Bump version to 0.8.9

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

.gitignore

@@ -4,9 +4,6 @@
 *.swp
 *~$
 cscope.*
-compile_commands.json
-/.cache
-/.clangd
 tags
 /build
 /obj*

.gitlab-ci.yml

@@ -2,21 +2,16 @@ variables:
   BUILD_IMAGES_PROJECT: libssh/build-images
   FEDORA_BUILD: buildenv-fedora
   CENTOS7_BUILD: buildenv-centos7
-  CENTOS8_BUILD: buildenv-c8s
-  CENTOS9_BUILD: buildenv-c9s
   TUMBLEWEED_BUILD: buildenv-tumbleweed
   MINGW_BUILD: buildenv-mingw
 
-# pkd tests fail on CentOS7 docker images, so we don't use -DSERVER_TESTING=ON
-centos7/openssl_1.0.x/x86_64:
+# torture_auth fails on centos7 docker images, so we don't use -DCLIENT_TESTING=ON
+centos7/openssl_1.0.x/x86-64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake3
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON .. &&
-    make -j$(nproc) && ctest --output-on-failure
+  - mkdir -p obj && cd obj && cmake3 -DUNIT_TESTING=ON -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON
+    -DWITH_PCAP=ON .. && make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
   except:
@@ -27,57 +22,12 @@ centos7/openssl_1.0.x/x86_64:
     paths:
       - obj/
 
-centos8/openssl_1.1.1/x86_64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
-  script:
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_BLOWFISH_CIPHER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
-      make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
-  except:
-    - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-centos9/openssl_3.0.x/x86_64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
-  script:
-    - export OPENSSL_ENABLE_SHA1_SIGNATURES=1
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_BLOWFISH_CIPHER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
-      make -j$(nproc) && ctest --output-on-failure
-  tags:
-    - shared
-  except:
-    - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-fedora/openssl_1.1.x/x86_64:
+fedora/openssl_1.1.x/x86-64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DPICKY_DEVELOPER=ON
-    -DWITH_BLOWFISH_CIPHER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DWITH_DEBUG_CRYPTO=ON
-    -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
     -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
@@ -90,37 +40,13 @@ fedora/openssl_1.1.x/x86_64:
     paths:
       - obj/
 
-centos8/openssl_1.1.1/x86_64/fips:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
-  script:
-  - echo 1 > /etc/system-fips
-  - update-crypto-policies --set FIPS
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_BLOWFISH_CIPHER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
-    make -j$(nproc) && OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-fedora/openssl_1.1.x/x86_64/minimal:
+fedora/openssl_1.1.x/x86-64/release:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Release
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=OFF -DWITH_SERVER=OFF -DWITH_ZLIB=OFF -DWITH_PCAP=OFF
-    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DWITH_GEX=OFF .. &&
+    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
@@ -140,8 +66,7 @@ fedora/address-sanitizer:
   script:
   - mkdir -p obj && cd obj && cmake
     -DCMAKE_BUILD_TYPE=AddressSanitizer
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DUNIT_TESTING=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
@@ -154,35 +79,12 @@ fedora/address-sanitizer:
     paths:
       - obj/
 
-# This is disabled as it report OpenSSL issues
-# It also has ethe same issues with cwrap as AddressSanitizer
-.fedora/memory-sanitizer:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
-  script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=MemorySanitizer
-    -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON ..
-    && make -j$(nproc) && ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
 fedora/undefined-sanitizer:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
   - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=UndefinedSanitizer
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+    -DCMAKE_C_FLAGS="-fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
     && make -j$(nproc) && ctest --output-on-failure
   tags:
@@ -195,28 +97,16 @@ fedora/undefined-sanitizer:
     paths:
       - obj/
 
-fedora/csbuild:
-  variables:
-      GIT_DEPTH: "100"
+fedora/static-analysis:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
-  - |
-    if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then
-        export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
-    fi
-
-    # Check if the commit exists in this branch
-    # This is not the case for a force push
-    git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
-
-    export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA"
-
-  - csbuild
-    --build-dir=obj-csbuild
-    --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON @SRCDIR@ && make clean && make -j$(nproc)"
-    --git-commit-range $CI_COMMIT_RANGE
-    --color
-    --print-current --print-fixed
+  - export CCC_CC=clang
+  - export CCC_CXX=clang++
+  - mkdir -p obj && cd obj && scan-build cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
+    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
+    -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang .. &&
+    scan-build --status-bugs -o scan make -j$(nproc)
   tags:
   - shared
   except:
@@ -225,43 +115,38 @@ fedora/csbuild:
     expire_in: 1 week
     when: on_failure
     paths:
-      - obj-csbuild/
+      - obj/scan
 
 # That is a specific runner that we cannot enable universally.
 # We restrict it to builds under the $BUILD_IMAGES_PROJECT project.
-freebsd/x86_64:
+freebsd/x86-64:
   image:
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
     -DUNIT_TESTING=ON .. &&
     make && ctest --output-on-failure
   tags:
   - freebsd
-  - private
   except:
   - tags
   only:
   - branches@libssh/libssh-mirror
   - branches@cryptomilk/libssh-mirror
-  - branches@jjelen/libssh-mirror
   artifacts:
     expire_in: 1 week
     when: on_failure
     paths:
       - obj/
 
-fedora/libgcrypt/x86_64:
+fedora/libgcrypt/x86-64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
-    -DWITH_GCRYPT=ON -DWITH_DEBUG_CRYPTO=ON .. &&
+    -DWITH_GCRYPT=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
@@ -273,15 +158,14 @@ fedora/libgcrypt/x86_64:
     paths:
       - obj/
 
-fedora/mbedtls/x86_64:
+fedora/mbedtls/x86-64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
-    -DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON .. &&
+    -DPICKY_DEVELOPER=ON
+    -DWITH_MBEDTLS=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
@@ -293,63 +177,14 @@ fedora/mbedtls/x86_64:
     paths:
       - obj/
 
-# Unit testing only, no client and pkd testing, because cwrap is not available
-# for MinGW
-fedora/mingw64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
-  script:
-  - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
-  - export WINEDEBUG=-all
-  - mkdir -p obj && cd obj && mingw64-cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON .. &&
-    make -j$(nproc) &&
-    ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-# Unit testing only, no client and pkd testing, because cwrap is not available
-# for MinGW
-fedora/mingw32:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
-  script:
-  - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin
-  - export WINEDEBUG=-all
-  - mkdir -p obj && cd obj && mingw32-cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON .. &&
-    make -j$(nproc) &&
-    ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-tumbleweed/openssl_1.1.x/x86_64/gcc:
+tumbleweed/openssl_1.1.x/x86-64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config
-    -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. &&
+    -DPICKY_DEVELOPER=ON
+    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
@@ -361,79 +196,14 @@ tumbleweed/openssl_1.1.x/x86_64/gcc:
     paths:
       - obj/
 
-tumbleweed/openssl_1.1.x/x86/gcc:
+tumbleweed/openssl_1.1.x/x86-64/release:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
   script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON .. &&
-    make -j$(nproc) && ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-tumbleweed/openssl_1.1.x/x86_64/gcc7:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
-  script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
+  - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=Release
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
     -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config
-    -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. &&
-    make -j$(nproc) && ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-tumbleweed/openssl_1.1.x/x86/gcc7:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
-  script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
-    -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
     -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON .. &&
-    make -j$(nproc) && ctest --output-on-failure
-  tags:
-  - shared
-  except:
-  - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-tumbleweed/openssl_1.1.x/x86_64/clang:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
-  script:
-  - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo
-    -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config
-    -DUNIT_TESTING=ON
-    -DSERVER_TESTING=ON .. &&
+    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. &&
     make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
@@ -459,15 +229,32 @@ tumbleweed/docs:
     paths:
       - obj/
 
+tumbleweed/openssl_1.1.x/x86:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
+  script:
+  - mkdir -p obj && cd obj && cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
+    -DPICKY_DEVELOPER=ON
+    -DUNIT_TESTING=ON .. &&
+    make -j$(nproc) && ctest --output-on-failure
+  tags:
+  - shared
+  except:
+  - tags
+  artifacts:
+    expire_in: 1 week
+    when: on_failure
+    paths:
+      - obj/
+
 tumbleweed/undefined-sanitizer:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
   script:
   - mkdir -p obj && cd obj && cmake
-    -DCMAKE_BUILD_TYPE=UndefinedSanitizer
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. &&
-    make -j$(nproc) && ctest --output-on-failure
+    -DCMAKE_C_FLAGS="-fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
+    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
+    && make -j$(nproc) && ctest --output-on-failure
   tags:
   - shared
   except:
@@ -483,12 +270,10 @@ tumbleweed/static-analysis:
   script:
   - export CCC_CC=clang
   - export CCC_CXX=clang++
-  - mkdir -p obj && cd obj && scan-build cmake
-    -DCMAKE_BUILD_TYPE=Debug
-    -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
-    -DPICKY_DEVELOPER=ON
-    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-    -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. &&
+  - mkdir -p obj && cd obj && scan-build cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
+    -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
+    -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang .. &&
     scan-build --status-bugs -o scan make -j$(nproc)
   tags:
   - shared
@@ -500,55 +285,50 @@ tumbleweed/static-analysis:
     paths:
       - obj/scan
 
-###############################################################################
-#                           Visual Studio builds                              #
-###############################################################################
-.vs:
-  stage: test
-  cache:
-    key: vcpkg.${CI_JOB_NAME}
-    paths:
-      - .vcpkg
-  variables:
-    ErrorActionPreference: STOP
+# Unit testing only, no client and pkd testing, because cwrap is not available
+# for MinGW
+mingw64:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
   script:
-    - cmake --build .
-    - ctest --output-on-failure
+  - Xvfb :1 -screen 0 1024x768x16 -ac +extension GLX +render -noreset -nolisten tcp &
+  - export DISPLAY=:1
+  - mkdir -p obj && cd obj && mingw64-cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
+    -DPICKY_DEVELOPER=ON
+    -DUNIT_TESTING=ON .. &&
+    make -j$(nproc)
+  - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
+  - ctest --output-on-failure
   tags:
-    - windows
-    - shared-windows
+  - shared
   except:
-    - tags
+  - tags
   artifacts:
     expire_in: 1 week
     when: on_failure
     paths:
       - obj/
-  before_script:
-    - If (!(test-path .vcpkg\archives)) { mkdir -p .vcpkg\archives }
-    - $env:VCPKG_DEFAULT_BINARY_CACHE="$PWD\.vcpkg\archives"
-    - echo $env:VCPKG_DEFAULT_BINARY_CACHE
-    - $env:VCPKG_DEFAULT_TRIPLET="$TRIPLET-windows"
-    - vcpkg install cmocka
-    - vcpkg install openssl
-    - vcpkg install zlib
-    - vcpkg integrate install
-    - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1}
-    - cmake
-        -A $PLATFORM
-        -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake
-        -DPICKY_DEVELOPER=ON
-        -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-        -DUNIT_TESTING=ON ..
 
-visualstudio/x86_64:
-  extends: .vs
-  variables:
-    PLATFORM: "x64"
-    TRIPLET: "x64"
-
-visualstudio/x86:
-  extends: .vs
-  variables:
-    PLATFORM: "win32"
-    TRIPLET: "x86"
+# Unit testing only, no client and pkd testing, because cwrap is not available
+# for MinGW
+mingw32:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+  script:
+  - Xvfb :1 -screen 0 1024x768x16 -ac +extension GLX +render -noreset -nolisten tcp &
+  - export DISPLAY=:1
+  - mkdir -p obj && cd obj && mingw32-cmake -DCMAKE_BUILD_TYPE=Debug
+    -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON --DWITH_PCAP=ON
+    -DPICKY_DEVELOPER=ON
+    -DUNIT_TESTING=ON .. &&
+    make -j$(nproc)
+  - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin
+  - ctest --output-on-failure
+  tags:
+  - shared
+  except:
+  - tags
+  artifacts:
+    expire_in: 1 week
+    when: on_failure
+    paths:
+      - obj/

CMakeLists.txt

@@ -10,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.9.7 LANGUAGES C)
+project(libssh VERSION 0.8.9 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,16 +22,16 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.8.8")
+set(LIBRARY_VERSION "4.7.6")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
 
 # add definitions
 include(DefinePlatformDefaults)
+include(DefineInstallationPaths)
 include(DefineOptions.cmake)
 include(CPackConfig.cmake)
-include(GNUInstallDirs)
 
 include(CompilerChecks.cmake)
 
@@ -59,13 +59,7 @@ elseif(WITH_MBEDTLS)
     endif (NOT MBEDTLS_FOUND)
 else (WITH_GCRYPT)
   find_package(OpenSSL)
-  if (OPENSSL_FOUND)
-    # On CMake < 3.16, OPENSSL_CRYPTO_LIBRARIES is usually a synonym for OPENSSL_CRYPTO_LIBRARY, but is not defined
-    # when building on Windows outside of Cygwin. We provide the synonym here, if FindOpenSSL didn't define it already.
-    if (NOT DEFINED OPENSSL_CRYPTO_LIBRARIES)
-      set(OPENSSL_CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-    endif (NOT DEFINED OPENSSL_CRYPTO_LIBRARIES)
-  else (OPENSSL_FOUND)
+  if (NOT OPENSSL_FOUND)
     find_package(GCrypt)
     if (NOT GCRYPT_FOUND)
       find_package(MbedTLS)
@@ -73,13 +67,9 @@ else (WITH_GCRYPT)
         message(FATAL_ERROR "Could not find OpenSSL, GCrypt or mbedTLS")
       endif (NOT MBEDTLS_FOUND)
     endif (NOT GCRYPT_FOUND)
-  endif (OPENSSL_FOUND)
+  endif (NOT OPENSSL_FOUND)
 endif(WITH_GCRYPT)
 
-if (UNIT_TESTING)
-    find_package(CMocka REQUIRED)
-endif ()
-
 # Find out if we have threading available
 set(CMAKE_THREAD_PREFER_PTHREADS ON)
 set(THREADS_PREFER_PTHREAD_FLAG ON)
@@ -123,7 +113,7 @@ install(
   FILES
     ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc
   DESTINATION
-    ${CMAKE_INSTALL_LIBDIR}/pkgconfig
+    ${LIB_INSTALL_DIR}/pkgconfig
   COMPONENT
     pkgconfig
 )
@@ -139,21 +129,30 @@ write_basic_package_version_file(libssh-config-version.cmake
                                  VERSION ${PROJECT_VERSION}
                                  COMPATIBILITY SameMajorVersion)
 
+# libssh-config.cmake
+configure_package_config_file(${PROJECT_NAME}-config.cmake.in
+                              ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}-config.cmake
+                              INSTALL_DESTINATION ${CMAKE_INSTALL_DIR}/${PROJECT_NAME}
+                              PATH_VARS INCLUDE_INSTALL_DIR LIB_INSTALL_DIR)
+
 install(
     FILES
+        ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}-config.cmake
         ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}-config-version.cmake
     DESTINATION
-        ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}
+        ${CMAKE_INSTALL_DIR}/${PROJECT_NAME}
     COMPONENT
-        devel)
+        devel
+)
 
 if (WITH_EXAMPLES)
     add_subdirectory(examples)
 endif (WITH_EXAMPLES)
 
 if (UNIT_TESTING)
-    include(AddCMockaTest)
-    add_subdirectory(tests)
+  find_package(CMocka REQUIRED)
+  include(AddCMockaTest)
+  add_subdirectory(tests)
 endif (UNIT_TESTING)
 
 ### SOURCE PACKAGE
@@ -209,12 +208,7 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
     endif(UPDATE_ABI)
 endif (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
 
-add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source DEPENDS ${_SYMBOL_TARGET} VERBATIM)
-
-# Link compile database for clangd
-execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink
-                "${CMAKE_BINARY_DIR}/compile_commands.json"
-                "${CMAKE_SOURCE_DIR}/compile_commands.json")
+add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source DEPENDS ${_SYMBOL_TARGET})
 
 message(STATUS "********************************************")
 message(STATUS "********** ${PROJECT_NAME} build options : **********")
@@ -226,12 +220,10 @@ message(STATUS "libnacl support: ${WITH_NACL}")
 message(STATUS "SFTP support: ${WITH_SFTP}")
 message(STATUS "Server support : ${WITH_SERVER}")
 message(STATUS "GSSAPI support : ${WITH_GSSAPI}")
-message(STATUS "GEX support : ${WITH_GEX}")
 message(STATUS "Pcap debugging support : ${WITH_PCAP}")
-message(STATUS "Build shared library: ${BUILD_SHARED_LIBS}")
+message(STATUS "With static library: ${WITH_STATIC_LIB}")
 message(STATUS "Unit testing: ${UNIT_TESTING}")
 message(STATUS "Client code testing: ${CLIENT_TESTING}")
-message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}")
 set(_SERVER_TESTING OFF)
 if (WITH_SERVER)
     set(_SERVER_TESTING ${SERVER_TESTING})
@@ -246,9 +238,5 @@ message(STATUS "Benchmarks: ${WITH_BENCHMARKS}")
 message(STATUS "Symbol versioning: ${WITH_SYMBOL_VERSIONING}")
 message(STATUS "Allow ABI break: ${WITH_ABI_BREAK}")
 message(STATUS "Release is final: ${WITH_FINAL}")
-message(STATUS "Global client config: ${GLOBAL_CLIENT_CONFIG}")
-if (WITH_SERVER)
-message(STATUS "Global bind config: ${GLOBAL_BIND_CONFIG}")
-endif()
 message(STATUS "********************************************")
 

CPackConfig.cmake

@@ -10,7 +10,7 @@ set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
 
 # SOURCE GENERATOR
 set(CPACK_SOURCE_GENERATOR "TXZ")
-set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]git;/[.]clangd/;/[.]cache/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
+set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]git/;/[.]clangd/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
 set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")
 
 ### NSIS INSTALLER
@@ -23,7 +23,7 @@ if (WIN32)
         set(CPACK_GENERATOR "${CPACK_GENERATOR};NSIS")
         set(CPACK_NSIS_DISPLAY_NAME "The SSH Library")
         set(CPACK_NSIS_COMPRESSOR "/SOLID zlib")
-        set(CPACK_NSIS_MENU_LINKS "https://www.libssh.org/" "libssh homepage")
+        set(CPACK_NSIS_MENU_LINKS "http://www.libssh.org/" "libssh homepage")
     endif (NSIS_MAKE)
 endif (WIN32)
 

ChangeLog

@@ -1,94 +1,12 @@
 ChangeLog
 ==========
 
-version 0.9.7 (released 2023-05-04)
-  * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing
-  * Fix CVE-2023-2283: a possible authorization bypass in
-    pki_verify_data_signature under low-memory conditions.
-  * Fix several memory leaks in GSSAPI handling code
-  * Build and test related backports
-
-version 0.9.6 (released 2021-08-26)
-  * CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
-    different key exchange mechanism
-  * Fix several memory leaks on error paths
-  * Reset pending_call_state on disconnect
-  * Fix handshake bug with AEAD ciphers and no HMAC overlap
-  * Use OPENSSL_CRYPTO_LIBRARIES in CMake
-  * Ignore request success and failure message if they are not expected
-  * Support more identity files in configuration
-  * Avoid setting compiler flags directly in CMake
-  * Support build directories with special characters
-  * Include stdlib.h to avoid crash in Windows
-  * Fix sftp_new_channel constructs an invalid object
-  * Fix Ninja multiple rules error
-  * Several tests fixes
-
-version 0.9.5 (released 2020-09-10)
-  * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
-  * Improve handling of library initialization (T222)
-  * Fix parsing of subsecond times in SFTP (T219)
-  * Make the documentation reproducible
-  * Remove deprecated API usage in OpenSSL
-  * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
-  * Define version in one place (T226)
-  * Prevent invalid free when using different C runtimes than OpenSSL (T229)
-  * Compatibility improvements to testsuite
-
-version 0.9.4 (released 2020-04-09)
+version 0.8.9 (released 2020-04-09)
   * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
     AES-CTR keys with OpenSSL
-  * Added diffie-hellman-group14-sha256
-  * Fixed serveral possible memory leaks
 
-version 0.9.3 (released 2019-12-10)
+version 0.8.8 (released 2019-12-10)
   * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
-  * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
-  * SSH-01-006 General: Various unchecked Null-derefs cause DOS
-  * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
-  * SSH-01-010 SSH: Deprecated hash function in fingerprinting
-  * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
-  * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
-  * SSH-01-001 State Machine: Initial machine states should be set explicitly
-  * SSH-01-002 Kex: Differently bound macros used to iterate same array
-  * SSH-01-005 Code-Quality: Integer sign confusion during assignments
-  * SSH-01-008 SCP: Protocol Injection via unescaped File Names
-  * SSH-01-009 SSH: Update documentation which RFCs are implemented
-  * SSH-01-012 PKI: Information leak via uninitialized stack buffer
-
-version 0.9.2 (released 2019-11-07)
-  * Fixed libssh-config.cmake
-  * Fixed issues with rsa algorithm negotiation (T191)
-  * Fixed detection of OpenSSL ed25519 support (T197)
-
-version 0.9.1 (released 2019-10-25)
-  * Added support for Ed25519 via OpenSSL
-  * Added support for X25519 via OpenSSL
-  * Added support for localuser in Match keyword
-  * Fixed Match keyword to be case sensitive
-  * Fixed compilation with LibreSSL
-  * Fixed error report of channel open (T75)
-  * Fixed sftp documentation (T137)
-  * Fixed known_hosts parsing (T156)
-  * Fixed build issue with MinGW (T157)
-  * Fixed build with gcc 9 (T164)
-  * Fixed deprecation issues (T165)
-  * Fixed known_hosts directory creation (T166)
-
-version 0.9.0 (released 2019-06-28)
-  * Added support for AES-GCM
-  * Added improved rekeying support
-  * Added performance improvements
-  * Disabled blowfish support by default
-  * Fixed several ssh config parsing issues
-  * Added support for DH Group Exchange KEX
-  * Added support for Encrypt-then-MAC mode
-  * Added support for parsing server side configuration file
-  * Added support for ECDSA/Ed25519 certificates
-  * Added FIPS 140-2 compatibility
-  * Improved known_hosts parsing
-  * Improved documentation
-  * Improved OpenSSL API usage for KEX, DH, and signatures
 
 version 0.8.7 (released 2019-02-25)
   * Fixed handling extension flags in the server implementation

CompilerChecks.cmake

@@ -41,8 +41,6 @@ if (UNIX)
     add_c_compiler_flag("-Werror=strict-overflow" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wstrict-overflow=2" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wno-format-zero-length" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Wmissing-field-initializers" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Wsign-compare" SUPPORTED_COMPILER_FLAGS)
 
     check_c_compiler_flag("-Wformat" REQUIRED_FLAGS_WFORMAT)
     if (REQUIRED_FLAGS_WFORMAT)
@@ -53,10 +51,7 @@ if (UNIX)
     add_c_compiler_flag("-Werror=format-security" SUPPORTED_COMPILER_FLAGS)
 
     # Allow zero for a variadic macro argument
-    string(TOLOWER "${CMAKE_C_COMPILER_ID}" _C_COMPILER_ID)
-    if ("${_C_COMPILER_ID}" STREQUAL "clang")
-        add_c_compiler_flag("-Wno-gnu-zero-variadic-macro-arguments" SUPPORTED_COMPILER_FLAGS)
-    endif()
+    add_c_compiler_flag("-Wno-gnu-zero-variadic-macro-arguments" SUPPORTED_COMPILER_FLAGS)
 
     add_c_compiler_flag("-fno-common" SUPPORTED_COMPILER_FLAGS)
 
@@ -70,18 +65,10 @@ if (UNIX)
     check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
     if (WITH_STACK_PROTECTOR_STRONG)
         list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
-        # This is needed as Solaris has a seperate libssp
-        if (SOLARIS)
-            list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong")
-        endif()
     else (WITH_STACK_PROTECTOR_STRONG)
         check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
         if (WITH_STACK_PROTECTOR)
             list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
-            # This is needed as Solaris has a seperate libssp
-            if (SOLARIS)
-                list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector")
-            endif()
         endif()
     endif (WITH_STACK_PROTECTOR_STRONG)
 
@@ -95,8 +82,6 @@ if (UNIX)
         add_c_compiler_flag("-Wno-error=tautological-compare" SUPPORTED_COMPILER_FLAGS)
     endif()
 
-    add_c_compiler_flag("-Wno-deprecated-declarations" DEPRECATION_COMPILER_FLAGS)
-
     # Unset CMAKE_REQUIRED_FLAGS
     unset(CMAKE_REQUIRED_FLAGS)
 endif()
@@ -115,8 +100,3 @@ if (OSX)
 endif()
 
 set(DEFAULT_C_COMPILE_FLAGS ${SUPPORTED_COMPILER_FLAGS} CACHE INTERNAL "Default C Compiler Flags" FORCE)
-set(DEFAULT_LINK_FLAGS ${SUPPORTED_LINKER_FLAGS} CACHE INTERNAL "Default C Linker Flags" FORCE)
-
-if (DEPRECATION_COMPILER_FLAGS)
-    set(DEFAULT_C_NO_DEPRECATION_FLAGS ${DEPRECATION_COMPILER_FLAGS} CACHE INTERNAL "Default no deprecation flags" FORCE)
-endif()

ConfigureChecks.cmake

@@ -9,7 +9,10 @@ include(TestBigEndian)
 
 set(PACKAGE ${PROJECT_NAME})
 set(VERSION ${PROJECT_VERSION})
-set(SYSCONFDIR ${CMAKE_INSTALL_SYSCONFDIR})
+set(DATADIR ${DATA_INSTALL_DIR})
+set(LIBDIR ${LIB_INSTALL_DIR})
+set(PLUGINDIR "${PLUGIN_INSTALL_DIR}-${LIBRARY_SOVERSION}")
+set(SYSCONFDIR ${SYSCONF_INSTALL_DIR})
 
 set(BINARYDIR ${CMAKE_BINARY_DIR})
 set(SOURCEDIR ${CMAKE_SOURCE_DIR})
@@ -61,7 +64,6 @@ check_include_file(sys/param.h HAVE_SYS_PARAM_H)
 check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
 check_include_file(byteswap.h HAVE_BYTESWAP_H)
 check_include_file(glob.h HAVE_GLOB_H)
-check_include_file(valgrind/valgrind.h HAVE_VALGRIND_VALGRIND_H)
 
 if (WIN32)
   check_include_file(io.h HAVE_IO_H)
@@ -86,10 +88,8 @@ if (OPENSSL_FOUND)
         message(FATAL_ERROR "Could not detect openssl/aes.h")
     endif()
 
-    if (WITH_BLOWFISH_CIPHER)
-        set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-        check_include_file(openssl/blowfish.h HAVE_OPENSSL_BLOWFISH_H)
-    endif()
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    check_include_file(openssl/blowfish.h HAVE_OPENSSL_BLOWFISH_H)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ecdh.h HAVE_OPENSSL_ECDH_H)
@@ -101,64 +101,29 @@ if (OPENSSL_FOUND)
     check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_aes_128_ctr HAVE_OPENSSL_EVP_AES_CTR)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_aes_128_cbc HAVE_OPENSSL_EVP_AES_CBC)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_EVP_AES_GCM)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_CIPHER_CTX_new HAVE_OPENSSL_EVP_CIPHER_CTX_NEW)
 
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_DigestSign HAVE_OPENSSL_EVP_DIGESTSIGN)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_DigestVerify HAVE_OPENSSL_EVP_DIGESTVERIFY)
-
-    check_function_exists(OPENSSL_ia32cap_loc HAVE_OPENSSL_IA32CAP_LOC)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_ED25519 "openssl/evp.h" FOUND_OPENSSL_ED25519)
-
-    if (HAVE_OPENSSL_EVP_DIGESTSIGN AND HAVE_OPENSSL_EVP_DIGESTVERIFY AND
-        FOUND_OPENSSL_ED25519)
-        set(HAVE_OPENSSL_ED25519 1)
-    endif()
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_X25519 "openssl/evp.h" HAVE_OPENSSL_X25519)
-
     unset(CMAKE_REQUIRED_INCLUDES)
     unset(CMAKE_REQUIRED_LIBRARIES)
 endif()
@@ -289,14 +254,6 @@ if (CMAKE_USE_PTHREADS_INIT)
     set(HAVE_PTHREAD 1)
 endif (CMAKE_USE_PTHREADS_INIT)
 
-if (UNIT_TESTING)
-    if (CMOCKA_FOUND)
-        set(CMAKE_REQUIRED_LIBRARIES ${CMOCKA_LIBRARIES})
-        check_function_exists(cmocka_set_test_filter HAVE_CMOCKA_SET_TEST_FILTER)
-        unset(CMAKE_REQUIRED_LIBRARIES)
-    endif ()
-endif ()
-
 # OPTIONS
 check_c_source_compiles("
 __thread int tls;
@@ -315,19 +272,19 @@ int main(void) {
 ###########################################################
 # For detecting attributes we need to treat warnings as
 # errors
-if (UNIX OR MINGW)
+if (UNIX)
     # Get warnings for attributs
-    check_c_compiler_flag("-Wattributes" REQUIRED_FLAGS_WERROR)
+    check_c_compiler_flag("-Wattributs" REQUIRED_FLAGS_WERROR)
     if (REQUIRED_FLAGS_WERROR)
-        string(APPEND CMAKE_REQUIRED_FLAGS "-Wattributes ")
+        set(CMAKE_REQUIRED_FLAGS "-Wattributes")
     endif()
 
     # Turn warnings into errors
     check_c_compiler_flag("-Werror" REQUIRED_FLAGS_WERROR)
     if (REQUIRED_FLAGS_WERROR)
-        string(APPEND CMAKE_REQUIRED_FLAGS "-Werror ")
+        set(CMAKE_REQUIRED_FLAGS "-Werror")
     endif()
-endif ()
+endif (UNIX)
 
 check_c_source_compiles("
 void test_constructor_attribute(void) __attribute__ ((constructor));
@@ -371,28 +328,6 @@ int main(void) {
     return 0;
 }" HAVE_FALLTHROUGH_ATTRIBUTE)
 
-if (NOT WIN32)
-    check_c_source_compiles("
-    #define __unused __attribute__((unused))
-
-    static int do_nothing(int i __unused)
-    {
-        return 0;
-    }
-
-    int main(void)
-    {
-        int i;
-
-        i = do_nothing(5);
-        if (i > 5) {
-            return 1;
-        }
-
-        return 0;
-    }" HAVE_UNUSED_ATTRIBUTE)
-endif()
-
 check_c_source_compiles("
 #include <string.h>
 
@@ -405,6 +340,18 @@ int main(void)
     return 0;
 }" HAVE_GCC_VOLATILE_MEMORY_PROTECTION)
 
+check_c_source_compiles("
+#include <stdio.h>
+#define __VA_NARG__(...) (__VA_NARG_(_0, ## __VA_ARGS__, __RSEQ_N()) - 1)
+#define __VA_NARG_(...) __VA_ARG_N(__VA_ARGS__)
+#define __VA_ARG_N( _1, _2, _3, _4, _5, _6, _7, _8, _9,_10,N,...) N
+#define __RSEQ_N() 10, 9,  8,  7,  6,  5,  4,  3,  2,  1,  0
+#define myprintf(format, ...) printf((format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__)
+int main(void) {
+    myprintf(\"%d %d %d %d\",1,2,3);
+    return 0;
+}" HAVE_GCC_NARG_MACRO)
+
 check_c_source_compiles("
 #include <stdio.h>
 int main(void) {
@@ -419,8 +366,6 @@ int main(void) {
     return 0;
 }" HAVE_COMPILER__FUNCTION__)
 
-# This is only available with OpenBSD's gcc implementation */
-if (OPENBSD)
 check_c_source_compiles("
 #define ARRAY_LEN 16
 void test_attr(const unsigned char *k)
@@ -429,7 +374,6 @@ void test_attr(const unsigned char *k)
 int main(void) {
     return 0;
 }" HAVE_GCC_BOUNDED_ATTRIBUTE)
-endif(OPENBSD)
 
 # Stop treating warnings as errors
 unset(CMAKE_REQUIRED_FLAGS)

DefineOptions.cmake

@@ -2,15 +2,14 @@ option(WITH_GSSAPI "Build with GSSAPI support" ON)
 option(WITH_ZLIB "Build with ZLIB support" ON)
 option(WITH_SFTP "Build with SFTP support" ON)
 option(WITH_SERVER "Build with SSH server support" ON)
+option(WITH_STATIC_LIB "Build with a static library" OFF)
 option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
 option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
 option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
 option(WITH_GCRYPT "Compile against libgcrypt" OFF)
 option(WITH_MBEDTLS "Compile against libmbedtls" OFF)
-option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)
 option(WITH_PCAP "Compile with Pcap generation support" ON)
 option(WITH_INTERNAL_DOC "Compile doxygen internal documentation" OFF)
-option(BUILD_SHARED_LIBS "Build shared libraries" ON)
 option(UNIT_TESTING "Build with unit tests" OFF)
 option(CLIENT_TESTING "Build with client tests; requires openssh" OFF)
 option(SERVER_TESTING "Build with server tests; requires openssh and dropbear" OFF)
@@ -19,7 +18,6 @@ option(WITH_EXAMPLES "Build examples" ON)
 option(WITH_NACL "Build with libnacl (curve25519)" ON)
 option(WITH_SYMBOL_VERSIONING "Build with symbol versioning" ON)
 option(WITH_ABI_BREAK "Allow ABI break" OFF)
-option(WITH_GEX "Enable DH Group exchange mechanisms" ON)
 option(FUZZ_TESTING "Build with fuzzer for the server" OFF)
 option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
 
@@ -34,9 +32,13 @@ if (WITH_BENCHMARKS)
   set(CLIENT_TESTING ON)
 endif()
 
-if (UNIT_TESTING OR CLIENT_TESTING OR SERVER_TESTING)
+if (WITH_STATIC_LIB)
+    set(BUILD_STATIC_LIB ON)
+endif (WITH_STATIC_LIB)
+
+if (UNIT_TESTING)
   set(BUILD_STATIC_LIB ON)
-endif()
+endif (UNIT_TESTING)
 
 if (WITH_NACL)
   set(WITH_NACL ON)
@@ -45,11 +47,3 @@ endif (WITH_NACL)
 if (WITH_ABI_BREAK)
   set(WITH_SYMBOL_VERSIONING ON)
 endif (WITH_ABI_BREAK)
-
-if (NOT GLOBAL_BIND_CONFIG)
-  set(GLOBAL_BIND_CONFIG "/etc/ssh/libssh_server_config")
-endif (NOT GLOBAL_BIND_CONFIG)
-
-if (NOT GLOBAL_CLIENT_CONFIG)
-  set(GLOBAL_CLIENT_CONFIG "/etc/ssh/ssh_config")
-endif (NOT GLOBAL_CLIENT_CONFIG)

INSTALL

@@ -7,14 +7,13 @@
 In order to build libssh, you need to install several components:
 
 - A C compiler
-- [CMake](https://www.cmake.org) >= 2.6.0.
-- [openssl](https://www.openssl.org) >= 0.9.8
+- [CMake](http://www.cmake.org) >= 2.6.0.
+- [openssl](http://www.openssl.org) >= 0.9.8
 or
-- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
-- [libz](https://www.zlib.net) >= 1.2
+- [gcrypt](http://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
 
 optional:
-- [cmocka](https://cmocka.org/) >= 1.1.0
+- [libz](http://www.zlib.net) >= 1.2
 - [socket_wrapper](https://cwrap.org/) >= 1.1.5
 - [nss_wrapper](https://cwrap.org/) >= 1.1.2
 - [uid_wrapper](https://cwrap.org/) >= 1.2.0
@@ -23,12 +22,12 @@ optional:
 Note that these version numbers are version we know works correctly. If you
 build and run libssh successfully with an older version, please let us know.
 
-For Windows use vcpkg:
+Windows binaries known to be working:
 
-https://github.com/Microsoft/vcpkg
+- http://www.slproweb.com/products/Win32OpenSSL.html
+- http://zlib.net/ -> zlib compiled DLL
 
-which you can use to install openssl and zlib. libssh itself is also part of
-vcpkg!
+We installed them in C:\Program Files
 
 ## Building
 First, you need to configure the compilation, using CMake. Go inside the
@@ -117,4 +116,4 @@ This document is written using [Markdown][] syntax, making it possible to
 provide usable information in both plain text and HTML format. Whenever
 modifying this document please use [Markdown][] syntax.
 
-[markdown]: https://www.daringfireball.net/projects/markdown
+[markdown]: http://www.daringfireball.net/projects/markdown

README

@@ -31,7 +31,7 @@ If you ask yourself how to compile libssh, please read INSTALL before anything.
 3* Where ?
 -_-_-_-_-_-_
 
-https://www.libssh.org
+http://www.libssh.org
 
 4* Contributing
 -_-_-_-_-_-_-_-_-_

README.CodingStyle

@@ -60,7 +60,7 @@ following to $HOME/.vimrc:
 
 You can use the Vim gitmodline plugin to store this in the git config:
 
-    https://git.cryptomilk.org/projects/vim-gitmodeline.git/
+    http://git.cryptomilk.org/projects/vim-gitmodeline.git/
 
 For Vim, the following settings in $HOME/.vimrc will also deal with
 displaying trailing whitespace:

SubmittingPatches

@@ -23,7 +23,7 @@ much easier to work with individuals who have ownership than corporate
 legal departments if we ever need to make reasonable compromises with
 people using and working with libssh.
 
-We track the ownership of every part of libssh via https://git.libssh.org,
+We track the ownership of every part of libssh via http://git.libssh.org,
 our source code control system, so we know the provenance of every piece
 of code that is committed to libssh.
 
@@ -85,7 +85,7 @@ By making a contribution to this project, I certify that:
     Free Software Foundation; either version 2.1 of
     the License, or (at the option of the project) any later version.
 
-    https://www.gnu.org/licenses/lgpl-2.1.html
+    http://www.gnu.org/licenses/lgpl-2.1.html
 
 
 We will maintain a copy of that email as a record that you have the

cmake/Modules/AddCMockaTest.cmake

@@ -1,63 +1,11 @@
-#
+# - add_cmocka_test(test_name test_source linklib1 ... linklibN)
+
 # Copyright (c) 2007      Daniel Gollub <dgollub@suse.de>
 # Copyright (c) 2007-2018 Andreas Schneider <asn@cryptomilk.org>
-# Copyright (c) 2018      Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 #
 # Redistribution and use is allowed according to the terms of the BSD license.
 # For details see the accompanying COPYING-CMAKE-SCRIPTS file.
 
-#.rst:
-# AddCMockaTest
-# -------------
-#
-# This file provides a function to add a test
-#
-# Functions provided
-# ------------------
-#
-# ::
-#
-#   add_cmocka_test(target_name
-#                   SOURCES src1 src2 ... srcN
-#                   [COMPILE_OPTIONS opt1 opt2 ... optN]
-#                   [LINK_LIBRARIES lib1 lib2 ... libN]
-#                   [LINK_OPTIONS lopt1 lop2 .. loptN]
-#                  )
-#
-# ``target_name``:
-#   Required, expects the name of the test which will be used to define a target
-#
-# ``SOURCES``:
-#   Required, expects one or more source files names
-#
-# ``COMPILE_OPTIONS``:
-#   Optional, expects one or more options to be passed to the compiler
-#
-# ``LINK_LIBRARIES``:
-#   Optional, expects one or more libraries to be linked with the test
-#   executable.
-#
-# ``LINK_OPTIONS``:
-#   Optional, expects one or more options to be passed to the linker
-#
-#
-# Example:
-#
-# .. code-block:: cmake
-#
-#   add_cmocka_test(my_test
-#                   SOURCES my_test.c other_source.c
-#                   COMPILE_OPTIONS -g -Wall
-#                   LINK_LIBRARIES mylib
-#                   LINK_OPTIONS -Wl,--enable-syscall-fixup
-#                  )
-#
-# Where ``my_test`` is the name of the test, ``my_test.c`` and
-# ``other_source.c`` are sources for the binary, ``-g -Wall`` are compiler
-# options to be used, ``mylib`` is a target of a library to be linked, and
-# ``-Wl,--enable-syscall-fixup`` is an option passed to the linker.
-#
-
 enable_testing()
 include(CTest)
 
@@ -69,52 +17,10 @@ if (CMAKE_CROSSCOMPILING)
     endif()
 endif()
 
-function(ADD_CMOCKA_TEST _TARGET_NAME)
+function(ADD_CMOCKA_TEST _testName _testSource)
+    add_executable(${_testName} ${_testSource})
 
-    set(one_value_arguments
-    )
-
-    set(multi_value_arguments
-        SOURCES
-        COMPILE_OPTIONS
-        LINK_LIBRARIES
-        LINK_OPTIONS
-    )
-
-    cmake_parse_arguments(_add_cmocka_test
-        ""
-        "${one_value_arguments}"
-        "${multi_value_arguments}"
-        ${ARGN}
-    )
-
-    if (NOT DEFINED _add_cmocka_test_SOURCES)
-        message(FATAL_ERROR "No sources provided for target ${_TARGET_NAME}")
-    endif()
-
-    add_executable(${_TARGET_NAME} ${_add_cmocka_test_SOURCES})
-
-    if (DEFINED _add_cmocka_test_COMPILE_OPTIONS)
-        target_compile_options(${_TARGET_NAME}
-            PRIVATE ${_add_cmocka_test_COMPILE_OPTIONS}
-        )
-    endif()
-
-    if (DEFINED _add_cmocka_test_LINK_LIBRARIES)
-        target_link_libraries(${_TARGET_NAME}
-            PRIVATE ${_add_cmocka_test_LINK_LIBRARIES}
-        )
-    endif()
-
-    if (DEFINED _add_cmocka_test_LINK_OPTIONS)
-        set_target_properties(${_TARGET_NAME}
-            PROPERTIES LINK_FLAGS
-            ${_add_cmocka_test_LINK_OPTIONS}
-        )
-    endif()
-
-    add_test(${_TARGET_NAME}
-        ${TARGET_SYSTEM_EMULATOR} ${_TARGET_NAME}
-    )
+    target_link_libraries(${_testName} ${ARGN})
 
+    add_test(${_testName} ${TARGET_SYSTEM_EMULATOR} ${CMAKE_CURRENT_BINARY_DIR}/${_testName}${CMAKE_EXECUTABLE_SUFFIX})
 endfunction (ADD_CMOCKA_TEST)

cmake/Modules/DefineCompilerFlags.cmake

@@ -1,8 +1,8 @@
 if (UNIX AND NOT WIN32)
     # Activate with: -DCMAKE_BUILD_TYPE=Profiling
-    set(CMAKE_C_FLAGS_PROFILING "-O0 -g -fprofile-arcs -ftest-coverage"
+    set(CMAKE_C_FLAGS_PROFILING "-g -O0 -fprofile-arcs -ftest-coverage"
         CACHE STRING "Flags used by the C compiler during PROFILING builds.")
-    set(CMAKE_CXX_FLAGS_PROFILING "-O0 -g -fprofile-arcs -ftest-coverage"
+    set(CMAKE_CXX_FLAGS_PROFILING "-g -O0 -fprofile-arcs -ftest-coverage"
         CACHE STRING "Flags used by the CXX compiler during PROFILING builds.")
     set(CMAKE_SHARED_LINKER_FLAGS_PROFILING "-fprofile-arcs -ftest-coverage"
         CACHE STRING "Flags used by the linker during the creation of shared libraries during PROFILING builds.")
@@ -22,28 +22,4 @@ if (UNIX AND NOT WIN32)
         CACHE STRING "Flags used by the linker during the creation of shared libraries during ADDRESSSANITIZER builds.")
     set(CMAKE_EXEC_LINKER_FLAGS_ADDRESSSANITIZER "-fsanitize=address"
         CACHE STRING "Flags used by the linker during ADDRESSSANITIZER builds.")
-
-    # Activate with: -DCMAKE_BUILD_TYPE=MemorySanitizer
-    set(CMAKE_C_FLAGS_MEMORYSANITIZER "-g -O2 -fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer"
-        CACHE STRING "Flags used by the C compiler during MEMORYSANITIZER builds.")
-    set(CMAKE_CXX_FLAGS_MEMORYSANITIZER "-g -O2 -fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer"
-        CACHE STRING "Flags used by the CXX compiler during MEMORYSANITIZER builds.")
-    set(CMAKE_SHARED_LINKER_FLAGS_MEMORYSANITIZER "-fsanitize=memory"
-        CACHE STRING "Flags used by the linker during the creation of shared libraries during MEMORYSANITIZER builds.")
-    set(CMAKE_MODULE_LINKER_FLAGS_MEMORYSANITIZER "-fsanitize=memory"
-        CACHE STRING "Flags used by the linker during the creation of shared libraries during MEMORYSANITIZER builds.")
-    set(CMAKE_EXEC_LINKER_FLAGS_MEMORYSANITIZER "-fsanitize=memory"
-        CACHE STRING "Flags used by the linker during MEMORYSANITIZER builds.")
-
-    # Activate with: -DCMAKE_BUILD_TYPE=UndefinedSanitizer
-    set(CMAKE_C_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
-        CACHE STRING "Flags used by the C compiler during UNDEFINEDSANITIZER builds.")
-    set(CMAKE_CXX_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
-        CACHE STRING "Flags used by the CXX compiler during UNDEFINEDSANITIZER builds.")
-    set(CMAKE_SHARED_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
-        CACHE STRING "Flags used by the linker during the creation of shared libraries during UNDEFINEDSANITIZER builds.")
-    set(CMAKE_MODULE_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
-        CACHE STRING "Flags used by the linker during the creation of shared libraries during UNDEFINEDSANITIZER builds.")
-    set(CMAKE_EXEC_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
-        CACHE STRING "Flags used by the linker during UNDEFINEDSANITIZER builds.")
 endif()

cmake/Modules/DefineInstallationPaths.cmake

@@ -0,0 +1,109 @@
+if (UNIX OR OS2)
+  IF (NOT APPLICATION_NAME)
+    MESSAGE(STATUS "${PROJECT_NAME} is used as APPLICATION_NAME")
+    SET(APPLICATION_NAME ${PROJECT_NAME})
+  ENDIF (NOT APPLICATION_NAME)
+
+  # Suffix for Linux
+  SET(LIB_SUFFIX
+    CACHE STRING "Define suffix of directory name (32/64)"
+  )
+
+  SET(EXEC_INSTALL_PREFIX
+    "${CMAKE_INSTALL_PREFIX}"
+    CACHE PATH  "Base directory for executables and libraries"
+  )
+  SET(SHARE_INSTALL_PREFIX
+    "${CMAKE_INSTALL_PREFIX}/share"
+    CACHE PATH "Base directory for files which go to share/"
+  )
+  SET(DATA_INSTALL_PREFIX
+    "${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}"
+    CACHE PATH "The parent directory where applications can install their data")
+
+  # The following are directories where stuff will be installed to
+  SET(BIN_INSTALL_DIR
+    "${EXEC_INSTALL_PREFIX}/bin"
+    CACHE PATH "The ${APPLICATION_NAME} binary install dir (default prefix/bin)"
+  )
+  SET(SBIN_INSTALL_DIR
+    "${EXEC_INSTALL_PREFIX}/sbin"
+    CACHE PATH "The ${APPLICATION_NAME} sbin install dir (default prefix/sbin)"
+  )
+  SET(LIB_INSTALL_DIR
+    "${EXEC_INSTALL_PREFIX}/lib${LIB_SUFFIX}"
+    CACHE PATH "The subdirectory relative to the install prefix where libraries will be installed (default is prefix/lib)"
+  )
+  SET(LIBEXEC_INSTALL_DIR
+    "${EXEC_INSTALL_PREFIX}/libexec"
+    CACHE PATH "The subdirectory relative to the install prefix where libraries will be installed (default is prefix/libexec)"
+  )
+  SET(PLUGIN_INSTALL_DIR
+    "${LIB_INSTALL_DIR}/${APPLICATION_NAME}"
+    CACHE PATH "The subdirectory relative to the install prefix where plugins will be installed (default is prefix/lib/${APPLICATION_NAME})"
+  )
+  SET(INCLUDE_INSTALL_DIR
+    "${CMAKE_INSTALL_PREFIX}/include"
+    CACHE PATH "The subdirectory to the header prefix (default prefix/include)"
+  )
+
+  set(CMAKE_INSTALL_DIR
+    "${LIB_INSTALL_DIR}/cmake"
+    CACHE PATH "The subdirectory to install cmake config files")
+
+  SET(DATA_INSTALL_DIR
+    "${DATA_INSTALL_PREFIX}"
+    CACHE PATH "The parent directory where applications can install their data (default prefix/share/${APPLICATION_NAME})"
+  )
+  SET(HTML_INSTALL_DIR
+    "${DATA_INSTALL_PREFIX}/doc/HTML"
+    CACHE PATH "The HTML install dir for documentation (default data/doc/html)"
+  )
+  SET(ICON_INSTALL_DIR
+    "${DATA_INSTALL_PREFIX}/icons"
+    CACHE PATH "The icon install dir (default data/icons/)"
+  )
+  SET(SOUND_INSTALL_DIR
+    "${DATA_INSTALL_PREFIX}/sounds"
+    CACHE PATH "The install dir for sound files (default data/sounds)"
+  )
+
+  SET(LOCALE_INSTALL_DIR
+    "${SHARE_INSTALL_PREFIX}/locale"
+    CACHE PATH "The install dir for translations (default prefix/share/locale)"
+  )
+
+  SET(XDG_APPS_DIR
+    "${SHARE_INSTALL_PREFIX}/applications/"
+    CACHE PATH "The XDG apps dir"
+  )
+  SET(XDG_DIRECTORY_DIR
+    "${SHARE_INSTALL_PREFIX}/desktop-directories"
+    CACHE PATH "The XDG directory"
+  )
+
+  SET(SYSCONF_INSTALL_DIR
+    "${EXEC_INSTALL_PREFIX}/etc"
+    CACHE PATH "The ${APPLICATION_NAME} sysconfig install dir (default prefix/etc)"
+  )
+  SET(MAN_INSTALL_DIR
+    "${SHARE_INSTALL_PREFIX}/man"
+    CACHE PATH "The ${APPLICATION_NAME} man install dir (default prefix/man)"
+  )
+  SET(INFO_INSTALL_DIR
+    "${SHARE_INSTALL_PREFIX}/info"
+    CACHE PATH "The ${APPLICATION_NAME} info install dir (default prefix/info)"
+  )
+else()
+  # Same same
+  set(BIN_INSTALL_DIR "bin" CACHE PATH "-")
+  set(SBIN_INSTALL_DIR "sbin" CACHE PATH "-")
+  set(LIB_INSTALL_DIR "lib${LIB_SUFFIX}" CACHE PATH "-")
+  set(INCLUDE_INSTALL_DIR "include" CACHE PATH "-")
+  set(CMAKE_INSTALL_DIR "CMake" CACHE PATH "-")
+  set(PLUGIN_INSTALL_DIR "plugins" CACHE PATH "-")
+  set(HTML_INSTALL_DIR "doc/HTML" CACHE PATH "-")
+  set(ICON_INSTALL_DIR "icons" CACHE PATH "-")
+  set(SOUND_INSTALL_DIR "soudns" CACHE PATH "-")
+  set(LOCALE_INSTALL_DIR "lang" CACHE PATH "-")
+endif ()

cmake/Modules/FindABIMap.cmake

@@ -302,13 +302,12 @@ function(get_file_list _TARGET_NAME)
     add_custom_target(
         ${_TARGET_NAME}_int ALL
         COMMAND ${CMAKE_COMMAND}
-          -DOUTPUT_PATH=${_get_files_list_OUTPUT_PATH}
-          -DDIRECTORIES=${_get_files_list_DIRECTORIES}
-          -DFILES_PATTERNS=${_get_files_list_FILES_PATTERNS}
+          -DOUTPUT_PATH="${_get_files_list_OUTPUT_PATH}"
+          -DDIRECTORIES="${_get_files_list_DIRECTORIES}"
+          -DFILES_PATTERNS="${_get_files_list_FILES_PATTERNS}"
           -P ${_GET_FILES_LIST_SCRIPT}
         COMMENT
           "Searching for files"
-        VERBATIM
     )
 
     if (DEFINED _get_files_list_COPY_TO)
@@ -319,7 +318,6 @@ function(get_file_list _TARGET_NAME)
               ${_FILES_LIST_OUTPUT_PATH} ${_get_files_list_COPY_TO}
             DEPENDS ${_TARGET_NAME}_int
             COMMENT "Copying ${_TARGET_NAME} to ${_get_files_list_COPY_TO}"
-            VERBATIM
         )
     else()
         add_custom_target(${_TARGET_NAME} ALL
@@ -371,13 +369,12 @@ function(extract_symbols _TARGET_NAME)
     add_custom_target(
         ${_TARGET_NAME}_int ALL
         COMMAND ${CMAKE_COMMAND}
-          -DOUTPUT_PATH=${_SYMBOLS_OUTPUT_PATH}
-          -DHEADERS_LIST_FILE=${_HEADERS_LIST_FILE}
+          -DOUTPUT_PATH="${_SYMBOLS_OUTPUT_PATH}"
+          -DHEADERS_LIST_FILE="${_HEADERS_LIST_FILE}"
           -DFILTER_PATTERN=${_extract_symbols_FILTER_PATTERN}
           -P ${_EXTRACT_SYMBOLS_SCRIPT}
         DEPENDS ${_extract_symbols_HEADERS_LIST}
         COMMENT "Extracting symbols from headers"
-        VERBATIM
     )
 
     if (DEFINED _extract_symbols_COPY_TO)
@@ -388,7 +385,6 @@ function(extract_symbols _TARGET_NAME)
               ${_SYMBOLS_OUTPUT_PATH} ${_extract_symbols_COPY_TO}
             DEPENDS ${_TARGET_NAME}_int
             COMMENT "Copying ${_TARGET_NAME} to ${_extract_symbols_COPY_TO}"
-            VERBATIM
         )
     else()
         add_custom_target(${_TARGET_NAME} ALL
@@ -453,37 +449,35 @@ function(generate_map_file _TARGET_NAME)
         ${_TARGET_NAME}_int ALL
         COMMAND ${CMAKE_COMMAND}
           -DABIMAP_EXECUTABLE=${ABIMAP_EXECUTABLE}
-          -DSYMBOLS=${_SYMBOLS_FILE}
+          -DSYMBOLS="${_SYMBOLS_FILE}"
           -DCURRENT_MAP=${_generate_map_file_CURRENT_MAP}
-          -DOUTPUT_PATH=${_MAP_OUTPUT_PATH}
+          -DOUTPUT_PATH="${_MAP_OUTPUT_PATH}"
           -DFINAL=${_generate_map_file_FINAL}
           -DBREAK_ABI=${_generate_map_file_BREAK_ABI}
           -DRELEASE_NAME_VERSION=${_generate_map_file_RELEASE_NAME_VERSION}
           -P ${_GENERATE_MAP_SCRIPT}
         DEPENDS ${_generate_map_file_SYMBOLS}
         COMMENT "Generating the map ${_TARGET_NAME}"
-        VERBATIM
     )
 
     # Add a custom command setting the map as OUTPUT to allow it to be added as
     # a generated source
     add_custom_command(
         OUTPUT ${_MAP_OUTPUT_PATH}
-        DEPENDS ${_TARGET_NAME}_copy
+        DEPENDS ${_TARGET_NAME}
     )
 
     if (DEFINED _generate_map_file_COPY_TO)
         # Copy the generated map back to the COPY_TO
-        add_custom_target(${_TARGET_NAME}_copy ALL
+        add_custom_target(${_TARGET_NAME} ALL
             COMMAND
               ${CMAKE_COMMAND} -E copy_if_different ${_MAP_OUTPUT_PATH}
               ${_generate_map_file_COPY_TO}
             DEPENDS ${_TARGET_NAME}_int
             COMMENT "Copying ${_MAP_OUTPUT_PATH} to ${_generate_map_file_COPY_TO}"
-            VERBATIM
         )
     else()
-        add_custom_target(${_TARGET_NAME}_copy ALL
+        add_custom_target(${_TARGET_NAME} ALL
             DEPENDS ${_TARGET_NAME}_int
         )
     endif()

cmake/Modules/FindGCrypt.cmake

@@ -49,15 +49,7 @@ find_library(GCRYPT_LIBRARY
     PATH_SUFFIXES
         lib
 )
-find_library(GCRYPT_ERROR_LIBRARY
-    NAMES
-        gpg-error
-        libgpg-error-0
-        libgpg-error6-0
-    HINTS
-        ${_GCRYPT_ROOT_HINTS_AND_PATHS}
-)
-set(GCRYPT_LIBRARIES ${GCRYPT_LIBRARY}  ${GCRYPT_ERROR_LIBRARY})
+set(GCRYPT_LIBRARIES ${GCRYPT_LIBRARY})
 
 if (GCRYPT_INCLUDE_DIR)
     file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" _gcrypt_version_str REGEX "^#define GCRYPT_VERSION \"[0-9]+\\.[0-9]+\\.[0-9]")

config.h.cmake

@@ -4,16 +4,14 @@
 /* Version number of package */
 #cmakedefine VERSION "${PROJECT_VERSION}"
 
+#cmakedefine LOCALEDIR "${LOCALE_INSTALL_DIR}"
+#cmakedefine DATADIR "${DATADIR}"
+#cmakedefine LIBDIR "${LIBDIR}"
+#cmakedefine PLUGINDIR "${PLUGINDIR}"
 #cmakedefine SYSCONFDIR "${SYSCONFDIR}"
 #cmakedefine BINARYDIR "${BINARYDIR}"
 #cmakedefine SOURCEDIR "${SOURCEDIR}"
 
-/* Global bind configuration file path */
-#cmakedefine GLOBAL_BIND_CONFIG "${GLOBAL_BIND_CONFIG}"
-
-/* Global client configuration file path */
-#cmakedefine GLOBAL_CLIENT_CONFIG "${GLOBAL_CLIENT_CONFIG}"
-
 /************************** HEADER FILES *************************/
 
 /* Define to 1 if you have the <argp.h> header file. */
@@ -25,9 +23,6 @@
 /* Define to 1 if you have the <glob.h> header file. */
 #cmakedefine HAVE_GLOB_H 1
 
-/* Define to 1 if you have the <valgrind/valgrind.h> header file. */
-#cmakedefine HAVE_VALGRIND_VALGRIND_H 1
-
 /* Define to 1 if you have the <pty.h> header file. */
 #cmakedefine HAVE_PTY_H 1
 
@@ -97,12 +92,6 @@
 /* Define to 1 if you have gl_flags as a glob_t sturct member */
 #cmakedefine HAVE_GLOB_GL_FLAGS_MEMBER 1
 
-/* Define to 1 if you have OpenSSL with Ed25519 support */
-#cmakedefine HAVE_OPENSSL_ED25519 1
-
-/* Define to 1 if you have OpenSSL with X25519 support */
-#cmakedefine HAVE_OPENSSL_X25519 1
-
 /*************************** FUNCTIONS ***************************/
 
 /* Define to 1 if you have the `EVP_aes128_ctr' function. */
@@ -111,9 +100,6 @@
 /* Define to 1 if you have the `EVP_aes128_cbc' function. */
 #cmakedefine HAVE_OPENSSL_EVP_AES_CBC 1
 
-/* Define to 1 if you have the `EVP_aes128_gcm' function. */
-#cmakedefine HAVE_OPENSSL_EVP_AES_GCM 1
-
 /* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
 #cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
 
@@ -123,21 +109,6 @@
 /* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
 #cmakedefine HAVE_OPENSSL_EVP_CIPHER_CTX_NEW 1
 
-/* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */
-#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID 1
-
-/* Define to 1 if you have the `FIPS_mode' function. */
-#cmakedefine HAVE_OPENSSL_FIPS_MODE 1
-
-/* Define to 1 if you have the `EVP_DigestSign' function. */
-#cmakedefine HAVE_OPENSSL_EVP_DIGESTSIGN 1
-
-/* Define to 1 if you have the `EVP_DigestVerify' function. */
-#cmakedefine HAVE_OPENSSL_EVP_DIGESTVERIFY 1
-
-/* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */
-#cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1
-
 /* Define to 1 if you have the `snprintf' function. */
 #cmakedefine HAVE_SNPRINTF 1
 
@@ -207,9 +178,6 @@
 /* Define to 1 if you have the `SecureZeroMemory' function. */
 #cmakedefine HAVE_SECURE_ZERO_MEMORY 1
 
-/* Define to 1 if you have the `cmocka_set_test_filter' function. */
-#cmakedefine HAVE_CMOCKA_SET_TEST_FILTER 1
-
 /*************************** LIBRARIES ***************************/
 
 /* Define to 1 if you have the `crypto' library (-lcrypto). */
@@ -224,21 +192,18 @@
 /* Define to 1 if you have the `pthread' library (-lpthread). */
 #cmakedefine HAVE_PTHREAD 1
 
-/* Define to 1 if you have the `cmocka' library (-lcmocka). */
-#cmakedefine HAVE_CMOCKA 1
-
 /**************************** OPTIONS ****************************/
 
 #cmakedefine HAVE_GCC_THREAD_LOCAL_STORAGE 1
 #cmakedefine HAVE_MSC_THREAD_LOCAL_STORAGE 1
 
 #cmakedefine HAVE_FALLTHROUGH_ATTRIBUTE 1
-#cmakedefine HAVE_UNUSED_ATTRIBUTE 1
 
 #cmakedefine HAVE_CONSTRUCTOR_ATTRIBUTE 1
 #cmakedefine HAVE_DESTRUCTOR_ATTRIBUTE 1
 
 #cmakedefine HAVE_GCC_VOLATILE_MEMORY_PROTECTION 1
+#cmakedefine HAVE_GCC_NARG_MACRO 1
 
 #cmakedefine HAVE_COMPILER__FUNC__ 1
 #cmakedefine HAVE_COMPILER__FUNCTION__ 1
@@ -257,12 +222,6 @@
 /* Define to 1 if you want to enable server support */
 #cmakedefine WITH_SERVER 1
 
-/* Define to 1 if you want to enable DH group exchange algorithms */
-#cmakedefine WITH_GEX 1
-
-/* Define to 1 if you want to enable blowfish cipher support */
-#cmakedefine WITH_BLOWFISH_CIPHER 1
-
 /* Define to 1 if you want to enable debug output for crypto functions */
 #cmakedefine DEBUG_CRYPTO 1
 

doc/CMakeLists.txt

@@ -13,11 +13,8 @@ if (DOXYGEN_FOUND)
     set(DOXYGEN_TAB_SIZE 4)
     set(DOXYGEN_OPTIMIZE_OUTPUT_FOR_C YES)
     set(DOXYGEN_MARKDOWN_SUPPORT YES)
-    set(DOXYGEN_FULL_PATH_NAMES NO)
 
     set(DOXYGEN_PREDEFINED DOXYGEN
-                           WITH_SERVER
-                           WITH_SFTP
                            PRINTF_ATTRIBUTE(x,y))
 
     set(DOXYGEN_EXCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/that_style)

doc/authentication.dox

@@ -63,7 +63,7 @@ int authenticate_pubkey(ssh_session session)
 {
   int rc;
 
-  rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+  rc = ssh_userauth_publickey_auto(session, NULL);
 
   if (rc == SSH_AUTH_ERROR)
   {
@@ -281,7 +281,7 @@ pass, ssh_userauth_none() might answer SSH_AUTH_SUCCESS.
 The following example shows how to perform "none" authentication:
 
 @code
-int authenticate_none(ssh_session session)
+int authenticate_kbdint(ssh_session session)
 {
   int rc;
 

doc/curve25519-sha256@libssh.org.txt

@@ -112,8 +112,8 @@ This number is calculated using the following procedure:
      This conversion follows the network byte order. This step differs from 
      RFC5656.
 
-[RFC5656]    https://tools.ietf.org/html/rfc5656
+[RFC5656]    http://tools.ietf.org/html/rfc5656
 [SCHNEIER]   https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929
-[DJB]        https://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf
+[DJB]        http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf
 [Curve25519] "Curve25519: new Diffie-Hellman speed records."
-             https://cr.yp.to/ecdh/curve25519-20060209.pdf
+             http://cr.yp.to/ecdh/curve25519-20060209.pdf

doc/guided_tour.dox

@@ -431,9 +431,6 @@ int show_remote_processes(ssh_session session)
 }
 @endcode
 
-Each ssh_channel_request_exec() needs to be run on freshly created
-and connected (with ssh_channel_open_session()) channel.
-
 @see @ref opening_shell
 @see @ref remote_command
 @see @ref sftp_subsystem

doc/linking.dox

@@ -28,6 +28,6 @@ the dllimport attribute.
 @endcode
 
 If you're are statically linking with OpenSSL, read the "Linking your
-application" section in the NOTES.[OS] in the OpenSSL source tree!
+application" section in the NOTES.<OS> in the OpenSSL source tree!
 
 */

doc/mainpage.dox

@@ -39,8 +39,8 @@ The libssh library provides:
 
  - Client <b>and</b> server support
  - SSHv2 and SSHv1 protocol support
- - Supports <a href="https://test.libssh.org/" target="_blank">Linux, UNIX, BSD, Solaris, OS/2 and Windows</a>
- - Automated test cases with nightly <a href="https://test.libssh.org/" target="_blank">tests</a>
+ - Supports <a href="http://test.libssh.org/" target="_blank">Linux, UNIX, BSD, Solaris, OS/2 and Windows</a>
+ - Automated test cases with nightly <a href="http://test.libssh.org/" target="_blank">tests</a>
  - Event model based on poll(2), or a poll(2)-emulation.
 
 @section main-copyright Copyright Policy
@@ -111,7 +111,7 @@ By making a contribution to this project, I certify that:
     Free Software Foundation; either version 2.1 of
     the License, or (at the option of the project) any later version.
 
-https://www.gnu.org/licenses/lgpl-2.1.html
+http://www.gnu.org/licenses/lgpl-2.1.html
 @endverbatim
 
 We will maintain a copy of that email as a record that you have the rights to
@@ -151,79 +151,47 @@ The libssh Team
 
 The following RFC documents described SSH-2 protcol as an Internet standard.
 
- - <a href="https://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
+ - <a href="http://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
     The Secure Shell (SSH) Protocol Assigned Numbers
- - <a href="https://tools.ietf.org/html/rfc4251" target="_blank">RFC 4251</a>,
+ - <a href="http://tools.ietf.org/html/rfc4251" target="_blank">RFC 4251</a>,
     The Secure Shell (SSH) Protocol Architecture
- - <a href="https://tools.ietf.org/html/rfc4252" target="_blank">RFC 4252</a>,
+ - <a href="http://tools.ietf.org/html/rfc4252" target="_blank">RFC 4252</a>,
     The Secure Shell (SSH) Authentication Protocol
- - <a href="https://tools.ietf.org/html/rfc4253" target="_blank">RFC 4253</a>,
+ - <a href="http://tools.ietf.org/html/rfc4253" target="_blank">RFC 4253</a>,
     The Secure Shell (SSH) Transport Layer Protocol
- - <a href="https://tools.ietf.org/html/rfc4254" target="_blank">RFC 4254</a>,
+ - <a href="http://tools.ietf.org/html/rfc4254" target="_blank">RFC 4254</a>,
     The Secure Shell (SSH) Connection Protocol
- - <a href="https://tools.ietf.org/html/rfc4255" target="_blank">RFC 4255</a>,
+ - <a href="http://tools.ietf.org/html/rfc4255" target="_blank">RFC 4255</a>,
     Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
-    (not implemented in libssh)
- - <a href="https://tools.ietf.org/html/rfc4256" target="_blank">RFC 4256</a>,
+ - <a href="http://tools.ietf.org/html/rfc4256" target="_blank">RFC 4256</a>,
     Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
- - <a href="https://tools.ietf.org/html/rfc4335" target="_blank">RFC 4335</a>,
+ - <a href="http://tools.ietf.org/html/rfc4335" target="_blank">RFC 4335</a>,
     The Secure Shell (SSH) Session Channel Break Extension
- - <a href="https://tools.ietf.org/html/rfc4344" target="_blank">RFC 4344</a>,
+ - <a href="http://tools.ietf.org/html/rfc4344" target="_blank">RFC 4344</a>,
     The Secure Shell (SSH) Transport Layer Encryption Modes
- - <a href="https://tools.ietf.org/html/rfc4345" target="_blank">RFC 4345</a>,
+ - <a href="http://tools.ietf.org/html/rfc4345" target="_blank">RFC 4345</a>,
     Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
 
 It was later modified and expanded by the following RFCs.
 
- - <a href="https://tools.ietf.org/html/rfc4419" target="_blank">RFC 4419</a>,
+ - <a href="http://tools.ietf.org/html/rfc4419" target="_blank">RFC 4419</a>,
     Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
     Protocol
- - <a href="https://tools.ietf.org/html/rfc4432" target="_blank">RFC 4432</a>,
+ - <a href="http://tools.ietf.org/html/rfc4432" target="_blank">RFC 4432</a>,
     RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol
-    (not implemented in libssh)
- - <a href="https://tools.ietf.org/html/rfc4462" target="_blank">RFC 4462</a>,
+ - <a href="http://tools.ietf.org/html/rfc4462" target="_blank">RFC 4462</a>,
     Generic Security Service Application Program Interface (GSS-API)
     Authentication and Key Exchange for the Secure Shell (SSH) Protocol
-    (only the authentication implemented in libssh)
- - <a href="https://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
+ - <a href="http://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
     The Secure Shell (SSH) Public Key File Format
-    (not implemented in libssh)
- - <a href="https://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>,
+ - <a href="http://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>,
     AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
-    (the algorithm negotiation implemented according to openssh.com)
- - <a href="https://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
+ - <a href="http://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
     Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
- - <a href="https://tools.ietf.org/html/rfc6594" target="_blank">RFC 6594</a>,
-    Use of the SHA-256 Algorithm with RSA, DSA, and ECDSA in SSHFP Resource Records
-    (not implemented in libssh)
- - <a href="https://tools.ietf.org/html/rfc6668" target="_blank">RFC 6668</a>,
-    SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol
- - <a href="https://tools.ietf.org/html/rfc7479" target="_blank">RFC 7479</a>,
-    Using Ed25519 in SSHFP Resource Records
-    (not implemented in libssh)
- - <a href="https://tools.ietf.org/html/rfc8160" target="_blank">RFC 8160</a>,
-    IUTF8 Terminal Mode in Secure Shell (SSH)
-    (not handled in libssh)
- - <a href="https://tools.ietf.org/html/rfc8270" target="_blank">RFC 8270</a>,
-    Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
- - <a href="https://tools.ietf.org/html/rfc8308" target="_blank">RFC 8308</a>,
-    Extension Negotiation in the Secure Shell (SSH) Protocol
-    (only the "server-sig-algs" extension implemented)
- - <a href="https://tools.ietf.org/html/rfc8332" target="_blank">RFC 8332</a>,
-    Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol
-
-There are also drafts that are being currently developed and followed.
-
- - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-10" target="_blank">draft-ietf-curdle-ssh-kex-sha2-10</a>
-    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
- - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-03</a>
-    SSH Agent Protocol
- - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-12" target="_blank">draft-ietf-curdle-ssh-curves-12</a>
-    Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448
 
 Interesting cryptography documents:
 
- - <a href="https://www.cryptsoft.com/pkcs11doc/" target="_blank">PKCS #11</a>, PKCS #11 reference documents, describing interface with smartcards.
+ - <a href="http://www.cryptsoft.com/pkcs11doc/" target="_blank">PKCS #11</a>, PKCS #11 reference documents, describing interface with smartcards.
 
 @subsection main-rfc-sftp Secure Shell File Transfer Protocol (SFTP)
 
@@ -231,22 +199,26 @@ The protocol is not an Internet standard but it is still widely implemented.
 OpenSSH and most other implementation implement Version 3 of the protocol. We
 do the same in libssh.
 
- - <a href="https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02" target="_blank">
+ - <a href="http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02" target="_blank">
    draft-ietf-secsh-filexfer-02.txt</a>,
    SSH File Transfer Protocol
 
 @subsection main-rfc-extensions Secure Shell Extensions
 
+The libssh project has an extension to support Curve25519 which is also supported by
+the OpenSSH project.
+
+ - <a href="http://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt" target="_blank">curve25519-sha256@libssh.org</a>,
+   Curve25519-SHA256 for ECDH KEX
+
 The OpenSSH project has defined some extensions to the protocol. We support some of
 them like the statvfs calls in SFTP or the ssh-agent.
 
- - <a href="https://api.libssh.org/rfc/PROTOCOL" target="_blank">
+ - <a href="http://api.libssh.org/rfc/PROTOCOL" target="_blank">
     OpenSSH's deviations and extensions</a>
- - <a href="https://api.libssh.org/rfc/PROTOCOL.certkeys" target="_blank">
+ - <a href="http://api.libssh.org/rfc/PROTOCOL.agent" target="_blank">
+    OpenSSH's ssh-agent</a>
+ - <a href="http://api.libssh.org/rfc/PROTOCOL.certkeys" target="_blank">
     OpenSSH's pubkey certificate authentication</a>
- - <a href="https://api.libssh.org/rfc/PROTOCOL.chacha20poly1305" target="_blank">
-    chacha20-poly1305@openssh.com authenticated encryption mode</a>
- - <a href="https://api.libssh.org/rfc/PROTOCOL.key" target="_blank">
-    OpenSSH private key format (openssh-key-v1)</a>
 
 */

doc/sftp.dox

@@ -61,7 +61,7 @@ int sftp_helloworld(ssh_session session)
   rc = sftp_init(sftp);
   if (rc != SSH_OK)
   {
-    fprintf(stderr, "Error initializing SFTP session: code %d.\n",
+    fprintf(stderr, "Error initializing SFTP session: %s.\n",
             sftp_get_error(sftp));
     sftp_free(sftp);
     return rc;

examples/CMakeLists.txt

@@ -6,7 +6,10 @@ set(examples_SRCS
   connect_ssh.c
 )
 
-include_directories(${libssh_BINARY_DIR}/include ${libssh_BINARY_DIR})
+include_directories(
+  ${LIBSSH_PUBLIC_INCLUDE_DIRS}
+  ${CMAKE_BINARY_DIR}
+)
 
 if (ARGP_INCLUDE_DIR)
     include_directories(${ARGP_INCLUDE_DIR})
@@ -15,68 +18,60 @@ endif()
 if (UNIX AND NOT WIN32)
     add_executable(libssh_scp libssh_scp.c ${examples_SRCS})
     target_compile_options(libssh_scp PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(libssh_scp ssh::ssh)
+    target_link_libraries(libssh_scp ${LIBSSH_SHARED_LIBRARY})
 
     add_executable(scp_download scp_download.c ${examples_SRCS})
     target_compile_options(scp_download PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(scp_download ssh::ssh)
+    target_link_libraries(scp_download ${LIBSSH_SHARED_LIBRARY})
 
     add_executable(sshnetcat sshnetcat.c ${examples_SRCS})
     target_compile_options(sshnetcat PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(sshnetcat ssh::ssh)
+    target_link_libraries(sshnetcat ${LIBSSH_SHARED_LIBRARY})
 
     if (WITH_SFTP)
         add_executable(samplesftp samplesftp.c ${examples_SRCS})
         target_compile_options(samplesftp PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(samplesftp ssh::ssh)
+        target_link_libraries(samplesftp ${LIBSSH_SHARED_LIBRARY})
     endif (WITH_SFTP)
 
     add_executable(ssh-client ssh_client.c ${examples_SRCS})
     target_compile_options(ssh-client PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(ssh-client ssh::ssh)
+    target_link_libraries(ssh-client ${LIBSSH_SHARED_LIBRARY})
 
     if (WITH_SERVER AND (ARGP_LIBRARY OR HAVE_ARGP_H))
         if (HAVE_LIBUTIL)
             add_executable(ssh_server_fork ssh_server_fork.c)
             target_compile_options(ssh_server_fork PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARY} util)
+            target_link_libraries(ssh_server_fork ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARY} util)
         endif (HAVE_LIBUTIL)
 
         if (WITH_GSSAPI AND GSSAPI_FOUND)
             add_executable(samplesshd-cb samplesshd-cb.c)
             target_compile_options(samplesshd-cb PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(samplesshd-cb ssh::ssh ${ARGP_LIBRARY})
+            target_link_libraries(samplesshd-cb ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARY})
 
             add_executable(proxy proxy.c)
             target_compile_options(proxy PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARY})
-
-            add_executable(sshd_direct-tcpip sshd_direct-tcpip.c)
-            target_compile_options(sshd_direct-tcpip PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARY})
+            target_link_libraries(proxy ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARY})
         endif (WITH_GSSAPI AND GSSAPI_FOUND)
 
         add_executable(samplesshd-kbdint samplesshd-kbdint.c)
         target_compile_options(samplesshd-kbdint PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARY})
+        target_link_libraries(samplesshd-kbdint ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARY})
 
     endif()
 endif (UNIX AND NOT WIN32)
 
 add_executable(exec exec.c ${examples_SRCS})
 target_compile_options(exec PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-target_link_libraries(exec ssh::ssh)
+target_link_libraries(exec ${LIBSSH_SHARED_LIBRARY})
 
 add_executable(senddata senddata.c ${examples_SRCS})
 target_compile_options(senddata PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-target_link_libraries(senddata ssh::ssh)
-
-add_executable(keygen keygen.c)
-target_compile_options(keygen PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-target_link_libraries(keygen ssh::ssh)
+target_link_libraries(senddata ${LIBSSH_SHARED_LIBRARY})
 
 add_executable(libsshpp libsshpp.cpp)
-target_link_libraries(libsshpp ssh::ssh)
+target_link_libraries(libsshpp ${LIBSSH_SHARED_LIBRARY})
 
 add_executable(libsshpp_noexcept libsshpp_noexcept.cpp)
-target_link_libraries(libsshpp_noexcept ssh::ssh)
+target_link_libraries(libsshpp_noexcept ${LIBSSH_SHARED_LIBRARY})

examples/authentication.c

@@ -100,39 +100,6 @@ int authenticate_kbdint(ssh_session session, const char *password)
     return err;
 }
 
-static int auth_keyfile(ssh_session session, char* keyfile)
-{
-    ssh_key key = NULL;
-    char pubkey[132] = {0}; // +".pub"
-    int rc;
-
-    snprintf(pubkey, sizeof(pubkey), "%s.pub", keyfile);
-
-    rc = ssh_pki_import_pubkey_file( pubkey, &key);
-
-    if (rc != SSH_OK)
-        return SSH_AUTH_DENIED;
-
-    rc = ssh_userauth_try_publickey(session, NULL, key);
-
-    ssh_key_free(key);
-
-    if (rc!=SSH_AUTH_SUCCESS)
-        return SSH_AUTH_DENIED;
-
-    rc = ssh_pki_import_privkey_file(keyfile, NULL, NULL, NULL, &key);
-
-    if (rc != SSH_OK)
-        return SSH_AUTH_DENIED;
-
-    rc = ssh_userauth_publickey(session, NULL, key);
-
-    ssh_key_free(key);
-
-    return rc;
-}
-
-
 static void error(ssh_session session)
 {
     fprintf(stderr,"Authentication failed: %s\n",ssh_get_error(session));
@@ -173,35 +140,6 @@ int authenticate_console(ssh_session session)
                 break;
             }
         }
-        {
-            char buffer[128] = {0};
-            char *p = NULL;
-
-            printf("Automatic pubkey failed. "
-                   "Do you want to try a specific key? (y/n)\n");
-            if (fgets(buffer, sizeof(buffer), stdin) == NULL) {
-                break;
-            }
-            if ((buffer[0]=='Y') || (buffer[0]=='y')) {
-                printf("private key filename: ");
-
-                if (fgets(buffer, sizeof(buffer), stdin) == NULL) {
-                    return SSH_AUTH_ERROR;
-                }
-
-                buffer[sizeof(buffer) - 1] = '\0';
-                if ((p = strchr(buffer, '\n'))) {
-                    *p = '\0';
-                }
-
-                rc = auth_keyfile(session, buffer);
-
-                if(rc == SSH_AUTH_SUCCESS) {
-                    break;
-                }
-                fprintf(stderr, "failed with key\n");
-            }
-        }
 
         // Try to authenticate with keyboard interactive";
         if (method & SSH_AUTH_METHOD_INTERACTIVE) {
@@ -234,7 +172,7 @@ int authenticate_console(ssh_session session)
     banner = ssh_get_issue_banner(session);
     if (banner) {
         printf("%s\n",banner);
-        SSH_STRING_FREE_CHAR(banner);
+        ssh_string_free_char(banner);
     }
 
     return rc;

examples/examples_common.h

@@ -14,10 +14,6 @@ clients must be made or how a client should react.
 #define EXAMPLES_COMMON_H_
 
 #include <libssh/libssh.h>
-
-/** Zero a structure */
-#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
-
 int authenticate_console(ssh_session session);
 int authenticate_kbdint(ssh_session session, const char *password);
 int verify_knownhost(ssh_session session);

examples/exec.c

@@ -8,7 +8,7 @@ int main(void) {
     ssh_session session;
     ssh_channel channel;
     char buffer[256];
-    int rbytes, wbytes, total = 0;
+    int nbytes;
     int rc;
 
     session = connect_ssh("localhost", NULL, 0);
@@ -35,30 +35,15 @@ int main(void) {
         goto failed;
     }
 
-    rbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
-    if (rbytes <= 0) {
-        goto failed;
-    }
-
-    do {
-        wbytes = fwrite(buffer + total, 1, rbytes, stdout);
-        if (wbytes <= 0) {
+    nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
+    while (nbytes > 0) {
+        if (fwrite(buffer, 1, nbytes, stdout) != (unsigned int) nbytes) {
             goto failed;
         }
+        nbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
+    }
 
-        total += wbytes;
-
-        /* When it was not possible to write the whole buffer to stdout */
-        if (wbytes < rbytes) {
-            rbytes -= wbytes;
-            continue;
-        }
-
-        rbytes = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
-        total = 0;
-    } while (rbytes > 0);
-
-    if (rbytes < 0) {
+    if (nbytes < 0) {
         goto failed;
     }
 

examples/keygen.c

@@ -1,41 +0,0 @@
-/* keygen.c
- * Sample implementation of ssh-keygen using libssh
- */
-
-/*
-Copyright 2019 Red Hat, Inc.
-
-Author: Jakub Jelen <jjelen@redhat.com>
-
-This file is part of the SSH Library
-
-You are free to copy this file, modify it in any way, consider it being public
-domain. This does not apply to the rest of the library though, but it is
-allowed to cut-and-paste working code from this file to any license of
-program.
- */
-
-#include <libssh/libssh.h>
-#include <stdio.h>
-
-int main(void)
-{
-    ssh_key key = NULL;
-    int rv;
-
-    /* Generate a new ED25519 private key file */
-    rv = ssh_pki_generate(SSH_KEYTYPE_ED25519, 0, &key);
-    if (rv != SSH_OK) {
-        fprintf(stderr, "Failed to generate private key");
-	return -1;
-    }
-
-    /* Write it to a file testkey in the current dirrectory */
-    rv = ssh_pki_export_privkey_file(key, NULL, NULL, NULL, "testkey");
-    if (rv != SSH_OK) {
-        fprintf(stderr, "Failed to write private key file");
-	return -1;
-    }
-
-    return 0;
-}

examples/knownhosts.c

@@ -32,86 +32,82 @@ clients must be made or how a client should react.
 #define strncasecmp _strnicmp
 #endif
 
-int verify_knownhost(ssh_session session)
-{
-    enum ssh_known_hosts_e state;
-    char buf[10];
-    unsigned char *hash = NULL;
-    size_t hlen;
-    ssh_key srv_pubkey;
-    int rc;
+int verify_knownhost(ssh_session session){
+  enum ssh_known_hosts_e state;
+  char buf[10];
+  unsigned char *hash = NULL;
+  size_t hlen;
+  ssh_key srv_pubkey;
+  int rc;
 
-    rc = ssh_get_server_publickey(session, &srv_pubkey);
-    if (rc < 0) {
-        return -1;
-    }
+  rc = ssh_get_server_publickey(session, &srv_pubkey);
+  if (rc < 0) {
+      return -1;
+  }
 
-    rc = ssh_get_publickey_hash(srv_pubkey,
-                                SSH_PUBLICKEY_HASH_SHA256,
-                                &hash,
-                                &hlen);
-    ssh_key_free(srv_pubkey);
-    if (rc < 0) {
-        return -1;
-    }
+  rc = ssh_get_publickey_hash(srv_pubkey,
+                              SSH_PUBLICKEY_HASH_SHA256,
+                              &hash,
+                              &hlen);
+  ssh_key_free(srv_pubkey);
+  if (rc < 0) {
+      return -1;
+  }
 
-    state = ssh_session_is_known_server(session);
+  state = ssh_session_is_known_server(session);
 
-    switch(state) {
-    case SSH_KNOWN_HOSTS_CHANGED:
-        fprintf(stderr,"Host key for server changed : server's one is now :\n");
-        ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
-        ssh_clean_pubkey_hash(&hash);
-        fprintf(stderr,"For security reason, connection will be stopped\n");
-        return -1;
-    case SSH_KNOWN_HOSTS_OTHER:
-        fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n");
-        fprintf(stderr,"An attacker might change the default server key to confuse your client"
-                "into thinking the key does not exist\n"
-                "We advise you to rerun the client with -d or -r for more safety.\n");
-        return -1;
-    case SSH_KNOWN_HOSTS_NOT_FOUND:
-        fprintf(stderr,"Could not find known host file. If you accept the host key here,\n");
-        fprintf(stderr,"the file will be automatically created.\n");
-        /* fallback to SSH_SERVER_NOT_KNOWN behavior */
-        FALL_THROUGH;
-    case SSH_SERVER_NOT_KNOWN:
-        fprintf(stderr,
-                "The server is unknown. Do you trust the host key (yes/no)?\n");
-        ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
-
-        if (fgets(buf, sizeof(buf), stdin) == NULL) {
-            ssh_clean_pubkey_hash(&hash);
-            return -1;
-        }
-        if(strncasecmp(buf,"yes",3)!=0){
-            ssh_clean_pubkey_hash(&hash);
-            return -1;
-        }
-        fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n");
-        if (fgets(buf, sizeof(buf), stdin) == NULL) {
-            ssh_clean_pubkey_hash(&hash);
-            return -1;
-        }
-        if(strncasecmp(buf,"yes",3)==0){
-            rc = ssh_session_update_known_hosts(session);
-            if (rc != SSH_OK) {
-                ssh_clean_pubkey_hash(&hash);
-                fprintf(stderr, "error %s\n", strerror(errno));
-                return -1;
-            }
-        }
-
-        break;
-    case SSH_KNOWN_HOSTS_ERROR:
-        ssh_clean_pubkey_hash(&hash);
-        fprintf(stderr,"%s",ssh_get_error(session));
-        return -1;
+  switch(state){
     case SSH_KNOWN_HOSTS_OK:
-        break; /* ok */
-    }
+      break; /* ok */
+    case SSH_KNOWN_HOSTS_CHANGED:
+      fprintf(stderr,"Host key for server changed : server's one is now :\n");
+      ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
+      ssh_clean_pubkey_hash(&hash);
+      fprintf(stderr,"For security reason, connection will be stopped\n");
+      return -1;
+    case SSH_KNOWN_HOSTS_OTHER:
+      fprintf(stderr,"The host key for this server was not found but an other type of key exists.\n");
+      fprintf(stderr,"An attacker might change the default server key to confuse your client"
+          "into thinking the key does not exist\n"
+          "We advise you to rerun the client with -d or -r for more safety.\n");
+      return -1;
+    case SSH_KNOWN_HOSTS_NOT_FOUND:
+      fprintf(stderr,"Could not find known host file. If you accept the host key here,\n");
+      fprintf(stderr,"the file will be automatically created.\n");
+      /* fallback to SSH_SERVER_NOT_KNOWN behavior */
+      FALL_THROUGH;
+    case SSH_SERVER_NOT_KNOWN:
+      fprintf(stderr,
+              "The server is unknown. Do you trust the host key (yes/no)?\n");
+      ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
 
-    ssh_clean_pubkey_hash(&hash);
+      if (fgets(buf, sizeof(buf), stdin) == NULL) {
+	    ssh_clean_pubkey_hash(&hash);
+        return -1;
+      }
+      if(strncasecmp(buf,"yes",3)!=0){
+	    ssh_clean_pubkey_hash(&hash);
+        return -1;
+      }
+      fprintf(stderr,"This new key will be written on disk for further usage. do you agree ?\n");
+      if (fgets(buf, sizeof(buf), stdin) == NULL) {
+	    ssh_clean_pubkey_hash(&hash);
+        return -1;
+      }
+      if(strncasecmp(buf,"yes",3)==0){
+        if (ssh_write_knownhost(session) < 0) {
+          ssh_clean_pubkey_hash(&hash);
+          fprintf(stderr, "error %s\n", strerror(errno));
+          return -1;
+        }
+      }
 
-    return 0;
+      break;
+    case SSH_KNOWN_HOSTS_ERROR:
+      ssh_clean_pubkey_hash(&hash);
+      fprintf(stderr,"%s",ssh_get_error(session));
+      return -1;
+  }
+  ssh_clean_pubkey_hash(&hash);
+  return 0;
 }

examples/libssh_scp.c

@@ -233,7 +233,7 @@ static int open_location(struct location *loc, int flag) {
         loc->file = fopen(loc->path, flag == READ ? "r":"w");
         if (!loc->file) {
             if (errno == EISDIR) {
-                if (loc->path != NULL && chdir(loc->path)) {
+                if (chdir(loc->path)) {
                     fprintf(stderr,
                             "Error changing directory to %s: %s\n",
                             loc->path, strerror(errno));
@@ -257,15 +257,14 @@ static int open_location(struct location *loc, int flag) {
  * @param recursive Copy also directories
  */
 static int do_copy(struct location *src, struct location *dest, int recursive) {
-    size_t size;
+    int size;
     socket_t fd;
     struct stat s;
     int w, r;
     char buffer[16384];
-    size_t total = 0;
-    mode_t mode;
+    int total = 0;
+    int mode;
     char *filename = NULL;
-
     /* recursive mode doesn't work yet */
     (void)recursive;
     /* Get the file name and size*/
@@ -303,7 +302,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
                 fprintf(stderr,
                         "Error: %s\n",
                         ssh_get_error(src->session));
-                SSH_STRING_FREE_CHAR(filename);
+                ssh_string_free_char(filename);
                 return -1;
             }
         } while(r != SSH_SCP_REQUEST_NEWFILE);
@@ -316,7 +315,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
             fprintf(stderr,
                     "error: %s\n",
                     ssh_get_error(dest->session));
-            SSH_STRING_FREE_CHAR(filename);
+            ssh_string_free_char(filename);
             ssh_scp_free(dest->scp);
             dest->scp = NULL;
             return -1;
@@ -331,7 +330,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
                 if (src->is_ssh) {
                     ssh_scp_deny_request(src->scp, "Cannot open local file");
                 }
-                SSH_STRING_FREE_CHAR(filename);
+                ssh_string_free_char(filename);
                 return -1;
             }
         }
@@ -347,7 +346,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
                 fprintf(stderr,
                         "Error reading scp: %s\n",
                         ssh_get_error(src->session));
-                SSH_STRING_FREE_CHAR(filename);
+                ssh_string_free_char(filename);
                 return -1;
             }
 
@@ -364,7 +363,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
                 fprintf(stderr,
                         "Error reading file: %s\n",
                         strerror(errno));
-                SSH_STRING_FREE_CHAR(filename);
+                ssh_string_free_char(filename);
                 return -1;
             }
         }
@@ -377,7 +376,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
                         ssh_get_error(dest->session));
                 ssh_scp_free(dest->scp);
                 dest->scp = NULL;
-                SSH_STRING_FREE_CHAR(filename);
+                ssh_string_free_char(filename);
                 return -1;
             }
         } else {
@@ -386,7 +385,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
                 fprintf(stderr,
                         "Error writing in local file: %s\n",
                         strerror(errno));
-                SSH_STRING_FREE_CHAR(filename);
+                ssh_string_free_char(filename);
                 return -1;
             }
         }
@@ -394,8 +393,8 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
 
     } while(total < size);
 
-    SSH_STRING_FREE_CHAR(filename);
-    printf("wrote %zu bytes\n", total);
+    ssh_string_free_char(filename);
+    printf("wrote %d bytes\n", total);
     return 0;
 }
 

examples/ssh_client.c

@@ -1,17 +1,16 @@
-/* ssh_client.c */
-
+/* client.c */
 /*
- * Copyright 2003-2015 Aris Adamantiadis
- *
- * This file is part of the SSH Library
- *
- * You are free to copy this file, modify it in any way, consider it being public
- * domain. This does not apply to the rest of the library though, but it is
- * allowed to cut-and-paste working code from this file to any license of
- * program.
- * The goal is to show the API in action. It's not a reference on how terminal
- * clients must be made or how a client should react.
- */
+Copyright 2003-2009 Aris Adamantiadis
+
+This file is part of the SSH Library
+
+You are free to copy this file, modify it in any way, consider it being public
+domain. This does not apply to the rest of the library though, but it is
+allowed to cut-and-paste working code from this file to any license of
+program.
+The goal is to show the API in action. It's not a reference on how terminal
+clients must be made or how a client should react.
+*/
 
 #include "config.h"
 #include <stdio.h>
@@ -198,20 +197,19 @@ static void sizechanged(void)
 static void select_loop(ssh_session session,ssh_channel channel)
 {
     ssh_connector connector_in, connector_out, connector_err;
-    int rc;
 
     ssh_event event = ssh_event_new();
 
     /* stdin */
     connector_in = ssh_connector_new(session);
-    ssh_connector_set_out_channel(connector_in, channel, SSH_CONNECTOR_STDINOUT);
+    ssh_connector_set_out_channel(connector_in, channel, SSH_CONNECTOR_STDOUT);
     ssh_connector_set_in_fd(connector_in, 0);
     ssh_event_add_connector(event, connector_in);
 
     /* stdout */
     connector_out = ssh_connector_new(session);
     ssh_connector_set_out_fd(connector_out, 1);
-    ssh_connector_set_in_channel(connector_out, channel, SSH_CONNECTOR_STDINOUT);
+    ssh_connector_set_in_channel(connector_out, channel, SSH_CONNECTOR_STDOUT);
     ssh_event_add_connector(event, connector_out);
 
     /* stderr */
@@ -224,11 +222,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
         if (signal_delayed) {
             sizechanged();
         }
-        rc = ssh_event_dopoll(event, 60000);
-        if (rc == SSH_ERROR) {
-            fprintf(stderr, "Error in ssh_event_dopoll()\n");
-            break;
-        }
+        ssh_event_dopoll(event, 60000);
     }
     ssh_event_remove_connector(event, connector_in);
     ssh_event_remove_connector(event, connector_out);
@@ -239,6 +233,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
     ssh_connector_free(connector_err);
 
     ssh_event_free(event);
+    ssh_channel_free(channel);
 }
 
 static void shell(ssh_session session)
@@ -246,11 +241,7 @@ static void shell(ssh_session session)
     ssh_channel channel;
     struct termios terminal_local;
     int interactive=isatty(0);
-
     channel = ssh_channel_new(session);
-    if (channel == NULL) {
-        return;
-    }
 
     if (interactive) {
         tcgetattr(0, &terminal_local);
@@ -259,7 +250,6 @@ static void shell(ssh_session session)
 
     if (ssh_channel_open_session(channel)) {
         printf("Error opening channel : %s\n", ssh_get_error(session));
-        ssh_channel_free(channel);
         return;
     }
     chan = channel;
@@ -270,7 +260,6 @@ static void shell(ssh_session session)
 
     if (ssh_channel_request_shell(channel)) {
         printf("Requesting shell : %s\n", ssh_get_error(session));
-        ssh_channel_free(channel);
         return;
     }
 
@@ -284,7 +273,6 @@ static void shell(ssh_session session)
     if (interactive) {
         do_cleanup(0);
     }
-    ssh_channel_free(channel);
 }
 
 static void batch_shell(ssh_session session)
@@ -301,18 +289,12 @@ static void batch_shell(ssh_session session)
     }
 
     channel = ssh_channel_new(session);
-    if (channel == NULL) {
-        return;
-    }
-
     ssh_channel_open_session(channel);
     if (ssh_channel_request_exec(channel, buffer)) {
         printf("Error executing '%s' : %s\n", buffer, ssh_get_error(session));
-        ssh_channel_free(channel);
         return;
     }
     select_loop(session, channel);
-    ssh_channel_free(channel);
 }
 
 static int client(ssh_session session)

examples/ssh_server_fork.c

@@ -37,7 +37,6 @@ The goal is to show the API in action.
 #endif
 #include <sys/ioctl.h>
 #include <sys/wait.h>
-#include <sys/stat.h>
 #include <stdio.h>
 
 #ifndef KEYS_FOLDER
@@ -70,11 +69,8 @@ static void set_default_keys(ssh_bind sshbind,
         ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY,
                              KEYS_FOLDER "ssh_host_ecdsa_key");
     }
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
-                         KEYS_FOLDER "ssh_host_ed25519_key");
 }
-#define DEF_STR_SIZE 1024
-char authorizedkeys[DEF_STR_SIZE] = {0};
+
 #ifdef HAVE_ARGP_H
 const char *argp_program_version = "libssh server example "
 SSH_STRINGIFY(LIBSSH_VERSION);
@@ -129,14 +125,6 @@ static struct argp_option options[] = {
         .doc   = "Set the ecdsa key.",
         .group = 0
     },
-    {
-        .name  = "authorizedkeys",
-        .key   = 'a',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the authorized keys file.",
-        .group = 0
-    },
     {
         .name  = "no-default-keys",
         .key   = 'n',
@@ -190,9 +178,6 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg);
             ecdsa_already_set = 1;
             break;
-        case 'a':
-            strncpy(authorizedkeys, arg, DEF_STR_SIZE-1);
-            break;
         case 'v':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
                                  "3");
@@ -449,53 +434,6 @@ static int auth_password(ssh_session session, const char *user,
     return SSH_AUTH_DENIED;
 }
 
-static int auth_publickey(ssh_session session,
-                          const char *user,
-                          struct ssh_key_struct *pubkey,
-                          char signature_state,
-                          void *userdata)
-{
-    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
-
-    (void) user;
-    (void) session;
-
-    if (signature_state == SSH_PUBLICKEY_STATE_NONE) {
-        return SSH_AUTH_SUCCESS;
-    }
-
-    if (signature_state != SSH_PUBLICKEY_STATE_VALID) {
-        return SSH_AUTH_DENIED;
-    }
-
-    // valid so far.  Now look through authorized keys for a match
-    if (authorizedkeys[0]) {
-        ssh_key key = NULL;
-        int result;
-        struct stat buf;
-
-        if (stat(authorizedkeys, &buf) == 0) {
-            result = ssh_pki_import_pubkey_file( authorizedkeys, &key );
-            if ((result != SSH_OK) || (key==NULL)) {
-                fprintf(stderr,
-                        "Unable to import public key file %s\n",
-                        authorizedkeys);
-            } else {
-                result = ssh_key_cmp( key, pubkey, SSH_KEY_CMP_PUBLIC );
-                ssh_key_free(key);
-                if (result == 0) {
-                    sdata->authenticated = 1;
-                    return SSH_AUTH_SUCCESS;
-                }
-            }
-        }
-    }
-
-    // no matches
-    sdata->authenticated = 0;
-    return SSH_AUTH_DENIED;
-}
-
 static ssh_channel channel_open(ssh_session session, void *userdata) {
     struct session_data_struct *sdata = (struct session_data_struct *) userdata;
 
@@ -534,8 +472,7 @@ static int process_stderr(socket_t fd, int revents, void *userdata) {
 }
 
 static void handle_session(ssh_event event, ssh_session session) {
-    int n;
-    int rc = 0;
+    int n, rc;
 
     /* Structure for storing the pty size. */
     struct winsize wsize = {
@@ -580,12 +517,6 @@ static void handle_session(ssh_event event, ssh_session session) {
         .channel_open_request_session_function = channel_open,
     };
 
-    if (authorizedkeys[0]) {
-        server_cb.auth_pubkey_function = auth_publickey;
-        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_PUBLICKEY);
-    } else
-        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD);
-
     ssh_callbacks_init(&server_cb);
     ssh_callbacks_init(&channel_cb);
 
@@ -596,6 +527,7 @@ static void handle_session(ssh_event event, ssh_session session) {
         return;
     }
 
+    ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD);
     ssh_event_add_session(event, session);
 
     n = 0;

examples/sshd_direct-tcpip.c

@@ -1,749 +0,0 @@
-/* This is a sample implementation of a libssh based SSH server */
-/*
-Copyright 2003-2009 Aris Adamantiadis
-Copyright 2018 T. Wimmer
-
-This file is part of the SSH Library
-
-You are free to copy this file, modify it in any way, consider it being public
-domain. This does not apply to the rest of the library though, but it is
-allowed to cut-and-paste working code from this file to any license of
-program.
-The goal is to show the API in action. It's not a reference on how terminal
-clients must be made or how a client should react.
-*/
-
-/*
- Example:
-  ./sshd_direct-tcpip -v -p 2022 -d serverkey.dsa -r serverkey.rsa 127.0.0.1
-*/
-
-#include "config.h"
-
-#include <libssh/libssh.h>
-#include <libssh/server.h>
-#include <libssh/callbacks.h>
-
-#ifdef HAVE_ARGP_H
-#include <argp.h>
-#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <poll.h>
-
-#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)
-
-#ifndef __unused__
-# ifdef HAVE_UNUSED_ATTRIBUTE
-#  define __unused__ __attribute__((unused))
-# else /* HAVE_UNUSED_ATTRIBUTE */
-#  define __unused__
-# endif /* HAVE_UNUSED_ATTRIBUTE */
-#endif /* __unused__ */
-
-#ifndef UNUSED_PARAM
-#define UNUSED_PARAM(param) param __unused__
-#endif /* UNUSED_PARAM */
-
-#ifndef KEYS_FOLDER
-#ifdef _WIN32
-#define KEYS_FOLDER
-#else
-#define KEYS_FOLDER "/etc/ssh/"
-#endif
-#endif
-
-#define USER "user"
-#define PASSWORD "pwd"
-
-struct event_fd_data_struct {
-    int *p_fd;
-    ssh_channel channel;
-    struct ssh_channel_callbacks_struct *cb_chan;
-    int stacked;
-};
-
-struct cleanup_node_struct {
-    struct event_fd_data_struct *data;
-    struct cleanup_node_struct *next;
-};
-
-static bool authenticated = false;
-static int tries = 0;
-static bool error_set = false;
-static int sockets_cnt = 0;
-static ssh_event mainloop = NULL;
-static struct cleanup_node_struct *cleanup_stack = NULL;
-
-static void _close_socket(struct event_fd_data_struct event_fd_data);
-
-static void
-cleanup_push(struct cleanup_node_struct** head_ref,
-             struct event_fd_data_struct *new_data)
-{
-    // Allocate memory for node
-    struct cleanup_node_struct *new_node = malloc(sizeof *new_node);
-
-    if (head_ref != NULL) {
-        new_node->next = *head_ref;
-    } else {
-        new_node->next = NULL;
-    }
-
-    // Copy new_data
-    new_node->data = new_data;
-
-    // Change head pointer as new node is added at the beginning
-    (*head_ref) = new_node;
-}
-
-static void
-do_cleanup(struct cleanup_node_struct **head_ref)
-{
-    struct cleanup_node_struct *current = (*head_ref);
-    struct cleanup_node_struct *previous = NULL, *gone = NULL;
-
-    while (current != NULL) {
-        if (ssh_channel_is_closed(current->data->channel)) {
-            if (current == (*head_ref)) {
-                (*head_ref) = current->next;
-            }
-            if (previous != NULL) {
-                previous->next = current->next;
-            }
-            gone = current;
-            current = current->next;
-
-            if (gone->data->channel) {
-                _close_socket(*gone->data);
-                ssh_remove_channel_callbacks(gone->data->channel, gone->data->cb_chan);
-                ssh_channel_free(gone->data->channel);
-                gone->data->channel = NULL;
-
-                SAFE_FREE(gone->data->p_fd);
-                SAFE_FREE(gone->data->cb_chan);
-                SAFE_FREE(gone->data);
-                SAFE_FREE(gone);
-            }
-            else {
-                fprintf(stderr, "channel already freed!\n");
-            }
-            _ssh_log(SSH_LOG_FUNCTIONS, "=== do_cleanup", "Freed.");
-        }
-        else {
-            ssh_channel_close(current->data->channel);
-            previous = current;
-            current = current->next;
-        }
-    }
-}
-
-static int
-auth_password(ssh_session session,
-              const char *user,
-              const char *password,
-              UNUSED_PARAM(void *userdata))
-{
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== auth_password", "Authenticating user %s pwd %s",
-             user,
-             password);
-    if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0) {
-        authenticated = true;
-        printf("Authenticated\n");
-        return SSH_AUTH_SUCCESS;
-    }
-    if (tries >= 3) {
-        printf("Too many authentication tries\n");
-        ssh_disconnect(session);
-        error_set = true;
-        return SSH_AUTH_DENIED;
-    }
-    tries++;
-    return SSH_AUTH_DENIED;
-}
-
-static int
-auth_gssapi_mic(ssh_session session,
-                const char *user,
-                const char *principal,
-                UNUSED_PARAM(void *userdata))
-{
-    ssh_gssapi_creds creds = ssh_gssapi_get_creds(session);
-    printf("Authenticating user %s with gssapi principal %s\n",
-           user, principal);
-    if (creds != NULL) {
-        printf("Received some gssapi credentials\n");
-    } else {
-        printf("Not received any forwardable creds\n");
-    }
-    printf("authenticated\n");
-    authenticated = true;
-    return SSH_AUTH_SUCCESS;
-}
-
-static int
-subsystem_request(UNUSED_PARAM(ssh_session session),
-                  UNUSED_PARAM(ssh_channel channel),
-                  const char *subsystem,
-                  UNUSED_PARAM(void *userdata))
-{
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== subsystem_request", "Channel subsystem reqeuest: %s",
-             subsystem);
-    return 0;
-}
-
-struct ssh_channel_callbacks_struct channel_cb = {
-    .channel_subsystem_request_function = subsystem_request
-};
-
-static ssh_channel
-new_session_channel(UNUSED_PARAM(ssh_session session),
-                    UNUSED_PARAM(void *userdata))
-{
-    _ssh_log(SSH_LOG_PROTOCOL, "=== subsystem_request", "Session channel request");
-    /* For TCP forward only there seems to be no need for a session channel */
-    /*if(chan != NULL)
-        return NULL;
-    printf("Session channel request\n");
-    chan = ssh_channel_new(session);
-    ssh_callbacks_init(&channel_cb);
-    ssh_set_channel_callbacks(chan, &channel_cb);
-    return chan;*/
-    return NULL;
-}
-
-static void
-stack_socket_close(UNUSED_PARAM(ssh_session session),
-                   struct event_fd_data_struct *event_fd_data)
-{
-    if (event_fd_data->stacked != 1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, "=== stack_socket_close",
-                 "Closing fd = %d sockets_cnt = %d", *event_fd_data->p_fd,
-                 sockets_cnt);
-        event_fd_data->stacked = 1;
-        cleanup_push(&cleanup_stack, event_fd_data);
-    }
-}
-
-static void
-_close_socket(struct event_fd_data_struct event_fd_data)
-{
-    _ssh_log(SSH_LOG_FUNCTIONS, "=== close_socket",
-             "Closing fd = %d sockets_cnt = %d", *event_fd_data.p_fd,
-             sockets_cnt);
-    ssh_event_remove_fd(mainloop, *event_fd_data.p_fd);
-    sockets_cnt--;
-#ifdef _WIN32
-    closesocket(*event_fd_data.p_fd);
-#else
-    close(*event_fd_data.p_fd);
-#endif // _WIN32
-    (*event_fd_data.p_fd) = SSH_INVALID_SOCKET;
-}
-
-static int
-service_request(UNUSED_PARAM(ssh_session session),
-                const char *service,
-                UNUSED_PARAM(void *userdata))
-{
-    _ssh_log(SSH_LOG_PROTOCOL, "=== service_request", "Service request: %s", service);
-    return 0;
-}
-
-static void
-global_request(UNUSED_PARAM(ssh_session session),
-               ssh_message message,
-               UNUSED_PARAM(void *userdata))
-{
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== global_request", "Global request, message type: %d",
-             ssh_message_type(message));
-}
-
-static void
-my_channel_close_function(ssh_session session,
-                          UNUSED_PARAM(ssh_channel channel),
-                          void *userdata)
-{
-    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
-
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== my_channel_close_function",
-             "Channel closed by remote.");
-
-    stack_socket_close(session, event_fd_data);
-}
-
-static void
-my_channel_eof_function(ssh_session session,
-                        UNUSED_PARAM(ssh_channel channel),
-                        void *userdata)
-{
-    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
-
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== my_channel_eof_function",
-             "Got EOF on channel. Shuting down write on socket (fd = %d).",
-             *event_fd_data->p_fd);
-
-    stack_socket_close(session, event_fd_data);
-}
-
-static void
-my_channel_exit_status_function(UNUSED_PARAM(ssh_session session),
-                                UNUSED_PARAM(ssh_channel channel),
-                                int exit_status,
-                                void *userdata)
-{
-    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
-
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== my_channel_exit_status_function",
-             "Got exit status %d on channel fd = %d.",
-             exit_status, *event_fd_data->p_fd);
-}
-
-static int
-my_channel_data_function(ssh_session session,
-                         UNUSED_PARAM(ssh_channel channel),
-                         void *data,
-                         uint32_t len,
-                         UNUSED_PARAM(int is_stderr),
-                         void *userdata)
-{
-    int i = 0;
-    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
-
-    if (event_fd_data->channel == NULL) {
-        fprintf(stderr, "Why we're here? Stacked = %d\n", event_fd_data->stacked);
-    }
-
-    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== my_channel_data_function",
-             "%d bytes waiting on channel for reading. Fd = %d",
-             len,
-             *event_fd_data->p_fd);
-    if (len > 0) {
-        i = send(*event_fd_data->p_fd, data, len, 0);
-    }
-    if (i < 0) {
-        _ssh_log(SSH_LOG_WARNING, "=== my_channel_data_function",
-                 "Writing to tcp socket %d: %s", *event_fd_data->p_fd,
-                 strerror(errno));
-        stack_socket_close(session, event_fd_data);
-    }
-    else {
-        _ssh_log(SSH_LOG_FUNCTIONS, "=== my_channel_data_function", "Sent %d bytes", i);
-    }
-    return i;
-}
-
-static int
-my_fd_data_function(UNUSED_PARAM(socket_t fd),
-                    int revents,
-                    void *userdata)
-{
-    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
-    ssh_channel channel = event_fd_data->channel;
-    ssh_session session;
-    int len, i, wr;
-    char buf[16384];
-    int blocking;
-
-    if (channel == NULL) {
-        _ssh_log(SSH_LOG_FUNCTIONS, "=== my_fd_data_function", "channel == NULL!");
-        return 0;
-    }
-
-    session = ssh_channel_get_session(channel);
-
-    if (ssh_channel_is_closed(channel)) {
-        _ssh_log(SSH_LOG_FUNCTIONS, "=== my_fd_data_function", "channel is closed!");
-        stack_socket_close(session, event_fd_data);
-        return 0;
-    }
-
-    if (!(revents & POLLIN)) {
-        if (revents & POLLPRI) {
-            _ssh_log(SSH_LOG_PROTOCOL, "=== my_fd_data_function", "poll revents & POLLPRI");
-        }
-        if (revents & POLLOUT) {
-            _ssh_log(SSH_LOG_PROTOCOL, "=== my_fd_data_function", "poll revents & POLLOUT");
-        }
-        if (revents & POLLHUP) {
-            _ssh_log(SSH_LOG_PROTOCOL, "=== my_fd_data_function", "poll revents & POLLHUP");
-        }
-        if (revents & POLLNVAL) {
-            _ssh_log(SSH_LOG_PROTOCOL, "=== my_fd_data_function", "poll revents & POLLNVAL");
-        }
-        if (revents & POLLERR) {
-            _ssh_log(SSH_LOG_PROTOCOL, "=== my_fd_data_function", "poll revents & POLLERR");
-        }
-        return 0;
-    }
-
-    blocking = ssh_is_blocking(session);
-    ssh_set_blocking(session, 0);
-
-    _ssh_log(SSH_LOG_FUNCTIONS,
-             "=== my_fd_data_function",
-             "Trying to read from tcp socket fd = %d",
-             *event_fd_data->p_fd);
-#ifdef _WIN32
-    struct sockaddr from;
-    int fromlen = sizeof(from);
-    len = recvfrom(*event_fd_data->p_fd, buf, sizeof(buf), 0, &from, &fromlen);
-#else
-    len = recv(*event_fd_data->p_fd, buf, sizeof(buf), 0);
-#endif // _WIN32
-    if (len < 0) {
-        _ssh_log(SSH_LOG_WARNING, "=== my_fd_data_function", "Reading from tcp socket: %s", strerror(errno));
-
-        ssh_channel_send_eof(channel);
-    }
-    else if (len > 0) {
-        if (ssh_channel_is_open(channel)) {
-            wr = 0;
-            do {
-                i = ssh_channel_write(channel, buf, len);
-                if (i < 0) {
-                    _ssh_log(SSH_LOG_WARNING, "=== my_fd_data_function", "Error writing on the direct-tcpip channel: %d", i);
-                    len = wr;
-                    break;
-                }
-                wr += i;
-                _ssh_log(SSH_LOG_FUNCTIONS, "=== my_fd_data_function", "channel_write (%d from %d)", wr, len);
-            } while (i > 0 && wr < len);
-        }
-        else {
-            _ssh_log(SSH_LOG_WARNING, "=== my_fd_data_function", "Can't write on closed channel!");
-        }
-    }
-    else {
-        _ssh_log(SSH_LOG_PROTOCOL, "=== my_fd_data_function", "The destination host has disconnected!");
-
-        ssh_channel_close(channel);
-#ifdef _WIN32
-        shutdown(*event_fd_data->p_fd, SD_RECEIVE);
-#else
-        shutdown(*event_fd_data->p_fd, SHUT_RD);
-#endif // _WIN32
-    }
-    ssh_set_blocking(session, blocking);
-
-    return len;
-}
-
-static int
-open_tcp_socket(ssh_message msg)
-{
-    struct sockaddr_in sin;
-    int forwardsock = -1;
-    struct hostent *host;
-    const char *dest_hostname;
-    int dest_port;
-
-    forwardsock = socket(AF_INET, SOCK_STREAM, 0);
-    if (forwardsock < 0) {
-        _ssh_log(SSH_LOG_WARNING, "=== open_tcp_socket", "ERROR opening socket: %s", strerror(errno));
-        return -1;
-    }
-
-    dest_hostname = ssh_message_channel_request_open_destination(msg);
-    dest_port = ssh_message_channel_request_open_destination_port(msg);
-
-    _ssh_log(SSH_LOG_PROTOCOL, "=== open_tcp_socket", "Connecting to %s on port %d", dest_hostname, dest_port);
-
-    host = gethostbyname(dest_hostname);
-    if (host == NULL) {
-        close(forwardsock);
-        _ssh_log(SSH_LOG_WARNING, "=== open_tcp_socket", "ERROR, no such host: %s", dest_hostname);
-        return -1;
-    }
-
-    memset((char *)&sin, '\0', sizeof(sin));
-    sin.sin_family = AF_INET;
-    memcpy((char *)&sin.sin_addr.s_addr, (char *)host->h_addr, host->h_length);
-    sin.sin_port = htons(dest_port);
-
-    if (connect(forwardsock, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
-        close(forwardsock);
-        _ssh_log(SSH_LOG_WARNING, "=== open_tcp_socket", "ERROR connecting: %s", strerror(errno));
-        return -1;
-    }
-
-    sockets_cnt++;
-    _ssh_log(SSH_LOG_FUNCTIONS, "=== open_tcp_socket", "Connected. sockets_cnt = %d", sockets_cnt);
-    return forwardsock;
-}
-
-static int
-message_callback(UNUSED_PARAM(ssh_session session),
-                 ssh_message message,
-                 UNUSED_PARAM(void *userdata))
-{
-    ssh_channel channel;
-    int socket_fd, *pFd;
-    struct ssh_channel_callbacks_struct *cb_chan;
-    struct event_fd_data_struct *event_fd_data;
-
-    _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
-             ssh_message_type(message));
-    _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message Subtype: %d",
-             ssh_message_subtype(message));
-    if (ssh_message_type(message) == SSH_REQUEST_CHANNEL_OPEN) {
-        _ssh_log(SSH_LOG_PROTOCOL, "=== message_callback", "channel_request_open");
-
-        if (ssh_message_subtype(message) == SSH_CHANNEL_DIRECT_TCPIP) {
-            channel = ssh_message_channel_request_open_reply_accept(message);
-
-            if (channel == NULL) {
-                _ssh_log(SSH_LOG_WARNING, "=== message_callback", "Accepting direct-tcpip channel failed!");
-                return 1;
-            }
-            else {
-                _ssh_log(SSH_LOG_PROTOCOL, "=== message_callback", "Connected to channel!");
-
-                socket_fd = open_tcp_socket(message);
-                if (-1 == socket_fd) {
-                    return 1;
-                }
-
-                pFd = malloc(sizeof *pFd);
-                cb_chan = malloc(sizeof *cb_chan);
-                event_fd_data = malloc(sizeof *event_fd_data);
-                if (pFd == NULL || cb_chan == NULL || event_fd_data == NULL) {
-                    SAFE_FREE(pFd);
-                    SAFE_FREE(cb_chan);
-                    SAFE_FREE(event_fd_data);
-                    return 1;
-                }
-
-                (*pFd) = socket_fd;
-                event_fd_data->channel = channel;
-                event_fd_data->p_fd = pFd;
-                event_fd_data->stacked = 0;
-                event_fd_data->cb_chan = cb_chan;
-
-                cb_chan->userdata = event_fd_data;
-                cb_chan->channel_eof_function = my_channel_eof_function;
-                cb_chan->channel_close_function = my_channel_close_function;
-                cb_chan->channel_data_function = my_channel_data_function;
-                cb_chan->channel_exit_status_function = my_channel_exit_status_function;
-
-                ssh_callbacks_init(cb_chan);
-                ssh_set_channel_callbacks(channel, cb_chan);
-
-                ssh_event_add_fd(mainloop, (socket_t)*pFd, POLLIN, my_fd_data_function, event_fd_data);
-
-                return 0;
-            }
-        }
-    }
-    return 1;
-}
-
-#ifdef HAVE_ARGP_H
-const char *argp_program_version = "libssh server example "
-SSH_STRINGIFY(LIBSSH_VERSION);
-const char *argp_program_bug_address = "<libssh@libssh.org>";
-
-/* Program documentation. */
-static char doc[] = "libssh -- a Secure Shell protocol implementation";
-
-/* A description of the arguments we accept. */
-static char args_doc[] = "BINDADDR";
-
-/* The options we understand. */
-static struct argp_option options[] = {
-    {
-        .name  = "port",
-        .key   = 'p',
-        .arg   = "PORT",
-        .flags = 0,
-        .doc   = "Set the port to bind.",
-        .group = 0
-    },
-    {
-        .name  = "hostkey",
-        .key   = 'k',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the host key.",
-        .group = 0
-    },
-    {
-        .name  = "dsakey",
-        .key   = 'd',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the dsa key.",
-        .group = 0
-    },
-    {
-        .name  = "rsakey",
-        .key   = 'r',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the rsa key.",
-        .group = 0
-    },
-    {
-        .name  = "verbose",
-        .key   = 'v',
-        .arg   = NULL,
-        .flags = 0,
-        .doc   = "Get verbose output.",
-        .group = 0
-    },
-    {NULL, 0, NULL, 0, NULL, 0}
-};
-
-/* Parse a single option. */
-static error_t
-parse_opt (int key, char *arg, struct argp_state *state)
-{
-    /* Get the input argument from argp_parse, which we
-     * know is a pointer to our arguments structure.
-     */
-    ssh_bind sshbind = state->input;
-
-    switch (key) {
-        case 'p':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
-            break;
-        case 'd':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
-            break;
-        case 'k':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
-            break;
-        case 'r':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
-            break;
-        case 'v':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1");
-            break;
-        case ARGP_KEY_ARG:
-            if (state->arg_num >= 1) {
-                /* Too many arguments. */
-                argp_usage (state);
-            }
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, arg);
-            break;
-        case ARGP_KEY_END:
-            if (state->arg_num < 1) {
-                /* Not enough arguments. */
-                argp_usage (state);
-            }
-            break;
-        default:
-            return ARGP_ERR_UNKNOWN;
-    }
-
-    return 0;
-}
-
-/* Our argp parser. */
-static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
-#endif /* HAVE_ARGP_H */
-
-int
-main(int argc, char **argv)
-{
-    ssh_session session;
-    ssh_bind sshbind;
-    struct ssh_server_callbacks_struct cb = {
-        .userdata = NULL,
-        .auth_password_function = auth_password,
-        .auth_gssapi_mic_function = auth_gssapi_mic,
-        .channel_open_request_session_function = new_session_channel,
-        .service_request_function = service_request
-    };
-    struct ssh_callbacks_struct cb_gen = {
-        .userdata = NULL,
-        .global_request_function = global_request
-    };
-
-    int ret = 1;
-
-    sshbind = ssh_bind_new();
-    session = ssh_new();
-    mainloop = ssh_event_new();
-
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, KEYS_FOLDER "ssh_host_dsa_key");
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");
-
-#ifdef HAVE_ARGP_H
-    /*
-     * Parse our arguments; every option seen by parse_opt will
-     * be reflected in arguments.
-     */
-    argp_parse (&argp, argc, argv, 0, 0, sshbind);
-#else
-    (void)argc;
-    (void)argv;
-#endif
-
-    if (ssh_bind_listen(sshbind) < 0) {
-        printf("Error listening to socket: %s\n", ssh_get_error(sshbind));
-        return 1;
-    }
-
-    if (ssh_bind_accept(sshbind, session) == SSH_ERROR) {
-        printf("error accepting a connection : %s\n", ssh_get_error(sshbind));
-        ret = 1;
-        goto shutdown;
-    }
-
-    ssh_callbacks_init(&cb);
-    ssh_callbacks_init(&cb_gen);
-    ssh_set_server_callbacks(session, &cb);
-    ssh_set_callbacks(session, &cb_gen);
-    ssh_set_message_callback(session, message_callback, (void *)NULL);
-
-    if (ssh_handle_key_exchange(session)) {
-        printf("ssh_handle_key_exchange: %s\n", ssh_get_error(session));
-        ret = 1;
-        goto shutdown;
-    }
-    ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);
-    ssh_event_add_session(mainloop, session);
-
-    while (!authenticated) {
-        if (error_set) {
-            break;
-        }
-        if (ssh_event_dopoll(mainloop, -1) == SSH_ERROR) {
-            printf("Error : %s\n", ssh_get_error(session));
-            ret = 1;
-            goto shutdown;
-        }
-    }
-    if (error_set) {
-        printf("Error, exiting loop\n");
-    } else {
-        printf("Authenticated and got a channel\n");
-
-        while (!error_set) {
-            if (ssh_event_dopoll(mainloop, 100) == SSH_ERROR) {
-                printf("Error : %s\n", ssh_get_error(session));
-                ret = 1;
-                goto shutdown;
-            }
-            do_cleanup(&cleanup_stack);
-        }
-    }
-
-shutdown:
-    ssh_disconnect(session);
-    ssh_bind_free(sshbind);
-    ssh_finalize();
-    return ret;
-}

examples/sshnetcat.c

@@ -90,7 +90,6 @@ static void select_loop(ssh_session session,ssh_channel channel){
 		do{
             int fd;
 
-            ZERO_STRUCT(fds);
 			FD_ZERO(&fds);
 			if(!eof)
 				FD_SET(0,&fds);
@@ -233,10 +232,9 @@ void set_pcap(ssh_session session){
 }
 
 void cleanup_pcap(void);
-void cleanup_pcap(void)
-{
+void cleanup_pcap(){
 	ssh_pcap_file_free(pcap);
-	pcap = NULL;
+	pcap=NULL;
 }
 #endif
 

include/libssh/CMakeLists.txt

@@ -26,14 +26,8 @@ install(
   FILES
     ${libssh_HDRS}
   DESTINATION
-    ${CMAKE_INSTALL_INCLUDEDIR}/${APPLICATION_NAME}
+    ${INCLUDE_INSTALL_DIR}/${APPLICATION_NAME}
   COMPONENT
     headers
 )
 
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libssh_version.h.cmake
-               ${libssh_BINARY_DIR}/include/libssh/libssh_version.h
-               @ONLY)
-install(FILES ${libssh_BINARY_DIR}/include/libssh/libssh_version.h
-        DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/${APPLICATION_NAME}
-        COMPONENT headers)

include/libssh/agent.h

@@ -104,7 +104,7 @@ void ssh_agent_free(struct ssh_agent_struct *agent);
  */
 int ssh_agent_is_running(struct ssh_session_struct *session);
 
-uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session);
+int ssh_agent_get_ident_count(struct ssh_session_struct *session);
 
 ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
                                  char **comment);

include/libssh/bignum.h

@@ -26,8 +26,9 @@
 #include "libssh/libmbedcrypto.h"
 
 bignum ssh_make_string_bn(ssh_string string);
+void ssh_make_string_bn_inplace(ssh_string string, bignum bnout);
 ssh_string ssh_make_bignum_string(bignum num);
-void ssh_print_bignum(const char *which, const_bignum num);
+void ssh_print_bignum(const char *which, const bignum num);
 
 
 #endif /* BIGNUM_H_ */

include/libssh/bind.h

@@ -22,7 +22,6 @@
 #define BIND_H_
 
 #include "libssh/priv.h"
-#include "libssh/kex.h"
 #include "libssh/session.h"
 
 struct ssh_bind_struct {
@@ -32,7 +31,7 @@ struct ssh_bind_struct {
 
   struct ssh_poll_handle_struct *poll;
   /* options */
-  char *wanted_methods[SSH_KEX_METHODS];
+  char *wanted_methods[10];
   char *banner;
   char *ecdsakey;
   char *dsakey;
@@ -47,9 +46,6 @@ struct ssh_bind_struct {
   unsigned int bindport;
   int blocking;
   int toaccept;
-  bool config_processed;
-  char *config_dir;
-  char *pubkey_accepted_key_types;
 };
 
 struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct

include/libssh/bind_config.h

@@ -1,64 +0,0 @@
-/*
- * bind_config.h - Parse the SSH server configuration file
- *
- * This file is part of the SSH Library
- *
- * Copyright (c) 2019 by Red Hat, Inc.
- *
- * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
- *
- * The SSH Library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- *
- * The SSH Library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with the SSH Library; see the file COPYING.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#ifndef BIND_CONFIG_H_
-#define BIND_CONFIG_H_
-
-#include "libssh/server.h"
-
-enum ssh_bind_config_opcode_e {
-    /* Known but not allowed in Match block */
-    BIND_CFG_NOT_ALLOWED_IN_MATCH = -4,
-    /* Unknown opcode */
-    BIND_CFG_UNKNOWN = -3,
-    /* Known and not applicable to libssh */
-    BIND_CFG_NA = -2,
-    /* Known but not supported by current libssh version */
-    BIND_CFG_UNSUPPORTED = -1,
-    BIND_CFG_INCLUDE,
-    BIND_CFG_HOSTKEY,
-    BIND_CFG_LISTENADDRESS,
-    BIND_CFG_PORT,
-    BIND_CFG_LOGLEVEL,
-    BIND_CFG_CIPHERS,
-    BIND_CFG_MACS,
-    BIND_CFG_KEXALGORITHMS,
-    BIND_CFG_MATCH,
-    BIND_CFG_PUBKEY_ACCEPTED_KEY_TYPES,
-    BIND_CFG_HOSTKEY_ALGORITHMS,
-
-    BIND_CFG_MAX /* Keep this one last in the list */
-};
-
-/* @brief Parse configuration file and set the options to the given ssh_bind
- *
- * @params[in] sshbind   The ssh_bind context to be configured
- * @params[in] filename  The path to the configuration file
- *
- * @returns    0 on successful parsing the configuration file, -1 on error
- */
-int ssh_bind_config_parse_file(ssh_bind sshbind, const char *filename);
-
-#endif /* BIND_CONFIG_H_ */

include/libssh/buffer.h

@@ -40,21 +40,21 @@ void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len);
 int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer, uint32_t len);
 int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
                        const char *format,
-                       size_t argc,
+                       int argc,
                        va_list ap);
 int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
                      const char *format,
-                     size_t argc,
+                     int argc,
                      ...);
 #define ssh_buffer_pack(buffer, format, ...) \
     _ssh_buffer_pack((buffer), (format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__, SSH_BUFFER_PACK_END)
 
 int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
-                         const char *format, size_t argc,
+                         const char *format, int argc,
                          va_list ap);
 int _ssh_buffer_unpack(struct ssh_buffer_struct *buffer,
                        const char *format,
-                       size_t argc,
+                       int argc,
                        ...);
 #define ssh_buffer_unpack(buffer, format, ...) \
     _ssh_buffer_unpack((buffer), (format), __VA_NARG__(__VA_ARGS__), __VA_ARGS__, SSH_BUFFER_PACK_END)

include/libssh/bytearray.h

@@ -1,90 +0,0 @@
-/*
- * This file is part of the SSH Library
- *
- * Copyright (c) 2018 Andreas Schneider <asn@cryptomilk.org>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-#ifndef _BYTEARRAY_H
-#define _BYTEARRAY_H
-
-#define _DATA_BYTE_CONST(data, pos) \
-    ((uint8_t)(((const uint8_t *)(data))[(pos)]))
-
-#define _DATA_BYTE(data, pos) \
-    (((uint8_t *)(data))[(pos)])
-
-/*
- * These macros pull or push integer values from byte arrays stored in
- * little-endian byte order.
- */
-#define PULL_LE_U8(data, pos) \
-    (_DATA_BYTE_CONST(data, pos))
-
-#define PULL_LE_U16(data, pos) \
-    ((uint16_t)PULL_LE_U8(data, pos) | ((uint16_t)(PULL_LE_U8(data, (pos) + 1))) << 8)
-
-#define PULL_LE_U32(data, pos) \
-    ((uint32_t)(PULL_LE_U16(data, pos) | ((uint32_t)PULL_LE_U16(data, (pos) + 2)) << 16))
-
-#define PULL_LE_U64(data, pos) \
-    ((uint64_t)(PULL_LE_U32(data, pos) | ((uint64_t)PULL_LE_U32(data, (pos) + 4)) << 32))
-
-
-#define PUSH_LE_U8(data, pos, val) \
-    (_DATA_BYTE(data, pos) = ((uint8_t)(val)))
-
-#define PUSH_LE_U16(data, pos, val) \
-    (PUSH_LE_U8((data), (pos), (uint8_t)((uint16_t)(val) & 0xff)), PUSH_LE_U8((data), (pos) + 1, (uint8_t)((uint16_t)(val) >> 8)))
-
-#define PUSH_LE_U32(data, pos, val) \
-    (PUSH_LE_U16((data), (pos), (uint16_t)((uint32_t)(val) & 0xffff)), PUSH_LE_U16((data), (pos) + 2, (uint16_t)((uint32_t)(val) >> 16)))
-
-#define PUSH_LE_U64(data, pos, val) \
-    (PUSH_LE_U32((data), (pos), (uint32_t)((uint64_t)(val) & 0xffffffff)), PUSH_LE_U32((data), (pos) + 4, (uint32_t)((uint64_t)(val) >> 32)))
-
-
-
-/*
- * These macros pull or push integer values from byte arrays stored in
- * big-endian byte order (network byte order).
- */
-#define PULL_BE_U8(data, pos) \
-    (_DATA_BYTE_CONST(data, pos))
-
-#define PULL_BE_U16(data, pos) \
-    ((((uint16_t)(PULL_BE_U8(data, pos))) << 8) | (uint16_t)PULL_BE_U8(data, (pos) + 1))
-
-#define PULL_BE_U32(data, pos) \
-    ((((uint32_t)PULL_BE_U16(data, pos)) << 16) | (uint32_t)(PULL_BE_U16(data, (pos) + 2)))
-
-#define PULL_BE_U64(data, pos) \
-    ((((uint64_t)PULL_BE_U32(data, pos)) << 32) | (uint64_t)(PULL_BE_U32(data, (pos) + 4)))
-
-
-
-#define PUSH_BE_U8(data, pos, val) \
-    (_DATA_BYTE(data, pos) = ((uint8_t)(val)))
-
-#define PUSH_BE_U16(data, pos, val) \
-    (PUSH_BE_U8((data), (pos), (uint8_t)(((uint16_t)(val)) >> 8)), PUSH_BE_U8((data), (pos) + 1, (uint8_t)((val) & 0xff)))
-
-#define PUSH_BE_U32(data, pos, val) \
-    (PUSH_BE_U16((data), (pos), (uint16_t)(((uint32_t)(val)) >> 16)), PUSH_BE_U16((data), (pos) + 2, (uint16_t)((val) & 0xffff)))
-
-#define PUSH_BE_U64(data, pos, val) \
-    (PUSH_BE_U32((data), (pos), (uint32_t)(((uint64_t)(val)) >> 32)), PUSH_BE_U32((data), (pos) + 4, (uint32_t)((val) & 0xffffffff)))
-
-#endif /* _BYTEARRAY_H */

include/libssh/callbacks.h

@@ -854,7 +854,7 @@ typedef struct ssh_channel_callbacks_struct *ssh_channel_callbacks;
  * @code
  * struct ssh_channel_callbacks_struct cb = {
  *   .userdata = data,
- *   .channel_data_function = my_channel_data_function
+ *   .channel_data = my_channel_data_function
  * };
  * ssh_callbacks_init(&cb);
  * ssh_set_channel_callbacks(channel, &cb);
@@ -944,20 +944,9 @@ LIBSSH_API int ssh_threads_set_callbacks(struct ssh_threads_callbacks_struct
     *cb);
 
 /**
- * @brief Returns a pointer to the appropriate callbacks structure for the
- * environment, to be used with ssh_threads_set_callbacks.
- *
- * @returns A pointer to a ssh_threads_callbacks_struct to be used with
+ * @brief returns a pointer on the pthread threads callbacks, to be used with
  * ssh_threads_set_callbacks.
- *
- * @see ssh_threads_set_callbacks
- */
-LIBSSH_API struct ssh_threads_callbacks_struct *ssh_threads_get_default(void);
-
-/**
- * @brief Returns a pointer on the pthread threads callbacks, to be used with
- * ssh_threads_set_callbacks.
- *
+ * @warning you have to link with the library ssh_threads.
  * @see ssh_threads_set_callbacks
  */
 LIBSSH_API struct ssh_threads_callbacks_struct *ssh_threads_get_pthread(void);

include/libssh/channels.h

@@ -97,9 +97,8 @@ SSH_PACKET_CALLBACK(channel_rcv_close);
 SSH_PACKET_CALLBACK(channel_rcv_request);
 SSH_PACKET_CALLBACK(channel_rcv_data);
 
-int channel_default_bufferize(ssh_channel channel,
-                              void *data, size_t len,
-                              bool is_stderr);
+int channel_default_bufferize(ssh_channel channel, void *data, int len,
+        int is_stderr);
 int ssh_channel_flush(ssh_channel channel);
 uint32_t ssh_channel_new_id(ssh_session session);
 ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id);

include/libssh/config.h

@@ -1,68 +0,0 @@
-/*
- * config.h - parse the ssh config file
- *
- * This file is part of the SSH Library
- *
- * Copyright (c) 2009-2018    by Andreas Schneider <asn@cryptomilk.org>
- *
- * The SSH Library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- *
- * The SSH Library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with the SSH Library; see the file COPYING.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#ifndef LIBSSH_CONFIG_H_
-#define LIBSSH_CONFIG_H_
-
-
-enum ssh_config_opcode_e {
-    /* Unknown opcode */
-    SOC_UNKNOWN = -3,
-    /* Known and not applicable to libssh */
-    SOC_NA = -2,
-    /* Known but not supported by current libssh version */
-    SOC_UNSUPPORTED = -1,
-    SOC_HOST,
-    SOC_MATCH,
-    SOC_HOSTNAME,
-    SOC_PORT,
-    SOC_USERNAME,
-    SOC_IDENTITY,
-    SOC_CIPHERS,
-    SOC_MACS,
-    SOC_COMPRESSION,
-    SOC_TIMEOUT,
-    SOC_PROTOCOL,
-    SOC_STRICTHOSTKEYCHECK,
-    SOC_KNOWNHOSTS,
-    SOC_PROXYCOMMAND,
-    SOC_PROXYJUMP,
-    SOC_GSSAPISERVERIDENTITY,
-    SOC_GSSAPICLIENTIDENTITY,
-    SOC_GSSAPIDELEGATECREDENTIALS,
-    SOC_INCLUDE,
-    SOC_BINDADDRESS,
-    SOC_GLOBALKNOWNHOSTSFILE,
-    SOC_LOGLEVEL,
-    SOC_HOSTKEYALGORITHMS,
-    SOC_KEXALGORITHMS,
-    SOC_GSSAPIAUTHENTICATION,
-    SOC_KBDINTERACTIVEAUTHENTICATION,
-    SOC_PASSWORDAUTHENTICATION,
-    SOC_PUBKEYAUTHENTICATION,
-    SOC_PUBKEYACCEPTEDTYPES,
-    SOC_REKEYLIMIT,
-
-    SOC_MAX /* Keep this one last in the list */
-};
-#endif /* LIBSSH_CONFIG_H_ */

include/libssh/config_parser.h

@@ -1,57 +0,0 @@
-/*
- * config_parser.h - Common configuration file parser functions
- *
- * This file is part of the SSH Library
- *
- * Copyright (c) 2019 by Red Hat, Inc.
- *
- * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
- *
- * The SSH Library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- *
- * The SSH Library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with the SSH Library; see the file COPYING.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#ifndef CONFIG_PARSER_H_
-#define CONFIG_PARSER_H_
-
-char *ssh_config_get_cmd(char **str);
-
-char *ssh_config_get_token(char **str);
-
-long ssh_config_get_long(char **str, long notfound);
-
-const char *ssh_config_get_str_tok(char **str, const char *def);
-
-int ssh_config_get_yesno(char **str, int notfound);
-
-/* @brief Parse SSH URI in format [user@]host[:port] from the given string
- *
- * @param[in]   tok      String to parse
- * @param[out]  username Pointer to the location, where the new username will
- *                       be stored or NULL if we do not care about the result.
- * @param[out]  hostname Pointer to the location, where the new hostname will
- *                       be stored or NULL if we do not care about the result.
- * @param[out]  port     Pointer to the location, where the new port will
- *                       be stored or NULL if we do not care about the result.
- *
- * @returns     SSH_OK if the provided string is in format of SSH URI,
- *              SSH_ERROR on failure
- */
-int ssh_config_parse_uri(const char *tok,
-        char **username,
-        char **hostname,
-        char **port);
-
-#endif /* LIBSSH_CONFIG_H_ */

include/libssh/crc32.h

@@ -1,7 +1,9 @@
 /*
+ * crc32.c - simple CRC32 code
+ *
  * This file is part of the SSH Library
  *
- * Copyright (c) 2003-2008 by Aris Adamantiadis
+ * Copyright (c) 2005 by Aris Adamantiadis
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -18,15 +20,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-#ifndef SFTP_PRIV_H
-#define SFTP_PRIV_H
+#ifndef _CRC32_H
+#define _CRC32_H
 
-sftp_packet sftp_packet_read(sftp_session sftp);
-ssize_t sftp_packet_write(sftp_session sftp, uint8_t type, ssh_buffer payload);
-void sftp_packet_free(sftp_packet packet);
-int buffer_add_attributes(ssh_buffer buffer, sftp_attributes attr);
-sftp_attributes sftp_parse_attr(sftp_session session,
-                                ssh_buffer buf,
-                                int expectname);
+uint32_t ssh_crc32(const char *buf, uint32_t len);
 
-#endif /* SFTP_PRIV_H */
+#endif /* _CRC32_H */

include/libssh/crypto.h

@@ -25,13 +25,10 @@
 #ifndef _CRYPTO_H_
 #define _CRYPTO_H_
 
-#include <stdbool.h>
 #include "config.h"
 
 #ifdef HAVE_LIBGCRYPT
 #include <gcrypt.h>
-#elif defined(HAVE_LIBMBEDCRYPTO)
-#include <mbedtls/gcm.h>
 #endif
 #include "libssh/wrapper.h"
 
@@ -45,27 +42,17 @@
 #ifdef HAVE_OPENSSL_ECDH_H
 #include <openssl/ecdh.h>
 #endif
-#include "libssh/dh.h"
 #include "libssh/ecdh.h"
 #include "libssh/kex.h"
 #include "libssh/curve25519.h"
 
 #define DIGEST_MAX_LEN 64
 
-#define AES_GCM_TAGLEN 16
-#define AES_GCM_IVLEN  12
-
 enum ssh_key_exchange_e {
   /* diffie-hellman-group1-sha1 */
   SSH_KEX_DH_GROUP1_SHA1=1,
   /* diffie-hellman-group14-sha1 */
   SSH_KEX_DH_GROUP14_SHA1,
-#ifdef WITH_GEX
-  /* diffie-hellman-group-exchange-sha1 */
-  SSH_KEX_DH_GEX_SHA1,
-  /* diffie-hellman-group-exchange-sha256 */
-  SSH_KEX_DH_GEX_SHA256,
-#endif /* WITH_GEX */
   /* ecdh-sha2-nistp256 */
   SSH_KEX_ECDH_SHA2_NISTP256,
   /* ecdh-sha2-nistp384 */
@@ -80,35 +67,22 @@ enum ssh_key_exchange_e {
   SSH_KEX_DH_GROUP16_SHA512,
   /* diffie-hellman-group18-sha512 */
   SSH_KEX_DH_GROUP18_SHA512,
-  /* diffie-hellman-group14-sha256 */
-  SSH_KEX_DH_GROUP14_SHA256,
 };
 
 enum ssh_cipher_e {
     SSH_NO_CIPHER=0,
-#ifdef WITH_BLOWFISH_CIPHER
     SSH_BLOWFISH_CBC,
-#endif /* WITH_BLOWFISH_CIPHER */
     SSH_3DES_CBC,
     SSH_AES128_CBC,
     SSH_AES192_CBC,
     SSH_AES256_CBC,
     SSH_AES128_CTR,
     SSH_AES192_CTR,
-    SSH_AES256_CTR,
-    SSH_AEAD_AES128_GCM,
-    SSH_AEAD_AES256_GCM,
-    SSH_AEAD_CHACHA20_POLY1305
+    SSH_AES256_CTR
 };
 
-struct dh_ctx;
-
 struct ssh_crypto_struct {
-    bignum shared_secret;
-    struct dh_ctx *dh_ctx;
-#ifdef WITH_GEX
-    size_t dh_pmin; size_t dh_pn; size_t dh_pmax; /* preferred group parameters */
-#endif /* WITH_GEX */
+    bignum e,f,x,k,y;
 #ifdef HAVE_ECDH
 #ifdef HAVE_OPENSSL_ECC
     EC_KEY *ecdh_privkey;
@@ -126,9 +100,8 @@ struct ssh_crypto_struct {
     ssh_curve25519_pubkey curve25519_server_pubkey;
 #endif
     ssh_string dh_server_signature; /* information used by dh_handshake. */
-    size_t session_id_len;
+    size_t digest_len; /* len of all the fields below */
     unsigned char *session_id;
-    size_t digest_len; /* len of the secret hash */
     unsigned char *secret_hash; /* Secret hash is same as session id until re-kex */
     unsigned char *encryptIV;
     unsigned char *decryptIV;
@@ -139,7 +112,6 @@ struct ssh_crypto_struct {
     unsigned char hmacbuf[DIGEST_MAX_LEN];
     struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
     enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
-    bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
 
     ssh_key server_pubkey;
     int do_compress_out; /* idem */
@@ -153,8 +125,7 @@ struct ssh_crypto_struct {
     struct ssh_kex_struct client_kex;
     char *kex_methods[SSH_KEX_METHODS];
     enum ssh_key_exchange_e kex_type;
-    enum ssh_kdf_digest digest_type; /* Digest type for session keys derivation */
-    enum ssh_crypto_direction_e used; /* Is this crypto still used for either of directions? */
+    enum ssh_mac_e mac_type; /* Mac operations to use for key gen */
 };
 
 struct ssh_cipher_struct {
@@ -165,7 +136,6 @@ struct ssh_cipher_struct {
     size_t keylen; /* length of the key structure */
 #ifdef HAVE_LIBGCRYPT
     gcry_cipher_hd_t *key;
-    unsigned char last_iv[AES_GCM_IVLEN];
 #elif defined HAVE_LIBCRYPTO
     struct ssh_3des_key_schedule *des3_key;
     struct ssh_aes_key_schedule *aes_key;
@@ -175,30 +145,17 @@ struct ssh_cipher_struct {
     mbedtls_cipher_context_t encrypt_ctx;
     mbedtls_cipher_context_t decrypt_ctx;
     mbedtls_cipher_type_t type;
-#ifdef MBEDTLS_GCM_C
-    mbedtls_gcm_context gcm_ctx;
-    unsigned char last_iv[AES_GCM_IVLEN];
-#endif /* MBEDTLS_GCM_C */
 #endif
     struct chacha20_poly1305_keysched *chacha20_schedule;
     unsigned int keysize; /* bytes of key used. != keylen */
     size_t tag_size; /* overhead required for tag */
-    /* Counters for rekeying initialization */
-    uint32_t packets;
-    uint64_t blocks;
-    /* Rekeying limit for the cipher or manually enforced */
-    uint64_t max_blocks;
     /* sets the new key for immediate use */
     int (*set_encrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
     int (*set_decrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
-    void (*encrypt)(struct ssh_cipher_struct *cipher,
-                    void *in,
-                    void *out,
-                    size_t len);
-    void (*decrypt)(struct ssh_cipher_struct *cipher,
-                    void *in,
-                    void *out,
-                    size_t len);
+    void (*encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
+        unsigned long len);
+    void (*decrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
+        unsigned long len);
     void (*aead_encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
         size_t len, uint8_t *mac, uint64_t seq);
     int (*aead_decrypt_length)(struct ssh_cipher_struct *cipher, void *in,
@@ -209,9 +166,5 @@ struct ssh_cipher_struct {
 };
 
 const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
-int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
-                      unsigned char *key, size_t key_len,
-                      int key_type, unsigned char *output,
-                      size_t requested_len);
 
 #endif /* _CRYPTO_H_ */

include/libssh/curve25519.h

@@ -48,10 +48,10 @@ typedef unsigned char ssh_curve25519_privkey[CURVE25519_PRIVKEY_SIZE];
 
 
 int ssh_client_curve25519_init(ssh_session session);
-void ssh_client_curve25519_remove_callbacks(ssh_session session);
+int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet);
 
 #ifdef WITH_SERVER
-void ssh_server_curve25519_init(ssh_session session);
+int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet);
 #endif /* WITH_SERVER */
 
 #endif /* CURVE25519_H_ */

include/libssh/dh-gex.h

@@ -1,33 +0,0 @@
-/*
- * This file is part of the SSH Library
- *
- * Copyright (c) 2016 by Aris Adamantiadis <aris@0xbadc0de.be>
- *
- * The SSH Library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- *
- * The SSH Library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with the SSH Library; see the file COPYING.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-
-#ifndef SRC_DH_GEX_H_
-#define SRC_DH_GEX_H_
-
-int ssh_client_dhgex_init(ssh_session session);
-void ssh_client_dhgex_remove_callbacks(ssh_session session);
-
-#ifdef WITH_SERVER
-void ssh_server_dhgex_init(ssh_session session);
-#endif /* WITH_SERVER */
-
-#endif /* SRC_DH_GEX_H_ */

include/libssh/dh.h

@@ -25,37 +25,25 @@
 
 #include "libssh/crypto.h"
 
-struct dh_ctx;
+int ssh_dh_generate_e(ssh_session session);
+int ssh_dh_generate_f(ssh_session session);
+int ssh_dh_generate_x(ssh_session session);
+int ssh_dh_generate_y(ssh_session session);
 
-#define DH_CLIENT_KEYPAIR 0
-#define DH_SERVER_KEYPAIR 1
-
-/* functions implemented by crypto backends */
-int ssh_dh_init_common(struct ssh_crypto_struct *crypto);
-void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
-
-int ssh_dh_get_parameters(struct dh_ctx *ctx,
-                          const_bignum *modulus, const_bignum *generator);
-int ssh_dh_set_parameters(struct dh_ctx *ctx,
-                          const bignum modulus, const bignum generator);
-
-int ssh_dh_keypair_gen_keys(struct dh_ctx *ctx, int peer);
-int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
-                            const_bignum *priv, const_bignum *pub);
-int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
-                            const bignum priv, const bignum pub);
-
-int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
-                                 bignum *dest);
-
-void ssh_dh_debug_crypto(struct ssh_crypto_struct *c);
-
-/* common functions */
 int ssh_dh_init(void);
 void ssh_dh_finalize(void);
 
-int ssh_dh_import_next_pubkey_blob(ssh_session session,
-                                   ssh_string pubkey_blob);
+ssh_string ssh_dh_get_e(ssh_session session);
+ssh_string ssh_dh_get_f(ssh_session session);
+int ssh_dh_import_f(ssh_session session,ssh_string f_string);
+int ssh_dh_import_e(ssh_session session, ssh_string e_string);
+
+int ssh_dh_import_pubkey_blob(ssh_session session, ssh_string pubkey_blob);
+int ssh_dh_import_next_pubkey_blob(ssh_session session, ssh_string pubkey_blob);
+
+int ssh_dh_build_k(ssh_session session);
+int ssh_client_dh_init(ssh_session session);
+int ssh_client_dh_reply(ssh_session session, ssh_buffer packet);
 
 ssh_key ssh_dh_get_current_server_publickey(ssh_session session);
 int ssh_dh_get_current_server_publickey_blob(ssh_session session,
@@ -63,15 +51,11 @@ int ssh_dh_get_current_server_publickey_blob(ssh_session session,
 ssh_key ssh_dh_get_next_server_publickey(ssh_session session);
 int ssh_dh_get_next_server_publickey_blob(ssh_session session,
                                           ssh_string *pubkey_blob);
-int dh_handshake(ssh_session session);
 
-int ssh_client_dh_init(ssh_session session);
-void ssh_client_dh_remove_callbacks(ssh_session session);
-#ifdef WITH_SERVER
-void ssh_server_dh_init(ssh_session session);
-#endif /* WITH_SERVER */
-int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);
-int ssh_fallback_group(uint32_t pmax, bignum *p, bignum *g);
-bool ssh_dh_is_known_group(bignum modulus, bignum generator);
+int ssh_make_sessionid(ssh_session session);
+/* add data for the final cookie */
+int ssh_hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
+int ssh_hashbufout_add_cookie(ssh_session session);
+int ssh_generate_session_keys(ssh_session session);
 
 #endif /* DH_H_ */

include/libssh/ecdh.h

@@ -22,7 +22,6 @@
 #define ECDH_H_
 
 #include "config.h"
-#include "libssh/callbacks.h"
 
 #ifdef HAVE_LIBCRYPTO
 #ifdef HAVE_OPENSSL_ECDH_H
@@ -42,16 +41,15 @@
 #define HAVE_ECDH 1
 #endif
 
-extern struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks;
+/* Common functions.  */
+int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet);
+
 /* Backend-specific functions.  */
 int ssh_client_ecdh_init(ssh_session session);
-void ssh_client_ecdh_remove_callbacks(ssh_session session);
 int ecdh_build_k(ssh_session session);
 
 #ifdef WITH_SERVER
-extern struct ssh_packet_callbacks_struct ssh_ecdh_server_callbacks;
-void ssh_server_ecdh_init(ssh_session session);
-SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init);
+int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet);
 #endif /* WITH_SERVER */
 
 #endif /* ECDH_H_ */

include/libssh/ed25519.h

@@ -56,8 +56,8 @@ int crypto_sign_ed25519_keypair(ed25519_pubkey pk, ed25519_privkey sk);
  * @return    0 on success.
  */
 int crypto_sign_ed25519(
-    unsigned char *sm, uint64_t *smlen,
-    const unsigned char *m, uint64_t mlen,
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
     const ed25519_privkey sk);
 
 /** @internal
@@ -71,8 +71,8 @@ int crypto_sign_ed25519(
  * @returns   0 on success (supposedly).
  */
 int crypto_sign_ed25519_open(
-    unsigned char *m, uint64_t *mlen,
-    const unsigned char *sm, uint64_t smlen,
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
     const ed25519_pubkey pk);
 
 /** @} */

include/libssh/fe25519.h

@@ -39,7 +39,7 @@ void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
 
 void fe25519_pack(unsigned char r[32], const fe25519 *x);
 
-uint32_t fe25519_iszero(const fe25519 *x);
+int fe25519_iszero(const fe25519 *x);
 
 int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
 

include/libssh/kex.h

@@ -33,27 +33,18 @@ struct ssh_kex_struct {
 
 SSH_PACKET_CALLBACK(ssh_packet_kexinit);
 
-int ssh_send_kex(ssh_session session);
+int ssh_send_kex(ssh_session session, int server_kex);
 void ssh_list_kex(struct ssh_kex_struct *kex);
 int ssh_set_client_kex(ssh_session session);
 int ssh_kex_select_methods(ssh_session session);
 int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
 char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
-char *ssh_keep_fips_algos(enum ssh_kex_types_e algo, const char *list);
 char **ssh_space_tokenize(const char *chain);
 int ssh_get_kex1(ssh_session session);
 char *ssh_find_matching(const char *in_d, const char *what_d);
 const char *ssh_kex_get_supported_method(uint32_t algo);
 const char *ssh_kex_get_default_methods(uint32_t algo);
-const char *ssh_kex_get_fips_methods(uint32_t algo);
 const char *ssh_kex_get_description(uint32_t algo);
 char *ssh_client_select_hostkeys(ssh_session session);
-int ssh_send_rekex(ssh_session session);
-int server_set_kex(ssh_session session);
-int ssh_make_sessionid(ssh_session session);
-/* add data for the final cookie */
-int ssh_hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
-int ssh_hashbufout_add_cookie(ssh_session session);
-int ssh_generate_session_keys(ssh_session session);
 
 #endif /* KEX_H_ */

include/libssh/keys.h

@@ -28,13 +28,13 @@
 struct ssh_public_key_struct {
     int type;
     const char *type_c; /* Don't free it ! it is static */
-#if defined(HAVE_LIBGCRYPT)
+#ifdef HAVE_LIBGCRYPT
     gcry_sexp_t dsa_pub;
     gcry_sexp_t rsa_pub;
-#elif defined(HAVE_LIBCRYPTO)
+#elif HAVE_LIBCRYPTO
     DSA *dsa_pub;
     RSA *rsa_pub;
-#elif defined(HAVE_LIBMBEDCRYPTO)
+#elif HAVE_LIBMBEDCRYPTO
     mbedtls_pk_context *rsa_pub;
     void *dsa_pub;
 #endif
@@ -42,13 +42,13 @@ struct ssh_public_key_struct {
 
 struct ssh_private_key_struct {
     int type;
-#if defined(HAVE_LIBGCRYPT)
+#ifdef HAVE_LIBGCRYPT
     gcry_sexp_t dsa_priv;
     gcry_sexp_t rsa_priv;
-#elif defined(HAVE_LIBCRYPTO)
+#elif defined HAVE_LIBCRYPTO
     DSA *dsa_priv;
     RSA *rsa_priv;
-#elif defined(HAVE_LIBMBEDCRYPTO)
+#elif HAVE_LIBMBEDCRYPTO
     mbedtls_pk_context *rsa_priv;
     void *dsa_priv;
 #endif

include/libssh/knownhosts.h

@@ -23,7 +23,6 @@
 #define SSH_KNOWNHOSTS_H_
 
 struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session);
-char *ssh_known_hosts_get_algorithms_names(ssh_session session);
 enum ssh_known_hosts_e
 ssh_session_get_known_hosts_entry_file(ssh_session session,
                                        const char *filename,

include/libssh/libcrypto.h

@@ -31,7 +31,6 @@
 #include <openssl/md5.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
-#include <openssl/crypto.h>
 
 typedef EVP_MD_CTX* SHACTX;
 typedef EVP_MD_CTX* SHA256CTX;
@@ -65,7 +64,6 @@ typedef void *EVPCTX;
 #define BROKEN_AES_CTR
 #endif
 typedef BIGNUM*  bignum;
-typedef const BIGNUM* const_bignum;
 typedef BN_CTX* bignum_CTX;
 
 #define bignum_new() BN_new()
@@ -76,47 +74,19 @@ typedef BN_CTX* bignum_CTX;
     } \
     } while(0)
 #define bignum_set_word(bn,n) BN_set_word(bn,n)
-#define bignum_bin2bn(data, datalen, dest)   \
-    do {                                     \
-        (*dest) = BN_new();                  \
-        if ((*dest) != NULL) {               \
-            BN_bin2bn(data,datalen,(*dest)); \
-        }                                    \
-    } while(0)
+#define bignum_bin2bn(bn,datalen,data) BN_bin2bn(bn,datalen,data)
 #define bignum_bn2dec(num) BN_bn2dec(num)
-#define bignum_dec2bn(data, bn) BN_dec2bn(bn, data)
-#define bignum_hex2bn(data, bn) BN_hex2bn(bn, data)
-#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)BN_bn2hex(num)
+#define bignum_dec2bn(bn,data) BN_dec2bn(data,bn)
+#define bignum_bn2hex(num) BN_bn2hex(num)
 #define bignum_rand(rnd, bits) BN_rand(rnd, bits, 0, 1)
-#define bignum_rand_range(rnd, max) BN_rand_range(rnd, max)
 #define bignum_ctx_new() BN_CTX_new()
 #define bignum_ctx_free(num) BN_CTX_free(num)
-#define bignum_ctx_invalid(ctx) ((ctx) == NULL)
 #define bignum_mod_exp(dest,generator,exp,modulo,ctx) BN_mod_exp(dest,generator,exp,modulo,ctx)
-#define bignum_add(dest, a, b) BN_add(dest, a, b)
-#define bignum_sub(dest, a, b) BN_sub(dest, a, b)
-#define bignum_mod(dest, a, b, ctx) BN_mod(dest, a, b, ctx)
-#define bignum_num_bytes(num) (size_t)BN_num_bytes(num)
-#define bignum_num_bits(num) (size_t)BN_num_bits(num)
-#define bignum_is_bit_set(num,bit) BN_is_bit_set(num, (int)bit)
-#define bignum_bn2bin(num,len, ptr) BN_bn2bin(num, ptr)
+#define bignum_num_bytes(num) BN_num_bytes(num)
+#define bignum_num_bits(num) BN_num_bits(num)
+#define bignum_is_bit_set(num,bit) BN_is_bit_set(num,bit)
+#define bignum_bn2bin(num,ptr) BN_bn2bin(num,ptr)
 #define bignum_cmp(num1,num2) BN_cmp(num1,num2)
-#define bignum_rshift1(dest, src) BN_rshift1(dest, src)
-#define bignum_dup(orig, dest) do { \
-        if (*(dest) == NULL) { \
-            *(dest) = BN_dup(orig); \
-        } else { \
-            BN_copy(*(dest), orig); \
-        } \
-    } while(0)
-
-
-/* Returns true if the OpenSSL is operating in FIPS mode */
-#ifdef HAVE_OPENSSL_FIPS_MODE
-#define ssh_fips_mode() (FIPS_mode() != 0)
-#else
-#define ssh_fips_mode() false
-#endif
 
 #endif /* HAVE_LIBCRYPTO */
 

include/libssh/libgcrypt.h

@@ -50,8 +50,6 @@ typedef gcry_md_hd_t EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 
 typedef gcry_mpi_t bignum;
-typedef const struct gcry_mpi *const_bignum;
-typedef void* bignum_CTX;
 
 /* Constants for curves.  */
 #define NID_gcrypt_nistp256 0
@@ -61,7 +59,6 @@ typedef void* bignum_CTX;
 /* missing gcrypt functions */
 int ssh_gcry_dec2bn(bignum *bn, const char *data);
 char *ssh_gcry_bn2dec(bignum bn);
-int ssh_gcry_rand_range(bignum rnd, bignum max);
 
 #define bignum_new() gcry_mpi_new(0)
 #define bignum_safe_free(num) do { \
@@ -70,38 +67,20 @@ int ssh_gcry_rand_range(bignum rnd, bignum max);
         (num)=NULL; \
     } \
     } while (0)
-#define bignum_free(num) gcry_mpi_release(num)
-#define bignum_ctx_new() NULL
-#define bignum_ctx_free(ctx) do {(ctx) = NULL;} while(0)
-#define bignum_ctx_invalid(ctx) (ctx != NULL)
-#define bignum_set_word(bn,n) (gcry_mpi_set_ui(bn,n)!=NULL ? 1 : 0)
-#define bignum_bin2bn(data,datalen,dest) gcry_mpi_scan(dest,GCRYMPI_FMT_USG,data,datalen,NULL)
+#define bignum_set_word(bn,n) gcry_mpi_set_ui(bn,n)
+#define bignum_bin2bn(bn,datalen,data) gcry_mpi_scan(data,GCRYMPI_FMT_USG,bn,datalen,NULL)
 #define bignum_bn2dec(num) ssh_gcry_bn2dec(num)
 #define bignum_dec2bn(num, data) ssh_gcry_dec2bn(data, num)
-
-#define bignum_bn2hex(num, data) \
-    gcry_mpi_aprint(GCRYMPI_FMT_HEX, data, NULL, (const gcry_mpi_t)num)
-
-#define bignum_hex2bn(data, num) (gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,0,NULL)==0?1:0)
-#define bignum_rand(num,bits) 1,gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0)
-#define bignum_mod_exp(dest,generator,exp,modulo, ctx) 1,gcry_mpi_powm(dest,generator,exp,modulo)
+#define bignum_bn2hex(num,data) gcry_mpi_aprint(GCRYMPI_FMT_HEX,data,NULL,num)
+#define bignum_hex2bn(num,datalen,data) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,datalen,NULL)
+#define bignum_rand(num,bits) gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0)
+#define bignum_mod_exp(dest,generator,exp,modulo) gcry_mpi_powm(dest,generator,exp,modulo)
 #define bignum_num_bits(num) gcry_mpi_get_nbits(num)
 #define bignum_num_bytes(num) ((gcry_mpi_get_nbits(num)+7)/8)
 #define bignum_is_bit_set(num,bit) gcry_mpi_test_bit(num,bit)
 #define bignum_bn2bin(num,datalen,data) gcry_mpi_print(GCRYMPI_FMT_USG,data,datalen,NULL,num)
 #define bignum_cmp(num1,num2) gcry_mpi_cmp(num1,num2)
-#define bignum_rshift1(dest, src) gcry_mpi_rshift (dest, src, 1)
-#define bignum_add(dst, a, b) gcry_mpi_add(dst, a, b)
-#define bignum_sub(dst, a, b) gcry_mpi_sub(dst, a, b)
-#define bignum_mod(dst, a, b, ctx) 1,gcry_mpi_mod(dst, a, b)
-#define bignum_rand_range(rnd, max) ssh_gcry_rand_range(rnd, max);
-#define bignum_dup(orig, dest) do { \
-        if (*(dest) == NULL) { \
-            *(dest) = gcry_mpi_copy(orig); \
-        } else { \
-            gcry_mpi_set(*(dest), orig); \
-        } \
-    } while(0)
+
 /* Helper functions for data conversions.  */
 
 /* Extract an MPI from the given s-expression SEXP named NAME which is
@@ -112,8 +91,6 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp,
                                 enum gcry_mpi_format informat,
                                 enum gcry_mpi_format outformat);
 
-#define ssh_fips_mode() false
-
 #endif /* HAVE_LIBGCRYPT */
 
 #endif /* LIBGCRYPT_H_ */

include/libssh/libmbedcrypto.h

@@ -60,8 +60,6 @@ typedef mbedtls_md_context_t *EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 
 typedef mbedtls_mpi *bignum;
-typedef const mbedtls_mpi *const_bignum;
-typedef void* bignum_CTX;
 
 /* Constants for curves */
 #define NID_mbedtls_nistp256 0
@@ -75,11 +73,9 @@ struct mbedtls_ecdsa_sig {
 
 bignum ssh_mbedcry_bn_new(void);
 void ssh_mbedcry_bn_free(bignum num);
-unsigned char *ssh_mbedcry_bn2num(const_bignum num, int radix);
+char *ssh_mbedcry_bn2num(bignum num, int radix);
 int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom);
 int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
-int ssh_mbedcry_rand_range(bignum dest, bignum max);
-int ssh_mbedcry_hex2bn(bignum *dest, char *data);
 
 #define bignum_new() ssh_mbedcry_bn_new()
 #define bignum_safe_free(num) do { \
@@ -88,44 +84,22 @@ int ssh_mbedcry_hex2bn(bignum *dest, char *data);
         (num)=NULL; \
     } \
     } while(0)
-#define bignum_ctx_new() NULL
-#define bignum_ctx_free(num) do {(num) = NULL;} while(0)
-#define bignum_ctx_invalid(ctx) (ctx == NULL?0:1)
-#define bignum_set_word(bn, n) (mbedtls_mpi_lset(bn, n)==0?1:0) /* TODO fix
+#define bignum_set_word(bn, n) mbedtls_mpi_lset(bn, n) /* TODO fix
                                                           overflow/underflow */
-#define bignum_bin2bn(data, datalen, bn) do { \
-    *(bn) = bignum_new(); \
-    if (*(bn) != NULL) { \
-        mbedtls_mpi_read_binary(*(bn), data, datalen); \
-    } \
-    } while(0)
+#define bignum_bin2bn(data, datalen, bn) mbedtls_mpi_read_binary(bn, data, \
+        datalen)
 #define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
 #define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
-#define bignum_bn2hex(num, dest) (*dest)=ssh_mbedcry_bn2num(num, 16)
-#define bignum_hex2bn(data, dest) ssh_mbedcry_hex2bn(dest, data)
+#define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16)
 #define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1)
-#define bignum_rand_range(rnd, max) ssh_mbedcry_rand_range(rnd, max)
 #define bignum_mod_exp(dest, generator, exp, modulo, ctx) \
-        (mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)==0?1:0)
-#define bignum_add(dest, a, b) mbedtls_mpi_add_mpi(dest, a, b)
-#define bignum_sub(dest, a, b) mbedtls_mpi_sub_mpi(dest, a, b)
-#define bignum_mod(dest, a, b, ctx) \
-    (mbedtls_mpi_mod_mpi(dest, a, b) == 0 ? 1 : 0)
+        mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)
 #define bignum_num_bytes(num) mbedtls_mpi_size(num)
 #define bignum_num_bits(num) mbedtls_mpi_bitlen(num)
 #define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit)
-#define bignum_bn2bin(num, len, ptr) mbedtls_mpi_write_binary(num, ptr, \
+#define bignum_bn2bin(num, ptr) mbedtls_mpi_write_binary(num, ptr, \
         mbedtls_mpi_size(num))
 #define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
-#define bignum_rshift1(dest, src) mbedtls_mpi_copy(dest, src), mbedtls_mpi_shift_r(dest, 1)
-#define bignum_dup(orig, dest) do { \
-    if (*(dest) == NULL) { \
-        *(dest) = bignum_new(); \
-    } \
-    if (*(dest) != NULL) { \
-        mbedtls_mpi_copy(orig, *(dest)); \
-    } \
-    } while(0)
 
 mbedtls_ctr_drbg_context *ssh_get_mbedtls_ctr_drbg_context(void);
 
@@ -134,7 +108,5 @@ int ssh_mbedtls_random(void *where, int len, int strong);
 ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const
         mbedtls_ecp_point *p);
 
-#define ssh_fips_mode() false
-
 #endif /* HAVE_LIBMBEDCRYPTO */
 #endif /* LIBMBEDCRYPTO_H_ */

include/libssh/libssh.h

@@ -1,7 +1,7 @@
 /*
  * This file is part of the SSH Library
  *
- * Copyright (c) 2003-2021 by Aris Adamantiadis and the libssh team
+ * Copyright (c) 2003-2009 by Aris Adamantiadis
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -21,8 +21,6 @@
 #ifndef _LIBSSH_H
 #define _LIBSSH_H
 
-#include <libssh/libssh_version.h>
-
 #if defined _WIN32 || defined __CYGWIN__
   #ifdef LIBSSH_STATIC
     #define LIBSSH_API
@@ -73,6 +71,23 @@
 #define SSH_STRINGIFY(s) SSH_TOSTRING(s)
 #define SSH_TOSTRING(s) #s
 
+/* libssh version macros */
+#define SSH_VERSION_INT(a, b, c) ((a) << 16 | (b) << 8 | (c))
+#define SSH_VERSION_DOT(a, b, c) a ##.## b ##.## c
+#define SSH_VERSION(a, b, c) SSH_VERSION_DOT(a, b, c)
+
+/* libssh version */
+#define LIBSSH_VERSION_MAJOR  0
+#define LIBSSH_VERSION_MINOR  8
+#define LIBSSH_VERSION_MICRO  8
+
+#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
+                                           LIBSSH_VERSION_MINOR, \
+                                           LIBSSH_VERSION_MICRO)
+#define LIBSSH_VERSION     SSH_VERSION(LIBSSH_VERSION_MAJOR, \
+                                       LIBSSH_VERSION_MINOR, \
+                                       LIBSSH_VERSION_MICRO)
+
 /* GCC have printf type attribute check.  */
 #ifdef __GNUC__
 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
@@ -153,13 +168,13 @@ enum ssh_auth_e {
 };
 
 /* auth flags */
-#define SSH_AUTH_METHOD_UNKNOWN     0x0000u
-#define SSH_AUTH_METHOD_NONE        0x0001u
-#define SSH_AUTH_METHOD_PASSWORD    0x0002u
-#define SSH_AUTH_METHOD_PUBLICKEY   0x0004u
-#define SSH_AUTH_METHOD_HOSTBASED   0x0008u
-#define SSH_AUTH_METHOD_INTERACTIVE 0x0010u
-#define SSH_AUTH_METHOD_GSSAPI_MIC  0x0020u
+#define SSH_AUTH_METHOD_UNKNOWN 0
+#define SSH_AUTH_METHOD_NONE 0x0001
+#define SSH_AUTH_METHOD_PASSWORD 0x0002
+#define SSH_AUTH_METHOD_PUBLICKEY 0x0004
+#define SSH_AUTH_METHOD_HOSTBASED 0x0008
+#define SSH_AUTH_METHOD_INTERACTIVE 0x0010
+#define SSH_AUTH_METHOD_GSSAPI_MIC 0x0020
 
 /* messages */
 enum ssh_requests_e {
@@ -278,17 +293,10 @@ enum ssh_keytypes_e{
   SSH_KEYTYPE_DSS=1,
   SSH_KEYTYPE_RSA,
   SSH_KEYTYPE_RSA1,
-  SSH_KEYTYPE_ECDSA, /* deprecated */
+  SSH_KEYTYPE_ECDSA,
   SSH_KEYTYPE_ED25519,
   SSH_KEYTYPE_DSS_CERT01,
-  SSH_KEYTYPE_RSA_CERT01,
-  SSH_KEYTYPE_ECDSA_P256,
-  SSH_KEYTYPE_ECDSA_P384,
-  SSH_KEYTYPE_ECDSA_P521,
-  SSH_KEYTYPE_ECDSA_P256_CERT01,
-  SSH_KEYTYPE_ECDSA_P384_CERT01,
-  SSH_KEYTYPE_ECDSA_P521_CERT01,
-  SSH_KEYTYPE_ED25519_CERT01,
+  SSH_KEYTYPE_RSA_CERT01
 };
 
 enum ssh_keycmp_e {
@@ -397,9 +405,6 @@ enum ssh_options_e {
   SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
   SSH_OPTIONS_NODELAY,
   SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
-  SSH_OPTIONS_PROCESS_CONFIG,
-  SSH_OPTIONS_REKEY_DATA,
-  SSH_OPTIONS_REKEY_TIME,
 };
 
 enum {
@@ -426,7 +431,6 @@ enum ssh_scp_request_types {
 enum ssh_connector_flags_e {
     /** Only the standard stream of the channel */
     SSH_CONNECTOR_STDOUT = 1,
-    SSH_CONNECTOR_STDINOUT = 1,
     /** Only the exception stream of the channel */
     SSH_CONNECTOR_STDERR = 2,
     /** Merge both standard and exception streams */
@@ -447,8 +451,6 @@ LIBSSH_API ssh_channel ssh_channel_new(ssh_session session);
 LIBSSH_API int ssh_channel_open_auth_agent(ssh_channel channel);
 LIBSSH_API int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
     int remoteport, const char *sourcehost, int localport);
-LIBSSH_API int ssh_channel_open_forward_unix(ssh_channel channel, const char *remotepath,
-    const char *sourcehost, int localport);
 LIBSSH_API int ssh_channel_open_session(ssh_channel channel);
 LIBSSH_API int ssh_channel_open_x11(ssh_channel channel, const char *orig_addr, int orig_port);
 LIBSSH_API int ssh_channel_poll(ssh_channel channel, int is_stderr);
@@ -541,11 +543,6 @@ SSH_DEPRECATED LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, in
 SSH_DEPRECATED LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port);
 SSH_DEPRECATED LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port);
 SSH_DEPRECATED LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key);
-SSH_DEPRECATED LIBSSH_API int ssh_write_knownhost(ssh_session session);
-SSH_DEPRECATED LIBSSH_API char *ssh_dump_knownhost(ssh_session session);
-SSH_DEPRECATED LIBSSH_API int ssh_is_server_known(ssh_session session);
-SSH_DEPRECATED LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
-
 
 
 LIBSSH_API int ssh_get_random(void *where,int len,int strong);
@@ -555,6 +552,7 @@ LIBSSH_API int ssh_get_poll_flags(ssh_session session);
 LIBSSH_API int ssh_init(void);
 LIBSSH_API int ssh_is_blocking(ssh_session session);
 LIBSSH_API int ssh_is_connected(ssh_session session);
+LIBSSH_API int ssh_is_server_known(ssh_session session);
 
 /* KNOWN HOSTS */
 LIBSSH_API void ssh_knownhosts_entry_free(struct ssh_knownhosts_entry *entry);
@@ -574,8 +572,9 @@ LIBSSH_API int ssh_session_export_known_hosts_entry(ssh_session session,
                                                     char **pentry_string);
 LIBSSH_API int ssh_session_update_known_hosts(ssh_session session);
 
-LIBSSH_API enum ssh_known_hosts_e ssh_session_get_known_hosts_entry(ssh_session session,
-        struct ssh_knownhosts_entry **pentry);
+LIBSSH_API enum ssh_known_hosts_e
+ssh_session_get_known_hosts_entry(ssh_session session,
+                                  struct ssh_knownhosts_entry **pentry);
 LIBSSH_API enum ssh_known_hosts_e ssh_session_is_known_server(ssh_session session);
 
 /* LOGGING */
@@ -593,10 +592,7 @@ SSH_DEPRECATED LIBSSH_API void ssh_log(ssh_session session,
                                        const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
 
 LIBSSH_API ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg);
-LIBSSH_API int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan);
 LIBSSH_API int ssh_message_channel_request_reply_success(ssh_message msg);
-#define SSH_MESSAGE_FREE(x) \
-    do { if ((x) != NULL) { ssh_message_free(x); (x) = NULL; } } while(0)
 LIBSSH_API void ssh_message_free(ssh_message msg);
 LIBSSH_API ssh_message ssh_message_get(ssh_session session);
 LIBSSH_API int ssh_message_subtype(ssh_message msg);
@@ -618,13 +614,7 @@ LIBSSH_API ssh_pcap_file ssh_pcap_file_new(void);
 LIBSSH_API int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename);
 
 /**
- * @addtogroup libssh_auth
- *
- * @{
- */
-
-/**
- * @brief SSH authentication callback for password and publickey auth.
+ * @brief SSH authentication callback.
  *
  * @param prompt        Prompt to be displayed.
  * @param buf           Buffer to save the password. You should null-terminate it.
@@ -639,8 +629,6 @@ LIBSSH_API int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename);
 typedef int (*ssh_auth_callback) (const char *prompt, char *buf, size_t len,
     int echo, int verify, void *userdata);
 
-/** @} */
-
 LIBSSH_API ssh_key ssh_key_new(void);
 #define SSH_KEY_FREE(x) \
     do { if ((x) != NULL) { ssh_key_free(x); x = NULL; } } while(0)
@@ -705,6 +693,7 @@ LIBSSH_API char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
                                           unsigned char *hash,
                                           size_t len);
 LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
+LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
 LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
 LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
 LIBSSH_API void ssh_gssapi_set_creds(ssh_session session, const ssh_gssapi_creds creds);
@@ -771,6 +760,8 @@ LIBSSH_API int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i
     const char *answer);
 LIBSSH_API int ssh_userauth_gssapi(ssh_session session);
 LIBSSH_API const char *ssh_version(int req_version);
+LIBSSH_API int ssh_write_knownhost(ssh_session session);
+LIBSSH_API char *ssh_dump_knownhost(ssh_session session);
 
 LIBSSH_API void ssh_string_burn(ssh_string str);
 LIBSSH_API ssh_string ssh_string_copy(ssh_string str);

include/libssh/libssh_version.h.cmake

@@ -1,41 +0,0 @@
-/*
- * This file is part of the SSH Library
- *
- * Copyright (c) 2020 by Heiko Thiery
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef _LIBSSH_VERSION_H
-#define _LIBSSH_VERSION_H
-
-/* libssh version macros */
-#define SSH_VERSION_INT(a, b, c) ((a) << 16 | (b) << 8 | (c))
-#define SSH_VERSION_DOT(a, b, c) a ##.## b ##.## c
-#define SSH_VERSION(a, b, c) SSH_VERSION_DOT(a, b, c)
-
-/* libssh version */
-#define LIBSSH_VERSION_MAJOR  @libssh_VERSION_MAJOR@
-#define LIBSSH_VERSION_MINOR  @libssh_VERSION_MINOR@
-#define LIBSSH_VERSION_MICRO  @libssh_VERSION_PATCH@
-
-#define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
-                                           LIBSSH_VERSION_MINOR, \
-                                           LIBSSH_VERSION_MICRO)
-#define LIBSSH_VERSION     SSH_VERSION(LIBSSH_VERSION_MAJOR, \
-                                       LIBSSH_VERSION_MINOR, \
-                                       LIBSSH_VERSION_MICRO)
-
-#endif /* _LIBSSH_VERSION_H */

include/libssh/libsshpp.hpp

@@ -212,7 +212,7 @@ public:
    * @see ssh_userauth_kbdint
    */
   int userauthKbdint(const char* username, const char* submethods){
-    int ret = ssh_userauth_kbdint(c_session, username, submethods);
+    int ret=ssh_userauth_kbdint(c_session,NULL,NULL);
     ssh_throw(ret);
     return ret;
   }
@@ -407,7 +407,7 @@ public:
    * @see ssh_write_knownhost
    */
   int writeKnownhost(){
-    int ret = ssh_session_update_known_hosts(c_session);
+    int ret = ssh_write_knownhost(c_session);
     ssh_throw(ret);
     return ret;
   }

include/libssh/messages.h

@@ -28,7 +28,7 @@ struct ssh_auth_request {
     int method;
     char *password;
     struct ssh_key_struct *pubkey;
-    enum ssh_publickey_state_e signature_state;
+    char signature_state;
     char kbdint_response;
 };
 
@@ -101,6 +101,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request);
 
 int ssh_message_handle_channel_request(ssh_session session, ssh_channel channel, ssh_buffer packet,
     const char *request, uint8_t want_reply);
+void ssh_message_queue(ssh_session session, ssh_message message);
 ssh_message ssh_message_pop_head(ssh_session session);
+int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan);
 
 #endif /* MESSAGES_H_ */

include/libssh/misc.h

@@ -26,7 +26,6 @@
 char *ssh_get_user_home_dir(void);
 char *ssh_get_local_username(void);
 int ssh_file_readaccess_ok(const char *file);
-int ssh_dir_writeable(const char *path);
 
 char *ssh_path_expand_tilde(const char *d);
 char *ssh_path_expand_escape(ssh_session session, const char *s);
@@ -88,13 +87,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout);
 
 int ssh_match_group(const char *group, const char *object);
 
-void uint64_inc(unsigned char *counter);
-
-void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len);
-
-int ssh_mkdirs(const char *pathname, mode_t mode);
-
 int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len);
-int ssh_newline_vis(const char *string, char *buf, size_t buf_len);
 
 #endif /* MISC_H_ */

include/libssh/packet.h

@@ -70,7 +70,6 @@ int ssh_packet_parse_type(ssh_session session);
 int ssh_packet_socket_callback(const void *data, size_t len, void *user);
 void ssh_packet_register_socket_callback(ssh_session session, struct ssh_socket_struct *s);
 void ssh_packet_set_callbacks(ssh_session session, ssh_packet_callbacks callbacks);
-void ssh_packet_remove_callbacks(ssh_session session, ssh_packet_callbacks callbacks);
 void ssh_packet_set_default_callbacks(ssh_session session);
 void ssh_packet_process(ssh_session session, uint8_t type);
 
@@ -80,12 +79,8 @@ int ssh_packet_decrypt(ssh_session session, uint8_t *destination, uint8_t *sourc
         size_t start, size_t encrypted_size);
 unsigned char *ssh_packet_encrypt(ssh_session session,
                                   void *packet,
-                                  uint32_t len);
-int ssh_packet_hmac_verify(ssh_session session, const void *data, size_t len,
+                                  unsigned int len);
+int ssh_packet_hmac_verify(ssh_session session,ssh_buffer buffer,
                            unsigned char *mac, enum ssh_hmac_e type);
-int ssh_packet_set_newkeys(ssh_session session,
-                           enum ssh_crypto_direction_e direction);
-struct ssh_crypto_struct *ssh_packet_get_current_crypto(ssh_session session,
-        enum ssh_crypto_direction_e direction);
 
 #endif /* PACKET_H_ */

include/libssh/pki.h

@@ -30,15 +30,7 @@
 #endif
 
 #include "libssh/crypto.h"
-#ifdef HAVE_OPENSSL_ED25519
-/* If using OpenSSL implementation, define the signature lenght which would be
- * defined in libssh/ed25519.h otherwise */
-#define ED25519_SIG_LEN 64
-#else
 #include "libssh/ed25519.h"
-#endif
-/* This definition is used for both OpenSSL and internal implementations */
-#define ED25519_KEY_LEN 32
 
 #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
 #define MAX_PRIVKEY_SIZE 0x400000 /* 4M */
@@ -52,30 +44,25 @@ struct ssh_key_struct {
     int flags;
     const char *type_c; /* Don't free it ! it is static */
     int ecdsa_nid;
-#if defined(HAVE_LIBGCRYPT)
+#ifdef HAVE_LIBGCRYPT
     gcry_sexp_t dsa;
     gcry_sexp_t rsa;
     gcry_sexp_t ecdsa;
-#elif defined(HAVE_LIBMBEDCRYPTO)
+#elif HAVE_LIBMBEDCRYPTO
     mbedtls_pk_context *rsa;
     mbedtls_ecdsa_context *ecdsa;
     void *dsa;
-#elif defined(HAVE_LIBCRYPTO)
+#elif HAVE_LIBCRYPTO
     DSA *dsa;
     RSA *rsa;
-# if defined(HAVE_OPENSSL_ECC)
+#ifdef HAVE_OPENSSL_ECC
     EC_KEY *ecdsa;
-# else
-    void *ecdsa;
-# endif /* HAVE_OPENSSL_EC_H */
-#endif /* HAVE_LIBGCRYPT */
-#ifdef HAVE_OPENSSL_ED25519
-    uint8_t *ed25519_pubkey;
-    uint8_t *ed25519_privkey;
 #else
+    void *ecdsa;
+#endif /* HAVE_OPENSSL_EC_H */
+#endif
     ed25519_pubkey *ed25519_pubkey;
     ed25519_privkey *ed25519_privkey;
-#endif
     void *cert;
     enum ssh_keytypes_e cert_type;
 };
@@ -84,18 +71,23 @@ struct ssh_signature_struct {
     enum ssh_keytypes_e type;
     enum ssh_digest_e hash_type;
     const char *type_c;
-#if defined(HAVE_LIBGCRYPT)
+#ifdef HAVE_LIBGCRYPT
     gcry_sexp_t dsa_sig;
     gcry_sexp_t rsa_sig;
     gcry_sexp_t ecdsa_sig;
-#elif defined(HAVE_LIBMBEDCRYPTO)
+#elif defined HAVE_LIBCRYPTO
+    DSA_SIG *dsa_sig;
+    ssh_string rsa_sig;
+# ifdef HAVE_OPENSSL_ECC
+    ECDSA_SIG *ecdsa_sig;
+# else
+    void *ecdsa_sig;
+# endif
+#elif defined HAVE_LIBMBEDCRYPTO
     ssh_string rsa_sig;
     struct mbedtls_ecdsa_sig ecdsa_sig;
-#endif /* HAVE_LIBGCRYPT */
-#ifndef HAVE_OPENSSL_ED25519
-    ed25519_signature *ed25519_sig;
 #endif
-    ssh_string raw_sig;
+    ed25519_signature *ed25519_sig;
 };
 
 typedef struct ssh_signature_struct *ssh_signature;
@@ -108,25 +100,10 @@ const char *
 ssh_key_get_signature_algorithm(ssh_session session,
                                 enum ssh_keytypes_e type);
 enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name);
-enum ssh_keytypes_e ssh_key_type_plain(enum ssh_keytypes_e type);
-enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
-                                       enum ssh_keytypes_e type);
-enum ssh_digest_e ssh_key_hash_from_name(const char *name);
-
-#define is_ecdsa_key_type(t) \
-    ((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
-
-#define is_cert_type(kt)\
-      ((kt) == SSH_KEYTYPE_DSS_CERT01 ||\
-       (kt) == SSH_KEYTYPE_RSA_CERT01 ||\
-      ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
-       (kt) <= SSH_KEYTYPE_ED25519_CERT01))
 
 /* SSH Signature Functions */
 ssh_signature ssh_signature_new(void);
 void ssh_signature_free(ssh_signature sign);
-#define SSH_SIGNATURE_FREE(x) \
-    do { ssh_signature_free(x); x = NULL; } while(0)
 
 int ssh_pki_export_signature_blob(const ssh_signature sign,
                                   ssh_string *sign_blob);
@@ -136,7 +113,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
 int ssh_pki_signature_verify(ssh_session session,
                              ssh_signature sig,
                              const ssh_key key,
-                             const unsigned char *digest,
+                             unsigned char *digest,
                              size_t dlen);
 
 /* SSH Public Key Functions */
@@ -151,13 +128,12 @@ int ssh_pki_import_cert_blob(const ssh_string cert_blob,
 
 /* SSH Signing Functions */
 ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
-    const ssh_key privatekey, enum ssh_digest_e hash_type);
+    const ssh_key privatekey);
 ssh_string ssh_pki_do_sign_agent(ssh_session session,
                                  struct ssh_buffer_struct *buf,
                                  const ssh_key pubkey);
 ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
-                                         const ssh_key privkey,
-                                         const enum ssh_digest_e digest);
+                                         const ssh_key privkey);
 
 /* Temporary functions, to be removed after migration to ssh_key */
 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key);

include/libssh/pki_priv.h

@@ -61,8 +61,6 @@ int pki_key_compare(const ssh_key k1,
                     const ssh_key k2,
                     enum ssh_keycmp_e what);
 
-int pki_key_check_hash_compatible(ssh_key key,
-                                  enum ssh_digest_e hash_type);
 /* SSH Private Key Functions */
 enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey);
 ssh_key pki_private_key_from_base64(const char *b64_key,
@@ -111,29 +109,30 @@ int pki_privkey_build_ecdsa(ssh_key key,
 ssh_string pki_publickey_to_blob(const ssh_key key);
 
 /* SSH Signature Functions */
-ssh_signature pki_sign_data(const ssh_key privkey,
-                            enum ssh_digest_e hash_type,
-                            const unsigned char *input,
-                            size_t input_len);
-int pki_verify_data_signature(ssh_signature signature,
-                              const ssh_key pubkey,
-                              const unsigned char *input,
-                              size_t input_len);
 ssh_string pki_signature_to_blob(const ssh_signature sign);
 ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                                       const ssh_string sig_blob,
                                       enum ssh_keytypes_e type,
                                       enum ssh_digest_e hash_type);
+int pki_signature_verify(ssh_session session,
+                         const ssh_signature sig,
+                         const ssh_key key,
+                         const unsigned char *hash,
+                         size_t hlen);
 
 /* SSH Signing Functions */
-ssh_signature pki_do_sign(const ssh_key privkey,
-                          const unsigned char *input,
-                          size_t input_len,
-                          enum ssh_digest_e hash_type);
+#define pki_do_sign(key, hash, hlen) \
+    pki_do_sign_hash(key, hash, hlen, SSH_DIGEST_AUTO)
 ssh_signature pki_do_sign_hash(const ssh_key privkey,
                                const unsigned char *hash,
                                size_t hlen,
                                enum ssh_digest_e hash_type);
+#define pki_do_sign_sessionid(key, hash, hlen) \
+    pki_do_sign_sessionid_hash(key, hash, hlen, SSH_DIGEST_AUTO)
+ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
+                                        const unsigned char *hash,
+                                        size_t hlen,
+                                        enum ssh_digest_e hash_type);
 int pki_ed25519_sign(const ssh_key privkey, ssh_signature sig,
         const unsigned char *hash, size_t hlen);
 int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig,
@@ -143,8 +142,8 @@ int pki_ed25519_key_cmp(const ssh_key k1,
                 enum ssh_keycmp_e what);
 int pki_ed25519_key_dup(ssh_key new, const ssh_key key);
 int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key);
-ssh_string pki_ed25519_signature_to_blob(ssh_signature sig);
-int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob);
+ssh_string pki_ed25519_sig_to_blob(ssh_signature sig);
+int pki_ed25519_sig_from_blob(ssh_signature sig, ssh_string sig_blob);
 int pki_privkey_build_ed25519(ssh_key key,
                               ssh_string pubkey,
                               ssh_string privkey);

include/libssh/priv.h

@@ -32,7 +32,6 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
-#include <stdbool.h>
 
 #if !defined(HAVE_STRTOULL)
 # if defined(HAVE___STRTOULL)
@@ -79,22 +78,6 @@ char *strndup(const char *s, size_t n);
 #  endif /* __WORDSIZE */
 # endif /* PRIu64 */
 
-# ifndef PRIu32
-#  define PRIu32 "u"
-# endif /* PRIu32 */
-
-# ifndef PRIx64
-#  if __WORDSIZE == 64
-#   define PRIx64 "lx"
-#  else
-#   define PRIx64 "llx"
-#  endif /* __WORDSIZE */
-# endif /* PRIx64 */
-
-# ifndef PRIx32
-#  define PRIx32 "x"
-# endif /* PRIx32 */
-
 # ifdef _MSC_VER
 #  include <stdio.h>
 #  include <stdarg.h> /* va_copy define check */
@@ -222,17 +205,7 @@ int gettimeofday(struct timeval *__p, void *__t);
 struct ssh_common_struct;
 struct ssh_kex_struct;
 
-enum ssh_digest_e {
-    SSH_DIGEST_AUTO=0,
-    SSH_DIGEST_SHA1=1,
-    SSH_DIGEST_SHA256,
-    SSH_DIGEST_SHA384,
-    SSH_DIGEST_SHA512,
-};
-
-int ssh_get_key_params(ssh_session session,
-                       ssh_key *privkey,
-                       enum ssh_digest_e *digest);
+int ssh_get_key_params(ssh_session session, ssh_key *privkey);
 
 /* LOGGING */
 void ssh_log_function(int verbosity,
@@ -283,12 +256,14 @@ int ssh_auth_reply_success(ssh_session session, int partial);
 int ssh_send_banner(ssh_session session, int is_server);
 
 /* connect.c */
+socket_t ssh_connect_host(ssh_session session, const char *host,const char
+        *bind_addr, int port, long timeout, long usec);
 socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
 		const char *bind_addr, int port);
 
 /* in base64.c */
 ssh_buffer base64_to_bin(const char *source);
-uint8_t *bin_to_base64(const uint8_t *source, size_t len);
+unsigned char *bin_to_base64(const unsigned char *source, int len);
 
 /* gzip.c */
 int compress_buffer(ssh_session session,ssh_buffer buf);
@@ -349,6 +324,7 @@ void explicit_bzero(void *s, size_t n);
 /**
  * Get the argument cound of variadic arguments
  */
+#ifdef HAVE_GCC_NARG_MACRO
 /*
  * Since MSVC 2010 there is a bug in passing __VA_ARGS__ to subsequent
  * macros as a single token, which results in:
@@ -358,7 +334,7 @@ void explicit_bzero(void *s, size_t n);
 #define VA_APPLY_VARIADIC_MACRO(macro, tuple) macro tuple
 
 #define __VA_NARG__(...) \
-        (__VA_NARG_(__VA_ARGS__, __RSEQ_N()))
+        (__VA_NARG_(_0, ## __VA_ARGS__, __RSEQ_N()) - 1)
 #define __VA_NARG_(...) \
         VA_APPLY_VARIADIC_MACRO(__VA_ARG_N, (__VA_ARGS__))
 #define __VA_ARG_N( \
@@ -377,6 +353,10 @@ void explicit_bzero(void *s, size_t n);
         29, 28, 27, 26, 25, 24, 23, 22, 21, 20, \
         19, 18, 17, 16, 15, 14, 13, 12, 11, 10, \
          9,  8,  7,  6,  5,  4,  3,  2,  1,  0
+#else
+/* clang does not support the above construction */
+#define __VA_NARG__(...) (-1)
+#endif
 
 #define CLOSE_SOCKET(s) do { if ((s) != SSH_INVALID_SOCKET) { _XCLOSESOCKET(s); (s) = SSH_INVALID_SOCKET;} } while(0)
 
@@ -406,24 +386,6 @@ void explicit_bzero(void *s, size_t n);
 # endif /* HAVE_FALLTHROUGH_ATTRIBUTE */
 #endif /* FALL_THROUGH */
 
-#ifndef __attr_unused__
-# ifdef HAVE_UNUSED_ATTRIBUTE
-#  define __attr_unused__ __attribute__((unused))
-# else /* HAVE_UNUSED_ATTRIBUTE */
-#  define __attr_unused__
-# endif /* HAVE_UNUSED_ATTRIBUTE */
-#endif /* __attr_unused__ */
-
-#ifndef UNUSED_PARAM
-#define UNUSED_PARAM(param) param __attr_unused__
-#endif /* UNUSED_PARAM */
-
-#ifndef UNUSED_VAR
-#define UNUSED_VAR(var) __attr_unused__ var
-#endif /* UNUSED_VAR */
-
 void ssh_agent_state_free(void *data);
 
-bool is_ssh_initialized(void);
-
 #endif /* _LIBSSH_PRIV_H */

include/libssh/server.h

@@ -46,16 +46,7 @@ enum ssh_bind_options_e {
   SSH_BIND_OPTIONS_LOG_VERBOSITY,
   SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
   SSH_BIND_OPTIONS_ECDSAKEY,
-  SSH_BIND_OPTIONS_IMPORT_KEY,
-  SSH_BIND_OPTIONS_KEY_EXCHANGE,
-  SSH_BIND_OPTIONS_CIPHERS_C_S,
-  SSH_BIND_OPTIONS_CIPHERS_S_C,
-  SSH_BIND_OPTIONS_HMAC_C_S,
-  SSH_BIND_OPTIONS_HMAC_S_C,
-  SSH_BIND_OPTIONS_CONFIG_DIR,
-  SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-  SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
-  SSH_BIND_OPTIONS_PROCESS_CONFIG,
+  SSH_BIND_OPTIONS_IMPORT_KEY
 };
 
 typedef struct ssh_bind_struct* ssh_bind;
@@ -94,9 +85,6 @@ LIBSSH_API ssh_bind ssh_bind_new(void);
 LIBSSH_API int ssh_bind_options_set(ssh_bind sshbind,
     enum ssh_bind_options_e type, const void *value);
 
-LIBSSH_API int ssh_bind_options_parse_config(ssh_bind sshbind,
-    const char *filename);
-
 /**
  * @brief Start listening to the socket.
  *

include/libssh/session.h

@@ -20,8 +20,6 @@
 
 #ifndef SESSION_H_
 #define SESSION_H_
-#include <stdbool.h>
-
 #include "libssh/priv.h"
 #include "libssh/kex.h"
 #include "libssh/packet.h"
@@ -29,8 +27,6 @@
 #include "libssh/auth.h"
 #include "libssh/channels.h"
 #include "libssh/poll.h"
-#include "libssh/config.h"
-#include "libssh/misc.h"
 
 /* These are the different states a SSH session can be into its life */
 enum ssh_session_state_e {
@@ -49,8 +45,6 @@ enum ssh_session_state_e {
 
 enum ssh_dh_state_e {
   DH_STATE_INIT=0,
-  DH_STATE_GROUP_SENT,
-  DH_STATE_REQUEST_SENT,
   DH_STATE_INIT_SENT,
   DH_STATE_NEWKEYS_SENT,
   DH_STATE_FINISHED
@@ -75,11 +69,6 @@ enum ssh_pending_call_e {
 /* Client successfully authenticated */
 #define SSH_SESSION_FLAG_AUTHENTICATED 2
 
-/* The KEXINIT message can be sent first by either of the parties so this flag
- * indicates that the message was already sent to make sure it is sent and avoid
- * sending it twice during key exchange to simplify the state machine. */
-#define SSH_SESSION_FLAG_KEXINIT_SENT 4
-
 /* codes to use with ssh_handle_packets*() */
 /* Infinite timeout */
 #define SSH_TIMEOUT_INFINITE -1
@@ -122,7 +111,6 @@ struct ssh_session_struct {
     int openssh;
     uint32_t send_seq;
     uint32_t recv_seq;
-    struct ssh_timestamp last_rekey_time;
 
     int connected;
     /* !=0 when the user got a session handle */
@@ -136,19 +124,19 @@ struct ssh_session_struct {
     /* Extensions negotiated using RFC 8308 */
     uint32_t extensions;
 
-    ssh_string banner; /* that's the issue banner from the server */
-    char *discon_msg; /* disconnect message from the remote host */
+    ssh_string banner; /* that's the issue banner from
+                       the server */
+    char *discon_msg; /* disconnect message from
+                         the remote host */
     ssh_buffer in_buffer;
     PACKET in_packet;
     ssh_buffer out_buffer;
-    struct ssh_list *out_queue; /* This list is used for delaying packets
-                                   when rekeying is required */
 
     /* the states are used by the nonblocking stuff to remember */
     /* where it was before being interrupted */
     enum ssh_pending_call_e pending_call_state;
     enum ssh_session_state_e session_state;
-    enum ssh_packet_state_e packet_state;
+    int packet_state;
     enum ssh_dh_state_e dh_handshake_state;
     enum ssh_channel_request_state_e global_req_state;
     struct ssh_agent_state_struct *agent_state;
@@ -161,33 +149,25 @@ struct ssh_session_struct {
         uint32_t current_method;
     } auth;
 
-    /* Sending this flag before key exchange to save one round trip during the
-     * key exchange. This might make sense on high-latency connections.
-     * So far internal only for testing. Usable only on the client side --
-     * there is no key exchange method that would start with server message */
-    bool send_first_kex_follows;
     /*
      * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
      * the received SSH_MSG_KEXINIT, but the guess was wrong, this
      * field will be set such that the following guessed packet will
-     * be ignored on the receiving side.  Once that packet has been received and
-     * ignored, this field is cleared.
-     * On the sending side, this is set after we got peer KEXINIT message and we
-     * need to resend the initial message of the negotiated KEX algorithm.
+     * be ignored.  Once that packet has been received and ignored,
+     * this field is cleared.
      */
-    bool first_kex_follows_guess_wrong;
+    int first_kex_follows_guess_wrong;
 
     ssh_buffer in_hashbuf;
     ssh_buffer out_hashbuf;
     struct ssh_crypto_struct *current_crypto;
-    /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
-    struct ssh_crypto_struct *next_crypto;
+    struct ssh_crypto_struct *next_crypto;  /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
 
     struct ssh_list *channels; /* linked list of channels */
     int maxchannel;
     ssh_agent agent; /* ssh agent */
 
-    /* keyboard interactive data */
+/* keyb interactive data */
     struct ssh_kbdint_struct *kbdint;
     struct ssh_gssapi_struct *gssapi;
 
@@ -199,13 +179,11 @@ struct ssh_session_struct {
         ssh_key ed25519_key;
         /* The type of host key wanted by client */
         enum ssh_keytypes_e hostkey;
-        enum ssh_digest_e hostkey_digest;
     } srv;
 
     /* auths accepted by server */
     struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
-    int (*ssh_message_callback)(struct ssh_session_struct *session,
-                                ssh_message msg, void *userdata);
+    int (*ssh_message_callback)( struct ssh_session_struct *session, ssh_message msg, void *userdata);
     void *ssh_message_callback_data;
     ssh_server_callbacks server_callbacks;
     void (*ssh_connection_callback)( struct ssh_session_struct *session);
@@ -225,13 +203,13 @@ struct ssh_session_struct {
         char *sshdir;
         char *knownhosts;
         char *global_knownhosts;
-        char *wanted_methods[SSH_KEX_METHODS];
+        char *wanted_methods[10];
         char *pubkey_accepted_types;
         char *ProxyCommand;
         char *custombanner;
         unsigned long timeout; /* seconds */
         unsigned long timeout_usec;
-        uint16_t port;
+        unsigned int port;
         socket_t fd;
         int StrictHostKeyChecking;
         char compressionlevel;
@@ -240,10 +218,6 @@ struct ssh_session_struct {
         int gss_delegate_creds;
         int flags;
         int nodelay;
-        bool config_processed;
-        uint8_t options_seen[SOC_MAX];
-        uint64_t rekey_data;
-        uint32_t rekey_time;
     } opts;
     /* counters */
     ssh_counter socket_counter;
@@ -257,10 +231,8 @@ struct ssh_session_struct {
  */
 typedef int (*ssh_termination_function)(void *user);
 int ssh_handle_packets(ssh_session session, int timeout);
-int ssh_handle_packets_termination(ssh_session session,
-                                   long timeout,
-                                   ssh_termination_function fct,
-                                   void *user);
+int ssh_handle_packets_termination(ssh_session session, int timeout,
+    ssh_termination_function fct, void *user);
 void ssh_socket_exception_callback(int code, int errno_code, void *user);
 
 #endif /* SESSION_H_ */

include/libssh/sftp.h

@@ -201,18 +201,13 @@ struct sftp_statvfs_struct {
 };
 
 /**
- * @brief Creates a new sftp session.
- *
- * This function creates a new sftp session and allocates a new sftp channel
- * with the server inside of the provided ssh session. This function call is
- * usually followed by the sftp_init(), which initializes SFTP protocol itself.
+ * @brief Start a new sftp session.
  *
  * @param session       The ssh session to use.
  *
  * @return              A new sftp session or NULL on error.
  *
  * @see sftp_free()
- * @see sftp_init()
  */
 LIBSSH_API sftp_session sftp_new(ssh_session session);
 
@@ -237,10 +232,7 @@ LIBSSH_API sftp_session sftp_new_channel(ssh_session session, ssh_channel channe
 LIBSSH_API void sftp_free(sftp_session sftp);
 
 /**
- * @brief Initialize the sftp protocol with the server.
- *
- * This function involves the SFTP protocol initialization (as described
- * in the SFTP specification), including the version and extensions negotiation.
+ * @brief Initialize the sftp session with the server.
  *
  * @param sftp          The sftp session to initialize.
  *
@@ -861,15 +853,15 @@ LIBSSH_API sftp_session sftp_server_new(ssh_session session, ssh_channel chan);
  * @return             0 on success, < 0 on error.
  */
 LIBSSH_API int sftp_server_init(sftp_session sftp);
-
-/**
- * @brief Close and deallocate a sftp server session.
- *
- * @param sftp          The sftp session handle to free.
- */
-LIBSSH_API void sftp_server_free(sftp_session sftp);
 #endif  /* WITH_SERVER */
 
+/* this is not a public interface */
+#define SFTP_HANDLES 256
+sftp_packet sftp_packet_read(sftp_session sftp);
+int sftp_packet_write(sftp_session sftp,uint8_t type, ssh_buffer payload);
+void sftp_packet_free(sftp_packet packet);
+int buffer_add_attributes(ssh_buffer buffer, sftp_attributes attr);
+sftp_attributes sftp_parse_attr(sftp_session session, ssh_buffer buf,int expectname);
 /* sftpserver.c */
 
 LIBSSH_API sftp_client_message sftp_get_client_message(sftp_session sftp);

include/libssh/socket.h

@@ -63,9 +63,6 @@ void ssh_socket_set_callbacks(ssh_socket s, ssh_socket_callbacks callbacks);
 int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p, socket_t fd, int revents, void *v_s);
 struct ssh_poll_handle_struct * ssh_socket_get_poll_handle(ssh_socket s);
 
-int ssh_socket_connect(ssh_socket s,
-                       const char *host,
-                       uint16_t port,
-                       const char *bind_addr);
+int ssh_socket_connect(ssh_socket s, const char *host, int port, const char *bind_addr);
 
 #endif /* SOCKET_H_ */

include/libssh/token.h

@@ -1,48 +0,0 @@
-/*
- * token.h - Tokens list handling
- *
- * This file is part of the SSH Library
- *
- * Copyright (c) 2019 by Red Hat, Inc.
- *
- * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
- *
- * The SSH Library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- *
- * The SSH Library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with the SSH Library; see the file COPYING.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#ifndef TOKEN_H_
-#define TOKEN_H_
-
-struct ssh_tokens_st {
-    char *buffer;
-    char **tokens;
-};
-
-struct ssh_tokens_st *ssh_tokenize(const char *chain, char separator);
-
-void ssh_tokens_free(struct ssh_tokens_st *tokens);
-
-char *ssh_find_matching(const char *available_d,
-                        const char *preferred_d);
-
-char *ssh_find_all_matching(const char *available_d,
-                            const char *preferred_d);
-
-char *ssh_remove_duplicates(const char *list);
-
-char *ssh_append_without_duplicates(const char *list,
-                                    const char *appended_list);
-#endif /* TOKEN_H_ */

include/libssh/wrapper.h

@@ -21,19 +21,24 @@
 #ifndef WRAPPER_H_
 #define WRAPPER_H_
 
-#include <stdbool.h>
-
 #include "config.h"
 #include "libssh/libssh.h"
 #include "libssh/libcrypto.h"
 #include "libssh/libgcrypt.h"
 #include "libssh/libmbedcrypto.h"
 
-enum ssh_kdf_digest {
-    SSH_KDF_SHA1=1,
-    SSH_KDF_SHA256,
-    SSH_KDF_SHA384,
-    SSH_KDF_SHA512
+enum ssh_digest_e {
+    SSH_DIGEST_AUTO=0,
+    SSH_DIGEST_SHA1=1,
+    SSH_DIGEST_SHA256,
+    SSH_DIGEST_SHA512
+};
+
+enum ssh_mac_e {
+  SSH_MAC_SHA1=1,
+  SSH_MAC_SHA256,
+  SSH_MAC_SHA384,
+  SSH_MAC_SHA512
 };
 
 enum ssh_hmac_e {
@@ -41,8 +46,7 @@ enum ssh_hmac_e {
   SSH_HMAC_SHA256,
   SSH_HMAC_SHA512,
   SSH_HMAC_MD5,
-  SSH_HMAC_AEAD_POLY1305,
-  SSH_HMAC_AEAD_GCM
+  SSH_HMAC_AEAD_POLY1305
 };
 
 enum ssh_des_e {
@@ -53,17 +57,9 @@ enum ssh_des_e {
 struct ssh_hmac_struct {
   const char* name;
   enum ssh_hmac_e hmac_type;
-  bool etm;
-};
-
-enum ssh_crypto_direction_e {
-    SSH_DIRECTION_IN = 1,
-    SSH_DIRECTION_OUT = 2,
-    SSH_DIRECTION_BOTH = 3,
 };
 
 struct ssh_cipher_struct;
-struct ssh_crypto_struct;
 
 typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
 MD5CTX md5_init(void);
@@ -73,38 +69,37 @@ void md5_final(unsigned char *md,MD5CTX c);
 SHACTX sha1_init(void);
 void sha1_update(SHACTX c, const void *data, unsigned long len);
 void sha1_final(unsigned char *md,SHACTX c);
-void sha1(const unsigned char *digest,int len,unsigned char *hash);
+void sha1(unsigned char *digest,int len,unsigned char *hash);
 
 SHA256CTX sha256_init(void);
 void sha256_update(SHA256CTX c, const void *data, unsigned long len);
 void sha256_final(unsigned char *md,SHA256CTX c);
-void sha256(const unsigned char *digest, int len, unsigned char *hash);
+void sha256(unsigned char *digest, int len, unsigned char *hash);
 
 SHA384CTX sha384_init(void);
 void sha384_update(SHA384CTX c, const void *data, unsigned long len);
 void sha384_final(unsigned char *md,SHA384CTX c);
-void sha384(const unsigned char *digest, int len, unsigned char *hash);
+void sha384(unsigned char *digest, int len, unsigned char *hash);
 
 SHA512CTX sha512_init(void);
 void sha512_update(SHA512CTX c, const void *data, unsigned long len);
 void sha512_final(unsigned char *md,SHA512CTX c);
-void sha512(const unsigned char *digest, int len, unsigned char *hash);
+void sha512(unsigned char *digest, int len, unsigned char *hash);
 
 void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen);
 EVPCTX evp_init(int nid);
 void evp_update(EVPCTX ctx, const void *data, unsigned long len);
 void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
 
+ssh_mac_ctx ssh_mac_ctx_init(enum ssh_mac_e type);
+void ssh_mac_update(ssh_mac_ctx ctx, const void *data, unsigned long len);
+void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx);
+
 HMACCTX hmac_init(const void *key,int len, enum ssh_hmac_e type);
 void hmac_update(HMACCTX c, const void *data, unsigned long len);
 void hmac_final(HMACCTX ctx,unsigned char *hashmacbuf,unsigned int *len);
 size_t hmac_digest_len(enum ssh_hmac_e type);
 
-int ssh_kdf(struct ssh_crypto_struct *crypto,
-            unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
-            size_t requested_len);
-
 int crypt_set_algorithms_client(ssh_session session);
 int crypt_set_algorithms_server(ssh_session session);
 struct ssh_crypto_struct *crypto_new(void);
@@ -117,6 +112,6 @@ void ssh_crypto_finalize(void);
 void ssh_cipher_clear(struct ssh_cipher_struct *cipher);
 struct ssh_hmac_struct *ssh_get_hmactab(void);
 struct ssh_cipher_struct *ssh_get_ciphertab(void);
-const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm);
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type);
 
 #endif /* WRAPPER_H_ */

libssh-config.cmake.in

@@ -0,0 +1,15 @@
+@PACKAGE_INIT@
+
+if (EXISTS "${CMAKE_CURRENT_LIST_DIR}/CMakeCache.txt")
+    # In tree build
+    set_and_check(LIBSSH_INCLUDE_DIR "${CMAKE_CURRENT_LIST_DIR}/include")
+    set_and_check(LIBSSH_LIBRARIES "${CMAKE_CURRENT_LIST_DIR}/lib/@LIBSSH_LIBRARY_NAME@")
+else()
+    set_and_check(LIBSSH_INCLUDE_DIR "@PACKAGE_INCLUDE_INSTALL_DIR@")
+    set_and_check(LIBSSH_LIBRARIES "@PACKAGE_LIB_INSTALL_DIR@/@LIBSSH_LIBRARY_NAME@")
+endif()
+
+# For backward compatibility
+set(LIBSSH_LIBRARY ${LIBSSH_LIBRARIES})
+
+mark_as_advanced(LIBSSH_LIBRARIES LIBSSH_LIBRARY LIBSSH_INCLUDE_DIR)

libssh.pc.cmake

@@ -1,6 +1,6 @@
 Name: ${PROJECT_NAME}
 Description: The SSH Library
 Version: ${PROJECT_VERSION}
-Libs: -L${CMAKE_INSTALL_FULL_LIBDIR} -lssh
-Cflags: -I${CMAKE_INSTALL_FULL_INCLUDEDIR}
+Libs: -L${LIB_INSTALL_DIR} -lssh
+Cflags: -I${INCLUDE_INSTALL_DIR}
 

obj/build_make.sh

@@ -0,0 +1,200 @@
+#!/bin/bash
+#
+# Last Change: 2008-06-18 14:13:46
+#
+# Script to build libssh on UNIX.
+#
+# Copyright (c) 2006-2007 Andreas Schneider <asn@cryptomilk.org>
+#
+
+SOURCE_DIR=".."
+
+LANG=C
+export LANG
+
+SCRIPT="$0"
+COUNT=0
+while [ -L "${SCRIPT}" ]
+do
+	SCRIPT=$(readlink ${SCRIPT})
+	COUNT=$(expr ${COUNT} + 1)
+	if [ ${COUNT} -gt 100 ]; then
+		echo "Too many symbolic links"
+		exit 1
+	fi
+done
+BUILDDIR=$(dirname ${SCRIPT})
+
+cleanup_and_exit () {
+	if test "$1" = 0 -o -z "$1" ; then
+		exit 0
+	else
+		exit $1
+	fi
+}
+
+function configure() {
+	if [ -n "${CMAKEDIR}" ]; then
+		${CMAKEDIR}/bin/cmake "$@" ${SOURCE_DIR} || cleanup_and_exit $?
+	else
+		cmake "$@" ${SOURCE_DIR} || cleanup_and_exit $?
+	fi
+}
+
+function compile() {
+	if [ -f /proc/cpuinfo ]; then
+		CPUCOUNT=$(grep -c processor /proc/cpuinfo)
+	elif test `uname` = "SunOS" ; then
+		CPUCOUNT=$(psrinfo -p)
+	else
+		CPUCOUNT="1"
+	fi
+
+	if [ "${CPUCOUNT}" -gt "1" ]; then
+		${MAKE} -j${CPUCOUNT} $1 || cleanup_and_exit $?
+	else
+		${MAKE} $1 || exit $?
+	fi
+}
+
+function clean_build_dir() {
+	find ! -path "*.svn*" ! -name "*.bat" ! -name "*.sh" ! -name "." -print0 | xargs -0 rm -rf
+}
+
+function usage () {
+echo "Usage: `basename $0` [--prefix /install_prefix|--build [debug|final]|--clean|--verbose|--libsuffix (32|64)|--help|--clang|--cmakedir /directory|--make
+(gmake|make)|--ccompiler(gcc|cc)|--withstaticlib|--unittesting|--clientunittesting|--withserver|--withoutsymbolversioning]"
+    cleanup_and_exit
+}
+
+cd ${BUILDDIR}
+
+# the default CMake options:
+OPTIONS="--graphviz=${BUILDDIR}/libssh.dot"
+
+# the default 'make' utility:
+MAKE="make"
+
+while test -n "$1"; do
+	PARAM="$1"
+	ARG="$2"
+	shift
+	case ${PARAM} in
+		*-*=*)
+		ARG=${PARAM#*=}
+		PARAM=${PARAM%%=*}
+		set -- "----noarg=${PARAM}" "$@"
+	esac
+	case ${PARAM} in
+		*-help|-h)
+			#echo_help
+			usage
+			cleanup_and_exit
+		;;
+		*-build)
+			DOMAKE="1"
+			BUILD_TYPE="${ARG}"
+			test -n "${BUILD_TYPE}" && shift
+		;;
+		*-clean)
+			clean_build_dir
+			cleanup_and_exit
+		;;
+		*-clang)
+			OPTIONS="${OPTIONS} -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++"
+		;;
+		*-verbose)
+			DOVERBOSE="1"
+		;;
+		*-memtest)
+			OPTIONS="${OPTIONS} -DMEM_NULL_TESTS=ON"
+		;;
+		*-libsuffix)
+			OPTIONS="${OPTIONS} -DLIB_SUFFIX=${ARG}"
+			shift
+		;;
+		*-prefix)
+			OPTIONS="${OPTIONS} -DCMAKE_INSTALL_PREFIX=${ARG}"
+			shift
+		;;
+		*-sysconfdir)
+			OPTIONS="${OPTIONS} -DSYSCONF_INSTALL_DIR=${ARG}"
+			shift
+		;;
+		*-cmakedir)
+			CMAKEDIR="${ARG}"
+			shift
+		;;
+		*-make)
+			MAKE="${ARG}"
+			shift
+		;;
+		*-ccompiler)
+			OPTIONS="${OPTIONS} -DCMAKE_C_COMPILER=${ARG}"
+			shift
+		;;
+		*-withstaticlib)
+			OPTIONS="${OPTIONS} -DWITH_STATIC_LIB=ON"
+		;;
+		*-unittesting)
+			OPTIONS="${OPTIONS} -DUNIT_TESTING=ON"
+		;;
+		*-clientunittesting)
+			OPTIONS="${OPTIONS} -DCLIENT_TESTING=ON"
+		;;
+		*-withserver)
+			OPTIONS="${OPTIONS} -DWITH_SERVER=ON"
+		;;
+		*-withoutsymbolversioning)
+			OPTIONS="${OPTIONS} -DWITH_SYMBOL_VERSIONING=OFF"
+		;;
+		*-finalrelease)
+			OPTIONS="${OPTIONS} -DWITH_FINAL=ON"
+		;;
+		----noarg)
+			echo "$ARG does not take an argument"
+			cleanup_and_exit
+		;;
+		-*)
+			echo Unknown Option "$PARAM". Exit.
+			cleanup_and_exit 1
+		;;
+		*)
+			usage
+		;;
+	esac
+done
+
+if [ "${DOMAKE}" == "1" ]; then
+	OPTIONS="${OPTIONS} -DCMAKE_BUILD_TYPE=${BUILD_TYPE}"
+fi
+
+if [ -n "${DOVERBOSE}" ]; then
+	OPTIONS="${OPTIONS} -DCMAKE_VERBOSE_MAKEFILE=1"
+else
+	OPTIONS="${OPTIONS} -DCMAKE_VERBOSE_MAKEFILE=0"
+fi
+
+test -f "${BUILDDIR}/.build.log" && rm -f ${BUILDDIR}/.build.log
+touch ${BUILDDIR}/.build.log
+# log everything from here to .build.log
+exec 1> >(exec -a 'build logging tee' tee -a ${BUILDDIR}/.build.log) 2>&1
+echo "${HOST} started build at $(date)."
+echo
+
+configure ${OPTIONS} "$@"
+
+if [ -n "${DOMAKE}" ]; then
+	test -n "${DOVERBOSE}" && compile VERBOSE=1 || compile
+fi
+
+DOT=$(which dot 2>/dev/null)
+if [ -n "${DOT}" ]; then
+	${DOT} -Tpng -o${BUILDDIR}/libssh.png ${BUILDDIR}/libssh.dot
+	${DOT} -Tsvg -o${BUILDDIR}/libssh.svg ${BUILDDIR}/libssh.dot
+fi
+
+exec >&0 2>&0		# so that the logging tee finishes
+sleep 1			# wait till tee terminates
+
+cleanup_and_exit 0

src/ABI/current

@@ -1 +1 @@
-4.8.8
+4.7.6

src/ABI/libssh-4.7.5.symbols

@@ -96,7 +96,6 @@ sftp_rmdir
 sftp_seek
 sftp_seek64
 sftp_send_client_message
-sftp_server_free
 sftp_server_init
 sftp_server_new
 sftp_server_version
@@ -121,7 +120,6 @@ ssh_bind_free
 ssh_bind_get_fd
 ssh_bind_listen
 ssh_bind_new
-ssh_bind_options_parse_config
 ssh_bind_options_set
 ssh_bind_set_blocking
 ssh_bind_set_callbacks
@@ -149,7 +147,6 @@ ssh_channel_listen_forward
 ssh_channel_new
 ssh_channel_open_auth_agent
 ssh_channel_open_forward
-ssh_channel_open_forward_unix
 ssh_channel_open_reverse_forward
 ssh_channel_open_session
 ssh_channel_open_x11
@@ -271,7 +268,6 @@ ssh_message_channel_request_open_destination_port
 ssh_message_channel_request_open_originator
 ssh_message_channel_request_open_originator_port
 ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
 ssh_message_channel_request_pty_height
 ssh_message_channel_request_pty_pxheight
 ssh_message_channel_request_pty_pxwidth

src/ABI/libssh-4.7.6.symbols

@@ -96,7 +96,6 @@ sftp_rmdir
 sftp_seek
 sftp_seek64
 sftp_send_client_message
-sftp_server_free
 sftp_server_init
 sftp_server_new
 sftp_server_version
@@ -121,7 +120,6 @@ ssh_bind_free
 ssh_bind_get_fd
 ssh_bind_listen
 ssh_bind_new
-ssh_bind_options_parse_config
 ssh_bind_options_set
 ssh_bind_set_blocking
 ssh_bind_set_callbacks
@@ -149,7 +147,6 @@ ssh_channel_listen_forward
 ssh_channel_new
 ssh_channel_open_auth_agent
 ssh_channel_open_forward
-ssh_channel_open_forward_unix
 ssh_channel_open_reverse_forward
 ssh_channel_open_session
 ssh_channel_open_x11
@@ -271,7 +268,6 @@ ssh_message_channel_request_open_destination_port
 ssh_message_channel_request_open_originator
 ssh_message_channel_request_open_originator_port
 ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
 ssh_message_channel_request_pty_height
 ssh_message_channel_request_pty_pxheight
 ssh_message_channel_request_pty_pxwidth
@@ -350,7 +346,6 @@ ssh_send_keepalive
 ssh_server_init_kex
 ssh_service_request
 ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
 ssh_session_has_known_hosts_entry
 ssh_session_is_known_server
 ssh_session_update_known_hosts
@@ -382,7 +377,6 @@ ssh_string_get_char
 ssh_string_len
 ssh_string_new
 ssh_string_to_char
-ssh_threads_get_default
 ssh_threads_get_noop
 ssh_threads_get_pthread
 ssh_threads_set_callbacks

src/ABI/libssh-4.8.2.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/ABI/libssh-4.8.3.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/ABI/libssh-4.8.4.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/ABI/libssh-4.8.5.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/ABI/libssh-4.8.6.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/ABI/libssh-4.8.7.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/ABI/libssh-4.8.8.symbols

@@ -1,421 +0,0 @@
-_ssh_log
-buffer_free
-buffer_get
-buffer_get_len
-buffer_new
-channel_accept_x11
-channel_change_pty_size
-channel_close
-channel_forward_accept
-channel_forward_cancel
-channel_forward_listen
-channel_free
-channel_get_exit_status
-channel_get_session
-channel_is_closed
-channel_is_eof
-channel_is_open
-channel_new
-channel_open_forward
-channel_open_session
-channel_poll
-channel_read
-channel_read_buffer
-channel_read_nonblocking
-channel_request_env
-channel_request_exec
-channel_request_pty
-channel_request_pty_size
-channel_request_send_signal
-channel_request_sftp
-channel_request_shell
-channel_request_subsystem
-channel_request_x11
-channel_select
-channel_send_eof
-channel_set_blocking
-channel_write
-channel_write_stderr
-privatekey_free
-privatekey_from_file
-publickey_free
-publickey_from_file
-publickey_from_privatekey
-publickey_to_string
-sftp_async_read
-sftp_async_read_begin
-sftp_attributes_free
-sftp_canonicalize_path
-sftp_chmod
-sftp_chown
-sftp_client_message_free
-sftp_client_message_get_data
-sftp_client_message_get_filename
-sftp_client_message_get_flags
-sftp_client_message_get_submessage
-sftp_client_message_get_type
-sftp_client_message_set_filename
-sftp_close
-sftp_closedir
-sftp_dir_eof
-sftp_extension_supported
-sftp_extensions_get_count
-sftp_extensions_get_data
-sftp_extensions_get_name
-sftp_file_set_blocking
-sftp_file_set_nonblocking
-sftp_free
-sftp_fstat
-sftp_fstatvfs
-sftp_fsync
-sftp_get_client_message
-sftp_get_error
-sftp_handle
-sftp_handle_alloc
-sftp_handle_remove
-sftp_init
-sftp_lstat
-sftp_mkdir
-sftp_new
-sftp_new_channel
-sftp_open
-sftp_opendir
-sftp_read
-sftp_readdir
-sftp_readlink
-sftp_rename
-sftp_reply_attr
-sftp_reply_data
-sftp_reply_handle
-sftp_reply_name
-sftp_reply_names
-sftp_reply_names_add
-sftp_reply_status
-sftp_rewind
-sftp_rmdir
-sftp_seek
-sftp_seek64
-sftp_send_client_message
-sftp_server_free
-sftp_server_init
-sftp_server_new
-sftp_server_version
-sftp_setstat
-sftp_stat
-sftp_statvfs
-sftp_statvfs_free
-sftp_symlink
-sftp_tell
-sftp_tell64
-sftp_unlink
-sftp_utimes
-sftp_write
-ssh_accept
-ssh_add_channel_callbacks
-ssh_auth_list
-ssh_basename
-ssh_bind_accept
-ssh_bind_accept_fd
-ssh_bind_fd_toaccept
-ssh_bind_free
-ssh_bind_get_fd
-ssh_bind_listen
-ssh_bind_new
-ssh_bind_options_parse_config
-ssh_bind_options_set
-ssh_bind_set_blocking
-ssh_bind_set_callbacks
-ssh_bind_set_fd
-ssh_blocking_flush
-ssh_buffer_add_data
-ssh_buffer_free
-ssh_buffer_get
-ssh_buffer_get_data
-ssh_buffer_get_len
-ssh_buffer_new
-ssh_buffer_reinit
-ssh_channel_accept_forward
-ssh_channel_accept_x11
-ssh_channel_cancel_forward
-ssh_channel_change_pty_size
-ssh_channel_close
-ssh_channel_free
-ssh_channel_get_exit_status
-ssh_channel_get_session
-ssh_channel_is_closed
-ssh_channel_is_eof
-ssh_channel_is_open
-ssh_channel_listen_forward
-ssh_channel_new
-ssh_channel_open_auth_agent
-ssh_channel_open_forward
-ssh_channel_open_forward_unix
-ssh_channel_open_reverse_forward
-ssh_channel_open_session
-ssh_channel_open_x11
-ssh_channel_poll
-ssh_channel_poll_timeout
-ssh_channel_read
-ssh_channel_read_nonblocking
-ssh_channel_read_timeout
-ssh_channel_request_auth_agent
-ssh_channel_request_env
-ssh_channel_request_exec
-ssh_channel_request_pty
-ssh_channel_request_pty_size
-ssh_channel_request_send_break
-ssh_channel_request_send_exit_signal
-ssh_channel_request_send_exit_status
-ssh_channel_request_send_signal
-ssh_channel_request_sftp
-ssh_channel_request_shell
-ssh_channel_request_subsystem
-ssh_channel_request_x11
-ssh_channel_select
-ssh_channel_send_eof
-ssh_channel_set_blocking
-ssh_channel_set_counter
-ssh_channel_window_size
-ssh_channel_write
-ssh_channel_write_stderr
-ssh_clean_pubkey_hash
-ssh_connect
-ssh_connector_free
-ssh_connector_new
-ssh_connector_set_in_channel
-ssh_connector_set_in_fd
-ssh_connector_set_out_channel
-ssh_connector_set_out_fd
-ssh_copyright
-ssh_dirname
-ssh_disconnect
-ssh_dump_knownhost
-ssh_event_add_connector
-ssh_event_add_fd
-ssh_event_add_session
-ssh_event_dopoll
-ssh_event_free
-ssh_event_new
-ssh_event_remove_connector
-ssh_event_remove_fd
-ssh_event_remove_session
-ssh_execute_message_callbacks
-ssh_finalize
-ssh_forward_accept
-ssh_forward_cancel
-ssh_forward_listen
-ssh_free
-ssh_get_cipher_in
-ssh_get_cipher_out
-ssh_get_clientbanner
-ssh_get_disconnect_message
-ssh_get_error
-ssh_get_error_code
-ssh_get_fd
-ssh_get_fingerprint_hash
-ssh_get_hexa
-ssh_get_hmac_in
-ssh_get_hmac_out
-ssh_get_issue_banner
-ssh_get_kex_algo
-ssh_get_log_callback
-ssh_get_log_level
-ssh_get_log_userdata
-ssh_get_openssh_version
-ssh_get_poll_flags
-ssh_get_pubkey
-ssh_get_pubkey_hash
-ssh_get_publickey
-ssh_get_publickey_hash
-ssh_get_random
-ssh_get_server_publickey
-ssh_get_serverbanner
-ssh_get_status
-ssh_get_version
-ssh_getpass
-ssh_gssapi_get_creds
-ssh_gssapi_set_creds
-ssh_handle_key_exchange
-ssh_init
-ssh_is_blocking
-ssh_is_connected
-ssh_is_server_known
-ssh_key_cmp
-ssh_key_free
-ssh_key_is_private
-ssh_key_is_public
-ssh_key_new
-ssh_key_type
-ssh_key_type_from_name
-ssh_key_type_to_char
-ssh_known_hosts_parse_line
-ssh_knownhosts_entry_free
-ssh_log
-ssh_message_auth_interactive_request
-ssh_message_auth_kbdint_is_response
-ssh_message_auth_password
-ssh_message_auth_pubkey
-ssh_message_auth_publickey
-ssh_message_auth_publickey_state
-ssh_message_auth_reply_pk_ok
-ssh_message_auth_reply_pk_ok_simple
-ssh_message_auth_reply_success
-ssh_message_auth_set_methods
-ssh_message_auth_user
-ssh_message_channel_request_channel
-ssh_message_channel_request_command
-ssh_message_channel_request_env_name
-ssh_message_channel_request_env_value
-ssh_message_channel_request_open_destination
-ssh_message_channel_request_open_destination_port
-ssh_message_channel_request_open_originator
-ssh_message_channel_request_open_originator_port
-ssh_message_channel_request_open_reply_accept
-ssh_message_channel_request_open_reply_accept_channel
-ssh_message_channel_request_pty_height
-ssh_message_channel_request_pty_pxheight
-ssh_message_channel_request_pty_pxwidth
-ssh_message_channel_request_pty_term
-ssh_message_channel_request_pty_width
-ssh_message_channel_request_reply_success
-ssh_message_channel_request_subsystem
-ssh_message_channel_request_x11_auth_cookie
-ssh_message_channel_request_x11_auth_protocol
-ssh_message_channel_request_x11_screen_number
-ssh_message_channel_request_x11_single_connection
-ssh_message_free
-ssh_message_get
-ssh_message_global_request_address
-ssh_message_global_request_port
-ssh_message_global_request_reply_success
-ssh_message_reply_default
-ssh_message_retrieve
-ssh_message_service_reply_success
-ssh_message_service_service
-ssh_message_subtype
-ssh_message_type
-ssh_mkdir
-ssh_new
-ssh_options_copy
-ssh_options_get
-ssh_options_get_port
-ssh_options_getopt
-ssh_options_parse_config
-ssh_options_set
-ssh_pcap_file_close
-ssh_pcap_file_free
-ssh_pcap_file_new
-ssh_pcap_file_open
-ssh_pki_copy_cert_to_privkey
-ssh_pki_export_privkey_base64
-ssh_pki_export_privkey_file
-ssh_pki_export_privkey_to_pubkey
-ssh_pki_export_pubkey_base64
-ssh_pki_export_pubkey_file
-ssh_pki_generate
-ssh_pki_import_cert_base64
-ssh_pki_import_cert_file
-ssh_pki_import_privkey_base64
-ssh_pki_import_privkey_file
-ssh_pki_import_pubkey_base64
-ssh_pki_import_pubkey_file
-ssh_pki_key_ecdsa_name
-ssh_print_hash
-ssh_print_hexa
-ssh_privatekey_type
-ssh_publickey_to_file
-ssh_remove_channel_callbacks
-ssh_scp_accept_request
-ssh_scp_close
-ssh_scp_deny_request
-ssh_scp_free
-ssh_scp_init
-ssh_scp_leave_directory
-ssh_scp_new
-ssh_scp_pull_request
-ssh_scp_push_directory
-ssh_scp_push_file
-ssh_scp_push_file64
-ssh_scp_read
-ssh_scp_request_get_filename
-ssh_scp_request_get_permissions
-ssh_scp_request_get_size
-ssh_scp_request_get_size64
-ssh_scp_request_get_warning
-ssh_scp_write
-ssh_select
-ssh_send_debug
-ssh_send_ignore
-ssh_send_keepalive
-ssh_server_init_kex
-ssh_service_request
-ssh_session_export_known_hosts_entry
-ssh_session_get_known_hosts_entry
-ssh_session_has_known_hosts_entry
-ssh_session_is_known_server
-ssh_session_update_known_hosts
-ssh_set_agent_channel
-ssh_set_agent_socket
-ssh_set_auth_methods
-ssh_set_blocking
-ssh_set_callbacks
-ssh_set_channel_callbacks
-ssh_set_counters
-ssh_set_fd_except
-ssh_set_fd_toread
-ssh_set_fd_towrite
-ssh_set_log_callback
-ssh_set_log_level
-ssh_set_log_userdata
-ssh_set_message_callback
-ssh_set_pcap_file
-ssh_set_server_callbacks
-ssh_silent_disconnect
-ssh_string_burn
-ssh_string_copy
-ssh_string_data
-ssh_string_fill
-ssh_string_free
-ssh_string_free_char
-ssh_string_from_char
-ssh_string_get_char
-ssh_string_len
-ssh_string_new
-ssh_string_to_char
-ssh_threads_get_default
-ssh_threads_get_noop
-ssh_threads_get_pthread
-ssh_threads_set_callbacks
-ssh_try_publickey_from_file
-ssh_userauth_agent
-ssh_userauth_agent_pubkey
-ssh_userauth_autopubkey
-ssh_userauth_gssapi
-ssh_userauth_kbdint
-ssh_userauth_kbdint_getanswer
-ssh_userauth_kbdint_getinstruction
-ssh_userauth_kbdint_getname
-ssh_userauth_kbdint_getnanswers
-ssh_userauth_kbdint_getnprompts
-ssh_userauth_kbdint_getprompt
-ssh_userauth_kbdint_setanswer
-ssh_userauth_list
-ssh_userauth_none
-ssh_userauth_offer_pubkey
-ssh_userauth_password
-ssh_userauth_privatekey_file
-ssh_userauth_pubkey
-ssh_userauth_publickey
-ssh_userauth_publickey_auto
-ssh_userauth_try_publickey
-ssh_version
-ssh_write_knownhost
-string_burn
-string_copy
-string_data
-string_fill
-string_free
-string_from_char
-string_len
-string_new
-string_to_char

src/CMakeLists.txt

@@ -1,7 +1,9 @@
-set(LIBSSH_PUBLIC_INCLUDE_DIRS ${libssh_SOURCE_DIR}/include)
+set(LIBSSH_PUBLIC_INCLUDE_DIRS
+  ${libssh_SOURCE_DIR}/include
+  CACHE INTERNAL "libssh public include directories"
+)
 
 set(LIBSSH_PRIVATE_INCLUDE_DIRS
-  ${libssh_BINARY_DIR}/include
   ${libssh_BINARY_DIR}
 )
 
@@ -16,7 +18,14 @@ if (WIN32)
   )
 endif (WIN32)
 
-if (OPENSSL_CRYPTO_LIBRARIES)
+if (HAVE_LIBSOCKET)
+  set(LIBSSH_LINK_LIBRARIES
+    ${LIBSSH_LINK_LIBRARIES}
+    socket
+  )
+endif (HAVE_LIBSOCKET)
+
+if (OPENSSL_CRYPTO_LIBRARY)
   set(LIBSSH_PRIVATE_INCLUDE_DIRS
     ${LIBSSH_PRIVATE_INCLUDE_DIRS}
     ${OPENSSL_INCLUDE_DIR}
@@ -24,9 +33,9 @@ if (OPENSSL_CRYPTO_LIBRARIES)
 
   set(LIBSSH_LINK_LIBRARIES
     ${LIBSSH_LINK_LIBRARIES}
-    ${OPENSSL_CRYPTO_LIBRARIES}
+    ${OPENSSL_CRYPTO_LIBRARY}
   )
-endif (OPENSSL_CRYPTO_LIBRARIES)
+endif (OPENSSL_CRYPTO_LIBRARY)
 
 if (MBEDTLS_CRYPTO_LIBRARY)
     set(LIBSSH_PRIVATE_INCLUDE_DIRS
@@ -39,7 +48,7 @@ if (MBEDTLS_CRYPTO_LIBRARY)
   )
 endif (MBEDTLS_CRYPTO_LIBRARY)
 
-if (GCRYPT_LIBRARIES)
+if (GCRYPT_LIBRARY)
   set(LIBSSH_PRIVATE_INCLUDE_DIRS
     ${LIBSSH_PRIVATE_INCLUDE_DIRS}
     ${GCRYPT_INCLUDE_DIR}
@@ -47,8 +56,9 @@ if (GCRYPT_LIBRARIES)
 
   set(LIBSSH_LINK_LIBRARIES
     ${LIBSSH_LINK_LIBRARIES}
-    ${GCRYPT_LIBRARIES})
-endif()
+    ${GCRYPT_LIBRARY}
+  )
+endif (GCRYPT_LIBRARY)
 
 if (WITH_ZLIB)
   set(LIBSSH_PRIVATE_INCLUDE_DIRS
@@ -86,12 +96,15 @@ if (WITH_NACL AND NACL_FOUND)
   )
 endif (WITH_NACL AND NACL_FOUND)
 
-if (MINGW AND Threads_FOUND)
-  set(LIBSSH_LINK_LIBRARIES
-    ${LIBSSH_LINK_LIBRARIES}
-    Threads::Threads
-  )
-endif()
+set(LIBSSH_LINK_LIBRARIES
+  ${LIBSSH_LINK_LIBRARIES}
+  CACHE INTERNAL "libssh link libraries"
+)
+
+set(LIBSSH_SHARED_LIBRARY
+  ssh_shared
+  CACHE INTERNAL "libssh shared library"
+)
 
 if (BUILD_STATIC_LIB)
   set(LIBSSH_STATIC_LIBRARY
@@ -118,7 +131,6 @@ set(libssh_SRCS
   error.c
   getpass.c
   init.c
-  kdf.c
   kex.c
   known_hosts.c
   knownhosts.c
@@ -134,6 +146,7 @@ set(libssh_SRCS
   pcap.c
   pki.c
   pki_container_openssh.c
+  pki_ed25519.c
   poll.c
   session.c
   scp.c
@@ -144,19 +157,14 @@ set(libssh_SRCS
   external/bcrypt_pbkdf.c
   external/blowfish.c
   external/chacha.c
+  external/ed25519.c
+  external/fe25519.c
+  external/ge25519.c
   external/poly1305.c
+  external/sc25519.c
   chachapoly.c
-  config_parser.c
-  token.c
-  pki_ed25519_common.c
 )
 
-if (DEFAULT_C_NO_DEPRECATION_FLAGS)
-    set_source_files_properties(known_hosts.c
-                                PROPERTIES
-                                    COMPILE_FLAGS ${DEFAULT_C_NO_DEPRECATION_FLAGS})
-endif()
-
 if (CMAKE_USE_PTHREADS_INIT)
     set(libssh_SRCS
         ${libssh_SRCS}
@@ -184,12 +192,6 @@ if (WITH_GCRYPT)
         gcrypt_missing.c
         pki_gcrypt.c
         ecdh_gcrypt.c
-        dh_key.c
-        pki_ed25519.c
-        external/ed25519.c
-        external/fe25519.c
-        external/ge25519.c
-        external/sc25519.c
        )
 elseif (WITH_MBEDTLS)
     set(libssh_SRCS
@@ -199,12 +201,6 @@ elseif (WITH_MBEDTLS)
         mbedcrypto_missing.c
         pki_mbedcrypto.c
         ecdh_mbedcrypto.c
-        dh_key.c
-        pki_ed25519.c
-        external/ed25519.c
-        external/fe25519.c
-        external/ge25519.c
-        external/sc25519.c
        )
 else (WITH_GCRYPT)
     set(libssh_SRCS
@@ -213,18 +209,7 @@ else (WITH_GCRYPT)
         pki_crypto.c
         ecdh_crypto.c
         libcrypto.c
-        dh_crypto.c
        )
-    if (NOT HAVE_OPENSSL_ED25519)
-        set(libssh_SRCS
-            ${libssh_SRCS}
-            pki_ed25519.c
-            external/ed25519.c
-            external/fe25519.c
-            external/ge25519.c
-            external/sc25519.c
-           )
-    endif (NOT HAVE_OPENSSL_ED25519)
     if(OPENSSL_VERSION VERSION_LESS "1.1.0")
         set(libssh_SRCS ${libssh_SRCS} libcrypto-compat.c)
     endif()
@@ -249,17 +234,9 @@ if (WITH_SERVER)
     ${libssh_SRCS}
     server.c
     bind.c
-    bind_config.c
   )
 endif (WITH_SERVER)
 
-if (WITH_GEX)
-  set(libssh_SRCS
-    ${libssh_SRCS}
-    dh-gex.c
-  )
-endif (WITH_GEX)
-
 if (WITH_ZLIB)
   set(libssh_SRCS
     ${libssh_SRCS}
@@ -275,14 +252,17 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
 endif (WITH_GSSAPI AND GSSAPI_FOUND)
 
 if (NOT WITH_NACL)
-    if (NOT HAVE_OPENSSL_ED25519)
-        set(libssh_SRCS
-            ${libssh_SRCS}
-            external/curve25519_ref.c
-           )
-    endif (NOT HAVE_OPENSSL_ED25519)
+  set(libssh_SRCS
+    ${libssh_SRCS}
+    external/curve25519_ref.c
+  )
 endif (NOT WITH_NACL)
 
+include_directories(
+  ${LIBSSH_PUBLIC_INCLUDE_DIRS}
+  ${LIBSSH_PRIVATE_INCLUDE_DIRS}
+)
+
 # Set the path to the default map file
 set(MAP_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${PROJECT_NAME}.map")
 
@@ -314,27 +294,10 @@ if (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT AND ABIMAP_FOUND)
     )
 endif (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT AND ABIMAP_FOUND)
 
-# This gets built as a static library, if -DBUILD_SHARED_LIBS=OFF is passed to
-# cmake.
-add_library(ssh ${libssh_SRCS})
-target_compile_options(ssh
-                       PRIVATE
-                           ${DEFAULT_C_COMPILE_FLAGS}
-                           -D_GNU_SOURCE)
-target_include_directories(ssh
-                           PUBLIC
-                               $<BUILD_INTERFACE:${libssh_SOURCE_DIR}/include>
-                               $<INSTALL_INTERFACE:include>
-                           PRIVATE ${LIBSSH_PRIVATE_INCLUDE_DIRS})
+add_library(${LIBSSH_SHARED_LIBRARY} SHARED ${libssh_SRCS})
+target_compile_options(${LIBSSH_SHARED_LIBRARY} PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
 
-target_link_libraries(ssh
-                      PRIVATE ${LIBSSH_LINK_LIBRARIES})
-
-if (WIN32 AND NOT BUILD_SHARED_LIBS)
-    target_compile_definitions(ssh PUBLIC "LIBSSH_STATIC")
-endif ()
-
-add_library(ssh::ssh ALIAS ssh)
+target_link_libraries(${LIBSSH_SHARED_LIBRARY} ${LIBSSH_LINK_LIBRARIES})
 
 if (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT)
     if (ABIMAP_FOUND)
@@ -342,54 +305,45 @@ if (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT)
         set(MAP_PATH "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}_dev.map")
     endif (ABIMAP_FOUND)
 
-    target_link_libraries(ssh PRIVATE "-Wl,--version-script,\"${MAP_PATH}\"")
+    set_target_properties(${LIBSSH_SHARED_LIBRARY}
+                          PROPERTIES LINK_FLAGS
+                          "-Wl,--version-script,\"${MAP_PATH}\"")
 endif (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT)
 
-set_target_properties(ssh
+set_target_properties(
+  ${LIBSSH_SHARED_LIBRARY}
     PROPERTIES
       VERSION
         ${LIBRARY_VERSION}
       SOVERSION
         ${LIBRARY_SOVERSION}
+      OUTPUT_NAME
+        ssh
       DEFINE_SYMBOL
         LIBSSH_EXPORTS
 )
 
 if (WITH_VISIBILITY_HIDDEN)
-    set_target_properties(ssh PROPERTIES C_VISIBILITY_PRESET hidden)
+  set_target_properties(${LIBSSH_SHARED_LIBRARY} PROPERTIES COMPILE_FLAGS "-fvisibility=hidden")
 endif (WITH_VISIBILITY_HIDDEN)
 
 if (MINGW)
-    target_link_libraries(ssh PRIVATE "-Wl,--enable-stdcall-fixup")
-    target_compile_definitions(ssh PRIVATE "_POSIX_SOURCE")
+    set_target_properties(${LIBSSH_SHARED_LIBRARY} PROPERTIES LINK_FLAGS "-Wl,--enable-stdcall-fixup")
 endif ()
 
 
-install(TARGETS ssh
-        EXPORT libssh-config
-        RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
-        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
-        ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
-        COMPONENT libraries)
-
-install(EXPORT libssh-config
-        DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME})
+install(
+  TARGETS
+    ${LIBSSH_SHARED_LIBRARY}
+  RUNTIME DESTINATION ${BIN_INSTALL_DIR}
+  LIBRARY DESTINATION ${LIB_INSTALL_DIR}
+  ARCHIVE DESTINATION ${LIB_INSTALL_DIR}
+  COMPONENT libraries
+)
 
 if (BUILD_STATIC_LIB)
-  add_library(ssh-static STATIC ${libssh_SRCS})
-  target_compile_options(ssh-static
-                         PRIVATE
-                            ${DEFAULT_C_COMPILE_FLAGS}
-                            -D_GNU_SOURCE)
-
-  target_include_directories(ssh-static
-                             PUBLIC
-                                 $<BUILD_INTERFACE:${libssh_SOURCE_DIR}/include>
-                                 $<INSTALL_INTERFACE:include>
-                             PRIVATE ${LIBSSH_PRIVATE_INCLUDE_DIRS})
-  target_link_libraries(ssh-static
-                        PUBLIC ${LIBSSH_LINK_LIBRARIES})
-  add_library(ssh::static ALIAS ssh-static)
+  add_library(${LIBSSH_STATIC_LIBRARY} STATIC ${libssh_SRCS})
+  target_compile_options(${LIBSSH_STATIC_LIBRARY} PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
 
   if (MSVC)
     set(OUTPUT_SUFFIX static)
@@ -397,7 +351,7 @@ if (BUILD_STATIC_LIB)
     set(OUTPUT_SUFFIX )
   endif (MSVC)
   set_target_properties(
-    ssh-static
+    ${LIBSSH_STATIC_LIBRARY}
       PROPERTIES
         VERSION
           ${LIBRARY_VERSION}
@@ -410,8 +364,22 @@ if (BUILD_STATIC_LIB)
   )
 
   if (WIN32)
-    target_compile_definitions(ssh-static PUBLIC "LIBSSH_STATIC")
+    set_target_properties(
+      ${LIBSSH_STATIC_LIBRARY}
+        PROPERTIES
+          COMPILE_FLAGS
+            "-DLIBSSH_STATIC"
+    )
   endif (WIN32)
+
+    if (WITH_STATIC_LIB)
+      install(TARGETS
+                ${LIBSSH_STATIC_LIBRARY}
+              DESTINATION
+                ${LIB_INSTALL_DIR}/${OUTPUT_SUFFIX}
+              COMPONENT
+                libraries)
+    endif (WITH_STATIC_LIB)
 endif (BUILD_STATIC_LIB)
 
 message(STATUS "Threads_FOUND=${Threads_FOUND}")

src/agent.c

@@ -56,13 +56,33 @@
 #include "libssh/session.h"
 #include "libssh/poll.h"
 #include "libssh/pki.h"
-#include "libssh/bytearray.h"
 
 /* macro to check for "agent failure" message */
 #define agent_failed(x) \
   (((x) == SSH_AGENT_FAILURE) || ((x) == SSH_COM_AGENT2_FAILURE) || \
    ((x) == SSH2_AGENT_FAILURE))
 
+static uint32_t agent_get_u32(const void *vp) {
+  const uint8_t *p = (const uint8_t *)vp;
+  uint32_t v;
+
+  v  = (uint32_t)p[0] << 24;
+  v |= (uint32_t)p[1] << 16;
+  v |= (uint32_t)p[2] << 8;
+  v |= (uint32_t)p[3];
+
+  return v;
+}
+
+static void agent_put_u32(void *vp, uint32_t v) {
+  uint8_t *p = (uint8_t *)vp;
+
+  p[0] = (uint8_t)(v >> 24) & 0xff;
+  p[1] = (uint8_t)(v >> 16) & 0xff;
+  p[2] = (uint8_t)(v >> 8) & 0xff;
+  p[3] = (uint8_t)v & 0xff;
+}
+
 static size_t atomicio(struct ssh_agent_struct *agent, void *buf, size_t n, int do_read) {
   char *b = buf;
   size_t pos = 0;
@@ -196,7 +216,7 @@ void ssh_agent_close(struct ssh_agent_struct *agent) {
 void ssh_agent_free(ssh_agent agent) {
   if (agent) {
     if (agent->ident) {
-      SSH_BUFFER_FREE(agent->ident);
+      ssh_buffer_free(agent->ident);
     }
     if (agent->sock) {
       ssh_agent_close(agent);
@@ -255,7 +275,7 @@ static int agent_talk(struct ssh_session_struct *session,
 
   len = ssh_buffer_get_len(request);
   SSH_LOG(SSH_LOG_TRACE, "Request length: %u", len);
-  PUSH_BE_U32(payload, 0, len);
+  agent_put_u32(payload, len);
 
   /* send length and then the request packet */
   if (atomicio(session->agent, payload, 4, 0) == 4) {
@@ -279,7 +299,7 @@ static int agent_talk(struct ssh_session_struct *session,
     return -1;
   }
 
-  len = PULL_BE_U32(payload, 0);
+  len = agent_get_u32(payload);
   if (len > 256 * 1024) {
     ssh_set_error(session, SSH_FATAL,
         "Authentication response too long: %u", len);
@@ -307,91 +327,83 @@ static int agent_talk(struct ssh_session_struct *session,
   return 0;
 }
 
-uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session)
-{
-    ssh_buffer request = NULL;
-    ssh_buffer reply = NULL;
-    unsigned int type = 0;
-    uint32_t count = 0;
-    int rc;
+int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
+  ssh_buffer request = NULL;
+  ssh_buffer reply = NULL;
+  unsigned int type = 0;
+  uint32_t buf[1] = {0};
+  int rc;
 
-    /* send message to the agent requesting the list of identities */
-    request = ssh_buffer_new();
-    if (request == NULL) {
-        ssh_set_error_oom(session);
-        return 0;
-    }
-    if (ssh_buffer_add_u8(request, SSH2_AGENTC_REQUEST_IDENTITIES) < 0) {
-        ssh_set_error_oom(session);
-        SSH_BUFFER_FREE(request);
-        return 0;
-    }
+  /* send message to the agent requesting the list of identities */
+  request = ssh_buffer_new();
+  if (request == NULL) {
+      ssh_set_error_oom(session);
+      return -1;
+  }
+  if (ssh_buffer_add_u8(request, SSH2_AGENTC_REQUEST_IDENTITIES) < 0) {
+      ssh_set_error_oom(session);
+      ssh_buffer_free(request);
+      return -1;
+  }
 
-    reply = ssh_buffer_new();
-    if (reply == NULL) {
-        SSH_BUFFER_FREE(request);
-        ssh_set_error(session, SSH_FATAL, "Not enough space");
-        return 0;
-    }
+  reply = ssh_buffer_new();
+  if (reply == NULL) {
+    ssh_buffer_free(request);
+    ssh_set_error(session, SSH_FATAL, "Not enough space");
+    return -1;
+  }
 
-    if (agent_talk(session, request, reply) < 0) {
-        SSH_BUFFER_FREE(request);
-        SSH_BUFFER_FREE(reply);
-        return 0;
-    }
-    SSH_BUFFER_FREE(request);
+  if (agent_talk(session, request, reply) < 0) {
+    ssh_buffer_free(request);
+    ssh_buffer_free(reply);
+    return 0;
+  }
+  ssh_buffer_free(request);
 
-    /* get message type and verify the answer */
-    rc = ssh_buffer_get_u8(reply, (uint8_t *) &type);
-    if (rc != sizeof(uint8_t)) {
-        ssh_set_error(session, SSH_FATAL,
-                "Bad authentication reply size: %d", rc);
-        SSH_BUFFER_FREE(reply);
-        return 0;
-    }
+  /* get message type and verify the answer */
+  rc = ssh_buffer_get_u8(reply, (uint8_t *) &type);
+  if (rc != sizeof(uint8_t)) {
+    ssh_set_error(session, SSH_FATAL,
+        "Bad authentication reply size: %d", rc);
+    ssh_buffer_free(reply);
+    return -1;
+  }
 #ifdef WORDS_BIGENDIAN
-    type = bswap_32(type);
+  type = bswap_32(type);
 #endif
 
-    SSH_LOG(SSH_LOG_WARN,
-            "Answer type: %d, expected answer: %d",
-            type, SSH2_AGENT_IDENTITIES_ANSWER);
+  SSH_LOG(SSH_LOG_WARN,
+      "Answer type: %d, expected answer: %d",
+      type, SSH2_AGENT_IDENTITIES_ANSWER);
 
-    if (agent_failed(type)) {
-        SSH_BUFFER_FREE(reply);
-        return 0;
-    } else if (type != SSH2_AGENT_IDENTITIES_ANSWER) {
-        ssh_set_error(session, SSH_FATAL,
-                "Bad authentication reply message type: %u", type);
-        SSH_BUFFER_FREE(reply);
-        return 0;
-    }
+  if (agent_failed(type)) {
+      ssh_buffer_free(reply);
+      return 0;
+  } else if (type != SSH2_AGENT_IDENTITIES_ANSWER) {
+      ssh_set_error(session, SSH_FATAL,
+          "Bad authentication reply message type: %u", type);
+      ssh_buffer_free(reply);
+      return -1;
+  }
 
-    rc = ssh_buffer_get_u32(reply, &count);
-    if (rc != 4) {
-        ssh_set_error(session,
-                SSH_FATAL,
-                "Failed to read count");
-        SSH_BUFFER_FREE(reply);
-        return 0;
-    }
-    session->agent->count = ntohl(count);
-    SSH_LOG(SSH_LOG_DEBUG, "Agent count: %d",
-            session->agent->count);
-    if (session->agent->count > 1024) {
-        ssh_set_error(session, SSH_FATAL,
-                "Too many identities in authentication reply: %d",
-                session->agent->count);
-        SSH_BUFFER_FREE(reply);
-        return 0;
-    }
+  ssh_buffer_get_u32(reply, (uint32_t *) buf);
+  session->agent->count = agent_get_u32(buf);
+  SSH_LOG(SSH_LOG_DEBUG, "Agent count: %d",
+      session->agent->count);
+  if (session->agent->count > 1024) {
+    ssh_set_error(session, SSH_FATAL,
+        "Too many identities in authentication reply: %d",
+        session->agent->count);
+    ssh_buffer_free(reply);
+    return -1;
+  }
 
-    if (session->agent->ident) {
-        ssh_buffer_reinit(session->agent->ident);
-    }
-    session->agent->ident = reply;
+  if (session->agent->ident) {
+    ssh_buffer_reinit(session->agent->ident);
+  }
+  session->agent->ident = reply;
 
-    return session->agent->count;
+  return session->agent->count;
 }
 
 /* caller has to free commment */
@@ -425,7 +437,7 @@ ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
     /* get the comment */
     tmp = ssh_buffer_get_ssh_string(session->agent->ident);
     if (tmp == NULL) {
-        SSH_STRING_FREE(blob);
+        ssh_string_free(blob);
 
         return NULL;
     }
@@ -433,12 +445,12 @@ ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
     if (comment) {
         *comment = ssh_string_to_char(tmp);
     } else {
-        SSH_STRING_FREE(blob);
-        SSH_STRING_FREE(tmp);
+        ssh_string_free(blob);
+        ssh_string_free(tmp);
 
         return NULL;
     }
-    SSH_STRING_FREE(tmp);
+    ssh_string_free(tmp);
 
     /* get key from blob */
     rc = ssh_pki_import_pubkey_blob(blob, &key);
@@ -446,7 +458,7 @@ ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
         /* Try again as a cert. */
         rc = ssh_pki_import_cert_blob(blob, &key);
     }
-    SSH_STRING_FREE(blob);
+    ssh_string_free(blob);
     if (rc == SSH_ERROR) {
         return NULL;
     }
@@ -492,13 +504,13 @@ ssh_string ssh_agent_sign_data(ssh_session session,
 
     /* create request */
     if (ssh_buffer_add_u8(request, SSH2_AGENTC_SIGN_REQUEST) < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
     rc = ssh_pki_export_pubkey_blob(pubkey, &key_blob);
     if (rc < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
@@ -513,31 +525,31 @@ ssh_string ssh_agent_sign_data(ssh_session session,
                                   sizeof(uint32_t) * 2 +
                                   ssh_string_len(key_blob));
     if (rc < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
     /* adds len + blob */
     rc = ssh_buffer_add_ssh_string(request, key_blob);
-    SSH_STRING_FREE(key_blob);
+    ssh_string_free(key_blob);
     if (rc < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
     /* Add data */
     dlen = ssh_buffer_get_len(data);
     if (ssh_buffer_add_u32(request, htonl(dlen)) < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
     if (ssh_buffer_add_data(request, ssh_buffer_get(data), dlen) < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
     /* Add Flags: SHA2 extension (RFC 8332) if negotiated */
-    if (ssh_key_type_plain(pubkey->type) == SSH_KEYTYPE_RSA) {
+    if (pubkey->type == SSH_KEYTYPE_RSA) {
         if (session->extensions & SSH_EXT_SIG_RSA_SHA512) {
             flags |= SSH_AGENT_RSA_SHA2_512;
         } else if (session->extensions & SSH_EXT_SIG_RSA_SHA256) {
@@ -545,27 +557,27 @@ ssh_string ssh_agent_sign_data(ssh_session session,
         }
     }
     if (ssh_buffer_add_u32(request, htonl(flags)) < 0) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
     reply = ssh_buffer_new();
     if (reply == NULL) {
-        SSH_BUFFER_FREE(request);
+        ssh_buffer_free(request);
         return NULL;
     }
 
     /* send the request */
     if (agent_talk(session, request, reply) < 0) {
-        SSH_BUFFER_FREE(request);
-        SSH_BUFFER_FREE(reply);
+        ssh_buffer_free(request);
+        ssh_buffer_free(reply);
         return NULL;
     }
-    SSH_BUFFER_FREE(request);
+    ssh_buffer_free(request);
 
     /* check if reply is valid */
     if (ssh_buffer_get_u8(reply, (uint8_t *) &type) != sizeof(uint8_t)) {
-        SSH_BUFFER_FREE(reply);
+        ssh_buffer_free(reply);
         return NULL;
     }
 #ifdef WORDS_BIGENDIAN
@@ -574,19 +586,19 @@ ssh_string ssh_agent_sign_data(ssh_session session,
 
     if (agent_failed(type)) {
         SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
-        SSH_BUFFER_FREE(reply);
+        ssh_buffer_free(reply);
         return NULL;
     } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
         ssh_set_error(session,
                       SSH_FATAL,
                       "Bad authentication response: %u",
                       type);
-        SSH_BUFFER_FREE(reply);
+        ssh_buffer_free(reply);
         return NULL;
     }
 
     sig_blob = ssh_buffer_get_ssh_string(reply);
-    SSH_BUFFER_FREE(reply);
+    ssh_buffer_free(reply);
 
     return sig_blob;
 }

src/auth.c

@@ -25,7 +25,6 @@
 #include "config.h"
 
 #include <stdio.h>
-#include <string.h>
 
 #ifndef _WIN32
 #include <netinet/in.h>
@@ -70,7 +69,7 @@ static int ssh_userauth_request_service(ssh_session session) {
     int rc;
 
     rc = ssh_service_request(session, "ssh-userauth");
-    if ((rc != SSH_OK) && (rc != SSH_AGAIN)) {
+    if (rc != SSH_OK) {
         SSH_LOG(SSH_LOG_WARN,
                 "Failed to request \"ssh-userauth\" service");
     }
@@ -205,7 +204,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
         SSH_LOG(SSH_LOG_DEBUG,
                 "Received SSH_USERAUTH_BANNER packet");
         if (session->banner != NULL)
-            SSH_STRING_FREE(session->banner);
+            ssh_string_free(session->banner);
         session->banner = banner;
     }
 
@@ -283,10 +282,7 @@ end:
  *
  * It is also used to communicate the new to the upper levels.
  */
-SSH_PACKET_CALLBACK(ssh_packet_userauth_success)
-{
-  struct ssh_crypto_struct *crypto = NULL;
-
+SSH_PACKET_CALLBACK(ssh_packet_userauth_success) {
   (void)packet;
   (void)type;
   (void)user;
@@ -298,16 +294,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_success)
   session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
   session->flags |= SSH_SESSION_FLAG_AUTHENTICATED;
 
-  crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
-  if (crypto != NULL && crypto->delayed_compress_out) {
+  if (session->current_crypto && session->current_crypto->delayed_compress_out) {
       SSH_LOG(SSH_LOG_DEBUG, "Enabling delayed compression OUT");
-      crypto->do_compress_out = 1;
+      session->current_crypto->do_compress_out = 1;
   }
-
-  crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
-  if (crypto != NULL && crypto->delayed_compress_in) {
+  if (session->current_crypto && session->current_crypto->delayed_compress_in) {
       SSH_LOG(SSH_LOG_DEBUG, "Enabling delayed compression IN");
-      crypto->do_compress_in = 1;
+      session->current_crypto->do_compress_in = 1;
   }
 
     /* Reset errors by previous authentication methods. */
@@ -516,13 +509,26 @@ int ssh_userauth_try_publickey(ssh_session session,
             return SSH_ERROR;
     }
 
-    /* Check if the given public key algorithm is allowed */
-    sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
-    if (sig_type_c == NULL) {
-        ssh_set_error(session, SSH_REQUEST_DENIED,
+    switch (pubkey->type) {
+    case SSH_KEYTYPE_UNKNOWN:
+        ssh_set_error(session,
+                      SSH_REQUEST_DENIED,
                       "Invalid key type (unknown)");
         return SSH_AUTH_DENIED;
+    case SSH_KEYTYPE_ECDSA:
+        sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
+        break;
+    case SSH_KEYTYPE_DSS:
+    case SSH_KEYTYPE_RSA:
+    case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_RSA_CERT01:
+        sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
+        break;
     }
+
+    /* Check if the given public key algorithm is allowed */
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
         ssh_set_error(session, SSH_REQUEST_DENIED,
                       "The key algorithm '%s' is not allowed to be used by"
@@ -558,7 +564,7 @@ int ssh_userauth_try_publickey(ssh_session session,
         goto fail;
     }
 
-    SSH_STRING_FREE(pubkey_s);
+    ssh_string_free(pubkey_s);
 
     session->auth.current_method = SSH_AUTH_METHOD_PUBLICKEY;
     session->auth.state = SSH_AUTH_STATE_PUBKEY_OFFER_SENT;
@@ -576,7 +582,7 @@ pending:
 
     return rc;
 fail:
-    SSH_STRING_FREE(pubkey_s);
+    ssh_string_free(pubkey_s);
     ssh_set_error_oom(session);
     ssh_buffer_reinit(session->out_buffer);
 
@@ -614,7 +620,6 @@ int ssh_userauth_publickey(ssh_session session,
     int rc;
     const char *sig_type_c = NULL;
     enum ssh_keytypes_e key_type;
-    enum ssh_digest_e hash_type;
 
     if (session == NULL) {
         return SSH_AUTH_ERROR;
@@ -640,13 +645,26 @@ int ssh_userauth_publickey(ssh_session session,
     /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
     key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
 
-    /* Check if the given public key algorithm is allowed */
-    sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
-    if (sig_type_c == NULL) {
-        ssh_set_error(session, SSH_REQUEST_DENIED,
+    switch (key_type) {
+    case SSH_KEYTYPE_UNKNOWN:
+        ssh_set_error(session,
+                      SSH_REQUEST_DENIED,
                       "Invalid key type (unknown)");
         return SSH_AUTH_DENIED;
+    case SSH_KEYTYPE_ECDSA:
+        sig_type_c = ssh_pki_key_ecdsa_name(privkey);
+        break;
+    case SSH_KEYTYPE_DSS:
+    case SSH_KEYTYPE_RSA:
+    case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_RSA_CERT01:
+        sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
+        break;
     }
+
+    /* Check if the given public key algorithm is allowed */
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
         ssh_set_error(session, SSH_REQUEST_DENIED,
                       "The key algorithm '%s' is not allowed to be used by"
@@ -681,19 +699,16 @@ int ssh_userauth_publickey(ssh_session session,
     if (rc < 0) {
         goto fail;
     }
-    SSH_STRING_FREE(str);
-
-    /* Get the hash type to be used in the signature based on the key type */
-    hash_type = ssh_key_type_to_hash(session, privkey->type);
+    ssh_string_free(str);
 
     /* sign the buffer with the private key */
-    str = ssh_pki_do_sign(session, session->out_buffer, privkey, hash_type);
+    str = ssh_pki_do_sign(session, session->out_buffer, privkey);
     if (str == NULL) {
         goto fail;
     }
 
     rc = ssh_buffer_add_ssh_string(session->out_buffer, str);
-    SSH_STRING_FREE(str);
+    ssh_string_free(str);
     str = NULL;
     if (rc < 0) {
         goto fail;
@@ -715,7 +730,7 @@ pending:
 
     return rc;
 fail:
-    SSH_STRING_FREE(str);
+    ssh_string_free(str);
     ssh_set_error_oom(session);
     ssh_buffer_reinit(session->out_buffer);
 
@@ -756,15 +771,9 @@ static int ssh_userauth_agent_publickey(ssh_session session,
     if (rc < 0) {
         goto fail;
     }
+    sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
 
     /* Check if the given public key algorithm is allowed */
-    sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
-    if (sig_type_c == NULL) {
-        ssh_set_error(session, SSH_REQUEST_DENIED,
-                      "Invalid key type (unknown)");
-        SSH_STRING_FREE(pubkey_s);
-        return SSH_AUTH_DENIED;
-    }
     if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
         ssh_set_error(session, SSH_REQUEST_DENIED,
                       "The key algorithm '%s' is not allowed to be used by"
@@ -841,7 +850,7 @@ void ssh_agent_state_free(void *data) {
     struct ssh_agent_state_struct *state = data;
 
     if (state) {
-        SSH_STRING_FREE_CHAR(state->comment);
+        ssh_string_free_char(state->comment);
         ssh_key_free(state->pubkey);
         free (state);
     }
@@ -919,7 +928,7 @@ int ssh_userauth_agent(ssh_session session,
             } else if (rc != SSH_AUTH_SUCCESS) {
                 SSH_LOG(SSH_LOG_DEBUG,
                         "Public key of %s refused by server", state->comment);
-                SSH_STRING_FREE_CHAR(state->comment);
+                ssh_string_free_char(state->comment);
                 state->comment = NULL;
                 ssh_key_free(state->pubkey);
                 state->pubkey = ssh_agent_get_next_ident(session, &state->comment);
@@ -935,7 +944,7 @@ int ssh_userauth_agent(ssh_session session,
             rc = ssh_userauth_agent_publickey(session, username, state->pubkey);
             if (rc == SSH_AUTH_AGAIN)
                 return rc;
-            SSH_STRING_FREE_CHAR(state->comment);
+            ssh_string_free_char(state->comment);
             state->comment = NULL;
             if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_PARTIAL) {
                 ssh_agent_state_free (session->agent_state);
@@ -1031,9 +1040,6 @@ int ssh_userauth_publickey_auto(ssh_session session,
             ssh_set_error_oom(session);
             return SSH_AUTH_ERROR;
         }
-
-        /* Set state explicitly */
-        session->auth.auto_state->state = SSH_AUTH_AUTO_STATE_NONE;
     }
     state = session->auth.auto_state;
     if (state->state == SSH_AUTH_AUTO_STATE_NONE) {
@@ -1116,9 +1122,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
                         "Public key authentication error for %s",
                         privkey_file);
                 ssh_key_free(state->privkey);
-                state->privkey = NULL;
                 ssh_key_free(state->pubkey);
-                state->pubkey = NULL;
                 SAFE_FREE(session->auth.auto_state);
                 return rc;
             } else if (rc == SSH_AUTH_AGAIN) {
@@ -1184,9 +1188,6 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 return rc;
             }
 
-            ssh_key_free(state->privkey);
-            ssh_key_free(state->pubkey);
-
             SSH_LOG(SSH_LOG_WARN,
                     "The server accepted the public key but refused the signature");
             state->it = state->it->next;
@@ -1270,9 +1271,6 @@ int ssh_userauth_password(ssh_session session,
         goto fail;
     }
 
-    /* Set the buffer as secure to be explicitly zeroed when freed */
-    ssh_buffer_set_secure(session->out_buffer);
-
     session->auth.current_method = SSH_AUTH_METHOD_PASSWORD;
     session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT;
     session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD;
@@ -1338,7 +1336,7 @@ ssh_kbdint ssh_kbdint_new(void) {
 
 
 void ssh_kbdint_free(ssh_kbdint kbd) {
-    size_t i, n;
+    int i, n;
 
     if (kbd == NULL) {
         return;
@@ -1374,7 +1372,7 @@ void ssh_kbdint_free(ssh_kbdint kbd) {
 }
 
 void ssh_kbdint_clean(ssh_kbdint kbd) {
-    size_t i, n;
+    int i, n;
 
     if (kbd == NULL) {
         return;
@@ -1563,7 +1561,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) {
             );
 
     /* We don't care about tmp */
-    SSH_STRING_FREE(tmp);
+    ssh_string_free(tmp);
 
     if (rc != SSH_OK) {
         ssh_set_error(session, SSH_FATAL, "Invalid USERAUTH_INFO_REQUEST msg");
@@ -1787,7 +1785,7 @@ const char *ssh_userauth_kbdint_getprompt(ssh_session session, unsigned int i,
     }
 
     if (echo) {
-        *echo = (char)session->kbdint->echo[i];
+        *echo = session->kbdint->echo[i];
     }
 
     return session->kbdint->prompts[i];

src/base64.c

@@ -29,8 +29,7 @@
 #include "libssh/priv.h"
 #include "libssh/buffer.h"
 
-static
-const uint8_t alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+static char alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                          "abcdefghijklmnopqrstuvwxyz"
                          "0123456789+/";
 
@@ -168,19 +167,19 @@ ssh_buffer base64_to_bin(const char *source) {
 
 error:
   SAFE_FREE(base64);
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return NULL;
 }
 
-#define BLOCK(letter, n) do {ptr = strchr((const char *)alphabet, source[n]); \
+#define BLOCK(letter, n) do {ptr = strchr(alphabet, source[n]); \
                              if(!ptr) return -1; \
-                             i = ptr - (const char *)alphabet; \
+                             i = ptr - alphabet; \
                              SET_##letter(*block, i); \
                          } while(0)
 
 /* Returns 0 if ok, -1 if not (ie invalid char into the stuff) */
 static int to_block4(unsigned long *block, const char *source, int num) {
-  const char *ptr = NULL;
+  char *ptr;
   unsigned int i;
 
   *block = 0;
@@ -235,32 +234,29 @@ static int get_equals(char *string) {
 }
 
 /* thanks sysk for debugging my mess :) */
-static void _bin_to_base64(uint8_t *dest,
-                           const uint8_t source[3],
-                           size_t len)
-{
 #define BITS(n) ((1 << (n)) - 1)
-    switch (len) {
-        case 1:
-            dest[0] = alphabet[(source[0] >> 2)];
-            dest[1] = alphabet[((source[0] & BITS(2)) << 4)];
-            dest[2] = '=';
-            dest[3] = '=';
-            break;
-        case 2:
-            dest[0] = alphabet[source[0] >> 2];
-            dest[1] = alphabet[(source[1] >> 4) | ((source[0] & BITS(2)) << 4)];
-            dest[2] = alphabet[(source[1] & BITS(4)) << 2];
-            dest[3] = '=';
-            break;
-        case 3:
-            dest[0] = alphabet[(source[0] >> 2)];
-            dest[1] = alphabet[(source[1] >> 4) | ((source[0] & BITS(2)) << 4)];
-            dest[2] = alphabet[(source[2] >> 6) | (source[1] & BITS(4)) << 2];
-            dest[3] = alphabet[source[2] & BITS(6)];
-            break;
-    }
-#undef BITS
+static void _bin_to_base64(unsigned char *dest, const unsigned char source[3],
+    int len) {
+  switch (len) {
+    case 1:
+      dest[0] = alphabet[(source[0] >> 2)];
+      dest[1] = alphabet[((source[0] & BITS(2)) << 4)];
+      dest[2] = '=';
+      dest[3] = '=';
+      break;
+    case 2:
+      dest[0] = alphabet[source[0] >> 2];
+      dest[1] = alphabet[(source[1] >> 4) | ((source[0] & BITS(2)) << 4)];
+      dest[2] = alphabet[(source[1] & BITS(4)) << 2];
+      dest[3] = '=';
+      break;
+    case 3:
+      dest[0] = alphabet[(source[0] >> 2)];
+      dest[1] = alphabet[(source[1] >> 4) | ((source[0] & BITS(2)) << 4)];
+      dest[2] = alphabet[ (source[2] >> 6) | (source[1] & BITS(4)) << 2];
+      dest[3] = alphabet[source[2] & BITS(6)];
+      break;
+  }
 }
 
 /**
@@ -270,29 +266,25 @@ static void _bin_to_base64(uint8_t *dest,
  *
  * @returns the converted string
  */
-uint8_t *bin_to_base64(const uint8_t *source, size_t len)
-{
-    uint8_t *base64 = NULL;
-    uint8_t *ptr = NULL;
-    size_t flen = len + (3 - (len % 3)); /* round to upper 3 multiple */
-    flen = (4 * flen) / 3 + 1;
+unsigned char *bin_to_base64(const unsigned char *source, int len) {
+  unsigned char *base64;
+  unsigned char *ptr;
+  int flen = len + (3 - (len % 3)); /* round to upper 3 multiple */
+  flen = (4 * flen) / 3 + 1;
 
-    base64 = malloc(flen);
-    if (base64 == NULL) {
-        return NULL;
-    }
-    ptr = base64;
+  base64 = malloc(flen);
+  if (base64 == NULL) {
+    return NULL;
+  }
+  ptr = base64;
 
-    while(len > 0){
-        _bin_to_base64(ptr, source, len > 3 ? 3 : len);
-        ptr += 4;
-        if (len < 3) {
-            break;
-        }
-        source += 3;
-        len -= 3;
-    }
-    ptr[0] = '\0';
+  while(len > 0){
+    _bin_to_base64(ptr, source, len > 3 ? 3 : len);
+    ptr += 4;
+    source += 3;
+    len -= 3;
+  }
+  ptr[0] = '\0';
 
-    return base64;
+  return base64;
 }

src/bignum.c

@@ -29,9 +29,9 @@
 
 ssh_string ssh_make_bignum_string(bignum num) {
   ssh_string ptr = NULL;
-  size_t pad = 0;
-  size_t len = bignum_num_bytes(num);
-  size_t bits = bignum_num_bits(num);
+  int pad = 0;
+  unsigned int len = bignum_num_bytes(num);
+  unsigned int bits = bignum_num_bits(num);
 
   if (len == 0) {
       return NULL;
@@ -43,9 +43,7 @@ ssh_string ssh_make_bignum_string(bignum num) {
   }
 
 #ifdef DEBUG_CRYPTO
-  SSH_LOG(SSH_LOG_TRACE,
-          "%zu bits, %zu bytes, %zu padding\n",
-          bits, len, pad);
+  fprintf(stderr, "%d bits, %d bytes, %d padding\n", bits, len, pad);
 #endif /* DEBUG_CRYPTO */
 
   ptr = ssh_string_new(len + pad);
@@ -58,40 +56,70 @@ ssh_string ssh_make_bignum_string(bignum num) {
     ptr->data[0] = 0;
   }
 
+#ifdef HAVE_LIBGCRYPT
   bignum_bn2bin(num, len, ptr->data + pad);
+#elif HAVE_LIBCRYPTO
+  bignum_bn2bin(num, ptr->data + pad);
+#elif HAVE_LIBMBEDCRYPTO
+  bignum_bn2bin(num, ptr->data + pad);
+#endif
 
   return ptr;
 }
 
-bignum ssh_make_string_bn(ssh_string string)
-{
-    bignum bn = NULL;
-    size_t len = ssh_string_len(string);
+bignum ssh_make_string_bn(ssh_string string){
+  bignum bn = NULL;
+  unsigned int len = ssh_string_len(string);
 
 #ifdef DEBUG_CRYPTO
-    SSH_LOG(SSH_LOG_TRACE,
-            "Importing a %zu bits, %zu bytes object ...\n",
-            len * 8, len);
+  fprintf(stderr, "Importing a %d bits, %d bytes object ...\n",
+      len * 8, len);
 #endif /* DEBUG_CRYPTO */
 
-    bignum_bin2bn(string->data, len, &bn);
+#ifdef HAVE_LIBGCRYPT
+  bignum_bin2bn(string->data, len, &bn);
+#elif defined HAVE_LIBCRYPTO
+  bn = bignum_bin2bn(string->data, len, NULL);
+#elif defined HAVE_LIBMBEDCRYPTO
+  bn = bignum_new();
+  bignum_bin2bn(string->data, len, bn);
+#endif
 
-    return bn;
+  return bn;
+}
+
+void ssh_make_string_bn_inplace(ssh_string string, bignum bnout) {
+  unsigned int len = ssh_string_len(string);
+#ifdef HAVE_LIBGCRYPT
+  /* XXX: FIXME as needed for LIBGCRYPT ECDSA codepaths. */
+  (void) len;
+  (void) bnout;
+#elif defined HAVE_LIBCRYPTO
+  bignum_bin2bn(string->data, len, bnout);
+#elif defined HAVE_LIBMBEDCRYPTO
+  bignum_bin2bn(string->data, len, bnout);
+#endif
 }
 
 /* prints the bignum on stderr */
-void ssh_print_bignum(const char *name, const_bignum num)
-{
-    unsigned char *hex = NULL;
-    if (num != NULL) {
-        bignum_bn2hex(num, &hex);
-    }
-    fprintf(stderr, "%s value: %s\n", name, (hex == NULL) ? "(null)" : (char *) hex);
+void ssh_print_bignum(const char *which, const bignum num) {
 #ifdef HAVE_LIBGCRYPT
-    SAFE_FREE(hex);
+  unsigned char *hex = NULL;
+  bignum_bn2hex(num, &hex);
 #elif defined HAVE_LIBCRYPTO
-    OPENSSL_free(hex);
+  char *hex = NULL;
+  hex = bignum_bn2hex(num);
 #elif defined HAVE_LIBMBEDCRYPTO
-    SAFE_FREE(hex);
+  char *hex = NULL;
+  hex = bignum_bn2hex(num);
+#endif
+  fprintf(stderr, "%s value: ", which);
+  fprintf(stderr, "%s\n", (hex == NULL) ? "(null)" : (char *) hex);
+#ifdef HAVE_LIBGCRYPT
+  SAFE_FREE(hex);
+#elif defined HAVE_LIBCRYPTO
+  OPENSSL_free(hex);
+#elif defined HAVE_LIBMBEDCRYPTO
+  SAFE_FREE(hex);
 #endif
 }

src/bind.c

@@ -38,7 +38,6 @@
 #include "libssh/buffer.h"
 #include "libssh/socket.h"
 #include "libssh/session.h"
-#include "libssh/token.h"
 
 /**
  * @addtogroup libssh_server
@@ -131,17 +130,18 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
 }
 
 ssh_bind ssh_bind_new(void) {
-    ssh_bind ptr;
+  ssh_bind ptr;
 
-    ptr = calloc(1, sizeof(struct ssh_bind_struct));
-    if (ptr == NULL) {
-        return NULL;
-    }
-    ptr->bindfd = SSH_INVALID_SOCKET;
-    ptr->bindport = 22;
-    ptr->common.log_verbosity = 0;
+  ptr = malloc(sizeof(struct ssh_bind_struct));
+  if (ptr == NULL) {
+    return NULL;
+  }
+  ZERO_STRUCTP(ptr);
+  ptr->bindfd = SSH_INVALID_SOCKET;
+  ptr->bindport= 22;
+  ptr->common.log_verbosity = 0;
 
-    return ptr;
+  return ptr;
 }
 
 static int ssh_bind_import_keys(ssh_bind sshbind) {
@@ -169,7 +169,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
           return SSH_ERROR;
       }
 
-      if (!is_ecdsa_key_type(ssh_key_type(sshbind->ecdsa))) {
+      if (ssh_key_type(sshbind->ecdsa) != SSH_KEYTYPE_ECDSA) {
           ssh_set_error(sshbind, SSH_FATAL,
                   "The ECDSA host key has the wrong type");
           ssh_key_free(sshbind->ecdsa);
@@ -343,24 +343,12 @@ static int ssh_bind_poll_callback(ssh_poll_handle sshpoll,
  * @param sshbind the ssh_bind object
  * @returns a ssh_poll handle suitable for operation
  */
-ssh_poll_handle ssh_bind_get_poll(ssh_bind sshbind)
-{
-    short events = POLLIN;
-
-    if (sshbind->poll) {
-        return sshbind->poll;
-    }
-
-#ifdef POLLRDHUP
-    events |= POLLRDHUP;
-#endif /* POLLRDHUP */
-
-    sshbind->poll = ssh_poll_new(sshbind->bindfd,
-                                 events,
-                                 ssh_bind_poll_callback,
-                                 sshbind);
-
+ssh_poll_handle ssh_bind_get_poll(ssh_bind sshbind){
+  if(sshbind->poll)
     return sshbind->poll;
+  sshbind->poll=ssh_poll_new(sshbind->bindfd,POLLIN,
+      ssh_bind_poll_callback,sshbind);
+  return sshbind->poll;
 }
 
 void ssh_bind_set_blocking(ssh_bind sshbind, int blocking) {
@@ -394,8 +382,6 @@ void ssh_bind_free(ssh_bind sshbind){
   /* options */
   SAFE_FREE(sshbind->banner);
   SAFE_FREE(sshbind->bindaddr);
-  SAFE_FREE(sshbind->config_dir);
-  SAFE_FREE(sshbind->pubkey_accepted_key_types);
 
   SAFE_FREE(sshbind->dsakey);
   SAFE_FREE(sshbind->rsakey);
@@ -411,7 +397,7 @@ void ssh_bind_free(ssh_bind sshbind){
   ssh_key_free(sshbind->ed25519);
   sshbind->ed25519 = NULL;
 
-  for (i = 0; i < SSH_KEX_METHODS; i++) {
+  for (i = 0; i < 10; i++) {
     if (sshbind->wanted_methods[i]) {
       SAFE_FREE(sshbind->wanted_methods[i]);
     }
@@ -423,26 +409,15 @@ void ssh_bind_free(ssh_bind sshbind){
 int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
     int i, rc;
 
-    if (sshbind == NULL) {
-        return SSH_ERROR;
-    }
-
     if (session == NULL){
         ssh_set_error(sshbind, SSH_FATAL,"session is null");
         return SSH_ERROR;
     }
 
-    /* Apply global bind configurations, if it hasn't been applied before */
-    rc = ssh_bind_options_parse_config(sshbind, NULL);
-    if (rc != 0) {
-        ssh_set_error(sshbind, SSH_FATAL,"Could not parse global config");
-        return SSH_ERROR;
-    }
-
     session->server = 1;
 
-    /* Copy options from bind to session */
-    for (i = 0; i < SSH_KEX_METHODS; i++) {
+    /* copy options */
+    for (i = 0; i < 10; i++) {
       if (sshbind->wanted_methods[i]) {
         session->opts.wanted_methods[i] = strdup(sshbind->wanted_methods[i]);
         if (session->opts.wanted_methods[i] == NULL) {
@@ -461,29 +436,6 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
       }
     }
 
-    if (sshbind->pubkey_accepted_key_types != NULL) {
-        if (session->opts.pubkey_accepted_types == NULL) {
-            session->opts.pubkey_accepted_types = strdup(sshbind->pubkey_accepted_key_types);
-            if (session->opts.pubkey_accepted_types == NULL) {
-                ssh_set_error_oom(sshbind);
-                return SSH_ERROR;
-            }
-        } else {
-            char *p;
-            /* If something was set to the session prior to calling this
-             * function, keep only what is allowed by the options set in
-             * sshbind */
-            p = ssh_find_all_matching(sshbind->pubkey_accepted_key_types,
-                                      session->opts.pubkey_accepted_types);
-            if (p == NULL) {
-                return SSH_ERROR;
-            }
-
-            SAFE_FREE(session->opts.pubkey_accepted_types);
-            session->opts.pubkey_accepted_types = p;
-        }
-    }
-
     session->common.log_verbosity = sshbind->common.log_verbosity;
     if(sshbind->banner != NULL)
     	session->opts.custombanner = strdup(sshbind->banner);

src/bind_config.c

@@ -1,638 +0,0 @@
-/*
- * bind_config.c - Parse the SSH server configuration file
- *
- * This file is part of the SSH Library
- *
- * Copyright (c) 2019 by Red Hat, Inc.
- *
- * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
- *
- * The SSH Library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or (at your
- * option) any later version.
- *
- * The SSH Library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
- * License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with the SSH Library; see the file COPYING.  If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#include "config.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#ifdef HAVE_GLOB_H
-# include <glob.h>
-#endif
-
-#include "libssh/bind.h"
-#include "libssh/bind_config.h"
-#include "libssh/config_parser.h"
-#include "libssh/priv.h"
-#include "libssh/server.h"
-#include "libssh/options.h"
-
-#define MAX_LINE_SIZE 1024
-
-/* Flags used for the parser state */
-#define PARSING     1
-#define IN_MATCH    (1<<1)
-
-struct ssh_bind_config_keyword_table_s {
-  const char *name;
-  enum ssh_bind_config_opcode_e opcode;
-  bool allowed_in_match;
-};
-
-static struct ssh_bind_config_keyword_table_s
-ssh_bind_config_keyword_table[] = {
-    {
-        .name   = "include",
-        .opcode = BIND_CFG_INCLUDE
-    },
-    {
-        .name   = "hostkey",
-        .opcode = BIND_CFG_HOSTKEY
-    },
-    {
-        .name   = "listenaddress",
-        .opcode = BIND_CFG_LISTENADDRESS
-    },
-    {
-        .name   = "port",
-        .opcode = BIND_CFG_PORT
-    },
-    {
-        .name   = "loglevel",
-        .opcode = BIND_CFG_LOGLEVEL,
-        .allowed_in_match = true,
-    },
-    {
-        .name   = "ciphers",
-        .opcode = BIND_CFG_CIPHERS
-    },
-    {
-        .name   = "macs",
-        .opcode = BIND_CFG_MACS
-    },
-    {
-        .name   = "kexalgorithms",
-        .opcode = BIND_CFG_KEXALGORITHMS
-    },
-    {
-        .name   = "match",
-        .opcode = BIND_CFG_MATCH,
-        .allowed_in_match = true
-    },
-    {
-        .name   = "pubkeyacceptedkeytypes",
-        .opcode = BIND_CFG_PUBKEY_ACCEPTED_KEY_TYPES,
-        .allowed_in_match = true
-    },
-    {
-        .name   = "hostkeyalgorithms",
-        .opcode = BIND_CFG_HOSTKEY_ALGORITHMS,
-        .allowed_in_match = true
-    },
-    {
-        .opcode = BIND_CFG_UNKNOWN,
-    }
-};
-
-enum ssh_bind_config_match_e {
-    BIND_MATCH_UNKNOWN = -1,
-    BIND_MATCH_ALL,
-    BIND_MATCH_USER,
-    BIND_MATCH_GROUP,
-    BIND_MATCH_HOST,
-    BIND_MATCH_LOCALADDRESS,
-    BIND_MATCH_LOCALPORT,
-    BIND_MATCH_RDOMAIN,
-    BIND_MATCH_ADDRESS,
-};
-
-struct ssh_bind_config_match_keyword_table_s {
-    const char *name;
-    enum ssh_bind_config_match_e opcode;
-};
-
-static struct ssh_bind_config_match_keyword_table_s
-ssh_bind_config_match_keyword_table[] = {
-    {
-        .name   = "all",
-        .opcode = BIND_MATCH_ALL
-    },
-    {
-        .name   = "user",
-        .opcode = BIND_MATCH_USER
-    },
-    {
-        .name   = "group",
-        .opcode = BIND_MATCH_GROUP
-    },
-    {
-        .name   = "host",
-        .opcode = BIND_MATCH_HOST
-    },
-    {
-        .name   = "localaddress",
-        .opcode = BIND_MATCH_LOCALADDRESS
-    },
-    {
-        .name   = "localport",
-        .opcode = BIND_MATCH_LOCALPORT
-    },
-    {
-        .name   = "rdomain",
-        .opcode = BIND_MATCH_RDOMAIN
-    },
-    {
-        .name   = "address",
-        .opcode = BIND_MATCH_ADDRESS
-    },
-    {
-        .opcode = BIND_MATCH_UNKNOWN
-    },
-};
-
-static enum ssh_bind_config_opcode_e
-ssh_bind_config_get_opcode(char *keyword, uint32_t *parser_flags)
-{
-    int i;
-
-    for (i = 0; ssh_bind_config_keyword_table[i].name != NULL; i++) {
-        if (strcasecmp(keyword, ssh_bind_config_keyword_table[i].name) == 0) {
-            if ((*parser_flags & IN_MATCH) &&
-                !(ssh_bind_config_keyword_table[i].allowed_in_match))
-            {
-                return BIND_CFG_NOT_ALLOWED_IN_MATCH;
-            }
-            return ssh_bind_config_keyword_table[i].opcode;
-        }
-    }
-
-    return BIND_CFG_UNKNOWN;
-}
-
-static int
-ssh_bind_config_parse_line(ssh_bind bind,
-                           const char *line,
-                           unsigned int count,
-                           uint32_t *parser_flags,
-                           uint8_t *seen);
-
-static void local_parse_file(ssh_bind bind,
-                             const char *filename,
-                             uint32_t *parser_flags,
-                             uint8_t *seen)
-{
-    FILE *f;
-    char line[MAX_LINE_SIZE] = {0};
-    unsigned int count = 0;
-    int rv;
-
-    f = fopen(filename, "r");
-    if (f == NULL) {
-        SSH_LOG(SSH_LOG_RARE, "Cannot find file %s to load",
-                filename);
-        return;
-    }
-
-    SSH_LOG(SSH_LOG_PACKET, "Reading additional configuration data from %s",
-            filename);
-
-    while (fgets(line, sizeof(line), f)) {
-        count++;
-        rv = ssh_bind_config_parse_line(bind, line, count, parser_flags, seen);
-        if (rv < 0) {
-            fclose(f);
-            return;
-        }
-    }
-
-    fclose(f);
-    return;
-}
-
-#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
-static void local_parse_glob(ssh_bind bind,
-                             const char *fileglob,
-                             uint32_t *parser_flags,
-                             uint8_t *seen)
-{
-    glob_t globbuf = {
-        .gl_flags = 0,
-    };
-    int rt;
-    u_int i;
-
-    rt = glob(fileglob, GLOB_TILDE, NULL, &globbuf);
-    if (rt == GLOB_NOMATCH) {
-        globfree(&globbuf);
-        return;
-    } else if (rt != 0) {
-        SSH_LOG(SSH_LOG_RARE, "Glob error: %s",
-                fileglob);
-        globfree(&globbuf);
-        return;
-    }
-
-    for (i = 0; i < globbuf.gl_pathc; i++) {
-        local_parse_file(bind, globbuf.gl_pathv[i], parser_flags, seen);
-    }
-
-    globfree(&globbuf);
-}
-#endif /* HAVE_GLOB HAVE_GLOB_GL_FLAGS_MEMBER */
-
-static enum ssh_bind_config_match_e
-ssh_bind_config_get_match_opcode(const char *keyword)
-{
-    size_t i;
-
-    for (i = 0; ssh_bind_config_match_keyword_table[i].name != NULL; i++) {
-        if (strcasecmp(keyword, ssh_bind_config_match_keyword_table[i].name) == 0) {
-            return ssh_bind_config_match_keyword_table[i].opcode;
-        }
-    }
-
-    return BIND_MATCH_UNKNOWN;
-}
-
-static int
-ssh_bind_config_parse_line(ssh_bind bind,
-                           const char *line,
-                           unsigned int count,
-                           uint32_t *parser_flags,
-                           uint8_t *seen)
-{
-    enum ssh_bind_config_opcode_e opcode;
-    const char *p = NULL;
-    char *s = NULL, *x = NULL;
-    char *keyword = NULL;
-    size_t len;
-
-    int rc = 0;
-
-    if (bind == NULL) {
-        return -1;
-    }
-
-    if ((line == NULL) || (parser_flags == NULL)) {
-        ssh_set_error_invalid(bind);
-        return -1;
-    }
-
-    x = s = strdup(line);
-    if (s == NULL) {
-        ssh_set_error_oom(bind);
-        return -1;
-    }
-
-    /* Remove trailing spaces */
-    for (len = strlen(s) - 1; len > 0; len--) {
-        if (! isspace(s[len])) {
-            break;
-        }
-        s[len] = '\0';
-    }
-
-    keyword = ssh_config_get_token(&s);
-    if (keyword == NULL || *keyword == '#' ||
-            *keyword == '\0' || *keyword == '\n') {
-        SAFE_FREE(x);
-        return 0;
-    }
-
-    opcode = ssh_bind_config_get_opcode(keyword, parser_flags);
-    if ((*parser_flags & PARSING) &&
-            opcode != BIND_CFG_HOSTKEY &&
-            opcode != BIND_CFG_INCLUDE &&
-            opcode != BIND_CFG_MATCH &&
-            opcode > BIND_CFG_UNSUPPORTED) { /* Ignore all unknown types here */
-        /* Skip all the options that were already applied */
-        if (seen[opcode] != 0) {
-            SAFE_FREE(x);
-            return 0;
-        }
-        seen[opcode] = 1;
-    }
-
-    switch (opcode) {
-    case BIND_CFG_INCLUDE:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
-            local_parse_glob(bind, p, parser_flags, seen);
-#else
-            local_parse_file(bind, p, parser_flags, seen);
-#endif /* HAVE_GLOB */
-        }
-        break;
-
-    case BIND_CFG_HOSTKEY:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set Hostkey value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_LISTENADDRESS:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDADDR, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set ListenAddress value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_PORT:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set Port value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_CIPHERS:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set C->S Ciphers value '%s'",
-                        count, p);
-                break;
-            }
-
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set S->C Ciphers value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_MACS:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_C_S, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set C->S MAC value '%s'",
-                        count, p);
-                break;
-            }
-
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_S_C, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set S->C MAC value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_LOGLEVEL:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            int value = -1;
-
-            if (strcasecmp(p, "quiet") == 0) {
-                value = SSH_LOG_NONE;
-            } else if (strcasecmp(p, "fatal") == 0 ||
-                    strcasecmp(p, "error")== 0 ||
-                    strcasecmp(p, "info") == 0) {
-                value = SSH_LOG_WARN;
-            } else if (strcasecmp(p, "verbose") == 0) {
-                value = SSH_LOG_INFO;
-            } else if (strcasecmp(p, "DEBUG") == 0 ||
-                    strcasecmp(p, "DEBUG1") == 0) {
-                value = SSH_LOG_DEBUG;
-            } else if (strcasecmp(p, "DEBUG2") == 0 ||
-                    strcasecmp(p, "DEBUG3") == 0) {
-                value = SSH_LOG_TRACE;
-            }
-            if (value != -1) {
-                rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY,
-                        &value);
-                if (rc != 0) {
-                    SSH_LOG(SSH_LOG_WARN,
-                            "line %d: Failed to set LogLevel value '%s'",
-                            count, p);
-                }
-            }
-        }
-        break;
-    case BIND_CFG_KEXALGORITHMS:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set KexAlgorithms value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_MATCH: {
-        bool negate;
-        int result = PARSING;
-        size_t args = 0;
-        enum ssh_bind_config_match_e opt;
-        const char *p2 = NULL;
-
-        /* The options set in Match blocks should be applied when a connection
-         * is accepted, and not right away when parsing the file (as it is
-         * currently done). This means the configuration files should be parsed
-         * again or the options set in the Match blocks should be stored and
-         * applied as necessary. */
-
-        /* If this is the first Match block, erase the seen table to allow
-         * options to be overridden. Erasing the seen table was the easiest way
-         * to allow overriding an option, but only for the first occurrence of
-         * an option in a Match block. This is sufficient for the current
-         * implementation which supports only the 'All' criterion, meaning the
-         * options can be applied right away. */
-        if (!(*parser_flags & IN_MATCH)) {
-            memset(seen, 0x00, BIND_CFG_MAX * sizeof(uint8_t));
-        }
-
-        /* In this line the PARSING bit is cleared from the flags */
-        *parser_flags = IN_MATCH;
-        do {
-            p = p2 = ssh_config_get_str_tok(&s, NULL);
-            if (p == NULL || p[0] == '\0') {
-                break;
-            }
-            args++;
-            SSH_LOG(SSH_LOG_TRACE, "line %d: Processing Match keyword '%s'",
-                    count, p);
-
-            /* If the option is prefixed with ! the result should be negated */
-            negate = false;
-            if (p[0] == '!') {
-                negate = true;
-                p++;
-            }
-
-            opt = ssh_bind_config_get_match_opcode(p);
-            switch (opt) {
-            case BIND_MATCH_ALL:
-                p = ssh_config_get_str_tok(&s, NULL);
-                if ((args == 1) && (p == NULL || p[0] == '\0')) {
-                    /* The "all" keyword does not accept arguments or modifiers
-                     */
-                    if (negate == true) {
-                        result = 0;
-                    }
-                    break;
-                }
-                ssh_set_error(bind, SSH_FATAL,
-                              "line %d: ERROR - Match all cannot be combined with "
-                              "other Match attributes", count);
-                SAFE_FREE(x);
-                return -1;
-            case BIND_MATCH_USER:
-            case BIND_MATCH_GROUP:
-            case BIND_MATCH_HOST:
-            case BIND_MATCH_LOCALADDRESS:
-            case BIND_MATCH_LOCALPORT:
-            case BIND_MATCH_RDOMAIN:
-            case BIND_MATCH_ADDRESS:
-                /* Only "All" is supported for now */
-                /* Skip one argument */
-                p = ssh_config_get_str_tok(&s, NULL);
-                if (p == NULL || p[0] == '\0') {
-                    SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword "
-                            "'%s' requires argument\n", count, p2);
-                    SAFE_FREE(x);
-                    return -1;
-                }
-                args++;
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Unsupported Match keyword '%s', ignoring\n",
-                        count,
-                        p2);
-                result = 0;
-                break;
-            case BIND_MATCH_UNKNOWN:
-            default:
-                ssh_set_error(bind, SSH_FATAL,
-                              "ERROR - Unknown argument '%s' for Match keyword", p);
-                SAFE_FREE(x);
-                return -1;
-            }
-        } while (p != NULL && p[0] != '\0');
-        if (args == 0) {
-            ssh_set_error(bind, SSH_FATAL,
-                          "ERROR - Match keyword requires an argument");
-            SAFE_FREE(x);
-            return -1;
-        }
-        /* This line only sets the PARSING flag if all checks passed */
-        *parser_flags |= result;
-        break;
-    }
-    case BIND_CFG_PUBKEY_ACCEPTED_KEY_TYPES:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind,
-                                 SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set PubKeyAcceptedKeyTypes value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_HOSTKEY_ALGORITHMS:
-        p = ssh_config_get_str_tok(&s, NULL);
-        if (p && (*parser_flags & PARSING)) {
-            rc = ssh_bind_options_set(bind,
-                                 SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, p);
-            if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "line %d: Failed to set HostkeyAlgorithms value '%s'",
-                        count, p);
-            }
-        }
-        break;
-    case BIND_CFG_NOT_ALLOWED_IN_MATCH:
-        SSH_LOG(SSH_LOG_WARN, "Option not allowed in Match block: %s, line: %d",
-                keyword, count);
-        break;
-    case BIND_CFG_UNKNOWN:
-        SSH_LOG(SSH_LOG_WARN, "Unknown option: %s, line: %d",
-                keyword, count);
-        break;
-    case BIND_CFG_UNSUPPORTED:
-        SSH_LOG(SSH_LOG_WARN, "Unsupported option: %s, line: %d",
-                keyword, count);
-        break;
-    case BIND_CFG_NA:
-        SSH_LOG(SSH_LOG_WARN, "Option not applicable: %s, line: %d",
-                keyword, count);
-        break;
-    default:
-        ssh_set_error(bind, SSH_FATAL, "ERROR - unimplemented opcode: %d",
-                opcode);
-        SAFE_FREE(x);
-        return -1;
-        break;
-    }
-
-    SAFE_FREE(x);
-    return rc;
-}
-
-int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
-{
-    char line[MAX_LINE_SIZE] = {0};
-    unsigned int count = 0;
-    FILE *f;
-    uint32_t parser_flags;
-    int rv;
-
-    /* This local table is used during the parsing of the current file (and
-     * files included recursively in this file) to prevent an option to be
-     * redefined, i.e. the first value set is kept. But this DO NOT prevent the
-     * option to be redefined later by another file. */
-    uint8_t seen[BIND_CFG_MAX] = {0};
-
-    f = fopen(filename, "r");
-    if (f == NULL) {
-        return 0;
-    }
-
-    SSH_LOG(SSH_LOG_PACKET, "Reading configuration data from %s", filename);
-
-    parser_flags = PARSING;
-    while (fgets(line, sizeof(line), f)) {
-        count++;
-        rv = ssh_bind_config_parse_line(bind, line, count, &parser_flags, seen);
-        if (rv) {
-            fclose(f);
-            return -1;
-        }
-    }
-
-    fclose(f);
-    return 0;
-}

src/buffer.c

@@ -299,33 +299,28 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
  */
 int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
 {
-    if (buffer == NULL) {
-        return -1;
+  buffer_verify(buffer);
+
+  if (data == NULL) {
+      return -1;
+  }
+
+  if (buffer->used + len < len) {
+    return -1;
+  }
+
+  if (buffer->allocated < (buffer->used + len)) {
+    if(buffer->pos > 0)
+      buffer_shift(buffer);
+    if (realloc_buffer(buffer, buffer->used + len) < 0) {
+      return -1;
     }
+  }
 
-    buffer_verify(buffer);
-
-    if (data == NULL) {
-        return -1;
-    }
-
-    if (buffer->used + len < len) {
-        return -1;
-    }
-
-    if (buffer->allocated < (buffer->used + len)) {
-        if (buffer->pos > 0) {
-            buffer_shift(buffer);
-        }
-        if (realloc_buffer(buffer, buffer->used + len) < 0) {
-            return -1;
-        }
-    }
-
-    memcpy(buffer->data + buffer->used, data, len);
-    buffer->used += len;
-    buffer_verify(buffer);
-    return 0;
+  memcpy(buffer->data+buffer->used, data, len);
+  buffer->used+=len;
+  buffer_verify(buffer);
+  return 0;
 }
 
 /**
@@ -814,20 +809,20 @@ ssh_buffer_get_ssh_string(struct ssh_buffer_struct *buffer)
  */
 static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
                                        const char *format,
-                                       size_t argc,
+                                       int argc,
                                        va_list ap)
 {
     const char *p = NULL;
     ssh_string string = NULL;
     char *cstring = NULL;
     size_t needed_size = 0;
-    size_t len;
     size_t count;
+    size_t len;
     int rc = SSH_OK;
 
     for (p = format, count = 0; *p != '\0'; p++, count++) {
         /* Invalid number of arguments passed */
-        if (count > argc) {
+        if (argc != -1 && count > argc) {
             return SSH_ERROR;
         }
 
@@ -886,7 +881,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
         }
     }
 
-    if (argc != count) {
+    if (argc != -1 && argc != count) {
         return SSH_ERROR;
     }
 
@@ -896,7 +891,11 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
          */
         uint32_t canary = va_arg(ap, uint32_t);
         if (canary != SSH_BUFFER_PACK_END) {
-            abort();
+            if (argc == -1){
+                return SSH_ERROR;
+            } else {
+                abort();
+            }
         }
     }
 
@@ -919,7 +918,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
  */
 int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
                        const char *format,
-                       size_t argc,
+                       int argc,
                        va_list ap)
 {
     int rc = SSH_ERROR;
@@ -935,15 +934,11 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
     char *cstring;
     bignum b;
     size_t len;
-    size_t count;
-
-    if (argc > 256) {
-        return SSH_ERROR;
-    }
+    int count;
 
     for (p = format, count = 0; *p != '\0'; p++, count++) {
         /* Invalid number of arguments passed */
-        if (count > argc) {
+        if (argc != -1 && count > argc) {
             return SSH_ERROR;
         }
 
@@ -1015,15 +1010,19 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
         }
     }
 
-    if (argc != count) {
+    if (argc != -1 && argc != count) {
         return SSH_ERROR;
     }
 
     if (rc != SSH_ERROR){
-        /* Check if our canary is intact, if not something really bad happened */
+        /* Check if our canary is intact, if not somthing really bad happened */
         uint32_t canary = va_arg(ap, uint32_t);
         if (canary != SSH_BUFFER_PACK_END) {
-            abort();
+            if (argc == -1){
+                return SSH_ERROR;
+            } else {
+                abort();
+            }
         }
     }
     return rc;
@@ -1051,16 +1050,12 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
  */
 int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
                      const char *format,
-                     size_t argc,
+                     int argc,
                      ...)
 {
     va_list ap;
     int rc;
 
-    if (argc > 256) {
-        return SSH_ERROR;
-    }
-
     va_start(ap, argc);
     rc = ssh_buffer_pack_allocate_va(buffer, format, argc, ap);
     va_end(ap);
@@ -1087,11 +1082,11 @@ int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
  */
 int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
                          const char *format,
-                         size_t argc,
+                         int argc,
                          va_list ap)
 {
     int rc = SSH_ERROR;
-    const char *p = format, *last;
+    const char *p, *last;
     union {
         uint8_t *byte;
         uint16_t *word;
@@ -1099,32 +1094,24 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
         uint64_t *qword;
         ssh_string *string;
         char **cstring;
-        bignum *bignum;
         void **data;
     } o;
     size_t len, rlen, max_len;
-    ssh_string tmp_string = NULL;
     va_list ap_copy;
-    size_t count;
+    int count;
 
     max_len = ssh_buffer_get_len(buffer);
 
     /* copy the argument list in case a rollback is needed */
     va_copy(ap_copy, ap);
 
-    if (argc > 256) {
-        rc = SSH_ERROR;
-        goto cleanup;
-    }
-
-    for (count = 0; *p != '\0'; p++, count++) {
+    for (p = format, count = 0; *p != '\0'; p++, count++) {
         /* Invalid number of arguments passed */
-        if (count > argc) {
+        if (argc != -1 && count > argc) {
             rc = SSH_ERROR;
             goto cleanup;
         }
 
-        rc = SSH_ERROR;
         switch (*p) {
         case 'b':
             o.byte = va_arg(ap, uint8_t *);
@@ -1134,38 +1121,20 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
         case 'w':
             o.word = va_arg(ap,  uint16_t *);
             rlen = ssh_buffer_get_data(buffer, o.word, sizeof(uint16_t));
-            if (rlen == 2) {
-                *o.word = ntohs(*o.word);
-                rc = SSH_OK;
-            }
+            *o.word = ntohs(*o.word);
+            rc = rlen==2 ? SSH_OK : SSH_ERROR;
             break;
         case 'd':
             o.dword = va_arg(ap, uint32_t *);
             rlen = ssh_buffer_get_u32(buffer, o.dword);
-            if (rlen == 4) {
-                *o.dword = ntohl(*o.dword);
-                rc = SSH_OK;
-            }
+            *o.dword = ntohl(*o.dword);
+            rc = rlen==4 ? SSH_OK : SSH_ERROR;
             break;
         case 'q':
             o.qword = va_arg(ap, uint64_t*);
             rlen = ssh_buffer_get_u64(buffer, o.qword);
-            if (rlen == 8) {
-                *o.qword = ntohll(*o.qword);
-                rc = SSH_OK;
-            }
-            break;
-        case 'B':
-            o.bignum = va_arg(ap, bignum *);
-            *o.bignum = NULL;
-            tmp_string = ssh_buffer_get_ssh_string(buffer);
-            if (tmp_string == NULL) {
-                break;
-            }
-            *o.bignum = ssh_make_string_bn(tmp_string);
-            ssh_string_burn(tmp_string);
-            SSH_STRING_FREE(tmp_string);
-            rc = (*o.bignum != NULL) ? SSH_OK : SSH_ERROR;
+            *o.qword = ntohll(*o.qword);
+            rc = rlen==8 ? SSH_OK : SSH_ERROR;
             break;
         case 'S':
             o.string = va_arg(ap, ssh_string *);
@@ -1178,12 +1147,14 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
 
             o.cstring = va_arg(ap, char **);
             *o.cstring = NULL;
-            rlen = ssh_buffer_get_u32(buffer, &u32len);
-            if (rlen != 4){
+            rc = ssh_buffer_get_u32(buffer, &u32len);
+            if (rc != 4){
+                rc = SSH_ERROR;
                 break;
             }
             len = ntohl(u32len);
             if (len > max_len - 1) {
+                rc = SSH_ERROR;
                 break;
             }
 
@@ -1239,13 +1210,14 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
             break;
         default:
             SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p);
+            rc = SSH_ERROR;
         }
         if (rc != SSH_OK) {
             break;
         }
     }
 
-    if (argc != count) {
+    if (argc != -1 && argc != count) {
         rc = SSH_ERROR;
     }
 
@@ -1254,7 +1226,11 @@ cleanup:
         /* Check if our canary is intact, if not something really bad happened */
         uint32_t canary = va_arg(ap, uint32_t);
         if (canary != SSH_BUFFER_PACK_END){
-            abort();
+            if (argc == -1){
+                rc = SSH_ERROR;
+            } else {
+                abort();
+            }
         }
     }
 
@@ -1291,10 +1267,6 @@ cleanup:
                     break;
                 }
                 break;
-            case 'B':
-                o.bignum = va_arg(ap_copy, bignum *);
-                bignum_safe_free(*o.bignum);
-                break;
             case 'S':
                 o.string = va_arg(ap_copy, ssh_string *);
                 if (buffer->secure) {
@@ -1341,7 +1313,6 @@ cleanup:
  *                         's': char ** (C string, pulled as SSH string)
  *                         'P': size_t, void ** (len of data, pointer to data)
  *                              only pulls data.
- *                         'B': bignum * (pulled as SSH string)
  * @returns             SSH_OK on success
  *                      SSH_ERROR on error
  * @warning             when using 'P' with a constant size (e.g. 8), do not
@@ -1349,7 +1320,7 @@ cleanup:
  */
 int _ssh_buffer_unpack(struct ssh_buffer_struct *buffer,
                        const char *format,
-                       size_t argc,
+                       int argc,
                        ...)
 {
     va_list ap;

src/chachapoly.c

@@ -109,11 +109,11 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                          out_packet->payload,
                          len - sizeof(uint32_t));
 
-    /* ssh_log_hexdump("poly1305_ctx", poly1305_ctx, sizeof(poly1305_ctx)); */
+    /* ssh_print_hexa("poly1305_ctx", poly1305_ctx, sizeof(poly1305_ctx)); */
     /* step 4, compute the MAC */
     poly1305_auth(tag, (uint8_t *)out_packet, len, poly1305_ctx);
-    /* ssh_log_hexdump("poly1305 src", (uint8_t *)out_packet, len);
-    ssh_log_hexdump("poly1305 tag", tag, POLY1305_TAGLEN); */
+    /* ssh_print_hexa("poly1305 src", (uint8_t *)out_packet, len);
+    ssh_print_hexa("poly1305 tag", tag, POLY1305_TAGLEN); */
 }
 
 static int chacha20_poly1305_aead_decrypt_length(
@@ -159,17 +159,17 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
                          poly1305_ctx,
                          POLY1305_KEYLEN);
 #if 0
-    ssh_log_hexdump("poly1305_ctx", poly1305_ctx, sizeof(poly1305_ctx));
+    ssh_print_hexa("poly1305_ctx", poly1305_ctx, sizeof(poly1305_ctx));
 #endif
 
     poly1305_auth(tag, (uint8_t *)complete_packet, encrypted_size +
             sizeof(uint32_t), poly1305_ctx);
 #if 0
-    ssh_log_hexdump("poly1305 src",
+    ssh_print_hexa("poly1305 src",
                    (uint8_t*)complete_packet,
                    encrypted_size + 4);
-    ssh_log_hexdump("poly1305 tag", tag, POLY1305_TAGLEN);
-    ssh_log_hexdump("received tag", mac, POLY1305_TAGLEN);
+    ssh_print_hexa("poly1305 tag", tag, POLY1305_TAGLEN);
+    ssh_print_hexa("received tag", mac, POLY1305_TAGLEN);
 #endif
 
     cmp = memcmp(tag, mac, POLY1305_TAGLEN);
@@ -192,7 +192,6 @@ static void chacha20_cleanup(struct ssh_cipher_struct *cipher) {
 }
 
 const struct ssh_cipher_struct chacha20poly1305_cipher = {
-    .ciphertype = SSH_AEAD_CHACHA20_POLY1305,
     .name = "chacha20-poly1305@openssh.com",
     .blocksize = 8,
     .lenfield_blocksize = 4,

src/channels.c

@@ -29,9 +29,6 @@
 #include <errno.h>
 #include <time.h>
 #include <stdbool.h>
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif /* HAVE_SYS_TIME_H */
 
 #ifndef _WIN32
 #include <netinet/in.h>
@@ -88,11 +85,6 @@ ssh_channel ssh_channel_new(ssh_session session)
         return NULL;
     }
 
-    /* Check if we have an authenticated session */
-    if (!(session->flags & SSH_SESSION_FLAG_AUTHENTICATED)) {
-        return NULL;
-    }
-
     channel = calloc(1, sizeof(struct ssh_channel_struct));
     if (channel == NULL) {
         ssh_set_error_oom(session);
@@ -109,7 +101,7 @@ ssh_channel ssh_channel_new(ssh_session session)
     channel->stderr_buffer = ssh_buffer_new();
     if (channel->stderr_buffer == NULL) {
         ssh_set_error_oom(session);
-        SSH_BUFFER_FREE(channel->stdout_buffer);
+        ssh_buffer_free(channel->stdout_buffer);
         SAFE_FREE(channel);
         return NULL;
     }
@@ -120,21 +112,10 @@ ssh_channel ssh_channel_new(ssh_session session)
 
     if (session->channels == NULL) {
         session->channels = ssh_list_new();
-        if (session->channels == NULL) {
-            ssh_set_error_oom(session);
-            SSH_BUFFER_FREE(channel->stdout_buffer);
-            SSH_BUFFER_FREE(channel->stderr_buffer);
-            SAFE_FREE(channel);
-            return NULL;
-        }
     }
 
     ssh_list_prepend(session->channels, channel);
 
-    /* Set states explicitly */
-    channel->state = SSH_CHANNEL_STATE_NOT_OPEN;
-    channel->request_state = SSH_CHANNEL_REQ_STATE_NONE;
-
     return channel;
 }
 
@@ -173,8 +154,8 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
   channel=ssh_channel_from_local(session,channelid);
   if(channel==NULL){
     ssh_set_error(session, SSH_FATAL,
-        "Unknown channel id %"PRIu32,
-        (uint32_t) channelid);
+        "Unknown channel id %lu",
+        (long unsigned int) channelid);
     /* TODO: Set error marking in channel object */
 
     return SSH_PACKET_USED;
@@ -201,9 +182,9 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
   }
 
   SSH_LOG(SSH_LOG_PROTOCOL,
-      "Remote window : %"PRIu32", maxpacket : %"PRIu32,
-      (uint32_t) channel->remote_window,
-      (uint32_t) channel->remote_maxpacket);
+      "Remote window : %lu, maxpacket : %lu",
+      (long unsigned int) channel->remote_window,
+      (long unsigned int) channel->remote_maxpacket);
 
   channel->state = SSH_CHANNEL_STATE_OPEN;
   channel->flags &= ~SSH_CHANNEL_FLAG_NOT_BOUND;
@@ -249,9 +230,9 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
   }
 
   ssh_set_error(session, SSH_REQUEST_DENIED,
-      "Channel opening failure: channel %u error (%"PRIu32") %s",
+      "Channel opening failure: channel %u error (%lu) %s",
       channel->local_channel,
-      (uint32_t) code,
+      (long unsigned int) code,
       error);
   SAFE_FREE(error);
   channel->state=SSH_CHANNEL_STATE_OPEN_DENIED;
@@ -288,92 +269,75 @@ static int ssh_channel_open_termination(void *c){
  * @param[in]  maxpacket The maximum packet size allowed (like MTU).
  *
  * @param[in]  payload   The buffer containing additional payload for the query.
- *
- * @return             SSH_OK if successful; SSH_ERROR otherwise.
  */
-static int
-channel_open(ssh_channel channel,
-             const char *type,
-             uint32_t window,
-             uint32_t maxpacket,
-             ssh_buffer payload)
-{
-    ssh_session session = channel->session;
-    int err = SSH_ERROR;
-    int rc;
+static int channel_open(ssh_channel channel, const char *type, int window,
+    int maxpacket, ssh_buffer payload) {
+  ssh_session session = channel->session;
+  int err=SSH_ERROR;
+  int rc;
 
-    switch (channel->state) {
-    case SSH_CHANNEL_STATE_NOT_OPEN:
-        break;
-    case SSH_CHANNEL_STATE_OPENING:
-        goto pending;
-    case SSH_CHANNEL_STATE_OPEN:
-    case SSH_CHANNEL_STATE_CLOSED:
-    case SSH_CHANNEL_STATE_OPEN_DENIED:
-        goto end;
-    default:
-        ssh_set_error(session, SSH_FATAL, "Bad state in channel_open: %d",
-                      channel->state);
-    }
-
-    channel->local_channel = ssh_channel_new_id(session);
-    channel->local_maxpacket = maxpacket;
-    channel->local_window = window;
-
-    SSH_LOG(SSH_LOG_PROTOCOL,
-            "Creating a channel %d with %d window and %d max packet",
-            channel->local_channel, window, maxpacket);
-
-    rc = ssh_buffer_pack(session->out_buffer,
-                         "bsddd",
-                         SSH2_MSG_CHANNEL_OPEN,
-                         type,
-                         channel->local_channel,
-                         channel->local_window,
-                         channel->local_maxpacket);
-    if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        return err;
-    }
-
-    if (payload != NULL) {
-        if (ssh_buffer_add_buffer(session->out_buffer, payload) < 0) {
-            ssh_set_error_oom(session);
-
-            return err;
-        }
-    }
-    channel->state = SSH_CHANNEL_STATE_OPENING;
-    if (ssh_packet_send(session) == SSH_ERROR) {
-        return err;
-    }
-
-    SSH_LOG(SSH_LOG_PACKET,
-            "Sent a SSH_MSG_CHANNEL_OPEN type %s for channel %d",
-            type, channel->local_channel);
-
-pending:
-    /* wait until channel is opened by server */
-    err = ssh_handle_packets_termination(session,
-                                         SSH_TIMEOUT_DEFAULT,
-                                         ssh_channel_open_termination,
-                                         channel);
-
-    if (session->session_state == SSH_SESSION_STATE_ERROR) {
-        err = SSH_ERROR;
-    }
-
-end:
-    /* This needs to pass the SSH_AGAIN from the above,
-     * but needs to catch failed channel states */
-    if (channel->state == SSH_CHANNEL_STATE_OPEN) {
-        err = SSH_OK;
-    } else if (err != SSH_AGAIN) {
-        /* Messages were handled correctly, but he channel state is invalid */
-        err = SSH_ERROR;
+  switch(channel->state){
+  case SSH_CHANNEL_STATE_NOT_OPEN:
+    break;
+  case SSH_CHANNEL_STATE_OPENING:
+    goto pending;
+  case SSH_CHANNEL_STATE_OPEN:
+  case SSH_CHANNEL_STATE_CLOSED:
+  case SSH_CHANNEL_STATE_OPEN_DENIED:
+    goto end;
+  default:
+    ssh_set_error(session,SSH_FATAL,"Bad state in channel_open: %d",channel->state);
+  }
+  channel->local_channel = ssh_channel_new_id(session);
+  channel->local_maxpacket = maxpacket;
+  channel->local_window = window;
+
+  SSH_LOG(SSH_LOG_PROTOCOL,
+      "Creating a channel %d with %d window and %d max packet",
+      channel->local_channel, window, maxpacket);
+
+  rc = ssh_buffer_pack(session->out_buffer,
+                       "bsddd",
+                       SSH2_MSG_CHANNEL_OPEN,
+                       type,
+                       channel->local_channel,
+                       channel->local_window,
+                       channel->local_maxpacket);
+  if (rc != SSH_OK){
+    ssh_set_error_oom(session);
+    return err;
+  }
+
+  if (payload != NULL) {
+    if (ssh_buffer_add_buffer(session->out_buffer, payload) < 0) {
+      ssh_set_error_oom(session);
+
+      return err;
     }
+  }
+  channel->state = SSH_CHANNEL_STATE_OPENING;
+  if (ssh_packet_send(session) == SSH_ERROR) {
 
     return err;
+  }
+
+  SSH_LOG(SSH_LOG_PACKET,
+      "Sent a SSH_MSG_CHANNEL_OPEN type %s for channel %d",
+      type, channel->local_channel);
+pending:
+  /* wait until channel is opened by server */
+  err = ssh_handle_packets_termination(session,
+                                       SSH_TIMEOUT_DEFAULT,
+                                       ssh_channel_open_termination,
+                                       channel);
+
+  if (session->session_state == SSH_SESSION_STATE_ERROR)
+    err = SSH_ERROR;
+end:
+  if(channel->state == SSH_CHANNEL_STATE_OPEN)
+    err=SSH_OK;
+
+  return err;
 }
 
 /* return channel with corresponding local id, or NULL if not found */
@@ -400,12 +364,8 @@ ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
  * @param session SSH session
  * @param channel SSH channel
  * @param minimumsize The minimum acceptable size for the new window.
- * @return            SSH_OK if successful; SSH_ERROR otherwise.
  */
-static int grow_window(ssh_session session,
-                       ssh_channel channel,
-                       uint32_t minimumsize)
-{
+static int grow_window(ssh_session session, ssh_channel channel, int minimumsize) {
   uint32_t new_window = minimumsize > WINDOWBASE ? minimumsize : WINDOWBASE;
   int rc;
 
@@ -459,7 +419,7 @@ error:
  * @param[in]  packet   The buffer to parse packet from. The read pointer will
  *                      be moved after the call.
  *
- * @return              The related ssh_channel, or NULL if the channel is
+ * @returns             The related ssh_channel, or NULL if the channel is
  *                      unknown or the packet is invalid.
  */
 static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet) {
@@ -477,8 +437,8 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet) {
   channel = ssh_channel_from_local(session, chan);
   if (channel == NULL) {
     ssh_set_error(session, SSH_FATAL,
-        "Server specified invalid channel %"PRIu32,
-        (uint32_t) chan);
+        "Server specified invalid channel %lu",
+        (long unsigned int) chan);
   }
 
   return channel;
@@ -570,7 +530,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data){
 
   if (channel_default_bufferize(channel, ssh_string_data(str), len,
         is_stderr) < 0) {
-    SSH_STRING_FREE(str);
+    ssh_string_free(str);
 
     return SSH_PACKET_USED;
   }
@@ -586,7 +546,7 @@ SSH_PACKET_CALLBACK(channel_rcv_data){
       channel->local_window,
       channel->remote_window);
 
-  SSH_STRING_FREE(str);
+  ssh_string_free(str);
 
   if (is_stderr) {
       buf = channel->stderr_buffer;
@@ -724,10 +684,6 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
 	if (strcmp(request,"exit-status") == 0) {
         SAFE_FREE(request);
         rc = ssh_buffer_unpack(packet, "d", &channel->exit_status);
-        if (rc != SSH_OK) {
-            SSH_LOG(SSH_LOG_PACKET, "Invalid exit-status packet");
-            return SSH_PACKET_USED;
-        }
         SSH_LOG(SSH_LOG_PACKET, "received exit-status %d", channel->exit_status);
 
         ssh_callbacks_execute_list(channel->callbacks,
@@ -854,10 +810,8 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
  *
  * FIXME is the window changed?
  */
-int channel_default_bufferize(ssh_channel channel,
-                              void *data, size_t len,
-                              bool is_stderr)
-{
+int channel_default_bufferize(ssh_channel channel, void *data, int len,
+    int is_stderr) {
   ssh_session session;
 
   if(channel == NULL) {
@@ -872,10 +826,8 @@ int channel_default_bufferize(ssh_channel channel,
   }
 
   SSH_LOG(SSH_LOG_PACKET,
-          "placing %zu bytes into channel buffer (%s)",
-          len,
-          is_stderr ? "stderr" : "stdout");
-  if (!is_stderr) {
+      "placing %d bytes into channel buffer (stderr=%d)", len, is_stderr);
+  if (is_stderr == 0) {
     /* stdout */
     if (channel->stdout_buffer == NULL) {
       channel->stdout_buffer = ssh_buffer_new();
@@ -887,7 +839,7 @@ int channel_default_bufferize(ssh_channel channel,
 
     if (ssh_buffer_add_data(channel->stdout_buffer, data, len) < 0) {
       ssh_set_error_oom(session);
-      SSH_BUFFER_FREE(channel->stdout_buffer);
+      ssh_buffer_free(channel->stdout_buffer);
       channel->stdout_buffer = NULL;
       return -1;
     }
@@ -903,7 +855,7 @@ int channel_default_bufferize(ssh_channel channel,
 
     if (ssh_buffer_add_data(channel->stderr_buffer, data, len) < 0) {
       ssh_set_error_oom(session);
-      SSH_BUFFER_FREE(channel->stderr_buffer);
+      ssh_buffer_free(channel->stderr_buffer);
       channel->stderr_buffer = NULL;
       return -1;
     }
@@ -1034,94 +986,12 @@ int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
                     payload);
 
 error:
-  SSH_BUFFER_FREE(payload);
-  SSH_STRING_FREE(str);
+  ssh_buffer_free(payload);
+  ssh_string_free(str);
 
   return rc;
 }
 
-/**
- * @brief Open a TCP/IP - UNIX domain socket forwarding channel.
- *
- * @param[in]  channel  An allocated channel.
- *
- * @param[in]  remotepath   The UNIX socket path on the remote machine
- *
- * @param[in]  sourcehost   The numeric IP address of the machine from where the
- *                          connection request originates. This is mostly for
- *                          logging purposes.
- *
- * @param[in]  localport    The port on the host from where the connection
- *                          originated. This is mostly for logging purposes.
- *
- * @return              SSH_OK on success,
- *                      SSH_ERROR if an error occurred,
- *                      SSH_AGAIN if in nonblocking mode and call has
- *                      to be done again.
- *
- * @warning This function does not bind the local port and does not
- *          automatically forward the content of a socket to the channel.
- *          You still have to use channel_read and channel_write for this.
- * @warning Requires support of OpenSSH for UNIX domain socket forwarding.
-  */
-int ssh_channel_open_forward_unix(ssh_channel channel,
-                                  const char *remotepath,
-                                  const char *sourcehost,
-                                  int localport)
-{
-    ssh_session session = NULL;
-    ssh_buffer payload = NULL;
-    ssh_string str = NULL;
-    int rc = SSH_ERROR;
-    int version;
-
-    if (channel == NULL) {
-        return rc;
-    }
-
-    session = channel->session;
-
-    version = ssh_get_openssh_version(session);
-    if (version == 0) {
-        ssh_set_error(session,
-                      SSH_REQUEST_DENIED,
-                      "We're not connected to an OpenSSH server!");
-        return SSH_ERROR;
-    }
-
-    if (remotepath == NULL || sourcehost == NULL) {
-        ssh_set_error_invalid(session);
-        return rc;
-    }
-
-    payload = ssh_buffer_new();
-    if (payload == NULL) {
-        ssh_set_error_oom(session);
-        goto error;
-    }
-
-    rc = ssh_buffer_pack(payload,
-                         "ssd",
-                         remotepath,
-                         sourcehost,
-                         localport);
-    if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        goto error;
-    }
-
-    rc = channel_open(channel,
-                      "direct-streamlocal@openssh.com",
-                      CHANNEL_INITIAL_WINDOW,
-                      CHANNEL_MAX_PACKET,
-                      payload);
-
-error:
-    SSH_BUFFER_FREE(payload);
-    SSH_STRING_FREE(str);
-
-    return rc;
-}
 
 /**
  * @brief Close and free a channel.
@@ -1191,15 +1061,13 @@ void ssh_channel_do_free(ssh_channel channel)
         ssh_list_remove(session->channels, it);
     }
 
-    SSH_BUFFER_FREE(channel->stdout_buffer);
-    SSH_BUFFER_FREE(channel->stderr_buffer);
+    ssh_buffer_free(channel->stdout_buffer);
+    ssh_buffer_free(channel->stderr_buffer);
 
     if (channel->callbacks != NULL) {
         ssh_list_free(channel->callbacks);
-        channel->callbacks = NULL;
     }
 
-    channel->session = NULL;
     SAFE_FREE(channel);
 }
 
@@ -1231,52 +1099,43 @@ void ssh_channel_do_free(ssh_channel channel)
  * @see ssh_channel_free()
  * @see ssh_channel_is_eof()
  */
-int ssh_channel_send_eof(ssh_channel channel)
-{
-    ssh_session session;
-    int rc = SSH_ERROR;
-    int err;
+int ssh_channel_send_eof(ssh_channel channel){
+  ssh_session session;
+  int rc = SSH_ERROR;
+  int err;
 
-    if (channel == NULL || channel->session == NULL) {
-        return rc;
-    }
+  if(channel == NULL) {
+      return rc;
+  }
 
-    /* If the EOF has already been sent we're done here. */
-    if (channel->local_eof != 0) {
-        return SSH_OK;
-    }
+  session = channel->session;
 
-    session = channel->session;
+  err = ssh_buffer_pack(session->out_buffer,
+                        "bd",
+                        SSH2_MSG_CHANNEL_EOF,
+                        channel->remote_channel);
+  if (err != SSH_OK) {
+    ssh_set_error_oom(session);
+    goto error;
+  }
 
-    err = ssh_buffer_pack(session->out_buffer,
-                          "bd",
-                          SSH2_MSG_CHANNEL_EOF,
-                          channel->remote_channel);
-    if (err != SSH_OK) {
-        ssh_set_error_oom(session);
-        goto error;
-    }
+  rc = ssh_packet_send(session);
+  SSH_LOG(SSH_LOG_PACKET,
+      "Sent a EOF on client channel (%d:%d)",
+      channel->local_channel,
+      channel->remote_channel);
 
-    rc = ssh_packet_send(session);
-    SSH_LOG(SSH_LOG_PACKET,
-        "Sent a EOF on client channel (%d:%d)",
-        channel->local_channel,
-        channel->remote_channel);
-    if (rc != SSH_OK) {
-        goto error;
-    }
+  rc = ssh_channel_flush(channel);
+  if(rc == SSH_ERROR)
+    goto error;
 
-    rc = ssh_channel_flush(channel);
-    if (rc == SSH_ERROR) {
-        goto error;
-    }
-    channel->local_eof = 1;
+  channel->local_eof = 1;
 
-    return rc;
+  return rc;
 error:
-    ssh_buffer_reinit(session->out_buffer);
+  ssh_buffer_reinit(session->out_buffer);
 
-    return rc;
+  return rc;
 }
 
 /**
@@ -1308,7 +1167,10 @@ int ssh_channel_close(ssh_channel channel)
 
     session = channel->session;
 
-    rc = ssh_channel_send_eof(channel);
+    if (channel->local_eof == 0) {
+        rc = ssh_channel_send_eof(channel);
+    }
+
     if (rc != SSH_OK) {
         return rc;
     }
@@ -1375,9 +1237,9 @@ static int ssh_waitsession_unblocked(void *s){
  * @brief Flushes a channel (and its session) until the output buffer
  *        is empty, or timeout elapsed.
  * @param channel SSH channel
- * @return  SSH_OK On success,
- *          SSH_ERROR On error.
- *          SSH_AGAIN Timeout elapsed (or in nonblocking mode).
+ * @returns SSH_OK On success,
+ *          SSH_ERROR on error
+ *          SSH_AGAIN Timeout elapsed (or in nonblocking mode)
  */
 int ssh_channel_flush(ssh_channel channel){
   return ssh_blocking_flush(channel->session, SSH_TIMEOUT_DEFAULT);
@@ -1851,7 +1713,7 @@ int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
 pending:
   rc = channel_request(channel, "pty-req", buffer, 1);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
 
   return rc;
 }
@@ -1911,7 +1773,7 @@ int ssh_channel_change_pty_size(ssh_channel channel, int cols, int rows) {
 
   rc = channel_request(channel, "window-change", buffer, 0);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
 
   return rc;
 }
@@ -1980,23 +1842,11 @@ int ssh_channel_request_subsystem(ssh_channel channel, const char *subsys) {
 pending:
   rc = channel_request(channel, "subsystem", buffer, 1);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
 
   return rc;
 }
 
-/**
- * @brief Request sftp subsystem on the channel
- *
- * @param[in]  channel The channel to request the sftp subsystem.
- *
- * @return              SSH_OK on success,
- *                      SSH_ERROR if an error occurred,
- *                      SSH_AGAIN if in nonblocking mode and call has
- *                      to be done again.
- *
- * @note You should use sftp_new() which does this for you.
- */
 int ssh_channel_request_sftp( ssh_channel channel){
     if(channel == NULL) {
         return SSH_ERROR;
@@ -2096,7 +1946,7 @@ pending:
   rc = channel_request(channel, "x11-req", buffer, 1);
 
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 
@@ -2409,7 +2259,7 @@ pending:
   }
 
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 
@@ -2481,7 +2331,7 @@ pending:
   rc = ssh_global_request(session, "cancel-tcpip-forward", buffer, 1);
 
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 
@@ -2539,7 +2389,7 @@ int ssh_channel_request_env(ssh_channel channel, const char *name, const char *v
 pending:
   rc = channel_request(channel, "env", buffer,1);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
 
   return rc;
 }
@@ -2561,12 +2411,12 @@ error:
  *
  * Example:
 @code
-   rc = ssh_channel_request_exec(channel, "ps aux");
+   rc = channel_request_exec(channel, "ps aux");
    if (rc > 0) {
        return -1;
    }
 
-   while ((rc = ssh_channel_read(channel, buffer, sizeof(buffer), 0)) > 0) {
+   while ((rc = channel_read(channel, buffer, sizeof(buffer), 0)) > 0) {
        if (fwrite(buffer, 1, rc, stdout) != (unsigned int) rc) {
            return -1;
        }
@@ -2608,7 +2458,7 @@ int ssh_channel_request_exec(ssh_channel channel, const char *cmd) {
 pending:
   rc = channel_request(channel, "exec", buffer, 1);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 
@@ -2671,7 +2521,7 @@ int ssh_channel_request_send_signal(ssh_channel channel, const char *sig) {
 
   rc = channel_request(channel, "signal", buffer, 0);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 
@@ -2714,7 +2564,7 @@ int ssh_channel_request_send_break(ssh_channel channel, uint32_t length) {
     rc = channel_request(channel, "break", buffer, 0);
 
 error:
-    SSH_BUFFER_FREE(buffer);
+    ssh_buffer_free(buffer);
     return rc;
 }
 
@@ -2924,7 +2774,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
   ctx.buffer = stdbuf;
   ctx.count = 1;
 
-  if (timeout_ms < SSH_TIMEOUT_DEFAULT) {
+  if (timeout_ms < 0) {
       timeout_ms = SSH_TIMEOUT_INFINITE;
   }
 
@@ -2939,18 +2789,12 @@ int ssh_channel_read_timeout(ssh_channel channel,
   /*
    * If the channel is closed or in an error state, reading from it is an error
    */
-  if (session->session_state == SSH_SESSION_STATE_ERROR) {
+  if (session->session_state == SSH_SESSION_STATE_ERROR ||
+      channel->state == SSH_CHANNEL_STATE_CLOSED) {
       return SSH_ERROR;
   }
-  /* If the server closed the channel properly, there is nothing to do */
   if (channel->remote_eof && ssh_buffer_get_len(stdbuf) == 0) {
-      return 0;
-  }
-  if (channel->state == SSH_CHANNEL_STATE_CLOSED) {
-      ssh_set_error(session,
-                    SSH_FATAL,
-                    "Remote channel is closed.");
-      return SSH_ERROR;
+    return 0;
   }
   len = ssh_buffer_get_len(stdbuf);
   /* Read count bytes if len is greater, everything otherwise */
@@ -2991,45 +2835,42 @@ int ssh_channel_read_timeout(ssh_channel channel,
  *
  * @see ssh_channel_is_eof()
  */
-int ssh_channel_read_nonblocking(ssh_channel channel,
-                                 void *dest,
-                                 uint32_t count,
-                                 int is_stderr)
-{
-    ssh_session session;
-    ssize_t to_read;
-    int rc;
-    int blocking;
+int ssh_channel_read_nonblocking(ssh_channel channel, void *dest, uint32_t count,
+    int is_stderr) {
+  ssh_session session;
+  int to_read;
+  int rc;
+  int blocking;
 
-    if(channel == NULL) {
-        return SSH_ERROR;
-    }
-    if(dest == NULL) {
-        ssh_set_error_invalid(channel->session);
-        return SSH_ERROR;
-    }
+  if(channel == NULL) {
+      return SSH_ERROR;
+  }
+  if(dest == NULL) {
+      ssh_set_error_invalid(channel->session);
+      return SSH_ERROR;
+  }
 
-    session = channel->session;
+  session = channel->session;
 
-    to_read = ssh_channel_poll(channel, is_stderr);
+  to_read = ssh_channel_poll(channel, is_stderr);
 
-    if (to_read <= 0) {
-        if (session->session_state == SSH_SESSION_STATE_ERROR){
-            return SSH_ERROR;
-        }
+  if (to_read <= 0) {
+      if (session->session_state == SSH_SESSION_STATE_ERROR){
+          return SSH_ERROR;
+      }
 
-        return to_read; /* may be an error code */
-    }
+      return to_read; /* may be an error code */
+  }
 
-    if ((size_t)to_read > count) {
-        to_read = (ssize_t)count;
-    }
-    blocking = ssh_is_blocking(session);
-    ssh_set_blocking(session, 0);
-    rc = ssh_channel_read(channel, dest, (uint32_t)to_read, is_stderr);
-    ssh_set_blocking(session,blocking);
+  if (to_read > (int)count) {
+    to_read = (int)count;
+  }
+  blocking = ssh_is_blocking(session);
+  ssh_set_blocking(session, 0);
+  rc = ssh_channel_read(channel, dest, to_read, is_stderr);
+  ssh_set_blocking(session,blocking);
 
-    return rc;
+  return rc;
 }
 
 /**
@@ -3098,57 +2939,38 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr){
  *
  * @see ssh_channel_is_eof()
  */
-int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
-{
-    ssh_session session;
-    ssh_buffer stdbuf;
-    struct ssh_channel_read_termination_struct ctx;
-    size_t len;
-    int rc;
+int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr){
+  ssh_session session;
+  ssh_buffer stdbuf;
+  struct ssh_channel_read_termination_struct ctx;
+  int rc;
 
-    if (channel == NULL) {
-        return SSH_ERROR;
-    }
+  if(channel == NULL) {
+      return SSH_ERROR;
+  }
 
-    session = channel->session;
-    stdbuf = channel->stdout_buffer;
+  session = channel->session;
+  stdbuf = channel->stdout_buffer;
 
-    if (is_stderr) {
-        stdbuf = channel->stderr_buffer;
-    }
-    ctx.buffer = stdbuf;
-    ctx.channel = channel;
-    ctx.count = 1;
-    rc = ssh_handle_packets_termination(channel->session,
-                                        timeout,
-                                        ssh_channel_read_termination,
-                                        &ctx);
-    if (rc == SSH_ERROR ||
-        session->session_state == SSH_SESSION_STATE_ERROR) {
-        rc = SSH_ERROR;
-        goto out;
-    } else if (rc == SSH_AGAIN) {
-        /* If the above timeout expired, it is ok and we do not need to
-         * attempt to check the read buffer. The calling functions do not
-         * expect us to return SSH_AGAIN either here. */
-        rc = SSH_OK;
-        goto out;
-    }
-    len = ssh_buffer_get_len(stdbuf);
-    if (len > 0) {
-        if (len > INT_MAX) {
-            rc = SSH_ERROR;
-        } else {
-            rc = (int)len;
-        }
-        goto out;
-    }
-    if (channel->remote_eof) {
-        rc = SSH_EOF;
-    }
-
-out:
-    return rc;
+  if (is_stderr) {
+    stdbuf = channel->stderr_buffer;
+  }
+  ctx.buffer = stdbuf;
+  ctx.channel = channel;
+  ctx.count = 1;
+  rc = ssh_handle_packets_termination(channel->session, timeout,
+      ssh_channel_read_termination, &ctx);
+  if(rc ==SSH_ERROR || session->session_state == SSH_SESSION_STATE_ERROR){
+    rc = SSH_ERROR;
+    goto end;
+  }
+  rc = ssh_buffer_get_len(stdbuf);
+  if(rc > 0)
+    goto end;
+  if (channel->remote_eof)
+    rc = SSH_EOF;
+end:
+  return rc;
 }
 
 /**
@@ -3184,8 +3006,8 @@ static int ssh_channel_exit_status_termination(void *c){
  *
  * @param[in]  channel  The channel to get the status from.
  *
- * @return              The exit status, -1 if no exit status has been returned
- *                      (yet), or SSH_ERROR on error.
+ * @returns             The exit status, -1 if no exit status has been returned
+ *                      (yet).
  * @warning             This function may block until a timeout (or never)
  *                      if the other side is not willing to close the channel.
  *
@@ -3267,9 +3089,8 @@ static int channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans,
 }
 
 /* Just count number of pointers in the array */
-static size_t count_ptrs(ssh_channel *ptrs)
-{
-  size_t c;
+static int count_ptrs(ssh_channel *ptrs) {
+  int c;
   for (c = 0; ptrs[c] != NULL; c++)
     ;
 
@@ -3296,7 +3117,7 @@ static size_t count_ptrs(ssh_channel *ptrs)
  *
  * @return             SSH_OK on a successful operation, SSH_EINTR if the
  *                     select(2) syscall was interrupted, then relaunch the
- *                     function, or SSH_ERROR on error.
+ *                     function.
  */
 int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
     ssh_channel *exceptchans, struct timeval * timeout) {
@@ -3523,7 +3344,7 @@ pending:
                     payload);
 
 error:
-  SSH_BUFFER_FREE(payload);
+  ssh_buffer_free(payload);
 
   return rc;
 }
@@ -3585,7 +3406,7 @@ pending:
                     payload);
 
 error:
-  SSH_BUFFER_FREE(payload);
+  ssh_buffer_free(payload);
 
   return rc;
 }
@@ -3626,7 +3447,7 @@ int ssh_channel_request_send_exit_status(ssh_channel channel, int exit_status) {
 
   rc = channel_request(channel, "exit-status", buffer, 0);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 
@@ -3681,7 +3502,7 @@ int ssh_channel_request_send_exit_signal(ssh_channel channel, const char *sig,
 
   rc = channel_request(channel, "exit-signal", buffer, 0);
 error:
-  SSH_BUFFER_FREE(buffer);
+  ssh_buffer_free(buffer);
   return rc;
 }
 

src/client.c

@@ -38,9 +38,6 @@
 #include "libssh/socket.h"
 #include "libssh/session.h"
 #include "libssh/dh.h"
-#ifdef WITH_GEX
-#include "libssh/dh-gex.h"
-#endif /* WITH_GEX */
 #include "libssh/ecdh.h"
 #include "libssh/threads.h"
 #include "libssh/misc.h"
@@ -183,6 +180,7 @@ int ssh_send_banner(ssh_session session, int server)
 
     if (server == 1) {
         if (session->opts.custombanner == NULL){
+            len = strlen(banner);
             session->serverbanner = strdup(banner);
             if (session->serverbanner == NULL) {
                 goto end;
@@ -243,29 +241,19 @@ end:
  * @warning this function returning is no proof that DH handshake is
  * completed
  */
-int dh_handshake(ssh_session session)
-{
-  int rc = SSH_AGAIN;
+static int dh_handshake(ssh_session session) {
 
-  SSH_LOG(SSH_LOG_TRACE, "dh_handshake_state = %d, kex_type = %d",
-          session->dh_handshake_state,  session->next_crypto->kex_type);
+  int rc = SSH_AGAIN;
 
   switch (session->dh_handshake_state) {
     case DH_STATE_INIT:
       switch(session->next_crypto->kex_type){
         case SSH_KEX_DH_GROUP1_SHA1:
         case SSH_KEX_DH_GROUP14_SHA1:
-        case SSH_KEX_DH_GROUP14_SHA256:
         case SSH_KEX_DH_GROUP16_SHA512:
         case SSH_KEX_DH_GROUP18_SHA512:
           rc = ssh_client_dh_init(session);
           break;
-#ifdef WITH_GEX
-        case SSH_KEX_DH_GEX_SHA1:
-        case SSH_KEX_DH_GEX_SHA256:
-          rc = ssh_client_dhgex_init(session);
-          break;
-#endif /* WITH_GEX */
 #ifdef HAVE_ECDH
         case SSH_KEX_ECDH_SHA2_NISTP256:
         case SSH_KEX_ECDH_SHA2_NISTP384:
@@ -283,7 +271,11 @@ int dh_handshake(ssh_session session)
           rc = SSH_ERROR;
       }
 
-      break;
+      if (rc == SSH_ERROR) {
+          return SSH_ERROR;
+      }
+
+      session->dh_handshake_state = DH_STATE_INIT_SENT;
     case DH_STATE_INIT_SENT:
     	/* wait until ssh_packet_dh_reply is called */
     	break;
@@ -389,101 +381,95 @@ static void ssh_client_connection_callback(ssh_session session)
 {
     int rc;
 
-    SSH_LOG(SSH_LOG_DEBUG, "session_state=%d", session->session_state);
+    switch(session->session_state) {
+        case SSH_SESSION_STATE_NONE:
+        case SSH_SESSION_STATE_CONNECTING:
+            break;
+        case SSH_SESSION_STATE_SOCKET_CONNECTED:
+            ssh_set_fd_towrite(session);
+            ssh_send_banner(session, 0);
 
-    switch (session->session_state) {
-    case SSH_SESSION_STATE_NONE:
-    case SSH_SESSION_STATE_CONNECTING:
-        break;
-    case SSH_SESSION_STATE_SOCKET_CONNECTED:
-        ssh_set_fd_towrite(session);
-        ssh_send_banner(session, 0);
+            break;
+        case SSH_SESSION_STATE_BANNER_RECEIVED:
+            if (session->serverbanner == NULL) {
+                goto error;
+            }
+            set_status(session, 0.4f);
+            SSH_LOG(SSH_LOG_RARE,
+                    "SSH server banner: %s", session->serverbanner);
 
-        break;
-    case SSH_SESSION_STATE_BANNER_RECEIVED:
-        if (session->serverbanner == NULL) {
-            goto error;
-        }
-        set_status(session, 0.4f);
-        SSH_LOG(SSH_LOG_PROTOCOL,
-                "SSH server banner: %s", session->serverbanner);
+            /* Here we analyze the different protocols the server allows. */
+            rc = ssh_analyze_banner(session, 0);
+            if (rc < 0) {
+                ssh_set_error(session, SSH_FATAL,
+                        "No version of SSH protocol usable (banner: %s)",
+                        session->serverbanner);
+                goto error;
+            }
 
-        /* Here we analyze the different protocols the server allows. */
-        rc = ssh_analyze_banner(session, 0);
-        if (rc < 0) {
-            ssh_set_error(session, SSH_FATAL,
-                          "No version of SSH protocol usable (banner: %s)",
-                          session->serverbanner);
-            goto error;
-        }
+            ssh_packet_register_socket_callback(session, session->socket);
 
-        ssh_packet_register_socket_callback(session, session->socket);
-
-        ssh_packet_set_default_callbacks(session);
-        session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
-        rc = ssh_set_client_kex(session);
-        if (rc != SSH_OK) {
-            goto error;
-        }
-        rc = ssh_send_kex(session);
-        if (rc < 0) {
-            goto error;
-        }
-        set_status(session, 0.5f);
-
-        break;
-    case SSH_SESSION_STATE_INITIAL_KEX:
-        /* TODO: This state should disappear in favor of get_key handle */
-        break;
-    case SSH_SESSION_STATE_KEXINIT_RECEIVED:
-        set_status(session, 0.6f);
-        ssh_list_kex(&session->next_crypto->server_kex);
-        if ((session->flags & SSH_SESSION_FLAG_KEXINIT_SENT) == 0) {
-            /* in rekeying state if next_crypto client_kex might be empty */
+            ssh_packet_set_default_callbacks(session);
+            session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
             rc = ssh_set_client_kex(session);
             if (rc != SSH_OK) {
                 goto error;
             }
-            rc = ssh_send_kex(session);
+            rc = ssh_send_kex(session, 0);
             if (rc < 0) {
                 goto error;
             }
-        }
-        if (ssh_kex_select_methods(session) == SSH_ERROR)
-            goto error;
-        set_status(session, 0.8f);
-        session->session_state = SSH_SESSION_STATE_DH;
+            set_status(session, 0.5f);
 
-        /* If the init packet was already sent in previous step, this will be no
-         * operation */
-        if (dh_handshake(session) == SSH_ERROR) {
+            break;
+        case SSH_SESSION_STATE_INITIAL_KEX:
+            /* TODO: This state should disappear in favor of get_key handle */
+            break;
+        case SSH_SESSION_STATE_KEXINIT_RECEIVED:
+            set_status(session,0.6f);
+            ssh_list_kex(&session->next_crypto->server_kex);
+            if (session->next_crypto->client_kex.methods[0] == NULL) {
+                /* in rekeying state if next_crypto client_kex is empty */
+                rc = ssh_set_client_kex(session);
+                if (rc != SSH_OK) {
+                    goto error;
+                }
+                rc = ssh_send_kex(session, 0);
+                if (rc < 0) {
+                    goto error;
+                }
+            }
+            if (ssh_kex_select_methods(session) == SSH_ERROR)
+                goto error;
+            set_status(session,0.8f);
+            session->session_state=SSH_SESSION_STATE_DH;
+            if (dh_handshake(session) == SSH_ERROR) {
+                goto error;
+            }
+            /* FALL THROUGH */
+        case SSH_SESSION_STATE_DH:
+            if(session->dh_handshake_state==DH_STATE_FINISHED){
+                set_status(session,1.0f);
+                session->connected = 1;
+                if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
+                    session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
+                else
+                    session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
+            }
+            break;
+        case SSH_SESSION_STATE_AUTHENTICATING:
+            break;
+        case SSH_SESSION_STATE_ERROR:
             goto error;
-        }
-        FALL_THROUGH;
-    case SSH_SESSION_STATE_DH:
-        if (session->dh_handshake_state == DH_STATE_FINISHED) {
-            set_status(session, 1.0f);
-            session->connected = 1;
-            if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
-                session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
-            else
-                session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
-        }
-        break;
-    case SSH_SESSION_STATE_AUTHENTICATING:
-        break;
-    case SSH_SESSION_STATE_ERROR:
-        goto error;
-    default:
-        ssh_set_error(session, SSH_FATAL, "Invalid state %d",
-                      session->session_state);
+        default:
+            ssh_set_error(session,SSH_FATAL,"Invalid state %d",session->session_state);
     }
 
     return;
 error:
     ssh_socket_close(session->socket);
     session->alive = 0;
-    session->session_state = SSH_SESSION_STATE_ERROR;
+    session->session_state=SSH_SESSION_STATE_ERROR;
 
 }
 
@@ -514,138 +500,109 @@ static int ssh_connect_termination(void *user){
  * @see ssh_new()
  * @see ssh_disconnect()
  */
-int ssh_connect(ssh_session session)
-{
-    int ret;
+int ssh_connect(ssh_session session) {
+  int ret;
 
-    if (!is_ssh_initialized()) {
-        ssh_set_error(session, SSH_FATAL,
-                      "Library not initialized.");
+  if (session == NULL) {
+    return SSH_ERROR;
+  }
 
-        return SSH_ERROR;
-    }
+  switch(session->pending_call_state){
+  case SSH_PENDING_CALL_NONE:
+  	break;
+  case SSH_PENDING_CALL_CONNECT:
+  	goto pending;
+  default:
+  	ssh_set_error(session,SSH_FATAL,"Bad call during pending SSH call in ssh_connect");
 
-    if (session == NULL) {
-        return SSH_ERROR;
-    }
+  	return SSH_ERROR;
+  }
+  session->alive = 0;
+  session->client = 1;
 
-    switch(session->pending_call_state) {
-    case SSH_PENDING_CALL_NONE:
-        break;
-    case SSH_PENDING_CALL_CONNECT:
-        goto pending;
-    default:
-        ssh_set_error(session, SSH_FATAL,
-                      "Bad call during pending SSH call in ssh_connect");
+  if (session->opts.fd == SSH_INVALID_SOCKET &&
+      session->opts.host == NULL &&
+      session->opts.ProxyCommand == NULL) {
+    ssh_set_error(session, SSH_FATAL, "Hostname required");
+    return SSH_ERROR;
+  }
 
-        return SSH_ERROR;
-    }
-    session->alive = 0;
-    session->client = 1;
+  ret = ssh_options_apply(session);
+  if (ret < 0) {
+      ssh_set_error(session, SSH_FATAL, "Couldn't apply options");
+      return SSH_ERROR;
+  }
 
-    if (session->opts.fd == SSH_INVALID_SOCKET &&
-        session->opts.host == NULL &&
-        session->opts.ProxyCommand == NULL)
-    {
-        ssh_set_error(session, SSH_FATAL, "Hostname required");
-        return SSH_ERROR;
-    }
+  SSH_LOG(SSH_LOG_PROTOCOL,
+          "libssh %s, using threading %s",
+          ssh_copyright(),
+          ssh_threads_get_type());
 
-    /* If the system configuration files were not yet processed, do it now */
-    if (!session->opts.config_processed) {
-        ret = ssh_options_parse_config(session, NULL);
-        if (ret != 0) {
-            ssh_set_error(session, SSH_FATAL,
-                          "Failed to process system configuration files");
-            return SSH_ERROR;
-        }
-    }
-
-    ret = ssh_options_apply(session);
-    if (ret < 0) {
-        ssh_set_error(session, SSH_FATAL, "Couldn't apply options");
-        return SSH_ERROR;
-    }
-
-    SSH_LOG(SSH_LOG_PROTOCOL,
-            "libssh %s, using threading %s",
-            ssh_copyright(),
-            ssh_threads_get_type());
-
-    session->ssh_connection_callback = ssh_client_connection_callback;
-    session->session_state = SSH_SESSION_STATE_CONNECTING;
-    ssh_socket_set_callbacks(session->socket, &session->socket_callbacks);
-    session->socket_callbacks.connected = socket_callback_connected;
-    session->socket_callbacks.data = callback_receive_banner;
-    session->socket_callbacks.exception = ssh_socket_exception_callback;
-    session->socket_callbacks.userdata = session;
-
-    if (session->opts.fd != SSH_INVALID_SOCKET) {
-        session->session_state = SSH_SESSION_STATE_SOCKET_CONNECTED;
-        ssh_socket_set_fd(session->socket, session->opts.fd);
-        ret = SSH_OK;
+  session->ssh_connection_callback = ssh_client_connection_callback;
+  session->session_state=SSH_SESSION_STATE_CONNECTING;
+  ssh_socket_set_callbacks(session->socket,&session->socket_callbacks);
+  session->socket_callbacks.connected=socket_callback_connected;
+  session->socket_callbacks.data=callback_receive_banner;
+  session->socket_callbacks.exception=ssh_socket_exception_callback;
+  session->socket_callbacks.userdata=session;
+  if (session->opts.fd != SSH_INVALID_SOCKET) {
+    session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED;
+    ssh_socket_set_fd(session->socket, session->opts.fd);
+    ret=SSH_OK;
 #ifndef _WIN32
-    } else if (session->opts.ProxyCommand != NULL) {
-        ret = ssh_socket_connect_proxycommand(session->socket,
-                session->opts.ProxyCommand);
+  } else if (session->opts.ProxyCommand != NULL){
+    ret = ssh_socket_connect_proxycommand(session->socket,
+                                          session->opts.ProxyCommand);
 #endif
-    } else {
-        ret = ssh_socket_connect(session->socket,
-                                 session->opts.host,
-                                 session->opts.port > 0 ? session->opts.port : 22,
-                                 session->opts.bindaddr);
-    }
-    if (ret == SSH_ERROR) {
-        return SSH_ERROR;
-    }
+  } else {
+    ret=ssh_socket_connect(session->socket,
+                           session->opts.host,
+                           session->opts.port > 0 ? session->opts.port : 22,
+                           session->opts.bindaddr);
+  }
+  if (ret == SSH_ERROR) {
+    return SSH_ERROR;
+  }
 
-    set_status(session, 0.2f);
-
-    session->alive = 1;
-    SSH_LOG(SSH_LOG_PROTOCOL,
-            "Socket connecting, now waiting for the callbacks to work");
+  set_status(session, 0.2f);
 
+  session->alive = 1;
+  SSH_LOG(SSH_LOG_PROTOCOL,"Socket connecting, now waiting for the callbacks to work");
 pending:
-    session->pending_call_state = SSH_PENDING_CALL_CONNECT;
-    if(ssh_is_blocking(session)) {
-        int timeout = (session->opts.timeout * 1000) +
-            (session->opts.timeout_usec / 1000);
-        if (timeout == 0) {
-            timeout = 10 * 1000;
-        }
-        SSH_LOG(SSH_LOG_PACKET, "Actual timeout : %d", timeout);
-        ret = ssh_handle_packets_termination(session, timeout,
-                                             ssh_connect_termination, session);
-        if (session->session_state != SSH_SESSION_STATE_ERROR &&
-            (ret == SSH_ERROR || !ssh_connect_termination(session)))
-        {
-            ssh_set_error(session, SSH_FATAL,
-                          "Timeout connecting to %s", session->opts.host);
-            session->session_state = SSH_SESSION_STATE_ERROR;
-        }
-    } else {
-        ret = ssh_handle_packets_termination(session,
-                                             SSH_TIMEOUT_NONBLOCKING,
-                                             ssh_connect_termination,
-                                             session);
-        if (ret == SSH_ERROR) {
-            session->session_state = SSH_SESSION_STATE_ERROR;
-        }
-    }
+  session->pending_call_state=SSH_PENDING_CALL_CONNECT;
+  if(ssh_is_blocking(session)) {
+      int timeout = (session->opts.timeout * 1000) +
+                    (session->opts.timeout_usec / 1000);
+      if (timeout == 0) {
+          timeout = 10 * 1000;
+      }
+      SSH_LOG(SSH_LOG_PACKET,"Actual timeout : %d", timeout);
+      ret = ssh_handle_packets_termination(session, timeout, ssh_connect_termination, session);
+      if (session->session_state != SSH_SESSION_STATE_ERROR &&
+          (ret == SSH_ERROR || !ssh_connect_termination(session))) {
+          ssh_set_error(session, SSH_FATAL,
+                        "Timeout connecting to %s", session->opts.host);
+          session->session_state = SSH_SESSION_STATE_ERROR;
+      }
+  }
+  else {
+      ret = ssh_handle_packets_termination(session,
+                                           SSH_TIMEOUT_NONBLOCKING,
+                                           ssh_connect_termination,
+                                           session);
+      if (ret == SSH_ERROR) {
+          session->session_state = SSH_SESSION_STATE_ERROR;
+      }
+  }
+  SSH_LOG(SSH_LOG_PACKET,"current state : %d",session->session_state);
+  if(!ssh_is_blocking(session) && !ssh_connect_termination(session)){
+    return SSH_AGAIN;
+  }
 
-    SSH_LOG(SSH_LOG_PACKET, "current state : %d", session->session_state);
-    if (!ssh_is_blocking(session) && !ssh_connect_termination(session)) {
-        return SSH_AGAIN;
-    }
-
-    session->pending_call_state = SSH_PENDING_CALL_NONE;
-    if (session->session_state == SSH_SESSION_STATE_ERROR ||
-        session->session_state == SSH_SESSION_STATE_DISCONNECTED)
-    {
-        return SSH_ERROR;
-    }
-
-    return SSH_OK;
+  session->pending_call_state=SSH_PENDING_CALL_NONE;
+  if(session->session_state == SSH_SESSION_STATE_ERROR || session->session_state == SSH_SESSION_STATE_DISCONNECTED)
+  	return SSH_ERROR;
+  return SSH_OK;
 }
 
 /**
@@ -730,7 +687,6 @@ error:
   }
   session->opts.fd = SSH_INVALID_SOCKET;
   session->session_state=SSH_SESSION_STATE_DISCONNECTED;
-  session->pending_call_state = SSH_PENDING_CALL_NONE;
 
   while ((it=ssh_list_get_iterator(session->channels)) != NULL) {
     ssh_channel_do_free(ssh_iterator_value(ssh_channel,it));
@@ -780,7 +736,7 @@ error:
 }
 
 const char *ssh_copyright(void) {
-    return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2021 "
+    return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2018 "
            "Aris Adamantiadis, Andreas Schneider "
            "and libssh contributors. "
            "Distributed under the LGPL, please refer to COPYING "