Bump version to 0.10.6

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
CVE-2023-6918: tests: Code coverage for ssh_get_pubkey_hash()
2026-02-04 12:20:42 +09:00 · 2023-12-18 17:43:48 +01:00 · 2023-12-18 17:43:48 +01:00 · 2023-12-18 17:43:48 +01:00 · 2023-12-18 17:43:48 +01:00 · 2023-12-18 17:43:48 +01:00
181 changed files with 9440 additions and 3657 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,14 +2,16 @@
 variables:
  BUILD_IMAGES_PROJECT: libssh/build-images
  CENTOS7_BUILD: buildenv-centos7
-  COVERITY_BUILD: buildenv-coverity
+  CENTOS8_BUILD: buildenv-c8s
+  CENTOS9_BUILD: buildenv-c9s
  FEDORA_BUILD: buildenv-fedora
  MINGW_BUILD: buildenv-mingw
  TUMBLEWEED_BUILD: buildenv-tumbleweed
  UBUNTU_BUILD: buildenv-ubuntu
-  RAWHIDE_BUILD: buildenv-rawhide
+  ALPINE_BUILD: buildenv-alpine

 stages:
+  - review
  - build
  - test
  - analysis
@@ -61,18 +63,27 @@ stages:
  variables:
    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON

-.fedora_rawhide:
-  extends: .fedora
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$RAWHIDE_BUILD
-  before_script:
-    - *build
-    # Legacy cp is needed for SHA1 tests to pass
-    - update-crypto-policies --set LEGACY
-
 .tumbleweed:
  extends: .tests
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD

+.fips:
+  extends: .tests
+  variables:
+    # DSA is turned off in fips mode
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON -DWITH_DSA=OFF
+  before_script:
+    - *build
+    - echo "# userspace fips" > /etc/system-fips
+    # We do not need the kernel part, but in case we ever do:
+    # mkdir -p /var/tmp/userspace-fips
+    # echo 1 > /var/tmp/userspace-fips/fips_enabled
+    # mount --bind /var/tmp/userspace-fips/fips_enabled \
+    # /proc/sys/crypto/fips_enabled
+    - update-crypto-policies --show
+    - update-crypto-policies --set FIPS
+    - update-crypto-policies --show
+

 ###############################################################################
 #                               CentOS builds                                 #
@@ -86,6 +97,43 @@ centos7/openssl_1.0.x/x86_64:
      make -j$(nproc) &&
      ctest --output-on-failure

+centos9s/openssl_3.0.x/x86_64:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
+  extends: .tests
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON
+  script:
+    - export OPENSSL_ENABLE_SHA1_SIGNATURES=1
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      ctest --output-on-failure
+
+centos9s/openssl_3.0.x/x86_64/fips:
+  extends: .fips
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
+  script:
+    - export OPENSSL_ENABLE_SHA1_SIGNATURES=1
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
+
+centos8s/openssl_1.1.1/x86_64:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
+  extends: .tests
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON
+  script:
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      ctest --output-on-failure
+
+centos8s/openssl_1.1.1/x86_64/fips:
+  extends: .fips
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
+  script:
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure

 ###############################################################################
 #                               Fedora builds                                 #
@@ -104,81 +152,13 @@ fedora/ninja:
  extends: .fedora
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
  script:
-    - cmake -G Ninja $CMAKE_OPTIONS ../ && ninja && ninja test
+    - cmake -G Ninja $CMAKE_OPTIONS ../ && ninja && CTEST_OUTPUT_ON_FAILURE=1 ninja test

-fedora/openssl_1.1.x/x86_64:
+fedora/openssl_3.0.x/x86_64:
  extends: .fedora

-fedora/openssl_1.1.x/x86_64/fips:
+fedora/openssl_3.0.x/x86_64/minimal:
  extends: .fedora
-  before_script:
-    - echo "# userspace fips" > /etc/system-fips
-    # We do not need the kernel part, but in case we ever do:
-    # mkdir -p /var/tmp/userspace-fips
-    # echo 1 > /var/tmp/userspace-fips/fips_enabled
-    # mount --bind /var/tmp/userspace-fips/fips_enabled \
-    # /proc/sys/crypto/fips_enabled
-    - update-crypto-policies --show
-    - update-crypto-policies --set FIPS
-    - update-crypto-policies --show
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_BLOWFISH_CIPHER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
-  script:
-    - cmake $CMAKE_OPTIONS .. &&
-      make -j$(nproc) &&
-      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
-
-fedora/openssl_1.1.x/x86_64/minimal:
-  extends: .fedora
-  variables:
-  script:
-    - cmake $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=OFF
-      -DWITH_SERVER=OFF
-      -DWITH_ZLIB=OFF
-      -DWITH_PCAP=OFF
-      -DWITH_DSA=OFF
-      -DUNIT_TESTING=ON
-      -DCLIENT_TESTING=ON
-      -DWITH_GEX=OFF .. &&
-      make -j$(nproc)
-
-fedora/openssl_3.0/x86_64:
-  extends: .fedora_rawhide
-
-fedora/openssl_3.0/x86_64/fips:
-  extends: .fedora_rawhide
-  before_script:
-    - echo "# userspace fips" > /etc/system-fips
-    # We do not need the kernel part, but in case we ever do:
-    # mkdir -p /var/tmp/userspace-fips
-    # echo 1 > /var/tmp/userspace-fips/fips_enabled
-    # mount --bind /var/tmp/userspace-fips/fips_enabled \
-    # /proc/sys/crypto/fips_enabled
-    - update-crypto-policies --show
-    - update-crypto-policies --set FIPS
-    - update-crypto-policies --show
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_BLOWFISH_CIPHER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
-  script:
-    - cmake $CMAKE_OPTIONS .. &&
-      make -j$(nproc) &&
-      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
-
-fedora/openssl_3.0/x86_64/minimal:
-  extends: .fedora_rawhide
  variables:
  script:
    - cmake $CMAKE_DEFAULT_OPTIONS
@@ -316,19 +296,8 @@ fedora/mingw32:
    paths:
      - obj-csbuild/

-fedora/csbuild/openssl_1.1.x:
-  extends: .csbuild
-  script:
-    - csbuild
-      --build-dir=obj-csbuild
-      --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
-      --git-commit-range $CI_COMMIT_RANGE
-      --color
-      --print-current --print-fixed
-
 fedora/csbuild/openssl_3.0.x:
  extends: .csbuild
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$RAWHIDE_BUILD
  script:
    - csbuild
      --build-dir=obj-csbuild
@@ -361,20 +330,37 @@ fedora/csbuild/mbedtls:
 ###############################################################################
 #                               Ubuntu builds                                 #
 ###############################################################################
-ubuntu/openssl_1.1.x/x86_64:
+ubuntu/openssl_3.0.x/x86_64:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
  extends: .tests


+###############################################################################
+#                               Alpine builds                                 #
+###############################################################################
+alpine/openssl_3.0.x/musl:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD
+  extends: .tests
+  script:
+    - cmake $CMAKE_DEFAULT_OPTIONS
+      -DWITH_SFTP=ON
+      -DWITH_SERVER=ON
+      -DWITH_ZLIB=ON
+      -DWITH_PCAP=ON
+      -DUNIT_TESTING=ON .. &&
+      make -j$(nproc) &&
+      ctest --output-on-failure
+
+
 ###############################################################################
 #                             Tumbleweed builds                               #
 ###############################################################################
-tumbleweed/openssl_1.1.x/x86_64/gcc:
+tumbleweed/openssl_3.0.x/x86_64/gcc:
  extends: .tumbleweed
  variables:
    CMAKE_ADDITIONAL_OPTIONS: "-DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"

-tumbleweed/openssl_1.1.x/x86/gcc:
+tumbleweed/openssl_3.0.x/x86/gcc:
  extends: .tumbleweed
  script:
    - cmake
@@ -385,14 +371,15 @@ tumbleweed/openssl_1.1.x/x86/gcc:
      -DWITH_ZLIB=ON
      -DWITH_PCAP=ON
      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON ..
+      -DUNIT_TESTING=ON .. &&
+      make -j$(nproc)

-tumbleweed/openssl_1.1.x/x86_64/gcc7:
+tumbleweed/openssl_3.0.x/x86_64/gcc7:
  extends: .tumbleweed
  variables:
    CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"

-tumbleweed/openssl_1.1.x/x86/gcc7:
+tumbleweed/openssl_3.0.x/x86/gcc7:
  extends: .tumbleweed
  script:
    - cmake
@@ -405,7 +392,7 @@ tumbleweed/openssl_1.1.x/x86/gcc7:
      make -j$(nproc) &&
      ctest --output-on-failure

-tumbleweed/openssl_1.1.x/x86_64/clang:
+tumbleweed/openssl_3.0.x/x86_64/clang:
  extends: .tumbleweed
  variables:
    CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
@@ -437,7 +424,7 @@ tumbleweed/static-analysis:
 ###############################################################################
 # That is a specific runner that we cannot enable universally.
 # We restrict it to builds under the $BUILD_IMAGES_PROJECT project.
-freebsd/x86_64:
+freebsd/openssl_1.1.1/x86_64:
  image:
  extends: .tests
  before_script:
@@ -490,8 +477,6 @@ freebsd/x86_64:
    paths:
      - obj/
  before_script:
-    - choco install --no-progress -y cmake
-    - $env:Path += ';C:\Program Files\CMake\bin'
    - If (!(test-path .vcpkg\archives)) { mkdir -p .vcpkg\archives }
    - $env:VCPKG_DEFAULT_BINARY_CACHE="$PWD\.vcpkg\archives"
    - echo $env:VCPKG_DEFAULT_BINARY_CACHE
@@ -531,7 +516,7 @@ visualstudio/x86:

 coverity:
  stage: analysis
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$COVERITY_BUILD
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
  script:
    - mkdir obj && cd obj
    - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
@@ -561,3 +546,14 @@ coverity:
    when: on_failure
    paths:
      - obj/cov-int/*.txt
+
+###############################################################################
+#                                 Codespell                                   #
+###############################################################################
+codespell:
+  stage: review
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+  script:
+    - codespell --ignore-words-list=keypair,sorce,ned,nd,ue
+  tags:
+    - shared
--- a/79
+++ b/79
@@ -1,7 +1,57 @@
 CHANGELOG
 =========
+version 0.10.6 (released 2023-12-18)
+ * Fix CVE-2023-6004: Command injection using proxycommand
+ * Fix CVE-2023-48795: Potential downgrade attack using strict kex
+ * Fix CVE-2023-6918: Missing checks for return values of MD functions
+ * Fix ssh_send_issue_banner() for CMD(PowerShell)
+ * Avoid passing other events to callbacks when poll is called recursively (#202)
+ * Allow @ in usernames when parsing from URI composes

-version 0.10.0 (released 2022-07-xx)
+version 0.10.5 (released 2023-05-04)
+ * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing
+ * Fix CVE-2023-2283: a possible authorization bypass in
+   pki_verify_data_signature under low-memory conditions.
+ * Fix several memory leaks in GSSAPI handling code
+ * Escape braces in ProxyCommand created from ProxyJump options for zsh
+   compatibility.
+ * Fix pkg-config path relocation for MinGW
+ * Improve doxygen documentation
+ * Fix build with cygwin due to the glob support
+ * Do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYS
+ * Add support for SSH_SUPPRESS_DEPRECATED
+ * Avoid functions declarations without prototype to build with clang 15
+ * Fix spelling issues
+ * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles repetitively
+ * Add support sk-* keys through configuration
+ * Improve checking for Argp library
+ * Log information about received extensions
+ * Correctly handle rekey with delayed compression
+ * Move the EC keys handling to OpenSSL 3.0 API
+ * Record peer disconnect message
+ * Avoid deadlock when write buffering occurs and we call poll recursively to
+   flush the output buffer
+ * Disable preauthentication compression by default
+ * Add CentOS 8 Stream / OpenSSL 1.1.1 to CI
+ * Add accidentally removed default compile flags
+ * Solve incorrect parsing of ProxyCommand option
+
+version 0.10.4 (released 2022-09-07)
+  * Fixed issues with KDF on big endian
+
+version 0.10.3 (released 2022-09-05)
+  * Fixed possible infinite loop in known hosts checking
+
+version 0.10.2 (released 2022-09-02)
+  * Fixed tilde expansion when handling include directives
+  * Fixed building the shared torture library
+  * Made rekey test more robust (fixes running on i586 build systems e.g koji)
+
+version 0.10.1 (released 2022-08-30)
+  * Fixed proxycommand support
+  * Fixed musl libc support
+
+version 0.10.0 (released 2022-08-26)
  * Added support for OpenSSL 3.0
  * Added support for mbedTLS 3
  * Added support for Smart Cards  (through openssl pkcs11 engine)
@@ -25,6 +75,9 @@ version 0.10.0 (released 2022-07-xx)
  * Deprecated old pubkey, privatekey API
  * Avoided some needless large stack buffers to minimize memory footprint
  * Removed support for OpenSSL < 1.0.1
+  * Fixed parsing username@host in login name
+  * Free global init mutex in the destructor on Windows
+  * Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats

 version 0.9.6 (released 2021-08-26)
  * CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
@@ -57,7 +110,7 @@ version 0.9.4 (released 2020-04-09)
  * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
    AES-CTR keys with OpenSSL
  * Added diffie-hellman-group14-sha256
-  * Fixed serveral possible memory leaks
+  * Fixed several possible memory leaks

 version 0.9.3 (released 2019-12-10)
  * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
@@ -208,7 +261,7 @@ version 0.6.1 (released 2014-02-08)
  * Fixed DSA signature extraction.
  * Fixed some memory leaks.
  * Fixed read of non-connected socket.
-  * Fixed thread dectection.
+  * Fixed thread detection.

 version 0.6.0 (released 2014-01-08)
  * Added new publicy key API.
@@ -233,7 +286,7 @@ version 0.6.0 (released 2014-01-08)
 version 0.5.5 (released 2013-07-26)
  * BUG 103: Fix ProxyCommand parsing.
  * Fix setting -D_FORTIFY_SOURCE=2.
-  * Fix pollset error return if emtpy.
+  * Fix pollset error return if empty.
  * Fix NULL pointer checks in channel functions.
  * Several bugfixes.

@@ -249,7 +302,7 @@ version 0.5.3 (released 2012-11-20)
  * BUG #84 - Fix bug in sftp_mkdir not returning on error.
  * BUG #85 - Fixed a possible channel infinite loop if the connection dropped.
  * BUG #88 - Added missing channel request_state and set it to accepted.
-  * BUG #89 - Reset error state to no error on successful SSHv1 authentiction.
+  * BUG #89 - Reset error state to no error on successful SSHv1 authentication.
  * Fixed a possible use after free in ssh_free().
  * Fixed multiple possible NULL pointer dereferences.
  * Fixed multiple memory leaks in error paths.
@@ -310,7 +363,7 @@ version 0.4.7 (released 2010-12-28)
  * Fixed a possible memory leak in ssh_get_user_home().
  * Fixed a memory leak in sftp_xstat.
  * Fixed uninitialized fd->revents member.
-  * Fixed timout value in ssh_channel_accept().
+  * Fixed timeout value in ssh_channel_accept().
  * Fixed length checks in ssh_analyze_banner().
  * Fixed a possible data overread and crash bug.
  * Fixed setting max_fd which breaks ssh_select().
@@ -333,7 +386,7 @@ version 0.4.5 (released 2010-07-13)
  * Added option to bind a client to an ip address.
  * Fixed the ssh socket polling function.
  * Fixed Windows related bugs in bsd_poll().
-  * Fixed serveral build warnings.
+  * Fixed several build warnings.

 version 0.4.4 (released 2010-06-01)
  * Fixed a bug in the expand function for escape sequences.
@@ -352,17 +405,17 @@ version 0.4.3 (released 2010-05-18)
  * Fixed sftp_chown.
  * Fixed sftp_rename on protocol version 3.
  * Fixed a blocking bug in channel_poll.
-  * Fixed config parsing wich has overwritten user specified values.
+  * Fixed config parsing which has overwritten user specified values.
  * Fixed hashed [host]:port format in knownhosts
  * Fixed Windows build.
-  * Fixed doublefree happening after a negociation error.
+  * Fixed doublefree happening after a negotiation error.
  * Fixed aes*-ctr with <= OpenSSL 0.9.7b.
  * Fixed some documentation.
  * Fixed exec example which has broken read usage.
  * Fixed broken algorithm choice for server.
  * Fixed a typo that we don't export all symbols.
  * Removed the unneeded dependency to doxygen.
-  * Build examples only on the Linux plattform.
+  * Build examples only on the Linux platform.

 version 0.4.2 (released 2010-03-15)
  * Added owner and group information in sftp attributes.
@@ -384,7 +437,7 @@ version 0.4.1 (released 2010-02-13)
  * Added an example for exec.
  * Added private key type detection feature in privatekey_from_file().
  * Fixed zlib compression fallback.
-  * Fixed kex bug that client preference should be prioritary
+  * Fixed kex bug that client preference should be priority
  * Fixed known_hosts file set by the user.
  * Fixed a memleak in channel_accept().
  * Fixed underflow when leave_function() are unbalanced
@@ -522,7 +575,7 @@ version 0.11-dev
  * Keyboard-interactive authentication working.

 version 0.1 (released 2004-03-05)
-  * Begining of sftp subsystem implementation.
+  * Beginning of sftp subsystem implementation.
  * Some cleanup into channels implementation
  * Now every channel functions is called by its CHANNEL handler.
  * Added channel_poll() and channel_read().
@@ -543,7 +596,7 @@ version 0.0.4 (released 2003-10-10)
  * Added a wrapper.c file. The goal is to provide a similar API to every
    cryptographic functions. bignums and sha/md5 are wrapped now.
  * More work than it first looks.
-  * Support for other crypto libs planed (lighter libs)
+  * Support for other crypto libs planned (lighter libs)
  * Fixed stupid select() bug.
  * Libssh now compiles and links with openssl 0.9.6
  * RSA pubkey authentication code now works !
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)

-project(libssh VERSION 0.10.0 LANGUAGES C)
+project(libssh VERSION 0.10.6 LANGUAGES C)

 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.9.0")
+set(LIBRARY_VERSION "4.9.6")
 set(LIBRARY_SOVERSION "4")

 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
@@ -103,9 +103,7 @@ if (WITH_NACL)
    endif (NOT NACL_FOUND)
 endif (WITH_NACL)

-if (BSD OR SOLARIS OR OSX OR CYGWIN)
-    find_package(Argp)
-endif (BSD OR SOLARIS OR OSX OR CYGWIN)
+find_package(Argp)

 # Disable symbol versioning in non UNIX platforms
 if (UNIX)
@@ -125,7 +123,7 @@ add_subdirectory(src)

 # pkg-config file
 if (UNIX OR MINGW)
-configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc)
+configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc @ONLY)
 install(
  FILES
    ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -274,7 +274,7 @@ This is bad:
     * This is a multi line comment,
     * with some more words...*/

-### Indention & Whitespace & 80 columns
+### Indentation & Whitespace & 80 columns

 To avoid confusion, indentations have to be 4 spaces. Do not use tabs!.  When
 wrapping parameters for function calls, align the parameter list with the first
--- a/CPackConfig.cmake
+++ b/CPackConfig.cmake
@@ -10,7 +10,7 @@ set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})

 # SOURCE GENERATOR
 set(CPACK_SOURCE_GENERATOR "TXZ")
-set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]git/;/[.]clangd/;/[.]cache/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
+set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]git;/[.]clangd/;/[.]cache/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
 set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")

 ### NSIS INSTALLER
--- a/CompilerChecks.cmake
+++ b/CompilerChecks.cmake
@@ -70,7 +70,7 @@ if (UNIX)
    check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
    if (WITH_STACK_PROTECTOR_STRONG)
        list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
-        # This is needed as Solaris has a seperate libssp
+        # This is needed as Solaris has a separate libssp
        if (SOLARIS)
            list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong")
        endif()
@@ -78,7 +78,7 @@ if (UNIX)
        check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
        if (WITH_STACK_PROTECTOR)
            list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
-            # This is needed as Solaris has a seperate libssp
+            # This is needed as Solaris has a separate libssp
            if (SOLARIS)
                list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector")
            endif()
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -104,6 +104,10 @@ if (OPENSSL_FOUND)
    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
    check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)

+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_KDF_CTX_new HAVE_OPENSSL_EVP_KDF_CTX_NEW)
+
    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
    check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
@@ -159,6 +163,11 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS)
    if (HAVE_OPENSSL_ECC)
        set(HAVE_ECC 1)
    endif (HAVE_OPENSSL_ECC)
+
+    if (HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID OR HAVE_OPENSSL_EVP_KDF_CTX_NEW)
+        set(HAVE_OPENSSL_EVP_KDF_CTX 1)
+    endif (HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID OR HAVE_OPENSSL_EVP_KDF_CTX_NEW)
+
 endif ()

 if (WITH_DSA)
@@ -311,7 +320,7 @@ int main(void) {
 # For detecting attributes we need to treat warnings as
 # errors
 if (UNIX OR MINGW)
-    # Get warnings for attributs
+    # Get warnings for attributes
    check_c_compiler_flag("-Wattributes" REQUIRED_FLAGS_WERROR)
    if (REQUIRED_FLAGS_WERROR)
        string(APPEND CMAKE_REQUIRED_FLAGS "-Wattributes ")
@@ -366,6 +375,23 @@ int main(void) {
    return 0;
 }" HAVE_FALLTHROUGH_ATTRIBUTE)

+check_c_source_compiles("
+#define WEAK __attribute__((weak))
+
+WEAK int sum(int a, int b)
+{
+    return a + b;
+}
+
+int main(void)
+{
+    int i = sum(2, 2);
+
+    (void)i;
+
+    return 0;
+}" HAVE_WEAK_ATTRIBUTE)
+
 if (NOT WIN32)
    check_c_source_compiles("
    #define __unused __attribute__((unused))
@@ -468,6 +494,10 @@ if (WITH_PKCS11_URI)
        message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
        set(WITH_PKCS11_URI 0)
    endif()
+    if (HAVE_OPENSSL AND NOT OPENSSL_VERSION VERSION_GREATER_EQUAL "1.1.1")
+        message(FATAL_ERROR "PKCS #11 requires at least OpenSSL 1.1.1")
+        set(WITH_PKCS11_URI 0)
+    endif()
 endif()

 if (WITH_MBEDTLS)
--- a/DefineOptions.cmake
+++ b/DefineOptions.cmake
@@ -2,7 +2,7 @@ option(WITH_GSSAPI "Build with GSSAPI support" ON)
 option(WITH_ZLIB "Build with ZLIB support" ON)
 option(WITH_SFTP "Build with SFTP support" ON)
 option(WITH_SERVER "Build with SSH server support" ON)
-option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
+option(WITH_DEBUG_CRYPTO "Build with crypto debug output" OFF)
 option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
 option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
 option(WITH_DSA "Build with DSA" OFF)
@@ -16,7 +16,7 @@ option(WITH_PKCS11_URI "Build with PKCS#11 URI support" OFF)
 option(UNIT_TESTING "Build with unit tests" OFF)
 option(CLIENT_TESTING "Build with client tests; requires openssh" OFF)
 option(SERVER_TESTING "Build with server tests; requires openssh and dropbear" OFF)
-option(WITH_BENCHMARKS "Build benchmarks tools" OFF)
+option(WITH_BENCHMARKS "Build benchmarks tools; enables unit testing and client tests" OFF)
 option(WITH_EXAMPLES "Build examples" ON)
 option(WITH_NACL "Build with libnacl (curve25519)" ON)
 option(WITH_SYMBOL_VERSIONING "Build with symbol versioning" ON)
--- a/3
+++ b/3
@@ -19,6 +19,7 @@ optional:
 - [nss_wrapper](https://cwrap.org/) >= 1.1.2
 - [uid_wrapper](https://cwrap.org/) >= 1.2.0
 - [pam_wrapper](https://cwrap.org/) >= 1.0.1
+- [priv_wrapper](https://cwrap.org/) >= 1.0.0

 Note that these version numbers are version we know works correctly. If you
 build and run libssh successfully with an older version, please let us know.
@@ -39,7 +40,7 @@ GNU/Linux, MacOS X, MSYS/MinGW:
    cmake -DUNIT_TESTING=ON -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug ..
    make

-On Windows you should choose a makefile gernerator with -G or use
+On Windows you should choose a makefile generator with -G or use

    cmake-gui.exe ..

--- a/cmake/Modules/DefineCMakeDefaults.cmake
+++ b/cmake/Modules/DefineCMakeDefaults.cmake
@@ -6,7 +6,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON)

 # Put the include dirs which are in the source or build tree
 # before all other include dirs, so the headers in the sources
-# are prefered over the already installed ones
+# are preferred over the already installed ones
 # since cmake 2.4.1
 set(CMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE ON)

--- a/cmake/Modules/FindArgp.cmake
+++ b/cmake/Modules/FindArgp.cmake
@@ -1,4 +1,8 @@
 # - Try to find ARGP
+#
+# The argp can be either shipped as part of libc (ex. glibc) or as a separate
+# library that requires additional linking (ex. Windows, Mac, musl libc, ...)
+#
 # Once done this will define
 #
 #  ARGP_ROOT_DIR - Set this variable to the root installation of ARGP
--- a/cmake/Modules/FindGSSAPI.cmake
+++ b/cmake/Modules/FindGSSAPI.cmake
@@ -5,7 +5,7 @@
 #  GSSAPI_ROOT_DIR - Set this variable to the root installation of GSSAPI
 #
 # Read-Only variables:
-#  GSSAPI_FLAVOR_MIT - set to TURE if MIT Kerberos has been found
+#  GSSAPI_FLAVOR_MIT - set to TRUE if MIT Kerberos has been found
 #  GSSAPI_FLAVOR_HEIMDAL - set to TRUE if Heimdal Keberos has been found
 #  GSSAPI_FOUND - system has GSSAPI
 #  GSSAPI_INCLUDE_DIR - the GSSAPI include directory
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -82,13 +82,13 @@
 /* Define to 1 if you have the <pthread.h> header file. */
 #cmakedefine HAVE_PTHREAD_H 1

-/* Define to 1 if you have eliptic curve cryptography in openssl */
+/* Define to 1 if you have elliptic curve cryptography in openssl */
 #cmakedefine HAVE_OPENSSL_ECC 1

-/* Define to 1 if you have eliptic curve cryptography in gcrypt */
+/* Define to 1 if you have elliptic curve cryptography in gcrypt */
 #cmakedefine HAVE_GCRYPT_ECC 1

-/* Define to 1 if you have eliptic curve cryptography */
+/* Define to 1 if you have elliptic curve cryptography */
 #cmakedefine HAVE_ECC 1

 /* Define to 1 if you have DSA */
@@ -114,8 +114,8 @@
 /* Define to 1 if you have the `EVP_chacha20' function. */
 #cmakedefine HAVE_OPENSSL_EVP_CHACHA20 1

-/* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */
-#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID 1
+/* Define to 1 if you have the `EVP_KDF_CTX_new_id' or `EVP_KDF_CTX_new` function. */
+#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX 1

 /* Define to 1 if you have the `FIPS_mode' function. */
 #cmakedefine HAVE_OPENSSL_FIPS_MODE 1
@@ -225,6 +225,7 @@

 #cmakedefine HAVE_FALLTHROUGH_ATTRIBUTE 1
 #cmakedefine HAVE_UNUSED_ATTRIBUTE 1
+#cmakedefine HAVE_WEAK_ATTRIBUTE 1

 #cmakedefine HAVE_CONSTRUCTOR_ATTRIBUTE 1
 #cmakedefine HAVE_DESTRUCTOR_ATTRIBUTE 1
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -18,7 +18,8 @@ if (DOXYGEN_FOUND)
    set(DOXYGEN_PREDEFINED DOXYGEN
                           WITH_SERVER
                           WITH_SFTP
-                           PRINTF_ATTRIBUTE(x,y))
+                           PRINTF_ATTRIBUTE\(x,y\))
+    set(DOXYGEN_DOT_GRAPH_MAX_NODES 100)

    set(DOXYGEN_EXCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/that_style)
    set(DOXYGEN_HTML_HEADER ${CMAKE_CURRENT_SOURCE_DIR}/that_style/header.html)
--- a/doc/curve25519-sha256@libssh.org.txt
+++ b/doc/curve25519-sha256@libssh.org.txt
@@ -3,13 +3,13 @@ curve25519-sha256@libssh.org.txt        Aris Adamantiadis <aris@badcode.be>

 1. Introduction

-This document describes the key exchange methode curve25519-sha256@libssh.org
+This document describes the key exchange method curve25519-sha256@libssh.org
 for SSH version 2 protocol. It is provided as an alternative to the existing
 key exchange mechanisms based on either Diffie-Hellman or Elliptic Curve Diffie-
 Hellman [RFC5656].
 The reason is the following : During summer of 2013, revelations from ex-
 consultant at NSA Edward Snowden gave proof that NSA willingly inserts backdoors
-into softwares, hardware components and published standards. While it is still
+into software, hardware components and published standards. While it is still
 believed that the mathematics behind ECC cryptography are still sound and solid,
 some people (including Bruce Schneier [SCHNEIER]), showed their lack of confidence
 in NIST-published curves such as nistp256, nistp384, nistp521, for which constant
@@ -42,8 +42,8 @@ The following is an overview of the key exchange process:
 Client                                                            Server
 ------                                                            ------
 Generate ephemeral key pair.
-SSH_MSG_KEX_ECDH_INIT          -------->                      
-                                            Verify that client public key 
+SSH_MSG_KEX_ECDH_INIT          -------->
+                                            Verify that client public key
                                            length is 32 bytes.
                                             Generate ephemeral key pair.
                                                   Compute shared secret.
@@ -55,7 +55,7 @@ Compute shared secret.
 Generate exchange hash.
 Verify server's signature.

-*   Optional but strongly recommanded as this protects against MITM attacks.
+*   Optional but strongly recommended as this protects against MITM attacks.

 This is implemented using the same messages as described in RFC5656 chapter 4

@@ -109,7 +109,7 @@ This number is calculated using the following procedure:
     side's public key and the local private key scalar.

     The whole 32 bytes of the number X are then converted into a big integer k.
-     This conversion follows the network byte order. This step differs from 
+     This conversion follows the network byte order. This step differs from
     RFC5656.

 [RFC5656]    https://tools.ietf.org/html/rfc5656
--- a/doc/mainpage.dox
+++ b/doc/mainpage.dox
@@ -149,7 +149,7 @@ The libssh Team

@subsection main-rfc-secsh Secure Shell (SSH)

-The following RFC documents described SSH-2 protcol as an Internet standard.
+The following RFC documents described SSH-2 protocol as an Internet standard.

 - <a href="https://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
    The Secure Shell (SSH) Protocol Assigned Numbers
@@ -213,15 +213,15 @@ It was later modified and expanded by the following RFCs.
    Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol
 - <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8709</a>,
    Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol
+ - <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8731</a>,
+    Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448
+ - <a href="https://tools.ietf.org/html/rfc9142" target="_blank">RFC 9142</a>,
+    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)

 There are also drafts that are being currently developed and followed.

- - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-10" target="_blank">draft-ietf-curdle-ssh-kex-sha2-10</a>
-    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
- - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-03</a>
+ - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-08</a>
    SSH Agent Protocol
- - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-12" target="_blank">draft-ietf-curdle-ssh-curves-12</a>
-    Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448

 Interesting cryptography documents:

--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -39,34 +39,34 @@ if (UNIX AND NOT WIN32)
    target_compile_options(ssh-X11-client PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
    target_link_libraries(ssh-X11-client ssh::ssh)

-    if (WITH_SERVER AND (ARGP_LIBRARY OR HAVE_ARGP_H))
+    if (WITH_SERVER AND (ARGP_LIBRARIES OR HAVE_ARGP_H))
        if (HAVE_LIBUTIL)
            add_executable(ssh_server_fork ssh_server.c)
            target_compile_options(ssh_server_fork PRIVATE ${DEFAULT_C_COMPILE_FLAGS} -DWITH_FORK)
-            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARY} util)
+            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARIES} util)

            add_executable(ssh_server_pthread ssh_server.c)
            target_compile_options(ssh_server_pthread PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(ssh_server_pthread ssh::ssh ${ARGP_LIBRARY} pthread util)
+            target_link_libraries(ssh_server_pthread ssh::ssh ${ARGP_LIBRARIES} pthread util)
        endif (HAVE_LIBUTIL)

        if (WITH_GSSAPI AND GSSAPI_FOUND)
            add_executable(proxy proxy.c)
            target_compile_options(proxy PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARY})
+            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARIES})

            add_executable(sshd_direct-tcpip sshd_direct-tcpip.c)
            target_compile_options(sshd_direct-tcpip PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARY})
+            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARIES})
        endif (WITH_GSSAPI AND GSSAPI_FOUND)

        add_executable(samplesshd-kbdint samplesshd-kbdint.c)
        target_compile_options(samplesshd-kbdint PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARY})
+        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARIES})

        add_executable(keygen2 keygen2.c ${examples_SRCS})
        target_compile_options(keygen2 PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(keygen2 ssh::ssh ${ARGP_LIBRARY})
+        target_link_libraries(keygen2 ssh::ssh ${ARGP_LIBRARIES})

    endif()
 endif (UNIX AND NOT WIN32)
@@ -75,9 +75,9 @@ if (WITH_SERVER)
    add_executable(samplesshd-cb samplesshd-cb.c)
    target_compile_options(samplesshd-cb PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
    target_link_libraries(samplesshd-cb ssh::ssh)
-    if (ARGP_LIBRARY OR HAVE_ARGP_H)
-        target_link_libraries(samplesshd-cb ${ARGP_LIBRARY})
-    endif(ARGP_LIBRARY OR HAVE_ARGP_H)
+    if (ARGP_LIBRARIES OR HAVE_ARGP_H)
+        target_link_libraries(samplesshd-cb ${ARGP_LIBRARIES})
+    endif(ARGP_LIBRARIES OR HAVE_ARGP_H)
 endif()

 add_executable(exec exec.c ${examples_SRCS})
--- a/examples/keygen2.c
+++ b/examples/keygen2.c
@@ -38,6 +38,7 @@ struct arguments_st {
    unsigned long bits;
    char *file;
    char *passphrase;
+    int action_list;
 };

 static struct argp_option options[] = {
@@ -88,6 +89,14 @@ static struct argp_option options[] = {
                 "\"rsa\", \"ecdsa\", \"ed25519\", and \"dsa\".\n",
        .group = 0
    },
+    {
+        .name  = "list",
+        .key   = 'l',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "List the Fingerprint of the given key\n",
+        .group = 0
+    },
    {
        /* End of the options */
        0
@@ -160,6 +169,9 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
                goto end;
            }
            break;
+        case 'l':
+            arguments->action_list = 1;
+            break;
        case ARGP_KEY_ARG:
            if (state->arg_num > 0) {
                /* Too many arguments. */
@@ -185,98 +197,103 @@ static int validate_args(struct arguments_st *args)
        return EINVAL;
    }

-    switch(args->type) {
-        case SSH_KEYTYPE_RSA:
-            switch(args->bits) {
-                case 0:
-                    /* If not provided, use default value */
-                    args->bits = 3072;
-                    break;
-                case 1024:
-                case 2048:
-                case 3072:
-                case 4096:
-                case 8192:
-                    break;
-                default:
-                    fprintf(stderr, "Error: Invalid bits parameter provided\n");
-                    rc = EINVAL;
-                    break;
-            }
-
-            if (args->file == NULL) {
-                args->file = strdup("id_rsa");
-                if (args->file == NULL) {
-                    rc = ENOMEM;
-                    break;
-                }
-            }
+    /* no other arguments needed for listing key fingerprints */
+    if (args->action_list) {
+        return 0;
+    }

+    switch (args->type) {
+    case SSH_KEYTYPE_RSA:
+        switch (args->bits) {
+        case 0:
+            /* If not provided, use default value */
+            args->bits = 3072;
            break;
-        case SSH_KEYTYPE_ECDSA:
-            switch(args->bits) {
-                case 0:
-                    /* If not provided, use default value */
-                    args->bits = 256;
-                    break;
-                case 256:
-                case 384:
-                case 521:
-                    break;
-                default:
-                    fprintf(stderr, "Error: Invalid bits parameter provided\n");
-                    rc = EINVAL;
-                    break;
-            }
-            if (args->file == NULL) {
-                args->file = strdup("id_ecdsa");
-                if (args->file == NULL) {
-                    rc = ENOMEM;
-                    break;
-                }
-            }
-
-            break;
-        case SSH_KEYTYPE_DSS:
-            switch(args->bits) {
-                case 0:
-                    /* If not provided, use default value */
-                    args->bits = 1024;
-                    break;
-                case 1024:
-                case 2048:
-                    break;
-                default:
-                    fprintf(stderr, "Error: Invalid bits parameter provided\n");
-                    rc = EINVAL;
-                    break;
-            }
-            if (args->file == NULL) {
-                args->file = strdup("id_dsa");
-                if (args->file == NULL) {
-                    rc = ENOMEM;
-                    break;
-                }
-            }
-
-            break;
-        case SSH_KEYTYPE_ED25519:
-            /* Ignore value and overwrite with a zero */
-            args->bits = 0;
-
-            if (args->file == NULL) {
-                args->file = strdup("id_ed25519");
-                if (args->file == NULL) {
-                    rc = ENOMEM;
-                    break;
-                }
-            }
-
+        case 1024:
+        case 2048:
+        case 3072:
+        case 4096:
+        case 8192:
            break;
        default:
-            fprintf(stderr, "Error: unknown key type\n");
+            fprintf(stderr, "Error: Invalid bits parameter provided\n");
            rc = EINVAL;
            break;
+        }
+
+        if (args->file == NULL) {
+            args->file = strdup("id_rsa");
+            if (args->file == NULL) {
+                rc = ENOMEM;
+                break;
+            }
+        }
+
+        break;
+    case SSH_KEYTYPE_ECDSA:
+        switch (args->bits) {
+        case 0:
+            /* If not provided, use default value */
+            args->bits = 256;
+            break;
+        case 256:
+        case 384:
+        case 521:
+            break;
+        default:
+            fprintf(stderr, "Error: Invalid bits parameter provided\n");
+            rc = EINVAL;
+            break;
+        }
+        if (args->file == NULL) {
+            args->file = strdup("id_ecdsa");
+            if (args->file == NULL) {
+                rc = ENOMEM;
+                break;
+            }
+        }
+
+        break;
+    case SSH_KEYTYPE_DSS:
+        switch (args->bits) {
+        case 0:
+            /* If not provided, use default value */
+            args->bits = 1024;
+            break;
+        case 1024:
+        case 2048:
+            break;
+        default:
+            fprintf(stderr, "Error: Invalid bits parameter provided\n");
+            rc = EINVAL;
+            break;
+        }
+        if (args->file == NULL) {
+            args->file = strdup("id_dsa");
+            if (args->file == NULL) {
+                rc = ENOMEM;
+                break;
+            }
+        }
+
+        break;
+    case SSH_KEYTYPE_ED25519:
+        /* Ignore value and overwrite with a zero */
+        args->bits = 0;
+
+        if (args->file == NULL) {
+            args->file = strdup("id_ed25519");
+            if (args->file == NULL) {
+                rc = ENOMEM;
+                break;
+            }
+        }
+
+        break;
+    default:
+        fprintf(stderr, "Error: unknown key type\n");
+        rc = EINVAL;
+        break;
    }

    return rc;
@@ -289,6 +306,31 @@ static char doc[] = "Generate an SSH key pair. "
 /* Our argp parser */
 static struct argp argp = {options, parse_opt, NULL, doc, NULL, NULL, NULL};

+static void
+list_fingerprint(char *file)
+{
+    ssh_key key = NULL;
+    unsigned char *hash = NULL;
+    size_t hlen = 0;
+    int rc;
+
+    rc = ssh_pki_import_privkey_file(file, NULL, NULL, NULL, &key);
+    if (rc != SSH_OK) {
+        fprintf(stderr, "Failed to import private key %s\n", file);
+        return;
+    }
+
+    rc = ssh_get_publickey_hash(key, SSH_PUBLICKEY_HASH_SHA256, &hash, &hlen);
+    if (rc != SSH_OK) {
+        fprintf(stderr, "Failed to get key fingerprint\n");
+        return;
+    }
+    ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
+
+    ssh_clean_pubkey_hash(&hash);
+    ssh_key_free(key);
+}
+
 int main(int argc, char *argv[])
 {
    ssh_key key = NULL;
@@ -302,6 +344,7 @@ int main(int argc, char *argv[])
        .bits = 0,
        .file = NULL,
        .passphrase = NULL,
+        .action_list = 0,
    };

    if (argc < 2) {
@@ -319,6 +362,11 @@ int main(int argc, char *argv[])
        goto end;
    }

+    if (arguments.action_list && arguments.file) {
+        list_fingerprint(arguments.file);
+        goto end;
+    }
+
    errno = 0;
    rc = open(arguments.file, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
    if (rc < 0) {
--- a/examples/samplesftp.c
+++ b/examples/samplesftp.c
@@ -47,7 +47,7 @@ static void do_sftp(ssh_session session) {
    int len = 1;
    unsigned int i;
    char data[BUF_SIZE] = {0};
-    char *lnk;
+    char *lnk = NULL;

    unsigned int count;

@@ -86,6 +86,7 @@ static void do_sftp(ssh_session session) {
        goto end;
    }
    printf("readlink /tmp/sftp_symlink_test: %s\n", lnk);
+    ssh_string_free_char(lnk);

    sftp_unlink(sftp, "/tmp/sftp_symlink_test");

@@ -173,7 +174,7 @@ static void do_sftp(ssh_session session) {
        sftp_attributes_free(file);
    }

-    /* when file = NULL, an error has occured OR the directory listing is end of
+    /* when file = NULL, an error has occurred OR the directory listing is end of
     * file */
    if (!sftp_dir_eof(dir)) {
        fprintf(stderr, "Error: %s\n", ssh_get_error(session));
--- a/examples/samplesshd-kbdint.c
+++ b/examples/samplesshd-kbdint.c
@@ -369,9 +369,9 @@ int main(int argc, char **argv){
        }
    } while(!chan);

-    if(!chan) {
-        printf("Error: cleint did not ask for a channel session (%s)\n",
-                                                    ssh_get_error(session));
+    if (!chan) {
+        printf("Error: client did not ask for a channel session (%s)\n",
+               ssh_get_error(session));
        ssh_finalize();
        return 1;
    }
--- a/examples/ssh_X11_client.c
+++ b/examples/ssh_X11_client.c
@@ -453,7 +453,7 @@ connect_local_xsocket(int display_number)


 static int
-x11_connect_display()
+x11_connect_display(void)
 {
 	int display_number;
 	const char *display = NULL;
--- a/examples/sshd_direct-tcpip.c
+++ b/examples/sshd_direct-tcpip.c
@@ -27,6 +27,9 @@ clients must be made or how a client should react.
 #ifdef HAVE_ARGP_H
 #include <argp.h>
 #endif
+#ifndef _WIN32
+#include <netinet/in.h>
+#endif
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <stdbool.h>
@@ -92,7 +95,7 @@ cleanup_push(struct cleanup_node_struct** head_ref,
    // Allocate memory for node
    struct cleanup_node_struct *new_node = malloc(sizeof *new_node);

-    if (head_ref != NULL) {
+    if (*head_ref != NULL) {
        new_node->next = *head_ref;
    } else {
        new_node->next = NULL;
@@ -197,7 +200,7 @@ subsystem_request(UNUSED_PARAM(ssh_session session),
                  UNUSED_PARAM(void *userdata))
 {
    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== subsystem_request", "Channel subsystem reqeuest: %s",
+             "=== subsystem_request", "Channel subsystem request: %s",
             subsystem);
    return 0;
 }
@@ -293,7 +296,7 @@ my_channel_eof_function(ssh_session session,

    _ssh_log(SSH_LOG_PROTOCOL,
             "=== my_channel_eof_function",
-             "Got EOF on channel. Shuting down write on socket (fd = %d).",
+             "Got EOF on channel. Shutting down write on socket (fd = %d).",
             *event_fd_data->p_fd);

    stack_socket_close(session, event_fd_data);
--- a/examples/sshnetcat.c
+++ b/examples/sshnetcat.c
@@ -238,9 +238,10 @@ void set_pcap(ssh_session session){
 }

 void cleanup_pcap(void);
-void cleanup_pcap(){
+void cleanup_pcap(void)
+{
 	ssh_pcap_file_free(pcap);
-	pcap=NULL;
+	pcap = NULL;
 }
 #endif

--- a/include/libssh/agent.h
+++ b/include/libssh/agent.h
@@ -70,6 +70,10 @@
 #define SSH_AGENT_RSA_SHA2_256                   0x02
 #define SSH_AGENT_RSA_SHA2_512                   0x04

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_agent_struct {
  struct ssh_socket_struct *sock;
  ssh_buffer ident;
@@ -115,4 +119,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
                               const ssh_key pubkey,
                               struct ssh_buffer_struct *data);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* __AGENT_H */
--- a/include/libssh/auth.h
+++ b/include/libssh/auth.h
@@ -23,6 +23,10 @@
 #include "config.h"
 #include "libssh/callbacks.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_userauth_banner);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_failure);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_success);
@@ -100,4 +104,8 @@ enum ssh_auth_service_state_e {
  SSH_AUTH_SERVICE_DENIED,
 };

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* AUTH_H_ */
--- a/include/libssh/bignum.h
+++ b/include/libssh/bignum.h
@@ -25,9 +25,16 @@
 #include "libssh/libgcrypt.h"
 #include "libssh/libmbedcrypto.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 bignum ssh_make_string_bn(ssh_string string);
 ssh_string ssh_make_bignum_string(bignum num);
 void ssh_print_bignum(const char *which, const_bignum num);

+#ifdef __cplusplus
+}
+#endif

 #endif /* BIGNUM_H_ */
--- a/include/libssh/bind.h
+++ b/include/libssh/bind.h
@@ -25,6 +25,10 @@
 #include "libssh/kex.h"
 #include "libssh/session.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_bind_struct {
  struct ssh_common_struct common; /* stuff common to ssh_bind and ssh_session */
  struct ssh_bind_callbacks_struct *bind_callbacks;
@@ -57,5 +61,8 @@ struct ssh_bind_struct {
 struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct
    *sshbind);

+#ifdef __cplusplus
+}
+#endif

 #endif /* BIND_H_ */
--- a/include/libssh/bind_config.h
+++ b/include/libssh/bind_config.h
@@ -28,6 +28,10 @@

 #include "libssh/server.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 enum ssh_bind_config_opcode_e {
    /* Known but not allowed in Match block */
    BIND_CFG_NOT_ALLOWED_IN_MATCH = -4,
@@ -71,4 +75,8 @@ int ssh_bind_config_parse_file(ssh_bind sshbind, const char *filename);
 */
 int ssh_bind_config_parse_string(ssh_bind bind, const char *input);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* BIND_CONFIG_H_ */
--- a/include/libssh/blf.h
+++ b/include/libssh/blf.h
@@ -49,6 +49,10 @@
 #define BLF_MAXKEYLEN ((BLF_N-2)*4)	/* 448 bits */
 #define BLF_MAXUTILIZED ((BLF_N+2)*4)	/* 576 bits */

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Blowfish context */
 typedef struct BlowfishContext {
 	uint32_t S[4][256];	/* S-Boxes */
@@ -84,4 +88,9 @@ void ssh_blf_cbc_decrypt(ssh_blf_ctx *, uint8_t *, uint8_t *, uint32_t);
 uint32_t Blowfish_stream2word(const uint8_t *, uint16_t , uint16_t *);

 #endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _BLF_H */
--- a/include/libssh/buffer.h
+++ b/include/libssh/buffer.h
@@ -27,6 +27,10 @@

 #define SSH_BUFFER_PACK_END ((uint32_t) 0x4f65feb3)

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void ssh_buffer_set_secure(ssh_buffer buffer);
 int ssh_buffer_add_ssh_string(ssh_buffer buffer, ssh_string string);
 int ssh_buffer_add_u8(ssh_buffer buffer, uint8_t data);
@@ -74,4 +78,8 @@ ssh_string ssh_buffer_get_ssh_string(ssh_buffer buffer);
 uint32_t ssh_buffer_pass_bytes_end(ssh_buffer buffer, uint32_t len);
 uint32_t ssh_buffer_pass_bytes(ssh_buffer buffer, uint32_t len);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* BUFFER_H_ */
--- a/include/libssh/callbacks.h
+++ b/include/libssh/callbacks.h
@@ -81,9 +81,9 @@ typedef void (*ssh_log_callback) (ssh_session session, int priority,
 *
 * @param priority  Priority of the log, the smaller being the more important.
 *
- * @param function  The function name calling the the logging fucntions.
+ * @param function  The function name calling the logging functions.
 *
- * @param message   The actual message
+ * @param buffer   The actual message
 *
 * @param userdata Userdata to be passed to the callback function.
 */
@@ -117,6 +117,8 @@ typedef void (*ssh_global_request_callback) (ssh_session session,
 * sends back an X11 connection attempt. This is a client-side API
 * @param session current session handler
 * @param userdata Userdata to be passed to the callback function.
+ * @param originator_address    IP address of the machine who sent the request
+ * @param originator_port   port number of the machine who sent the request
 * @returns a valid ssh_channel handle if the request is to be allowed
 * @returns NULL if the request should not be allowed
 * @warning The channel pointer returned by this callback must be closed by the application.
@@ -268,7 +270,7 @@ typedef ssh_string (*ssh_gssapi_select_oid_callback) (ssh_session session, const
 		int n_oid, ssh_string *oids, void *userdata);

 /*
- * @brief handle the negociation of a security context, server side.
+ * @brief handle the negotiation of a security context, server side.
 * @param session current session handler
 * @param[in] input_token input token provided by client
 * @param[out] output_token output of the gssapi accept_sec_context method,
@@ -397,7 +399,7 @@ struct ssh_socket_callbacks_struct {
   */
  ssh_callback_int_int exception;
  /** This function is called when the ssh_socket_connect was used on the socket
-   * on nonblocking state, and the connection successed.
+   * on nonblocking state, and the connection succeeded.
   */
  ssh_callback_int_int connected;
 };
@@ -625,6 +627,7 @@ typedef void (*ssh_channel_signal_callback) (ssh_session session,
 * @brief SSH channel exit status callback. Called when a channel has received an exit status
 * @param session Current session handler
 * @param channel the actual channel
+ * @param exit_status Exit status of the ran command
 * @param userdata Userdata to be passed to the callback function.
 */
 typedef void (*ssh_channel_exit_status_callback) (ssh_session session,
@@ -637,7 +640,7 @@ typedef void (*ssh_channel_exit_status_callback) (ssh_session session,
 * @param session Current session handler
 * @param channel the actual channel
 * @param signal the signal name (without the SIG prefix)
- * @param core a boolean telling wether a core has been dumped or not
+ * @param core a boolean telling whether a core has been dumped or not
 * @param errmsg the description of the exception
 * @param lang the language of the description (format: RFC 3066)
 * @param userdata Userdata to be passed to the callback function.
@@ -652,12 +655,13 @@ typedef void (*ssh_channel_exit_signal_callback) (ssh_session session,

 /**
 * @brief SSH channel PTY request from a client.
+ * @param session the session
 * @param channel the channel
 * @param term The type of terminal emulation
 * @param width width of the terminal, in characters
 * @param height height of the terminal, in characters
 * @param pxwidth width of the terminal, in pixels
- * @param pxheight height of the terminal, in pixels
+ * @param pwheight height of the terminal, in pixels
 * @param userdata Userdata to be passed to the callback function.
 * @returns 0 if the pty request is accepted
 * @returns -1 if the request is denied
@@ -671,6 +675,7 @@ typedef int (*ssh_channel_pty_request_callback) (ssh_session session,

 /**
 * @brief SSH channel Shell request from a client.
+ * @param session the session
 * @param channel the channel
 * @param userdata Userdata to be passed to the callback function.
 * @returns 0 if the shell request is accepted
@@ -683,6 +688,7 @@ typedef int (*ssh_channel_shell_request_callback) (ssh_session session,
 * @brief SSH auth-agent-request from the client. This request is
 * sent by a client when agent forwarding is available.
 * Server is free to ignore this callback, no answer is expected.
+ * @param session the session
 * @param channel the channel
 * @param userdata Userdata to be passed to the callback function.
 */
@@ -694,7 +700,12 @@ typedef void (*ssh_channel_auth_agent_req_callback) (ssh_session session,
 * @brief SSH X11 request from the client. This request is
 * sent by a client when X11 forwarding is requested(and available).
 * Server is free to ignore this callback, no answer is expected.
+ * @param session the session
 * @param channel the channel
+ * @param single_connection If true, only one channel should be forwarded
+ * @param auth_protocol The X11 authentication method to be used
+ * @param auth_cookie   Authentication cookie encoded hexadecimal
+ * @param screen_number Screen number
 * @param userdata Userdata to be passed to the callback function.
 */
 typedef void (*ssh_channel_x11_req_callback) (ssh_session session,
@@ -706,11 +717,12 @@ typedef void (*ssh_channel_x11_req_callback) (ssh_session session,
                                            void *userdata);
 /**
 * @brief SSH channel PTY windows change (terminal size) from a client.
+ * @param session the session
 * @param channel the channel
 * @param width width of the terminal, in characters
 * @param height height of the terminal, in characters
 * @param pxwidth width of the terminal, in pixels
- * @param pxheight height of the terminal, in pixels
+ * @param pwheight height of the terminal, in pixels
 * @param userdata Userdata to be passed to the callback function.
 * @returns 0 if the pty request is accepted
 * @returns -1 if the request is denied
@@ -723,6 +735,7 @@ typedef int (*ssh_channel_pty_window_change_callback) (ssh_session session,

 /**
 * @brief SSH channel Exec request from a client.
+ * @param session the session
 * @param channel the channel
 * @param command the shell command to be executed
 * @param userdata Userdata to be passed to the callback function.
@@ -736,6 +749,7 @@ typedef int (*ssh_channel_exec_request_callback) (ssh_session session,

 /**
 * @brief SSH channel environment request from a client.
+ * @param session the session
 * @param channel the channel
 * @param env_name name of the environment value to be set
 * @param env_value value of the environment value to be set
@@ -752,6 +766,7 @@ typedef int (*ssh_channel_env_request_callback) (ssh_session session,
                                            void *userdata);
 /**
 * @brief SSH channel subsystem request from a client.
+ * @param session the session
 * @param channel the channel
 * @param subsystem the subsystem required
 * @param userdata Userdata to be passed to the callback function.
@@ -766,6 +781,8 @@ typedef int (*ssh_channel_subsystem_request_callback) (ssh_session session,
 /**
 * @brief SSH channel write will not block (flow control).
 *
+ * @param session the session
+ *
 * @param channel the channel
 *
 * @param[in] bytes size of the remote window in bytes. Writing as much data
@@ -917,7 +934,7 @@ LIBSSH_API int ssh_remove_channel_callbacks(ssh_channel channel,

 /** @} */

-/** @group libssh_threads
+/** @addtogroup libssh_threads
 * @{
 */

@@ -989,7 +1006,7 @@ LIBSSH_API struct ssh_threads_callbacks_struct *ssh_threads_get_noop(void);
 *
 * @param[in]  cb  The callback to set.
 *
- * @return         0 on success, < 0 on errror.
+ * @return         0 on success, < 0 on error.
 */
 LIBSSH_API int ssh_set_log_callback(ssh_logging_callback cb);

--- a/include/libssh/chacha.h
+++ b/include/libssh/chacha.h
@@ -18,6 +18,10 @@ struct chacha_ctx {
 #define CHACHA_CTRLEN     8
 #define CHACHA_STATELEN   (CHACHA_NONCELEN+CHACHA_CTRLEN)

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void chacha_keysetup(struct chacha_ctx *x, const uint8_t *k, uint32_t kbits)
 #ifdef HAVE_GCC_BOUNDED_ATTRIBUTE
    __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)))
@@ -37,4 +41,8 @@ void chacha_encrypt_bytes(struct chacha_ctx *x, const uint8_t *m,
 #endif
    ;

+#ifdef __cplusplus
+}
+#endif
+
 #endif    /* CHACHA_H */
--- a/include/libssh/channels.h
+++ b/include/libssh/channels.h
@@ -22,6 +22,10 @@
 #define CHANNELS_H_
 #include "libssh/priv.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**  @internal
 * Describes the different possible states in a
 * outgoing (client) channel request
@@ -35,7 +39,7 @@ enum ssh_channel_request_state_e {
 	SSH_CHANNEL_REQ_STATE_ACCEPTED,
 	/** A request has been replied and refused */
 	SSH_CHANNEL_REQ_STATE_DENIED,
-	/** A request has been replied and an error happend */
+	/** A request has been replied and an error happened */
 	SSH_CHANNEL_REQ_STATE_ERROR
 };

@@ -109,4 +113,8 @@ int ssh_global_request(ssh_session session,
                       ssh_buffer buffer,
                       int reply);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* CHANNELS_H_ */
--- a/include/libssh/config_parser.h
+++ b/include/libssh/config_parser.h
@@ -26,6 +26,10 @@
 #ifndef CONFIG_PARSER_H_
 #define CONFIG_PARSER_H_

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 char *ssh_config_get_cmd(char **str);

 char *ssh_config_get_token(char **str);
@@ -54,4 +58,8 @@ int ssh_config_parse_uri(const char *tok,
        char **hostname,
        char **port);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LIBSSH_CONFIG_H_ */
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -216,12 +216,23 @@ struct ssh_cipher_struct {
    void (*cleanup)(struct ssh_cipher_struct *cipher);
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
 int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
                      unsigned char *key, size_t key_len,
-                      int key_type, unsigned char *output,
+                      uint8_t key_type, unsigned char *output,
                      size_t requested_len);

 int secure_memcmp(const void *s1, const void *s2, size_t n);
+#ifdef HAVE_LIBCRYPTO
+ENGINE *pki_get_engine(void);
+#endif /* HAVE_LIBCRYPTO */
+
+#ifdef __cplusplus
+}
+#endif

 #endif /* _CRYPTO_H_ */
--- a/include/libssh/curve25519.h
+++ b/include/libssh/curve25519.h
@@ -33,6 +33,10 @@
 #define crypto_scalarmult crypto_scalarmult_curve25519
 #else

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define CURVE25519_PUBKEY_SIZE 32
 #define CURVE25519_PRIVKEY_SIZE 32
 int crypto_scalarmult_base(unsigned char *q, const unsigned char *n);
@@ -48,9 +52,14 @@ typedef unsigned char ssh_curve25519_privkey[CURVE25519_PRIVKEY_SIZE];


 int ssh_client_curve25519_init(ssh_session session);
+void ssh_client_curve25519_remove_callbacks(ssh_session session);

 #ifdef WITH_SERVER
 void ssh_server_curve25519_init(ssh_session session);
 #endif /* WITH_SERVER */

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* CURVE25519_H_ */
--- a/include/libssh/dh-gex.h
+++ b/include/libssh/dh-gex.h
@@ -23,10 +23,19 @@
 #ifndef SRC_DH_GEX_H_
 #define SRC_DH_GEX_H_

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_client_dhgex_init(ssh_session session);
+void ssh_client_dhgex_remove_callbacks(ssh_session session);

 #ifdef WITH_SERVER
 void ssh_server_dhgex_init(ssh_session session);
 #endif /* WITH_SERVER */

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* SRC_DH_GEX_H_ */
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -30,6 +30,10 @@ struct dh_ctx;
 #define DH_CLIENT_KEYPAIR 0
 #define DH_SERVER_KEYPAIR 1

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* functions implemented by crypto backends */
 int ssh_dh_init_common(struct ssh_crypto_struct *crypto);
 void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
@@ -53,7 +57,7 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
                            bignum *priv, bignum *pub);
 #endif /* OPENSSL_VERSION_NUMBER */
 int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
-                            const bignum priv, const bignum pub);
+                            bignum priv, bignum pub);

 int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
                                 bignum *dest);
@@ -73,8 +77,10 @@ int ssh_dh_get_current_server_publickey_blob(ssh_session session,
 ssh_key ssh_dh_get_next_server_publickey(ssh_session session);
 int ssh_dh_get_next_server_publickey_blob(ssh_session session,
                                          ssh_string *pubkey_blob);
+int dh_handshake(ssh_session session);

 int ssh_client_dh_init(ssh_session session);
+void ssh_client_dh_remove_callbacks(ssh_session session);
 #ifdef WITH_SERVER
 void ssh_server_dh_init(ssh_session session);
 #endif /* WITH_SERVER */
@@ -82,4 +88,8 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);
 int ssh_fallback_group(uint32_t pmax, bignum *p, bignum *g);
 bool ssh_dh_is_known_group(bignum modulus, bignum generator);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* DH_H_ */
--- a/include/libssh/ecdh.h
+++ b/include/libssh/ecdh.h
@@ -42,9 +42,14 @@
 #define HAVE_ECDH 1
 #endif

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks;
 /* Backend-specific functions.  */
 int ssh_client_ecdh_init(ssh_session session);
+void ssh_client_ecdh_remove_callbacks(ssh_session session);
 int ecdh_build_k(ssh_session session);

 #ifdef WITH_SERVER
@@ -53,4 +58,8 @@ void ssh_server_ecdh_init(ssh_session session);
 SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init);
 #endif /* WITH_SERVER */

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* ECDH_H_ */
--- a/include/libssh/ed25519.h
+++ b/include/libssh/ed25519.h
@@ -24,10 +24,10 @@

 /**
 * @defgroup ed25519 ed25519 API
- * @internal
 * @brief API for DJB's ed25519
 *
- * @{ */
+ * @{
+ */

 #define ED25519_PK_LEN 32
 #define ED25519_SK_LEN 64
@@ -37,6 +37,10 @@ typedef uint8_t ed25519_pubkey[ED25519_PK_LEN];
 typedef uint8_t ed25519_privkey[ED25519_SK_LEN];
 typedef uint8_t ed25519_signature[ED25519_SIG_LEN];

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /** @internal
 * @brief generate an ed25519 key pair
 * @param[out] pk generated public key
@@ -76,4 +80,8 @@ int crypto_sign_ed25519_open(
    const ed25519_pubkey pk);

 /** @} */
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* ED25519_H_ */
--- a/include/libssh/fe25519.h
+++ b/include/libssh/fe25519.h
@@ -33,6 +33,10 @@ typedef struct {
  uint32_t v[32];
 } fe25519;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void fe25519_freeze(fe25519 *r);

 void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
@@ -65,4 +69,8 @@ void fe25519_invert(fe25519 *r, const fe25519 *x);

 void fe25519_pow2523(fe25519 *r, const fe25519 *x);

+#ifdef __cplusplus
+}
+#endif
+
 #endif
--- a/include/libssh/ge25519.h
+++ b/include/libssh/ge25519.h
@@ -28,6 +28,10 @@ typedef struct
  fe25519 t;
 } ge25519;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern const ge25519 ge25519_base;

 int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
@@ -40,4 +44,8 @@ void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25

 void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);

+#ifdef __cplusplus
+}
+#endif
+
 #endif
--- a/include/libssh/gssapi.h
+++ b/include/libssh/gssapi.h
@@ -29,6 +29,10 @@

 typedef struct ssh_gssapi_struct *ssh_gssapi;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #ifdef WITH_SERVER
 int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n_oid, ssh_string *oids);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server);
@@ -42,4 +46,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response);

 int ssh_gssapi_auth_mic(ssh_session session);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* GSSAPI_H */
--- a/include/libssh/kex.h
+++ b/include/libssh/kex.h
@@ -31,11 +31,16 @@ struct ssh_kex_struct {
    char *methods[SSH_KEX_METHODS];
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_kexinit);

-int ssh_send_kex(ssh_session session, int server_kex);
+int ssh_send_kex(ssh_session session);
 void ssh_list_kex(struct ssh_kex_struct *kex);
 int ssh_set_client_kex(ssh_session session);
+int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex);
 int ssh_kex_select_methods(ssh_session session);
 int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
 char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
@@ -56,4 +61,8 @@ int ssh_hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
 int ssh_hashbufout_add_cookie(ssh_session session);
 int ssh_generate_session_keys(ssh_session session);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* KEX_H_ */
--- a/include/libssh/keys.h
+++ b/include/libssh/keys.h
@@ -62,9 +62,17 @@ struct ssh_private_key_struct {
 #endif
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 const char *ssh_type_to_char(int type);
 int ssh_type_from_name(const char *name);

 ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* KEYS_H_ */
--- a/include/libssh/knownhosts.h
+++ b/include/libssh/knownhosts.h
@@ -22,6 +22,10 @@
 #ifndef SSH_KNOWNHOSTS_H_
 #define SSH_KNOWNHOSTS_H_

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session);
 char *ssh_known_hosts_get_algorithms_names(ssh_session session);
 enum ssh_known_hosts_e
@@ -29,4 +33,8 @@ ssh_session_get_known_hosts_entry_file(ssh_session session,
                                       const char *filename,
                                       struct ssh_knownhosts_entry **pentry);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* SSH_KNOWNHOSTS_H_ */
--- a/include/libssh/legacy.h
+++ b/include/libssh/legacy.h
@@ -31,6 +31,10 @@
 typedef struct ssh_private_key_struct* ssh_private_key;
 typedef struct ssh_public_key_struct* ssh_public_key;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 LIBSSH_API int ssh_auth_list(ssh_session session);
 LIBSSH_API int ssh_userauth_offer_pubkey(ssh_session session, const char *username, int type, ssh_string publickey);
 LIBSSH_API int ssh_userauth_pubkey(ssh_session session, const char *username, ssh_string publickey, ssh_private_key privatekey);
@@ -117,4 +121,8 @@ SSH_DEPRECATED LIBSSH_API size_t string_len(ssh_string str);
 SSH_DEPRECATED LIBSSH_API ssh_string string_new(size_t size);
 SSH_DEPRECATED LIBSSH_API char *string_to_char(ssh_string str);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LEGACY_H_ */
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -39,11 +39,6 @@ typedef EVP_MD_CTX* SHA384CTX;
 typedef EVP_MD_CTX* SHA512CTX;
 typedef EVP_MD_CTX* MD5CTX;
 typedef EVP_MD_CTX* HMACCTX;
-#ifdef HAVE_ECC
-typedef EVP_MD_CTX *EVPCTX;
-#else
-typedef void *EVPCTX;
-#endif

 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
 #define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -32,7 +32,6 @@ typedef gcry_md_hd_t SHA384CTX;
 typedef gcry_md_hd_t SHA512CTX;
 typedef gcry_md_hd_t MD5CTX;
 typedef gcry_md_hd_t HMACCTX;
-typedef gcry_md_hd_t EVPCTX;
 #define SHA_DIGEST_LENGTH 20
 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
 #define MD5_DIGEST_LEN 16
@@ -104,6 +103,10 @@ int ssh_gcry_rand_range(bignum rnd, bignum max);
    } while(0)
 /* Helper functions for data conversions.  */

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Extract an MPI from the given s-expression SEXP named NAME which is
   encoded using INFORMAT and store it in a newly allocated ssh_string
   encoded using OUTFORMAT.  */
@@ -114,6 +117,10 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp,

 #define ssh_fips_mode() false

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* HAVE_LIBGCRYPT */

 #endif /* LIBGCRYPT_H_ */
--- a/include/libssh/libmbedcrypto.h
+++ b/include/libssh/libmbedcrypto.h
@@ -41,7 +41,6 @@ typedef mbedtls_md_context_t *SHA384CTX;
 typedef mbedtls_md_context_t *SHA512CTX;
 typedef mbedtls_md_context_t *MD5CTX;
 typedef mbedtls_md_context_t *HMACCTX;
-typedef mbedtls_md_context_t *EVPCTX;

 #define SHA_DIGEST_LENGTH 20
 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
@@ -73,6 +72,10 @@ struct mbedtls_ecdsa_sig {
    bignum s;
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 bignum ssh_mbedcry_bn_new(void);
 void ssh_mbedcry_bn_free(bignum num);
 unsigned char *ssh_mbedcry_bn2num(const_bignum num, int radix);
@@ -136,5 +139,9 @@ ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const

 #define ssh_fips_mode() false

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* HAVE_LIBMBEDCRYPTO */
 #endif /* LIBMBEDCRYPTO_H_ */
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -1,7 +1,7 @@
 /*
 * This file is part of the SSH Library
 *
- * Copyright (c) 2003-2022 by Aris Adamantiadis and the libssh team
+ * Copyright (c) 2003-2023 by Aris Adamantiadis and the libssh team
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -82,7 +82,7 @@
 #define PRINTF_ATTRIBUTE(a,b)
 #endif /* __GNUC__ */

-#ifdef __GNUC__
+#if !defined(SSH_SUPPRESS_DEPRECATED) && defined(__GNUC__)
 #define SSH_DEPRECATED __attribute__ ((deprecated))
 #else
 #define SSH_DEPRECATED
@@ -357,7 +357,7 @@ enum {
 #define SSH_LOG_WARN 1
 /** Get some information what's going on */
 #define SSH_LOG_INFO 2
-/** Get detailed debuging information **/
+/** Get detailed debugging information **/
 #define SSH_LOG_DEBUG 3
 /** Get trace output, packet information, ... */
 #define SSH_LOG_TRACE 4
--- a/include/libssh/messages.h
+++ b/include/libssh/messages.h
@@ -92,6 +92,10 @@ struct ssh_message_struct {
    struct ssh_global_request global_request;
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_channel_open);
 SSH_PACKET_CALLBACK(ssh_packet_global_request);

@@ -104,4 +108,8 @@ int ssh_message_handle_channel_request(ssh_session session, ssh_channel channel,
    const char *request, uint8_t want_reply);
 ssh_message ssh_message_pop_head(ssh_session session);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MESSAGES_H_ */
--- a/include/libssh/misc.h
+++ b/include/libssh/misc.h
@@ -21,6 +21,10 @@
 #ifndef MISC_H_
 #define MISC_H_

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* in misc.c */
 /* gets the user home dir. */
 char *ssh_get_user_home_dir(void);
@@ -75,7 +79,7 @@ const void *_ssh_list_pop_head(struct ssh_list *list);

 /** @brief fetch the head element of a list and remove it from list
 * @param type type of the element to return
- * @param list the ssh_list to use
+ * @param ssh_list the ssh_list to use
 * @return the first element of the list, or NULL if the list is empty
 */
 #define ssh_list_pop_head(type, ssh_list)\
@@ -96,7 +100,14 @@ int ssh_mkdirs(const char *pathname, mode_t mode);

 int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len);
 int ssh_newline_vis(const char *string, char *buf, size_t buf_len);
-int ssh_tmpname(char *template);
+int ssh_tmpname(char *name);

 char *ssh_strreplace(const char *src, const char *pattern, const char *repl);
+
+int ssh_check_hostname_syntax(const char *hostname);
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MISC_H_ */
--- a/include/libssh/options.h
+++ b/include/libssh/options.h
@@ -21,6 +21,10 @@
 #ifndef _OPTIONS_H
 #define _OPTIONS_H

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_config_parse_file(ssh_session session, const char *filename);
 int ssh_config_parse_string(ssh_session session, const char *input);
 int ssh_options_set_algo(ssh_session session,
@@ -28,4 +32,8 @@ int ssh_options_set_algo(ssh_session session,
                         const char *list);
 int ssh_options_apply(ssh_session session);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _OPTIONS_H */
--- a/include/libssh/packet.h
+++ b/include/libssh/packet.h
@@ -51,6 +51,10 @@ enum ssh_packet_filter_result_e {

 int ssh_packet_send(ssh_session session);

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_unimplemented);
 SSH_PACKET_CALLBACK(ssh_packet_disconnect_callback);
 SSH_PACKET_CALLBACK(ssh_packet_ignore_callback);
@@ -63,6 +67,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
 SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
 #endif

+int ssh_packet_send_newkeys(ssh_session session);
 int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum);
 int ssh_packet_parse_type(ssh_session session);
 //int packet_flush(ssh_session session, int enforce_blocking);
@@ -88,4 +93,8 @@ int ssh_packet_set_newkeys(ssh_session session,
 struct ssh_crypto_struct *ssh_packet_get_current_crypto(ssh_session session,
        enum ssh_crypto_direction_e direction);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PACKET_H_ */
--- a/include/libssh/pcap.h
+++ b/include/libssh/pcap.h
@@ -27,6 +27,10 @@
 #ifdef WITH_PCAP
 typedef struct ssh_pcap_context_struct* ssh_pcap_context;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_pcap_file_write_packet(ssh_pcap_file pcap, ssh_buffer packet, uint32_t original_len);

 ssh_pcap_context ssh_pcap_context_new(ssh_session session);
@@ -41,5 +45,9 @@ int ssh_pcap_context_write(ssh_pcap_context,enum ssh_pcap_direction direction, v
 		uint32_t len, uint32_t origlen);


+#ifdef __cplusplus
+}
+#endif
+
 #endif /* WITH_PCAP */
 #endif /* PCAP_H_ */
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -33,8 +33,8 @@
 #include <openssl/evp.h>
 #endif
 #include "libssh/crypto.h"
-#ifdef HAVE_OPENSSL_ED25519
-/* If using OpenSSL implementation, define the signature lenght which would be
+#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
+/* If using OpenSSL implementation, define the signature length which would be
 * defined in libssh/ed25519.h otherwise */
 #define ED25519_SIG_LEN 64
 #else
@@ -78,9 +78,11 @@ struct ssh_key_struct {
 # else
    void *ecdsa;
 # endif /* HAVE_OPENSSL_EC_H */
-    EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/
+    /* This holds either ENGINE key for PKCS#11 support or just key in
+     * high-level format required by OpenSSL 3.0 */
+    EVP_PKEY *key;
 #endif /* HAVE_LIBGCRYPT */
-#ifdef HAVE_OPENSSL_ED25519
+#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
    uint8_t *ed25519_pubkey;
    uint8_t *ed25519_privkey;
 #else
@@ -104,7 +106,7 @@ struct ssh_signature_struct {
    ssh_string rsa_sig;
    struct mbedtls_ecdsa_sig ecdsa_sig;
 #endif /* HAVE_LIBGCRYPT */
-#ifndef HAVE_OPENSSL_ED25519
+#if !defined(HAVE_LIBCRYPTO) || !defined(HAVE_OPENSSL_ED25519)
    ed25519_signature *ed25519_sig;
 #endif
    ssh_string raw_sig;
@@ -116,6 +118,10 @@ struct ssh_signature_struct {

 typedef struct ssh_signature_struct *ssh_signature;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* SSH Key Functions */
 void ssh_key_clean (ssh_key key);

@@ -187,7 +193,13 @@ bool ssh_key_size_allowed(ssh_session session, ssh_key key);
 int ssh_key_size(ssh_key key);

 /* PKCS11 URI function to check if filename is a path or a PKCS11 URI */
+#ifdef WITH_PKCS11_URI
 bool ssh_pki_is_uri(const char *filename);
 char *ssh_pki_export_pub_uri_from_priv_uri(const char *priv_uri);
+#endif /* WITH_PKCS11_URI */
+
+#ifdef __cplusplus
+}
+#endif

 #endif /* PKI_H_ */
--- a/include/libssh/pki_priv.h
+++ b/include/libssh/pki_priv.h
@@ -23,6 +23,10 @@

 #include "libssh/pki.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* defined in bcrypt_pbkdf.c */
 int bcrypt_pbkdf(const char *pass,
                 size_t passlen,
@@ -49,6 +53,8 @@ enum ssh_key_e {
  SSH_KEY_PRIVATE
 };

+void pki_key_clean(ssh_key key);
+
 int pki_key_ecdsa_nid_from_name(const char *name);
 const char *pki_key_ecdsa_nid_to_name(int nid);
 const char *ssh_key_signature_to_char(enum ssh_keytypes_e type,
@@ -147,7 +153,7 @@ int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig,
 int pki_ed25519_key_cmp(const ssh_key k1,
                const ssh_key k2,
                enum ssh_keycmp_e what);
-int pki_ed25519_key_dup(ssh_key new, const ssh_key key);
+int pki_ed25519_key_dup(ssh_key new_key, const ssh_key key);
 int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key);
 ssh_string pki_ed25519_signature_to_blob(ssh_signature sig);
 int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob);
@@ -162,8 +168,14 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
 ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
        const char *passphrase, ssh_auth_callback auth_fn, void *auth_data);

+#ifdef WITH_PKCS11_URI
 /* URI Function */
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type);
+#endif /* WITH_PKCS11_URI */

 bool ssh_key_size_allowed_rsa(int min_size, ssh_key key);
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PKI_PRIV_H_ */
--- a/include/libssh/poll.h
+++ b/include/libssh/poll.h
@@ -114,6 +114,10 @@ typedef unsigned long int nfds_t;
 #endif /* WIN32 */
 #endif /* HAVE_POLL */

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void ssh_poll_init(void);
 void ssh_poll_cleanup(void);
 int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout);
@@ -158,4 +162,8 @@ ssh_poll_ctx ssh_poll_get_default_ctx(ssh_session session);
 int ssh_event_add_poll(ssh_event event, ssh_poll_handle p);
 void ssh_event_remove_poll(ssh_event event, ssh_poll_handle p);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* POLL_H_ */
--- a/include/libssh/poly1305.h
+++ b/include/libssh/poly1305.h
@@ -7,6 +7,10 @@
 #define POLY1305_H
 #include "libssh/chacha20-poly1305-common.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void poly1305_auth(uint8_t out[POLY1305_TAGLEN], const uint8_t *m, size_t inlen,
    const uint8_t key[POLY1305_KEYLEN])
 #ifdef HAVE_GCC_BOUNDED_ATTRIBUTE
@@ -16,4 +20,8 @@ void poly1305_auth(uint8_t out[POLY1305_TAGLEN], const uint8_t *m, size_t inlen,
 #endif
    ;

+#ifdef __cplusplus
+}
+#endif
+
 #endif	/* POLY1305_H */
--- a/include/libssh/priv.h
+++ b/include/libssh/priv.h
@@ -47,6 +47,10 @@
 # endif
 #endif /* !defined(HAVE_STRTOULL) */

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if !defined(HAVE_STRNDUP)
 char *strndup(const char *s, size_t n);
 #endif /* ! HAVE_STRNDUP */
@@ -152,7 +156,9 @@ char *strndup(const char *s, size_t n);
 # endif /* _MSC_VER */

 struct timeval;
-int gettimeofday(struct timeval *__p, void *__t);
+int ssh_gettimeofday(struct timeval *__p, void *__t);
+
+#define gettimeofday ssh_gettimeofday

 #define _XCLOSESOCKET closesocket

@@ -432,4 +438,8 @@ bool is_ssh_initialized(void);
 #define SSH_ERRNO_MSG_MAX   1024
 char *ssh_strerror(int err_num, char *buf, size_t buflen);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _LIBSSH_PRIV_H */
--- a/include/libssh/sc25519.h
+++ b/include/libssh/sc25519.h
@@ -35,6 +35,10 @@ typedef struct {
  uint32_t v[16];
 } shortsc25519;

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);

 void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
@@ -71,4 +75,8 @@ void sc25519_window5(signed char r[51], const sc25519 *s);

 void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);

+#ifdef __cplusplus
+}
+#endif
+
 #endif
--- a/include/libssh/scp.h
+++ b/include/libssh/scp.h
@@ -47,9 +47,17 @@ struct ssh_scp_struct {
  int request_mode;
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_scp_read_string(ssh_scp scp, char *buffer, size_t len);
 int ssh_scp_integer_mode(const char *mode);
 char *ssh_scp_string_mode(int mode);
 int ssh_scp_response(ssh_scp scp, char **response);

+#ifdef __cplusplus
+}
+#endif
+
 #endif
--- a/include/libssh/server.h
+++ b/include/libssh/server.h
@@ -117,7 +117,7 @@ LIBSSH_API int ssh_bind_listen(ssh_bind ssh_bind_o);
 *
 * @param[in] userdata  A pointer to private data to pass to the callbacks.
 *
- * @return              SSH_OK on success, SSH_ERROR if an error occured.
+ * @return              SSH_OK on success, SSH_ERROR if an error occurred.
 *
 * @code
 *     struct ssh_callbacks_struct cb = {
@@ -280,7 +280,7 @@ LIBSSH_API int ssh_message_reply_default(ssh_message msg);
 *
 * @param[in] msg       The message to get the username from.
 *
- * @return              The username or NULL if an error occured.
+ * @return              The username or NULL if an error occurred.
 *
 * @see ssh_message_get()
 * @see ssh_message_type()
@@ -292,11 +292,11 @@ LIBSSH_API const char *ssh_message_auth_user(ssh_message msg);
 *
 * @param[in] msg       The message to get the password from.
 *
- * @return              The username or NULL if an error occured.
+ * @return              The username or NULL if an error occurred.
 *
 * @see ssh_message_get()
 * @see ssh_message_type()
- * @warning This function should not be used anymore as there is a
+ * @deprecated This function should not be used anymore as there is a
 * callback based server implementation now auth_password_function.
 */
 SSH_DEPRECATED LIBSSH_API const char *ssh_message_auth_password(ssh_message msg);
@@ -314,14 +314,19 @@ SSH_DEPRECATED LIBSSH_API const char *ssh_message_auth_password(ssh_message msg)
 * @see ssh_key_cmp()
 * @see ssh_message_get()
 * @see ssh_message_type()
- * @warning This function should not be used anymore as there is a
+ * @deprecated This function should not be used anymore as there is a
 * callback based server implementation auth_pubkey_function.
 */
 SSH_DEPRECATED LIBSSH_API ssh_key ssh_message_auth_pubkey(ssh_message msg);

 LIBSSH_API int ssh_message_auth_kbdint_is_response(ssh_message msg);

-/* Replaced by callback based server implementation auth_pubkey_function */
+/**
+ * @param[in] msg       The message to get the public key state from.
+ *
+ * @deprecated This function should not be used anymore as there is a
+ * callback based server implementation auth_pubkey_function
+ */
 SSH_DEPRECATED LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg);

 LIBSSH_API int ssh_message_auth_reply_success(ssh_message msg,int partial);
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -76,6 +76,17 @@ enum ssh_pending_call_e {
 /* Client successfully authenticated */
 #define SSH_SESSION_FLAG_AUTHENTICATED 2

+/* The KEXINIT message can be sent first by either of the parties so this flag
+ * indicates that the message was already sent to make sure it is sent and avoid
+ * sending it twice during key exchange to simplify the state machine. */
+#define SSH_SESSION_FLAG_KEXINIT_SENT 4
+
+/* The current SSH2 session implements the "strict KEX" feature and should behave
+ * differently on SSH2_MSG_NEWKEYS. */
+#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
+/* Unexpected packets have been sent while the session was still unencrypted */
+#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
+
 /* codes to use with ssh_handle_packets*() */
 /* Infinite timeout */
 #define SSH_TIMEOUT_INFINITE -1
@@ -93,6 +104,12 @@ enum ssh_pending_call_e {
 #define SSH_OPT_FLAG_KBDINT_AUTH 0x4
 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8

+/* Escape expansion of different variables */
+#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
+#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
+#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
+#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
+
 /* extensions flags */
 /* negotiation enabled */
 #define SSH_EXT_NEGOTIATION     0x01
@@ -132,10 +149,8 @@ struct ssh_session_struct {
    /* Extensions negotiated using RFC 8308 */
    uint32_t extensions;

-    ssh_string banner; /* that's the issue banner from
-                       the server */
-    char *discon_msg; /* disconnect message from
-                         the remote host */
+    ssh_string banner; /* that's the issue banner from the server */
+    char *peer_discon_msg; /* disconnect message from the remote host */
    char *disconnect_message; /* disconnect message to be set */
    ssh_buffer in_buffer;
    PACKET in_packet;
@@ -160,25 +175,33 @@ struct ssh_session_struct {
        uint32_t current_method;
    } auth;

+    /* Sending this flag before key exchange to save one round trip during the
+     * key exchange. This might make sense on high-latency connections.
+     * So far internal only for testing. Usable only on the client side --
+     * there is no key exchange method that would start with server message */
+    bool send_first_kex_follows;
    /*
     * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
     * the received SSH_MSG_KEXINIT, but the guess was wrong, this
     * field will be set such that the following guessed packet will
-     * be ignored.  Once that packet has been received and ignored,
-     * this field is cleared.
+     * be ignored on the receiving side.  Once that packet has been received and
+     * ignored, this field is cleared.
+     * On the sending side, this is set after we got peer KEXINIT message and we
+     * need to resend the initial message of the negotiated KEX algorithm.
     */
-    int first_kex_follows_guess_wrong;
+    bool first_kex_follows_guess_wrong;

    ssh_buffer in_hashbuf;
    ssh_buffer out_hashbuf;
    struct ssh_crypto_struct *current_crypto;
-    struct ssh_crypto_struct *next_crypto;  /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
+    /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
+    struct ssh_crypto_struct *next_crypto;

    struct ssh_list *channels; /* linked list of channels */
    uint32_t maxchannel;
    ssh_agent agent; /* ssh agent */

-/* keyb interactive data */
+    /* keyboard interactive data */
    struct ssh_kbdint_struct *kbdint;
    struct ssh_gssapi_struct *gssapi;

@@ -195,7 +218,8 @@ struct ssh_session_struct {

    /* auths accepted by server */
    struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
-    int (*ssh_message_callback)( struct ssh_session_struct *session, ssh_message msg, void *userdata);
+    int (*ssh_message_callback)(struct ssh_session_struct *session,
+                                ssh_message msg, void *userdata);
    void *ssh_message_callback_data;
    ssh_server_callbacks server_callbacks;
    void (*ssh_connection_callback)( struct ssh_session_struct *session);
@@ -209,6 +233,7 @@ struct ssh_session_struct {
 #endif
    struct {
        struct ssh_list *identity;
+        struct ssh_list *identity_non_exp;
        char *username;
        char *host;
        char *bindaddr; /* bind the client to an ip addr */
@@ -223,7 +248,7 @@ struct ssh_session_struct {
        char *agent_socket;
        unsigned long timeout; /* seconds */
        unsigned long timeout_usec;
-        unsigned int port;
+        uint16_t port;
        socket_t fd;
        int StrictHostKeyChecking;
        char compressionlevel;
@@ -231,6 +256,7 @@ struct ssh_session_struct {
        char *gss_client_identity;
        int gss_delegate_creds;
        int flags;
+        int exp_flags;
        int nodelay;
        bool config_processed;
        uint8_t options_seen[SOC_MAX];
--- a/include/libssh/sftp.h
+++ b/include/libssh/sftp.h
@@ -681,6 +681,11 @@ LIBSSH_API int sftp_rename(sftp_session sftp, const char *original, const  char
 /**
 * @brief Set file attributes on a file, directory or symbolic link.
 *
+ * Note, that this function can only set time values using 32 bit values due to
+ * the restrictions in the SFTP protocol version 3 implemented by libssh.
+ * The support for 64 bit time values was introduced in SFTP version 5, which is
+ * not implemented by libssh nor any major SFTP servers.
+ *
 * @param sftp          The sftp session handle.
 *
 * @param file          The file which attributes should be changed.
@@ -767,6 +772,8 @@ LIBSSH_API int sftp_symlink(sftp_session sftp, const char *target, const char *d
 * @param  path         Specifies the path name of the symlink to be read.
 *
 * @return              The target of the link, NULL on error.
+ *                      The caller needs to free the memory
+ *                      using ssh_string_free_char().
 *
 * @see sftp_get_error()
 */
--- a/include/libssh/sftp_priv.h
+++ b/include/libssh/sftp_priv.h
@@ -21,6 +21,10 @@
 #ifndef SFTP_PRIV_H
 #define SFTP_PRIV_H

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 sftp_packet sftp_packet_read(sftp_session sftp);
 int sftp_packet_write(sftp_session sftp, uint8_t type, ssh_buffer payload);
 void sftp_packet_free(sftp_packet packet);
@@ -29,4 +33,8 @@ sftp_attributes sftp_parse_attr(sftp_session session,
                                ssh_buffer buf,
                                int expectname);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* SFTP_PRIV_H */
--- a/include/libssh/socket.h
+++ b/include/libssh/socket.h
@@ -35,6 +35,7 @@ void ssh_socket_reset(ssh_socket s);
 void ssh_socket_free(ssh_socket s);
 void ssh_socket_set_fd(ssh_socket s, socket_t fd);
 socket_t ssh_socket_get_fd(ssh_socket s);
+void ssh_socket_set_connected(ssh_socket s, struct ssh_poll_handle_struct *p);
 int ssh_socket_unix(ssh_socket s, const char *path);
 void ssh_execute_command(const char *command, socket_t in, socket_t out);
 #ifndef _WIN32
--- a/include/libssh/string.h
+++ b/include/libssh/string.h
@@ -22,6 +22,10 @@
 #define STRING_H_
 #include "libssh/priv.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* must be 32 bits number + immediately our data */
 #ifdef _MSC_VER
 #pragma pack(1)
@@ -38,4 +42,8 @@ __attribute__ ((packed))
 #endif
 ;

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* STRING_H_ */
--- a/include/libssh/threads.h
+++ b/include/libssh/threads.h
@@ -49,6 +49,10 @@

 #endif

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_threads_init(void);
 void ssh_threads_finalize(void);
 const char *ssh_threads_get_type(void);
@@ -60,4 +64,8 @@ struct ssh_threads_callbacks_struct *ssh_threads_get_default(void);
 int crypto_thread_init(struct ssh_threads_callbacks_struct *user_callbacks);
 void crypto_thread_finalize(void);

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* THREADS_H_ */
--- a/include/libssh/token.h
+++ b/include/libssh/token.h
@@ -31,6 +31,10 @@ struct ssh_tokens_st {
    char **tokens;
 };

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_tokens_st *ssh_tokenize(const char *chain, char separator);

 void ssh_tokens_free(struct ssh_tokens_st *tokens);
@@ -45,4 +49,8 @@ char *ssh_remove_duplicates(const char *list);

 char *ssh_append_without_duplicates(const char *list,
                                    const char *appended_list);
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* TOKEN_H_ */
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -29,6 +29,10 @@
 #include "libssh/libgcrypt.h"
 #include "libssh/libmbedcrypto.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 enum ssh_kdf_digest {
    SSH_KDF_SHA1=1,
    SSH_KDF_SHA256,
@@ -68,33 +72,33 @@ struct ssh_crypto_struct;

 typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
 MD5CTX md5_init(void);
-void md5_update(MD5CTX c, const void *data, size_t len);
-void md5_final(unsigned char *md,MD5CTX c);
+void md5_ctx_free(MD5CTX);
+int md5_update(MD5CTX c, const void *data, size_t len);
+int md5_final(unsigned char *md, MD5CTX c);

 SHACTX sha1_init(void);
-void sha1_update(SHACTX c, const void *data, size_t len);
-void sha1_final(unsigned char *md,SHACTX c);
-void sha1(const unsigned char *digest,size_t len,unsigned char *hash);
+void sha1_ctx_free(SHACTX);
+int sha1_update(SHACTX c, const void *data, size_t len);
+int sha1_final(unsigned char *md,SHACTX c);
+int sha1(const unsigned char *digest,size_t len, unsigned char *hash);

 SHA256CTX sha256_init(void);
-void sha256_update(SHA256CTX c, const void *data, size_t len);
-void sha256_final(unsigned char *md,SHA256CTX c);
-void sha256(const unsigned char *digest, size_t len, unsigned char *hash);
+void sha256_ctx_free(SHA256CTX);
+int sha256_update(SHA256CTX c, const void *data, size_t len);
+int sha256_final(unsigned char *md,SHA256CTX c);
+int sha256(const unsigned char *digest, size_t len, unsigned char *hash);

 SHA384CTX sha384_init(void);
-void sha384_update(SHA384CTX c, const void *data, size_t len);
-void sha384_final(unsigned char *md,SHA384CTX c);
-void sha384(const unsigned char *digest, size_t len, unsigned char *hash);
+void sha384_ctx_free(SHA384CTX);
+int sha384_update(SHA384CTX c, const void *data, size_t len);
+int sha384_final(unsigned char *md,SHA384CTX c);
+int sha384(const unsigned char *digest, size_t len, unsigned char *hash);

 SHA512CTX sha512_init(void);
-void sha512_update(SHA512CTX c, const void *data, size_t len);
-void sha512_final(unsigned char *md,SHA512CTX c);
-void sha512(const unsigned char *digest, size_t len, unsigned char *hash);
-
-void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen);
-EVPCTX evp_init(int nid);
-void evp_update(EVPCTX ctx, const void *data, size_t len);
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
+void sha512_ctx_free(SHA512CTX);
+int sha512_update(SHA512CTX c, const void *data, size_t len);
+int sha512_final(unsigned char *md,SHA512CTX c);
+int sha512(const unsigned char *digest, size_t len, unsigned char *hash);

 HMACCTX hmac_init(const void *key,size_t len, enum ssh_hmac_e type);
 int hmac_update(HMACCTX c, const void *data, size_t len);
@@ -103,7 +107,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);

 int ssh_kdf(struct ssh_crypto_struct *crypto,
            unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
+            uint8_t key_type, unsigned char *output,
            size_t requested_len);

 int crypt_set_algorithms_client(ssh_session session);
@@ -122,9 +126,13 @@ const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm);

 #if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
 int evp_build_pkey(const char* name, OSSL_PARAM_BLD *param_bld, EVP_PKEY **pkey, int selection);
-int evp_dup_dsa_pkey(const ssh_key key, ssh_key new, int demote);
-int evp_dup_rsa_pkey(const ssh_key key, ssh_key new, int demote);
-int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new, int demote);
+int evp_dup_dsa_pkey(const ssh_key key, ssh_key new_key, int demote);
+int evp_dup_rsa_pkey(const ssh_key key, ssh_key new_key, int demote);
+int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new_key, int demote);
 #endif /* HAVE_LIBCRYPTO && OPENSSL_VERSION_NUMBER */

+#ifdef __cplusplus
+}
+#endif
+
 #endif /* WRAPPER_H_ */
--- a/libssh.pc.cmake
+++ b/libssh.pc.cmake
@@ -1,6 +1,10 @@
-Name: ${PROJECT_NAME}
-Description: The SSH Library
-Version: ${PROJECT_VERSION}
-Libs: -L${CMAKE_INSTALL_FULL_LIBDIR} -lssh
-Cflags: -I${CMAKE_INSTALL_FULL_INCLUDEDIR}
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@

+Name: @PROJECT_NAME@
+Description: The SSH Library
+Version: @PROJECT_VERSION@
+Libs: -L${libdir} -lssh
+Cflags: -I${includedir}
--- a/src/ABI/current
+++ b/src/ABI/current
@@ -1 +1 @@
-4.9.0
+4.9.6
--- a/src/ABI/libssh-4.9.1.symbols
+++ b/src/ABI/libssh-4.9.1.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
--- a/src/ABI/libssh-4.9.2.symbols
+++ b/src/ABI/libssh-4.9.2.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
--- a/src/ABI/libssh-4.9.3.symbols
+++ b/src/ABI/libssh-4.9.3.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
--- a/src/ABI/libssh-4.9.4.symbols
+++ b/src/ABI/libssh-4.9.4.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
--- a/src/ABI/libssh-4.9.5.symbols
+++ b/src/ABI/libssh-4.9.5.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
--- a/src/ABI/libssh-4.9.6.symbols
+++ b/src/ABI/libssh-4.9.6.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -91,6 +91,7 @@ endif()
 if (WIN32)
  set(LIBSSH_LINK_LIBRARIES
    ${LIBSSH_LINK_LIBRARIES}
+    iphlpapi
    ws2_32
  )
 endif (WIN32)
@@ -184,6 +185,8 @@ if (WITH_GCRYPT)
        gcrypt_missing.c
        pki_gcrypt.c
        ecdh_gcrypt.c
+        getrandom_gcrypt.c
+        md_gcrypt.c
        dh_key.c
        pki_ed25519.c
        external/ed25519.c
@@ -207,6 +210,8 @@ elseif (WITH_MBEDTLS)
        mbedcrypto_missing.c
        pki_mbedcrypto.c
        ecdh_mbedcrypto.c
+        getrandom_mbedcrypto.c
+        md_mbedcrypto.c
        dh_key.c
        pki_ed25519.c
        external/ed25519.c
@@ -229,6 +234,8 @@ else (WITH_GCRYPT)
        threads/libcrypto.c
        pki_crypto.c
        ecdh_crypto.c
+        getrandom_crypto.c
+        md_crypto.c
        libcrypto.c
        dh_crypto.c
       )
@@ -300,12 +307,12 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
 endif (WITH_GSSAPI AND GSSAPI_FOUND)

 if (NOT WITH_NACL)
-    if (NOT HAVE_OPENSSL_ED25519)
+    if (NOT HAVE_LIBCRYPTO OR NOT HAVE_OPENSSL_ED25519)
        set(libssh_SRCS
            ${libssh_SRCS}
            external/curve25519_ref.c
           )
-    endif (NOT HAVE_OPENSSL_ED25519)
+    endif()
 endif (NOT WITH_NACL)

 # Set the path to the default map file
@@ -344,8 +351,10 @@ endif (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT AND ABIMAP_FOUND)
 add_library(ssh ${libssh_SRCS})
 target_compile_options(ssh
                       PRIVATE
-                           ${DEFAULT_C_COMPILE_FLAGS}
-                           -D_GNU_SOURCE)
+                           ${DEFAULT_C_COMPILE_FLAGS})
+if (CYGWIN)
+    target_compile_definitions(ssh PRIVATE _GNU_SOURCE)
+endif ()
 target_include_directories(ssh
                           PUBLIC
                               $<BUILD_INTERFACE:${libssh_SOURCE_DIR}/include>
@@ -404,8 +413,10 @@ if (BUILD_STATIC_LIB)
  add_library(ssh-static STATIC ${libssh_SRCS})
  target_compile_options(ssh-static
                         PRIVATE
-                            ${DEFAULT_C_COMPILE_FLAGS}
-                            -D_GNU_SOURCE)
+                             ${DEFAULT_C_COMPILE_FLAGS})
+  if (CYGWIN)
+    target_compile_definitions(ssh-static PRIVATE _GNU_SOURCE)
+  endif ()

  target_include_directories(ssh-static
                             PUBLIC
--- a/src/agent.c
+++ b/src/agent.c
@@ -150,11 +150,21 @@ static void agent_set_channel(struct ssh_agent_struct *agent, ssh_channel channe
  agent->channel = channel;
 }

+/**
+ * @addtogroup libssh_auth
+ *
+ * @{
+ */
+
 /** @brief sets the SSH agent channel.
 * The SSH agent channel will be used to authenticate this client using
 * an agent through a channel, from another session. The most likely use
 * is to implement SSH Agent forwarding into a SSH proxy.
+ *
+ * @param session the session
+ *
 * @param[in] channel a SSH channel from another session.
+ *
 * @returns SSH_OK in case of success
 *          SSH_ERROR in case of an error
 */
@@ -189,6 +199,10 @@ int ssh_set_agent_socket(ssh_session session, socket_t fd){
  return SSH_OK;
 }

+/**
+ * @}
+ */
+
 void ssh_agent_close(struct ssh_agent_struct *agent) {
  if (agent == NULL) {
    return;
--- a/src/auth.c
+++ b/src/auth.c
@@ -47,7 +47,7 @@
 #include "libssh/legacy.h"

 /**
- * @defgroup libssh_auth The SSH authentication functions.
+ * @defgroup libssh_auth The SSH authentication functions
 * @ingroup libssh
 *
 * Functions to authenticate with a server.
@@ -1140,6 +1140,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
            state->privkey = NULL;
            state->pubkey = NULL;

+#ifdef WITH_PKCS11_URI
            if (ssh_pki_is_uri(privkey_file)) {
                char *pub_uri_from_priv = NULL;
                SSH_LOG(SSH_LOG_INFO,
@@ -1152,7 +1153,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                             pub_uri_from_priv);
                    SAFE_FREE(pub_uri_from_priv);
                }
-            } else {
+            } else
+#endif /* WITH_PKCS11_URI */
+            {
                snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file);
            }

--- a/src/bignum.c
+++ b/src/bignum.c
@@ -44,7 +44,7 @@ ssh_string ssh_make_bignum_string(bignum num) {

 #ifdef DEBUG_CRYPTO
  SSH_LOG(SSH_LOG_TRACE,
-          "%zu bits, %zu bytes, %zu padding\n",
+          "%zu bits, %zu bytes, %zu padding",
          bits, len, pad);
 #endif /* DEBUG_CRYPTO */

@@ -86,7 +86,8 @@ void ssh_print_bignum(const char *name, const_bignum num)
    if (num != NULL) {
        bignum_bn2hex(num, &hex);
    }
-    SSH_LOG(SSH_LOG_DEBUG, "%s value: %s\n", name, (hex == NULL) ? "(null)" : (char *) hex);
+    SSH_LOG(SSH_LOG_DEBUG, "%s value: %s", name,
+            (hex == NULL) ? "(null)" : (char *)hex);
 #ifdef HAVE_LIBGCRYPT
    SAFE_FREE(hex);
 #elif defined HAVE_LIBCRYPTO
--- a/src/bind.c
+++ b/src/bind.c
@@ -282,7 +282,7 @@ int ssh_bind_listen(ssh_bind sshbind) {
      }

      if (listen(fd, 10) < 0) {
-        char err_msg[] = {0};
+        char err_msg[SSH_ERRNO_MSG_MAX] = {0};
          ssh_set_error(sshbind, SSH_FATAL,
                  "Listening to socket %d: %s",
                  fd, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -424,7 +424,9 @@ void ssh_bind_free(ssh_bind sshbind){
  SAFE_FREE(sshbind);
 }

-int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
+int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
+{
+    ssh_poll_handle handle = NULL;
    int i, rc;

    if (sshbind == NULL) {
@@ -516,7 +518,12 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
      return SSH_ERROR;
    }
    ssh_socket_set_fd(session->socket, fd);
-    ssh_socket_get_poll_handle(session->socket);
+    handle = ssh_socket_get_poll_handle(session->socket);
+    if (handle == NULL) {
+        ssh_set_error_oom(sshbind);
+        return SSH_ERROR;
+    }
+    ssh_socket_set_connected(session->socket, handle);

    /* We must try to import any keys that could be imported in case
     * we are not using ssh_bind_listen (which is the other place
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -26,6 +26,7 @@
 #include <limits.h>
 #include <stdarg.h>
 #include <stdbool.h>
+#include <stdio.h>

 #ifndef _WIN32
 #include <netinet/in.h>
@@ -56,7 +57,7 @@ struct ssh_buffer_struct {
 #define BUFFER_SIZE_MAX 0x10000000

 /**
- * @defgroup libssh_buffer The SSH buffer functions.
+ * @defgroup libssh_buffer The SSH buffer functions
 * @ingroup libssh
 *
 * Functions to handle SSH buffers.
@@ -747,7 +748,8 @@ uint32_t ssh_buffer_get_u64(struct ssh_buffer_struct *buffer, uint64_t *data){
 */
 int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len)
 {
-    if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
+    if (buffer == NULL || buffer->pos + len < len ||
+        buffer->pos + len > buffer->used) {
        return SSH_ERROR;
    }

--- a/src/channels.c
+++ b/src/channels.c
@@ -2499,7 +2499,8 @@ ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms)

 /**
 * @brief Accept an incoming TCP/IP forwarding channel and get some information
- * about incomming connection
+ * about incoming connection
+ *
 * @param[in]  session    The ssh session to use.
 *
 * @param[in]  timeout_ms A timeout in milliseconds.
@@ -2515,7 +2516,8 @@ ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int*

 /**
 * @brief Accept an incoming TCP/IP forwarding channel and get information
- * about incomming connection
+ * about incoming connection
+ *
 * @param[in]  session    The ssh session to use.
 *
 * @param[in]  timeout_ms A timeout in milliseconds.
@@ -3523,9 +3525,15 @@ int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
    firstround=0;
  } while(1);

-  memcpy(readchans, rchans, (count_ptrs(rchans) + 1) * sizeof(ssh_channel ));
-  memcpy(writechans, wchans, (count_ptrs(wchans) + 1) * sizeof(ssh_channel ));
-  memcpy(exceptchans, echans, (count_ptrs(echans) + 1) * sizeof(ssh_channel ));
+  if (readchans != &dummy) {
+      memcpy(readchans, rchans, (count_ptrs(rchans) + 1) * sizeof(ssh_channel));
+  }
+  if (writechans != &dummy) {
+      memcpy(writechans, wchans, (count_ptrs(wchans) + 1) * sizeof(ssh_channel));
+  }
+  if (exceptchans != &dummy) {
+      memcpy(exceptchans, echans, (count_ptrs(echans) + 1) * sizeof(ssh_channel));
+  }
  SAFE_FREE(rchans);
  SAFE_FREE(wchans);
  SAFE_FREE(echans);
@@ -3809,4 +3817,4 @@ error:

 #endif

-/* @} */
+/** @} */
--- a/src/client.c
+++ b/src/client.c
@@ -246,10 +246,13 @@ end:
 * @warning this function returning is no proof that DH handshake is
 * completed
 */
-static int dh_handshake(ssh_session session)
+int dh_handshake(ssh_session session)
 {
  int rc = SSH_AGAIN;

+  SSH_LOG(SSH_LOG_TRACE, "dh_handshake_state = %d, kex_type = %d",
+          session->dh_handshake_state,  session->next_crypto->kex_type);
+
  switch (session->dh_handshake_state) {
    case DH_STATE_INIT:
      switch(session->next_crypto->kex_type){
@@ -314,8 +317,13 @@ static int ssh_service_request_termination(void *s)
 }

 /**
- * @internal
+ * @addtogroup libssh_session
 *
+ * @{
+ */
+
+/**
+ * @internal
 * @brief Request a service from the SSH server.
 *
 * Service requests are for example: ssh-userauth, ssh-connection, etc.
@@ -376,12 +384,6 @@ pending:
  return rc;
 }

-/**
- * @addtogroup libssh_session
- *
- * @{
- */
-
 /**
 * @internal
 *
@@ -392,95 +394,101 @@ static void ssh_client_connection_callback(ssh_session session)
 {
    int rc;

-    switch(session->session_state) {
-        case SSH_SESSION_STATE_NONE:
-        case SSH_SESSION_STATE_CONNECTING:
-            break;
-        case SSH_SESSION_STATE_SOCKET_CONNECTED:
-            ssh_set_fd_towrite(session);
-            ssh_send_banner(session, 0);
+    SSH_LOG(SSH_LOG_DEBUG, "session_state=%d", session->session_state);

-            break;
-        case SSH_SESSION_STATE_BANNER_RECEIVED:
-            if (session->serverbanner == NULL) {
-                goto error;
-            }
-            set_status(session, 0.4f);
-            SSH_LOG(SSH_LOG_PROTOCOL,
-                    "SSH server banner: %s", session->serverbanner);
+    switch (session->session_state) {
+    case SSH_SESSION_STATE_NONE:
+    case SSH_SESSION_STATE_CONNECTING:
+        break;
+    case SSH_SESSION_STATE_SOCKET_CONNECTED:
+        ssh_set_fd_towrite(session);
+        ssh_send_banner(session, 0);

-            /* Here we analyze the different protocols the server allows. */
-            rc = ssh_analyze_banner(session, 0);
-            if (rc < 0) {
-                ssh_set_error(session, SSH_FATAL,
-                        "No version of SSH protocol usable (banner: %s)",
-                        session->serverbanner);
-                goto error;
-            }
+        break;
+    case SSH_SESSION_STATE_BANNER_RECEIVED:
+        if (session->serverbanner == NULL) {
+            goto error;
+        }
+        set_status(session, 0.4f);
+        SSH_LOG(SSH_LOG_PROTOCOL,
+                "SSH server banner: %s", session->serverbanner);

-            ssh_packet_register_socket_callback(session, session->socket);
+        /* Here we analyze the different protocols the server allows. */
+        rc = ssh_analyze_banner(session, 0);
+        if (rc < 0) {
+            ssh_set_error(session, SSH_FATAL,
+                          "No version of SSH protocol usable (banner: %s)",
+                          session->serverbanner);
+            goto error;
+        }

-            ssh_packet_set_default_callbacks(session);
-            session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
+        ssh_packet_register_socket_callback(session, session->socket);
+
+        ssh_packet_set_default_callbacks(session);
+        session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
+        rc = ssh_set_client_kex(session);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        rc = ssh_send_kex(session);
+        if (rc < 0) {
+            goto error;
+        }
+        set_status(session, 0.5f);
+
+        break;
+    case SSH_SESSION_STATE_INITIAL_KEX:
+        /* TODO: This state should disappear in favor of get_key handle */
+        break;
+    case SSH_SESSION_STATE_KEXINIT_RECEIVED:
+        set_status(session, 0.6f);
+        ssh_list_kex(&session->next_crypto->server_kex);
+        if ((session->flags & SSH_SESSION_FLAG_KEXINIT_SENT) == 0) {
+            /* in rekeying state if next_crypto client_kex might be empty */
            rc = ssh_set_client_kex(session);
            if (rc != SSH_OK) {
                goto error;
            }
-            rc = ssh_send_kex(session, 0);
+            rc = ssh_send_kex(session);
            if (rc < 0) {
                goto error;
            }
-            set_status(session, 0.5f);
-
-            break;
-        case SSH_SESSION_STATE_INITIAL_KEX:
-            /* TODO: This state should disappear in favor of get_key handle */
-            break;
-        case SSH_SESSION_STATE_KEXINIT_RECEIVED:
-            set_status(session,0.6f);
-            ssh_list_kex(&session->next_crypto->server_kex);
-            if (session->next_crypto->client_kex.methods[0] == NULL) {
-                /* in rekeying state if next_crypto client_kex is empty */
-                rc = ssh_set_client_kex(session);
-                if (rc != SSH_OK) {
-                    goto error;
-                }
-                rc = ssh_send_kex(session, 0);
-                if (rc < 0) {
-                    goto error;
-                }
-            }
-            if (ssh_kex_select_methods(session) == SSH_ERROR)
-                goto error;
-            set_status(session,0.8f);
-            session->session_state=SSH_SESSION_STATE_DH;
-            if (dh_handshake(session) == SSH_ERROR) {
-                goto error;
-            }
-            FALL_THROUGH;
-        case SSH_SESSION_STATE_DH:
-            if(session->dh_handshake_state==DH_STATE_FINISHED){
-                set_status(session,1.0f);
-                session->connected = 1;
-                if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
-                    session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
-                else
-                    session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
-            }
-            break;
-        case SSH_SESSION_STATE_AUTHENTICATING:
-            break;
-        case SSH_SESSION_STATE_ERROR:
+        }
+        if (ssh_kex_select_methods(session) == SSH_ERROR)
            goto error;
-        default:
-            ssh_set_error(session,SSH_FATAL,"Invalid state %d",session->session_state);
+        set_status(session, 0.8f);
+        session->session_state = SSH_SESSION_STATE_DH;
+
+        /* If the init packet was already sent in previous step, this will be no
+         * operation */
+        if (dh_handshake(session) == SSH_ERROR) {
+            goto error;
+        }
+        FALL_THROUGH;
+    case SSH_SESSION_STATE_DH:
+        if (session->dh_handshake_state == DH_STATE_FINISHED) {
+            set_status(session, 1.0f);
+            session->connected = 1;
+            if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
+                session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
+            else
+                session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
+        }
+        break;
+    case SSH_SESSION_STATE_AUTHENTICATING:
+        break;
+    case SSH_SESSION_STATE_ERROR:
+        goto error;
+    default:
+        ssh_set_error(session, SSH_FATAL, "Invalid state %d",
+                      session->session_state);
    }

    return;
 error:
    ssh_socket_close(session->socket);
    session->alive = 0;
-    session->session_state=SSH_SESSION_STATE_ERROR;
+    session->session_state = SSH_SESSION_STATE_ERROR;

 }

@@ -731,8 +739,8 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
 *
 * The session can then be reused to open a new session.
 *
- * @note Note that this function wont close the socket if it was set with
- * @ssh_options_set and SSH_OPTIONS_FD. You're responsible for closing the
+ * @note Note that this function won't close the socket if it was set with
+ * ssh_options_set and SSH_OPTIONS_FD. You're responsible for closing the
 * socket. This is new behavior in libssh 0.10.
 *
 * @param[in]  session  The SSH session to use.
@@ -834,9 +842,16 @@ error:
    }
 }

+/**
+ * @brief Copyright information
+ *
+ * Returns copyright information
+ *
+ * @returns SSH_STRING copyright
+ */
 const char *ssh_copyright(void)
 {
-    return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2022 "
+    return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2023 "
           "Aris Adamantiadis, Andreas Schneider "
           "and libssh contributors. "
           "Distributed under the LGPL, please refer to COPYING "
--- a/src/config.c
+++ b/src/config.c
@@ -356,7 +356,7 @@ ssh_exec_shell(char *cmd)
        if (rc == -1) {
            SSH_LOG(SSH_LOG_WARN, "dup2: %s",
                    ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
-	    exit(1);
+            exit(1);
        }
        if (devnull > STDERR_FILENO) {
            close(devnull);
@@ -395,7 +395,7 @@ ssh_exec_shell(char *cmd)
        }
    }
    if (!WIFEXITED(status)) {
-        SSH_LOG(SSH_LOG_WARN, "Command %s exitted abnormally", cmd);
+        SSH_LOG(SSH_LOG_WARN, "Command %s exited abnormally", cmd);
        return -1;
    }
    SSH_LOG(SSH_LOG_TRACE, "Command '%s' returned %d", cmd, WEXITSTATUS(status));
@@ -491,7 +491,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
    if (hostname != NULL && do_parsing) {
        char com[512] = {0};

-        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W [%%h]:%%p %s",
+        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W '[%%h]:%%p' %s",
                      username ? " -l " : "",
                      username ? username : "",
                      port ? " -p " : "",
@@ -548,6 +548,11 @@ ssh_config_make_absolute(ssh_session session,
        return out;
    }

+    /* paths starting with tilde are already absolute */
+    if (path[0] == '~') {
+        return ssh_path_expand_tilde(path);
+    }
+
    /* Parsing user config relative to home directory (generally ~/.ssh) */
    if (session->opts.sshdir == NULL) {
        ssh_set_error_invalid(session);
@@ -1001,7 +1006,7 @@ ssh_config_parse_line(ssh_session session,
        if (p == NULL) {
            break;
        } else if (strcmp(p, "default") == 0) {
-            /* Default rekey limits enforced automaticaly */
+            /* Default rekey limits enforced automatically */
            ll = 0;
        } else {
            char *endp = NULL;
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -30,9 +30,10 @@

 #include "libssh/config_parser.h"
 #include "libssh/priv.h"
+#include "libssh/misc.h"

 /* Returns the original string after skipping the leading whitespace
- * and optional quotes.
+ * until finding LF.
 * This is useful in case we need to get the rest of the line (for example
 * external command).
 */
@@ -48,15 +49,6 @@ char *ssh_config_get_cmd(char **str)
        }
    }

-    if (*c == '\"') {
-        for (r = ++c; *c; c++) {
-            if (*c == '\"') {
-                *c = '\0';
-                goto out;
-            }
-        }
-    }
-
    for (r = c; *c; c++) {
        if (*c == '\n') {
            *c = '\0';
@@ -176,6 +168,7 @@ int ssh_config_parse_uri(const char *tok,
 {
    char *endp = NULL;
    long port_n;
+    int rc;

    /* Sanitize inputs */
    if (username != NULL) {
@@ -189,7 +182,7 @@ int ssh_config_parse_uri(const char *tok,
    }

    /* Username part (optional) */
-    endp = strchr(tok, '@');
+    endp = strrchr(tok, '@');
    if (endp != NULL) {
        /* Zero-length username is not valid */
        if (tok == endp) {
@@ -233,6 +226,14 @@ int ssh_config_parse_uri(const char *tok,
        if (*hostname == NULL) {
            goto error;
        }
+        /* if not an ip, check syntax */
+        rc = ssh_is_ipaddr(*hostname);
+        if (rc == 0) {
+            rc = ssh_check_hostname_syntax(*hostname);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+        }
    }
    /* Skip also the closing bracket */
    if (*endp == ']') {
--- a/src/connect.c
+++ b/src/connect.c
@@ -136,7 +136,7 @@ static int getai(const char *host, int port, struct addrinfo **ai)
 #endif
    }

-    if (ssh_is_ipaddr(host)) {
+    if (ssh_is_ipaddr(host) == 1) {
        /* this is an IP address */
        SSH_LOG(SSH_LOG_PACKET, "host %s matches an IP address", host);
        hints.ai_flags |= AI_NUMERICHOST;
--- a/src/connector.c
+++ b/src/connector.c
@@ -326,35 +326,40 @@ static void ssh_connector_fd_in_cb(ssh_connector connector)
 /** @internal
 * @brief Callback called when a poll event is received on an output fd
 */
-static void ssh_connector_fd_out_cb(ssh_connector connector){
+static void
+ssh_connector_fd_out_cb(ssh_connector connector)
+{
    unsigned char buffer[CHUNKSIZE];
    ssize_t r;
    ssize_t w;
    ssize_t total = 0;
-    SSH_LOG(SSH_LOG_TRACE, "connector POLLOUT event for fd %d", connector->out_fd);
+    SSH_LOG(SSH_LOG_TRACE, "connector POLLOUT event for fd %d",
+            connector->out_fd);

-    if(connector->in_available){
-        if (connector->in_channel != NULL){
-            r = ssh_channel_read_nonblocking(connector->in_channel, buffer, CHUNKSIZE, 0);
-            if(r == SSH_ERROR){
+    if (connector->in_available) {
+        if (connector->in_channel != NULL) {
+            r = ssh_channel_read_nonblocking(connector->in_channel, buffer,
+                                             CHUNKSIZE, 0);
+            if (r == SSH_ERROR) {
                ssh_connector_except_channel(connector, connector->in_channel);
                return;
-            } else if(r == 0 && ssh_channel_is_eof(connector->in_channel)){
+            } else if (r == 0 && ssh_channel_is_eof(connector->in_channel)) {
                close(connector->out_fd);
                connector->out_fd = SSH_INVALID_SOCKET;
                return;
-            } else if(r>0) {
+            } else if (r > 0) {
                /* loop around write in case the write blocks even for CHUNKSIZE bytes */
-                while (total != r){
-                        w = ssh_connector_fd_write(connector, buffer + total, r - total);
-                    if (w < 0){
+                while (total != r) {
+                    w = ssh_connector_fd_write(connector, buffer + total,
+                                               r - total);
+                    if (w < 0) {
                        ssh_connector_except(connector, connector->out_fd);
                        return;
                    }
                    total += w;
                }
            }
-        } else if (connector->in_fd != SSH_INVALID_SOCKET){
+        } else if (connector->in_fd != SSH_INVALID_SOCKET) {
            /* fallback on the socket input callback */
            connector->out_wontblock = 1;
            ssh_connector_fd_in_cb(connector);
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -39,7 +39,7 @@
 #include "libssh/pki.h"
 #include "libssh/bignum.h"

-#ifdef HAVE_OPENSSL_X25519
+#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
 #include <openssl/err.h>
 #endif

@@ -59,7 +59,7 @@ static struct ssh_packet_callbacks_struct ssh_curve25519_client_callbacks = {
 static int ssh_curve25519_init(ssh_session session)
 {
    int rc;
-#ifdef HAVE_OPENSSL_X25519
+#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL;
    size_t pubkey_len = CURVE25519_PUBKEY_SIZE;
@@ -136,7 +136,7 @@ static int ssh_curve25519_init(ssh_session session)
        crypto_scalarmult_base(session->next_crypto->curve25519_client_pubkey,
                               session->next_crypto->curve25519_privkey);
    }
-#endif /* HAVE_OPENSSL_X25519 */
+#endif /* defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519) */

    return SSH_OK;
 }
@@ -172,11 +172,16 @@ int ssh_client_curve25519_init(ssh_session session)
    return rc;
 }

+void ssh_client_curve25519_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_curve25519_client_callbacks);
+}
+
 static int ssh_curve25519_build_k(ssh_session session)
 {
    ssh_curve25519_pubkey k;

-#ifdef HAVE_OPENSSL_X25519
+#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
    EVP_PKEY_CTX *pctx = NULL;
    EVP_PKEY *pkey = NULL, *pubkey = NULL;
    size_t shared_key_len = sizeof(k);
@@ -255,7 +260,7 @@ out:
        crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
                          session->next_crypto->curve25519_server_pubkey);
    }
-#endif /* HAVE_OPENSSL_X25519 */
+#endif /* defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519) */

    bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->shared_secret);
    if (session->next_crypto->shared_secret == NULL) {
@@ -285,7 +290,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
  (void)type;
  (void)user;

-  ssh_packet_remove_callbacks(session, &ssh_curve25519_client_callbacks);
+  ssh_client_curve25519_remove_callbacks(session);

  pubkey_blob = ssh_buffer_get_ssh_string(packet);
  if (pubkey_blob == NULL) {
@@ -330,16 +335,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
  }

  /* Send the MSG_NEWKEYS */
-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-    goto error;
-  }
-
-  rc=ssh_packet_send(session);
+  rc = ssh_packet_send_newkeys(session);
  if (rc == SSH_ERROR) {
    goto error;
  }
-
-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
  session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;

  return SSH_PACKET_USED;
@@ -408,8 +407,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
    memcpy(session->next_crypto->curve25519_client_pubkey,
           ssh_string_data(q_c_string), CURVE25519_PUBKEY_SIZE);
    SSH_STRING_FREE(q_c_string);
-    /* Build server's keypair */

+    /* Build server's key pair */
    rc = ssh_curve25519_init(session);
    if (rc != SSH_OK) {
        ssh_set_error(session, SSH_FATAL, "Failed to generate curve25519 keys");
@@ -497,18 +496,13 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
        return SSH_ERROR;
    }

-    /* Send the MSG_NEWKEYS */
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc < 0) {
-        goto error;
-    }
-
    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
+
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
    if (rc == SSH_ERROR) {
        goto error;
    }
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");

    return SSH_PACKET_USED;
 error:
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -37,7 +37,7 @@
 #include "libssh/buffer.h"
 #include "libssh/session.h"

-/* Minimum, recommanded and maximum size of DH group */
+/* Minimum, recommended and maximum size of DH group */
 #define DH_PMIN 2048
 #define DH_PREQ 2048
 #define DH_PMAX 8192
@@ -248,6 +248,11 @@ error:
    return SSH_PACKET_USED;
 }

+void ssh_client_dhgex_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_dhgex_client_callbacks);
+}
+
 static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
 {
    struct ssh_crypto_struct *crypto=session->next_crypto;
@@ -258,7 +263,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
    (void)user;
    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_DH_GEX_REPLY received");

-    ssh_packet_remove_callbacks(session, &ssh_dhgex_client_callbacks);
+    ssh_client_dhgex_remove_callbacks(session);
    rc = ssh_buffer_unpack(packet,
                           "SBS",
                           &pubkey_blob, &server_pubkey,
@@ -292,15 +297,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
    }

    /* Send the MSG_NEWKEYS */
-    if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-        goto error;
-    }
-
-    rc = ssh_packet_send(session);
+    rc = ssh_packet_send_newkeys(session);
    if (rc == SSH_ERROR) {
        goto error;
    }
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;

    return SSH_PACKET_USED;
--- a/src/dh.c
+++ b/src/dh.c
@@ -25,6 +25,8 @@

 #include "config.h"

+#include <stdio.h>
+
 #include "libssh/priv.h"
 #include "libssh/crypto.h"
 #include "libssh/buffer.h"
@@ -352,6 +354,11 @@ error:
  return SSH_ERROR;
 }

+void ssh_client_dh_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_dh_client_callbacks);
+}
+
 SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
  struct ssh_crypto_struct *crypto=session->next_crypto;
  ssh_string pubkey_blob = NULL;
@@ -361,7 +368,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
  (void)type;
  (void)user;

-  ssh_packet_remove_callbacks(session, &ssh_dh_client_callbacks);
+  ssh_client_dh_remove_callbacks(session);

  rc = ssh_buffer_unpack(packet, "SBS", &pubkey_blob, &server_pubkey,
          &crypto->dh_server_signature);
@@ -391,16 +398,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
  }

  /* Send the MSG_NEWKEYS */
-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-    goto error;
-  }
-
-  rc=ssh_packet_send(session);
+  rc = ssh_packet_send_newkeys(session);
  if (rc == SSH_ERROR) {
    goto error;
  }
-
-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
  session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
  return SSH_PACKET_USED;
 error:
@@ -544,15 +545,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
    }
    SSH_LOG(SSH_LOG_DEBUG, "Sent KEX_DH_[GEX]_REPLY");

-    if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-        ssh_buffer_reinit(session->out_buffer);
-        goto error;
-    }
    session->dh_handshake_state=DH_STATE_NEWKEYS_SENT;
-    if (ssh_packet_send(session) == SSH_ERROR) {
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
        goto error;
    }
-    SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_NEWKEYS sent");

    return SSH_OK;
 error:
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@@ -154,12 +154,9 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
 #endif /* OPENSSL_VERSION_NUMBER */

 int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
-                            const bignum priv, const bignum pub)
+                            bignum priv, bignum pub)
 {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    bignum priv_key = NULL;
-    bignum pub_key = NULL;
-#else
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
    int rc;
    OSSL_PARAM *params = NULL, *out_params = NULL, *merged_params = NULL;
    OSSL_PARAM_BLD *param_bld = NULL;
@@ -172,7 +169,11 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
        return SSH_ERROR;
    }

-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    (void)DH_set0_key(ctx->keypair[peer], pub, priv);
+
+    return SSH_OK;
+#else
    rc = EVP_PKEY_todata(ctx->keypair[peer], EVP_PKEY_KEYPAIR, &out_params);
    if (rc != 1) {
        return SSH_ERROR;
@@ -195,35 +196,22 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
        rc = SSH_ERROR;
        goto out;
    }
-#endif /* OPENSSL_VERSION_NUMBER */

    if (priv) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        priv_key = priv;
-#else
        rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv);
        if (rc != 1) {
            rc = SSH_ERROR;
            goto out;
        }
-#endif /* OPENSSL_VERSION_NUMBER */
    }
    if (pub) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        pub_key = pub;
-#else
        rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
        if (rc != 1) {
            rc = SSH_ERROR;
            goto out;
        }
-#endif /* OPENSSL_VERSION_NUMBER */
    }
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    (void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);

-    return SSH_OK;
-#else
    params = OSSL_PARAM_BLD_to_param(param_bld);
    if (params == NULL) {
        rc = SSH_ERROR;
@@ -248,6 +236,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,

    rc = SSH_OK;
 out:
+    bignum_safe_free(priv);
+    bignum_safe_free(pub);
    EVP_PKEY_CTX_free(evp_ctx);
    OSSL_PARAM_free(out_params);
    OSSL_PARAM_free(params);
@@ -341,8 +331,16 @@ int ssh_dh_set_parameters(struct dh_ctx *ctx,
            goto done;
        }

-        OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
-        OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
+        rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
+        if (rc != 1) {
+            rc = SSH_ERROR;
+            goto done;
+        }
+        rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
+        if (rc != 1) {
+            rc = SSH_ERROR;
+            goto done;
+        }
        params = OSSL_PARAM_BLD_to_param(param_bld);
        if (params == NULL) {
            OSSL_PARAM_BLD_free(param_bld);
@@ -458,7 +456,8 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
 /** @internal
 * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
 *        security as well as the corresponding public key.
- * @param[out] parms a dh_ctx that will hold the new keys.
+ *
+ * @param[out] params a dh_ctx that will hold the new keys.
 * @param peer Select either client or server key storage. Valid values are:
 *        DH_CLIENT_KEYPAIR or DH_SERVER_KEYPAIR
 *
--- a/src/dh_key.c
+++ b/src/dh_key.c
@@ -289,8 +289,10 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
 /** @internal
 * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
 *        security as well as the corresponding public key.
- * @param[out] parms a dh_kex paramters structure with preallocated bignum
+ *
+ * @param[out] params a dh_kex parameters structure with preallocated bignum
 *             where to store the parameters
+ *
 * @return SSH_OK on success, SSH_ERROR on error
 */
 int ssh_dh_keypair_gen_keys(struct dh_ctx *dh_ctx, int peer)
--- a/src/ecdh.c
+++ b/src/ecdh.c
@@ -43,6 +43,11 @@ struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks = {
    .user = NULL
 };

+void ssh_client_ecdh_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_ecdh_client_callbacks);
+}
+
 /** @internal
 * @brief parses a SSH_MSG_KEX_ECDH_REPLY packet and sends back
 * a SSH_MSG_NEWKEYS
@@ -55,7 +60,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){
  (void)type;
  (void)user;

-  ssh_packet_remove_callbacks(session, &ssh_ecdh_client_callbacks);
+  ssh_client_ecdh_remove_callbacks(session);
  pubkey_blob = ssh_buffer_get_ssh_string(packet);
  if (pubkey_blob == NULL) {
    ssh_set_error(session,SSH_FATAL, "No public key in packet");
@@ -88,16 +93,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){
  }

  /* Send the MSG_NEWKEYS */
-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-    goto error;
-  }
-
-  rc=ssh_packet_send(session);
+  rc = ssh_packet_send_newkeys(session);
  if (rc == SSH_ERROR) {
    goto error;
  }
-
-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
  session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;

  return SSH_PACKET_USED;
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@@ -619,18 +619,12 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
        goto error;
    }

-    /* Send the MSG_NEWKEYS */
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc < 0) {
-        goto error;
-    }
-
    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
-    if (rc == SSH_ERROR){
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
        goto error;
    }
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");

    return SSH_PACKET_USED;
 error:
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@@ -295,7 +295,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
    }
    session->next_crypto->ecdh_client_pubkey = q_c_string;

-    /* Build server's keypair */
+    /* Build server's key pair */
    err = gcry_sexp_build(&param, NULL, "(genkey(ecdh(curve %s) (flags transient-key)))",
                          curve);
    if (err) {
@@ -372,17 +372,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
        goto out;
    }

-
+    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
    /* Send the MSG_NEWKEYS */
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc != SSH_OK) {
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
        goto out;
    }

-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
-
 out:
    gcry_sexp_release(param);
    gcry_sexp_release(key);
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .9.0
 .9.6