RELEASE-NOTES: synced with 858930cae5

The error message returned by libssh2_channel_open in case of a server side channel open failure is now more detailed and includes the four standard error conditions in RFC 4254.

.gitignore

@@ -24,7 +24,6 @@ ltmain.sh
 missing
 ssh2_sample
 libssh2-*.tar.gz
-INSTALL
 install-sh
 *.o
 *.lo
@@ -33,3 +32,4 @@ mkinstalldirs
 tags
 libssh2.pc
 TAGS
+*~

.travis.yml

@@ -0,0 +1,75 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+language: c
+
+compiler:
+  - gcc
+  - clang
+
+env:
+  matrix:
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+
+before_install:
+  - sudo add-apt-repository --yes ppa:kalakris/cmake
+  - sudo apt-get update
+  - sudo apt-get -y install cmake
+  - if [ $ADDRESS_SIZE = '64' ]; then sudo apt-get install -y libgcrypt11-dev libssl-dev zlib1g-dev; fi
+  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y linux-libc-dev linux-libc-dev:i386; fi
+  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y gcc-multilib libgcrypt11-dev:i386 libssl-dev:i386 zlib1g-dev:i386; fi
+  - if [ $ADDRESS_SIZE = '32' ]; then export TOOLCHAIN_OPTION="-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-Linux-32.cmake"; fi
+
+install:
+  - mkdir bin
+  - cd bin
+
+script:
+  - cmake $TOOLCHAIN_OPTION -DCRYPTO_BACKEND=$CRYPTO_BACKEND -DBUILD_SHARED_LIBS=$BUILD_SHARED_LIBS -DENABLE_ZLIB_COMPRESSION=$ENABLE_ZLIB_COMPRESSION .. && cmake --build . && CTEST_OUTPUT_ON_FAILURE=1 cmake --build . --target test && cmake --build . --target package

CMakeLists.txt

@@ -0,0 +1,101 @@
+# Copyright (c) 2014, 2015  Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+cmake_minimum_required(VERSION 2.8.11)
+
+set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
+
+project(libssh2 C)
+set(PROJECT_URL "http://www.libssh2.org/")
+set(PROJECT_DESCRIPTION "The SSH library")
+
+option(BUILD_SHARED_LIBS "Build Shared Libraries" OFF)
+
+# Parse version
+
+file(READ ${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h _HEADER_CONTENTS)
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION[ \t]+\"([^\"]+)\".*" "\\1"
+  LIBSSH2_VERSION "${_HEADER_CONTENTS}")
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1"
+  LIBSSH2_VERSION_MAJOR "${_HEADER_CONTENTS}")
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION_MINOR[ \t]+([0-9]+).*" "\\1"
+  LIBSSH2_VERSION_MINOR "${_HEADER_CONTENTS}")
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION_PATCH[ \t]+([0-9]+).*" "\\1"
+  LIBSSH2_VERSION_PATCH "${_HEADER_CONTENTS}")
+
+if(NOT LIBSSH2_VERSION OR
+   NOT LIBSSH2_VERSION_MAJOR MATCHES "^[0-9]+$" OR
+   NOT LIBSSH2_VERSION_MINOR MATCHES "^[0-9]+$" OR
+   NOT LIBSSH2_VERSION_PATCH MATCHES "^[0-9]+$")
+  message(
+    FATAL_ERROR
+    "Unable to parse version from"
+    "${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h")
+endif()
+
+include(GNUInstallDirs)
+install(
+  FILES docs/AUTHORS COPYING docs/HACKING README RELEASE-NOTES NEWS
+  DESTINATION ${CMAKE_INSTALL_DOCDIR})
+
+include(max_warnings)
+include(FeatureSummary)
+
+add_subdirectory(src)
+
+option(BUILD_EXAMPLES "Build libssh2 examples" ON)
+if(BUILD_EXAMPLES)
+  add_subdirectory(example)
+endif()
+
+option(BUILD_TESTING "Build libssh2 test suite" ON)
+if(BUILD_TESTING)
+  enable_testing()
+  add_subdirectory(tests)
+endif()
+
+add_subdirectory(docs)
+
+feature_summary(WHAT ALL)
+
+set(CPACK_PACKAGE_VERSION_MAJOR ${LIBSSH2_VERSION_MAJOR})
+set(CPACK_PACKAGE_VERSION_MINOR ${LIBSSH2_VERSION_MINOR})
+set(CPACK_PACKAGE_VERSION_PATCH ${LIBSSH2_VERSION_PATCH})
+set(CPACK_PACKAGE_VERSION ${LIBSSH2_VERSION})
+include(CPack)

COPYING

@@ -2,7 +2,7 @@
  * Copyright (c) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net>
  * Copyright (c) 2006-2007 The Written Word, Inc.
  * Copyright (c) 2007 Eli Fant <elifantu@mail.ru>
- * Copyright (c) 2009 Daniel Stenberg
+ * Copyright (c) 2009-2014 Daniel Stenberg
  * Copyright (C) 2008, 2009 Simon Josefsson
  * All rights reserved.
  *

Makefile.OpenSSL.inc

@@ -0,0 +1,2 @@
+CRYPTO_CSOURCES = openssl.c
+CRYPTO_HHEADERS = openssl.h

Makefile.WinCNG.inc

@@ -0,0 +1,2 @@
+CRYPTO_CSOURCES = wincng.c
+CRYPTO_HHEADERS = wincng.h

Makefile.am

@@ -32,8 +32,8 @@ win32/libssh2_config.h win32/config.mk win32/rules.mk		\
 win32/Makefile.Watcom win32/libssh2.dsw win32/tests.dsp $(DSP)	\
 win32/msvcproj.head win32/msvcproj.foot win32/libssh2.rc
 
-EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk HACKING \
- maketgz NMakefile TODO RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath
+EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk \
+ maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath
 
 ACLOCAL_AMFLAGS = -I m4
 
@@ -75,6 +75,9 @@ gen-coverage:
 coverage: init-coverage build-coverage gen-coverage
 
 # DSP/VCPROJ generation adapted from libcurl
+# only OpenSSL and WinCNG are supported with this build system
+CRYPTO_CSOURCES = openssl.c wincng.c
+CRYPTO_HHEADERS = openssl.h wincng.h
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
 

Makefile.inc

@@ -1,7 +1,6 @@
 CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \
  packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \
- version.c knownhost.c agent.c openssl.c libgcrypt.c pem.c keepalive.c \
- global.c
+ version.c knownhost.c agent.c $(CRYPTO_CSOURCES) pem.c keepalive.c global.c
 
-HHEADERS = libssh2_priv.h openssl.h libgcrypt.h transport.h channel.h \
- comp.h mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h
+HHEADERS = libssh2_priv.h $(CRYPTO_HHEADERS) transport.h channel.h comp.h \
+ mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h

Makefile.libgcrypt.inc

@@ -0,0 +1,2 @@
+CRYPTO_CSOURCES = libgcrypt.c
+CRYPTO_HHEADERS = libgcrypt.h

NMakefile

@@ -1,5 +1,10 @@
 !include "win32/config.mk"
 
+!if "$(WITH_WINCNG)" == "1"
+!include "Makefile.WinCNG.inc"
+!else
+!include "Makefile.OpenSSL.inc"
+!endif
 !include "Makefile.inc"
 
 OBJECTS=$(CSOURCES:.c=.obj)
@@ -12,6 +17,7 @@ all-sub: win32\objects.mk
 
 clean: 
 	-rmdir 2>NUL /s/q $(TARGET)
+	-del 2>NUL win32\objects.mk
 
 real-clean vclean: clean
 	-del 2>NUL libssh2.dll
@@ -19,7 +25,6 @@ real-clean vclean: clean
 	-del 2>NUL libssh2.ilk
 	-del 2>NUL libssh2.lib
 	-del 2>NUL *.pdb
-	-del 2>NUL win32\objects.mk
 
 win32\objects.mk: Makefile.inc
 	@echo OBJECTS = \>$@

README

@@ -8,90 +8,12 @@ Web site: http://www.libssh2.org/
 
 Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel
 
-Generic installation instructions are in INSTALL.  Some ./configure
-options deserve additional comments:
+License: see COPYING
 
-	* --enable-crypt-none
+Source code: https://github.com/libssh2/libssh2
 
-		The SSH2 Transport allows for unencrypted data
-		transmission using the "none" cipher.  Because this is
-		such a huge security hole, it is typically disabled on
-		SSH2 implementations and is disabled in libssh2 by
-		default as well.
+Web site source code: https://github.com/libssh2/www
 
-		Enabling this option will allow for "none" as a
-		negotiable method, however it still requires that the
-		method be advertized by the remote end and that no
-		more-preferable methods are available.
-
-	* --enable-mac-none
-
-		The SSH2 Transport also allows implementations to
-		forego a message authentication code.  While this is
-		less of a security risk than using a "none" cipher, it
-		is still not recommended as disabling MAC hashes
-		removes a layer of security.
-
-		Enabling this option will allow for "none" as a
-		negotiable method, however it still requires that the
-		method be advertized by the remote end and that no
-		more-preferable methods are available.
-
-	* --disable-gex-new
-
-		The diffie-hellman-group-exchange-sha1 (dh-gex) key
-		exchange method originally defined an exchange
-		negotiation using packet type 30 to request a
-		generation pair based on a single target value.  Later
-		refinement of dh-gex provided for range and target
-		values.  By default libssh2 will use the newer range
-		method.
-
-		If you experience trouble connecting to an old SSH
-		server using dh-gex, try this option to fallback on
-		the older more reliable method.
-
-  	* --with-libgcrypt
-  	* --without-libgcrypt
-	* --with-libgcrypt-prefix=DIR
-
-		libssh2 can use the Libgcrypt library
-		(http://www.gnupg.org/) for cryptographic operations.
-		Either Libgcrypt or OpenSSL is required.
-
-		Configure will attempt to locate Libgcrypt
-		automatically.
-
- 		If your installation of Libgcrypt is in another
-		location, specify it using --with-libgcrypt-prefix.
-
-	* --with-openssl
-	* --without-openssl
-	* --with-libssl-prefix=[DIR]
-
-		libssh2 can use the OpenSSL library
-		(http://www.openssl.org) for cryptographic operations.
-		Either Libgcrypt or OpenSSL is required.
-
-		Configure will attempt to locate OpenSSL in the
-		default location.
-
-		If your installation of OpenSSL is in another
-		location, specify it using --with-libssl-prefix.
-
-	* --with-libz
-	* --without-libz
-	* --with-libz-prefix=[DIR]
-
-		If present, libssh2 will attempt to use the zlib
-		(http://www.zlib.org) for payload compression, however
-		zlib is not required.
-
-		If your installation of Libz is in another location,
-		specify it using --with-libz-prefix.
-
-	* --enable-debug
-
-		Will make the build use more pedantic and strict compiler
-		options as well as enable the libssh2_trace() function (for
-		showing debug traces).
+Installation instructions are in:
+ - docs/INSTALL_CMAKE for CMake
+ - docs/INSTALL_AUTOTOOLS for Autotools

RELEASE-NOTES

@@ -1,28 +1,45 @@
-libssh2 1.4.3
+libssh2 1.6.0
 
 This release includes the following changes:
 
- o compression: add support for zlib@openssh.com
+ o Added CMake build system
+ o Added libssh2_userauth_publickey_frommemory()
 
 This release includes the following bugfixes:
 
- o sftp_read: return error if a too large package arrives
- o libssh2_hostkey_hash.3: update the description of return value
- o Fixed MSVC NMakefile
- o examples: use stderr for messages, stdout for data
- o openssl: do not leak memory when handling errors
- o improved handling of disabled MD5 algorithm in OpenSSL
- o known_hosts: Fail when parsing unknown keys in known_hosts file
- o configure: gcrypt doesn't come with pkg-config support
- o session_free: wrong variable used for keeping state
- o libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
- o comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
-
+ o wait_socket: wrong use of difftime() [1]
+ o userauth: Fixed prompt text no longer being copied to the prompts struct
+ o mingw build: allow to pass custom CFLAGS
+ o Let mansyntax.sh work regardless of where it is called from
+ o Init HMAC_CTX before using it
+ o direct_tcpip: Fixed channel write
+ o WinCNG: fixed backend breakage
+ o OpenSSL: caused by introducing libssh2_hmac_ctx_init
+ o userauth.c: fix possible dereferences of a null pointer
+ o wincng: Added explicit clear memory feature to WinCNG backend
+ o openssl.c: fix possible segfault in case EVP_DigestInit fails
+ o wincng: fix return code of libssh2_md5_init()
+ o kex: do not ignore failure of libssh2_sha1_init()
+ o scp: fix that scp_send may transmit not initialised memory [3]
+ o scp.c: improved command length calculation
+ o nonblocking examples: fix warning about unused tvdiff on Mac OS X
+ o configure: make clear-memory default but WARN if backend unsupported
+ o OpenSSL: Enable use of OpenSSL that doesn't have DSA
+ o OpenSSL: Use correct no-blowfish #define
+ o kex: fix libgcrypt memory leaks of bignum [2]
+ o libssh2_channel_open: more detailed error message
+ o wincng: fixed memleak in (block) cipher destructor
+ 
+ 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Guenter Knauf, Peter Stuge, TJ Saunders, Mike Abdullah, Maxime Larocque,
- Dmitry Smirnov, Dave Hayden, Peter Krempa, Kamil Dudka
+  Alexander Lamaison, Daniel Stenberg, David Calavera, Hannes Domani,
+  Jakob Egger, Joe Turpin, Marc Hoersken, Viktor Szakáts, Will Cosgrove,
+  (9 contributors)
  
         Thanks! (and sorry if I forgot to mention someone)
 
+ [1] = https://github.com/bagder/libssh2/issues/1
+ [2] = https://trac.libssh2.org/ticket/168
+ [3] = https://trac.libssh2.org/ticket/244

appveyor.yml

@@ -0,0 +1,59 @@
+# Copyright (c) 2014, Ruslan Baratov
+# Copyright (c) 2014, Alexander Lamaison
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+environment:
+  matrix:
+    - GENERATOR: "Visual Studio 12"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 12"
+      BUILD_SHARED_LIBS: OFF
+
+    - GENERATOR: "Visual Studio 11"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 11"
+      BUILD_SHARED_LIBS: OFF
+
+platform:
+  - x86
+  - x64
+
+# configuration:
+#   - Debug
+#   - Release
+
+build_script:
+  - ps: if($env:PLATFORM -eq "x64") { $env:CMAKE_GEN_SUFFIX=" Win64" }
+  - cmake "-G%GENERATOR%%CMAKE_GEN_SUFFIX%" -DBUILD_SHARED_LIBS=%BUILD_SHARED_LIBS% -H. -B_builds
+  - cmake --build _builds --config "%CONFIGURATION%"
+
+test_script:
+  - ps: cd _builds
+  - ctest -VV -C "%CONFIGURATION%" --output-on-failure
+
+on_failure:
+  - ps: cat _builds/CMakeFiles/CMakeOutput.log
+  - ps: cat _builds/CMakeFiles/CMakeError.log

cmake/CheckFunctionExistsMayNeedLibrary.cmake

@@ -0,0 +1,81 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+
+# - check_function_exists_maybe_need_library(<function> <var> [lib1 ... libn])
+#
+# Check if function is available for linking, first without extra libraries, and
+# then, if not found that way, linking in each optional library as well.  This
+# function is similar to autotools AC_SEARCH_LIBS.
+#
+# If the function if found, this will define <var>.
+#
+# If the function was only found by linking in an additional library, this
+# will define NEED_LIB_LIBX, where LIBX is the one of lib1 to libn that
+# makes the function available, in uppercase.
+#
+# The following variables may be set before calling this macro to
+# modify the way the check is run:
+#
+#  CMAKE_REQUIRED_FLAGS = string of compile command line flags
+#  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
+#  CMAKE_REQUIRED_INCLUDES = list of include directories
+#  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
+#
+
+include(CheckFunctionExists)
+include(CheckLibraryExists)
+
+function(check_function_exists_may_need_library function variable)
+
+  check_function_exists(${function} ${variable})
+
+  if(NOT ${variable})
+    foreach(lib ${ARGN})
+      string(TOUPPER ${lib} UP_LIB)
+      # Use new variable to prevent cache from previous step shortcircuiting
+      # new test
+      check_library_exists(${lib} ${function} "" HAVE_${function}_IN_${lib})
+      if(HAVE_${function}_IN_${lib})
+	set(${variable} 1 CACHE INTERNAL
+	  "Function ${function} found in library ${lib}")
+	set(NEED_LIB_${UP_LIB} 1 CACHE INTERNAL
+	  "Need to link ${lib}")
+	break()
+      endif()
+    endforeach()
+  endif()
+
+endfunction()

cmake/CheckNonblockingSocketSupport.cmake

@@ -0,0 +1,119 @@
+include(CheckCSourceCompiles)
+
+# - check_nonblocking_socket_support()
+#
+# Check for how to set a socket to non-blocking state. There seems to exist
+# four known different ways, with the one used almost everywhere being POSIX
+# and XPG3, while the other different ways for different systems (old BSD,
+# Windows and Amiga).
+#
+# One of the following variables will be set indicating the supported
+# method (if any):
+#   HAVE_O_NONBLOCK
+#   HAVE_FIONBIO
+#   HAVE_IOCTLSOCKET
+#   HAVE_IOCTLSOCKET_CASE
+#   HAVE_SO_NONBLOCK
+#   HAVE_DISABLED_NONBLOCKING
+#
+# The following variables may be set before calling this macro to
+# modify the way the check is run:
+#
+#  CMAKE_REQUIRED_FLAGS = string of compile command line flags
+#  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
+#  CMAKE_REQUIRED_INCLUDES = list of include directories
+#  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
+#
+macro(check_nonblocking_socket_support)
+  # There are two known platforms (AIX 3.x and SunOS 4.1.x) where the
+  # O_NONBLOCK define is found but does not work.
+  check_c_source_compiles("
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# if defined(__SVR4) || defined(__srv4__)
+#  define PLATFORM_SOLARIS
+# else
+#  define PLATFORM_SUNOS4
+# endif
+#endif
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
+# define PLATFORM_AIX_V3
+#endif
+
+#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__)
+#error \"O_NONBLOCK does not work on this platform\"
+#endif
+
+int main()
+{
+    int socket;
+    int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK);
+}"
+  HAVE_O_NONBLOCK)
+
+  if(NOT HAVE_O_NONBLOCK)
+    check_c_source_compiles("/* FIONBIO test (old-style unix) */
+#include <unistd.h>
+#include <stropts.h>
+
+int main()
+{
+    int socket;
+    int flags = ioctl(socket, FIONBIO, &flags);
+}"
+    HAVE_FIONBIO)
+
+    if(NOT HAVE_FIONBIO)
+      check_c_source_compiles("/* ioctlsocket test (Windows) */
+#undef inline
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+
+#include <windows.h>
+#include <winsock2.h>
+
+int main()
+{
+    SOCKET sd;
+    unsigned long flags = 0;
+    sd = socket(0, 0, 0);
+    ioctlsocket(sd, FIONBIO, &flags);
+}"
+      HAVE_IOCTLSOCKET)
+
+      if(NOT HAVE_IOCTLSOCKET)
+	check_c_source_compiles("/* IoctlSocket test (Amiga?) */
+#include <sys/ioctl.h>
+
+int main()
+{
+    int socket;
+    int flags = IoctlSocket(socket, FIONBIO, (long)1);
+}"
+        HAVE_IOCTLSOCKET_CASE)
+
+        if(NOT HAVE_IOCTLSOCKET_CASE)
+	  check_c_source_compiles("/* SO_NONBLOCK test (BeOS) */
+#include <socket.h>
+
+int main()
+{
+    long b = 1;
+    int socket;
+    int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+}"
+          HAVE_SO_NONBLOCK)
+
+	  if(NOT HAVE_SO_NONBLOCK)
+	    # No non-blocking socket method found
+	    set(HAVE_DISABLED_NONBLOCKING 1)
+	  endif()
+	endif()
+      endif()
+    endif()
+  endif()
+endmacro()

cmake/CopyRuntimeDependencies.cmake

@@ -0,0 +1,72 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CMakeParseArguments)
+
+function(ADD_TARGET_TO_COPY_DEPENDENCIES)
+  set(options)
+  set(oneValueArgs TARGET)
+  set(multiValueArgs DEPENDENCIES BEFORE_TARGETS)
+  cmake_parse_arguments(COPY
+    "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+  if(NOT COPY_DEPENDENCIES)
+    return()
+  endif()
+
+  # Using a custom target to drive custom commands stops multiple
+  # parallel builds trying to kick off the commands at the same time
+  add_custom_target(${COPY_TARGET})
+
+  foreach(target ${COPY_BEFORE_TARGETS})
+    add_dependencies(${target} ${COPY_TARGET})
+  endforeach()
+
+  foreach(dependency ${COPY_DEPENDENCIES})
+
+    add_custom_command(
+      TARGET ${COPY_TARGET}
+      DEPENDS ${dependency}
+      # Make directory first otherwise file is copied in place of
+      # directory instead of into it
+      COMMAND ${CMAKE_COMMAND}
+      ARGS -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}
+      COMMAND ${CMAKE_COMMAND}
+      ARGS -E copy ${dependency} ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}
+      VERBATIM)
+
+  endforeach()
+
+endfunction()

cmake/FindLibgcrypt.cmake

@@ -0,0 +1,53 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+# - Try to find Libgcrypt
+# This will define all or none of:
+#  LIBGCRYPT_FOUND - if Libgcrypt headers and library was found
+#  LIBGCRYPT_INCLUDE_DIRS - The Libgcrypt include directories
+#  LIBGCRYPT_LIBRARIES - The libraries needed to use Libgcrypt
+
+find_path(LIBGCRYPT_INCLUDE_DIR gcrypt.h)
+
+find_library(LIBGCRYPT_LIBRARY NAMES gcrypt libgcrypt)
+
+set(LIBGCRYPT_LIBRARIES ${LIBGCRYPT_LIBRARY})
+set(LIBGCRYPT_INCLUDE_DIRS ${LIBGCRYPT_INCLUDE_DIR})
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libgcrypt DEFAULT_MSG
+                                  LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR)
+
+mark_as_advanced(LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY)

cmake/SocketLibraries.cmake

@@ -0,0 +1,64 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+# Some systems have their socket functions in a library.
+# (Solaris -lsocket/-lnsl, Windows -lws2_32).  This macro appends those
+# libraries to the given list
+macro(append_needed_socket_libraries LIBRARIES_LIST)
+  if(CMAKE_SYSTEM_NAME STREQUAL "Windows" AND CMAKE_SIZEOF_VOID_P EQUAL 4)
+    # x86 Windows uses STDCALL for these functions, so their names are mangled,
+    # meaning the platform checks don't work. Hardcoding these until we get
+    # a better solution.
+    set(HAVE_SOCKET 1)
+    set(HAVE_SELECT 1)
+    set(HAVE_INET_ADDR 1)
+    set(NEED_LIB_WS2_32 1)
+  else()
+    check_function_exists_may_need_library(socket HAVE_SOCKET socket ws2_32)
+    check_function_exists_may_need_library(select HAVE_SELECT ws2_32)
+    check_function_exists_may_need_library(inet_addr HAVE_INET_ADDR nsl ws2_32)
+  endif()
+
+  if(NEED_LIB_SOCKET)
+    list(APPEND ${LIBRARIES_LIST} socket)
+  endif()
+  if(NEED_LIB_NSL)
+    list(APPEND ${LIBRARIES_LIST} nsl)
+  endif()
+  if(NEED_LIB_WS2_32)
+    list(APPEND ${LIBRARIES_LIST} ws2_32)
+  endif()
+
+endmacro()

cmake/Toolchain-Linux-32.cmake

@@ -0,0 +1,42 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+# Cross-compile 32-bit binary on 64-bit linux host
+set(CMAKE_SYSTEM_NAME Linux)
+set(CMAKE_SYSTEM_VERSION 1)
+set(CMAKE_SYSTEM_PROCESSOR "i386")
+
+set(CMAKE_CXX_COMPILER_ARG1 "-m32")
+set(CMAKE_C_COMPILER_ARG1 "-m32")

cmake/max_warnings.cmake

@@ -0,0 +1,23 @@
+if(MSVC)
+  # Use the highest warning level for visual studio.
+  if(CMAKE_CXX_FLAGS MATCHES "/W[0-4]")
+    string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
+  else()
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W4")
+  endif()
+  if(CMAKE_C_FLAGS MATCHES "/W[0-4]")
+    string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+  else()
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4")
+  endif()
+
+  # Disable broken warnings
+  add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE)
+elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX)
+  if(NOT CMAKE_CXX_FLAGS MATCHES "-Wall")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall")
+  endif()
+  if(NOT CMAKE_C_FLAGS MATCHES "-Wall")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
+  endif()
+endif()

configure.ac

@@ -2,7 +2,7 @@
 AC_INIT(libssh2, [-], libssh2-devel@cool.haxx.se)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([src])
-AM_CONFIG_HEADER([src/libssh2_config.h example/libssh2_config.h])
+AC_CONFIG_HEADERS([src/libssh2_config.h example/libssh2_config.h])
 AM_MAINTAINER_MODE
 
 dnl SED is needed by some of the tools
@@ -83,59 +83,109 @@ dnl check for how to do large files
 AC_SYS_LARGEFILE
 
 # Configure parameters
-AC_ARG_WITH(libgcrypt,
-  AC_HELP_STRING([--with-libgcrypt],[Use Libgcrypt for crypto]),
-  use_libgcrypt=$withval,use_libgcrypt=auto)
 AC_ARG_WITH(openssl,
   AC_HELP_STRING([--with-openssl],[Use OpenSSL for crypto]),
   use_openssl=$withval,use_openssl=auto)
+AC_ARG_WITH(libgcrypt,
+  AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]),
+  use_libgcrypt=$withval,use_libgcrypt=auto)
+AC_ARG_WITH(wincng,
+  AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]),
+  use_wincng=$withval,use_wincng=auto)
 AC_ARG_WITH(libz,
-  AC_HELP_STRING([--with-libz],[Use Libz for compression]),
+  AC_HELP_STRING([--with-libz],[Use zlib for compression]),
   use_libz=$withval,use_libz=auto)
 
-# Look for OpenSSL (default)
-if test "$use_openssl" != "no" && test "$use_libgcrypt" != "yes"; then
+found_crypto=none
+support_clear_memory=no
+
+# Look for OpenSSL
+if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then
   AC_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include <openssl/ssl.h>])
-  LIBSREQUIRED=libssl,libcrypto
 fi
+if test "$ac_cv_libssl" = "yes"; then
+  AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use OpenSSL])
+  LIBSREQUIRED=libssl,libcrypto
+
+  # Not all OpenSSL have AES-CTR functions.
+  save_LIBS="$LIBS"
+  LIBS="$LIBS $LIBSSL"
+  AC_CHECK_FUNCS(EVP_aes_128_ctr)
+  LIBS="$save_LIBS"
+
+  found_crypto="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})"
+fi
+AM_CONDITIONAL(OPENSSL, test "$ac_cv_libssl" = "yes")
 
 # Look for libgcrypt
-if test "$ac_cv_libssl" != "yes" && test "$use_libgcrypt" != "no"; then
+if test "$found_crypto" = "none" && test "$use_libgcrypt" != "no"; then
   AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include <gcrypt.h>])
-  LIBS="$LIBS -lgcrypt"
 fi
-
-AC_SUBST(LIBSREQUIRED)
-
-if test "$ac_cv_libssl" != "yes" && test "$ac_cv_libgcrypt" != "yes"; then
-  AC_MSG_ERROR([cannot find OpenSSL or Libgcrypt,
-try --with-libssl-prefix=PATH or --with-libgcrypt-prefix=PATH])
-fi
-
 if test "$ac_cv_libgcrypt" = "yes"; then
   AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
+  LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face.
+  LIBS="$LIBS -lgcrypt"
+  found_crypto=libgcrypt
 fi
 AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes")
 
-# Not all OpenSSL have AES-CTR functions.
-if test "$ac_cv_libssl" = "yes"; then
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS $LIBSSL"
-  AC_CHECK_FUNCS(EVP_aes_128_ctr)
-  LDFLAGS="$save_LDFLAGS"
+# Look for Windows Cryptography API: Next Generation
+if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then
+  AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [
+    #include <windows.h>
+    #include <bcrypt.h>
+  ])
+  AC_LIB_HAVE_LINKFLAGS([crypt32], [], [
+    #include <windows.h>
+    #include <wincrypt.h>
+  ])
+  AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [
+    #include <windows.h>
+  ])
+  AC_CHECK_DECLS([SecureZeroMemory], [], [], [
+    #include <windows.h>
+  ])
+fi
+if test "$ac_cv_libbcrypt" = "yes"; then
+  AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
+  LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face.
+  LIBS="$LIBS -lbcrypt"
+  if test "$ac_cv_libcrypt32" = "yes"; then
+    LIBS="$LIBS -lcrypt32"
+  fi
+  found_crypto="Windows Cryptography API: Next Generation"
+  if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
+    support_clear_memory=yes
+  fi
+fi
+AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")
+
+# Check if crypto library was found
+if test "$found_crypto" = "none"; then
+  AC_MSG_ERROR([No crypto library found!
+Try --with-libssl-prefix=PATH
+ or --with-libgcrypt-prefix=PATH
+ or --with-wincng on Windows\
+])
 fi
 
 # Look for Libz
 if test "$use_libz" != "no"; then
   AC_LIB_HAVE_LINKFLAGS([z], [], [#include <zlib.h>])
   if test "$ac_cv_libz" != yes; then
-    AC_MSG_NOTICE([Cannot find libz, disabling compression])
+    AC_MSG_NOTICE([Cannot find zlib, disabling compression])
     AC_MSG_NOTICE([Try --with-libz-prefix=PATH if you know you have it])
   else
     AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support])
+    if test "${LIBSREQUIRED}" != ""; then
+      LIBSREQUIRED="${LIBSREQUIRED},"
+    fi
+    LIBSREQUIRED="${LIBSREQUIRED}zlib"
   fi
 fi
 
+AC_SUBST(LIBSREQUIRED)
+
 #
 # Optional Settings
 #
@@ -154,6 +204,30 @@ if test "$GEX_NEW" != "no"; then
   AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
 fi
 
+AC_ARG_ENABLE(clear-memory,
+  AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]),
+  [CLEAR_MEMORY=$enableval])
+if test "$CLEAR_MEMORY" != "no"; then
+  if test "$support_clear_memory" = "yes"; then
+    AC_DEFINE(LIBSSH2_CLEAR_MEMORY, 1, [Enable clearing of memory before being freed])
+    enable_clear_memory=yes
+  else
+    if test "$CLEAR_MEMORY" = "yes"; then
+      AC_MSG_ERROR([secure clearing/zeroing of memory is not supported by the selected crypto backend])
+    else
+      AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
+    fi
+    enable_clear_memory=unsupported
+  fi
+else
+  if test "$support_clear_memory" = "yes"; then
+    enable_clear_memory=no
+  else
+    AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
+    enable_clear_memory=unsupported
+  fi
+fi
+
 dnl ************************************************************
 dnl option to switch on compiler debug options
 dnl
@@ -318,9 +392,10 @@ AC_MSG_NOTICE([summary of build options:
   Compiler:         ${CC}
   Compiler flags:   ${CFLAGS}
   Library types:    Shared=${enable_shared}, Static=${enable_static}
-  Crypto library:   openssl: ${ac_cv_libssl:-no} (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A}) libgcrypt: ${ac_cv_libgcrypt:-no}
+  Crypto library:   ${found_crypto}
+  Clear memory:     $enable_clear_memory
   Debug build:      $enable_debug
   Build examples:   $build_examples
   Path to sshd:     $ac_cv_path_SSHD (only for self-tests)
-  libz compression: $ac_cv_libz
+  zlib compression: $ac_cv_libz
 ])

docs/CMakeLists.txt

@@ -0,0 +1,204 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+set(MAN_PAGES
+  libssh2_agent_connect.3
+  libssh2_agent_disconnect.3
+  libssh2_agent_free.3
+  libssh2_agent_get_identity.3
+  libssh2_agent_init.3
+  libssh2_agent_list_identities.3
+  libssh2_agent_userauth.3
+  libssh2_banner_set.3
+  libssh2_base64_decode.3
+  libssh2_channel_close.3
+  libssh2_channel_direct_tcpip.3
+  libssh2_channel_direct_tcpip_ex.3
+  libssh2_channel_eof.3
+  libssh2_channel_exec.3
+  libssh2_channel_flush.3
+  libssh2_channel_flush_ex.3
+  libssh2_channel_flush_stderr.3
+  libssh2_channel_forward_accept.3
+  libssh2_channel_forward_cancel.3
+  libssh2_channel_forward_listen.3
+  libssh2_channel_forward_listen_ex.3
+  libssh2_channel_free.3
+  libssh2_channel_get_exit_signal.3
+  libssh2_channel_get_exit_status.3
+  libssh2_channel_handle_extended_data.3
+  libssh2_channel_handle_extended_data2.3
+  libssh2_channel_ignore_extended_data.3
+  libssh2_channel_open_ex.3
+  libssh2_channel_open_session.3
+  libssh2_channel_process_startup.3
+  libssh2_channel_read.3
+  libssh2_channel_read_ex.3
+  libssh2_channel_read_stderr.3
+  libssh2_channel_receive_window_adjust.3
+  libssh2_channel_receive_window_adjust2.3
+  libssh2_channel_request_pty.3
+  libssh2_channel_request_pty_ex.3
+  libssh2_channel_request_pty_size.3
+  libssh2_channel_request_pty_size_ex.3
+  libssh2_channel_send_eof.3
+  libssh2_channel_set_blocking.3
+  libssh2_channel_setenv.3
+  libssh2_channel_setenv_ex.3
+  libssh2_channel_shell.3
+  libssh2_channel_subsystem.3
+  libssh2_channel_wait_closed.3
+  libssh2_channel_wait_eof.3
+  libssh2_channel_window_read.3
+  libssh2_channel_window_read_ex.3
+  libssh2_channel_window_write.3
+  libssh2_channel_window_write_ex.3
+  libssh2_channel_write.3
+  libssh2_channel_write_ex.3
+  libssh2_channel_write_stderr.3
+  libssh2_channel_x11_req.3
+  libssh2_channel_x11_req_ex.3
+  libssh2_exit.3
+  libssh2_free.3
+  libssh2_hostkey_hash.3
+  libssh2_init.3
+  libssh2_keepalive_config.3
+  libssh2_keepalive_send.3
+  libssh2_knownhost_add.3
+  libssh2_knownhost_addc.3
+  libssh2_knownhost_check.3
+  libssh2_knownhost_checkp.3
+  libssh2_knownhost_del.3
+  libssh2_knownhost_free.3
+  libssh2_knownhost_get.3
+  libssh2_knownhost_init.3
+  libssh2_knownhost_readfile.3
+  libssh2_knownhost_readline.3
+  libssh2_knownhost_writefile.3
+  libssh2_knownhost_writeline.3
+  libssh2_poll.3
+  libssh2_poll_channel_read.3
+  libssh2_publickey_add.3
+  libssh2_publickey_add_ex.3
+  libssh2_publickey_init.3
+  libssh2_publickey_list_fetch.3
+  libssh2_publickey_list_free.3
+  libssh2_publickey_remove.3
+  libssh2_publickey_remove_ex.3
+  libssh2_publickey_shutdown.3
+  libssh2_scp_recv.3
+  libssh2_scp_send.3
+  libssh2_scp_send64.3
+  libssh2_scp_send_ex.3
+  libssh2_session_abstract.3
+  libssh2_session_banner_get.3
+  libssh2_session_banner_set.3
+  libssh2_session_block_directions.3
+  libssh2_session_callback_set.3
+  libssh2_session_disconnect.3
+  libssh2_session_disconnect_ex.3
+  libssh2_session_flag.3
+  libssh2_session_free.3
+  libssh2_session_get_blocking.3
+  libssh2_session_get_timeout.3
+  libssh2_session_hostkey.3
+  libssh2_session_init.3
+  libssh2_session_init_ex.3
+  libssh2_session_last_errno.3
+  libssh2_session_last_error.3
+  libssh2_session_method_pref.3
+  libssh2_session_methods.3
+  libssh2_session_set_blocking.3
+  libssh2_session_set_timeout.3
+  libssh2_session_startup.3
+  libssh2_session_supported_algs.3
+  libssh2_sftp_close.3
+  libssh2_sftp_close_handle.3
+  libssh2_sftp_closedir.3
+  libssh2_sftp_fsetstat.3
+  libssh2_sftp_fstat.3
+  libssh2_sftp_fstat_ex.3
+  libssh2_sftp_fstatvfs.3
+  libssh2_sftp_fsync.3
+  libssh2_sftp_get_channel.3
+  libssh2_sftp_init.3
+  libssh2_sftp_last_error.3
+  libssh2_sftp_lstat.3
+  libssh2_sftp_mkdir.3
+  libssh2_sftp_mkdir_ex.3
+  libssh2_sftp_open.3
+  libssh2_sftp_open_ex.3
+  libssh2_sftp_opendir.3
+  libssh2_sftp_read.3
+  libssh2_sftp_readdir.3
+  libssh2_sftp_readdir_ex.3
+  libssh2_sftp_readlink.3
+  libssh2_sftp_realpath.3
+  libssh2_sftp_rename.3
+  libssh2_sftp_rename_ex.3
+  libssh2_sftp_rewind.3
+  libssh2_sftp_rmdir.3
+  libssh2_sftp_rmdir_ex.3
+  libssh2_sftp_seek.3
+  libssh2_sftp_seek64.3
+  libssh2_sftp_setstat.3
+  libssh2_sftp_shutdown.3
+  libssh2_sftp_stat.3
+  libssh2_sftp_stat_ex.3
+  libssh2_sftp_statvfs.3
+  libssh2_sftp_symlink.3
+  libssh2_sftp_symlink_ex.3
+  libssh2_sftp_tell.3
+  libssh2_sftp_tell64.3
+  libssh2_sftp_unlink.3
+  libssh2_sftp_unlink_ex.3
+  libssh2_sftp_write.3
+  libssh2_trace.3
+  libssh2_trace_sethandler.3
+  libssh2_userauth_authenticated.3
+  libssh2_userauth_hostbased_fromfile.3
+  libssh2_userauth_hostbased_fromfile_ex.3
+  libssh2_userauth_keyboard_interactive.3
+  libssh2_userauth_keyboard_interactive_ex.3
+  libssh2_userauth_list.3
+  libssh2_userauth_password.3
+  libssh2_userauth_password_ex.3
+  libssh2_userauth_publickey.3
+  libssh2_userauth_publickey_fromfile.3
+  libssh2_userauth_publickey_fromfile_ex.3
+  libssh2_version.3)
+
+include(GNUInstallDirs)
+install(FILES ${MAN_PAGES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)

docs/INSTALL_AUTOTOOLS

@@ -0,0 +1,325 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005 Free
+Software Foundation, Inc.
+
+This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  (Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.)
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You only need
+`configure.ac' if you want to change it or regenerate `configure' using
+a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+Some systems require unusual options for compilation or linking that the
+`configure' script does not know about.  Run `./configure --help' for
+details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   If you have to use a `make' that does not support the `VPATH'
+variable, you have to compile the package for one architecture at a
+time in the source code directory.  After you have installed the
+package for one architecture, use `make distclean' before reconfiguring
+for another architecture.
+
+Installation Names
+==================
+
+By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+There may be some features `configure' cannot figure out automatically,
+but needs to determine by the type of machine the package will run on.
+Usually, assuming the package is built to be run on the _same_
+architectures, `configure' can figure that out, but if it prints a
+message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+If you want to set default values for `configure' scripts to share, you
+can create a site shell script called `config.site' that gives default
+values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).  Here is a another example:
+
+     /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+Here the `CONFIG_SHELL=/bin/bash' operand causes subsequent
+configuration-related scripts to be executed by `/bin/bash'.
+
+`configure' Invocation
+======================
+
+`configure' recognizes the following options to control how it operates.
+
+`--help'
+`-h'
+     Print a summary of the options to `configure', and exit.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
+More configure options
+======================
+
+Some ./configure options deserve additional comments:
+
+ * --enable-crypt-none
+
+	The SSH2 Transport allows for unencrypted data
+	transmission using the "none" cipher.  Because this is
+	such a huge security hole, it is typically disabled on
+	SSH2 implementations and is disabled in libssh2 by
+	default as well.
+
+	Enabling this option will allow for "none" as a
+	negotiable method, however it still requires that the
+	method be advertized by the remote end and that no
+	more-preferable methods are available.
+
+ * --enable-mac-none
+
+	The SSH2 Transport also allows implementations to
+	forego a message authentication code.  While this is
+	less of a security risk than using a "none" cipher, it
+	is still not recommended as disabling MAC hashes
+	removes a layer of security.
+
+	Enabling this option will allow for "none" as a
+	negotiable method, however it still requires that the
+	method be advertized by the remote end and that no
+	more-preferable methods are available.
+
+ * --disable-gex-new
+
+	The diffie-hellman-group-exchange-sha1 (dh-gex) key
+	exchange method originally defined an exchange
+	negotiation using packet type 30 to request a
+	generation pair based on a single target value.  Later
+	refinement of dh-gex provided for range and target
+	values.  By default libssh2 will use the newer range
+	method.
+
+	If you experience trouble connecting to an old SSH
+	server using dh-gex, try this option to fallback on
+	the older more reliable method.
+
+ * --with-libgcrypt
+ * --without-libgcrypt
+ * --with-libgcrypt-prefix=DIR
+
+	libssh2 can use the Libgcrypt library
+	(http://www.gnupg.org/) for cryptographic operations.
+	Either Libgcrypt or OpenSSL is required.
+
+	Configure will attempt to locate Libgcrypt
+	automatically.
+
+	If your installation of Libgcrypt is in another
+	location, specify it using --with-libgcrypt-prefix.
+
+ * --with-openssl
+ * --without-openssl
+ * --with-libssl-prefix=[DIR]
+
+	libssh2 can use the OpenSSL library
+	(http://www.openssl.org) for cryptographic operations.
+	Either Libgcrypt or OpenSSL is required.
+
+	Configure will attempt to locate OpenSSL in the
+	default location.
+
+	If your installation of OpenSSL is in another
+	location, specify it using --with-libssl-prefix.
+
+ * --with-libz
+ * --without-libz
+ * --with-libz-prefix=[DIR]
+
+	If present, libssh2 will attempt to use the zlib
+	(http://www.zlib.org) for payload compression, however
+	zlib is not required.
+
+	If your installation of Libz is in another location,
+	specify it using --with-libz-prefix.
+
+ * --enable-debug
+
+	Will make the build use more pedantic and strict compiler
+	options as well as enable the libssh2_trace() function (for
+	showing debug traces).

docs/INSTALL_CMAKE

@@ -0,0 +1,174 @@
+License: see COPYING
+
+Source code: https://github.com/libssh2/libssh2
+
+Web site source code: https://github.com/libssh2/www
+
+Installation instructions are in docs/INSTALL
+=======
+To build libssh2 you will need CMake v2.8 or later [1] and one of the
+following cryptography libraries:
+
+* OpenSSL
+* Libgcrypt
+* WinCNG
+
+Getting started
+---------------
+
+If you are happy with the default options, make a new build directory,
+change to it, configure the build environment and build the project:
+
+  mkdir bin
+  cd bin
+  cmake ..
+  cmake --build .
+
+libssh2 will be built as a static library and will use any
+cryptography library available.  The library binary will be put in
+`bin/src`, with the examples in `bin/example` and the tests in
+`bin/tests`.
+
+Customising the build
+---------------------
+
+Of course, you might want to customise the build options.  You can
+pass the options to CMake on the command line:
+
+  cmake -D<option>=<value> ..
+
+The following options are available:
+
+ * `BUILD_SHARED_LIBS=OFF`
+
+    Determines whether libssh2 is built as a static library or as a
+    shared library (.dll/.so).  Can be `ON` or `OFF`.
+
+ * `CRYPTO_BACKEND=`
+
+    Chooses a specific cryptography library to use for cryptographic
+    operations.  Can be `OpenSSL` (http://www.openssl.org),
+    `Libgcrypt` (http://www.gnupg.org/), `WinCNG` (Windows Vista+) or
+    blank to use any library available.
+
+    CMake will attempt to locate the libraries automatically.  See [2]
+    for more information.
+
+ * `ENABLE_ZLIB_COMPRESSION=OFF`
+
+    Will use zlib (http://www.zlib.org) for payload compression.  Can
+    be `ON` or `OFF`.
+
+ * `ENABLE_CRYPT_NONE=OFF`
+
+    The SSH2 Transport allows for unencrypted data transmission using
+    the "none" cipher.  Because this is such a huge security hole, it
+    is typically disabled on SSH2 implementations and is disabled in
+    libssh2 by default as well.
+
+    Enabling this option will allow for "none" as a negotiable method,
+    however it still requires that the method be advertized by the
+    remote end and that no more-preferable methods are available.
+
+ * `ENABLE_MAC_NONE=OFF`
+
+    The SSH2 Transport also allows implementations to forego a message
+    authentication code.  While this is less of a security risk than
+    using a "none" cipher, it is still not recommended as disabling
+    MAC hashes removes a layer of security.
+
+    Enabling this option will allow for "none" as a negotiable method,
+    however it still requires that the method be advertized by the
+    remote end and that no more-preferable methods are available.
+
+ * `ENABLE_GEX_NEW=ON`
+
+    The diffie-hellman-group-exchange-sha1 (dh-gex) key exchange
+    method originally defined an exchange negotiation using packet
+    type 30 to request a generation pair based on a single target
+    value.  Later refinement of dh-gex provided for range and target
+    values.  By default libssh2 will use the newer range method.
+
+    If you experience trouble connecting to an old SSH server using
+    dh-gex, try this option to fallback on the older more reliable
+    method.
+
+ * `ENABLE_DEBUG_LOGGING=ON` in Debug, `=OFF` in Release
+
+    Will enable the libssh2_trace() function for showing debug traces.
+
+Build tools
+-----------
+
+The previous examples used CMake to start the build using:
+
+  cmake --build .
+
+Alternatively, once CMake has configured your project, you can just
+use your own build tool, e.g GNU make, Visual Studio, etc., from that
+point onwards.
+
+Tests
+-----
+
+To test the build, run the appropriate test target for your build
+system.  For example:
+
+  cmake --build . --target test
+or
+  cmake --build . --target RUN_TESTS
+
+How do I use libssh2 in my project if my project doesn't use CMake?
+-------------------------------------------------------------------
+
+If you are not using CMake for your own project, install libssh2
+
+  cmake <libssh2 source location>
+  cmake --build .
+  cmake --build . --target install
+or
+  cmake --build . --target INSTALL
+
+and then specify the install location to your project in the normal
+way for your build environment.  If you don't like the default install
+location, add `-DCMAKE_INSTALL_PREFIX=<chosen prefix>` when initially
+configuring the project.
+
+How can I use libssh2 in my project if it also uses CMake?
+----------------------------------------------------------
+
+If your own project also uses CMake, you don't need to worry about
+setting it up with libssh2's location.  Just add just the following
+lines and CMake will find libssh2 on your system, set up the necessary
+paths and link the library with your binary.
+
+    find_package(Libssh2 REQUIRED CONFIG)
+    target_link_libraries(my_project_target Libssh2::libssh2)
+
+Of course, you still have to make libssh2 available on your system
+first.  You can install it in the traditional way shown above, but you
+don't have to.  Instead you can just build it, which will export its
+location to the user package registry [3] where `find_package` will
+find it.
+
+You can even combine the two steps using a so-called 'superbuild'
+project [4] that downloads, builds and exports libssh2, and then
+builds your project:
+
+    include(ExternalProject)
+
+    ExternalProject_Add(
+        Libssh2
+        URL <libssh2 download location>
+        URL_HASH SHA1=<libssh2 archive SHA1>
+	INSTALL_COMMAND "")
+
+    ExternalProject_Add(
+        MyProject DEPENDS Libssh2
+        SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src
+        INSTALL_COMMAND "")
+
+[1] http://www.cmake.org/cmake/resources/software.html
+[2] http://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html
+[3] http://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html#package-registry
+[4] http://www.kitware.com/media/html/BuildingExternalProjectsWithCMake2.8.html

docs/Makefile.am

@@ -1,6 +1,7 @@
 # $Id: Makefile.am,v 1.37 2009/03/26 15:41:15 bagder Exp $
 
-EXTRA_DIST = template.3 BINDINGS
+EXTRA_DIST = template.3 BINDINGS INSTALL_AUTOTOOLS INSTALL_CMAKE HACKING TODO	\
+ AUTHORS
 
 dist_man_MANS = \
 	libssh2_agent_connect.3 \
@@ -102,6 +103,7 @@ dist_man_MANS = \
 	libssh2_session_free.3 \
 	libssh2_session_get_blocking.3 \
 	libssh2_session_get_timeout.3 \
+	libssh2_session_handshake.3 \
 	libssh2_session_hostkey.3 \
 	libssh2_session_init.3 \
 	libssh2_session_init_ex.3 \
@@ -120,6 +122,7 @@ dist_man_MANS = \
 	libssh2_sftp_fstat.3 \
 	libssh2_sftp_fstat_ex.3 \
 	libssh2_sftp_fstatvfs.3 \
+	libssh2_sftp_fsync.3 \
 	libssh2_sftp_get_channel.3 \
 	libssh2_sftp_init.3 \
 	libssh2_sftp_last_error.3 \
@@ -166,4 +169,5 @@ dist_man_MANS = \
 	libssh2_userauth_publickey.3 \
 	libssh2_userauth_publickey_fromfile.3 \
 	libssh2_userauth_publickey_fromfile_ex.3 \
+	libssh2_userauth_publickey_frommemory.3 \
 	libssh2_version.3

docs/libssh2_banner_set.3

@@ -1,6 +1,6 @@
 .TH libssh2_banner_set 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
-libssh2_banner_set - set the SSH prococol banner for the local client
+libssh2_banner_set - set the SSH protocol banner for the local client
 .SH SYNOPSIS
 #include <libssh2.h>
 

docs/libssh2_base64_decode.3

@@ -19,7 +19,7 @@ The returned buffer is allocated by this function, but it is not clear how to
 free that memory!
 .SH BUGS
 The memory that *dest points to is allocated by the malloc function libssh2
-uses, but there's no way for an appliction to free this data in a safe and
+uses, but there's no way for an application to free this data in a safe and
 reliable way!
 .SH RETURN VALUE
 0 if successful, \-1 if any error occurred.

docs/libssh2_channel_get_exit_status.3

@@ -8,7 +8,7 @@ int
 libssh2_channel_get_exit_status(LIBSSH2_CHANNEL* channel)
 
 .SH DESCRIPTION
-\fIchannel\fP - Closed channel stream to retreive exit status from.
+\fIchannel\fP - Closed channel stream to retrieve exit status from.
 
 Returns the exit code raised by the process running on the remote host at 
 the other end of the named channel. Note that the exit status may not be 

docs/libssh2_channel_window_write.3

@@ -4,7 +4,7 @@ libssh2_channel_window_write - convenience macro for \fIlibssh2_channel_window_w
 .SH SYNOPSIS
 #include <libssh2.h>
 
-unsigend long libssh2_channel_window_write(LIBSSH2_CHANNEL *channel);
+unsigned long libssh2_channel_window_write(LIBSSH2_CHANNEL *channel);
 
 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the

docs/libssh2_channel_window_write_ex.3

@@ -9,11 +9,11 @@ libssh2_channel_window_write_ex(LIBSSH2_CHANNEL *channel,
                                 unsigned long *window_size_initial)
 .SH DESCRIPTION
 Check the status of the write window Returns the number of bytes which may be
-safely writen on the channel without blocking. 'window_size_initial' (if
+safely written on the channel without blocking. 'window_size_initial' (if
 passed) will be populated with the size of the initial window as defined by
 the channel_open request
 .SH RETURN VALUE
-Number of bytes which may be safely writen on the channel without blocking.
+Number of bytes which may be safely written on the channel without blocking.
 .SH ERRORS
 
 .SH SEE ALSO

docs/libssh2_knownhost_add.3

@@ -36,7 +36,7 @@ The salt has to be provided base64 encoded with a trailing zero byte.
 argument
 
 \fItypemask\fP is a bitmask that specifies format and info about the data
-passed to this function. Specificly, it details what format the host name is,
+passed to this function. Specifically, it details what format the host name is,
 what format the key is and what key type it is.
 
 The host name is given as one of the following types:

docs/libssh2_knownhost_addc.3

@@ -40,7 +40,7 @@ argument
 \fIcommentlen\fP is the total size in bytes of the comment pointed to by the \fIcomment\fP argument
 
 \fItypemask\fP is a bitmask that specifies format and info about the data
-passed to this function. Specificly, it details what format the host name is,
+passed to this function. Specifically, it details what format the host name is,
 what format the key is and what key type it is.
 
 The host name is given as one of the following types:

docs/libssh2_knownhost_check.3

@@ -25,7 +25,7 @@ IP numerical address of the host or the full name.
 argument
 
 \fItypemask\fP is a bitmask that specifies format and info about the data
-passed to this function. Specificly, it details what format the host name is,
+passed to this function. Specifically, it details what format the host name is,
 what format the key is and what key type it is.
 
 The host name is given as one of the following types:

docs/libssh2_knownhost_checkp.3

@@ -30,7 +30,7 @@ addition to the plain host name only check.
 argument
 
 \fItypemask\fP is a bitmask that specifies format and info about the data
-passed to this function. Specificly, it details what format the host name is,
+passed to this function. Specifically, it details what format the host name is,
 what format the key is and what key type it is.
 
 The host name is given as one of the following types:

docs/libssh2_poll.3

@@ -8,7 +8,7 @@ int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, long timeout);
 .SH DESCRIPTION
 This function is deprecated. Do note use. We encourage users to instead use
 the \fIpoll(3)\fP or \fIselect(3)\fP functions to check for socket activity or
-when specific sockets are ready to get recevied from or send to.
+when specific sockets are ready to get received from or send to.
 
 Poll for activity on a socket, channel, listener, or any combination of these
 three types. The calling semantics for this function generally match

docs/libssh2_session_abstract.3

@@ -17,7 +17,7 @@ de-referenced pointer, the internal storage of the session instance may be
 modified in place.
 
 .SH RETURN VALUE
-A pointer to session internal storage whos contents point to previously 
+A pointer to session internal storage who's contents point to previously
 provided abstract data.
 
 .SH SEE ALSO

docs/libssh2_session_banner_set.3

@@ -1,6 +1,6 @@
 .TH libssh2_session_banner_set 3 "9 Sep 2011" "libssh2 1.4.0" "libssh2 manual"
 .SH NAME
-libssh2_session_banner_set - set the SSH prococol banner for the local client
+libssh2_session_banner_set - set the SSH protocol banner for the local client
 .SH SYNOPSIS
 #include <libssh2.h>
 

docs/libssh2_session_disconnect_ex.3

@@ -18,7 +18,7 @@ libssh2_session_disconnect(LIBSSH2_SESSION *session, const char *description);
 
 \fIdescription\fP - Human readable reason for disconnection.
 
-\fIlang\fP - Localization string describing the langauge/encoding of the description provided.
+\fIlang\fP - Localization string describing the language/encoding of the description provided.
 
 Send a disconnect message to the remote host associated with \fIsession\fP, 
 along with a \fIreason\fP symbol and a verbose \fIdescription\fP.

docs/libssh2_session_method_pref.3

@@ -19,7 +19,7 @@ If a method is listed which is not supported by libssh2 it will be
 ignored and not sent to the remote host during protocol negotiation.
 
 Set preferred methods to be negotiated. These 
-preferrences must be set prior to calling 
+preferences must be set prior to calling
 .BR libssh2_session_handshake(3)
 as they are used during the protocol initiation phase.
 

docs/libssh2_session_supported_algs.3

@@ -12,7 +12,7 @@ int libssh2_session_supported_algs(LIBSSH2_SESSION* session,
 \fIsession\fP - An instance of initialized LIBSSH2_SESSION (the function will
 use its pointer to the memory allocation function).  \fImethod_type\fP - Method
 type. See .BR \fIlibssh2_session_method_pref(3)\fP.  \fIalgs\fP - Address of a
-pointer that will point to an array af returned algorithms
+pointer that will point to an array of returned algorithms
 
 Get a list of supported algorithms for the given \fImethod_type\fP. The
 method_type parameter is equivalent to method_type in
@@ -36,7 +36,7 @@ const char **algorithms;
 int rc, i;
 LIBSSH2_SESSION *session;
 
-/* initilize session */
+/* initialize session */
 session = libssh2_session_init();
 rc = libssh2_session_supported_algs(session,
                                     LIBSSH2_METHOD_CRYPT_CS,

docs/libssh2_sftp_close_handle.3

@@ -20,7 +20,7 @@ or \fBlibssh2_sftp_opendir(3)\fP (which is a macro).
 
 Close an active LIBSSH2_SFTP_HANDLE. Because files and directories share the
 same underlying storage mechanism these methods may be used
-interchangably. \fBlibssh2_sftp_close(3)\fP and \fBlibssh2_sftp_closedir(3)\fP
+interchangeably. \fBlibssh2_sftp_close(3)\fP and \fBlibssh2_sftp_closedir(3)\fP
 are macros for \fBlibssh2_sftp_close_handle(3)\fP.
 
 .SH RETURN VALUE

docs/libssh2_sftp_fstat_ex.3

@@ -10,7 +10,7 @@ int
 libssh2_sftp_fstat_ex(LIBSSH2_SFTP_HANDLE *handle,
                       LIBSSH2_SFTP_ATTRIBUTES *attrs, int setstat)
 
-#define libbssh2_sftp_fstat(handle, attrs) \\
+#define libssh2_sftp_fstat(handle, attrs) \\
     libssh2_sftp_fstat_ex((handle), (attrs), 0)
 #define libssh2_sftp_fsetstat(handle, attrs) \\
     libssh2_sftp_fstat_ex((handle), (attrs), 1)
@@ -60,7 +60,7 @@ most common ones are:
 
 To check for specific user permissions, the set of defines are in the
 pattern LIBSSH2_SFTP_S_I<action><who> where <action> is R, W or X for
-read, write and excutable and <who> is USR, GRP and OTH for user,
+read, write and executable and <who> is USR, GRP and OTH for user,
 group and other. So, you check for a user readable file, use the bit
 \fILIBSSH2_SFTP_S_IRUSR\fP while you want to see if it is executable
 for other, you use \fILIBSSH2_SFTP_S_IXOTH\fP and so on.

docs/libssh2_sftp_fsync.3

@@ -0,0 +1,39 @@
+.TH libssh2_sftp_fsync 3 "8 Apr 2013" "libssh2 1.4.4" "libssh2 manual"
+.SH NAME
+libssh2_sftp_fsync - synchronize file to disk
+.SH SYNOPSIS
+.nf
+#include <libssh2.h>
+#include <libssh2_sftp.h>
+
+int
+libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *handle)
+.fi
+.SH DESCRIPTION
+This function causes the remote server to synchronize the file
+data and metadata to disk (like fsync(2)).
+
+For this to work requires fsync@openssh.com support on the server.
+
+\fIhandle\fP - SFTP File Handle as returned by
+.BR libssh2_sftp_open_ex(3)
+
+.SH RETURN VALUE
+Returns 0 on success or negative on failure. If used in non-blocking mode, it
+returns LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
+LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
+.SH ERRORS
+\fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
+
+\fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
+
+\fILIBSSH2_ERROR_SFTP_PROTOCOL\fP - An invalid SFTP protocol response
+was received on the socket, or an SFTP operation caused an errorcode
+to be returned by the server.  In particular, this can be returned if
+the SSH server does not support the fsync operation: the SFTP subcode
+\fILIBSSH2_FX_OP_UNSUPPORTED\fP will be returned in this case.
+
+.SH AVAILABILITY
+Added in libssh2 1.4.4 and OpenSSH 6.3.
+.SH SEE ALSO
+.BR fsync(2)

docs/libssh2_sftp_mkdir_ex.3

@@ -15,7 +15,7 @@ libssh2_sftp_mkdir(LIBSSH2_SFTP *sftp, const char *path, long mode);
 .BR libssh2_sftp_init(3)
 
 \fIpath\fP - full path of the new directory to create. Note that the new 
-directory's parents must all exist priot to making this call.
+directory's parents must all exist prior to making this call.
 
 \fIpath_len\fP - length of the full path of the new directory to create.
 

docs/libssh2_sftp_rename_ex.3

@@ -29,7 +29,7 @@ filesystem entry
 Bitmask flags made up of LIBSSH2_SFTP_RENAME_* constants.
 
 Rename a filesystem object on the remote filesystem. The semantics of 
-this command typically include the ability to move a filsystem object 
+this command typically include the ability to move a filesystem object 
 between folders and/or filesystem mounts. If the LIBSSH2_SFTP_RENAME_OVERWRITE 
 flag is not set and the destfile entry already exists, the operation 
 will fail. Use of the other two flags indicate a preference (but not a 

docs/libssh2_sftp_rewind.3

@@ -4,7 +4,7 @@ libssh2_sftp_rewind - convenience macro for \fIlibssh2_sftp_seek64(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>
 
-int libssh2_sftp_rewind(LINBSSH2_SFTP_HANDLE *handle);
+int libssh2_sftp_rewind(LIBSSH2_SFTP_HANDLE *handle);
 
 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the

docs/libssh2_sftp_stat.3

@@ -4,7 +4,7 @@ libssh2_sftp_stat - convenience macro for \fIlibssh2_sftp_fstat_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>
 
-int libssh2_sftp_stat(LIBSSH2_SFTP *sftp, const char *path, LIBSSH2_STFP_ATTRIBUTES *attrs);
+int libssh2_sftp_stat(LIBSSH2_SFTP *sftp, const char *path, LIBSSH2_SFTP_ATTRIBUTES *attrs);
 
 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the

docs/libssh2_sftp_symlink_ex.3

@@ -48,7 +48,7 @@ These are convenience macros:
 .BR libssh2_sftp_realpath(3)
 : Resolve a complex, relative, or symlinked filepath to its effective target.
 .SH RETURN VALUE
-When using LIBSSH2_SFTP_SYMLINK, this funtion returns 0 on success or negative
+When using LIBSSH2_SFTP_SYMLINK, this function returns 0 on success or negative
 on failure.
 
 When using LIBSSH2_SFTP_READLINK or LIBSSH2_SFTP_REALPATH, it returns the

docs/libssh2_userauth_list.3

@@ -28,7 +28,7 @@ distinguished from a failing case by examining
 \fIlibssh2_userauth_authenticated(3)\fP.
 .SH RETURN VALUE
 On success a comma delimited list of supported authentication schemes.  This
-list is internally managed by libssh2.  On failure ruturns NULL.
+list is internally managed by libssh2.  On failure returns NULL.
 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
 

docs/libssh2_userauth_publickey_fromfile_ex.3

@@ -7,6 +7,7 @@ libssh2_userauth_publickey_fromfile - authenticate a session with a public key,
 .nf
 int libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session,
                                            const char *username,
+                                           unsigned int ousername_len,
                                            const char *publickey,
                                            const char *privatekey,
                                            const char *passphrase);

docs/libssh2_userauth_publickey_frommemory.3

@@ -0,0 +1,56 @@
+.TH libssh2_userauth_publickey_frommemory 3 "1 Sep 2014" "libssh2 1.5" "libssh2 manual"
+.SH NAME
+libssh2_userauth_publickey_frommemory - authenticate a session with a public key, read from memory
+.SH SYNOPSIS
+#include <libssh2.h>
+
+.nf
+int libssh2_userauth_publickey_frommemory(LIBSSH2_SESSION *session,
+                                           const char *username,
+                                           size_t username_len,
+                                           const char *publickeydata,
+                                           size_t publickeydata_len,
+                                           const char *privatekeydata,
+                                           size_t privatekeydata_len,
+                                           const char *passphrase);
+.SH DESCRIPTION
+This function allows to authenticate a session with a public key read from memory.
+It's only supported when libssh2 is backed by OpenSSL.
+\fIsession\fP - Session instance as returned by
+.BR libssh2_session_init_ex(3)
+
+\fIusername\fP - Remote user name to authenticate as.
+
+\fIusername_len\fP - Length of username.
+
+\fIpublickeydata\fP - Buffer containing the contents of a public key file.
+
+\fIpublickeydata_len\fP - Length of public key data.
+
+\fIprivatekeydata\fP - Buffer containing the contents of a private key file.
+
+\fIprivatekeydata_len\fP - Length of private key data.
+
+\fIpassphrase\fP - Passphrase to use when decoding private key file.
+
+Attempt public key authentication using a PEM encoded private key file stored in memory.
+.SH RETURN VALUE
+Return 0 on success or negative on failure.  It returns
+LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
+LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
+.SH ERRORS
+\fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
+
+\fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
+
+\fILIBSSH2_ERROR_SOCKET_TIMEOUT\fP - 
+
+\fILIBSSH2_ERROR_PUBLICKEY_UNVERIFIED\fP - The username/public key
+combination was invalid.
+
+\fILIBSSH2_ERROR_AUTHENTICATION_FAILED\fP - Authentication using the supplied
+public key was not accepted.
+.SH AVAILABILITY
+libssh2_userauth_publickey_frommemory was added in libssh2 1.6.0
+.SH SEE ALSO
+.BR libssh2_session_init_ex(3)

example/CMakeLists.txt

@@ -0,0 +1,101 @@
+# Copyright (c) 2014, 2015 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CheckIncludeFiles)
+include(CheckFunctionExists)
+include(CheckSymbolExists)
+include(CopyRuntimeDependencies)
+include(SocketLibraries)
+
+set(EXAMPLES
+  direct_tcpip
+  ssh2
+  scp
+  scp_nonblock
+  scp_write
+  scp_write_nonblock
+  sftp
+  sftp_nonblock
+  sftp_write
+  sftp_write_nonblock
+  sftp_mkdir
+  sftp_mkdir_nonblock
+  sftp_RW_nonblock
+  sftp_write_sliding
+  sftpdir
+  sftpdir_nonblock
+  ssh2_exec
+  ssh2_agent
+  ssh2_echo
+  sftp_append
+  subsystem_netconf
+  tcpip-forward)
+
+append_needed_socket_libraries(LIBRARIES)
+
+foreach(example ${EXAMPLES})
+  add_executable(example-${example} ${example}.c)
+  list(APPEND EXAMPLE_TARGETS example-${example})
+  # to find generated header
+  target_include_directories(example-${example} PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+  target_link_libraries(example-${example} libssh2 ${LIBRARIES})
+endforeach()
+add_target_to_copy_dependencies(
+  TARGET copy_example_dependencies
+  DEPENDENCIES ${RUNTIME_DEPENDENCIES}
+  BEFORE_TARGETS ${EXAMPLE_TARGETS})
+
+## Platform checks
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files(stdlib.h HAVE_STDLIB_H)
+check_include_files(sys/select.h HAVE_SYS_SELECT_H)
+check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
+check_include_files(sys/time.h HAVE_SYS_TIME_H)
+check_include_files(arpa/inet.h HAVE_ARPA_INET_H)
+check_include_files(netinet/in.h HAVE_NETINET_IN_H)
+check_include_files(winsock2.h HAVE_WINSOCK2_H)
+
+check_function_exists(strcasecmp HAVE_STRCASECMP)
+check_function_exists(_stricmp HAVE__STRICMP)
+check_function_exists(snprintf HAVE_SNPRINTF)
+check_function_exists(_snprintf HAVE__SNPRINTF)
+
+check_symbol_exists(__func__ "" HAVE___FUNC__)
+check_symbol_exists(__FUNCTION__ "" HAVE___FUNCTION__)
+
+configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in
+  ${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h)

example/direct_tcpip.c

@@ -15,10 +15,13 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 #include <sys/types.h>
-
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
@@ -48,7 +51,7 @@ enum {
 
 int main(int argc, char *argv[])
 {
-    int rc, sock = -1, listensock = -1, forwardsock = -1, i, auth = AUTH_NONE;
+    int rc, i, auth = AUTH_NONE;
     struct sockaddr_in sin;
     socklen_t sinlen;
     const char *fingerprint;
@@ -64,11 +67,19 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     char sockopt;
+    SOCKET sock = INVALID_SOCKET;
+    SOCKET listensock = INVALID_SOCKET, forwardsock = INVALID_SOCKET;
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #else
-    int sockopt;
+    int sockopt, sock = -1;
+    int listensock = -1, forwardsock = -1;
 #endif
 
     if (argc > 1)
@@ -94,6 +105,18 @@ int main(int argc, char *argv[])
 
     /* Connect to SSH server */
     sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+#ifdef WIN32
+    if (sock == INVALID_SOCKET) {
+        fprintf(stderr, "failed to open socket!\n");
+        return -1;
+    }
+#else
+    if (sock == -1) {
+        perror("socket");
+        return -1;
+    }
+#endif
+
     sin.sin_family = AF_INET;
     if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(server_ip))) {
         perror("inet_addr");
@@ -167,6 +190,18 @@ int main(int argc, char *argv[])
     }
 
     listensock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+#ifdef WIN32
+    if (listensock == INVALID_SOCKET) {
+        fprintf(stderr, "failed to open listen socket!\n");
+        return -1;
+    }
+#else
+    if (listensock == -1) {
+        perror("socket");
+        return -1;
+    }
+#endif
+
     sin.sin_family = AF_INET;
     sin.sin_port = htons(local_listenport);
     if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(local_listenip))) {
@@ -189,10 +224,17 @@ int main(int argc, char *argv[])
         inet_ntoa(sin.sin_addr), ntohs(sin.sin_port));
 
     forwardsock = accept(listensock, (struct sockaddr *)&sin, &sinlen);
-    if (-1 == forwardsock) {
+#ifdef WIN32
+    if (forwardsock == INVALID_SOCKET) {
+        fprintf(stderr, "failed to accept forward socket!\n");
+        goto shutdown;
+    }
+#else
+    if (forwardsock == -1) {
         perror("accept");
         goto shutdown;
     }
+#endif
 
     shost = inet_ntoa(sin.sin_addr);
     sport = ntohs(sin.sin_port);
@@ -233,14 +275,17 @@ int main(int argc, char *argv[])
                 goto shutdown;
             }
             wr = 0;
-            do {
-                i = libssh2_channel_write(channel, buf, len);
+            while(wr < len) {
+                i = libssh2_channel_write(channel, buf + wr, len - wr);
+                if (LIBSSH2_ERROR_EAGAIN == i) {
+                    continue;
+                }
                 if (i < 0) {
                     fprintf(stderr, "libssh2_channel_write: %d\n", i);
                     goto shutdown;
                 }
                 wr += i;
-            } while(i > 0 && wr < len);
+            }
         }
         while (1) {
             len = libssh2_channel_read(channel, buf, sizeof(buf));

example/libssh2_config_cmake.h.in

@@ -0,0 +1,72 @@
+/* Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Headers */
+#cmakedefine HAVE_UNISTD_H
+#cmakedefine HAVE_INTTYPES_H
+#cmakedefine HAVE_STDLIB_H
+#cmakedefine HAVE_SYS_SELECT_H
+#cmakedefine HAVE_SYS_SOCKET_H
+#cmakedefine HAVE_SYS_TIME_H
+#cmakedefine HAVE_ARPA_INET_H
+#cmakedefine HAVE_NETINET_IN_H
+#cmakedefine HAVE_WINSOCK2_H
+
+/* Functions */
+#cmakedefine HAVE_STRCASECMP
+#cmakedefine HAVE__STRICMP
+#cmakedefine HAVE_SNPRINTF
+#cmakedefine HAVE__SNPRINTF
+
+/* Workaround for platforms without POSIX strcasecmp (e.g. Windows) */
+#ifndef HAVE_STRCASECMP
+# ifdef HAVE__STRICMP
+# define strcasecmp _stricmp
+# define HAVE_STRCASECMP
+# endif
+#endif
+
+/* Symbols */
+#cmakedefine HAVE___FUNC__
+#cmakedefine HAVE___FUNCTION__
+
+/* Workaround for platforms without C90 __func__ */
+#ifndef HAVE___FUNC__
+# ifdef HAVE___FUNCTION__
+# define __func__ __FUNCTION__
+# define HAVE___FUNC__
+# endif
+#endif

example/scp.c

@@ -47,8 +47,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/scp_nonblock.c

@@ -38,12 +38,14 @@
 #include <stdio.h>
 #include <ctype.h>
 
+#ifdef HAVE_GETTIMEOFDAY
 /* diff in ms */
 static long tvdiff(struct timeval newer, struct timeval older)
 {
   return (newer.tv_sec-older.tv_sec)*1000+
       (newer.tv_usec-older.tv_usec)/1000;
 }
+#endif
 
 static int waitsocket(int socket_fd, LIBSSH2_SESSION *session)
 {
@@ -87,18 +89,25 @@ int main(int argc, char *argv[])
     const char *password="password";
     const char *scppath="/tmp/TEST";
     struct stat fileinfo;
+#ifdef HAVE_GETTIMEOFDAY
     struct timeval start;
     struct timeval end;
+    long time_ms;
+#endif
     int rc;
     int total = 0;
-    long time_ms;
     int spin = 0;
     off_t got=0;
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {
@@ -144,7 +153,9 @@ int main(int argc, char *argv[])
     /* Since we have set non-blocking, tell libssh2 we are non-blocking */
     libssh2_session_set_blocking(session, 0);
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&start, NULL);
+#endif
 
     /* ... start it up. This will trade welcome banners, exchange keys,
      * and setup crypto, compression, and MAC layers
@@ -247,11 +258,15 @@ int main(int argc, char *argv[])
         break;
     }
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&end, NULL);
 
     time_ms = tvdiff(end, start);
     fprintf(stderr, "Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total,
            time_ms, total/(time_ms/1000.0), spin );
+#else
+    fprintf(stderr, "Got %d bytes spin: %d\n", total, spin);
+#endif
 
     libssh2_channel_free(channel);
     channel = NULL;

example/scp_write.c

@@ -51,8 +51,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/scp_write_nonblock.c

@@ -90,8 +90,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp.c

@@ -106,8 +106,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp_RW_nonblock.c

@@ -93,8 +93,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     rc = libssh2_init (0);

example/sftp_append.c

@@ -55,8 +55,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp_mkdir.c

@@ -48,8 +48,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp_mkdir_nonblock.c

@@ -48,8 +48,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp_nonblock.c

@@ -39,12 +39,14 @@
 #include <stdio.h>
 #include <ctype.h>
 
+#ifdef HAVE_GETTIMEOFDAY
 /* diff in ms */
 static long tvdiff(struct timeval newer, struct timeval older)
 {
   return (newer.tv_sec-older.tv_sec)*1000+
       (newer.tv_usec-older.tv_usec)/1000;
 }
+#endif
 
 static int waitsocket(int socket_fd, LIBSSH2_SESSION *session)
 {
@@ -86,19 +88,26 @@ int main(int argc, char *argv[])
     const char *username="username";
     const char *password="password";
     const char *sftppath="/tmp/TEST";
+#ifdef HAVE_GETTIMEOFDAY
     struct timeval start;
     struct timeval end;
+    long time_ms;
+#endif
     int rc;
     int total = 0;
-    long time_ms;
     int spin = 0;
     LIBSSH2_SFTP *sftp_session;
     LIBSSH2_SFTP_HANDLE *sftp_handle;
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {
@@ -146,7 +155,9 @@ int main(int argc, char *argv[])
     /* Since we have set non-blocking, tell libssh2 we are non-blocking */
     libssh2_session_set_blocking(session, 0);
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&start, NULL);
+#endif
 
     /* ... start it up. This will trade welcome banners, exchange keys,
         * and setup crypto, compression, and MAC layers
@@ -249,10 +260,14 @@ int main(int argc, char *argv[])
         }
     } while (1);
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&end, NULL);
     time_ms = tvdiff(end, start);
     fprintf(stderr, "Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total,
            time_ms, total/(time_ms/1000.0), spin );
+#else
+    fprintf(stderr, "Got %d bytes spin: %d\n", total, spin);
+#endif
 
     libssh2_sftp_close(sftp_handle);
     libssh2_sftp_shutdown(sftp_session);

example/sftp_write.c

@@ -54,8 +54,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp_write_nonblock.c

@@ -94,8 +94,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftp_write_sliding.c

@@ -94,8 +94,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/sftpdir.c

@@ -52,24 +52,51 @@
 #define PRIu64 __PRI64_PREFIX "u"
 #endif  /* PRIu64 */
 
+const char *keyfile1="~/.ssh/id_rsa.pub";
+const char *keyfile2="~/.ssh/id_rsa";
+const char *username="username";
+const char *password="password";
+
+static void kbd_callback(const char *name, int name_len,
+                         const char *instruction, int instruction_len,
+                         int num_prompts,
+                         const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
+                         LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
+                         void **abstract)
+{
+    (void)name;
+    (void)name_len;
+    (void)instruction;
+    (void)instruction_len;
+    if (num_prompts == 1) {
+        responses[0].text = strdup(password);
+        responses[0].length = strlen(password);
+    }
+    (void)prompts;
+    (void)abstract;
+} /* kbd_callback */
+
 int main(int argc, char *argv[])
 {
     unsigned long hostaddr;
-    int sock, i, auth_pw = 1;
+    int rc, sock, i, auth_pw = 0;
     struct sockaddr_in sin;
     const char *fingerprint;
+    char *userauthlist;
     LIBSSH2_SESSION *session;
-    const char *username="username";
-    const char *password="password";
     const char *sftppath="/tmp/secretdir";
-    int rc;
     LIBSSH2_SFTP *sftp_session;
     LIBSSH2_SFTP_HANDLE *sftp_handle;
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {
@@ -136,21 +163,63 @@ int main(int argc, char *argv[])
     }
     fprintf(stderr, "\n");
 
-    if (auth_pw) {
+    /* check what authentication methods are available */
+    userauthlist = libssh2_userauth_list(session, username, strlen(username));
+    fprintf(stderr, "Authentication methods: %s\n", userauthlist);
+    if (strstr(userauthlist, "password") != NULL) {
+        auth_pw |= 1;
+    }
+    if (strstr(userauthlist, "keyboard-interactive") != NULL) {
+        auth_pw |= 2;
+    }
+    if (strstr(userauthlist, "publickey") != NULL) {
+        auth_pw |= 4;
+    }
+
+    /* if we got an 5. argument we set this option if supported */
+    if(argc > 5) {
+        if ((auth_pw & 1) && !strcasecmp(argv[5], "-p")) {
+            auth_pw = 1;
+        }
+        if ((auth_pw & 2) && !strcasecmp(argv[5], "-i")) {
+            auth_pw = 2;
+        }
+        if ((auth_pw & 4) && !strcasecmp(argv[5], "-k")) {
+            auth_pw = 4;
+        }
+    }
+
+    if (auth_pw & 1) {
         /* We could authenticate via password */
         if (libssh2_userauth_password(session, username, password)) {
-            fprintf(stderr, "Authentication by password failed.\n");
+            fprintf(stderr, "\tAuthentication by password failed!\n");
             goto shutdown;
+        } else {
+            fprintf(stderr, "\tAuthentication by password succeeded.\n");
+        }
+    } else if (auth_pw & 2) {
+        /* Or via keyboard-interactive */
+        if (libssh2_userauth_keyboard_interactive(session, username,
+                                                  &kbd_callback) ) {
+            fprintf(stderr,
+                "\tAuthentication by keyboard-interactive failed!\n");
+            goto shutdown;
+        } else {
+            fprintf(stderr,
+                "\tAuthentication by keyboard-interactive succeeded.\n");
+        }
+    } else if (auth_pw & 4) {
+        /* Or by public key */
+        if (libssh2_userauth_publickey_fromfile(session, username, keyfile1,
+                                                keyfile2, password)) {
+            fprintf(stderr, "\tAuthentication by public key failed!\n");
+            goto shutdown;
+        } else {
+            fprintf(stderr, "\tAuthentication by public key succeeded.\n");
         }
     } else {
-        /* Or by public key */
-        if (libssh2_userauth_publickey_fromfile(session, username,
-                            "/home/username/.ssh/id_rsa.pub",
-                            "/home/username/.ssh/id_rsa",
-                            password)) {
-            fprintf(stderr, "\tAuthentication by public key failed\n");
-            goto shutdown;
-        }
+        fprintf(stderr, "No supported authentication methods found!\n");
+        goto shutdown;
     }
 
     fprintf(stderr, "libssh2_sftp_init()!\n");

example/sftpdir_nonblock.c

@@ -68,8 +68,13 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/ssh2.c

@@ -72,10 +72,16 @@ int main(int argc, char *argv[])
     char *userauthlist;
     LIBSSH2_SESSION *session;
     LIBSSH2_CHANNEL *channel;
+
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/ssh2_agent.c

@@ -49,10 +49,16 @@ int main(int argc, char *argv[])
     LIBSSH2_CHANNEL *channel;
     LIBSSH2_AGENT *agent = NULL;
     struct libssh2_agent_publickey *identity, *prev_identity = NULL;
+
 #ifdef WIN32
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
 
     if (argc > 1) {

example/ssh2_echo.c

@@ -29,10 +29,13 @@
 #ifdef HAVE_ARPA_INET_H
 # include <arpa/inet.h>
 #endif
-
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
+#endif
 #include <sys/types.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>
@@ -91,8 +94,15 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    int err;
+
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
+
     if (argc > 1)
         /* must be ip address only */
         hostname = argv[1];

example/ssh2_exec.c

@@ -31,10 +31,13 @@
 #ifdef HAVE_ARPA_INET_H
 # include <arpa/inet.h>
 #endif
-
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
+#endif
 #include <sys/types.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>
@@ -92,8 +95,15 @@ int main(int argc, char *argv[])
 
 #ifdef WIN32
     WSADATA wsadata;
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    int err;
+
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #endif
+
     if (argc > 1)
         /* must be ip address only */
         hostname = argv[1];

example/subsystem_netconf.c

@@ -16,10 +16,13 @@
 #include <errno.h>
 #include <stdio.h>
 #include <string.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 #include <sys/types.h>
-
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
@@ -28,6 +31,12 @@
 #define INADDR_NONE (in_addr_t)~0
 #endif
 
+#ifndef HAVE_SNPRINTF
+# ifdef HAVE__SNPRINTF
+# define snprintf _snprintf
+# endif
+#endif
+
 const char *keyfile1 = "/home/username/.ssh/id_rsa.pub";
 const char *keyfile2 = "/home/username/.ssh/id_rsa";
 const char *username = "username";
@@ -102,7 +111,7 @@ static int netconf_read_until(LIBSSH2_CHANNEL *channel, const char *endtag,
 
 int main(int argc, char *argv[])
 {
-    int rc, sock = -1, i, auth = AUTH_NONE;
+    int rc, i, auth = AUTH_NONE;
     struct sockaddr_in sin;
     const char *fingerprint;
     char *userauthlist;
@@ -112,9 +121,17 @@ int main(int argc, char *argv[])
     ssize_t len;
 
 #ifdef WIN32
+    SOCKET sock = INVALID_SOCKET;
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
+#else
+    int sock = -1;
 #endif
 
     if (argc > 1)
@@ -132,6 +149,18 @@ int main(int argc, char *argv[])
 
     /* Connect to SSH server */
     sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+#ifdef WIN32
+    if (sock == INVALID_SOCKET) {
+        fprintf(stderr, "failed to open socket!\n");
+        return -1;
+    }
+#else
+    if (sock == -1) {
+        perror("socket");
+        return -1;
+    }
+#endif
+
     sin.sin_family = AF_INET;
     if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(server_ip))) {
         fprintf(stderr, "inet_addr: Invalid IP address \"%s\"\n", server_ip);

example/tcpip-forward.c

@@ -15,10 +15,13 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 #include <sys/types.h>
-
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
@@ -35,11 +38,11 @@ const char *password = "";
 const char *server_ip = "127.0.0.1";
 
 const char *remote_listenhost = "localhost"; /* resolved by the server */
-unsigned int remote_wantport = 2222;
-unsigned int remote_listenport;
+int remote_wantport = 2222;
+int remote_listenport;
 
 const char *local_destip = "127.0.0.1";
-unsigned int local_destport = 22;
+int local_destport = 22;
 
 enum {
     AUTH_NONE = 0,
@@ -49,7 +52,7 @@ enum {
 
 int main(int argc, char *argv[])
 {
-    int rc, sock = -1, forwardsock = -1, i, auth = AUTH_NONE;
+    int rc, i, auth = AUTH_NONE;
     struct sockaddr_in sin;
     socklen_t sinlen = sizeof(sin);
     const char *fingerprint;
@@ -57,20 +60,23 @@ int main(int argc, char *argv[])
     LIBSSH2_SESSION *session;
     LIBSSH2_LISTENER *listener = NULL;
     LIBSSH2_CHANNEL *channel = NULL;
-    const char *shost;
-    unsigned int sport;
     fd_set fds;
     struct timeval tv;
     ssize_t len, wr;
     char buf[16384];
 
 #ifdef WIN32
-    char sockopt;
+    SOCKET sock = INVALID_SOCKET, forwardsock = INVALID_SOCKET;
     WSADATA wsadata;
+    int err;
 
-    WSAStartup(MAKEWORD(2,0), &wsadata);
+    err = WSAStartup(MAKEWORD(2,0), &wsadata);
+    if (err != 0) {
+        fprintf(stderr, "WSAStartup failed with error: %d\n", err);
+        return 1;
+    }
 #else
-    int sockopt;
+    int sock = -1, forwardsock = -1;
 #endif
 
     if (argc > 1)
@@ -96,6 +102,18 @@ int main(int argc, char *argv[])
 
     /* Connect to SSH server */
     sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+#ifdef WIN32
+    if (sock == INVALID_SOCKET) {
+        fprintf(stderr, "failed to open socket!\n");
+        return -1;
+    }
+#else
+    if (sock == -1) {
+        perror("socket");
+        return -1;
+    }
+#endif
+
     sin.sin_family = AF_INET;
     if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(server_ip))) {
         perror("inet_addr");
@@ -196,6 +214,18 @@ int main(int argc, char *argv[])
         "Accepted remote connection. Connecting to local server %s:%d\n",
         local_destip, local_destport);
     forwardsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+#ifdef WIN32
+    if (forwardsock == INVALID_SOCKET) {
+        fprintf(stderr, "failed to open forward socket!\n");
+        goto shutdown;
+    }
+#else
+    if (forwardsock == -1) {
+        perror("socket");
+        goto shutdown;
+    }
+#endif
+
     sin.sin_family = AF_INET;
     sin.sin_port = htons(local_destport);
     if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(local_destip))) {

example/x11.c

@@ -10,6 +10,7 @@
 #include <sys/ioctl.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
+#include <sys/select.h>
 #include <arpa/inet.h>
 #include <unistd.h>
 #include <sys/types.h>
@@ -48,13 +49,13 @@ static void remove_node(struct chan_X11_list *elem)
     current_node = gp_x11_chan;
 
     if (gp_x11_chan == elem) {
-        /* Removing the only one element in the list */
-        free(gp_x11_chan);
-        gp_x11_chan = NULL;
+        gp_x11_chan = gp_x11_chan->next;
+        free(current_node);
+        return;
     }
 
-    while( current_node->next != NULL) {
-        if (current_node->next ==elem) {
+    while (current_node->next != NULL) {
+        if (current_node->next == elem) {
             current_node->next = current_node->next->next;
             current_node = current_node->next;
             free(current_node);
@@ -209,24 +210,27 @@ static int x11_send_receive(LIBSSH2_CHANNEL *channel, int sock)
     rc = libssh2_poll(fds, nfds, 0);
     if (rc >0) {
         rc = libssh2_channel_read(channel, buf, bufsize);
-        rc = write(sock, buf, rc);
+        write(sock, buf, rc);
     }
 
-    rc = select(sock+1,&set,NULL,NULL,&timeval_out);
+    rc = select(sock+1, &set, NULL, NULL, &timeval_out);
     if (rc > 0) {
-        memset((void *)buf,0,bufsize);
+        memset((void *)buf, 0, bufsize);
 
         /* Data in sock*/
         rc = read(sock, buf, bufsize);
-        if (rc > 0)
-            rc = libssh2_channel_write(channel,buf, rc);
-        else
+        if (rc > 0) {
+            libssh2_channel_write(channel, buf, rc);
+        }
+        else {
+            free(buf);
             return -1;
+        }
     }
 
     free(fds);
     free(buf);
-    if (libssh2_channel_eof (channel) == 1) {
+    if (libssh2_channel_eof(channel) == 1) {
         return -1;
     }
     return 0;
@@ -289,6 +293,10 @@ main (int argc, char *argv[])
     }
 
     sock = socket (AF_INET, SOCK_STREAM, 0);
+    if (sock == -1) {
+        perror("socket");
+        return -1;
+    }
 
     sin.sin_family = AF_INET;
     sin.sin_port = htons (22);
@@ -369,6 +377,9 @@ main (int argc, char *argv[])
         return -1;
     }
 
+    memset(&w_size, 0, sizeof(struct winsize));
+    memset(&w_size_bck, 0, sizeof(struct winsize));
+
     while (1) {
 
         FD_ZERO(&set);
@@ -400,7 +411,7 @@ main (int argc, char *argv[])
 
         rc = libssh2_poll(fds, nfds, 0);
         if (rc >0) {
-            rc = libssh2_channel_read(channel, buf,sizeof(buf));
+            libssh2_channel_read(channel, buf, sizeof(buf));
             fprintf(stdout, "%s", buf);
             fflush(stdout);
         }

include/libssh2.h

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2009, Sara Golemon <sarag@libssh2.org>
- * Copyright (c) 2009-2012 Daniel Stenberg
+ * Copyright (c) 2009-2015 Daniel Stenberg
  * Copyright (c) 2010 Simon Josefsson <simon@josefsson.org>
  * All rights reserved.
  *
@@ -40,19 +40,19 @@
 #ifndef LIBSSH2_H
 #define LIBSSH2_H 1
 
-#define LIBSSH2_COPYRIGHT "2004-2012 The libssh2 project and its contributors."
+#define LIBSSH2_COPYRIGHT "2004-2015 The libssh2 project and its contributors."
 
 /* We use underscore instead of dash when appending DEV in dev versions just
    to make the BANNER define (used by src/session.c) be a valid SSH
    banner. Release versions have no appended strings and may of course not
    have dashes either. */
-#define LIBSSH2_VERSION                             "1.4.3_DEV"
+#define LIBSSH2_VERSION                             "1.6.0_DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBSSH2_VERSION_MAJOR                       1
-#define LIBSSH2_VERSION_MINOR                       4
-#define LIBSSH2_VERSION_PATCH                       3
+#define LIBSSH2_VERSION_MINOR                       6
+#define LIBSSH2_VERSION_PATCH                       0
 
 /* This is the numeric version of the libssh2 version number, meant for easier
    parsing and comparions by programs. The LIBSSH2_VERSION_NUM define will
@@ -69,7 +69,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBSSH2_VERSION_NUM                         0x010403
+#define LIBSSH2_VERSION_NUM                         0x010600
 
 /*
  * This is the date and time when the full source package was created. The
@@ -100,17 +100,21 @@ extern "C" {
 /* Allow alternate API prefix from CFLAGS or calling app */
 #ifndef LIBSSH2_API
 # ifdef LIBSSH2_WIN32
-#  ifdef LIBSSH2_LIBRARY
-#   define LIBSSH2_API __declspec(dllexport)
+#  ifdef _WINDLL
+#   ifdef LIBSSH2_LIBRARY
+#    define LIBSSH2_API __declspec(dllexport)
+#   else
+#    define LIBSSH2_API __declspec(dllimport)
+#   endif /* LIBSSH2_LIBRARY */
 #  else
-#   define LIBSSH2_API __declspec(dllimport)
-#  endif /* LIBSSH2_LIBRARY */
+#   define LIBSSH2_API
+#  endif
 # else /* !LIBSSH2_WIN32 */
 #  define LIBSSH2_API
 # endif /* LIBSSH2_WIN32 */
 #endif /* LIBSSH2_API */
 
-#if defined(LIBSSH2_DARWIN)
+#ifdef HAVE_SYS_UIO_H
 # include <sys/uio.h>
 #endif
 
@@ -281,7 +285,8 @@ typedef struct _LIBSSH2_POLLFD {
     unsigned char type; /* LIBSSH2_POLLFD_* below */
 
     union {
-        int socket; /* File descriptors -- examined with system select() call */
+        libssh2_socket_t socket; /* File descriptors -- examined with
+                                    system select() call */
         LIBSSH2_CHANNEL *channel; /* Examined by checking internal state */
         LIBSSH2_LISTENER *listener; /* Read polls only -- are inbound
                                        connections waiting to be accepted? */
@@ -521,8 +526,9 @@ LIBSSH2_API int libssh2_userauth_password_ex(LIBSSH2_SESSION *session,
                                              LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb)));
 
 #define libssh2_userauth_password(session, username, password) \
- libssh2_userauth_password_ex((session), (username), strlen(username), \
-                              (password), strlen(password), NULL)
+ libssh2_userauth_password_ex((session), (username),           \
+                              (unsigned int)strlen(username),  \
+                              (password), (unsigned int)strlen(password), NULL)
 
 LIBSSH2_API int
 libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session,
@@ -534,9 +540,10 @@ libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session,
 
 #define libssh2_userauth_publickey_fromfile(session, username, publickey, \
                                             privatekey, passphrase)     \
-  libssh2_userauth_publickey_fromfile_ex((session), (username), \
-                                         strlen(username), (publickey), \
-                                         (privatekey), (passphrase))
+    libssh2_userauth_publickey_fromfile_ex((session), (username),       \
+                                           (unsigned int)strlen(username), \
+                                           (publickey),                 \
+                                           (privatekey), (passphrase))
 
 LIBSSH2_API int
 libssh2_userauth_publickey(LIBSSH2_SESSION *session,
@@ -561,10 +568,23 @@ libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session,
 #define libssh2_userauth_hostbased_fromfile(session, username, publickey, \
                                             privatekey, passphrase, hostname) \
  libssh2_userauth_hostbased_fromfile_ex((session), (username), \
-                                        strlen(username), (publickey), \
-                                        (privatekey), (passphrase), \
-                                        (hostname), strlen(hostname), \
-                                        (username), strlen(username))
+                                        (unsigned int)strlen(username), \
+                                        (publickey),                    \
+                                        (privatekey), (passphrase),     \
+                                        (hostname),                     \
+                                        (unsigned int)strlen(hostname), \
+                                        (username),                     \
+                                        (unsigned int)strlen(username))
+
+LIBSSH2_API int
+libssh2_userauth_publickey_frommemory(LIBSSH2_SESSION *session,
+                                      const char *username,
+                                      size_t username_len,
+                                      const char *publickeyfiledata,
+                                      size_t publickeyfiledata_len,
+                                      const char *privatekeyfiledata,
+                                      size_t privatekeyfiledata_len,
+                                      const char *passphrase);
 
 /*
  * response_callback is provided with filled by library prompts array,
@@ -578,16 +598,17 @@ libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION* session,
                                          unsigned int username_len,
                                          LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback)));
 
-#define libssh2_userauth_keyboard_interactive(session, username, \
-                                              response_callback) \
- libssh2_userauth_keyboard_interactive_ex((session), (username), \
-                                          strlen(username), (response_callback))
+#define libssh2_userauth_keyboard_interactive(session, username,        \
+                                              response_callback)        \
+    libssh2_userauth_keyboard_interactive_ex((session), (username),     \
+                                             (unsigned int)strlen(username), \
+                                             (response_callback))
 
 LIBSSH2_API int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds,
                              long timeout);
 
 /* Channel API */
-#define LIBSSH2_CHANNEL_WINDOW_DEFAULT  (256*1024)
+#define LIBSSH2_CHANNEL_WINDOW_DEFAULT  (2*1024*1024)
 #define LIBSSH2_CHANNEL_PACKET_DEFAULT  32768
 #define LIBSSH2_CHANNEL_MINADJUST       1024
 
@@ -635,9 +656,10 @@ LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel,
                                           const char *value,
                                           unsigned int value_len);
 
-#define libssh2_channel_setenv(channel, varname, value) \
- libssh2_channel_setenv_ex((channel), (varname), strlen(varname), (value), \
-                           strlen(value))
+#define libssh2_channel_setenv(channel, varname, value)                 \
+    libssh2_channel_setenv_ex((channel), (varname),                     \
+                              (unsigned int)strlen(varname), (value),   \
+                              (unsigned int)strlen(value))
 
 LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel,
                                                const char *term,
@@ -646,10 +668,12 @@ LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel,
                                                unsigned int modes_len,
                                                int width, int height,
                                                int width_px, int height_px);
-#define libssh2_channel_request_pty(channel, term) \
- libssh2_channel_request_pty_ex((channel), (term), strlen(term), NULL, 0, \
-                                LIBSSH2_TERM_WIDTH, LIBSSH2_TERM_HEIGHT, \
-                                LIBSSH2_TERM_WIDTH_PX, LIBSSH2_TERM_HEIGHT_PX)
+#define libssh2_channel_request_pty(channel, term)                      \
+    libssh2_channel_request_pty_ex((channel), (term),                   \
+                                   (unsigned int)strlen(term),          \
+                                   NULL, 0,                             \
+                                   LIBSSH2_TERM_WIDTH, LIBSSH2_TERM_HEIGHT, \
+                                   LIBSSH2_TERM_WIDTH_PX, LIBSSH2_TERM_HEIGHT_PX)
 
 LIBSSH2_API int libssh2_channel_request_pty_size_ex(LIBSSH2_CHANNEL *channel,
                                                     int width, int height,
@@ -676,11 +700,11 @@ LIBSSH2_API int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel,
                                   NULL, 0)
 #define libssh2_channel_exec(channel, command) \
   libssh2_channel_process_startup((channel), "exec", sizeof("exec") - 1, \
-                                  (command), strlen(command))
+                                  (command), (unsigned int)strlen(command))
 #define libssh2_channel_subsystem(channel, subsystem) \
   libssh2_channel_process_startup((channel), "subsystem",              \
                                   sizeof("subsystem") - 1, (subsystem), \
-                                  strlen(subsystem))
+                                  (unsigned int)strlen(subsystem))
 
 LIBSSH2_API ssize_t libssh2_channel_read_ex(LIBSSH2_CHANNEL *channel,
                                             int stream_id, char *buf,
@@ -856,11 +880,12 @@ libssh2_knownhost_init(LIBSSH2_SESSION *session);
 #define LIBSSH2_KNOWNHOST_KEYENC_BASE64   (2<<16)
 
 /* type of key (2 bits) */
-#define LIBSSH2_KNOWNHOST_KEY_MASK     (3<<18)
+#define LIBSSH2_KNOWNHOST_KEY_MASK     (7<<18)
 #define LIBSSH2_KNOWNHOST_KEY_SHIFT    18
 #define LIBSSH2_KNOWNHOST_KEY_RSA1     (1<<18)
 #define LIBSSH2_KNOWNHOST_KEY_SSHRSA   (2<<18)
 #define LIBSSH2_KNOWNHOST_KEY_SSHDSS   (3<<18)
+#define LIBSSH2_KNOWNHOST_KEY_UNKNOWN  (7<<18)
 
 LIBSSH2_API int
 libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,

include/libssh2_sftp.h

@@ -247,6 +247,7 @@ LIBSSH2_API int libssh2_sftp_readdir_ex(LIBSSH2_SFTP_HANDLE *handle, \
 
 LIBSSH2_API ssize_t libssh2_sftp_write(LIBSSH2_SFTP_HANDLE *handle,
                                        const char *buffer, size_t count);
+LIBSSH2_API int libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *handle);
 
 LIBSSH2_API int libssh2_sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle);
 #define libssh2_sftp_close(handle) libssh2_sftp_close_handle(handle)

nw/GNUmakefile

@@ -14,12 +14,12 @@ endif
 
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.7
+ZLIB_PATH = ../../zlib-1.2.8
 endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8x
+OPENSSL_PATH = ../../openssl-0.9.8zc
 endif
 
 # Edit the path below to point to your Distribution folder.
@@ -37,7 +37,7 @@ DEVLARC	= $(DEVLDIR).zip
 # Edit the vars below to change NLM target settings.
 TARGET	= libssh2
 VERSION	= $(LIBSSH2_VERSION)
-COPYR	= Copyright (c) $(LIBSSH2_COPYRIGHT_STR)
+CPRIGHT	= Copyright (c) $(LIBSSH2_COPYRIGHT_STR)
 WWWURL	= http://www.libssh2.org/
 DESCR	= libssh2 $(LIBSSH2_VERSION_STR) ($(LIBARCH)) - $(WWWURL)
 MTSAFE	= YES
@@ -213,6 +213,10 @@ endif
 
 vpath %.c . ../src
 
+# only OpenSSL is supported with this build system
+CFLAGS += -DLIBSSH2_OPENSSL
+include ../Makefile.OpenSSL.inc
+
 # include Makefile.inc to get CSOURCES define
 include ../Makefile.inc
 
@@ -247,30 +251,30 @@ $(OBJDIR)/version.inc: ../get_ver.awk ../include/libssh2.h $(OBJDIR)
 	@$(AWK) -f $^ > $@
 
 dist: all $(DISTDIR) $(DISTDIR)/readme.txt
-	@$(call MD, $(DISTDIR)/bin)
-	@$(call CP, ../AUTHORS, $(DISTDIR))
-	@$(call CP, ../COPYING, $(DISTDIR))
-	@$(call CP, ../INSTALL, $(DISTDIR))
-	@$(call CP, ../README, $(DISTDIR))
-	@$(call CP, ../RELEASE-NOTES, $(DISTDIR))
-	@$(call CP, $(TARGET).nlm, $(DISTDIR)/bin)
+	@$(call MKDIR, $(DISTDIR)/bin)
+	@$(call COPY, ../AUTHORS, $(DISTDIR))
+	@$(call COPY, ../COPYING, $(DISTDIR))
+	@$(call COPY, ../INSTALL, $(DISTDIR))
+	@$(call COPY, ../README, $(DISTDIR))
+	@$(call COPY, ../RELEASE-NOTES, $(DISTDIR))
+	@$(call COPY, $(TARGET).nlm, $(DISTDIR)/bin)
 	@echo Creating $(DISTARC)
 	@$(ZIP) $(DISTARC) $(DISTDIR)/* < $(DISTDIR)/readme.txt
 
 dev: all $(DEVLDIR) $(DEVLDIR)/readme.txt
-	@$(call MD, $(DEVLDIR)/bin)
-	@$(call MD, $(DEVLDIR)/include)
-	@$(call MD, $(DEVLDIR)/nw)
-	@$(call CP, ../AUTHORS, $(DEVLDIR))
-	@$(call CP, ../COPYING, $(DEVLDIR))
-	@$(call CP, ../INSTALL, $(DEVLDIR))
-	@$(call CP, ../README, $(DEVLDIR))
-	@$(call CP, ../RELEASE-NOTES, $(DEVLDIR))
-	@$(call CP, ../include/*.h, $(DEVLDIR)/include)
-	@$(call CP, libssh2_config.h, $(DEVLDIR)/include)
-	@$(call CP, $(TARGET).nlm, $(DEVLDIR)/bin)
-	@$(call CP, $(TARGET).imp, $(DEVLDIR)/nw)
-	@$(call CP, $(TARGET).$(LIBEXT), $(DEVLDIR)/nw)
+	@$(call MKDIR, $(DEVLDIR)/bin)
+	@$(call MKDIR, $(DEVLDIR)/include)
+	@$(call MKDIR, $(DEVLDIR)/nw)
+	@$(call COPY, ../AUTHORS, $(DEVLDIR))
+	@$(call COPY, ../COPYING, $(DEVLDIR))
+	@$(call COPY, ../INSTALL, $(DEVLDIR))
+	@$(call COPY, ../README, $(DEVLDIR))
+	@$(call COPY, ../RELEASE-NOTES, $(DEVLDIR))
+	@$(call COPY, ../include/*.h, $(DEVLDIR)/include)
+	@$(call COPY, libssh2_config.h, $(DEVLDIR)/include)
+	@$(call COPY, $(TARGET).nlm, $(DEVLDIR)/bin)
+	@$(call COPY, $(TARGET).imp, $(DEVLDIR)/nw)
+	@$(call COPY, $(TARGET).$(LIBEXT), $(DEVLDIR)/nw)
 	@echo Creating $(DEVLARC)
 	@$(ZIP) $(DEVLARC) $(DEVLDIR)/* < $(DEVLDIR)/readme.txt
 
@@ -323,7 +327,7 @@ $(OBJDIR)/%.def: GNUmakefile
 	@echo $(DL)# Do not edit this file - it is created by make!$(DL) >> $@
 	@echo $(DL)# All your changes will be lost!!$(DL) >> $@
 	@echo $(DL)#$(DL) >> $@
-	@echo $(DL)copyright "$(COPYR)"$(DL) >> $@
+	@echo $(DL)copyright "$(CPRIGHT)"$(DL) >> $@
 	@echo $(DL)description "$(DESCR)"$(DL) >> $@
 	@echo $(DL)version $(VERSION)$(DL) >> $@
 ifdef NLMTYPE
@@ -530,21 +534,25 @@ endif
 	@echo $(DL)  libssh2_channel_wait_closed,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_wait_eof,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_write_ex,$(DL) >> $@
+	@echo $(DL)  libssh2_exit,$(DL) >> $@
 	@echo $(DL)  libssh2_hostkey_hash,$(DL) >> $@
-	@echo $(DL)  libssh2_scp_recv,$(DL) >> $@
-	@echo $(DL)  libssh2_scp_send64,$(DL) >> $@
-	@echo $(DL)  libssh2_scp_send_ex,$(DL) >> $@
+	@echo $(DL)  libssh2_init,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_add,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_check,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_checkp,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_free,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_init,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_readfile,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_writefile,$(DL) >> $@
+	@echo $(DL)  libssh2_scp_recv,$(DL) >> $@
+	@echo $(DL)  libssh2_scp_send64,$(DL) >> $@
+	@echo $(DL)  libssh2_scp_send_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_session_abstract,$(DL) >> $@
 	@echo $(DL)  libssh2_session_block_directions,$(DL) >> $@
 	@echo $(DL)  libssh2_session_callback_set,$(DL) >> $@
 	@echo $(DL)  libssh2_session_disconnect_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_session_free,$(DL) >> $@
+	@echo $(DL)  libssh2_session_handshake,$(DL) >> $@
 	@echo $(DL)  libssh2_session_hostkey,$(DL) >> $@
 	@echo $(DL)  libssh2_session_init_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_session_last_errno,$(DL) >> $@
@@ -576,7 +584,8 @@ endif
 	@echo $(DL)  libssh2_userauth_keyboard_interactive_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_userauth_list,$(DL) >> $@
 	@echo $(DL)  libssh2_userauth_password_ex,$(DL) >> $@
-	@echo $(DL)  libssh2_userauth_publickey_fromfile_ex$(DL) >> $@
+	@echo $(DL)  libssh2_userauth_publickey_fromfile_ex,$(DL) >> $@
+	@echo $(DL)  libssh2_version$(DL) >> $@
 
 $(DISTDIR)/readme.txt: GNUmakefile
 	@echo Creating $@

nw/test/GNUmakefile

@@ -13,12 +13,12 @@ endif
 
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.7
+ZLIB_PATH = ../../../zlib-1.2.8
 endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8x
+OPENSSL_PATH = ../../../openssl-0.9.8zc
 endif
 
 # Edit the var below to enable static linking of libssh2 and libz

src/CMakeLists.txt

@@ -0,0 +1,384 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CheckFunctionExists)
+include(CheckFunctionExistsMayNeedLibrary)
+include(CheckIncludeFiles)
+include(CheckTypeSize)
+include(CheckNonblockingSocketSupport)
+include(SocketLibraries)
+
+## Cryptography backend choice
+
+set(CRYPTO_BACKEND
+  ""
+  CACHE
+  STRING
+  "The backend to use for cryptography: OpenSSL, Libgcrypt or WinCNG,
+or empty to try any available")
+
+# If the crypto backend was given, rather than searching for the first
+# we are able to find, the find_package commands must abort configuration
+# and report to the user.
+if(CRYPTO_BACKEND)
+  set(SPECIFIC_CRYPTO_REQUIREMENT REQUIRED)
+endif()
+
+if(CRYPTO_BACKEND STREQUAL "OpenSSL" OR NOT CRYPTO_BACKEND)
+
+  find_package(OpenSSL ${SPECIFIC_CRYPTO_REQUIREMENT})
+
+  if(OPENSSL_FOUND)
+    set(CRYPTO_BACKEND "OpenSSL")
+    set(CRYPTO_SOURCES openssl.c openssl.h)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_OPENSSL)
+    list(APPEND PRIVATE_INCLUDE_DIRECTORIES ${OPENSSL_INCLUDE_DIR})
+    list(APPEND LIBRARIES ${OPENSSL_LIBRARIES})
+    list(APPEND PC_REQUIRES_PRIVATE libssl libcrypto)
+
+    if (WIN32)
+      find_file(DLL_LIBEAY32
+	NAMES libeay32.dll crypto.dll
+        HINTS ${_OPENSSL_ROOT_HINTS} PATHS ${_OPENSSL_ROOT_PATHS}
+        PATH_SUFFIXES bin)
+      if (NOT DLL_LIBEAY32)
+        message(WARNING
+          "Unable to find OpenSSL libeay32 DLL, executables may not run")
+      endif()
+
+      find_file(DLL_SSLEAY32
+        NAMES ssleay32.dll ssl.dll
+        HINTS ${_OPENSSL_ROOT_HINTS} PATHS ${_OPENSSL_ROOT_PATHS}
+        PATH_SUFFIXES bin)
+      if (NOT DLL_SSLEAY32)
+        message(WARNING
+          "Unable to find OpenSSL ssleay32 DLL, executables may not run")
+      endif()
+
+      if(DLL_LIBEAY32 AND DLL_SSLEAY32)
+        list(APPEND _RUNTIME_DEPENDENCIES ${DLL_LIBEAY32} ${DLL_SSLEAY32})
+      endif()
+    endif()
+
+    # Not all OpenSSL have AES-CTR functions.
+    set(SAVE_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
+    check_function_exists(EVP_aes_128_ctr HAVE_EVP_AES_128_CTR)
+    set(CMAKE_REQUIRED_LIBRARIES ${SAVE_CMAKE_REQUIRED_LIBRARIES})
+  endif()
+endif()
+
+if(CRYPTO_BACKEND STREQUAL "Libgcrypt" OR NOT CRYPTO_BACKEND)
+
+  find_package(Libgcrypt ${SPECIFIC_CRYPTO_REQUIREMENT})
+
+  if(LIBGCRYPT_FOUND)
+    set(CRYPTO_BACKEND "Libgcrypt")
+    set(CRYPTO_SOURCES libgcrypt.c libgcrypt.h)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_LIBGCRYPT)
+    list(APPEND PRIVATE_INCLUDE_DIRECTORIES ${LIBGCRYPT_INCLUDE_DIRS})
+    list(APPEND LIBRARIES ${LIBGCRYPT_LIBRARIES})
+    list(APPEND PC_LIBS -lgcrypt)
+  endif()
+endif()
+
+if(CRYPTO_BACKEND STREQUAL "WinCNG" OR NOT CRYPTO_BACKEND)
+
+  # The check actually compiles the header.  This requires windows.h.
+  check_include_files("windows.h;bcrypt.h" HAVE_BCRYPT_H)
+
+  if(HAVE_BCRYPT_H)
+    set(CRYPTO_BACKEND "WinCNG")
+    set(CRYPTO_SOURCES wincng.c wincng.h)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_WINCNG)
+
+    set(HAVE_LIBCRYPT32 TRUE)
+    list(APPEND LIBRARIES bcrypt)
+    list(APPEND PC_LIBS -lbcrypt)
+
+    check_include_files(ntdef.h HAVE_NTDEF_H)
+    check_include_files(ntstatus.h HAVE_NTSTATUS_H)
+
+    # Reading keys from files is optional and depends on Wincrypt
+    check_include_files("windows.h;wincrypt.h" HAVE_WINCRYPT_H)
+
+    if(HAVE_WINCRYPT_H)
+      list(APPEND LIBRARIES crypt32)
+      list(APPEND PC_LIBS -lcrypt32)
+    endif()
+
+  elseif(${SPECIFIC_CRYPTO_REQUIREMENT} STREQUAL ${REQUIRED})
+    message(FATAL_ERROR "WinCNG not available")
+  endif()
+endif()
+
+if(NOT CRYPTO_BACKEND)
+  message(FATAL_ERROR "No suitable cryptography backend found.")
+endif()
+
+## Library definition
+
+include(GNUInstallDirs)
+set(SOURCES
+  ${CRYPTO_SOURCES}
+  agent.c
+  channel.c
+  channel.h
+  comp.c
+  comp.h
+  crypt.c
+  crypto.h
+  global.c
+  hostkey.c
+  keepalive.c
+  kex.c
+  knownhost.c
+  libssh2_priv.h
+  mac.c
+  mac.h
+  misc.c
+  misc.h
+  packet.c
+  packet.h
+  pem.c
+  publickey.c
+  scp.c
+  session.c
+  session.h
+  sftp.c
+  sftp.h
+  transport.c
+  transport.h
+  userauth.c
+  userauth.h
+  version.c)
+
+if(WIN32)
+  list(APPEND SOURCES ${CMAKE_SOURCE_DIR}/win32/libssh2.rc)
+endif()
+
+add_library(libssh2 ${SOURCES})
+# we want it to be called libssh2 on all platforms
+set_target_properties(libssh2 PROPERTIES PREFIX "")
+
+target_compile_definitions(libssh2 PRIVATE ${PRIVATE_COMPILE_DEFINITIONS})
+target_include_directories(libssh2
+  PRIVATE ${PRIVATE_INCLUDE_DIRECTORIES}
+  PUBLIC
+    $<BUILD_INTERFACE:${CMAKE_SOURCE_DIR}/include>
+    $<INSTALL_INTERFACE:$<INSTALL_PREFIX>/${CMAKE_INSTALL_INCLUDEDIR}>)
+
+## Options
+
+add_feature_info("Shared library" BUILD_SHARED_LIBS
+  "creating libssh2 as a shared library (.so/.dll)")
+
+option(ENABLE_ZLIB_COMPRESSION "Use zlib for compression")
+add_feature_info(Compression ENABLE_ZLIB_COMPRESSION
+  "using zlib for compression")
+if(ENABLE_ZLIB_COMPRESSION)
+  find_package(ZLIB REQUIRED)
+
+  target_include_directories(libssh2 PRIVATE ${ZLIB_INCLUDE_DIRS})
+  list(APPEND LIBRARIES ${ZLIB_LIBRARIES})
+  list(APPEND PC_REQUIRES_PRIVATE zlib)
+  if(ZLIB_FOUND)
+    target_compile_definitions(libssh2 PRIVATE LIBSSH2_HAVE_ZLIB=1)
+  endif()
+endif()
+
+option(ENABLE_CRYPT_NONE "Permit \"none\" cipher -- NOT RECOMMENDED")
+add_feature_info("\"none\" cipher" ENABLE_CRYPT_NONE "")
+if(ENABLE_CRYPT_NONE)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_CRYPT_NONE=1)
+endif()
+
+option(ENABLE_MAC_NONE "Permit \"none\" MAC -- NOT RECOMMMENDED")
+add_feature_info("\"none\" MAC" ENABLE_MAC_NONE "")
+if(ENABLE_MAC_NONE)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_MAC_NONE=1)
+endif()
+
+option(ENABLE_GEX_NEW
+  "Enable diffie-hellman-group-exchange-sha1 method" ON)
+add_feature_info("diffie-hellman-group-exchange-sha1" ENABLE_GEX_NEW
+  "\"new\" diffie-hellman-group-exchange-sha1 method")
+if(ENABLE_GEX_NEW)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_DH_GEX_NEW=1)
+endif()
+
+# Enable debugging logging by default if the user configured a debug build
+if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+  set(DEBUG_LOGGING_DEFAULT ON)
+else()
+  set(DEBUG_LOGGING_DEFAULT OFF)
+endif()
+option(ENABLE_DEBUG_LOGGING "log execution with debug trace"
+  ${DEBUG_LOGGING_DEFAULT})
+add_feature_info(Logging ENABLE_DEBUG_LOGGING
+   "Logging of execution with debug trace")
+if(ENABLE_DEBUG_LOGGING)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2DEBUG)
+endif()
+
+## Platform checks
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(stdlib.h HAVE_STDLIB_H)
+check_include_files(sys/select.h HAVE_SYS_SELECT_H)
+
+check_include_files(sys/uio.h HAVE_SYS_UIO_H)
+check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
+check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H)
+check_include_files(sys/time.h HAVE_SYS_TIME_H)
+check_include_files(sys/un.h HAVE_SYS_UN_H)
+check_include_files(windows.h HAVE_WINDOWS_H)
+check_include_files(ws2tcpip.h HAVE_WS2TCPIP_H)
+check_include_files(winsock2.h HAVE_WINSOCK2_H)
+
+check_type_size("long long" LONGLONG)
+
+check_function_exists(gettimeofday HAVE_GETTIMEOFDAY)
+check_function_exists(strtoll HAVE_STRTOLL)
+check_function_exists(snprintf HAVE_SNPRINTF)
+
+if(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin" OR
+   ${CMAKE_SYSTEM_NAME} STREQUAL "Interix")
+  # poll() does not work on these platforms
+  #
+  # Interix: "does provide poll(), but the implementing developer must
+  # have been in a bad mood, because poll() only works on the /proc
+  # filesystem here"
+  #
+  # Mac OS X's poll has funny behaviors, like:
+  # not being able to do poll on no fildescriptors (10.3?)
+  # not being able to poll on some files (like anything in /dev)
+  # not having reliable timeout support
+  # inconsistent return of POLLHUP where other implementations give POLLIN
+  message("poll use is disabled on this platform")
+else()
+  check_function_exists(poll HAVE_POLL)
+endif()
+
+append_needed_socket_libraries(LIBRARIES)
+
+# Non-blocking socket support tests.  Must be after after library tests to
+# link correctly
+set(SAVE_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
+set(CMAKE_REQUIRED_LIBRARIES ${LIBRARIES})
+check_nonblocking_socket_support()
+set(CMAKE_REQUIRED_LIBRARIES ${SAVE_CMAKE_REQUIRED_LIBRARIES})
+
+configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in
+  ${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h)
+# to find generated header
+target_include_directories(libssh2 PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+
+# Check for the OS.
+# Daniel's note: this should not be necessary and we need to work to
+# get this removed.
+if(${CMAKE_SYSTEM_NAME} STREQUAL "Windows")
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_WIN32)
+elseif(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin")
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_DARWIN)
+endif()
+
+if(CMAKE_VERSION VERSION_LESS "2.8.12")
+  # Fall back to over-linking dependencies
+  target_link_libraries(libssh2 ${LIBRARIES})
+else()
+  target_link_libraries(libssh2 PRIVATE ${LIBRARIES})
+endif()
+
+## Installation
+
+install(FILES
+  ${CMAKE_SOURCE_DIR}/include/libssh2.h
+  ${CMAKE_SOURCE_DIR}/include/libssh2_publickey.h
+  ${CMAKE_SOURCE_DIR}/include/libssh2_sftp.h
+  DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
+
+install(TARGETS libssh2
+  EXPORT Libssh2Config
+  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+  LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+  ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+
+if(BUILD_SHARED_LIBS)
+  list(APPEND _RUNTIME_DEPENDENCIES $<TARGET_FILE:libssh2>)
+endif()
+
+set(RUNTIME_DEPENDENCIES ${_RUNTIME_DEPENDENCIES} CACHE INTERNAL
+    "Files that must be in the same directory as the executables at runtime.")
+
+# Package config
+
+## During package installation, install Libssh2Config.cmake
+install(EXPORT Libssh2Config
+  NAMESPACE Libssh2::
+  DESTINATION lib/cmake/libssh2)
+
+## During build, register directly from build tree
+# create Libssh2Config.cmake
+export(TARGETS libssh2 NAMESPACE Libssh2:: FILE Libssh2Config.cmake)
+export(PACKAGE Libssh2) # register it
+
+## Export a .pc file for client projects not using CMaek
+if(PC_REQUIRES_PRIVATE)
+  string(REPLACE ";" "," PC_REQUIRES_PRIVATE "${PC_REQUIRES_PRIVATE}")
+endif()
+if(PC_LIBS)
+  string(REPLACE ";" " " PC_LIBS "${PC_LIBS}")
+endif()
+configure_file(libssh2.pc.in libssh2.pc @ONLY)
+install(
+  FILES ${CMAKE_CURRENT_BINARY_DIR}/libssh2.pc
+  DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+## Versioning
+
+set_target_properties(libssh2 PROPERTIES
+  SOVERSION 1
+  VERSION 1.0.1)
+
+include(CMakePackageConfigHelpers)
+write_basic_package_version_file(
+  ${CMAKE_CURRENT_BINARY_DIR}/Libssh2ConfigVersion.cmake
+  VERSION "${LIBSSH2_VERSION_MAJOR}.${LIBSSH2_VERSION_MINOR}.${LIBSSH2_VERSION_PATCH}"
+  COMPATIBILITY SameMajorVersion)
+install(
+  FILES ${CMAKE_CURRENT_BINARY_DIR}/Libssh2ConfigVersion.cmake
+  DESTINATION lib/cmake/libssh2)

src/Makefile.am

@@ -1,6 +1,17 @@
 # $Id: Makefile.am,v 1.21 2009/05/07 17:21:56 bagder Exp $
 AUTOMAKE_OPTIONS = foreign nostdinc
 
+# Get the CRYPTO_CSOURCES and CRYPTO_HHEADERS defines
+if OPENSSL
+include ../Makefile.OpenSSL.inc
+endif
+if LIBGCRYPT
+include ../Makefile.libgcrypt.inc
+endif
+if WINCNG
+include ../Makefile.WinCNG.inc
+endif
+
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include ../Makefile.inc
 

src/NMakefile

@@ -4,15 +4,25 @@
 
 CFLAGS=$(CFLAGS)
 
+AR = lib
+ARFLAGS = -nologo /LTCG
+
 RESOURCE=$(INTDIR)\libssh2.res
-
 DLL=libssh2$(SUFFIX).dll
+STATICLIB=$(INTDIR)\libssh2.lib
 
+!if "$(BUILD_STATIC_LIB)" == ""
 all: $(DLL)
+!else
+all: $(STATICLIB)
+!endif
 
 $(DLL): $(OBJECTS) $(RESOURCE)
 	$(CC) -o $(DLL) $(DLLFLAGS) $(OBJECTS) $(RESOURCE) $(LIBS)
 
+$(STATICLIB): $(OBJECTS)
+	$(AR) $(ARFLAGS) -out:$@ $(OBJECTS)
+
 $(RESOURCE): win32\libssh2.rc
 	$(RC) $(RCFLAGS) /Fo"$@" $?
 

src/agent.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2009 by Daiki Ueno
- * Copyright (C) 2010 by Daniel Stenberg
+ * Copyright (C) 2010-2014 by Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -159,6 +159,8 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
 
     s_un.sun_family = AF_UNIX;
     strncpy (s_un.sun_path, path, sizeof s_un.sun_path);
+    s_un.sun_path[sizeof(s_un.sun_path)-1]=0; /* make sure there's a trailing
+                                                 zero */
     if (connect(agent->fd, (struct sockaddr*)(&s_un), sizeof s_un) != 0) {
         close (agent->fd);
         return _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL,
@@ -303,6 +305,12 @@ agent_transact_pageant(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx)
                               "failed setting up pageant filemap");
 
     p2 = p = MapViewOfFile(filemap, FILE_MAP_WRITE, 0, 0, 0);
+    if (p == NULL || p2 == NULL) {
+        CloseHandle(filemap);
+        return _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL,
+                              "failed to open pageant filemap for writing");
+    }
+
     _libssh2_store_str(&p2, (const char *)transctx->request,
                        transctx->request_len);
 
@@ -537,18 +545,17 @@ agent_list_identities(LIBSSH2_AGENT *agent)
         struct agent_publickey *identity;
         ssize_t comment_len;
 
-        identity = LIBSSH2_ALLOC(agent->session, sizeof *identity);
-        if (!identity) {
-            rc = LIBSSH2_ERROR_ALLOC;
-            goto error;
-        }
-
         /* Read the length of the blob */
         len -= 4;
         if (len < 0) {
             rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
             goto error;
         }
+        identity = LIBSSH2_ALLOC(agent->session, sizeof *identity);
+        if (!identity) {
+            rc = LIBSSH2_ERROR_ALLOC;
+            goto error;
+        }
         identity->external.blob_len = _libssh2_ntohu32(s);
         s += 4;
 
@@ -556,12 +563,15 @@ agent_list_identities(LIBSSH2_AGENT *agent)
         len -= identity->external.blob_len;
         if (len < 0) {
             rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            LIBSSH2_FREE(agent->session, identity);
             goto error;
         }
+
         identity->external.blob = LIBSSH2_ALLOC(agent->session,
                                                 identity->external.blob_len);
         if (!identity->external.blob) {
             rc = LIBSSH2_ERROR_ALLOC;
+            LIBSSH2_FREE(agent->session, identity);
             goto error;
         }
         memcpy(identity->external.blob, s, identity->external.blob_len);
@@ -571,6 +581,8 @@ agent_list_identities(LIBSSH2_AGENT *agent)
         len -= 4;
         if (len < 0) {
             rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            LIBSSH2_FREE(agent->session, identity->external.blob);
+            LIBSSH2_FREE(agent->session, identity);
             goto error;
         }
         comment_len = _libssh2_ntohu32(s);
@@ -580,12 +592,17 @@ agent_list_identities(LIBSSH2_AGENT *agent)
         len -= comment_len;
         if (len < 0) {
             rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            LIBSSH2_FREE(agent->session, identity->external.blob);
+            LIBSSH2_FREE(agent->session, identity);
             goto error;
         }
+
         identity->external.comment = LIBSSH2_ALLOC(agent->session,
                                                    comment_len + 1);
         if (!identity->external.comment) {
             rc = LIBSSH2_ERROR_ALLOC;
+            LIBSSH2_FREE(agent->session, identity->external.blob);
+            LIBSSH2_FREE(agent->session, identity);
             goto error;
         }
         identity->external.comment[comment_len] = '\0';
@@ -645,13 +662,13 @@ libssh2_agent_init(LIBSSH2_SESSION *session)
 {
     LIBSSH2_AGENT *agent;
 
-    agent = LIBSSH2_ALLOC(session, sizeof *agent);
+    agent = LIBSSH2_CALLOC(session, sizeof *agent);
     if (!agent) {
         _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                        "Unable to allocate space for agent connection");
         return NULL;
     }
-    memset(agent, 0, sizeof *agent);
+    agent->fd = LIBSSH2_INVALID_SOCKET;
     agent->session = session;
     _libssh2_list_init(&agent->head);
 
@@ -698,7 +715,7 @@ libssh2_agent_list_identities(LIBSSH2_AGENT *agent)
  * libssh2_agent_get_identity()
  *
  * Traverse the internal list of public keys. Pass NULL to 'prev' to get
- * the first one. Or pass a poiner to the previously returned one to get the
+ * the first one. Or pass a pointer to the previously returned one to get the
  * next.
  *
  * Returns:

src/channel.c

@@ -1,6 +1,6 @@
 /* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org>
  * Copyright (c) 2005 Mikhail Gusarov <dottedmag@dottedmag.net>
- * Copyright (c) 2008-2011 by Daniel Stenberg
+ * Copyright (c) 2008-2014 by Daniel Stenberg
  *
  * All rights reserved.
  *
@@ -158,14 +158,12 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type,
                        "Opening Channel - win %d pack %d", window_size,
                        packet_size);
         session->open_channel =
-            LIBSSH2_ALLOC(session, sizeof(LIBSSH2_CHANNEL));
+            LIBSSH2_CALLOC(session, sizeof(LIBSSH2_CHANNEL));
         if (!session->open_channel) {
             _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                            "Unable to allocate space for channel data");
             return NULL;
         }
-        memset(session->open_channel, 0, sizeof(LIBSSH2_CHANNEL));
-
         session->open_channel->channel_type_len = channel_type_len;
         session->open_channel->channel_type =
             LIBSSH2_ALLOC(session, channel_type_len);
@@ -268,8 +266,28 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type,
         }
 
         if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) {
-            _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
-                           "Channel open failure");
+            unsigned int reason_code = _libssh2_ntohu32(session->open_data + 5);
+            switch (reason_code) {
+            case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (admininstratively prohibited)");
+                break;
+            case SSH_OPEN_CONNECT_FAILED:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (connect failed)");
+                break;
+            case SSH_OPEN_UNKNOWN_CHANNELTYPE:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (unknown channel type)");
+                break;
+            case SSH_OPEN_RESOURCE_SHORTAGE:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (resource shortage)");
+                break;
+            default:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure");
+            }
         }
     }
 
@@ -451,7 +469,7 @@ channel_forward_listen(LIBSSH2_SESSION * session, const char *host,
             LIBSSH2_ALLOC(session, session->fwdLstn_packet_len);
         if (!session->fwdLstn_packet) {
             _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
-                           "Unable to allocate memeory for setenv packet");
+                           "Unable to allocate memory for setenv packet");
             return NULL;
         }
 
@@ -509,12 +527,11 @@ channel_forward_listen(LIBSSH2_SESSION * session, const char *host,
         if (data[0] == SSH_MSG_REQUEST_SUCCESS) {
             LIBSSH2_LISTENER *listener;
 
-            listener = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_LISTENER));
+            listener = LIBSSH2_CALLOC(session, sizeof(LIBSSH2_LISTENER));
             if (!listener)
                 _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                                "Unable to allocate memory for listener queue");
             else {
-                memset(listener, 0, sizeof(LIBSSH2_LISTENER));
                 listener->host =
                     LIBSSH2_ALLOC(session, session->fwdLstn_host_len + 1);
                 if (!listener->host) {
@@ -525,8 +542,7 @@ channel_forward_listen(LIBSSH2_SESSION * session, const char *host,
                 }
                 else {
                     listener->session = session;
-                    memcpy(listener->host, host ? host : "0.0.0.0",
-                           session->fwdLstn_host_len);
+                    memcpy(listener->host, host, session->fwdLstn_host_len);
                     listener->host[session->fwdLstn_host_len] = 0;
                     if (data_len >= 5 && !port) {
                         listener->port = _libssh2_ntohu32(data + 1);
@@ -606,6 +622,7 @@ int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener)
     size_t packet_len =
         host_len + 14 + sizeof("cancel-tcpip-forward") - 1;
     int rc;
+    int retcode = 0;
 
     if (listener->chanFwdCncl_state == libssh2_NB_state_idle) {
         _libssh2_debug(session, LIBSSH2_TRACE_CONN,
@@ -615,7 +632,7 @@ int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener)
         s = packet = LIBSSH2_ALLOC(session, packet_len);
         if (!packet) {
             _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
-                           "Unable to allocate memeory for setenv packet");
+                           "Unable to allocate memory for setenv packet");
             return LIBSSH2_ERROR_ALLOC;
         }
 
@@ -644,9 +661,11 @@ int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener)
             _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
                            "Unable to send global-request packet for forward "
                            "listen request");
-            LIBSSH2_FREE(session, packet);
-            listener->chanFwdCncl_state = libssh2_NB_state_idle;
-            return LIBSSH2_ERROR_SOCKET_SEND;
+            /* set the state to something we don't check for, for the
+               unfortunate situation where we get an EAGAIN further down
+               when trying to bail out due to errors! */
+            listener->chanFwdCncl_state = libssh2_NB_state_sent;
+            retcode = LIBSSH2_ERROR_SOCKET_SEND;
         }
         LIBSSH2_FREE(session, packet);
 
@@ -670,9 +689,7 @@ int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener)
 
     LIBSSH2_FREE(session, listener);
 
-    listener->chanFwdCncl_state = libssh2_NB_state_idle;
-
-    return 0;
+    return retcode;
 }
 
 /*
@@ -787,7 +804,7 @@ static int channel_setenv(LIBSSH2_CHANNEL *channel,
             LIBSSH2_ALLOC(session, channel->setenv_packet_len);
         if (!channel->setenv_packet) {
             return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
-                                  "Unable to allocate memeory "
+                                  "Unable to allocate memory "
                                   "for setenv packet");
         }
 
@@ -1413,6 +1430,9 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid)
         channel->flush_state = libssh2_NB_state_created;
     }
 
+    channel->read_avail -= channel->flush_flush_bytes;
+    channel->remote.window_size -= channel->flush_flush_bytes;
+
     if (channel->flush_refund_bytes) {
         int rc;
 
@@ -1543,6 +1563,9 @@ _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel,
 {
     int rc;
 
+    if(store)
+        *store = channel->remote.window_size;
+
     if (channel->adjust_state == libssh2_NB_state_idle) {
         if (!force
             && (adjustment + channel->adjust_queue <
@@ -1552,14 +1575,10 @@ _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel,
                            "for channel %lu/%lu",
                            adjustment, channel->local.id, channel->remote.id);
             channel->adjust_queue += adjustment;
-            if(store)
-                *store = channel->remote.window_size;
             return 0;
         }
 
         if (!adjustment && !channel->adjust_queue) {
-            if(store)
-                *store = channel->remote.window_size;
             return 0;
         }
 
@@ -1597,8 +1616,6 @@ _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel,
 
     channel->adjust_state = libssh2_NB_state_idle;
 
-    if(store)
-        *store = channel->remote.window_size;
     return 0;
 }
 
@@ -1624,7 +1641,7 @@ libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL *channel,
     int rc;
 
     if(!channel)
-        return LIBSSH2_ERROR_BAD_USE;
+        return (unsigned long)LIBSSH2_ERROR_BAD_USE;
 
     BLOCK_ADJUST(rc, channel->session,
                  _libssh2_channel_receive_window_adjust(channel, adj,
@@ -1671,7 +1688,7 @@ _libssh2_channel_extended_data(LIBSSH2_CHANNEL *channel, int ignore_mode)
                        "Setting channel %lu/%lu handle_extended_data"
                        " mode to %d",
                        channel->local.id, channel->remote.id, ignore_mode);
-        channel->remote.extended_data_ignore_mode = ignore_mode;
+        channel->remote.extended_data_ignore_mode = (char)ignore_mode;
 
         channel->extData2_state = libssh2_NB_state_created;
     }
@@ -1750,22 +1767,36 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id,
     LIBSSH2_PACKET *read_packet;
     LIBSSH2_PACKET *read_next;
 
-    if (channel->read_state == libssh2_NB_state_idle) {
-        _libssh2_debug(session, LIBSSH2_TRACE_CONN,
-                       "channel_read() wants %d bytes from channel %lu/%lu "
-                       "stream #%d",
-                       (int) buflen, channel->local.id, channel->remote.id,
-                       stream_id);
-        channel->read_state = libssh2_NB_state_created;
+    _libssh2_debug(session, LIBSSH2_TRACE_CONN,
+                   "channel_read() wants %d bytes from channel %lu/%lu "
+                   "stream #%d",
+                   (int) buflen, channel->local.id, channel->remote.id,
+                   stream_id);
+
+    /* expand the receiving window first if it has become too narrow */
+    if( (channel->read_state == libssh2_NB_state_jump1) ||
+        (channel->remote.window_size < channel->remote.window_size_initial / 4 * 3 + buflen) ) {
+
+        uint32_t adjustment = channel->remote.window_size_initial + buflen - channel->remote.window_size;
+        if (adjustment < LIBSSH2_CHANNEL_MINADJUST)
+            adjustment = LIBSSH2_CHANNEL_MINADJUST;
+
+        /* the actual window adjusting may not finish so we need to deal with
+           this special state here */
+        channel->read_state = libssh2_NB_state_jump1;
+        rc = _libssh2_channel_receive_window_adjust(channel, adjustment,
+                                                    0, NULL);
+        if (rc)
+            return rc;
+
+        channel->read_state = libssh2_NB_state_idle;
     }
 
-    rc = 1; /* set to >0 to let the while loop start */
-
-    /* Process all pending incoming packets in all states in order to "even
-       out" the network readings. Tests prove that this way produces faster
-       transfers. */
-    while (rc > 0)
+    /* Process all pending incoming packets. Tests prove that this way
+       produces faster transfers. */
+    do {
         rc = _libssh2_transport_read(session);
+    } while (rc > 0);
 
     if ((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN))
         return _libssh2_error(session, rc, "transport read");
@@ -1847,8 +1878,6 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id,
     }
 
     if (!bytes_read) {
-        channel->read_state = libssh2_NB_state_idle;
-
         /* If the channel is already at EOF or even closed, we need to signal
            that back. We may have gotten that info while draining the incoming
            transport layer until EAGAIN so we must not be fooled by that
@@ -1861,11 +1890,9 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id,
         /* if the transport layer said EAGAIN then we say so as well */
         return _libssh2_error(session, rc, "would block");
     }
-    else
-        /* make sure we remain in the created state to focus on emptying the
-           data we already have in the packet brigade before we try to read
-           more off the network again */
-        channel->read_state = libssh2_NB_state_created;
+
+    channel->read_avail -= bytes_read;
+    channel->remote.window_size -= bytes_read;
 
     return bytes_read;
 }
@@ -2009,12 +2036,22 @@ _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id,
             rc = _libssh2_transport_read(session);
         while (rc > 0);
 
-        if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN))
-            return rc;
+        if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN)) {
+            return _libssh2_error(channel->session, rc,
+                                  "Failure while draining incoming flow");
+        }
 
-        if(channel->local.window_size <= 0)
+        if(channel->local.window_size <= 0) {
             /* there's no room for data so we stop */
+
+            /* Waiting on the socket to be writable would be wrong because we
+             * would be back here immediately, but a readable socket might
+             * herald an incoming window adjustment.
+             */
+            session->socket_block_directions = LIBSSH2_SESSION_BLOCK_INBOUND;
+
             return (rc==LIBSSH2_ERROR_EAGAIN?rc:0);
+        }
 
         channel->write_bufwrite = buflen;
 
@@ -2251,7 +2288,6 @@ int _libssh2_channel_close(LIBSSH2_CHANNEL * channel)
 {
     LIBSSH2_SESSION *session = channel->session;
     int rc = 0;
-    int retcode;
 
     if (channel->local.close) {
         /* Already closed, act like we sent another close,
@@ -2260,9 +2296,15 @@ int _libssh2_channel_close(LIBSSH2_CHANNEL * channel)
         return 0;
     }
 
-    if (!channel->local.eof)
-        if ((retcode = channel_send_eof(channel)))
-            return retcode;
+    if (!channel->local.eof) {
+        if ((rc = channel_send_eof(channel))) {
+            if (rc == LIBSSH2_ERROR_EAGAIN) {
+                return rc;
+            }
+            _libssh2_error(session, rc,
+                "Unable to send EOF, but closing channel anyway");
+        }
+    }
 
     /* ignore if we have received a remote eof or not, as it is now too
        late for us to wait for it. Continue closing! */
@@ -2278,19 +2320,22 @@ int _libssh2_channel_close(LIBSSH2_CHANNEL * channel)
     }
 
     if (channel->close_state == libssh2_NB_state_created) {
-        retcode = _libssh2_transport_send(session, channel->close_packet, 5,
-                                          NULL, 0);
-        if (retcode == LIBSSH2_ERROR_EAGAIN) {
+        rc = _libssh2_transport_send(session, channel->close_packet, 5,
+                                     NULL, 0);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
             _libssh2_error(session, rc,
                            "Would block sending close-channel");
-            return retcode;
-        } else if (retcode) {
-            channel->close_state = libssh2_NB_state_idle;
-            return _libssh2_error(session, retcode,
-                                  "Unable to send close-channel request");
-        }
+            return rc;
 
-        channel->close_state = libssh2_NB_state_sent;
+        } else if (rc) {
+            _libssh2_error(session, rc,
+                           "Unable to send close-channel request, "
+                           "but closing anyway");
+            /* skip waiting for the response and fall through to
+               LIBSSH2_CHANNEL_CLOSE below */
+
+        } else
+            channel->close_state = libssh2_NB_state_sent;
     }
 
     if (channel->close_state == libssh2_NB_state_sent) {
@@ -2550,7 +2595,7 @@ libssh2_channel_window_read_ex(LIBSSH2_CHANNEL *channel,
  * libssh2_channel_window_write_ex
  *
  * Check the status of the write window Returns the number of bytes which may
- * be safely writen on the channel without blocking window_size_initial (if
+ * be safely written on the channel without blocking window_size_initial (if
  * passed) will be populated with the size of the initial window as defined by
  * the channel_open request
  */

src/comp.c

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
- * Copyright (c) 2010, Daniel Stenberg <daniel@haxx.se>
+ * Copyright (c) 2010-2014, Daniel Stenberg <daniel@haxx.se>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -141,13 +141,12 @@ comp_method_zlib_init(LIBSSH2_SESSION * session, int compr,
     z_stream *strm;
     int status;
 
-    strm = LIBSSH2_ALLOC(session, sizeof(z_stream));
+    strm = LIBSSH2_CALLOC(session, sizeof(z_stream));
     if (!strm) {
         return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                               "Unable to allocate memory for "
                               "zlib compression/decompression");
     }
-    memset(strm, 0, sizeof(z_stream));
 
     strm->opaque = (voidpf) session;
     strm->zalloc = (alloc_func) comp_method_zlib_alloc;
@@ -198,15 +197,14 @@ comp_method_zlib_comp(LIBSSH2_SESSION *session,
 
     status = deflate(strm, Z_PARTIAL_FLUSH);
 
-    if (status != Z_OK) {
-        _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
-                       "unhandled zlib compression error %d", status);
-        return _libssh2_error(session, LIBSSH2_ERROR_ZLIB,
-                              "compression failure");
+    if ((status == Z_OK) && (strm->avail_out > 0)) {
+        *dest_len = out_maxlen - strm->avail_out;
+        return 0;
     }
 
-    *dest_len = out_maxlen - strm->avail_out;
-    return 0;
+    _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
+                   "unhandled zlib compression error %d, avail_out", status, strm->avail_out);
+    return _libssh2_error(session, LIBSSH2_ERROR_ZLIB, "compression failure");
 }
 
 /*
@@ -226,13 +224,12 @@ comp_method_zlib_decomp(LIBSSH2_SESSION * session,
     /* A short-term alloc of a full data chunk is better than a series of
        reallocs */
     char *out;
-    int out_maxlen = 8 * src_len;
-    int limiter = 0;
+    int out_maxlen = 4 * src_len;
 
     /* If strm is null, then we have not yet been initialized. */
     if (strm == NULL)
         return _libssh2_error(session, LIBSSH2_ERROR_COMPRESS,
-                              "decompression unitilized");;
+                              "decompression uninitialized");;
 
     /* In practice they never come smaller than this */
     if (out_maxlen < 25)
@@ -252,19 +249,19 @@ comp_method_zlib_decomp(LIBSSH2_SESSION * session,
 
     /* Loop until it's all inflated or hit error */
     for (;;) {
-        int status, grow_size;
+        int status;
         size_t out_ofs;
         char *newout;
 
         status = inflate(strm, Z_PARTIAL_FLUSH);
 
         if (status == Z_OK) {
-            if (! strm->avail_in) {
-                /* status is OK and input all used so we're done */
+            if (strm->avail_out > 0)
+                /* status is OK and the output buffer has not been exhausted so we're done */
                 break;
-            }
         } else if (status == Z_BUF_ERROR) {
-            /* This is OK, just drop through to grow the buffer */
+            /* the input data has been exhausted so we are done */
+            break;
         } else {
             /* error state */
             LIBSSH2_FREE(session, out);
@@ -274,22 +271,15 @@ comp_method_zlib_decomp(LIBSSH2_SESSION * session,
                                   "decompression failure");
         }
 
-        /* If we get here we need to grow the output buffer and try again */
-        out_ofs = out_maxlen - strm->avail_out;
-        if (strm->avail_in) {
-            grow_size = strm->avail_in * 8;
-        } else {
-            /* Not sure how much to grow by */
-            grow_size = 32;
-        }
-        out_maxlen += grow_size;
-
-        if ((out_maxlen > (int) payload_limit) && limiter++) {
+        if (out_maxlen >= (int) payload_limit) {
             LIBSSH2_FREE(session, out);
             return _libssh2_error(session, LIBSSH2_ERROR_ZLIB,
                                   "Excessive growth in decompression phase");
         }
 
+        /* If we get here we need to grow the output buffer and try again */
+        out_ofs = out_maxlen - strm->avail_out;
+        out_maxlen *= 2;
         newout = LIBSSH2_REALLOC(session, out, out_maxlen);
         if (!newout) {
             LIBSSH2_FREE(session, out);
@@ -298,7 +288,7 @@ comp_method_zlib_decomp(LIBSSH2_SESSION * session,
         }
         out = newout;
         strm->next_out = (unsigned char *) out + out_ofs;
-        strm->avail_out += grow_size;
+        strm->avail_out = out_maxlen - out_ofs;
     }
 
     *dest = (unsigned char *) out;

src/crypto.h

@@ -38,10 +38,16 @@
 #ifndef LIBSSH2_CRYPTO_H
 #define LIBSSH2_CRYPTO_H
 
+#ifdef LIBSSH2_OPENSSL
+#include "openssl.h"
+#endif
+
 #ifdef LIBSSH2_LIBGCRYPT
 #include "libgcrypt.h"
-#else
-#include "openssl.h"
+#endif
+
+#ifdef LIBSSH2_WINCNG
+#include "wincng.h"
 #endif
 
 int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
@@ -74,6 +80,10 @@ int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
                            size_t hash_len,
                            unsigned char **signature,
                            size_t *signature_len);
+int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
+                                        LIBSSH2_SESSION * session,
+                                        const char *filedata, size_t filedata_len,
+                                        unsigned const char *passphrase);
 
 #if LIBSSH2_DSA
 int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa,
@@ -96,6 +106,10 @@ int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
 int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
                            const unsigned char *hash,
                            unsigned long hash_len, unsigned char *sig);
+int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
+                                        LIBSSH2_SESSION * session,
+                                        const char *filedata, size_t filedata_len,
+                                        unsigned const char *passphrase);
 #endif
 
 int _libssh2_cipher_init(_libssh2_cipher_ctx * h,
@@ -114,6 +128,14 @@ int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                               size_t *pubkeydata_len,
                               const char *privatekey,
                               const char *passphrase);
+int _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                    unsigned char **method,
+                                    size_t *method_len,
+                                    unsigned char **pubkeydata,
+                                    size_t *pubkeydata_len,
+                                    const char *privatekeydata,
+                                    size_t privatekeydata_len,
+                                    const char *passphrase);
 
 void _libssh2_init_aes_ctr(void);
 

src/hostkey.c

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
- * Copyright (c) 2009 by Daniel Stenberg
+ * Copyright (c) 2009-2014 by Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -130,6 +130,38 @@ hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session,
     return 0;
 }
 
+/*
+ * hostkey_method_ssh_rsa_initPEMFromMemory
+ *
+ * Load a Private Key from a memory
+ */
+static int
+hostkey_method_ssh_rsa_initPEMFromMemory(LIBSSH2_SESSION * session,
+                                         const char *privkeyfiledata,
+                                         size_t privkeyfiledata_len,
+                                         unsigned const char *passphrase,
+                                         void **abstract)
+{
+    libssh2_rsa_ctx *rsactx;
+    int ret;
+
+    if (*abstract) {
+        hostkey_method_ssh_rsa_dtor(session, abstract);
+        *abstract = NULL;
+    }
+
+    ret = _libssh2_rsa_new_private_frommemory(&rsactx, session,
+                                              privkeyfiledata,
+                                              privkeyfiledata_len, passphrase);
+    if (ret) {
+        return -1;
+    }
+
+    *abstract = rsactx;
+
+    return 0;
+}
+
 /*
  * hostkey_method_ssh_rsa_sign
  *
@@ -208,6 +240,7 @@ static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ssh_rsa = {
     MD5_DIGEST_LENGTH,
     hostkey_method_ssh_rsa_init,
     hostkey_method_ssh_rsa_initPEM,
+    hostkey_method_ssh_rsa_initPEMFromMemory,
     hostkey_method_ssh_rsa_sig_verify,
     hostkey_method_ssh_rsa_signv,
     NULL,                       /* encrypt */
@@ -305,6 +338,38 @@ hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session,
     return 0;
 }
 
+/*
+ * hostkey_method_ssh_dss_initPEMFromMemory
+ *
+ * Load a Private Key from memory
+ */
+static int
+hostkey_method_ssh_dss_initPEMFromMemory(LIBSSH2_SESSION * session,
+                                         const char *privkeyfiledata,
+                                         size_t privkeyfiledata_len,
+                                         unsigned const char *passphrase,
+                                         void **abstract)
+{
+    libssh2_dsa_ctx *dsactx;
+    int ret;
+
+    if (*abstract) {
+        hostkey_method_ssh_dss_dtor(session, abstract);
+        *abstract = NULL;
+    }
+
+    ret = _libssh2_dsa_new_private_frommemory(&dsactx, session,
+                                              privkeyfiledata,
+                                              privkeyfiledata_len, passphrase);
+    if (ret) {
+        return -1;
+    }
+
+    *abstract = dsactx;
+
+    return 0;
+}
+
 /*
  * libssh2_hostkey_method_ssh_dss_sign
  *
@@ -347,13 +412,12 @@ hostkey_method_ssh_dss_signv(LIBSSH2_SESSION * session,
     libssh2_sha1_ctx ctx;
     int i;
 
-    *signature = LIBSSH2_ALLOC(session, 2 * SHA_DIGEST_LENGTH);
+    *signature = LIBSSH2_CALLOC(session, 2 * SHA_DIGEST_LENGTH);
     if (!*signature) {
         return -1;
     }
 
     *signature_len = 2 * SHA_DIGEST_LENGTH;
-    memset(*signature, 0, 2 * SHA_DIGEST_LENGTH);
 
     libssh2_sha1_init(&ctx);
     for(i = 0; i < veccount; i++) {
@@ -392,6 +456,7 @@ static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ssh_dss = {
     MD5_DIGEST_LENGTH,
     hostkey_method_ssh_dss_init,
     hostkey_method_ssh_dss_initPEM,
+    hostkey_method_ssh_dss_initPEMFromMemory,
     hostkey_method_ssh_dss_sig_verify,
     hostkey_method_ssh_dss_signv,
     NULL,                       /* encrypt */
@@ -435,7 +500,9 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
         break;
 #endif /* LIBSSH2_MD5 */
     case LIBSSH2_HOSTKEY_HASH_SHA1:
-        return (char *) session->server_hostkey_sha1;
+        return (session->server_hostkey_sha1_valid)
+          ? (char *) session->server_hostkey_sha1
+          : NULL;
         break;
     default:
         return NULL;

src/keepalive.c

@@ -75,7 +75,8 @@ libssh2_keepalive_send (LIBSSH2_SESSION *session,
         size_t len = sizeof (keepalive_data) - 1;
         int rc;
 
-        keepalive_data[len - 1] = session->keepalive_want_reply;
+        keepalive_data[len - 1] =
+            (unsigned char)session->keepalive_want_reply;
 
         rc = _libssh2_transport_send(session, keepalive_data, len, NULL, 0);
         /* Silently ignore PACKET_EAGAIN here: if the write buffer is
@@ -90,8 +91,8 @@ libssh2_keepalive_send (LIBSSH2_SESSION *session,
         if (seconds_to_next)
             *seconds_to_next = session->keepalive_interval;
     } else if (seconds_to_next) {
-        *seconds_to_next = (int) session->keepalive_last_sent
-            + session->keepalive_interval - now;
+        *seconds_to_next = (int) (session->keepalive_last_sent - now)
+            + session->keepalive_interval;
     }
 
     return 0;

src/kex.c

@@ -96,7 +96,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
         exchange_state->ctx = _libssh2_bn_ctx_new();
         exchange_state->x = _libssh2_bn_init(); /* Random from client */
         exchange_state->e = _libssh2_bn_init(); /* g^x mod p */
-        exchange_state->f = _libssh2_bn_init(); /* g^(Random from server) mod p */
+        exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from server) mod p */
         exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */
 
         /* Zero the whole thing out */
@@ -221,7 +221,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
             if (libssh2_md5_init(&fingerprint_ctx)) {
                 libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
                                    session->server_hostkey_len);
-                libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
+                libssh2_md5_final(fingerprint_ctx,
+                                  session->server_hostkey_md5);
                 session->server_hostkey_md5_valid = TRUE;
             }
             else {
@@ -245,10 +246,16 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
         {
             libssh2_sha1_ctx fingerprint_ctx;
 
-            libssh2_sha1_init(&fingerprint_ctx);
-            libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,
-                                session->server_hostkey_len);
-            libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1);
+            if (libssh2_sha1_init(&fingerprint_ctx)) {
+                libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,
+                                    session->server_hostkey_len);
+                libssh2_sha1_final(fingerprint_ctx,
+                                   session->server_hostkey_sha1);
+                session->server_hostkey_sha1_valid = TRUE;
+            }
+            else {
+                session->server_hostkey_sha1_valid = FALSE;
+            }
         }
 #ifdef LIBSSH2DEBUG
         {
@@ -708,7 +715,7 @@ kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SESSION *session,
 
     if (key_state->state == libssh2_NB_state_idle) {
         /* g == 2 */
-        key_state->p = _libssh2_bn_init();      /* SSH2 defined value (p_value) */
+        key_state->p = _libssh2_bn_init_from_bin();      /* SSH2 defined value (p_value) */
         key_state->g = _libssh2_bn_init();      /* SSH2 defined value (2) */
 
         /* Initialize P and G */
@@ -783,7 +790,7 @@ kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_SESSION *session,
     int ret;
 
     if (key_state->state == libssh2_NB_state_idle) {
-        key_state->p = _libssh2_bn_init();      /* SSH2 defined value (p_value) */
+        key_state->p = _libssh2_bn_init_from_bin();      /* SSH2 defined value (p_value) */
         key_state->g = _libssh2_bn_init();      /* SSH2 defined value (2) */
 
         /* g == 2 */
@@ -827,8 +834,8 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
     int rc;
 
     if (key_state->state == libssh2_NB_state_idle) {
-        key_state->p = _libssh2_bn_init();
-        key_state->g = _libssh2_bn_init();
+        key_state->p = _libssh2_bn_init_from_bin();
+        key_state->g = _libssh2_bn_init_from_bin();
         /* Ask for a P and G pair */
 #ifdef LIBSSH2_DH_GEX_NEW
         key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST;
@@ -1549,6 +1556,30 @@ static int kex_agree_comp(LIBSSH2_SESSION *session,
  * The Client gets to make the final call on "agreed methods"
  */
 
+/*
+ * kex_string_pair() extracts a string from the packet and makes sure it fits
+ * within the given packet.
+ */
+static int kex_string_pair(unsigned char **sp,   /* parsing position */
+                           unsigned char *data,  /* start pointer to packet */
+                           size_t data_len,      /* size of total packet */
+                           size_t *lenp,         /* length of the string */
+                           unsigned char **strp) /* pointer to string start */
+{
+    unsigned char *s = *sp;
+    *lenp = _libssh2_ntohu32(s);
+
+    /* the length of the string must fit within the current pointer and the
+       end of the packet */
+    if (*lenp > (data_len - (s - data) -4))
+        return 1;
+    *strp = s + 4;
+    s += 4 + *lenp;
+
+    *sp = s;
+    return 0;
+}
+
 /* kex_agree_methods
  * Decide which specific method to use of the methods offered by each party
  */
@@ -1568,38 +1599,23 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data,
     s += 16;
 
     /* Locate each string */
-    kex_len = _libssh2_ntohu32(s);
-    kex = s + 4;
-    s += 4 + kex_len;
-    hostkey_len = _libssh2_ntohu32(s);
-    hostkey = s + 4;
-    s += 4 + hostkey_len;
-    crypt_cs_len = _libssh2_ntohu32(s);
-    crypt_cs = s + 4;
-    s += 4 + crypt_cs_len;
-    crypt_sc_len = _libssh2_ntohu32(s);
-    crypt_sc = s + 4;
-    s += 4 + crypt_sc_len;
-    mac_cs_len = _libssh2_ntohu32(s);
-    mac_cs = s + 4;
-    s += 4 + mac_cs_len;
-    mac_sc_len = _libssh2_ntohu32(s);
-    mac_sc = s + 4;
-    s += 4 + mac_sc_len;
-    comp_cs_len = _libssh2_ntohu32(s);
-    comp_cs = s + 4;
-    s += 4 + comp_cs_len;
-    comp_sc_len = _libssh2_ntohu32(s);
-    comp_sc = s + 4;
-#if 0
-    s += 4 + comp_sc_len;
-    lang_cs_len = _libssh2_ntohu32(s);
-    lang_cs = s + 4;
-    s += 4 + lang_cs_len;
-    lang_sc_len = _libssh2_ntohu32(s);
-    lang_sc = s + 4;
-    s += 4 + lang_sc_len;
-#endif
+    if(kex_string_pair(&s, data, data_len, &kex_len, &kex))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &hostkey_len, &hostkey))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &crypt_cs_len, &crypt_cs))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &crypt_sc_len, &crypt_sc))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &mac_cs_len, &mac_cs))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &mac_sc_len, &mac_sc))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &comp_cs_len, &comp_cs))
+       return -1;
+    if(kex_string_pair(&s, data, data_len, &comp_sc_len, &comp_sc))
+       return -1;
+
     /* If the server sent an optimistic packet, assume that it guessed wrong.
      * If the guess is determined to be right (by kex_agree_kex_hostkey)
      * This flag will be reset to zero so that it's not ignored */
@@ -1756,7 +1772,7 @@ _libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
         key_state->state = libssh2_NB_state_sent2;
     }
 
-    if (rc == 0) {
+    if (rc == 0 && session->kex) {
         if (key_state->state == libssh2_NB_state_sent2) {
             retcode = session->kex->exchange_keys(session,
                                                   &key_state->key_state_low);
@@ -1866,7 +1882,7 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
     }
     memcpy(s, prefs, prefs_len + 1);
 
-    while (s && *s) {
+    while (s && *s && mlist) {
         char *p = strchr(s, ',');
         int method_len = p ? (p - s) : (int) strlen(s);
 

src/knownhost.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009-2011 by Daniel Stenberg
+ * Copyright (c) 2009-2014 by Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -50,7 +50,11 @@ struct known_host {
     size_t salt_len; /* size of salt */
     char *key;       /* the (allocated) associated key. This is kept base64
                         encoded in memory. */
-    char *comment;   /* the (allocated) optional comment text, may be NULL */
+    char *key_type_name; /* the (allocated) key type name */
+    size_t key_type_len; /* size of key_type_name */
+    char *comment;       /* the (allocated) optional comment text, may be
+                            NULL */
+    size_t comment_len;  /* the size of comment */
 
     /* this is the struct we expose externally */
     struct libssh2_knownhost external;
@@ -67,6 +71,8 @@ static void free_host(LIBSSH2_SESSION *session, struct known_host *entry)
     if(entry) {
         if(entry->comment)
             LIBSSH2_FREE(session, entry->comment);
+        if (entry->key_type_name)
+            LIBSSH2_FREE(session, entry->key_type_name);
         if(entry->key)
             LIBSSH2_FREE(session, entry->key);
         if(entry->salt)
@@ -127,6 +133,7 @@ static struct libssh2_knownhost *knownhost_to_external(struct known_host *node)
 static int
 knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
               const char *host, const char *salt,
+              const char *key_type_name, size_t key_type_len,
               const char *key, size_t keylen,
               const char *comment, size_t commentlen,
               int typemask, struct libssh2_knownhost **store)
@@ -142,13 +149,11 @@ knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
         return _libssh2_error(hosts->session, LIBSSH2_ERROR_INVAL,
                               "No key type set");
 
-    if(!(entry = LIBSSH2_ALLOC(hosts->session, sizeof(struct known_host))))
+    if(!(entry = LIBSSH2_CALLOC(hosts->session, sizeof(struct known_host))))
         return _libssh2_error(hosts->session, LIBSSH2_ERROR_ALLOC,
                               "Unable to allocate memory for known host "
                               "entry");
 
-    memset(entry, 0, sizeof(struct known_host));
-
     entry->typemask = typemask;
 
     switch(entry->typemask  & LIBSSH2_KNOWNHOST_TYPE_MASK) {
@@ -161,6 +166,7 @@ knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
             goto error;
         }
         memcpy(entry->name, host, hostlen+1);
+        entry->name_len = hostlen;
         break;
     case LIBSSH2_KNOWNHOST_TYPE_SHA1:
         rc = libssh2_base64_decode(hosts->session, &ptr, &ptrlen,
@@ -210,6 +216,19 @@ knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
         entry->key = ptr;
     }
 
+    if (key_type_name && ((typemask & LIBSSH2_KNOWNHOST_KEY_MASK) ==
+                          LIBSSH2_KNOWNHOST_KEY_UNKNOWN)) {
+        entry->key_type_name = LIBSSH2_ALLOC(hosts->session, key_type_len+1);
+        if (!entry->key_type_name) {
+            rc = _libssh2_error(hosts->session, LIBSSH2_ERROR_ALLOC,
+                                "Unable to allocate memory for key type");
+            goto error;
+        }
+        memcpy(entry->key_type_name, key_type_name, key_type_len);
+        entry->key_type_name[key_type_len]=0;
+        entry->key_type_len = key_type_len;
+    }
+
     if (comment) {
         entry->comment = LIBSSH2_ALLOC(hosts->session, commentlen+1);
         if(!entry->comment) {
@@ -219,6 +238,7 @@ knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
         }
         memcpy(entry->comment, comment, commentlen+1);
         entry->comment[commentlen]=0; /* force a terminating zero trailer */
+        entry->comment_len = commentlen;
     }
     else {
         entry->comment = NULL;
@@ -264,8 +284,8 @@ libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
                       const char *key, size_t keylen,
                       int typemask, struct libssh2_knownhost **store)
 {
-    return knownhost_add(hosts, host, salt, key, keylen, NULL, 0, typemask,
-                         store);
+    return knownhost_add(hosts, host, salt, NULL, 0, key, keylen, NULL,
+                         0, typemask, store);
 }
 
 
@@ -303,8 +323,8 @@ libssh2_knownhost_addc(LIBSSH2_KNOWNHOSTS *hosts,
                        const char *comment, size_t commentlen,
                        int typemask, struct libssh2_knownhost **store)
 {
-    return knownhost_add(hosts, host, salt, key, keylen, comment, commentlen,
-                         typemask, store);
+    return knownhost_add(hosts, host, salt, NULL, 0, key, keylen,
+                         comment, commentlen, typemask, store);
 }
 
 /*
@@ -346,6 +366,24 @@ knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
         /* we can't work with a sha1 as given input */
         return LIBSSH2_KNOWNHOST_CHECK_MISMATCH;
 
+    /* if a port number is given, check for a '[host]:port' first before the
+       plain 'host' */
+    if(port >= 0) {
+        int len = snprintf(hostbuff, sizeof(hostbuff), "[%s]:%d", hostp, port);
+        if (len < 0 || len >= (int)sizeof(hostbuff)) {
+            _libssh2_error(hosts->session,
+                           LIBSSH2_ERROR_BUFFER_TOO_SMALL,
+                           "Known-host write buffer too small");
+            return LIBSSH2_KNOWNHOST_CHECK_FAILURE;
+        }
+        host = hostbuff;
+        numcheck = 2; /* check both combos, start with this */
+    }
+    else {
+        host = hostp;
+        numcheck = 1; /* only check this host version */
+    }
+
     if(!(typemask & LIBSSH2_KNOWNHOST_KEYENC_BASE64)) {
         /* we got a raw key input, convert it to base64 for the checks below */
         size_t nlen = _libssh2_base64_encode(hosts->session, key, keylen,
@@ -361,18 +399,6 @@ knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
         key = keyalloc;
     }
 
-    /* if a port number is given, check for a '[host]:port' first before the
-       plain 'host' */
-    if(port >= 0) {
-        snprintf(hostbuff, sizeof(hostbuff), "[%s]:%d", hostp, port);
-        host = hostbuff;
-        numcheck = 2; /* check both combos, start with this */
-    }
-    else {
-        host = hostp;
-        numcheck = 1; /* only check this host version */
-    }
-
     do {
         node = _libssh2_list_first(&hosts->head);
         while (node) {
@@ -391,15 +417,17 @@ knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
                        plain input to produce a hash to compare with the
                        stored hash.
                     */
-                    libssh2_hmac_ctx ctx;
                     unsigned char hash[SHA_DIGEST_LENGTH];
+                    libssh2_hmac_ctx ctx;
+                    libssh2_hmac_ctx_init(ctx);
 
                     if(SHA_DIGEST_LENGTH != node->name_len) {
                         /* the name hash length must be the sha1 size or
                            we can't match it */
                         break;
                     }
-                    libssh2_hmac_sha1_init(&ctx, node->salt, node->salt_len);
+                    libssh2_hmac_sha1_init(&ctx, (unsigned char *)node->salt,
+                                           node->salt_len);
                     libssh2_hmac_update(ctx, (unsigned char *)host,
                                         strlen(host));
                     libssh2_hmac_final(ctx, hash);
@@ -414,23 +442,35 @@ knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
                 break;
             }
             if(match) {
-                /* host name match, now compare the keys */
-                if(!strcmp(key, node->key)) {
-                    /* they match! */
-                    if (ext)
-                        *ext = knownhost_to_external(node);
-                    badkey = NULL;
-                    rc = LIBSSH2_KNOWNHOST_CHECK_MATCH;
-                    break;
-                }
-                else {
-                    /* remember the first node that had a host match but a
-                       failed key match since we continue our search from
-                       here */
-                    if(!badkey)
-                        badkey = node;
-                    match = 0; /* don't count this as a match anymore */
+                int host_key_type = typemask & LIBSSH2_KNOWNHOST_KEY_MASK;
+                int known_key_type =
+                    node->typemask & LIBSSH2_KNOWNHOST_KEY_MASK;
+                /* match on key type as follows:
+                   - never match on an unknown key type
+                   - if key_type is set to zero, ignore it an match always
+                   - otherwise match when both key types are equal
+                */
+                if ( (host_key_type != LIBSSH2_KNOWNHOST_KEY_UNKNOWN ) &&
+                     ( (host_key_type == 0) ||
+                       (host_key_type == known_key_type) ) ) {
+                    /* host name and key type match, now compare the keys */
+                    if(!strcmp(key, node->key)) {
+                        /* they match! */
+                        if (ext)
+                            *ext = knownhost_to_external(node);
+                        badkey = NULL;
+                        rc = LIBSSH2_KNOWNHOST_CHECK_MATCH;
+                        break;
+                    }
+                    else {
+                        /* remember the first node that had a host match but a
+                           failed key match since we continue our search from
+                           here */
+                        if(!badkey)
+                            badkey = node;
+                    }
                 }
+                match = 0; /* don't count this as a match anymore */
             }
             node= _libssh2_list_next(&node->node);
         }
@@ -573,6 +613,7 @@ libssh2_knownhost_free(LIBSSH2_KNOWNHOSTS *hosts)
 */
 static int oldstyle_hostline(LIBSSH2_KNOWNHOSTS *hosts,
                              const char *host, size_t hostlen,
+                             const char *key_type_name, size_t key_type_len,
                              const char *key, size_t keylen, int key_type,
                              const char *comment, size_t commentlen)
 {
@@ -607,7 +648,9 @@ static int oldstyle_hostline(LIBSSH2_KNOWNHOSTS *hosts,
             memcpy(hostbuf, name, namelen);
             hostbuf[namelen]=0;
 
-            rc = knownhost_add(hosts, hostbuf, NULL, key, keylen,
+            rc = knownhost_add(hosts, hostbuf, NULL,
+                               key_type_name, key_type_len,
+                               key, keylen,
                                comment, commentlen,
                                key_type | LIBSSH2_KNOWNHOST_TYPE_PLAIN |
                                LIBSSH2_KNOWNHOST_KEYENC_BASE64, NULL);
@@ -627,6 +670,7 @@ static int oldstyle_hostline(LIBSSH2_KNOWNHOSTS *hosts,
 /* |1|[salt]|[hash] */
 static int hashed_hostline(LIBSSH2_KNOWNHOSTS *hosts,
                            const char *host, size_t hostlen,
+                           const char *key_type_name, size_t key_type_len,
                            const char *key, size_t keylen, int key_type,
                            const char *comment, size_t commentlen)
 {
@@ -670,9 +714,11 @@ static int hashed_hostline(LIBSSH2_KNOWNHOSTS *hosts,
         memcpy(hostbuf, host, hostlen);
         hostbuf[hostlen]=0;
 
-        return knownhost_add(hosts, hostbuf, salt, key, keylen, comment,
-                             commentlen,
-                             key_type | LIBSSH2_KNOWNHOST_TYPE_SHA1 | 
+        return knownhost_add(hosts, hostbuf, salt,
+                             key_type_name, key_type_len,
+                             key, keylen,
+                             comment, commentlen,
+                             key_type | LIBSSH2_KNOWNHOST_TYPE_SHA1 |
                              LIBSSH2_KNOWNHOST_KEYENC_BASE64, NULL);
     }
     else
@@ -694,7 +740,9 @@ static int hostline(LIBSSH2_KNOWNHOSTS *hosts,
                     const char *key, size_t keylen)
 {
     const char *comment = NULL;
+    const char *key_type_name = NULL;
     size_t commentlen = 0;
+    size_t key_type_len = 0;
     int key_type;
 
     /* make some checks that the lengths seem sensible */
@@ -703,7 +751,7 @@ static int hostline(LIBSSH2_KNOWNHOSTS *hosts,
                               LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
                               "Failed to parse known_hosts line "
                               "(key too short)");
-    
+
     switch(key[0]) {
     case '0': case '1': case '2': case '3': case '4':
     case '5': case '6': case '7': case '8': case '9':
@@ -716,19 +764,21 @@ static int hostline(LIBSSH2_KNOWNHOSTS *hosts,
          */
         break;
 
-    case 's': /* ssh-dss or ssh-rsa */
-        if(!strncmp(key, "ssh-dss", 7))
+    default:
+        key_type_name = key;
+        while (keylen && *key &&
+               (*key != ' ') && (*key != '\t')) {
+            key++;
+            keylen--;
+        }
+        key_type_len = key - key_type_name;
+
+        if (!strncmp(key_type_name, "ssh-dss", key_type_len))
             key_type = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
-        else if(!strncmp(key, "ssh-rsa", 7))
+        else if (!strncmp(key_type_name, "ssh-rsa", key_type_len))
             key_type = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
         else
-            /* unknown key type */
-            return _libssh2_error(hosts->session,
-                                  LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
-                                  "Unknown key type");
-
-        key += 7;
-        keylen -= 7;
+            key_type = LIBSSH2_KNOWNHOST_KEY_UNKNOWN;
 
         /* skip whitespaces */
         while((*key ==' ') || (*key == '\t')) {
@@ -760,11 +810,6 @@ static int hostline(LIBSSH2_KNOWNHOSTS *hosts,
             commentlen--;
         }
         break;
-
-    default: /* unknown key format */
-        return _libssh2_error(hosts->session,
-                              LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
-                              "Unknown key format");
     }
 
     /* Figure out host format */
@@ -774,12 +819,14 @@ static int hostline(LIBSSH2_KNOWNHOSTS *hosts,
            for the sake of simplicity, we add them as separate hosts with the
            same key
         */
-        return oldstyle_hostline(hosts, host, hostlen, key, keylen, key_type,
+        return oldstyle_hostline(hosts, host, hostlen, key_type_name,
+                                 key_type_len, key, keylen, key_type,
                                  comment, commentlen);
     }
     else {
         /* |1|[salt]|[hash] */
-        return hashed_hostline(hosts, host, hostlen, key, keylen, key_type,
+        return hashed_hostline(hosts, host, hostlen, key_type_name,
+                               key_type_len, key, keylen, key_type,
                                comment, commentlen);
     }
 }
@@ -943,17 +990,10 @@ knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts,
                     char *buf, size_t buflen,
                     size_t *outlen, int type)
 {
-    int rc = LIBSSH2_ERROR_NONE;
-    int tindex;
-    const char *keytypes[4]={
-        "", /* not used */
-        "", /* this type has no name in the file */
-        " ssh-rsa",
-        " ssh-dss"
-    };
-    const char *keytype;
-    size_t nlen;
-    size_t commentlen = 0;
+    size_t required_size;
+
+    const char *key_type_name;
+    size_t key_type_len;
 
     /* we only support this single file type for now, bail out on all other
        attempts */
@@ -963,75 +1003,131 @@ knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts,
                               "Unsupported type of known-host information "
                               "store");
 
-    tindex = (node->typemask & LIBSSH2_KNOWNHOST_KEY_MASK) >>
-        LIBSSH2_KNOWNHOST_KEY_SHIFT;
+    switch(node->typemask & LIBSSH2_KNOWNHOST_KEY_MASK) {
+    case LIBSSH2_KNOWNHOST_KEY_RSA1:
+        key_type_name = NULL;
+        key_type_len = 0;
+        break;
+    case LIBSSH2_KNOWNHOST_KEY_SSHRSA:
+        key_type_name = "ssh-rsa";
+        key_type_len = 7;
+        break;
+    case LIBSSH2_KNOWNHOST_KEY_SSHDSS:
+        key_type_name = "ssh-dss";
+        key_type_len = 7;
+        break;
+    case LIBSSH2_KNOWNHOST_KEY_UNKNOWN:
+        key_type_name = node->key_type_name;
+        if (key_type_name) {
+            key_type_len = node->key_type_len;
+            break;
+        }
+        /* otherwise fallback to default and error */
+    default:
+        return _libssh2_error(hosts->session,
+                              LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                              "Unsupported type of known-host entry");
+    }
 
-    /* set the string used in the file */
-    keytype = keytypes[tindex];
+    /* When putting together the host line there are three aspects to consider:
+       - Hashed (SHA1) or unhashed hostname
+       - key name or no key name (RSA1)
+       - comment or no comment
+      
+       This means there are 2^3 different formats:
+       ("|1|%s|%s %s %s %s\n", salt, hashed_host, key_name, key, comment)
+       ("|1|%s|%s %s %s\n", salt, hashed_host, key_name, key)
+       ("|1|%s|%s %s %s\n", salt, hashed_host, key, comment)
+       ("|1|%s|%s %s\n", salt, hashed_host, key)
+       ("%s %s %s %s\n", host, key_name, key, comment)
+       ("%s %s %s\n", host, key_name, key)
+       ("%s %s %s\n", host, key, comment)
+       ("%s %s\n", host, key)
+      
+       Even if the buffer is too small, we have to set outlen to the number of
+       characters the complete line would have taken.  We also don't write
+       anything to the buffer unless we are sure we can write everything to the
+       buffer. */
 
-    /* calculate extra space needed for comment */
+    required_size = strlen(node->key);
+
+    if(key_type_len)
+        required_size += key_type_len + 1; /* ' ' = 1 */
     if(node->comment)
-        commentlen = strlen(node->comment) + 1;
+        required_size += node->comment_len + 1; /* ' ' = 1 */
 
     if((node->typemask & LIBSSH2_KNOWNHOST_TYPE_MASK) ==
        LIBSSH2_KNOWNHOST_TYPE_SHA1) {
         char *namealloc;
+        size_t name_base64_len;
         char *saltalloc;
-        nlen = _libssh2_base64_encode(hosts->session, node->name,
-                                      node->name_len, &namealloc);
-        if(!nlen)
+        size_t salt_base64_len;
+
+        name_base64_len = _libssh2_base64_encode(hosts->session, node->name,
+                                                 node->name_len, &namealloc);
+        if(!name_base64_len)
             return _libssh2_error(hosts->session, LIBSSH2_ERROR_ALLOC,
                                   "Unable to allocate memory for "
                                   "base64-encoded host name");
 
-        nlen = _libssh2_base64_encode(hosts->session,
-                                      node->salt, node->salt_len,
-                                      &saltalloc);
-        if(!nlen) {
-            free(namealloc);
+        salt_base64_len = _libssh2_base64_encode(hosts->session,
+                                                 node->salt, node->salt_len,
+                                                 &saltalloc);
+        if(!salt_base64_len) {
+            LIBSSH2_FREE(hosts->session, namealloc);
             return _libssh2_error(hosts->session, LIBSSH2_ERROR_ALLOC,
                                   "Unable to allocate memory for "
                                   "base64-encoded salt");
         }
 
-        nlen = strlen(saltalloc) + strlen(namealloc) + strlen(keytype) +
-            strlen(node->key) + commentlen + 7;
+        required_size += salt_base64_len + name_base64_len + 7;
         /* |1| + | + ' ' + \n + \0 = 7 */
 
-        if(nlen <= buflen)
-            if(node->comment)
-                snprintf(buf, buflen, "|1|%s|%s%s %s %s\n", saltalloc, namealloc,
-                        keytype, node->key, node->comment);
+        if(required_size <= buflen) {
+            if(node->comment && key_type_len)
+                snprintf(buf, buflen, "|1|%s|%s %s %s %s\n", saltalloc,
+                         namealloc, key_type_name, node->key, node->comment);
+            else if (node->comment)
+                snprintf(buf, buflen, "|1|%s|%s %s %s\n", saltalloc, namealloc,
+                         node->key, node->comment);
+            else if (key_type_len)
+                snprintf(buf, buflen, "|1|%s|%s %s %s\n", saltalloc, namealloc,
+                         key_type_name, node->key);
             else
-                snprintf(buf, buflen, "|1|%s|%s%s %s\n", saltalloc, namealloc,
-                        keytype, node->key);
-        else
-            rc = _libssh2_error(hosts->session, LIBSSH2_ERROR_BUFFER_TOO_SMALL,
-                                "Known-host write buffer too small");
+                snprintf(buf, buflen, "|1|%s|%s %s\n", saltalloc, namealloc,
+                         node->key);
+        }
 
-        free(namealloc);
-        free(saltalloc);
+        LIBSSH2_FREE(hosts->session, namealloc);
+        LIBSSH2_FREE(hosts->session, saltalloc);
     }
     else {
-        nlen = strlen(node->name) + strlen(keytype) + strlen(node->key) +
-            commentlen + 3;
+        required_size += node->name_len + 3;
         /* ' ' + '\n' + \0 = 3 */
-        if(nlen <= buflen)
-            /* these types have the plain name */
-            if(node->comment)
-                snprintf(buf, buflen, "%s%s %s %s\n", node->name, keytype, node->key,
-                        node->comment);
+
+        if(required_size <= buflen) {
+            if(node->comment && key_type_len)
+                snprintf(buf, buflen, "%s %s %s %s\n", node->name,
+                         key_type_name, node->key, node->comment);
+            else if (node->comment)
+                snprintf(buf, buflen, "%s %s %s\n", node->name, node->key,
+                         node->comment);
+            else if (key_type_len)
+                snprintf(buf, buflen, "%s %s %s\n", node->name, key_type_name,
+                         node->key);
             else
-                snprintf(buf, buflen, "%s%s %s\n", node->name, keytype, node->key);
-        else
-            rc = _libssh2_error(hosts->session, LIBSSH2_ERROR_BUFFER_TOO_SMALL,
-                                "Known-host write buffer too small");
+                snprintf(buf, buflen, "%s %s\n", node->name, node->key);
+        }
     }
 
     /* we report the full length of the data with the trailing zero excluded */
-    *outlen = nlen-1;
+    *outlen = required_size-1;
 
-    return rc;
+    if(required_size <= buflen)
+        return LIBSSH2_ERROR_NONE;
+    else
+        return _libssh2_error(hosts->session, LIBSSH2_ERROR_BUFFER_TOO_SMALL,
+                              "Known-host write buffer too small");
 }
 
 /*
@@ -1089,8 +1185,8 @@ libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts,
 
     for(node = _libssh2_list_first(&hosts->head);
         node;
-        node= _libssh2_list_next(&node->node) ) {
-        size_t wrote;
+        node = _libssh2_list_next(&node->node)) {
+        size_t wrote = 0;
         size_t nwrote;
         rc = knownhost_writeline(hosts, node, buffer, sizeof(buffer), &wrote,
                                  type);

src/libgcrypt.c

@@ -149,6 +149,17 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
     return 0;
 }
 
+int
+_libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
+                                    LIBSSH2_SESSION * session,
+                                    const char *filedata, size_t filedata_len,
+                                    unsigned const char *passphrase)
+{
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                         "Unable to extract private key from memory: "
+                         "Method unimplemented in libgcrypt backend");
+}
+
 int
 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                          LIBSSH2_SESSION * session,
@@ -251,6 +262,17 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
     return ret;
 }
 
+int
+_libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
+                                    LIBSSH2_SESSION * session,
+                                    const char *filedata, size_t filedata_len,
+                                    unsigned const char *passphrase)
+{
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                         "Unable to extract private key from memory: "
+                         "Method unimplemented in libgcrypt backend");
+}
+
 int
 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                          LIBSSH2_SESSION * session,
@@ -342,7 +364,7 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
 
 int
 _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
-                       libssh2_dsa_ctx * rsactx,
+                       libssh2_rsa_ctx * rsactx,
                        const unsigned char *hash,
                        size_t hash_len,
                        unsigned char **signature, size_t *signature_len)
@@ -566,6 +588,21 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
     return ret;
 }
 
+int
+_libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                unsigned char **method,
+                                size_t *method_len,
+                                unsigned char **pubkeydata,
+                                size_t *pubkeydata_len,
+                                const char *privatekeydata,
+                                size_t privatekeydata_len,
+                                const char *passphrase)
+{
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                         "Unable to extract public key from private key in memory: "
+                         "Method unimplemented in libgcrypt backend");
+}
+
 int
 _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                           unsigned char **method,

src/libgcrypt.h

@@ -60,8 +60,12 @@
   (gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1)
 
 #define libssh2_sha1_ctx gcry_md_hd_t
-#define libssh2_sha1_init(ctx) gcry_md_open (ctx,  GCRY_MD_SHA1, 0);
-#define libssh2_sha1_update(ctx, data, len) gcry_md_write (ctx, data, len)
+
+/* returns 0 in case of failure */
+#define libssh2_sha1_init(ctx) \
+  (GPG_ERR_NO_ERROR == gcry_md_open (ctx,  GCRY_MD_SHA1, 0))
+#define libssh2_sha1_update(ctx, data, len) \
+  gcry_md_write (ctx, (unsigned char *) data, len)
 #define libssh2_sha1_final(ctx, out) \
   memcpy (out, gcry_md_read (ctx, 0), SHA_DIGEST_LENGTH), gcry_md_close (ctx)
 #define libssh2_sha1(message, len, out) \
@@ -73,13 +77,15 @@
 #define libssh2_md5_init(ctx) \
   (GPG_ERR_NO_ERROR == gcry_md_open (ctx,  GCRY_MD_MD5, 0))
 
-#define libssh2_md5_update(ctx, data, len) gcry_md_write (ctx, data, len)
+#define libssh2_md5_update(ctx, data, len) \
+  gcry_md_write (ctx, (unsigned char *) data, len)
 #define libssh2_md5_final(ctx, out) \
   memcpy (out, gcry_md_read (ctx, 0), MD5_DIGEST_LENGTH), gcry_md_close (ctx)
 #define libssh2_md5(message, len, out) \
   gcry_md_hash_buffer (GCRY_MD_MD5, out, message, len)
 
 #define libssh2_hmac_ctx gcry_md_hd_t
+#define libssh2_hmac_ctx_init(ctx)
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
   gcry_md_open (ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey (*ctx, key, keylen)
@@ -90,7 +96,7 @@
   gcry_md_open (ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey (*ctx, key, keylen)
 #define libssh2_hmac_update(ctx, data, datalen) \
-  gcry_md_write (ctx, data, datalen)
+  gcry_md_write (ctx, (unsigned char *) data, datalen)
 #define libssh2_hmac_final(ctx, data) \
   memcpy (data, gcry_md_read (ctx, 0), \
       gcry_md_get_algo_dlen (gcry_md_get_algo (ctx)))
@@ -143,6 +149,7 @@
 #define _libssh2_bn_ctx_new() 0
 #define _libssh2_bn_ctx_free(bnctx) ((void)0)
 #define _libssh2_bn_init() gcry_mpi_new(0)
+#define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a new bignum */
 #define _libssh2_bn_rand(bn, bits, top, bottom) gcry_mpi_randomize (bn, bits, GCRY_WEAK_RANDOM)
 #define _libssh2_bn_mod_exp(r, a, p, m, ctx) gcry_mpi_powm (r, a, p, m)
 #define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val)

src/libssh2.pc.in

@@ -0,0 +1,17 @@
+###########################################################################
+# libssh2 installation details
+###########################################################################
+
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+Name: @PROJECT_NAME@
+URL: @PROJECT_URL@
+Description: @PROJECT_DESCRIPTION@
+Version: @LIBSSH2_VERSION@
+Requires.private: @PC_REQUIRES_PRIVATE@
+Libs: -L${libdir} -lssh2 @PC_LIBS@
+Libs.private: @PC_LIBS@
+Cflags: -I${includedir}

src/libssh2_config_cmake.h.in

@@ -0,0 +1,104 @@
+/* Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+ * Copyright (c) 1999-2011 Douglas Gilbert. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Headers */
+#cmakedefine HAVE_UNISTD_H
+#cmakedefine HAVE_INTTYPES_H
+#cmakedefine HAVE_STDLIB_H
+#cmakedefine HAVE_SYS_SELECT_H
+#cmakedefine HAVE_SYS_UIO_H
+#cmakedefine HAVE_SYS_SOCKET_H
+#cmakedefine HAVE_SYS_IOCTL_H
+#cmakedefine HAVE_SYS_TIME_H
+#cmakedefine HAVE_SYS_UN_H
+#cmakedefine HAVE_WINDOWS_H
+#cmakedefine HAVE_WS2TCPIP_H
+#cmakedefine HAVE_WINSOCK2_H
+#cmakedefine HAVE_NTDEF_H
+#cmakedefine HAVE_NTSTATUS_H
+
+/* Libraries */
+#cmakedefine HAVE_LIBCRYPT32
+
+/* Types */
+#cmakedefine HAVE_LONGLONG
+
+/* Functions */
+#cmakedefine HAVE_GETTIMEOFDAY
+#cmakedefine HAVE_INET_ADDR
+#cmakedefine HAVE_POLL
+#cmakedefine HAVE_SELECT
+#cmakedefine HAVE_SOCKET
+#cmakedefine HAVE_STRTOLL
+#cmakedefine HAVE_SNPRINTF
+
+/* OpenSSL functions */
+#cmakedefine HAVE_EVP_AES_128_CTR
+
+/* Socket non-blocking support */
+#cmakedefine HAVE_O_NONBLOCK
+#cmakedefine HAVE_FIONBIO
+#cmakedefine HAVE_IOCTLSOCKET
+#cmakedefine HAVE_IOCTLSOCKET_CASE
+#cmakedefine HAVE_SO_NONBLOCK
+#cmakedefine HAVE_DISABLED_NONBLOCKING
+
+/* snprintf not in Visual Studio CRT and _snprintf dangerously incompatible.
+   We provide a safe wrapper if snprintf not found */
+#ifndef HAVE_SNPRINTF
+#include <stdio.h>
+#include <stdarg.h>
+/* Want safe, 'n += snprintf(b + n ...)' like function. If cp_max_len is 1
+* then assume cp is pointing to a null char and do nothing. Returns number
+* number of chars placed in cp excluding the trailing null char. So for
+* cp_max_len > 0 the return value is always < cp_max_len; for cp_max_len
+* <= 0 the return value is 0 (and no chars are written to cp). */
+static int snprintf(char * cp, int cp_max_len, const char * fmt, ...)
+{
+    va_list args;
+    int n;
+
+    if (cp_max_len < 2)
+        return 0;
+    va_start(args, fmt);
+    n = vsnprintf(cp, cp_max_len, fmt, args);
+    va_end(args);
+    return (n < cp_max_len) ? n : (cp_max_len - 1);
+}
+
+#define HAVE_SNPRINTF
+#endif

src/libssh2_priv.h

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2008, 2010, Sara Golemon <sarag@libssh2.org>
- * Copyright (c) 2009-2011 by Daniel Stenberg
+ * Copyright (c) 2009-2014 by Daniel Stenberg
  * Copyright (c) 2010 Simon Josefsson
  * All rights reserved.
  *
@@ -108,6 +108,11 @@
 #define TRUE 1
 #endif
 
+#ifdef _MSC_VER
+/* "inline" keyword is valid only with C++ engine! */
+#define inline __inline
+#endif
+
 /* Provide iovec / writev on WIN32 platform. */
 #ifdef WIN32
 
@@ -116,8 +121,6 @@ struct iovec {
     void * iov_base;
 };
 
-#define inline __inline
-
 static inline int writev(int sock, struct iovec *iov, int nvecs)
 {
     DWORD ret;
@@ -134,14 +137,8 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
 #ifdef HAVE_WINSOCK2_H
 
 #include <winsock2.h>
-#include <mswsock.h>
 #include <ws2tcpip.h>
 
-#ifdef _MSC_VER
-/* "inline" keyword is valid only with C++ engine! */
-#define inline __inline
-#endif
-
 #endif
 
 /* RFC4253 section 6.1 Maximum Packet Length says:
@@ -155,6 +152,7 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
 
 #define LIBSSH2_ALLOC(session, count) \
   session->alloc((count), &(session)->abstract)
+#define LIBSSH2_CALLOC(session, count) _libssh2_calloc(session, count)
 #define LIBSSH2_REALLOC(session, ptr, count) \
  ((ptr) ? session->realloc((ptr), (count), &(session)->abstract) : \
  session->alloc((count), &(session)->abstract))
@@ -357,6 +355,8 @@ struct _LIBSSH2_CHANNEL
     libssh2_channel_data local, remote;
     /* Amount of bytes to be refunded to receive window (but not yet sent) */
     uint32_t adjust_queue;
+    /* Data immediately available for reading */
+    uint32_t read_avail;
 
     LIBSSH2_SESSION *session;
 
@@ -575,7 +575,7 @@ struct _LIBSSH2_SESSION
 
     /* Agreed Key Exchange Method */
     const LIBSSH2_KEX_METHOD *kex;
-    int burn_optimistic_kexinit:1;
+    unsigned int burn_optimistic_kexinit:1;
 
     unsigned char *session_id;
     uint32_t session_id_len;
@@ -600,6 +600,7 @@ struct _LIBSSH2_SESSION
     int server_hostkey_md5_valid;
 #endif                          /* ! LIBSSH2_MD5 */
     unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH];
+    int server_hostkey_sha1_valid;
 
     /* (remote as source of data -- packet_read ) */
     libssh2_endpoint_data remote;
@@ -854,6 +855,9 @@ struct _LIBSSH2_HOSTKEY_METHOD
                  size_t hostkey_data_len, void **abstract);
     int (*initPEM) (LIBSSH2_SESSION * session, const char *privkeyfile,
                     unsigned const char *passphrase, void **abstract);
+    int (*initPEMFromMemory) (LIBSSH2_SESSION * session,
+                              const char *privkeyfiledata, size_t privkeyfiledata_len,
+                              unsigned const char *passphrase, void **abstract);
     int (*sig_verify) (LIBSSH2_SESSION * session, const unsigned char *sig,
                        size_t sig_len, const unsigned char *m,
                        size_t m_len, void **abstract);
@@ -923,6 +927,9 @@ void _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format,
 static inline void
 _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
 {
+    (void)session;
+    (void)context;
+    (void)format;
 }
 #endif
 #endif
@@ -1020,6 +1027,11 @@ int _libssh2_pem_parse(LIBSSH2_SESSION * session,
                        const char *headerbegin,
                        const char *headerend,
                        FILE * fp, unsigned char **data, unsigned int *datalen);
+int _libssh2_pem_parse_memory(LIBSSH2_SESSION * session,
+                              const char *headerbegin,
+                              const char *headerend,
+                              const char *filedata, size_t filedata_len,
+                              unsigned char **data, unsigned int *datalen);
 int _libssh2_pem_decode_sequence(unsigned char **data, unsigned int *datalen);
 int _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen,
                                 unsigned char **i, unsigned int *ilen);

src/mac.c

@@ -113,6 +113,7 @@ mac_method_hmac_sha1_hash(LIBSSH2_SESSION * session,
 
     _libssh2_htonu32(seqno_buf, seqno);
 
+    libssh2_hmac_ctx_init(ctx);
     libssh2_hmac_sha1_init(&ctx, *abstract, 20);
     libssh2_hmac_update(ctx, seqno_buf, 4);
     libssh2_hmac_update(ctx, packet, packet_len);
@@ -185,6 +186,7 @@ mac_method_hmac_md5_hash(LIBSSH2_SESSION * session, unsigned char *buf,
 
     _libssh2_htonu32(seqno_buf, seqno);
 
+    libssh2_hmac_ctx_init(ctx);
     libssh2_hmac_md5_init(&ctx, *abstract, 16);
     libssh2_hmac_update(ctx, seqno_buf, 4);
     libssh2_hmac_update(ctx, packet, packet_len);
@@ -257,6 +259,7 @@ mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION * session,
 
     _libssh2_htonu32(seqno_buf, seqno);
 
+    libssh2_hmac_ctx_init(ctx);
     libssh2_hmac_ripemd160_init(&ctx, *abstract, 20);
     libssh2_hmac_update(ctx, seqno_buf, 4);
     libssh2_hmac_update(ctx, packet, packet_len);