Bump version to 0.7.3

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

.gitignore

@@ -3,7 +3,7 @@
 .*
 *.swp
 *~$
-obj
 cscope.*
 tags
-build
+/build
+/obj*

CMakeLists.txt

@@ -8,7 +8,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 
 set(APPLICATION_VERSION_MAJOR "0")
 set(APPLICATION_VERSION_MINOR "7")
-set(APPLICATION_VERSION_PATCH "0")
+set(APPLICATION_VERSION_PATCH "3")
 
 set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
 
@@ -19,12 +19,12 @@ set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINO
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.4.0")
+set(LIBRARY_VERSION "4.4.1")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
 set(CMAKE_MODULE_PATH
-  ${CMAKE_SOURCE_DIR}/cmake/Modules
+  ${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules
 )
 
 # add definitions
@@ -84,7 +84,19 @@ add_subdirectory(include)
 add_subdirectory(src)
 
 # pkg-config file
+if (UNIX)
 configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc)
+install(
+  FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc
+    ${CMAKE_CURRENT_BINARY_DIR}/libssh_threads.pc
+  DESTINATION
+    ${LIB_INSTALL_DIR}/pkgconfig
+  COMPONENT
+    pkgconfig
+)
+
+    if (LIBSSH_THREADS)
         configure_file(libssh_threads.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh_threads.pc)
         install(
           FILES
@@ -95,6 +107,8 @@ install(
           COMPONENT
             pkgconfig
         )
+    endif (LIBSSH_THREADS)
+endif (UNIX)
 
 # cmake config files
 set(LIBSSH_LIBRARY_NAME ${CMAKE_SHARED_LIBRARY_PREFIX}ssh${CMAKE_SHARED_LIBRARY_SUFFIX})

CPackConfig.cmake

@@ -4,10 +4,10 @@
 ### general settings
 set(CPACK_PACKAGE_NAME ${APPLICATION_NAME})
 set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "The SSH library")
-set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_SOURCE_DIR}/README")
+set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/README")
 set(CPACK_PACKAGE_VENDOR "The SSH Library Development Team")
 set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME})
-set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING")
+set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING")
 
 
 ### versions
@@ -18,8 +18,8 @@ set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSIO
 
 
 ### source generator
-set(CPACK_SOURCE_GENERATOR "TGZ")
+set(CPACK_SOURCE_GENERATOR "TXZ")
-set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]svn/;/[.]git/;.gitignore;/build/;/obj/;tags;cscope.*")
+set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]svn/;/[.]git/;.gitignore;/build/;/obj*/;tags;cscope.*")
 set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")
 
 if (WIN32)

ChangeLog

@@ -1,7 +1,27 @@
 ChangeLog
 ==========
 
-version 0.7.0 (released 2015-05-xx)
+version 0.7.3 (released 2016-01-23)
+  * Fixed CVE-2016-0739
+  * Fixed ssh-agent on big endian
+  * Fixed some documentation issues
+
+version 0.7.2 (released 2015-09-15)
+  * Fixed OpenSSL detection on Windows
+  * Fixed return status for ssh_userauth_agent()
+  * Fixed KEX to prefer hmac-sha2-256
+  * Fixed sftp packet handling
+  * Fixed return values of ssh_key_is_(public|private)
+  * Fixed bug in global success reply
+
+version 0.7.1 (released 2015-06-30)
+  * Fixed SSH_AUTH_PARTIAL auth with auto public key
+  * Fixed memory leak in session options
+  * Fixed allocation of ed25519 public keys
+  * Fixed channel exit-status and exit-signal
+  * Reintroduce ssh_forward_listen()
+
+version 0.7.0 (released 2015-05-11)
   * Added support for ed25519 keys
   * Added SHA2 algorithms for HMAC
   * Added improved and more secure buffer handling code

ConfigureChecks.cmake

@@ -1,4 +1,5 @@
 include(CheckIncludeFile)
+include(CheckIncludeFiles)
 include(CheckSymbolExists)
 include(CheckFunctionExists)
 include(CheckLibraryExists)
@@ -56,6 +57,7 @@ check_include_file(libutil.h HAVE_LIBUTIL_H)
 check_include_file(sys/time.h HAVE_SYS_TIME_H)
 check_include_file(sys/param.h HAVE_SYS_PARAM_H)
 check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
+check_include_file(byteswap.h HAVE_BYTESWAP_H)
 
 if (WIN32)
   check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
@@ -65,23 +67,31 @@ if (WIN32)
   check_include_files("winsock2.h;ws2tcpip.h" HAVE_WS2TCPIP_H)
 endif (WIN32)
 
-set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
+if (OPENSSL_FOUND)
-check_include_file(openssl/aes.h HAVE_OPENSSL_AES_H)
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    check_include_file(openssl/des.h HAVE_OPENSSL_DES_H)
+    if (NOT HAVE_OPENSSL_DES_H)
+        message(FATAL_ERROR "Could not detect openssl/des.h")
+    endif()
 
-set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    check_include_file(openssl/aes.h HAVE_OPENSSL_AES_H)
+    if (NOT HAVE_OPENSSL_AES_H)
+        message(FATAL_ERROR "Could not detect openssl/aes.h")
+    endif()
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/blowfish.h HAVE_OPENSSL_BLOWFISH_H)
 
-set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-check_include_file(openssl/des.h HAVE_OPENSSL_DES_H)
-
-set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
     check_include_file(openssl/ecdh.h HAVE_OPENSSL_ECDH_H)
 
-set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ec.h HAVE_OPENSSL_EC_H)
 
-set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)
+endif()
 
 if (CMAKE_HAVE_PTHREAD_H)
   set(HAVE_PTHREAD_H 1)
@@ -101,8 +111,9 @@ endif (NOT WITH_GCRYPT)
 
 check_function_exists(isblank HAVE_ISBLANK)
 check_function_exists(strncpy HAVE_STRNCPY)
-check_function_exists(vsnprintf HAVE_VSNPRINTF)
+
-check_function_exists(snprintf HAVE_SNPRINTF)
+check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
+check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
 
 if (WIN32)
     check_function_exists(_strtoui64 HAVE__STRTOUI64)

doc/command.dox

@@ -56,7 +56,7 @@ If an error has been encountered, it returns a negative value:
 
 @code
   char buffer[256];
-  unsigned int nbytes;
+  int nbytes;
 
   nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
   while (nbytes > 0)

doc/guided_tour.dox

@@ -367,7 +367,7 @@ int show_remote_processes(ssh_session session)
   ssh_channel channel;
   int rc;
   char buffer[256];
-  unsigned int nbytes;
+  int nbytes;
 
   channel = ssh_channel_new(session);
   if (channel == NULL)
@@ -391,7 +391,7 @@ int show_remote_processes(ssh_session session)
   nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
   while (nbytes > 0)
   {
-    if (write(1, buffer, nbytes) != nbytes)
+    if (write(1, buffer, nbytes) != (unsigned int) nbytes)
     {
       ssh_channel_close(channel);
       ssh_channel_free(channel);

doc/sftp.dox

@@ -253,7 +253,7 @@ int sftp_read_sync(ssh_session session, sftp_session sftp)
           return SSH_ERROR;
       }
 
-      nwritten = write(fd, buf, nbytes);
+      nwritten = write(fd, buffer, nbytes);
       if (nwritten != nbytes) {
           fprintf(stderr, "Error writing: %s\n",
                   strerror(errno));
@@ -282,7 +282,7 @@ sftp_async_read() waits for the data to come. To open a file in nonblocking mode
 call sftp_file_set_nonblocking() right after you opened it. Default is blocking mode.
 
 The example below reads a very big file in asynchronous, nonblocking, mode. Each
-time the data are not ready yet, a counter is incrementer.
+time the data is not ready yet, a counter is incremented.
 
 @code
 // Good chunk size

include/CMakeLists.txt

@@ -1,3 +1,3 @@
-project(headers C)
+project(libssh-headers-x C)
 
 add_subdirectory(libssh)

include/libssh/libssh.h

@@ -58,6 +58,7 @@
 #else /* _MSC_VER */
   #include <unistd.h>
   #include <inttypes.h>
+  #include <sys/types.h>
 #endif /* _MSC_VER */
 
 #ifdef _WIN32
@@ -78,7 +79,7 @@
 /* libssh version */
 #define LIBSSH_VERSION_MAJOR  0
 #define LIBSSH_VERSION_MINOR  7
-#define LIBSSH_VERSION_MICRO  0
+#define LIBSSH_VERSION_MICRO  3
 
 #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
                                            LIBSSH_VERSION_MINOR, \
@@ -588,6 +589,7 @@ LIBSSH_API int ssh_select(ssh_channel *channels, ssh_channel *outchannels, socke
     fd_set *readfds, struct timeval *timeout);
 LIBSSH_API int ssh_service_request(ssh_session session, const char *service);
 LIBSSH_API int ssh_set_agent_channel(ssh_session session, ssh_channel channel);
+LIBSSH_API int ssh_set_agent_socket(ssh_session session, socket_t fd);
 LIBSSH_API void ssh_set_blocking(ssh_session session, int blocking);
 LIBSSH_API void ssh_set_counters(ssh_session session, ssh_counter scounter,
                                  ssh_counter rcounter);

include/libssh/priv.h

@@ -43,6 +43,16 @@
 # endif
 #endif /* !defined(HAVE_STRTOULL) */
 
+#ifdef HAVE_BYTESWAP_H
+#include <byteswap.h>
+#endif
+
+#ifndef bswap_32
+#define bswap_32(x) \
+    ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >>  8) | \
+     (((x) & 0x0000ff00) <<  8) | (((x) & 0x000000ff) << 24))
+#endif
+
 #ifdef _WIN32
 
 /* Imitate define of inttypes.h */
@@ -60,11 +70,16 @@
 
 # ifdef _MSC_VER
 #  include <stdio.h>
+#  include <stdarg.h> /* va_copy define check */
 
 /* On Microsoft compilers define inline to __inline on all others use inline */
 #  undef inline
 #  define inline __inline
 
+#  ifndef va_copy
+#   define va_copy(dest, src) (dest = src)
+#  endif
+
 #  define strcasecmp _stricmp
 #  define strncasecmp _strnicmp
 #  if ! defined(HAVE_ISBLANK)

src/CMakeLists.txt

@@ -1,12 +1,12 @@
 project(libssh-library C)
 
 set(LIBSSH_PUBLIC_INCLUDE_DIRS
-  ${CMAKE_SOURCE_DIR}/include
+  ${libssh_SOURCE_DIR}/include
   CACHE INTERNAL "libssh public include directories"
 )
 
 set(LIBSSH_PRIVATE_INCLUDE_DIRS
-  ${CMAKE_BINARY_DIR}
+  ${libssh_BINARY_DIR}
 )
 
 set(LIBSSH_LINK_LIBRARIES
@@ -54,7 +54,7 @@ endif (GCRYPT_LIBRARY)
 if (WITH_ZLIB)
   set(LIBSSH_PRIVATE_INCLUDE_DIRS
     ${LIBSSH_PRIVATE_INCLUDE_DIRS}
-    ${ZLIB_INCLUDE_DIRS}
+    ${ZLIB_INCLUDE_DIR}
   )
 
   set(LIBSSH_LINK_LIBRARIES
@@ -300,6 +300,7 @@ if (WITH_STATIC_LIB)
   )
 endif (WITH_STATIC_LIB)
 
+message(STATUS "Threads_FOUND=${Threads_FOUND}")
 if (Threads_FOUND)
     add_subdirectory(threads)
 endif (Threads_FOUND)

src/agent.c

@@ -185,16 +185,33 @@ int ssh_set_agent_channel(ssh_session session, ssh_channel channel){
   return SSH_OK;
 }
 
+/** @brief sets the SSH agent socket.
+ * The SSH agent will be used to authenticate this client using
+ * the given socket to communicate with the ssh-agent. The caller
+ * is responsible for connecting to the socket prior to calling
+ * this function.
+ * @returns SSH_OK in case of success
+ *          SSH_ERROR in case of an error
+ */
+int ssh_set_agent_socket(ssh_session session, socket_t fd){
+  if (!session)
+    return SSH_ERROR;
+  if (!session->agent){
+    ssh_set_error(session, SSH_REQUEST_DENIED, "Session has no active agent");
+    return SSH_ERROR;
+  }
+
+  ssh_socket_set_fd(session->agent->sock, fd);
+  return SSH_OK;
+}
 
 void agent_close(struct ssh_agent_struct *agent) {
   if (agent == NULL) {
     return;
   }
 
-  if (getenv("SSH_AUTH_SOCK")) {
   ssh_socket_close(agent->sock);
 }
-}
 
 void agent_free(ssh_agent agent) {
   if (agent) {
@@ -365,6 +382,9 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
     ssh_buffer_free(reply);
     return -1;
   }
+#ifdef WORDS_BIGENDIAN
+  type = bswap_32(type);
+#endif
 
   SSH_LOG(SSH_LOG_WARN,
       "Answer type: %d, expected answer: %d",
@@ -375,7 +395,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
       return 0;
   } else if (type != c2) {
       ssh_set_error(session, SSH_FATAL,
-          "Bad authentication reply message type: %d", type);
+          "Bad authentication reply message type: %u", type);
       ssh_buffer_free(reply);
       return -1;
   }
@@ -490,8 +510,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
     ssh_buffer reply;
     ssh_string key_blob;
     ssh_string sig_blob;
-    int type = SSH2_AGENT_FAILURE;
+    unsigned int type = 0;
-    int flags = 0;
+    unsigned int flags = 0;
     uint32_t dlen;
     int rc;
 
@@ -555,13 +575,19 @@ ssh_string ssh_agent_sign_data(ssh_session session,
         ssh_buffer_free(reply);
         return NULL;
     }
+#ifdef WORDS_BIGENDIAN
+    type = bswap_32(type);
+#endif
 
     if (agent_failed(type)) {
         SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
         ssh_buffer_free(reply);
         return NULL;
     } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
-        ssh_set_error(session, SSH_FATAL, "Bad authentication response: %d", type);
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Bad authentication response: %u",
+                      type);
         ssh_buffer_free(reply);
         return NULL;
     }

src/auth.c

@@ -209,8 +209,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure){
             "Access denied. Authentication that can continue: %s",
             auth_methods);
 
-    session->auth_methods = 0;
   }
+  session->auth_methods = 0;
   if (strstr(auth_methods, "password") != NULL) {
     session->auth_methods |= SSH_AUTH_METHOD_PASSWORD;
   }
@@ -786,6 +786,11 @@ int ssh_userauth_agent(ssh_session session,
     state = session->agent_state;
     if (state->pubkey == NULL)
         state->pubkey = ssh_agent_get_first_ident(session, &state->comment);
+
+    if (state->pubkey == NULL) {
+        return SSH_AUTH_DENIED;
+    }
+
     while (state->pubkey != NULL) {
         if(state->state == SSH_AGENT_STATE_NONE){
             SSH_LOG(SSH_LOG_DEBUG,
@@ -1045,15 +1050,14 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 ssh_key_free(state->privkey);
                 ssh_key_free(state->pubkey);
                 SAFE_FREE(session->auth_auto_state);
-            }
+                if (rc == SSH_AUTH_SUCCESS) {
-            if (rc == SSH_AUTH_ERROR) {
-                return rc;
-            } else if (rc == SSH_AUTH_SUCCESS) {
                     SSH_LOG(SSH_LOG_INFO,
                             "Successfully authenticated using %s",
                             privkey_file);
+                }
                 return rc;
-            } else if (rc == SSH_AUTH_AGAIN){
+            }
+            if (rc == SSH_AUTH_AGAIN){
                 return rc;
             }
 

src/bignum.c

@@ -103,5 +103,9 @@ void ssh_print_bignum(const char *which, bignum num) {
 #endif
   fprintf(stderr, "%s value: ", which);
   fprintf(stderr, "%s\n", (hex == NULL) ? "(null)" : (char *) hex);
+#ifdef HAVE_LIBGCRYPT
   SAFE_FREE(hex);
+#elif defined HAVE_LIBCRYPTO
+  OPENSSL_free(hex);
+#endif
 }

src/channels.c

@@ -664,10 +664,8 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
 	}
 
 	if (strcmp(request,"exit-status") == 0) {
-        uint32_t exit_status = 0;
-
         SAFE_FREE(request);
-        rc = ssh_buffer_unpack(packet, "d", &exit_status);
+        rc = ssh_buffer_unpack(packet, "d", &channel->exit_status);
         SSH_LOG(SSH_LOG_PACKET, "received exit-status %d", channel->exit_status);
 
         if(ssh_callbacks_exists(channel->callbacks, channel_exit_status_function)) {
@@ -714,7 +712,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
 
 		SAFE_FREE(request);
 
-		rc = ssh_buffer_unpack(packet, "sbs",
+		rc = ssh_buffer_unpack(packet, "sbss",
 		        &sig, /* signal name */
 		        &core_dumped,    /* core dumped */
 		        &errmsg, /* error message */
@@ -2205,6 +2203,11 @@ error:
   return rc;
 }
 
+/* DEPRECATED */
+int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port) {
+  return ssh_channel_listen_forward(session, address, port, bound_port);
+}
+
 /* DEPRECATED */
 ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
   return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
@@ -2272,6 +2275,7 @@ error:
   return rc;
 }
 
+/* DEPRECATED */
 int ssh_forward_cancel(ssh_session session, const char *address, int port) {
     return ssh_channel_cancel_forward(session, address, port);
 }

src/dh.c

@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
 }
 
 int dh_generate_x(ssh_session session) {
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
   session->next_crypto->x = bignum_new();
   if (session->next_crypto->x == NULL) {
     return -1;
   }
 
 #ifdef HAVE_LIBGCRYPT
-  bignum_rand(session->next_crypto->x, 128);
+  bignum_rand(session->next_crypto->x, keysize);
 #elif defined HAVE_LIBCRYPTO
-  bignum_rand(session->next_crypto->x, 128, 0, -1);
+  bignum_rand(session->next_crypto->x, keysize, -1, 0);
 #endif
 
   /* not harder than this */
@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
 
 /* used by server */
 int dh_generate_y(ssh_session session) {
+  int keysize;
+  if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+    keysize = 1023;
+  } else {
+    keysize = 2047;
+  }
   session->next_crypto->y = bignum_new();
   if (session->next_crypto->y == NULL) {
     return -1;
   }
 
 #ifdef HAVE_LIBGCRYPT
-  bignum_rand(session->next_crypto->y, 128);
+  bignum_rand(session->next_crypto->y, keysize);
 #elif defined HAVE_LIBCRYPTO
-  bignum_rand(session->next_crypto->y, 128, 0, -1);
+  bignum_rand(session->next_crypto->y, keysize, -1, 0);
 #endif
 
   /* not harder than this */

src/kex.c

@@ -42,24 +42,28 @@
 # define AES "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
 # define DES "3des-cbc"
 # define DES_SUPPORTED "3des-cbc,des-cbc-ssh1"
+
 #elif defined(HAVE_LIBCRYPTO)
+
 # ifdef HAVE_OPENSSL_BLOWFISH_H
 #  define BLOWFISH "blowfish-cbc,"
-# else
+# else /* HAVE_OPENSSL_BLOWFISH_H */
 #  define BLOWFISH ""
-# endif
+# endif /* HAVE_OPENSSL_BLOWFISH_H */
+
 # ifdef HAVE_OPENSSL_AES_H
 #  ifdef BROKEN_AES_CTR
 #   define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
-#  else
+#  else /* BROKEN_AES_CTR */
 #   define AES "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
 #  endif /* BROKEN_AES_CTR */
-# else
+# else /* HAVE_OPENSSL_AES_H */
 #  define AES ""
-#  endif
+# endif /* HAVE_OPENSSL_AES_H */
+
 # define DES "3des-cbc"
 # define DES_SUPPORTED "3des-cbc,des-cbc-ssh1"
-#endif
+#endif /* HAVE_LIBCRYPTO */
 
 #ifdef WITH_ZLIB
 #define ZLIB "none,zlib,zlib@openssh.com"
@@ -90,8 +94,8 @@ static const char *default_methods[] = {
   HOSTKEYS,
   AES BLOWFISH DES,
   AES BLOWFISH DES,
-  "hmac-sha1,hmac-sha2-256,hmac-sha2-512",
+  "hmac-sha2-256,hmac-sha2-512,hmac-sha1",
-  "hmac-sha1,hmac-sha2-256,hmac-sha2-512",
+  "hmac-sha2-256,hmac-sha2-512,hmac-sha1",
   "none",
   "none",
   "",
@@ -105,8 +109,8 @@ static const char *supported_methods[] = {
   HOSTKEYS,
   AES BLOWFISH DES_SUPPORTED,
   AES BLOWFISH DES_SUPPORTED,
-  "hmac-sha1,hmac-sha2-256,hmac-sha2-512",
+  "hmac-sha2-256,hmac-sha2-512,hmac-sha1",
-  "hmac-sha1,hmac-sha2-256,hmac-sha2-512",
+  "hmac-sha2-256,hmac-sha2-512,hmac-sha1",
   ZLIB,
   ZLIB,
   "",

src/libgcrypt.c

@@ -181,7 +181,7 @@ void ssh_mac_update(ssh_mac_ctx ctx, const void *data, unsigned long len) {
 }
 
 void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) {
-  size_t len;
+  size_t len = 0;
   switch(ctx->mac_type){
     case SSH_MAC_SHA1:
       len=SHA_DIGEST_LEN;

src/misc.c

@@ -33,9 +33,10 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
-#ifndef HAVE_CLOCK_GETTIME
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
-#endif /* HAVE_CLOCK_GETTIME */
+#endif /* HAVE_SYS_TIME_H */
+
 #endif /* _WIN32 */
 
 #include <limits.h>

src/options.c

@@ -93,12 +93,6 @@ int ssh_options_copy(ssh_session src, ssh_session *dest) {
     if (src->opts.identity) {
         struct ssh_iterator *it;
 
-        new->opts.identity = ssh_list_new();
-        if (new->opts.identity == NULL) {
-            ssh_free(new);
-            return -1;
-        }
-
         it = ssh_list_get_iterator(src->opts.identity);
         while (it) {
             char *id;
@@ -338,7 +332,7 @@ int ssh_options_set_algo(ssh_session session, int algo,
  *              - SSH_OPTIONS_HOSTKEYS:
  *                Set the preferred server host key types (const char *,
  *                comma-separated list). ex:
- *                "ssh-rsa,ssh-dsa,ecdh-sha2-nistp256"
+ *                "ssh-rsa,ssh-dss,ecdh-sha2-nistp256"
  *
  *              - SSH_OPTIONS_COMPRESSION_C_S:
  *                Set the compression to use for client to server

src/pki.c

@@ -271,7 +271,7 @@ int ssh_key_is_public(const ssh_key k) {
         return 0;
     }
 
-    return (k->flags & SSH_KEY_FLAG_PUBLIC);
+    return (k->flags & SSH_KEY_FLAG_PUBLIC) == SSH_KEY_FLAG_PUBLIC;
 }
 
 /**
@@ -286,7 +286,7 @@ int ssh_key_is_private(const ssh_key k) {
         return 0;
     }
 
-    return (k->flags & SSH_KEY_FLAG_PRIVATE);
+    return (k->flags & SSH_KEY_FLAG_PRIVATE) == SSH_KEY_FLAG_PRIVATE;
 }
 
 /**
@@ -1094,7 +1094,7 @@ error:
  * @param[out] pkey     A pointer to store the newly allocated public key. You
  *                      NEED to free the key.
  *
- * @return              A public key, NULL on error.
+ * @return              SSH_OK on success, SSH_ERROR on error.
  *
  * @see ssh_key_free()
  */
@@ -1584,7 +1584,7 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
                                          const ssh_key privkey)
 {
     struct ssh_crypto_struct *crypto;
-    ssh_signature sig;
+    ssh_signature sig = NULL;
     ssh_string sig_blob;
     int rc;
 

src/pki_ed25519.c

@@ -35,8 +35,8 @@ int pki_key_generate_ed25519(ssh_key key)
         goto error;
     }
 
-    key->ed25519_pubkey = malloc(sizeof (ed25519_privkey));
+    key->ed25519_pubkey = malloc(sizeof (ed25519_pubkey));
-    if (key->ed25519_privkey == NULL) {
+    if (key->ed25519_pubkey == NULL) {
         goto error;
     }
 

src/pki_gcrypt.c

@@ -737,7 +737,7 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
 ssh_key pki_key_dup(const ssh_key key, int demote)
 {
     ssh_key new;
-    gcry_sexp_t sexp;
+    gcry_sexp_t sexp = NULL;
     gcry_error_t err;
     const char *tmp = NULL;
     size_t size;

src/poll.c

@@ -116,7 +116,11 @@ static poll_fn ssh_poll_emu;
 #else /* _WIN32 */
 #include <sys/select.h>
 #include <sys/socket.h>
+
+# ifdef HAVE_SYS_TIME_H
 #  include <sys/time.h>
+# endif
+
 #endif /* _WIN32 */
 
 #ifdef HAVE_UNISTD_H

src/server.c

@@ -746,7 +746,7 @@ int ssh_message_global_request_reply_success(ssh_message msg, uint16_t bound_por
         if(msg->global_request.type == SSH_GLOBAL_REQUEST_TCPIP_FORWARD 
                                 && msg->global_request.bind_port == 0) {
             rc = ssh_buffer_pack(msg->session->out_buffer, "d", bound_port);
-            if (rc != SSH_ERROR) {
+            if (rc != SSH_OK) {
                 ssh_set_error_oom(msg->session);
                 goto error;
             }

src/sftp.c

@@ -315,7 +315,7 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
   sftp_packet packet = NULL;
   uint32_t tmp;
   size_t size;
-  int r;
+  int r, s;
 
   packet = malloc(sizeof(struct sftp_packet_struct));
   if (packet == NULL) {
@@ -330,12 +330,18 @@ sftp_packet sftp_packet_read(sftp_session sftp) {
     return NULL;
   }
 
-  r=ssh_channel_read(sftp->channel, buffer, 4, 0);
+  r=0;
-  if (r < 0) {
+  do {
+    // read from channel until 4 bytes have been read or an error occurs
+    s=ssh_channel_read(sftp->channel, buffer+r, 4-r, 0);
+    if (s < 0) {
       ssh_buffer_free(packet->payload);
       SAFE_FREE(packet);
       return NULL;
+    } else {
+      r += s;
     }
+  } while (r<4);
   ssh_buffer_add_data(packet->payload, buffer, r);
   if (buffer_get_u32(packet->payload, &tmp) != sizeof(uint32_t)) {
     ssh_set_error(sftp->session, SSH_FATAL, "Short sftp packet!");

src/threads/CMakeLists.txt

@@ -27,8 +27,9 @@ set(LIBSSH_THREADS_LINK_LIBRARIES
     ${LIBSSH_SHARED_LIBRARY}
 )
 
-set(libssh_threads_SRCS
+message(STATUS "threads library: Threads_FOUND=${Threads_FOUND}")
-)
+
+set(libssh_threads_SRCS) # empty SRC
 
 # build and link pthread
 if (CMAKE_USE_PTHREADS_INIT)
@@ -41,6 +42,8 @@ if (CMAKE_USE_PTHREADS_INIT)
         ${LIBSSH_THREADS_LINK_LIBRARIES}
         ${CMAKE_THREAD_LIBS_INIT}
     )
+
+    message(STATUS "libssh_threads_SRCS=${libssh_threads_SRCS}")
 endif (CMAKE_USE_PTHREADS_INIT)
 
 set(LIBSSH_THREADS_LINK_LIBRARIES
@@ -54,6 +57,8 @@ include_directories(
 )
 
 if (libssh_threads_SRCS)
+    set(LIBSSH_THREADS ON CACHE "libssh threads lib" INTERNAL)
+
     add_library(${LIBSSH_THREADS_SHARED_LIBRARY} SHARED ${libssh_threads_SRCS})
 
     target_link_libraries(${LIBSSH_THREADS_SHARED_LIBRARY} ${LIBSSH_THREADS_LINK_LIBRARIES})

src/wrapper.c

@@ -160,6 +160,10 @@ void crypto_free(struct ssh_crypto_struct *crypto){
 #ifdef HAVE_ECDH
   SAFE_FREE(crypto->ecdh_client_pubkey);
   SAFE_FREE(crypto->ecdh_server_pubkey);
+  if(crypto->ecdh_privkey != NULL){
+    EC_KEY_free(crypto->ecdh_privkey);
+    crypto->ecdh_privkey = NULL;
+  }
 #endif
   if(crypto->session_id != NULL){
     memset(crypto->session_id, '\0', crypto->digest_len);

tests/CMakeLists.txt

@@ -1,4 +1,4 @@
-project(tests C)
+project(libssh-tests C)
 
 if (BSD OR SOLARIS OR OSX)
     find_package(Argp)
@@ -9,9 +9,9 @@ set(TORTURE_LIBRARY torture)
 include_directories(
   ${LIBSSH_PUBLIC_INCLUDE_DIRS}
   ${CMOCKA_INCLUDE_DIR}
-  ${OPENSSL_INCLUDE_DIRS}
+  ${OPENSSL_INCLUDE_DIR}
-  ${GCRYPT_INCLUDE_DIRS}
+  ${GCRYPT_INCLUDE_DIR}
-  ${ZLIB_INCLUDE_DIRS}
+  ${ZLIB_INCLUDE_DIR}
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}/src
   ${CMAKE_CURRENT_SOURCE_DIR}
@@ -22,12 +22,12 @@ set(TORTURE_LINK_LIBRARIES
     ${LIBSSH_STATIC_LIBRARY}
     ${LIBSSH_LINK_LIBRARIES})
 
-if (Threads_FOUND)
+if (LIBSSH_THREADS)
     set(TORTURE_LINK_LIBRARIES
         ${TORTURE_LINK_LIBRARIES}
         ${LIBSSH_THREADS_STATIC_LIBRARY}
         ${LIBSSH_THREADS_LINK_LIBRARIES})
-endif ()
+endif (LIBSSH_THREADS)
 
 # create test library
 add_library(${TORTURE_LIBRARY} STATIC cmdline.c torture.c)

tests/benchmarks/bench_sftp.c

@@ -45,7 +45,7 @@ int benchmarks_sync_sftp_up (ssh_session session, struct argument_s *args,
   float ms=0.0;
   unsigned long total=0;
   sftp_session sftp;
-  sftp_file file;
+  sftp_file file = NULL;
 
   bytes = args->datasize * 1024 * 1024;
   sftp = sftp_new(session);
@@ -101,7 +101,7 @@ int benchmarks_sync_sftp_down (ssh_session session, struct argument_s *args,
   float ms=0.0;
   unsigned long total=0;
   sftp_session sftp;
-  sftp_file file;
+  sftp_file file = NULL;
   int r;
 
   bytes = args->datasize * 1024 * 1024;
@@ -163,7 +163,7 @@ int benchmarks_async_sftp_down (ssh_session session, struct argument_s *args,
   float ms=0.0;
   unsigned long total=0;
   sftp_session sftp;
-  sftp_file file;
+  sftp_file file = NULL;
   int r,i;
   int warned = 0;
   unsigned long toread;

tests/pkd/CMakeLists.txt

@@ -5,9 +5,9 @@ if (WITH_SERVER AND UNIX AND NOT WIN32)
 include_directories(
   ${LIBSSH_PUBLIC_INCLUDE_DIRS}
   ${CMOCKA_INCLUDE_DIR}
-  ${OPENSSL_INCLUDE_DIRS}
+  ${OPENSSL_INCLUDE_DIR}
-  ${GCRYPT_INCLUDE_DIRS}
+  ${GCRYPT_INCLUDE_DIR}
-  ${ZLIB_INCLUDE_DIRS}
+  ${ZLIB_INCLUDE_DIR}
   ${CMAKE_BINARY_DIR}
   ${CMAKE_SOURCE_DIR}/src
   ${CMAKE_CURRENT_SOURCE_DIR}

tests/unittests/CMakeLists.txt

@@ -14,11 +14,13 @@ if (UNIX AND NOT WIN32)
     # requires ssh-keygen
     add_cmocka_test(torture_keyfiles torture_keyfiles.c ${TORTURE_LIBRARY})
     add_cmocka_test(torture_pki torture_pki.c ${TORTURE_LIBRARY})
-    # requires pthread
-    add_cmocka_test(torture_rand torture_rand.c ${TORTURE_LIBRARY})
     # requires /dev/null
     add_cmocka_test(torture_channel torture_channel.c ${TORTURE_LIBRARY})
-    if (WITH_SERVER AND Threads_FOUND)
+    # requires pthread
+    if (LIBSSH_THREADS)
+        add_cmocka_test(torture_rand torture_rand.c ${TORTURE_LIBRARY})
+        if (WITH_SERVER)
             add_cmocka_test(torture_server_x11 torture_server_x11.c ${TORTURE_LIBRARY})
-    endif (WITH_SERVER AND Threads_FOUND)
+        endif (WITH_SERVER)
+    endif (LIBSSH_THREADS)
 endif (UNIX AND NOT WIN32)

tests/unittests/torture_pki.c

@@ -212,6 +212,9 @@ static void torture_pki_import_privkey_base64_RSA(void **state) {
     type = ssh_key_type(key);
     assert_true(type == SSH_KEYTYPE_RSA);
 
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     rc = ssh_key_is_public(key);
     assert_true(rc == 1);
 
@@ -281,6 +284,9 @@ static void torture_pki_import_privkey_base64_ECDSA(void **state) {
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
     assert_true(rc == 0);
 
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     free(key_str);
     ssh_key_free(key);
 }
@@ -300,6 +306,10 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) {
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     ssh_key_free(key);
 
     /* test if it returns -1 if passphrase is wrong */
@@ -329,6 +339,10 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) {
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     ssh_key_free(key);
 
     /* test if it returns -1 if passphrase is wrong */
@@ -358,6 +372,10 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) {
                                        NULL,
                                        &key);
     assert_true(rc == 0);
+
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     ssh_key_free(key);
 
     /* test if it returns -1 if passphrase is wrong */
@@ -388,6 +406,9 @@ static void torture_pki_import_privkey_base64_ed25519(void **state){
     type = ssh_key_type(key);
     assert_true(type == SSH_KEYTYPE_ED25519);
 
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     rc = ssh_key_is_public(key);
     assert_true(rc == 1);
 
@@ -411,6 +432,9 @@ static void torture_pki_pki_publickey_from_privatekey_RSA(void **state) {
                                        &key);
     assert_true(rc == 0);
 
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);
 
@@ -433,6 +457,9 @@ static void torture_pki_pki_publickey_from_privatekey_DSA(void **state) {
                                        &key);
     assert_true(rc == 0);
 
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);
 
@@ -455,6 +482,9 @@ static void torture_pki_pki_publickey_from_privatekey_ed25519(void **state){
                                        &key);
     assert_true(rc == 0);
 
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_true(rc == SSH_OK);