", wanted); session->next_crypto->out_cipher = cipher_new(i); if (session->next_crypto->out_cipher == NULL) { ssh_set_error(session, SSH_FATAL, "No space left"); return SSH_ERROR; } i = 0; /* in */ wanted = session->client_kex.methods[SSH_CRYPT_S_C]; while (ssh_ciphertab[i].name && strcmp(wanted, ssh_ciphertab[i].name)) { i++; } if (ssh_ciphertab[i].name == NULL) { ssh_set_error(session, SSH_FATAL, "Crypt_set_algorithms: no crypto algorithm function found for %s", wanted); return SSH_ERROR; } ssh_log(session, SSH_LOG_PACKET, "Set input algorithm to %s", wanted); session->next_crypto->in_cipher = cipher_new(i); if (session->next_crypto->in_cipher == NULL) { ssh_set_error(session, SSH_FATAL, "Not enough space"); return SSH_ERROR; } /* compression */ if (strcmp(session->client_kex.methods[SSH_COMP_C_S], "zlib") == 0) { session->next_crypto->do_compress_out = 1; } if (strcmp(session->client_kex.methods[SSH_COMP_S_C], "zlib") == 0) { session->next_crypto->do_compress_in = 1; } if (strcmp(session->client_kex.methods[SSH_COMP_C_S], "*****@*****.**") == 0) { session->next_crypto->delayed_compress_out = 1; } if (strcmp(session->client_kex.methods[SSH_COMP_S_C], "*****@*****.**") == 0) { session->next_crypto->delayed_compress_in = 1; } return SSH_OK; }
/** @internal * @brief encrypts an ed25519 private key blob * */ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, const char* passphrase, const char *ciphername, const char *kdfname, ssh_auth_callback auth_fn, void *auth_data, uint32_t rounds, ssh_string salt) { struct ssh_cipher_struct *ciphers = ssh_get_ciphertab(); struct ssh_cipher_struct cipher; uint8_t key_material[128]; size_t key_material_len; char passphrase_buffer[128]; int rc; int i; uint8_t padding = 1; int cmp; cmp = strcmp(ciphername, "none"); if (cmp == 0){ /* no encryption required */ return SSH_OK; } for (i = 0; ciphers[i].name != NULL; i++) { cmp = strcmp(ciphername, ciphers[i].name); if (cmp == 0){ memcpy(&cipher, &ciphers[i], sizeof(cipher)); break; } } if (ciphers[i].name == NULL){ SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername); return SSH_ERROR; } cmp = strcmp(kdfname, "bcrypt"); if (cmp != 0){ SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); return SSH_ERROR; } while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) { rc = buffer_add_u8(privkey_buffer, padding); if (rc < 0) { return SSH_ERROR; } padding++; } /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)){ ssh_pki_log("Key material too big"); return SSH_ERROR; } ssh_pki_log("Encryption: %d key, %d IV, %d rounds, %zu bytes salt", cipher.keysize/8, cipher.blocksize, rounds, ssh_string_len(salt)); if (passphrase == NULL){ if (auth_fn == NULL){ ssh_pki_log("No passphrase provided"); return SSH_ERROR; } rc = auth_fn("Passphrase", passphrase_buffer, sizeof(passphrase_buffer), 0, 0, auth_data); if (rc != SSH_OK){ return SSH_ERROR; } passphrase = passphrase_buffer; } rc = bcrypt_pbkdf(passphrase, strlen(passphrase), ssh_string_data(salt), ssh_string_len(salt), key_material, key_material_len, rounds); if (rc < 0){ return SSH_ERROR; } cipher.set_encrypt_key(&cipher, key_material, key_material + cipher.keysize/8); cipher.encrypt(&cipher, ssh_buffer_get_begin(privkey_buffer), ssh_buffer_get_begin(privkey_buffer), ssh_buffer_get_len(privkey_buffer)); ssh_cipher_clear(&cipher); BURN_BUFFER(passphrase_buffer, sizeof(passphrase_buffer)); return SSH_OK; }
/** * @brief decrypts an encrypted ed25519 private key blob * */ static int pki_private_key_decrypt(ssh_string blob, const char* passphrase, const char *ciphername, const char *kdfname, ssh_string kdfoptions, ssh_auth_callback auth_fn, void *auth_data) { struct ssh_cipher_struct *ciphers = ssh_get_ciphertab(); struct ssh_cipher_struct cipher; uint8_t key_material[128]; char passphrase_buffer[128]; size_t key_material_len; ssh_buffer buffer; ssh_string salt; uint32_t rounds; int cmp; int rc; int i; cmp = strcmp(ciphername, "none"); if (cmp == 0){ /* no decryption required */ return SSH_OK; } for (i = 0; ciphers[i].name != NULL; i++) { cmp = strcmp(ciphername, ciphers[i].name); if (cmp == 0){ memcpy(&cipher, &ciphers[i], sizeof(cipher)); break; } } if (ciphers[i].name == NULL){ SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername); return SSH_ERROR; } cmp = strcmp(kdfname, "bcrypt"); if (cmp != 0) { SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); return SSH_ERROR; } if (ssh_string_len(blob) % cipher.blocksize != 0) { SSH_LOG(SSH_LOG_WARN, "Encrypted string not multiple of blocksize: %zu", ssh_string_len(blob)); return SSH_ERROR; } buffer = ssh_buffer_new(); if (buffer == NULL){ return SSH_ERROR; } rc = ssh_buffer_add_data(buffer, ssh_string_data(kdfoptions), ssh_string_len(kdfoptions)); if (rc != SSH_ERROR){ rc = ssh_buffer_unpack(buffer, "Sd", &salt, &rounds); } ssh_buffer_free(buffer); if (rc == SSH_ERROR){ return SSH_ERROR; } /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)) { ssh_pki_log("Key material too big"); return SSH_ERROR; } ssh_pki_log("Decryption: %d key, %d IV, %d rounds, %zu bytes salt", cipher.keysize/8, cipher.blocksize, rounds, ssh_string_len(salt)); if (passphrase == NULL) { if (auth_fn == NULL) { SAFE_FREE(salt); ssh_pki_log("No passphrase provided"); return SSH_ERROR; } rc = auth_fn("Passphrase", passphrase_buffer, sizeof(passphrase_buffer), 0, 0, auth_data); if (rc != SSH_OK) { SAFE_FREE(salt); return SSH_ERROR; } passphrase = passphrase_buffer; } rc = bcrypt_pbkdf(passphrase, strlen(passphrase), ssh_string_data(salt), ssh_string_len(salt), key_material, key_material_len, rounds); SAFE_FREE(salt); if (rc < 0){ return SSH_ERROR; } BURN_BUFFER(passphrase_buffer, sizeof(passphrase_buffer)); cipher.set_decrypt_key(&cipher, key_material, key_material + cipher.keysize/8); cipher.decrypt(&cipher, ssh_string_data(blob), ssh_string_data(blob), ssh_string_len(blob)); ssh_cipher_clear(&cipher); return SSH_OK; }
int crypt_set_algorithms_server(ssh_session session){ char *method = NULL; int i = 0; int rc = SSH_ERROR; struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab(); if (session == NULL) { return SSH_ERROR; } /* we must scan the kex entries to find crypto algorithms and set their appropriate structure */ enter_function(); /* out */ method = session->next_crypto->kex_methods[SSH_CRYPT_S_C]; while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name)) i++; if(!ssh_ciphertab[i].name){ ssh_set_error(session,SSH_FATAL,"crypt_set_algorithms_server : " "no crypto algorithm function found for %s",method); goto error; } ssh_log(session,SSH_LOG_PACKET,"Set output algorithm %s",method); session->next_crypto->out_cipher = cipher_new(i); if (session->next_crypto->out_cipher == NULL) { ssh_set_error_oom(session); goto error; } i=0; /* in */ method = session->next_crypto->kex_methods[SSH_CRYPT_C_S]; while(ssh_ciphertab[i].name && strcmp(method,ssh_ciphertab[i].name)) i++; if(!ssh_ciphertab[i].name){ ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server :" "no crypto algorithm function found for %s",method); goto error; } ssh_log(session,SSH_LOG_PACKET,"Set input algorithm %s",method); session->next_crypto->in_cipher = cipher_new(i); if (session->next_crypto->in_cipher == NULL) { ssh_set_error_oom(session); goto error; } /* compression */ method = session->next_crypto->kex_methods[SSH_CRYPT_C_S]; if(strcmp(method,"zlib") == 0){ ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression"); session->next_crypto->do_compress_in=1; } if(strcmp(method,"*****@*****.**") == 0){ ssh_set_error(session,SSH_FATAL,"[email protected] not supported"); goto error; } method = session->next_crypto->kex_methods[SSH_CRYPT_S_C]; if(strcmp(method,"zlib") == 0){ ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n"); session->next_crypto->do_compress_out=1; } if(strcmp(method,"*****@*****.**") == 0){ ssh_set_error(session,SSH_FATAL,"[email protected] not supported"); goto error; } method = session->next_crypto->kex_methods[SSH_HOSTKEYS]; session->srv.hostkey = ssh_key_type_from_name(method); rc = SSH_OK; error: leave_function(); return rc; }