Update libssh

2020-11-18 19:53:51 -08:00 · 2013-11-06 19:39:12 -05:00 · 2013-11-06 19:39:12 -05:00 · 1d16931564
commit 1d16931564
parent ed6224ba73
25 changed files with 322 additions and 147 deletions
--- a/libssh/CMakeLists.txt
+++ b/libssh/CMakeLists.txt
@ -71,6 +71,13 @@ if (WITH_GSSAPI)
    find_package(GSSAPI)
 endif (WITH_GSSAPI)
 if (WITH_NACL)
    find_package(NaCl)
    if (NOT NACL_FOUND)
        set(WITH_NACL OFF)
    endif (NOT NACL_FOUND)
 endif (WITH_NACL)
 # config.h checks
 include(ConfigureChecks.cmake)
 configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)
@ -125,6 +132,7 @@ message(STATUS "********** ${PROJECT_NAME} build options : **********")
 message(STATUS "zlib support: ${WITH_ZLIB}")
 message(STATUS "libgcrypt support: ${WITH_GCRYPT}")
 message(STATUS "libnacl support: ${WITH_NACL}")
 message(STATUS "SSH-1 support: ${WITH_SSH1}")
 message(STATUS "SFTP support: ${WITH_SFTP}")
 message(STATUS "Server support : ${WITH_SERVER}")
--- a/libssh/ConfigureChecks.cmake
+++ b/libssh/ConfigureChecks.cmake
@ -50,6 +50,7 @@ check_include_file(argp.h HAVE_ARGP_H)
 check_include_file(pty.h HAVE_PTY_H)
 check_include_file(termios.h HAVE_TERMIOS_H)
 check_include_file(unistd.h HAVE_UNISTD_H)
 check_include_file(util.h HAVE_UTIL_H)
 if (WIN32)
  check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
--- a/libssh/DefineOptions.cmake
+++ b/libssh/DefineOptions.cmake
@ -13,7 +13,7 @@ option(WITH_TESTING "Build with unit tests" OFF)
 option(WITH_CLIENT_TESTING "Build with client tests; requires a running sshd" OFF)
 option(WITH_BENCHMARKS "Build benchmarks tools" OFF)
 option(WITH_EXAMPLES "Build examples" ON)
-
+option(WITH_NACL "Build with libnacl (curve25519" ON)
 if (WITH_ZLIB)
    set(WITH_LIBZ ON)
 else (WITH_ZLIB)
@ -27,3 +27,7 @@ endif(WITH_BENCHMARKS)
 if (WITH_TESTING)
  set(WITH_STATIC_LIB ON)
 endif (WITH_TESTING)
 if (WITH_NACL)
  set(WITH_NACL ON)
 endif (WITH_NACL)
--- a/libssh/cmake/Modules/DefinePlatformDefaults.cmake
+++ b/libssh/cmake/Modules/DefinePlatformDefaults.cmake
@ -26,3 +26,7 @@ endif (CMAKE_SYSTEM_NAME MATCHES "(Solaris|SunOS)")
 if (CMAKE_SYSTEM_NAME MATCHES "OS2")
    set(OS2 TRUE)
 endif (CMAKE_SYSTEM_NAME MATCHES "OS2")
 if (CMAKE_SYSTEM_NAME MATCHES "Darwin")
 	set (OSX TRUE)
 endif (CMAKE_SYSTEM_NAME MATCHES "Darwin")
--- a/libssh/config.h.cmake
+++ b/libssh/config.h.cmake
@ -20,6 +20,9 @@
 /* Define to 1 if you have the <pty.h> header file. */
 #cmakedefine HAVE_PTY_H 1
 /* Define to 1 if you have the <util.h> header file. */
 #cmakedefine HAVE_UTIL_H 1
 /* Define to 1 if you have the <termios.h> header file. */
 #cmakedefine HAVE_TERMIOS_H 1
@ -126,7 +129,6 @@
 /* Define to 1 if you have the `pthread' library (-lpthread). */
 #cmakedefine HAVE_PTHREAD 1
 /**************************** OPTIONS ****************************/
 #cmakedefine HAVE_GCC_THREAD_LOCAL_STORAGE 1
@ -158,6 +160,9 @@
 /* Define to 1 if you want to enable calltrace debug output */
 #cmakedefine DEBUG_CALLTRACE 1
 /* Define to 1 if you want to enable NaCl support */
 #cmakedefine WITH_NACL 1
 /*************************** ENDIAN *****************************/
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
--- a/libssh/doc/mainpage.dox
+++ b/libssh/doc/mainpage.dox
@ -19,7 +19,7 @@ the interesting functions as you go.
 The libssh library provides:
- - <strong>Key Exchange Methods</strong>: <i>ecdh-sha2-nistp256</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
+ - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256@libssh.org, ecdh-sha2-nistp256</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
 - <strong>Hostkey Types</strong>: <i>ecdsa-sha2-nistp256</i>, ssh-dss, ssh-rsa
 - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, des-cbc-ssh1, blowfish-cbc, none
 - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
@ -184,6 +184,8 @@ It was later modified and expanded by the following RFCs.
    Authentication and Key Exchange for the Secure Shell (SSH) Protocol
 - <a href="http://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
    The Secure Shell (SSH) Public Key File Format
 - <a href="http://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>,
    AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
 - <a href="http://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
    Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
@ -203,6 +205,12 @@ do the same in libssh.
@subsection main-rfc-extensions Secure Shell Extensions
 The libssh project has an extension to support Curve25519 which is also supported by
 the OpenSSH project.
 - <a href="" target="_blank">curve25519-sha256@libssh.org</a>,
   Curve25519-SHA256 for ECDH KEX
 The OpenSSH project has defined some extensions to the protocol. We support some of
 them like the statvfs calls in SFTP or the ssh-agent.
--- a/libssh/examples/CMakeLists.txt
+++ b/libssh/examples/CMakeLists.txt
@ -11,9 +11,9 @@ include_directories(
  ${CMAKE_BINARY_DIR}
 )
-if (BSD OR SOLARIS)
+if (BSD OR SOLARIS OR OSX)
    find_package(Argp)
-endif (BSD OR SOLARIS)
+endif (BSD OR SOLARIS OR OSX)
 if (UNIX AND NOT WIN32)
    add_executable(libssh_scp libssh_scp.c ${examples_SRCS})
@ -28,7 +28,7 @@ if (UNIX AND NOT WIN32)
    if (WITH_SERVER)
        if (HAVE_LIBUTIL)
            add_executable(samplesshd-tty samplesshd-tty.c)
-            target_link_libraries(samplesshd-tty ${LIBSSH_SHARED_LIBRARY} util)
+            target_link_libraries(samplesshd-tty ${LIBSSH_SHARED_LIBRARY} ${ARGP_LIBRARIES} util)
        endif (HAVE_LIBUTIL)
    endif (WITH_SERVER)
--- a/libssh/examples/knownhosts.c
+++ b/libssh/examples/knownhosts.c
@ -34,14 +34,26 @@ int verify_knownhost(ssh_session session){
  int state;
  char buf[10];
  unsigned char *hash = NULL;
-  int hlen;
+  size_t hlen;
  ssh_key srv_pubkey;
  int rc;
  state=ssh_is_server_known(session);
-  hlen = ssh_get_pubkey_hash(session, &hash);
+  rc = ssh_get_publickey(session, &srv_pubkey);
-  if (hlen < 0) {
+  if (rc < 0) {
-    return -1;
+      return -1;
  }
  rc = ssh_get_publickey_hash(srv_pubkey,
                              SSH_PUBLICKEY_HASH_SHA1,
                              &hash,
                              &hlen);
  ssh_key_free(srv_pubkey);
  if (rc < 0) {
      return -1;
  }
  switch(state){
    case SSH_SERVER_KNOWN_OK:
      break; /* ok */
--- a/libssh/examples/samplesshd-tty.c
+++ b/libssh/examples/samplesshd-tty.c
@ -25,8 +25,12 @@ clients must be made or how a client should react.
 #include <string.h>
 #include <stdio.h>
 #include <poll.h>
 #ifdef HAVE_PTY_H
 #include <pty.h>
-
+#endif
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif
 #define SSHD_USER "libssh"
 #define SSHD_PASSWORD "libssh"
--- a/libssh/include/libssh/curve25519.h
+++ b/libssh/include/libssh/curve25519.h
@ -26,15 +26,23 @@
 #ifdef WITH_NACL
 #define HAVE_CURVE25519
 #include <nacl/crypto_scalarmult_curve25519.h>
 #define CURVE25519_PUBKEY_SIZE crypto_scalarmult_curve25519_BYTES
 #define CURVE25519_PRIVKEY_SIZE crypto_scalarmult_curve25519_SCALARBYTES
 #define crypto_scalarmult_base crypto_scalarmult_curve25519_base
 #define crypto_scalarmult crypto_scalarmult_curve25519
 #else
 #define CURVE25519_PUBKEY_SIZE 32
 #define CURVE25519_PRIVKEY_SIZE 32
 int crypto_scalarmult_base(unsigned char *q, const unsigned char *n);
 int crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p);
 #endif /* WITH_NACL */
 #define HAVE_CURVE25519
 typedef unsigned char ssh_curve25519_pubkey[CURVE25519_PUBKEY_SIZE];
 typedef unsigned char ssh_curve25519_privkey[CURVE25519_PRIVKEY_SIZE];
 #endif /* WITH_NACL */
 int ssh_client_curve25519_init(ssh_session session);
 int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet);
--- a/libssh/include/libssh/libssh.h
+++ b/libssh/include/libssh/libssh.h
@ -208,10 +208,14 @@ enum ssh_publickey_state_e {
 	SSH_PUBLICKEY_STATE_WRONG=2
 };
-/* status flags */
+/* Status flags */
 /** Socket is closed */
 #define SSH_CLOSED 0x01
 /** Reading to socket won't block */
 #define SSH_READ_PENDING 0x02
 /** Session was closed due to an error */
 #define SSH_CLOSED_ERROR 0x04
 /** Output buffer not empty */
 #define SSH_WRITE_PENDING 0x08
 enum ssh_server_known_e {
@ -408,8 +412,20 @@ LIBSSH_API socket_t ssh_get_fd(ssh_session session);
 LIBSSH_API char *ssh_get_hexa(const unsigned char *what, size_t len);
 LIBSSH_API char *ssh_get_issue_banner(ssh_session session);
 LIBSSH_API int ssh_get_openssh_version(ssh_session session);
 LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key);
-LIBSSH_API int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash);
+
 enum ssh_publickey_hash_type {
    SSH_PUBLICKEY_HASH_SHA1,
    SSH_PUBLICKEY_HASH_MD5
 };
 LIBSSH_API int ssh_get_publickey_hash(const ssh_key key,
                                      enum ssh_publickey_hash_type type,
                                      unsigned char **hash,
                                      size_t *hlen);
 SSH_DEPRECATED LIBSSH_API int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash);
 LIBSSH_API int ssh_get_random(void *where,int len,int strong);
 LIBSSH_API int ssh_get_version(ssh_session session);
 LIBSSH_API int ssh_get_status(ssh_session session);
--- a/libssh/include/libssh/priv.h
+++ b/libssh/include/libssh/priv.h
@ -155,6 +155,16 @@ int gettimeofday(struct timeval *__p, void *__t);
 #include <sys/time.h>
 #endif
 /*
 * get rid of deprecacy warnings on OSX when using OpenSSL 
 */
 #if defined(__APPLE__)
    #ifdef MAC_OS_X_VERSION_MIN_REQUIRED
        #undef MAC_OS_X_VERSION_MIN_REQUIRED
    #endif
    #define MAC_OS_X_VERSION_MIN_REQUIRED MAC_OS_X_VERSION_10_6
 #endif
 /* forward declarations */
 struct ssh_common_struct;
 struct ssh_kex_struct;
@ -254,7 +264,7 @@ int match_hostname(const char *host, const char *pattern, unsigned int len);
 /** Overwrite the buffer with '\0' */
 # define BURN_BUFFER(x, size) do { \
    if ((x) != NULL) \
-        memset((x), '\0', (size))); __asm__ volatile("" : : "r"(&(x)) : "memory"); \
+        memset((x), '\0', (size)); __asm__ volatile("" : : "r"(&(x)) : "memory"); \
  } while(0)
 #else /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
 /** Overwrite a string with '\0' */
@ -265,7 +275,7 @@ int match_hostname(const char *host, const char *pattern, unsigned int len);
 /** Overwrite the buffer with '\0' */
 # define BURN_BUFFER(x, size) do { \
    if ((x) != NULL) \
-        memset((x), '\0', (size))); __asm__ volatile("" : : "r"(&(x)) : "memory"); \
+        memset((x), '\0', (size)); __asm__ volatile("" : : "r"(&(x)) : "memory"); \
  } while(0)
 #endif /* HAVE_GCC_VOLATILE_MEMORY_PROTECTION */
--- a/libssh/src/CMakeLists.txt
+++ b/libssh/src/CMakeLists.txt
@ -115,6 +115,7 @@ set(libssh_SRCS
  client.c
  config.c
  connect.c
  curve25519.c
  dh.c
  ecdh.c
  error.c
@ -204,12 +205,12 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
  )
 endif (WITH_GSSAPI AND GSSAPI_FOUND)
-if (WITH_NACL)
+if (NOT WITH_NACL)
  set(libssh_SRCS
    ${libssh_SRCS}
-    curve25519.c
+    curve25519_ref.c
  )
-endif (WITH_NACL)
+endif (NOT WITH_NACL)
 include_directories(
  ${LIBSSH_PUBLIC_INCLUDE_DIRS}
--- a/libssh/src/channels.c
+++ b/libssh/src/channels.c
@ -3348,17 +3348,18 @@ error:
 }
 /**
- * @brief Send the exit status to the remote process (as described in RFC 4254, section 6.10).
+ * @brief Send the exit status to the remote process
 *
- * Sends the exit status to the remote process.
+ * Sends the exit status to the remote process (as described in RFC 4254,
 * section 6.10).
 * Only SSH-v2 is supported (I'm not sure about SSH-v1).
 *
 * @param[in]  channel  The channel to send exit status.
 *
- * @param[in]  sig      The exit status to send
+ * @param[in]  exit_status  The exit status to send
 *
- * @return              SSH_OK on success, SSH_ERROR if an error occurred
+ * @return     SSH_OK on success, SSH_ERROR if an error occurred.
- *                      (including attempts to send exit status via SSH-v1 session).
+ *             (including attempts to send exit status via SSH-v1 session).
 */
 int ssh_channel_request_send_exit_status(ssh_channel channel, int exit_status) {
  ssh_buffer buffer = NULL;
--- a/libssh/src/client.c
+++ b/libssh/src/client.c
@ -533,7 +533,7 @@ pending:
      if (timeout == 0) {
          timeout = 10 * 1000;
      }
-      SSH_LOG(SSH_LOG_PACKET,"ssh_connect: Actual timeout : %d", timeout);
+      SSH_LOG(SSH_LOG_PACKET,"Actual timeout : %d", timeout);
      ret = ssh_handle_packets_termination(session, timeout, ssh_connect_termination, session);
      if (ret == SSH_ERROR || !ssh_connect_termination(session)) {
          ssh_set_error(session, SSH_FATAL,
@ -550,7 +550,7 @@ pending:
          session->session_state = SSH_SESSION_STATE_ERROR;
      }
  }
-  SSH_LOG(SSH_LOG_PACKET,"ssh_connect: Actual state : %d",session->session_state);
+  SSH_LOG(SSH_LOG_PACKET,"current state : %d",session->session_state);
  if(!ssh_is_blocking(session) && !ssh_connect_termination(session)){
    return SSH_AGAIN;
  }
--- a/libssh/src/curve25519.c
+++ b/libssh/src/curve25519.c
@ -26,7 +26,10 @@
 #include "libssh/curve25519.h"
 #ifdef HAVE_CURVE25519
 #ifdef WITH_NACL
 #include "nacl/crypto_scalarmult_curve25519.h"
 #endif
 #include "libssh/ssh2.h"
 #include "libssh/buffer.h"
 #include "libssh/priv.h"
@ -53,7 +56,7 @@ int ssh_client_curve25519_init(ssh_session session){
 	  return SSH_ERROR;
  }
-  crypto_scalarmult_curve25519_base(session->next_crypto->curve25519_client_pubkey,
+  crypto_scalarmult_base(session->next_crypto->curve25519_client_pubkey,
 		  session->next_crypto->curve25519_privkey);
  client_pubkey = ssh_string_new(CURVE25519_PUBKEY_SIZE);
  if (client_pubkey == NULL) {
@ -81,10 +84,10 @@ static int ssh_curve25519_build_k(ssh_session session) {
  }
  if (session->server)
-	  crypto_scalarmult_curve25519(k, session->next_crypto->curve25519_privkey,
+	  crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
 			  session->next_crypto->curve25519_client_pubkey);
  else
-	  crypto_scalarmult_curve25519(k, session->next_crypto->curve25519_privkey,
+	  crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
 			  session->next_crypto->curve25519_server_pubkey);
  BN_bin2bn(k, CURVE25519_PUBKEY_SIZE, session->next_crypto->k);
@ -125,7 +128,7 @@ int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet){
  }
  if (ssh_string_len(q_s_string) != CURVE25519_PUBKEY_SIZE){
 	  ssh_set_error(session, SSH_FATAL, "Incorrect size for server Curve25519 public key: %d",
-			  ssh_string_len(q_s_string));
+			  (int)ssh_string_len(q_s_string));
 	  ssh_string_free(q_s_string);
 	  goto error;
  }
@ -179,7 +182,7 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){
    }
    if (ssh_string_len(q_c_string) != CURVE25519_PUBKEY_SIZE){
    	ssh_set_error(session, SSH_FATAL, "Incorrect size for server Curve25519 public key: %d",
-    			ssh_string_len(q_c_string));
+    			(int)ssh_string_len(q_c_string));
    	ssh_string_free(q_c_string);
    	return SSH_ERROR;
    }
@ -195,7 +198,7 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){
  	  return SSH_ERROR;
    }
-    crypto_scalarmult_curve25519_base(session->next_crypto->curve25519_server_pubkey,
+    crypto_scalarmult_base(session->next_crypto->curve25519_server_pubkey,
  		  session->next_crypto->curve25519_privkey);
    q_s_string = ssh_string_new(CURVE25519_PUBKEY_SIZE);
--- a/libssh/src/dh.c
+++ b/libssh/src/dh.c
@ -239,63 +239,6 @@ void ssh_print_bignum(const char *which, bignum num) {
  SAFE_FREE(hex);
 }
 /**
 * @brief Convert a buffer into a colon separated hex string.
 * The caller has to free the memory.
 *
 * @param  what         What should be converted to a hex string.
 *
 * @param  len          Length of the buffer to convert.
 *
 * @return              The hex string or NULL on error.
 *
 * @see ssh_string_free_char()
 */
 char *ssh_get_hexa(const unsigned char *what, size_t len) {
  const char h[] = "0123456789abcdef";
  char *hexa;
  size_t i;
  size_t hlen = len * 3;
  if (len > (UINT_MAX - 1) / 3) {
    return NULL;
  }
  hexa = malloc(hlen + 1);
  if (hexa == NULL) {
    return NULL;
  }
  for (i = 0; i < len; i++) {
      hexa[i * 3] = h[(what[i] >> 4) & 0xF];
      hexa[i * 3 + 1] = h[what[i] & 0xF];
      hexa[i * 3 + 2] = ':';
  }
  hexa[hlen - 1] = '\0';
  return hexa;
 }
 /**
 * @brief Print a buffer as colon separated hex string.
 *
 * @param  descr        Description printed in front of the hex string.
 *
 * @param  what         What should be converted to a hex string.
 *
 * @param  len          Length of the buffer to convert.
 */
 void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len) {
    char *hexa = ssh_get_hexa(what, len);
    if (hexa == NULL) {
      return;
    }
    printf("%s: %s\n", descr, hexa);
    free(hexa);
 }
 int dh_generate_x(ssh_session session) {
  session->next_crypto->x = bignum_new();
  if (session->next_crypto->x == NULL) {
@ -1047,25 +990,7 @@ error:
 */
 /**
- * @brief Allocates a buffer with the MD5 hash of the server public key.
+ * @deprecated Use ssh_get_publickey_hash()
 *
 * This function allows you to get a MD5 hash of the public key. You can then
 * print this hash in a human-readable form to the user so that he is able to
 * verify it. Use ssh_get_hexa() or ssh_print_hexa() to display it.
 *
 * @param[in] session   The SSH session to use.
 *
 * @param[in] hash      The buffer to allocate.
 *
 * @return The bytes allocated or < 0 on error.
 *
 * @warning It is very important that you verify at some moment that the hash
 *          matches a known server. If you don't do it, cryptography wont help
 *          you at making things secure
 *
 * @see ssh_is_server_known()
 * @see ssh_get_hexa()
 * @see ssh_print_hexa()
 */
 int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash) {
  ssh_string pubkey;
@ -1142,6 +1067,164 @@ int ssh_get_publickey(ssh_session session, ssh_key *key)
                                      key);
 }
 /**
 * @brief Allocates a buffer with the hash of the public key.
 *
 * This function allows you to get a hash of the public key. You can then
 * print this hash in a human-readable form to the user so that he is able to
 * verify it. Use ssh_get_hexa() or ssh_print_hexa() to display it.
 *
 * @param[in]  key      The public key to create the hash for.
 *
 * @param[in]  type     The type of the hash you want.
 *
 * @param[in]  hash     A pointer to store the allocated buffer. It can be
 *                      freed using ssh_clean_pubkey_hash().
 *
 * @param[in]  hlen     The length of the hash.
 *
 * @return 0 on success, -1 if an error occured.
 *
 * @warning It is very important that you verify at some moment that the hash
 *          matches a known server. If you don't do it, cryptography wont help
 *          you at making things secure.
 *          OpenSSH uses SHA1 to print public key digests.
 *
 * @see ssh_is_server_known()
 * @see ssh_get_hexa()
 * @see ssh_print_hexa()
 * @see ssh_clean_pubkey_hash()
 */
 int ssh_get_publickey_hash(const ssh_key key,
                           enum ssh_publickey_hash_type type,
                           unsigned char **hash,
                           size_t *hlen)
 {
    ssh_string blob;
    unsigned char *h;
    int rc;
    rc = ssh_pki_export_pubkey_blob(key, &blob);
    if (rc < 0) {
        return rc;
    }
    switch (type) {
    case SSH_PUBLICKEY_HASH_SHA1:
        {
            SHACTX ctx;
            h = malloc(SHA_DIGEST_LEN);
            if (h == NULL) {
                rc = -1;
                goto out;
            }
            ctx = sha1_init();
            if (ctx == NULL) {
                free(h);
                rc = -1;
                goto out;
            }
            sha1_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
            sha1_final(h, ctx);
            *hlen = SHA_DIGEST_LEN;
        }
        break;
    case SSH_PUBLICKEY_HASH_MD5:
        {
            MD5CTX ctx;
            h = malloc(MD5_DIGEST_LEN);
            if (h == NULL) {
                rc = -1;
                goto out;
            }
            ctx = md5_init();
            if (ctx == NULL) {
                free(h);
                rc = -1;
                goto out;
            }
            md5_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
            md5_final(h, ctx);
            *hlen = MD5_DIGEST_LEN;
        }
        break;
    default:
        rc = -1;
        goto out;
    }
    *hash = h;
    rc = 0;
 out:
    ssh_string_free(blob);
    return rc;
 }
 /**
 * @brief Convert a buffer into a colon separated hex string.
 * The caller has to free the memory.
 *
 * @param  what         What should be converted to a hex string.
 *
 * @param  len          Length of the buffer to convert.
 *
 * @return              The hex string or NULL on error.
 *
 * @see ssh_string_free_char()
 */
 char *ssh_get_hexa(const unsigned char *what, size_t len) {
  const char h[] = "0123456789abcdef";
  char *hexa;
  size_t i;
  size_t hlen = len * 3;
  if (len > (UINT_MAX - 1) / 3) {
    return NULL;
  }
  hexa = malloc(hlen + 1);
  if (hexa == NULL) {
    return NULL;
  }
  for (i = 0; i < len; i++) {
      hexa[i * 3] = h[(what[i] >> 4) & 0xF];
      hexa[i * 3 + 1] = h[what[i] & 0xF];
      hexa[i * 3 + 2] = ':';
  }
  hexa[hlen - 1] = '\0';
  return hexa;
 }
 /**
 * @brief Print a buffer as colon separated hex string.
 *
 * @param  descr        Description printed in front of the hex string.
 *
 * @param  what         What should be converted to a hex string.
 *
 * @param  len          Length of the buffer to convert.
 */
 void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len) {
    char *hexa = ssh_get_hexa(what, len);
    if (hexa == NULL) {
      return;
    }
    printf("%s: %s\n", descr, hexa);
    free(hexa);
 }
 /** @} */
 /* vim: set ts=4 sw=4 et cindent: */
--- a/libssh/src/log.c
+++ b/libssh/src/log.c
@ -65,7 +65,7 @@ static int current_timestring(int hires, char *buf, size_t len)
    if (hires) {
        strftime(tbuf, sizeof(tbuf) - 1, "%Y/%m/%d %H:%M:%S", tm);
-        snprintf(buf, len, "%s.%06ld", tbuf, tv.tv_usec);
+        snprintf(buf, len, "%s.%06ld", tbuf, (long)tv.tv_usec);
    } else {
        strftime(tbuf, sizeof(tbuf) - 1, "%Y/%m/%d %H:%M:%S", tm);
        snprintf(buf, len, "%s", tbuf);
--- a/libssh/src/messages.c
+++ b/libssh/src/messages.c
@ -309,10 +309,8 @@ static int ssh_execute_server_callbacks(ssh_session session, ssh_message msg){
    if (session->server_callbacks != NULL){
        rc = ssh_execute_server_request(session, msg);
-    }
+    } else if (session->common.callbacks != NULL) {
-
+        /* This one is in fact a client callback... */
    /* This one is in fact a client callback... */
    else if (session->common.callbacks != NULL) {
        rc = ssh_execute_client_request(session, msg);
    }
--- a/libssh/src/options.c
+++ b/libssh/src/options.c
@ -1254,7 +1254,7 @@ static int ssh_bind_options_set_algo(ssh_bind sshbind, int algo,
 /**
 * @brief This function can set all possible ssh bind options.
 *
- * @param  session      An allocated ssh option structure.
+ * @param  sshbind      An allocated ssh bind structure.
 *
 * @param  type         The option type to set. This could be one of the
 *                      following:
--- a/libssh/src/pki_crypto.c
+++ b/libssh/src/pki_crypto.c
@ -25,6 +25,8 @@
 #ifndef _PKI_CRYPTO_H
 #define _PKI_CRYPTO_H
 #include "libssh/priv.h"
 #include <openssl/pem.h>
 #include <openssl/dsa.h>
 #include <openssl/err.h>
@ -37,8 +39,6 @@
 #include <openssl/ecdsa.h>
 #endif
 #include "libssh/priv.h"
 #include "libssh/libssh.h"
 #include "libssh/buffer.h"
 #include "libssh/session.h"
--- a/libssh/src/server.c
+++ b/libssh/src/server.c
@ -1221,38 +1221,45 @@ int ssh_execute_message_callbacks(ssh_session session){
  return SSH_OK;
 }
 int ssh_send_keepalive(ssh_session session)
 {
  /* TODO check the reply and all that */
  struct ssh_string_struct *req;
-  int reply = 1;
+  int rc;
-  int rc = SSH_ERROR;
+
  rc = buffer_add_u8(session->out_buffer, SSH2_MSG_GLOBAL_REQUEST);
  if (rc < 0) {
    goto err;
  }
  req = ssh_string_from_char("keepalive@openssh.com");
  if (req == NULL) {
-    ssh_set_error_oom(session);
+    goto err;
    goto out;
  }
-  if (buffer_add_u8(session->out_buffer, SSH2_MSG_GLOBAL_REQUEST) < 0 ||
+  rc = buffer_add_ssh_string(session->out_buffer, req);
-      buffer_add_ssh_string(session->out_buffer, req) < 0 ||
+  ssh_string_free(req);
-      buffer_add_u8(session->out_buffer, reply == 0 ? 0 : 1) < 0) {
+  if (rc < 0) {
-    ssh_set_error_oom(session);
+    goto err;
    goto out;
  }
-  if (packet_send(session) == SSH_ERROR)
+  rc = buffer_add_u8(session->out_buffer, 1);
-    goto out;
+  if (rc < 0) {
    goto err;
  }
  if (packet_send(session) == SSH_ERROR) {
    goto err;
  }
  ssh_handle_packets(session, 0);
  SSH_LOG(SSH_LOG_PACKET, "Sent a keepalive");
-  rc = SSH_OK;
+  return SSH_OK;
-out:
+err:
-  ssh_string_free(req);
+  ssh_set_error_oom(session);
-  return rc;
+  buffer_reinit(session->out_buffer);
  return SSH_ERROR;
 }
 /** @} */
--- a/libssh/src/session.c
+++ b/libssh/src/session.c
@ -273,7 +273,7 @@ void ssh_free(ssh_session session) {
  }
  /* burn connection, it could hang sensitive datas */
-  ZERO_STRUCTP(session);
+  BURN_BUFFER(session, sizeof(struct ssh_session_struct));
  SAFE_FREE(session);
 }
--- a/libssh/src/socket.c
+++ b/libssh/src/socket.c
@ -695,11 +695,11 @@ int ssh_socket_buffered_write_bytes(ssh_socket s){
 int ssh_socket_get_status(ssh_socket s) {
  int r = 0;
-  if (s->read_wontblock) {
+  if (buffer_get_len(s->in_buffer) > 0) {
-    r |= SSH_READ_PENDING;
+      r |= SSH_READ_PENDING;
  }
-  if (s->write_wontblock) {
+  if (buffer_get_len(s->out_buffer) > 0) {
      r |= SSH_WRITE_PENDING;
  }
--- a/libssh/src/wrapper.c
+++ b/libssh/src/wrapper.c
@ -158,7 +158,7 @@ void crypto_free(struct ssh_crypto_struct *crypto){
      SAFE_FREE(crypto->kex_methods[i]);
  }
-  memset(crypto,0,sizeof(*crypto));
+  BURN_BUFFER(crypto, sizeof(struct ssh_crypto_struct));
  SAFE_FREE(crypto);
 }
@ -319,10 +319,11 @@ int crypt_set_algorithms_server(ssh_session session){
    if(strcmp(method,"zlib@openssh.com") == 0){
        SSH_LOG(SSH_LOG_PACKET,"enabling C->S delayed compression");
-        if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
+        if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
-                session->next_crypto->do_compress_in=1;
+            session->next_crypto->do_compress_in = 1;
-        else
+        } else {
-                session->next_crypto->delayed_compress_in=1;
+            session->next_crypto->delayed_compress_in = 1;
        }
    }
    method = session->next_crypto->kex_methods[SSH_COMP_S_C];
@ -333,10 +334,11 @@ int crypt_set_algorithms_server(ssh_session session){
    if(strcmp(method,"zlib@openssh.com") == 0){
        SSH_LOG(SSH_LOG_PACKET,"enabling S->C delayed compression\n");
-        if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
+        if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
-                session->next_crypto->do_compress_out=1;
+            session->next_crypto->do_compress_out = 1;
-        else
+        } else {
-                session->next_crypto->delayed_compress_out=1;
+            session->next_crypto->delayed_compress_out = 1;
        }
    }
    method = session->next_crypto->kex_methods[SSH_HOSTKEYS];