prepared for 1.2.2

Reported by Steven Van Ingelgem <steven@vaningelgem.be>
in <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2566>.

.gitattribute

@@ -0,0 +1,2 @@
+win32/msvcproj.head -crlf
+win32/msvcproj.foot -crlf

COPYING

@@ -1,6 +1,7 @@
 /* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org>
  * Copyright (c) 2006-2007 The Written Word, Inc.
  * Copyright (c) 2009 Daniel Stenberg
+ * Copyright (C) 2008, 2009 Simon Josefsson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

HACKING

@@ -10,3 +10,4 @@ libssh2 source code style guide:
      }
 
  - keep source lines shorter than 80 columns
+ - See libssh2-style.el for how to achieve this within Emacs

Makefile.am

@@ -75,55 +75,54 @@ include Makefile.inc
 WIN32SOURCES = $(CSOURCES)
 WIN32HEADERS = $(HHEADERS) libssh2_config.h
 
-DSPOUT = | awk '{printf("%s\r\n", $$0)}' >> $(DSP)
-VCPROJOUT = | awk '{printf("%s\r\n", $$0)}' >> $(VCPROJ)
-
 $(DSP): win32/msvcproj.head win32/msvcproj.foot Makefile.am
 	echo "creating $(DSP)"
-	@(cp $(srcdir)/win32/msvcproj.head $(DSP); \
-	echo "# Begin Group \"Source Files\"" $(DSPOUT); \
-        echo "" $(DSPOUT); \
-        echo "# PROP Default_Filter \"cpp;c;cxx\"" $(DSPOUT); \
+	@( (cat $(srcdir)/win32/msvcproj.head; \
+	echo "# Begin Group \"Source Files\""; \
+	echo ""; \
+	echo "# PROP Default_Filter \"cpp;c;cxx\""; \
 	win32_srcs='$(WIN32SOURCES)'; \
 	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
 	for file in $$sorted_srcs; do \
-	echo "# Begin Source File" $(DSPOUT); \
-	echo "" $(DSPOUT); \
-	echo "SOURCE=..\\src\\"$$file $(DSPOUT); \
-	echo "# End Source File" $(DSPOUT); \
+		echo "# Begin Source File"; \
+		echo ""; \
+		echo "SOURCE=..\\src\\"$$file; \
+		echo "# End Source File"; \
 	done; \
-	echo "# End Group" $(DSPOUT); \
-	echo "# Begin Group \"Header Files\"" $(DSPOUT); \
-        echo "" $(DSPOUT); \
-        echo "# PROP Default_Filter \"h;hpp;hxx\"" $(DSPOUT); \
+	echo "# End Group"; \
+	echo "# Begin Group \"Header Files\""; \
+	echo ""; \
+	echo "# PROP Default_Filter \"h;hpp;hxx\""; \
 	win32_hdrs='$(WIN32HEADERS)'; \
 	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
 	for file in $$sorted_hdrs; do \
-	echo "# Begin Source File" $(DSPOUT); \
-	echo "" $(DSPOUT); \
+		echo "# Begin Source File"; \
+		echo ""; \
 		if [ "$$file" == "libssh2_config.h" ]; \
 		then \
-		echo "SOURCE=.\\"$$file $(DSPOUT); \
+			echo "SOURCE=.\\"$$file; \
 		else \
-		echo "SOURCE=..\\src\\"$$file $(DSPOUT); \
+			echo "SOURCE=..\\src\\"$$file; \
 		fi; \
-	echo "# End Source File" $(DSPOUT); \
+		echo "# End Source File"; \
 	done; \
-	echo "# End Group" $(DSPOUT); \
-	cat $(srcdir)/win32/msvcproj.foot $(DSPOUT) )
+	echo "# End Group"; \
+	cat $(srcdir)/win32/msvcproj.foot) | \
+	awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )
 
 $(VCPROJ): win32/vc8proj.head win32/vc8proj.foot Makefile.am
 	echo "creating $(VCPROJ)"
-	@(cp $(srcdir)/vc8proj.head $(VCPROJ); \
+	@( (cat $(srcdir)/vc8proj.head; \
 	win32_srcs='$(WIN32SOURCES)'; \
 	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
 	for file in $$sorted_srcs; do \
-	echo "<File RelativePath=\""..\src\$$file"\"></File>" $(VCPROJOUT); \
+		echo "<File RelativePath=\""..\src\$$file"\"></File>"; \
 	done; \
-	echo "</Filter><Filter	Name=\"Header Files\">" $(VCPROJOUT); \
+	echo "</Filter><Filter	Name=\"Header Files\">"; \
 	win32_hdrs='$(WIN32HEADERS)'; \
 	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
 	for file in $$sorted_hdrs; do \
-	echo "<File RelativePath=\""..\src\$$file"\"></File>" $(VCPROJOUT); \
+		echo "<File RelativePath=\""..\src\$$file"\"></File>"; \
 	done; \
-	cat $(srcdir)/vc8proj.foot $(VCPROJOUT) )
+	cat $(srcdir)/vc8proj.foot) | \
+	awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )

NEWS

@@ -1,3 +1,20 @@
+Version 1.2.2 (unreleased)
+
+* This release includes the following changes:
+
+  o Fix crash when server sends an invalid SSH_MSG_IGNORE message.
+    Reported by Bob Alexander <balexander@expressor-software.com> in
+    <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530>.
+    By Simon Josefsson.
+
+  o Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
+    as per RFC 4344 for libgcrypt and OpenSSL.  They are now the
+    preferred ciphers.  By Simon Josefsson.
+
+  o Support for the "arcfour128" cipher as per RFC 4345 for libgcrypt
+    and OpenSSL.  It is preferred over the normal "arcfour" cipher
+    which is somewhat broken.  By Simon Josefsson.
+
 Version 1.2.1 (September 28, 2009)
 
 * This release includes the following changes:

RELEASE-NOTES

@@ -1,27 +1,18 @@
-libssh2 1.2.1
+libssh2 1.2.2
 
 This release includes the following changes:
 
- o generate and install libssh2.pc
+ o Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
+ o Support for the "arcfour128" cipher
 
 This release includes the following bugfixes:
 
- o proper return codes returned from several functions
- o return EAGAIN internal cleanup
- o added knownhost.c to windows makefiles
- o pass private-key to OpenSSL as a filename with BIO_new_file().
- o make libssh2_scp_send/recv do blocking mode correctly
- o libssh2_channel_wait_closed() could hang
- o libssh2_channel_read_ex() must return 0 when closed
- o added gettimeofday() function for win32 for the debug trace outputs
- o transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors
- o scp examples now loop correctly over libssh2_channel_write()
+ o Fix crash when server sends an invalid SSH_MSG_IGNORE message
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Peter Stuge, Neil Gierman, Steven Van Ingelgem, Alexander Lamaison,
- Guenter Knauf, Simon Josefsson
+ Simon Josefsson, Bob Alexander
  
 
         Thanks! (and sorry if I forgot to mention someone)

configure.ac

@@ -162,6 +162,45 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]),
        AC_MSG_RESULT(no)
 )
 
+dnl ************************************************************
+dnl Enable hiding of internal symbols in library to reduce its size and
+dnl speed dynamic linking of applications.  This currently is only supported
+dnl on gcc >= 4.0 and SunPro C.
+dnl
+AC_MSG_CHECKING([whether to enable hidden symbols in the library])
+AC_ARG_ENABLE(hidden-symbols,
+AC_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library])
+AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       ;;
+  *)
+       AC_MSG_CHECKING([whether $CC supports it])
+       if test "$GCC" = yes ; then
+         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
+           AC_MSG_RESULT(yes)
+           AC_DEFINE(LIBSSH2_API, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
+           CFLAGS="$CFLAGS -fvisibility=hidden"
+         else
+            AC_MSG_RESULT(no)
+          fi
+
+       else
+         dnl Test for SunPro cc
+         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
+           AC_MSG_RESULT(yes)
+           AC_DEFINE(LIBSSH2_API, [__global], [to make a symbol visible])
+           CFLAGS="$CFLAGS -xldscope=hidden"
+         else
+           AC_MSG_RESULT(no)
+         fi
+       fi
+       ;;
+  esac ],
+       AC_MSG_RESULT(no)
+)
+
 # Checks for header files.
 # AC_HEADER_STDC
 AC_CHECK_HEADERS([errno.h fcntl.h stdio.h stdlib.h unistd.h sys/uio.h])

docs/Makefile.am

@@ -40,6 +40,7 @@ dist_man_MANS = \
 	libssh2_knownhost_del.3 \
 	libssh2_knownhost_get.3 \
 	libssh2_knownhost_init.3 \
+	libssh2_knownhost_free.3 \
 	libssh2_knownhost_readfile.3 \
 	libssh2_knownhost_readline.3 \
 	libssh2_knownhost_writefile.3 \

docs/libssh2_knownhost_free.3

@@ -0,0 +1,21 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_free 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_free - free a collection of known hosts
+.SH SYNOPSIS
+#include <libssh2.h>
+
+void libssh2_knownhost_free(LIBSSH2_KNOWNHOSTS *hosts);
+.SH DESCRIPTION
+Free a collection of known hosts.
+.SH RETURN VALUE
+Returns a handle pointer or NULL if something went wrong. The returned handle
+is used as input to all other known host related functions libssh2 provides.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_init(3)
+.BR libssh2_knownhost_add(3)
+.BR libssh2_knownhost_check(3)

docs/libssh2_knownhost_init.3

@@ -11,6 +11,9 @@ LIBSSH2_KNOWNHOSTS *libssh2_knownhost_init(LIBSSH2_SESSION *session);
 .SH DESCRIPTION
 Init a collection of known hosts for this session. Returns the handle to an
 internal representation of a known host collection.
+
+Call \fBlibssh2_knownhost_free(3)\fP to free the collection again after you're
+doing using it.
 .SH RETURN VALUE
 Returns a handle pointer or NULL if something went wrong. The returned handle
 is used as input to all other known host related functions libssh2 provides.

example/simple/scp_write.c

@@ -142,8 +142,8 @@ int main(int argc, char *argv[])
         }
     }
 
-    /* Request a file via SCP */
-    channel = libssh2_scp_send(session, scppath, 0x1FF & fileinfo.st_mode,
+    /* Send a file via scp. The mode parameter must only have permissions! */
+    channel = libssh2_scp_send(session, scppath, fileinfo.st_mode & 0777,
                                (unsigned long)fileinfo.st_size);
 
     if (!channel) {

example/simple/scp_write_nonblock.c

@@ -153,9 +153,9 @@ int main(int argc, char *argv[])
         }
     }
 
-    /* Request a file via SCP */
+    /* Send a file via scp. The mode parameter must only have permissions! */
     do {
-        channel = libssh2_scp_send(session, scppath, 0x1FF & fileinfo.st_mode,
+        channel = libssh2_scp_send(session, scppath, fileinfo.st_mode & 0777,
                                    (unsigned long)fileinfo.st_size);
 
         if ((!channel) && (libssh2_session_last_errno(session) !=

include/libssh2.h

@@ -84,17 +84,17 @@ typedef unsigned long long libssh2_uint64_t;
 typedef long long libssh2_int64_t;
 #endif
 
-/* We use underscore instead of dash when appending CVS in dev versions just
+/* We use underscore instead of dash when appending DEV in dev versions just
    to make the BANNER define (used by src/session.c) be a valid SSH
    banner. Release versions have no appended strings and may of course not
    have dashes either. */
-#define LIBSSH2_VERSION                             "1.2.1_CVS"
+#define LIBSSH2_VERSION                             "1.2.2_DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBSSH2_VERSION_MAJOR                       1
 #define LIBSSH2_VERSION_MINOR                       2
-#define LIBSSH2_VERSION_PATCH                       1
+#define LIBSSH2_VERSION_PATCH                       2
 
 /* This is the numeric version of the libssh2 version number, meant for easier
    parsing and comparions by programs. The LIBSSH2_VERSION_NUM define will
@@ -111,18 +111,18 @@ typedef long long libssh2_int64_t;
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBSSH2_VERSION_NUM                         0x010201
+#define LIBSSH2_VERSION_NUM                         0x010202
 
 /*
  * This is the date and time when the full source package was created. The
- * timestamp is not stored in CVS, as the timestamp is properly set in the
- * tarballs by the maketgz script.
+ * timestamp is not stored in the source code repo, as the timestamp is
+ * properly set in the tarballs by the maketgz script.
  *
  * The format of the date should follow this template:
  *
  * "Mon Feb 12 11:35:33 UTC 2007"
  */
-#define LIBSSH2_TIMESTAMP "CVS"
+#define LIBSSH2_TIMESTAMP "DEV"
 
 /* Part of every banner, user specified or not */
 #define LIBSSH2_SSH_BANNER                  "SSH-2.0-libssh2_" LIBSSH2_VERSION

src/channel.c

@@ -725,11 +725,6 @@ channel_forward_accept(LIBSSH2_LISTENER *listener)
 
     do {
         rc = _libssh2_transport_read(listener->session);
-        if (rc == PACKET_EAGAIN) {
-            libssh2_error(listener->session, LIBSSH2_ERROR_EAGAIN,
-                          "Would block waiting for packet", 0);
-            return NULL;
-        }
     } while (rc > 0);
 
     if (_libssh2_list_first(&listener->queue)) {
@@ -746,6 +741,11 @@ channel_forward_accept(LIBSSH2_LISTENER *listener)
         return channel;
     }
 
+    if (rc == PACKET_EAGAIN) {
+        libssh2_error(listener->session, LIBSSH2_ERROR_EAGAIN,
+                      "Would block waiting for packet", 0);
+    }
+    else
         libssh2_error(listener->session, LIBSSH2_ERROR_CHANNEL_UNKNOWN,
                       "Channel not found", 0);
     return NULL;

src/crypt.c

@@ -1,4 +1,5 @@
-/* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2009 Simon Josefsson <simon@josefsson.org>
+ * Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -114,6 +115,44 @@ crypt_dtor(LIBSSH2_SESSION * session, void **abstract)
     return 0;
 }
 
+#if LIBSSH2_AES_CTR
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = {
+    "aes128-ctr",
+    16,                         /* blocksize */
+    16,                         /* initial value length */
+    16,                         /* secret length -- 16*8 == 128bit */
+    0,                          /* flags */
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes128ctr
+};
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = {
+    "aes192-ctr",
+    16,                         /* blocksize */
+    16,                         /* initial value length */
+    24,                         /* secret length -- 24*8 == 192bit */
+    0,                          /* flags */
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes192ctr
+};
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = {
+    "aes256-ctr",
+    16,                         /* blocksize */
+    16,                         /* initial value length */
+    32,                         /* secret length -- 32*8 == 256bit */
+    0,                          /* flags */
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes256ctr
+};
+#endif
+
 #if LIBSSH2_AES
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
     "aes128-cbc",
@@ -192,6 +231,40 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_arcfour = {
     &crypt_dtor,
     _libssh2_cipher_arcfour
 };
+
+static int
+crypt_init_arcfour128(LIBSSH2_SESSION * session,
+                      const LIBSSH2_CRYPT_METHOD * method,
+                      unsigned char *iv, int *free_iv,
+                      unsigned char *secret, int *free_secret,
+                      int encrypt, void **abstract)
+{
+    int rc;
+
+    rc = crypt_init (session, method, iv, free_iv, secret, free_secret,
+		     encrypt, abstract);
+    if (rc == 0) {
+	struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract;
+	unsigned char block[8];
+	size_t discard = 1536;
+	for (; discard; discard -= 8)
+	    _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block);
+    }
+
+    return rc;
+}
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_arcfour128 = {
+    "arcfour128",
+    8,                          /* blocksize */
+    8,                          /* initial value length */
+    16,                         /* secret length */
+    0,                          /* flags */
+    &crypt_init_arcfour128,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_arcfour
+};
 #endif /* LIBSSH2_RC4 */
 
 #if LIBSSH2_CAST
@@ -223,6 +296,11 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 #endif
 
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
+#if LIBSSH2_AES_CTR
+  &libssh2_crypt_method_aes128_ctr,
+  &libssh2_crypt_method_aes192_ctr,
+  &libssh2_crypt_method_aes256_ctr,
+#endif /* LIBSSH2_AES */
 #if LIBSSH2_AES
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
@@ -233,6 +311,7 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
     &libssh2_crypt_method_blowfish_cbc,
 #endif /* LIBSSH2_BLOWFISH */
 #if LIBSSH2_RC4
+    &libssh2_crypt_method_arcfour128,
     &libssh2_crypt_method_arcfour,
 #endif /* LIBSSH2_RC4 */
 #if LIBSSH2_CAST

src/libgcrypt.c

@@ -524,16 +524,14 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
                      _libssh2_cipher_type(algo),
                      unsigned char *iv, unsigned char *secret, int encrypt)
 {
-    int mode = 0, ret;
-    int keylen = gcry_cipher_get_algo_keylen(algo);
+    int ret;
+    int cipher = _libssh2_gcry_cipher (algo);
+    int mode = _libssh2_gcry_mode (algo);
+    int keylen = gcry_cipher_get_algo_keylen(cipher);
 
     (void) encrypt;
 
-    if (algo != GCRY_CIPHER_ARCFOUR) {
-        mode = GCRY_CIPHER_MODE_CBC;
-    }
-
-    ret = gcry_cipher_open(h, algo, mode, 0);
+    ret = gcry_cipher_open(h, cipher, mode, 0);
     if (ret) {
         return -1;
     }
@@ -544,8 +542,11 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
         return -1;
     }
 
-    if (algo != GCRY_CIPHER_ARCFOUR) {
-        int blklen = gcry_cipher_get_algo_blklen(algo);
+    if (mode != GCRY_CIPHER_MODE_STREAM) {
+        int blklen = gcry_cipher_get_algo_blklen(cipher);
+	if (mode == GCRY_CIPHER_MODE_CTR)
+	  ret = gcry_cipher_setctr(*h, iv, blklen);
+	else
 	  ret = gcry_cipher_setiv(*h, iv, blklen);
 	if (ret) {
             gcry_cipher_close(*h);
@@ -561,8 +562,10 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
                       _libssh2_cipher_type(algo),
                       int encrypt, unsigned char *block)
 {
-    size_t blklen = gcry_cipher_get_algo_blklen(algo);
+    int cipher = _libssh2_gcry_cipher (algo);
+    size_t blklen = gcry_cipher_get_algo_blklen(cipher);
     int ret;
+
     if (blklen == 1) {
 /* Hack for arcfour. */
         blklen = 8;

src/libgcrypt.h

@@ -1,5 +1,6 @@
-/* Copyright (C) 2006, 2007, The Written Word, Inc.
- * Copyright (C) 2008, Simon Josefsson
+/*
+ * Copyright (C) 2008, 2009 Simon Josefsson
+ * Copyright (C) 2006, 2007, The Written Word, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -43,6 +44,7 @@
 #define LIBSSH2_HMAC_RIPEMD 1
 
 #define LIBSSH2_AES 1
+#define LIBSSH2_AES_CTR 1
 #define LIBSSH2_BLOWFISH 1
 #define LIBSSH2_RC4 1
 #define LIBSSH2_CAST 1
@@ -155,13 +157,30 @@ int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
 #define _libssh2_cipher_type(name) int name
 #define _libssh2_cipher_ctx gcry_cipher_hd_t
 
-#define _libssh2_cipher_aes256 GCRY_CIPHER_AES256
-#define _libssh2_cipher_aes192 GCRY_CIPHER_AES192
-#define _libssh2_cipher_aes128 GCRY_CIPHER_AES128
-#define _libssh2_cipher_blowfish GCRY_CIPHER_BLOWFISH
-#define _libssh2_cipher_arcfour GCRY_CIPHER_ARCFOUR
-#define _libssh2_cipher_cast5 GCRY_CIPHER_CAST5
-#define _libssh2_cipher_3des GCRY_CIPHER_3DES
+#define _libssh2_gcry_ciphermode(c,m) ((c << 8) | m)
+#define _libssh2_gcry_cipher(c) (c >> 8)
+#define _libssh2_gcry_mode(m) (m & 0xFF)
+
+#define _libssh2_cipher_aes256ctr		\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR)
+#define _libssh2_cipher_aes192ctr		\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR)
+#define _libssh2_cipher_aes128ctr					\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR)
+#define _libssh2_cipher_aes256						\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_aes192			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_aes128			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_blowfish		\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_arcfour			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM)
+#define _libssh2_cipher_cast5			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_3des			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC)
 
 int _libssh2_cipher_init(_libssh2_cipher_ctx * h,
                          _libssh2_cipher_type(algo),

src/openssl.c

@@ -1,7 +1,9 @@
-/* Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
- * Author: Simon Josefsson
+/* Copyright (C) 2009 Simon Josefsson
+ * Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
  * Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  *
+ * Author: Simon Josefsson
+ *
  * Redistribution and use in source and binary forms,
  * with or without modification, are permitted provided
  * that the following conditions are met:
@@ -197,6 +199,106 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
     return ret == 1 ? 0 : 1;
 }
 
+#include <openssl/aes.h>
+
+typedef struct
+{
+    AES_KEY       key;
+    unsigned char ctr[AES_BLOCK_SIZE];
+} aes_ctr_ctx;
+
+static int
+aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	     const unsigned char *iv, int enc) /* init key */
+{
+    aes_ctr_ctx *c = malloc(sizeof(*c));
+    if (c == NULL)
+	return 0;
+
+    AES_set_encrypt_key(key, 8 * ctx->key_len, &c->key);
+    memcpy(c->ctr, iv, AES_BLOCK_SIZE);
+
+    EVP_CIPHER_CTX_set_app_data(ctx, c);
+
+    return 1;
+}
+
+static int
+aes_ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		  const unsigned char *in,
+		  unsigned int inl) /* encrypt/decrypt data */
+{
+    aes_ctr_ctx *c = EVP_CIPHER_CTX_get_app_data(ctx);
+    unsigned char b1[AES_BLOCK_SIZE];
+    size_t i;
+
+    if (inl != 16) /* libssh2 only ever encrypt one block */
+	return 0;
+
+/*
+  To encrypt a packet P=P1||P2||...||Pn (where P1, P2, ..., Pn are each
+  blocks of length L), the encryptor first encrypts <X> with <cipher>
+  to obtain a block B1.  The block B1 is then XORed with P1 to generate
+  the ciphertext block C1.  The counter X is then incremented
+*/
+
+    AES_encrypt(c->ctr, b1, &c->key);
+
+    for (i = 0; i < 16; i++)
+	*out++ = *in++ ^ b1[i];
+
+    i = 15;
+    while (c->ctr[i]++ == 0xFF) {
+	if (i == 0)
+	    break;
+	i--;
+    }
+
+    return 1;
+}
+
+static int
+aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) /* cleanup ctx */
+{
+    free(EVP_CIPHER_CTX_get_app_data(ctx));
+    return 1;
+}
+
+static const EVP_CIPHER *
+make_ctr_evp (size_t keylen)
+{
+    static EVP_CIPHER aes_ctr_cipher;
+
+    memset(&aes_ctr_cipher, 0, sizeof(aes_ctr_cipher));
+
+    aes_ctr_cipher.block_size = 16;
+    aes_ctr_cipher.key_len = keylen;
+    aes_ctr_cipher.iv_len = 16;
+    aes_ctr_cipher.init = aes_ctr_init;
+    aes_ctr_cipher.do_cipher = aes_ctr_do_cipher;
+    aes_ctr_cipher.cleanup = aes_ctr_cleanup;
+
+    return &aes_ctr_cipher;
+}
+
+const EVP_CIPHER *
+_libssh2_EVP_aes_128_ctr(void)
+{
+    return make_ctr_evp (16);
+}
+
+const EVP_CIPHER *
+_libssh2_EVP_aes_192_ctr(void)
+{
+    return make_ctr_evp (24);
+}
+
+const EVP_CIPHER *
+_libssh2_EVP_aes_256_ctr(void)
+{
+    return make_ctr_evp (32);
+}
+
 /* TODO: Optionally call a passphrase callback specified by the
  * calling program
  */

src/openssl.h

@@ -1,4 +1,6 @@
-/* Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
+/* Copyright (C) 2009 Simon Josefsson
+ * Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
+ *
  * Author: Simon Josefsson
  *
  * Redistribution and use in source and binary forms,
@@ -71,6 +73,7 @@
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
+# define LIBSSH2_AES_CTR 1
 # define LIBSSH2_AES 1
 #else
 # define LIBSSH2_AES 0
@@ -194,6 +197,9 @@ int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
 #define _libssh2_cipher_aes256 EVP_aes_256_cbc
 #define _libssh2_cipher_aes192 EVP_aes_192_cbc
 #define _libssh2_cipher_aes128 EVP_aes_128_cbc
+#define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
+#define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
+#define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
 #define _libssh2_cipher_blowfish EVP_bf_cbc
 #define _libssh2_cipher_arcfour EVP_rc4
 #define _libssh2_cipher_cast5 EVP_cast5_cbc
@@ -223,3 +229,7 @@ int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
 #define _libssh2_bn_bytes(bn) BN_num_bytes(bn)
 #define _libssh2_bn_bits(bn) BN_num_bits(bn)
 #define _libssh2_bn_free(bn) BN_clear_free(bn)
+
+const EVP_CIPHER *_libssh2_EVP_aes_128_ctr(void);
+const EVP_CIPHER *_libssh2_EVP_aes_192_ctr(void);
+const EVP_CIPHER *_libssh2_EVP_aes_256_ctr(void);

src/packet.c

@@ -146,6 +146,8 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
                         listen_state->state = libssh2_NB_state_sent;
                         break;
                     }
+                    listen_state->channel = channel;
+
                     memset(channel, 0, sizeof(LIBSSH2_CHANNEL));
 
                     channel->session = session;
@@ -510,7 +512,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 message[message_len] = '\0';
                 language = (char *) data + 9 + message_len + 3;
                 if (language_len) {
-                    memcpy(language, language + 1, language_len);
+                    memmove(language, language + 1, language_len);
                 }
                 language[language_len] = '\0';
 
@@ -531,11 +533,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
             break;
 
         case SSH_MSG_IGNORE:
-            /* As with disconnect, back it up one and add a trailing NULL */
-            memcpy(data + 4, data + 5, datalen - 5);
+            if (datalen >= 5) {
+                /* Back it up one and add a trailing NULL */
+                memmove(data, data + 1, datalen - 1);
                 data[datalen] = '\0';
                 if (session->ssh_msg_ignore) {
-                LIBSSH2_IGNORE(session, (char *) data + 4, datalen - 5);
+                    LIBSSH2_IGNORE(session, (char *) data + 4, datalen - 1);
+                }
+            } else if (session->ssh_msg_ignore) {
+                LIBSSH2_IGNORE(session, "", 0);
             }
             LIBSSH2_FREE(session, data);
             session->packAdd_state = libssh2_NB_state_idle;
@@ -565,7 +571,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 message[message_len] = '\0';
                 language = (char *) data + 6 + message_len + 3;
                 if (language_len) {
-                    memcpy(language, language + 1, language_len);
+                    memmove(language, language + 1, language_len);
                 }
                 language[language_len] = '\0';
 

tests/ssh2.sh

@@ -9,15 +9,15 @@ srcdir=${srcdir:-$PWD}
 SSHD=${SSHD:-/usr/sbin/sshd}
 
 cmd="./ssh2${EXEEXT}"
-srcdir=`cd $srcdir; pwd`
+srcdir=`cd "$srcdir"; pwd`
 
 PRIVKEY=$srcdir/etc/user
 export PRIVKEY
 PUBKEY=$srcdir/etc/user.pub
 export PUBKEY
 
-chmod go-r $srcdir/etc/host*
-$SSHD -f /dev/null -h $srcdir/etc/host \
+chmod go-rwx "$srcdir"/etc/host*
+$SSHD -f /dev/null -h "$srcdir"/etc/host \
     -o 'Port 4711' \
     -o 'Protocol 2' \
     -o "AuthorizedKeysFile $srcdir/etc/user.pub" \