web: the site is now HTTPS

As otherwise we get far too small numbers.

Reported-by: Andreas Schneider

CVE-2016-0787

.travis.yml

@@ -0,0 +1,75 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+language: c
+
+compiler:
+  - gcc
+  - clang
+
+env:
+  matrix:
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON
+   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON
+
+before_install:
+  - sudo add-apt-repository --yes ppa:kalakris/cmake
+  - sudo apt-get update
+  - sudo apt-get -y install cmake
+  - if [ $ADDRESS_SIZE = '64' ]; then sudo apt-get install -y libgcrypt11-dev libssl-dev zlib1g-dev; fi
+  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y linux-libc-dev linux-libc-dev:i386; fi
+  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y gcc-multilib libgcrypt11-dev:i386 libssl-dev:i386 zlib1g-dev:i386; fi
+  - if [ $ADDRESS_SIZE = '32' ]; then export TOOLCHAIN_OPTION="-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-Linux-32.cmake"; fi
+
+install:
+  - mkdir bin
+  - cd bin
+
+script:
+  - cmake $TOOLCHAIN_OPTION -DCRYPTO_BACKEND=$CRYPTO_BACKEND -DBUILD_SHARED_LIBS=$BUILD_SHARED_LIBS -DENABLE_ZLIB_COMPRESSION=$ENABLE_ZLIB_COMPRESSION .. && cmake --build . && CTEST_OUTPUT_ON_FAILURE=1 cmake --build . --target test && cmake --build . --target package

CMakeLists.txt

@@ -0,0 +1,101 @@
+# Copyright (c) 2014, 2015  Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+cmake_minimum_required(VERSION 2.8.11)
+
+set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
+
+project(libssh2 C)
+set(PROJECT_URL "https://www.libssh2.org/")
+set(PROJECT_DESCRIPTION "The SSH library")
+
+option(BUILD_SHARED_LIBS "Build Shared Libraries" OFF)
+
+# Parse version
+
+file(READ ${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h _HEADER_CONTENTS)
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION[ \t]+\"([^\"]+)\".*" "\\1"
+  LIBSSH2_VERSION "${_HEADER_CONTENTS}")
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1"
+  LIBSSH2_VERSION_MAJOR "${_HEADER_CONTENTS}")
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION_MINOR[ \t]+([0-9]+).*" "\\1"
+  LIBSSH2_VERSION_MINOR "${_HEADER_CONTENTS}")
+string(
+  REGEX REPLACE ".*#define LIBSSH2_VERSION_PATCH[ \t]+([0-9]+).*" "\\1"
+  LIBSSH2_VERSION_PATCH "${_HEADER_CONTENTS}")
+
+if(NOT LIBSSH2_VERSION OR
+   NOT LIBSSH2_VERSION_MAJOR MATCHES "^[0-9]+$" OR
+   NOT LIBSSH2_VERSION_MINOR MATCHES "^[0-9]+$" OR
+   NOT LIBSSH2_VERSION_PATCH MATCHES "^[0-9]+$")
+  message(
+    FATAL_ERROR
+    "Unable to parse version from"
+    "${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h")
+endif()
+
+include(GNUInstallDirs)
+install(
+  FILES docs/AUTHORS COPYING docs/HACKING README RELEASE-NOTES NEWS
+  DESTINATION ${CMAKE_INSTALL_DOCDIR})
+
+include(max_warnings)
+include(FeatureSummary)
+
+add_subdirectory(src)
+
+option(BUILD_EXAMPLES "Build libssh2 examples" ON)
+if(BUILD_EXAMPLES)
+  add_subdirectory(example)
+endif()
+
+option(BUILD_TESTING "Build libssh2 test suite" ON)
+if(BUILD_TESTING)
+  enable_testing()
+  add_subdirectory(tests)
+endif()
+
+add_subdirectory(docs)
+
+feature_summary(WHAT ALL)
+
+set(CPACK_PACKAGE_VERSION_MAJOR ${LIBSSH2_VERSION_MAJOR})
+set(CPACK_PACKAGE_VERSION_MINOR ${LIBSSH2_VERSION_MINOR})
+set(CPACK_PACKAGE_VERSION_PATCH ${LIBSSH2_VERSION_PATCH})
+set(CPACK_PACKAGE_VERSION ${LIBSSH2_VERSION})
+include(CPack)

Makefile.am

@@ -32,8 +32,20 @@ win32/libssh2_config.h win32/config.mk win32/rules.mk		\
 win32/Makefile.Watcom win32/libssh2.dsw win32/tests.dsp $(DSP)	\
 win32/msvcproj.head win32/msvcproj.foot win32/libssh2.rc
 
+OS400FILES = os400/README400 os400/initscript.sh os400/make.sh		\
+os400/make-src.sh os400/make-rpg.sh os400/make-include.sh		\
+os400/os400sys.c os400/ccsid.c						\
+os400/libssh2_config.h os400/macros.h os400/libssh2_ccsid.h		\
+os400/include/alloca.h os400/include/sys/socket.h os400/include/stdio.h	\
+os400/libssh2rpg/libssh2.rpgle.in					\
+os400/libssh2rpg/libssh2_ccsid.rpgle.in					\
+os400/libssh2rpg/libssh2_publickey.rpgle				\
+os400/libssh2rpg/libssh2_sftp.rpgle					\
+Makefile.os400qc3.inc
+
 EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk \
- maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath
+ maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \
+ CMakeLists.txt cmake $(OS400FILES)
 
 ACLOCAL_AMFLAGS = -I m4
 

Makefile.os400qc3.inc

@@ -0,0 +1,2 @@
+CRYPTO_CSOURCES = os400qc3.c
+CRYPTO_HHEADERS = os400qc3.h

README

@@ -10,8 +10,10 @@ Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel
 
 License: see COPYING
 
-Source code: https://github.com/bagder/libssh2
+Source code: https://github.com/libssh2/libssh2
 
-Web site source code: https://github.com/bagder/libssh2-www
+Web site source code: https://github.com/libssh2/www
 
-Installation instructions are in docs/INSTALL
+Installation instructions are in:
+ - docs/INSTALL_CMAKE for CMake
+ - docs/INSTALL_AUTOTOOLS for Autotools

RELEASE-NOTES

@@ -1,83 +1,56 @@
-libssh2 1.5.0
+libssh2 1.7.0
 
 This release includes the following changes:
 
- o Added Windows Cryptography API: Next Generation based backend
+ o libssh2_session_set_last_error: Add function
+ o mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
+ o WinCNG: support for SHA256/512 HMAC
+ o kex: Added diffie-hellman-group-exchange-sha256 support
+ o OS/400 crypto library QC3 support
+
+This release includes the following security advisory:
+
+ o diffie_hellman_sha256: convert bytes to bits
+   CVE-2016-0787: http://www.libssh2.org/adv_20160223.html
 
 This release includes the following bugfixes:
 
- o Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
- o missing _libssh2_error in _libssh2_channel_write
- o knownhost: Fix DSS keys being detected as unknown.
- o knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
- o libssh2.h: on Windows, a socket is of type SOCKET, not int
- o libssh2_priv.h: a 1 bit bit-field should be unsigned
- o windows build: do not export externals from static library
- o Fixed two potential use-after-frees of the payload buffer
- o Fixed a few memory leaks in error paths
- o userauth: Fixed an attempt to free from stack on error
- o agent_list_identities: Fixed memory leak on OOM
- o knownhosts: Abort if the hosts buffer is too small
- o sftp_close_handle: ensure the handle is always closed
- o channel_close: Close the channel even in the case of errors
- o docs: added missing libssh2_session_handshake.3 file
- o docs: fixed a bunch of typos
- o userauth_password: pass on the underlying error code
- o _libssh2_channel_forward_cancel: accessed struct after free
- o _libssh2_packet_add: avoid using uninitialized memory
- o _libssh2_channel_forward_cancel: avoid memory leaks on error
- o _libssh2_channel_write: client spins on write when window full
- o windows build: fix build errors
- o publickey_packet_receive: avoid junk in returned pointers
- o channel_receive_window_adjust: store windows size always
- o userauth_hostbased_fromfile: zero assign to avoid uninitialized use
- o configure: change LIBS not LDFLAGS when checking for libs
- o agent_connect_unix: make sure there's a trailing zero
- o MinGW build: Fixed redefine warnings.
- o sftpdir.c: added authentication method detection.
- o Watcom build: added support for WinCNG build.
- o configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
- o sftp_statvfs: fix for servers not supporting statfvs extension
- o knownhost.c: use LIBSSH2_FREE macro instead of free
- o Fixed compilation using mingw-w64
- o knownhost.c: fixed that 'key_type_len' may be used uninitialized
- o configure: Display individual crypto backends on separate lines
- o examples on Windows: check for WSAStartup return code
- o examples on Windows: check for socket return code
- o agent.c: check return code of MapViewOfFile
- o kex.c: fix possible NULL pointer de-reference with session->kex
- o packet.c: fix possible NULL pointer de-reference within listen_state
- o tests on Windows: check for WSAStartup return code
- o userauth.c: improve readability and clarity of for-loops
- o examples on Windows: use native SOCKET-type instead of int
- o packet.c: i < 256 was always true and i would overflow to 0
- o kex.c: make sure mlist is not set to NULL
- o session.c: check return value of session_nonblock in debug mode
- o session.c: check return value of session_nonblock during startup
- o userauth.c: make sure that sp_len is positive and avoid overflows
- o knownhost.c: fix use of uninitialized argument variable wrote
- o openssl: initialise the digest context before calling EVP_DigestInit()
- o libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET
- o configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
- o configure.ac: Rework crypto library detection
- o configure.ac: Reorder --with-* options in --help output
- o configure.ac: Call zlib zlib and not libz in text but keep option names
- o Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
- o sftp: seek: Don't flush buffers on same offset
- o sftp: statvfs: Along error path, reset the correct 'state' variable.
- o sftp: Add support for fsync (OpenSSH extension).
- o _libssh2_channel_read: fix data drop when out of window
- o comp_method_zlib_decomp: Improve buffer growing algorithm
- o _libssh2_channel_read: Honour window_size_initial
- o window_size: redid window handling for flow control reasons
- o knownhosts: handle unknown key types
+ o SFTP: Increase speed and datasize in SFTP read
+ o openssl: make libssh2_sha1 return error code
+ o openssl: fix memleak in _libssh2_dsa_sha1_verify()
+ o cmake: include CMake files in the release tarballs
+ o Fix builds with Visual Studio 2015
+ o hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
+ o GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
+ o GNUmakefile: add -m64 CFLAGS when targeting mingw64
+ o kex: free server host key before allocating it (again)
+ o SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
+ o channel: Detect bad usage of libssh2_channel_process_startup
+ o userauth: Fix off by one error when reading public key file
+ o kex: removed dupe entry from libssh2_kex_methods
+ o _libssh2_error: Support allocating the error message
+ o hostkey: fix invalid memory access if libssh2_dsa_new fails
+ o hostkey: align code path of ssh_rsa_init to ssh_dss_init
+ o libssh2.pc.in: fix the output of pkg-config --libs
+ o wincng: fixed possible memory leak in _libssh2_wincng_hash
+ o wincng: fixed _libssh2_wincng_hash_final return value
+ o add OpenSSL 1.1.0-pre2 compatibility
+ o agent_disconnect_unix: unset the agent fd after closing it
+ o sftp: stop reading when buffer is full
+ o sftp: Send at least one read request before reading
+ o sftp: Don't return EAGAIN if data was written to buffer
+ o sftp: Check read packet file offset
+ o configure: build "silent" if possible
+ o openssl: add OpenSSL 1.1.0-pre3-dev compatibility
+ o GNUmakefile: list system libs after user libs
  
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Alexander Lamaison, Bob Kast, Dan Fandrich, Daniel Stenberg, Guenter Knauf,
- Kamil Dudka, Leif Salomonsson, Marc Hörsken, Mark McPherson,
- Matthias Kerestesch, Mikhail Gusarov, Peter Stuge, Richard W.M. Jones,
- Salvador Fandino, Seth Willits, Mariusz Ziulek
+  Alexander Lamaison, Andreas Schneider, brian m. carlson, Daniel Stenberg,
+  David Byron, Jakob Egger, Kamil Dudka, Marc Hoersken, Mizunashi Mana,
+  Patrick Monnerat, Paul Howarth, Salvador Fandino, Salvador Fandiño,
+  Salvador Fandiño, Viktor Szakats, Will Cosgrove,
+  (16 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)

appveyor.yml

@@ -0,0 +1,84 @@
+# Copyright (c) 2014, Ruslan Baratov
+# Copyright (c) 2014, 2016 Alexander Lamaison
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+os: Visual Studio 2015
+
+environment:
+  matrix:
+    - GENERATOR: "Visual Studio 14 2015"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 14 2015"
+      BUILD_SHARED_LIBS: OFF
+
+    - GENERATOR: "Visual Studio 12 2013"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 12 2013"
+      BUILD_SHARED_LIBS: OFF
+
+    - GENERATOR: "Visual Studio 11 2012"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 11 2012"
+      BUILD_SHARED_LIBS: OFF
+
+    - GENERATOR: "Visual Studio 10 2010"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 10 2010"
+      BUILD_SHARED_LIBS: OFF
+
+    - GENERATOR: "Visual Studio 9 2008"
+      BUILD_SHARED_LIBS: ON
+
+    - GENERATOR: "Visual Studio 9 2008"
+      BUILD_SHARED_LIBS: OFF
+
+platform:
+  - x86
+  - x64
+
+configuration:
+# - Debug
+  - Release
+
+matrix:
+  allow_failures:
+    - GENERATOR: "Visual Studio 9 2008"
+      platform: x64
+
+build_script:
+  - ps: if($env:PLATFORM -eq "x64") { $env:CMAKE_GEN_SUFFIX=" Win64" }
+  - cmake "-G%GENERATOR%%CMAKE_GEN_SUFFIX%" -DBUILD_SHARED_LIBS=%BUILD_SHARED_LIBS% -H. -B_builds
+  - cmake --build _builds --config "%CONFIGURATION%"
+
+test_script:
+  - ps: cd _builds
+  - ctest -VV -C "%CONFIGURATION%" -E ssh2 --output-on-failure
+
+on_failure:
+  - ps: if (Test-Path _builds/CMakeFiles/CMakeOutput.log) { cat _builds/CMakeFiles/CMakeOutput.log }
+  - ps: if (Test-Path _builds/CMakeFiles/CMakeError.log) { cat _builds/CMakeFiles/CMakeError.log }

cmake/CheckFunctionExistsMayNeedLibrary.cmake

@@ -0,0 +1,81 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+
+# - check_function_exists_maybe_need_library(<function> <var> [lib1 ... libn])
+#
+# Check if function is available for linking, first without extra libraries, and
+# then, if not found that way, linking in each optional library as well.  This
+# function is similar to autotools AC_SEARCH_LIBS.
+#
+# If the function if found, this will define <var>.
+#
+# If the function was only found by linking in an additional library, this
+# will define NEED_LIB_LIBX, where LIBX is the one of lib1 to libn that
+# makes the function available, in uppercase.
+#
+# The following variables may be set before calling this macro to
+# modify the way the check is run:
+#
+#  CMAKE_REQUIRED_FLAGS = string of compile command line flags
+#  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
+#  CMAKE_REQUIRED_INCLUDES = list of include directories
+#  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
+#
+
+include(CheckFunctionExists)
+include(CheckLibraryExists)
+
+function(check_function_exists_may_need_library function variable)
+
+  check_function_exists(${function} ${variable})
+
+  if(NOT ${variable})
+    foreach(lib ${ARGN})
+      string(TOUPPER ${lib} UP_LIB)
+      # Use new variable to prevent cache from previous step shortcircuiting
+      # new test
+      check_library_exists(${lib} ${function} "" HAVE_${function}_IN_${lib})
+      if(HAVE_${function}_IN_${lib})
+	set(${variable} 1 CACHE INTERNAL
+	  "Function ${function} found in library ${lib}")
+	set(NEED_LIB_${UP_LIB} 1 CACHE INTERNAL
+	  "Need to link ${lib}")
+	break()
+      endif()
+    endforeach()
+  endif()
+
+endfunction()

cmake/CheckNonblockingSocketSupport.cmake

@@ -0,0 +1,119 @@
+include(CheckCSourceCompiles)
+
+# - check_nonblocking_socket_support()
+#
+# Check for how to set a socket to non-blocking state. There seems to exist
+# four known different ways, with the one used almost everywhere being POSIX
+# and XPG3, while the other different ways for different systems (old BSD,
+# Windows and Amiga).
+#
+# One of the following variables will be set indicating the supported
+# method (if any):
+#   HAVE_O_NONBLOCK
+#   HAVE_FIONBIO
+#   HAVE_IOCTLSOCKET
+#   HAVE_IOCTLSOCKET_CASE
+#   HAVE_SO_NONBLOCK
+#   HAVE_DISABLED_NONBLOCKING
+#
+# The following variables may be set before calling this macro to
+# modify the way the check is run:
+#
+#  CMAKE_REQUIRED_FLAGS = string of compile command line flags
+#  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
+#  CMAKE_REQUIRED_INCLUDES = list of include directories
+#  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
+#
+macro(check_nonblocking_socket_support)
+  # There are two known platforms (AIX 3.x and SunOS 4.1.x) where the
+  # O_NONBLOCK define is found but does not work.
+  check_c_source_compiles("
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# if defined(__SVR4) || defined(__srv4__)
+#  define PLATFORM_SOLARIS
+# else
+#  define PLATFORM_SUNOS4
+# endif
+#endif
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
+# define PLATFORM_AIX_V3
+#endif
+
+#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__)
+#error \"O_NONBLOCK does not work on this platform\"
+#endif
+
+int main()
+{
+    int socket;
+    int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK);
+}"
+  HAVE_O_NONBLOCK)
+
+  if(NOT HAVE_O_NONBLOCK)
+    check_c_source_compiles("/* FIONBIO test (old-style unix) */
+#include <unistd.h>
+#include <stropts.h>
+
+int main()
+{
+    int socket;
+    int flags = ioctl(socket, FIONBIO, &flags);
+}"
+    HAVE_FIONBIO)
+
+    if(NOT HAVE_FIONBIO)
+      check_c_source_compiles("/* ioctlsocket test (Windows) */
+#undef inline
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+
+#include <windows.h>
+#include <winsock2.h>
+
+int main()
+{
+    SOCKET sd;
+    unsigned long flags = 0;
+    sd = socket(0, 0, 0);
+    ioctlsocket(sd, FIONBIO, &flags);
+}"
+      HAVE_IOCTLSOCKET)
+
+      if(NOT HAVE_IOCTLSOCKET)
+	check_c_source_compiles("/* IoctlSocket test (Amiga?) */
+#include <sys/ioctl.h>
+
+int main()
+{
+    int socket;
+    int flags = IoctlSocket(socket, FIONBIO, (long)1);
+}"
+        HAVE_IOCTLSOCKET_CASE)
+
+        if(NOT HAVE_IOCTLSOCKET_CASE)
+	  check_c_source_compiles("/* SO_NONBLOCK test (BeOS) */
+#include <socket.h>
+
+int main()
+{
+    long b = 1;
+    int socket;
+    int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+}"
+          HAVE_SO_NONBLOCK)
+
+	  if(NOT HAVE_SO_NONBLOCK)
+	    # No non-blocking socket method found
+	    set(HAVE_DISABLED_NONBLOCKING 1)
+	  endif()
+	endif()
+      endif()
+    endif()
+  endif()
+endmacro()

cmake/CopyRuntimeDependencies.cmake

@@ -0,0 +1,72 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CMakeParseArguments)
+
+function(ADD_TARGET_TO_COPY_DEPENDENCIES)
+  set(options)
+  set(oneValueArgs TARGET)
+  set(multiValueArgs DEPENDENCIES BEFORE_TARGETS)
+  cmake_parse_arguments(COPY
+    "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+  if(NOT COPY_DEPENDENCIES)
+    return()
+  endif()
+
+  # Using a custom target to drive custom commands stops multiple
+  # parallel builds trying to kick off the commands at the same time
+  add_custom_target(${COPY_TARGET})
+
+  foreach(target ${COPY_BEFORE_TARGETS})
+    add_dependencies(${target} ${COPY_TARGET})
+  endforeach()
+
+  foreach(dependency ${COPY_DEPENDENCIES})
+
+    add_custom_command(
+      TARGET ${COPY_TARGET}
+      DEPENDS ${dependency}
+      # Make directory first otherwise file is copied in place of
+      # directory instead of into it
+      COMMAND ${CMAKE_COMMAND}
+      ARGS -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}
+      COMMAND ${CMAKE_COMMAND}
+      ARGS -E copy ${dependency} ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}
+      VERBATIM)
+
+  endforeach()
+
+endfunction()

cmake/FindLibgcrypt.cmake

@@ -0,0 +1,53 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+# - Try to find Libgcrypt
+# This will define all or none of:
+#  LIBGCRYPT_FOUND - if Libgcrypt headers and library was found
+#  LIBGCRYPT_INCLUDE_DIRS - The Libgcrypt include directories
+#  LIBGCRYPT_LIBRARIES - The libraries needed to use Libgcrypt
+
+find_path(LIBGCRYPT_INCLUDE_DIR gcrypt.h)
+
+find_library(LIBGCRYPT_LIBRARY NAMES gcrypt libgcrypt)
+
+set(LIBGCRYPT_LIBRARIES ${LIBGCRYPT_LIBRARY})
+set(LIBGCRYPT_INCLUDE_DIRS ${LIBGCRYPT_INCLUDE_DIR})
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libgcrypt DEFAULT_MSG
+                                  LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR)
+
+mark_as_advanced(LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY)

cmake/SocketLibraries.cmake

@@ -0,0 +1,64 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+# Some systems have their socket functions in a library.
+# (Solaris -lsocket/-lnsl, Windows -lws2_32).  This macro appends those
+# libraries to the given list
+macro(append_needed_socket_libraries LIBRARIES_LIST)
+  if(CMAKE_SYSTEM_NAME STREQUAL "Windows" AND CMAKE_SIZEOF_VOID_P EQUAL 4)
+    # x86 Windows uses STDCALL for these functions, so their names are mangled,
+    # meaning the platform checks don't work. Hardcoding these until we get
+    # a better solution.
+    set(HAVE_SOCKET 1)
+    set(HAVE_SELECT 1)
+    set(HAVE_INET_ADDR 1)
+    set(NEED_LIB_WS2_32 1)
+  else()
+    check_function_exists_may_need_library(socket HAVE_SOCKET socket ws2_32)
+    check_function_exists_may_need_library(select HAVE_SELECT ws2_32)
+    check_function_exists_may_need_library(inet_addr HAVE_INET_ADDR nsl ws2_32)
+  endif()
+
+  if(NEED_LIB_SOCKET)
+    list(APPEND ${LIBRARIES_LIST} socket)
+  endif()
+  if(NEED_LIB_NSL)
+    list(APPEND ${LIBRARIES_LIST} nsl)
+  endif()
+  if(NEED_LIB_WS2_32)
+    list(APPEND ${LIBRARIES_LIST} ws2_32)
+  endif()
+
+endmacro()

cmake/Toolchain-Linux-32.cmake

@@ -0,0 +1,42 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+# Cross-compile 32-bit binary on 64-bit linux host
+set(CMAKE_SYSTEM_NAME Linux)
+set(CMAKE_SYSTEM_VERSION 1)
+set(CMAKE_SYSTEM_PROCESSOR "i386")
+
+set(CMAKE_CXX_COMPILER_ARG1 "-m32")
+set(CMAKE_C_COMPILER_ARG1 "-m32")

cmake/max_warnings.cmake

@@ -0,0 +1,23 @@
+if(MSVC)
+  # Use the highest warning level for visual studio.
+  if(CMAKE_CXX_FLAGS MATCHES "/W[0-4]")
+    string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
+  else()
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W4")
+  endif()
+  if(CMAKE_C_FLAGS MATCHES "/W[0-4]")
+    string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
+  else()
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4")
+  endif()
+
+  # Disable broken warnings
+  add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE)
+elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX)
+  if(NOT CMAKE_CXX_FLAGS MATCHES "-Wall")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall")
+  endif()
+  if(NOT CMAKE_C_FLAGS MATCHES "-Wall")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
+  endif()
+endif()

configure.ac

@@ -4,6 +4,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([src])
 AC_CONFIG_HEADERS([src/libssh2_config.h example/libssh2_config.h])
 AM_MAINTAINER_MODE
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
 dnl SED is needed by some of the tools
 AC_PATH_PROG( SED, sed, sed-was-not-found-by-configure,
@@ -97,6 +98,7 @@ AC_ARG_WITH(libz,
   use_libz=$withval,use_libz=auto)
 
 found_crypto=none
+support_clear_memory=no
 
 # Look for OpenSSL
 if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then
@@ -141,6 +143,9 @@ if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then
   AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [
     #include <windows.h>
   ])
+  AC_CHECK_DECLS([SecureZeroMemory], [], [], [
+    #include <windows.h>
+  ])
 fi
 if test "$ac_cv_libbcrypt" = "yes"; then
   AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
@@ -150,9 +155,14 @@ if test "$ac_cv_libbcrypt" = "yes"; then
     LIBS="$LIBS -lcrypt32"
   fi
   found_crypto="Windows Cryptography API: Next Generation"
+  if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
+    support_clear_memory=yes
+  fi
 fi
 AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")
 
+AM_CONDITIONAL(OS400QC3, false)
+
 # Check if crypto library was found
 if test "$found_crypto" = "none"; then
   AC_MSG_ERROR([No crypto library found!
@@ -197,6 +207,30 @@ if test "$GEX_NEW" != "no"; then
   AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
 fi
 
+AC_ARG_ENABLE(clear-memory,
+  AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]),
+  [CLEAR_MEMORY=$enableval])
+if test "$CLEAR_MEMORY" != "no"; then
+  if test "$support_clear_memory" = "yes"; then
+    AC_DEFINE(LIBSSH2_CLEAR_MEMORY, 1, [Enable clearing of memory before being freed])
+    enable_clear_memory=yes
+  else
+    if test "$CLEAR_MEMORY" = "yes"; then
+      AC_MSG_ERROR([secure clearing/zeroing of memory is not supported by the selected crypto backend])
+    else
+      AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
+    fi
+    enable_clear_memory=unsupported
+  fi
+else
+  if test "$support_clear_memory" = "yes"; then
+    enable_clear_memory=no
+  else
+    AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
+    enable_clear_memory=unsupported
+  fi
+fi
+
 dnl ************************************************************
 dnl option to switch on compiler debug options
 dnl
@@ -362,6 +396,7 @@ AC_MSG_NOTICE([summary of build options:
   Compiler flags:   ${CFLAGS}
   Library types:    Shared=${enable_shared}, Static=${enable_static}
   Crypto library:   ${found_crypto}
+  Clear memory:     $enable_clear_memory
   Debug build:      $enable_debug
   Build examples:   $build_examples
   Path to sshd:     $ac_cv_path_SSHD (only for self-tests)

docs/CMakeLists.txt

@@ -0,0 +1,206 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+set(MAN_PAGES
+  libssh2_agent_connect.3
+  libssh2_agent_disconnect.3
+  libssh2_agent_free.3
+  libssh2_agent_get_identity.3
+  libssh2_agent_init.3
+  libssh2_agent_list_identities.3
+  libssh2_agent_userauth.3
+  libssh2_banner_set.3
+  libssh2_base64_decode.3
+  libssh2_channel_close.3
+  libssh2_channel_direct_tcpip.3
+  libssh2_channel_direct_tcpip_ex.3
+  libssh2_channel_eof.3
+  libssh2_channel_exec.3
+  libssh2_channel_flush.3
+  libssh2_channel_flush_ex.3
+  libssh2_channel_flush_stderr.3
+  libssh2_channel_forward_accept.3
+  libssh2_channel_forward_cancel.3
+  libssh2_channel_forward_listen.3
+  libssh2_channel_forward_listen_ex.3
+  libssh2_channel_free.3
+  libssh2_channel_get_exit_signal.3
+  libssh2_channel_get_exit_status.3
+  libssh2_channel_handle_extended_data.3
+  libssh2_channel_handle_extended_data2.3
+  libssh2_channel_ignore_extended_data.3
+  libssh2_channel_open_ex.3
+  libssh2_channel_open_session.3
+  libssh2_channel_process_startup.3
+  libssh2_channel_read.3
+  libssh2_channel_read_ex.3
+  libssh2_channel_read_stderr.3
+  libssh2_channel_receive_window_adjust.3
+  libssh2_channel_receive_window_adjust2.3
+  libssh2_channel_request_pty.3
+  libssh2_channel_request_pty_ex.3
+  libssh2_channel_request_pty_size.3
+  libssh2_channel_request_pty_size_ex.3
+  libssh2_channel_send_eof.3
+  libssh2_channel_set_blocking.3
+  libssh2_channel_setenv.3
+  libssh2_channel_setenv_ex.3
+  libssh2_channel_shell.3
+  libssh2_channel_subsystem.3
+  libssh2_channel_wait_closed.3
+  libssh2_channel_wait_eof.3
+  libssh2_channel_window_read.3
+  libssh2_channel_window_read_ex.3
+  libssh2_channel_window_write.3
+  libssh2_channel_window_write_ex.3
+  libssh2_channel_write.3
+  libssh2_channel_write_ex.3
+  libssh2_channel_write_stderr.3
+  libssh2_channel_x11_req.3
+  libssh2_channel_x11_req_ex.3
+  libssh2_exit.3
+  libssh2_free.3
+  libssh2_hostkey_hash.3
+  libssh2_init.3
+  libssh2_keepalive_config.3
+  libssh2_keepalive_send.3
+  libssh2_knownhost_add.3
+  libssh2_knownhost_addc.3
+  libssh2_knownhost_check.3
+  libssh2_knownhost_checkp.3
+  libssh2_knownhost_del.3
+  libssh2_knownhost_free.3
+  libssh2_knownhost_get.3
+  libssh2_knownhost_init.3
+  libssh2_knownhost_readfile.3
+  libssh2_knownhost_readline.3
+  libssh2_knownhost_writefile.3
+  libssh2_knownhost_writeline.3
+  libssh2_poll.3
+  libssh2_poll_channel_read.3
+  libssh2_publickey_add.3
+  libssh2_publickey_add_ex.3
+  libssh2_publickey_init.3
+  libssh2_publickey_list_fetch.3
+  libssh2_publickey_list_free.3
+  libssh2_publickey_remove.3
+  libssh2_publickey_remove_ex.3
+  libssh2_publickey_shutdown.3
+  libssh2_scp_recv.3
+  libssh2_scp_recv2.3
+  libssh2_scp_send.3
+  libssh2_scp_send64.3
+  libssh2_scp_send_ex.3
+  libssh2_session_abstract.3
+  libssh2_session_banner_get.3
+  libssh2_session_banner_set.3
+  libssh2_session_block_directions.3
+  libssh2_session_callback_set.3
+  libssh2_session_disconnect.3
+  libssh2_session_disconnect_ex.3
+  libssh2_session_flag.3
+  libssh2_session_free.3
+  libssh2_session_get_blocking.3
+  libssh2_session_get_timeout.3
+  libssh2_session_hostkey.3
+  libssh2_session_init.3
+  libssh2_session_init_ex.3
+  libssh2_session_last_errno.3
+  libssh2_session_last_error.3
+  libssh2_session_set_last_error.3
+  libssh2_session_method_pref.3
+  libssh2_session_methods.3
+  libssh2_session_set_blocking.3
+  libssh2_session_set_timeout.3
+  libssh2_session_startup.3
+  libssh2_session_supported_algs.3
+  libssh2_sftp_close.3
+  libssh2_sftp_close_handle.3
+  libssh2_sftp_closedir.3
+  libssh2_sftp_fsetstat.3
+  libssh2_sftp_fstat.3
+  libssh2_sftp_fstat_ex.3
+  libssh2_sftp_fstatvfs.3
+  libssh2_sftp_fsync.3
+  libssh2_sftp_get_channel.3
+  libssh2_sftp_init.3
+  libssh2_sftp_last_error.3
+  libssh2_sftp_lstat.3
+  libssh2_sftp_mkdir.3
+  libssh2_sftp_mkdir_ex.3
+  libssh2_sftp_open.3
+  libssh2_sftp_open_ex.3
+  libssh2_sftp_opendir.3
+  libssh2_sftp_read.3
+  libssh2_sftp_readdir.3
+  libssh2_sftp_readdir_ex.3
+  libssh2_sftp_readlink.3
+  libssh2_sftp_realpath.3
+  libssh2_sftp_rename.3
+  libssh2_sftp_rename_ex.3
+  libssh2_sftp_rewind.3
+  libssh2_sftp_rmdir.3
+  libssh2_sftp_rmdir_ex.3
+  libssh2_sftp_seek.3
+  libssh2_sftp_seek64.3
+  libssh2_sftp_setstat.3
+  libssh2_sftp_shutdown.3
+  libssh2_sftp_stat.3
+  libssh2_sftp_stat_ex.3
+  libssh2_sftp_statvfs.3
+  libssh2_sftp_symlink.3
+  libssh2_sftp_symlink_ex.3
+  libssh2_sftp_tell.3
+  libssh2_sftp_tell64.3
+  libssh2_sftp_unlink.3
+  libssh2_sftp_unlink_ex.3
+  libssh2_sftp_write.3
+  libssh2_trace.3
+  libssh2_trace_sethandler.3
+  libssh2_userauth_authenticated.3
+  libssh2_userauth_hostbased_fromfile.3
+  libssh2_userauth_hostbased_fromfile_ex.3
+  libssh2_userauth_keyboard_interactive.3
+  libssh2_userauth_keyboard_interactive_ex.3
+  libssh2_userauth_list.3
+  libssh2_userauth_password.3
+  libssh2_userauth_password_ex.3
+  libssh2_userauth_publickey.3
+  libssh2_userauth_publickey_fromfile.3
+  libssh2_userauth_publickey_fromfile_ex.3
+  libssh2_version.3)
+
+include(GNUInstallDirs)
+install(FILES ${MAN_PAGES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)

docs/HACKING.CRYPTO

@@ -0,0 +1,593 @@
+	Definitions needed to implement a specific crypto library
+
+This document offers some hints about implementing a new crypto library
+interface.
+
+A crypto library interface consists of at least a header file, defining
+entities referenced from the libssh2 core modules.
+Real code implementation (if needed), is left at the implementor's choice.
+
+This document lists the entities that must/may be defined in the header file.
+
+Procedures listed as "void" may indeed have a result type: the void indication
+indicates the libssh2 core modules never use the function result.
+
+
+1) Crypto library initialization/termination.
+
+void libssh2_crypto_init(void);
+Initializes the crypto library. May be an empty macro if not needed.
+
+void libssh2_crypto_exit(void);
+Terminates the crypto library use. May be an empty macro if not needed.
+
+
+2) HMAC
+
+libssh2_hmac_ctx
+Type of an HMAC computation context. Generally a struct.
+Used for all hash algorithms.
+
+void libssh2_hmac_ctx_init(libssh2_hmac_ctx ctx);
+Initializes the HMAC computation context ctx.
+Called before setting-up the hash algorithm.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_hmac_update(libssh2_hmac_ctx ctx,
+	                 const unsigned char *data,
+	                 int datalen);
+Continue computation of an HMAC on datalen bytes at data using context ctx.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_hmac_final(libssh2_hmac_ctx ctx,
+	                unsigned char output[]);
+Get the computed HMAC from context ctx into the output buffer. The
+minimum data buffer size depends on the HMAC hash algorithm.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx);
+Releases the HMAC computation context at ctx.
+
+
+3) Hash algorithms.
+
+3.1) SHA-1
+Must always be implemented.
+
+SHA_DIGEST_LENGTH
+#define to 20, the SHA-1 digest length.
+
+libssh2_sha1_ctx
+Type of an SHA1 computation context. Generally a struct.
+
+int libssh2_sha1_init(libssh2_sha1_ctx *x);
+Initializes the SHA-1 computation context at x.
+Returns 1 for success and 0 for failure
+
+void libssh2_sha1_update(libssh2_sha1_ctx ctx,
+	                 const unsigned char *data,
+	                 size_t len);
+Continue computation of SHA-1 on len bytes at data using context ctx.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_sha1_final(libssh2_sha1_ctx ctx,
+                        unsigned char output[SHA1_DIGEST_LEN]);
+Get the computed SHA-1 signature from context ctx and store it into the
+output buffer.
+Release the context.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx,
+	                    const void *key,
+	                    int keylen);
+Setup the HMAC computation context ctx for an HMAC-SHA-1 computation using the
+keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
+
+3.2) SHA-256
+Must always be implemented.
+
+SHA256_DIGEST_LENGTH
+#define to 32, the SHA-256 digest length.
+
+libssh2_sha256_ctx
+Type of an SHA-256 computation context. Generally a struct.
+
+int libssh2_sha256_init(libssh2_sha256_ctx *x);
+Initializes the SHA-256 computation context at x.
+Returns 1 for success and 0 for failure
+
+void libssh2_sha256_update(libssh2_sha256_ctx ctx,
+	                   const unsigned char *data,
+	                   size_t len);
+Continue computation of SHA-256 on len bytes at data using context ctx.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_sha256_final(libssh2_sha256_ctx ctx,
+	                  unsigned char output[SHA256_DIGEST_LENGTH]);
+Gets the computed SHA-256 signature from context ctx into the output buffer.
+Release the context.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+int libssh2_sha256(const unsigned char *message,
+                   unsigned long len,
+                   unsigned char output[SHA256_DIGEST_LENGTH]);
+Computes the SHA-256 signature over the given message of length len and
+store the result into the output buffer.
+Return 1 if error, else 0.
+Note: Seems unused in current code, but defined in each crypto library backend.
+
+LIBSSH2_HMAC_SHA256
+#define as 1 if the crypto library supports HMAC-SHA-256, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+void libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx,
+	                      const void *key,
+	                      int keylen);
+Setup the HMAC computation context ctx for an HMAC-256 computation using the
+keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
+
+3.3) SHA-512
+LIBSSH2_HMAC_SHA512
+#define as 1 if the crypto library supports HMAC-SHA-512, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+SHA512_DIGEST_LENGTH
+#define to 64, the SHA-512 digest length.
+
+void libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx,
+	                      const void *key,
+	                      int keylen);
+Setup the HMAC computation context ctx for an HMAC-512 computation using the
+keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
+
+3.4) MD5
+LIBSSH2_MD5
+#define to 1 if the crypto library supports MD5, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+MD5_DIGEST_LENGTH
+#define to 16, the MD5 digest length.
+
+libssh2_md5_ctx
+Type of an MD5 computation context. Generally a struct.
+
+int libssh2_md5_init(libssh2_md5_ctx *x);
+Initializes the MD5 computation context at x.
+Returns 1 for success and 0 for failure
+
+void libssh2_md5_update(libssh2_md5_ctx ctx,
+	                const unsigned char *data,
+	                size_t len);
+Continues computation of MD5 on len bytes at data using context ctx.
+Returns 1 for success and 0 for failure.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_md5_final(libssh2_md5_ctx ctx,
+	               unsigned char output[MD5_DIGEST_LENGTH]);
+Gets the computed MD5 signature from context ctx into the output buffer.
+Release the context.
+Note: if the ctx parameter is modified by the underlying code,
+this procedure must be implemented as a macro to map ctx --> &ctx.
+
+void libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx,
+	                   const void *key,
+	                   int keylen);
+Setup the HMAC computation context ctx for an HMAC-MD5 computation using the
+keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
+
+3.5) RIPEMD-160
+LIBSSH2_HMAC_RIPEMD
+#define as 1 if the crypto library supports HMAC-RIPEMD-160, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+void libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx,
+	                         const void *key,
+	                         int keylen);
+Setup the HMAC computation context ctx for an HMAC-RIPEMD-160 computation using
+the keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
+Returns 1 for success and 0 for failure.
+
+
+4) Bidirectional Key ciphers.
+
+_libssh2_cipher_ctx
+Type of a cipher computation context.
+
+_libssh2_cipher_type(name);
+Macro defining name as storage identifying a cipher algorithm for
+the crypto library interface. No trailing semicolon.
+
+int _libssh2_cipher_init(_libssh2_cipher_ctx *h,
+                         _libssh2_cipher_type(algo),
+                         unsigned char *iv,
+                         unsigned char *secret,
+                         int encrypt);
+Creates a cipher context for the given algorithm with the initialization vector
+iv and the secret key secret. Prepare for encryption or decryption depending on
+encrypt.
+Return 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
+                          _libssh2_cipher_type(algo),
+                          int encrypt,
+                          unsigned char *block,
+                          size_t blocksize);
+Encrypt or decrypt in-place data at (block, blocksize) using the given
+context and/or algorithm.
+Return 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+void _libssh2_cipher_dtor(_libssh2_cipher_ctx *ctx);
+Release cipher context at ctx.
+
+4.1) AES
+4.1.1) AES in CBC block mode.
+LIBSSH2_AES
+#define as 1 if the crypto library supports AES in CBC mode, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+_libssh2_cipher_aes128
+AES-128-CBC algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+_libssh2_cipher_aes192
+AES-192-CBC algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+_libssh2_cipher_aes256
+AES-256-CBC algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+4.1.2) AES in CTR block mode.
+LIBSSH2_AES_CTR
+#define as 1 if the crypto library supports AES in CTR mode, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+void _libssh2_init_aes_ctr(void);
+Initialize static AES CTR ciphers.
+This procedure is already prototyped in crypto.h.
+
+_libssh2_cipher_aes128ctr
+AES-128-CTR algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+_libssh2_cipher_aes192ctr
+AES-192-CTR algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+_libssh2_cipher_aes256ctr
+AES-256-CTR algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+4.2) Blowfish in CBC block mode.
+LIBSSH2_BLOWFISH
+#define as 1 if the crypto library supports blowfish in CBC mode, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+_libssh2_cipher_blowfish
+Blowfish-CBC algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+4.3) RC4.
+LIBSSH2_RC4
+#define as 1 if the crypto library supports RC4 (arcfour), else 0.
+If defined as 0, the rest of this section can be omitted.
+
+_libssh2_cipher_arcfour
+RC4 algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+4.4) CAST5 in CBC block mode.
+LIBSSH2_CAST
+#define 1 if the crypto library supports cast, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+_libssh2_cipher_cast5
+CAST5-CBC algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+4.5) Tripple DES in CBC block mode.
+LIBSSH2_3DES
+#define as 1 if the crypto library supports TripleDES in CBC mode, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+_libssh2_cipher_3des
+TripleDES-CBC algorithm identifier initializer.
+#define with constant value of type _libssh2_cipher_type().
+
+
+5) Big numbers.
+Positive multi-byte integers support is sufficient.
+
+5.1) Computation contexts.
+This has a real meaning if the big numbers computations need some context
+storage. If not, use a dummy type and functions (macros).
+
+_libssh2_bn_ctx
+Type of multiple precision computation context. May not be empty. if not used,
+#define as char, for example.
+
+libssh2_bn_ctx _libssh2_bn_ctx_new(void);
+Returns a new multiple precision computation context.
+
+void _libssh2_bn_ctx_free(_libssh2_bn_ctx ctx);
+Releases a multiple precision computation context.
+
+5.2) Computation support.
+_libssh2_bn
+Type of multiple precision numbers (aka bignumbers or huge integers) for the
+crypto library.
+
+_libssh2_bn * _libssh2_bn_init(void);
+Creates a multiple precision number (preset to zero).
+
+_libssh2_bn * _libssh2_bn_init_from_bin(void);
+Create a multiple precision number intended to be set by the
+_libssh2_bn_from_bin() function (see below). Unlike _libssh2_bn_init(), this
+code may be a dummy initializer if the _libssh2_bn_from_bin() actually
+allocates the number. Returns a value of type _libssh2_bn *.
+
+void _libssh2_bn_free(_libssh2_bn *bn);
+Destroys the multiple precision number at bn.
+
+unsigned long _libssh2_bn_bytes(libssh2_bn *bn);
+Get the number of bytes needed to store the bits of the multiple precision
+number at bn.
+
+unsigned long _libssh2_bn_bits(_libssh2_bn *bn);
+Returns the number of bits of multiple precision number at bn.
+
+int _libssh2_bn_set_word(_libssh2_bn *bn, unsigned long val);
+Sets the value of bn to val.
+Returns 1 on success, 0 otherwise.
+
+_libssh2_bn * _libssh2_bn_from_bin(_libssh2_bn *bn, int len,
+	                           const unsigned char *val);
+Converts the positive integer in big-endian form of length len at val
+into a _libssh2_bn and place it in bn. If bn is NULL, a new _libssh2_bn is
+created.
+Returns a pointer to target _libssh2_bn or NULL if error.
+
+int _libssh2_bn_to_bin(_libssh2_bn *bn, unsigned char *val);
+Converts the absolute value of bn into big-endian form and store it at
+val. val must point to _libssh2_bn_bytes(bn) bytes of memory.
+Returns the length of the big-endian number.
+
+void _libssh2_bn_rand(_libssh2_bn *bn, int bits, int top, int bottom);
+Generates a cryptographically strong pseudo-random number of bits in
+length and stores it in bn. If top is -1, the most significant bit of the
+random number can be zero. If top is 0, it is set to 1, and if top is 1, the
+two most significant bits of the number will be set to 1, so that the product
+of two such random numbers will always have 2*bits length. If bottom is true,
+the number will be odd.
+
+void _libssh2_bn_mod_exp(_libssh2_bn *r, _libssh2_bn *a,
+	                 _libssh2_bn *p, _libssh2_bn *m,
+	                 _libssh2_bn_ctx *ctx);
+Computes a to the p-th power modulo m and stores the result into r (r=a^p % m).
+May use the given context.
+
+
+6) Private key algorithms.
+Format of an RSA public key:
+a) "ssh-rsa".
+b) RSA exponent, MSB first, with high order bit = 0.
+c) RSA modulus, MSB first, with high order bit = 0.
+Each item is preceded by its 32-bit byte length, MSB first.
+
+Format of a DSA public key:
+a) "ssh-dss".
+b) p, MSB first, with high order bit = 0.
+c) q, MSB first, with high order bit = 0.
+d) g, MSB first, with high order bit = 0.
+e) pub_key, MSB first, with high order bit = 0.
+Each item is preceded by its 32-bit byte length, MSB first.
+
+int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
+                              unsigned char **method,
+                              size_t *method_len,
+                              unsigned char **pubkeydata,
+                              size_t *pubkeydata_len,
+                              const char *privatekey,
+                              const char *passphrase);
+Reads a private key from file privatekey and extract the public key -->
+(pubkeydata, pubkeydata_len). Store the associated method (ssh-rsa or ssh-dss)
+into (method, method_len).
+Both buffers have to be allocated using LIBSSH2_ALLOC().
+Returns 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                    unsigned char **method,
+                                    size_t *method_len,
+                                    unsigned char **pubkeydata,
+                                    size_t *pubkeydata_len,
+                                    const char *privatekeydata,
+                                    size_t privatekeydata_len,
+                                    const char *passphrase);
+Gets a private key from bytes at (privatekeydata, privatekeydata_len) and
+extract the public key --> (pubkeydata, pubkeydata_len). Store the associated
+method (ssh-rsa or ssh-dss) into (method, method_len).
+Both buffers have to be allocated using LIBSSH2_ALLOC().
+Returns 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+6.1) RSA
+LIBSSH2_RSA
+#define as 1 if the crypto library supports RSA, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+libssh2_rsa_ctx
+Type of an RSA computation context. Generally a struct.
+
+int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
+                     const unsigned char *edata,
+                     unsigned long elen,
+                     const unsigned char *ndata,
+                     unsigned long nlen,
+                     const unsigned char *ddata,
+                     unsigned long dlen,
+                     const unsigned char *pdata,
+                     unsigned long plen,
+                     const unsigned char *qdata,
+                     unsigned long qlen,
+                     const unsigned char *e1data,
+                     unsigned long e1len,
+                     const unsigned char *e2data,
+                     unsigned long e2len,
+                     const unsigned char *coeffdata, unsigned long coefflen);
+Creates a new context for RSA computations from key source values:
+	pdata, plen	Prime number p. Only used if private key known (ddata).
+	qdata, qlen	Prime number q. Only used if private key known (ddata).
+	ndata, nlen	Modulus n.
+	edata, elen	Exponent e.
+	ddata, dlen	e^-1 % phi(n) = private key. May be NULL if unknown.
+	e1data, e1len	dp = d % (p-1). Only used if private key known (dtata).
+	e2data, e2len	dq = d % (q-1). Only used if private key known (dtata).
+	coeffdata, coefflen	q^-1 % p. Only used if private key known.
+Returns 0 if OK.
+This procedure is already prototyped in crypto.h.
+Note: the current generic code only calls this function with e and n (public
+key parameters): unless used internally by the backend, it is not needed to
+support the private key and the other parameters here.
+
+int _libssh2_rsa_new_private(libssh2_rsa_ctx **rsa,
+                             LIBSSH2_SESSION *session,
+                             const char *filename,
+                             unsigned const char *passphrase);
+Reads an RSA private key from file filename into a new RSA context.
+Must call _libssh2_init_if_needed().
+Return 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
+                                        LIBSSH2_SESSION *session,
+                                        const char *data,
+					size_t data_len,
+                                        unsigned const char *passphrase);
+Gets an RSA private key from data into a new RSA context.
+Must call _libssh2_init_if_needed().
+Return 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
+                             const unsigned char *sig,
+                             unsigned long sig_len,
+                             const unsigned char *m, unsigned long m_len);
+Verify (sig, siglen) signature of (m, m_len) using an SHA-1 hash and the
+RSA context.
+Return 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_rsa_sha1_signv(LIBSSH2_SESSION *session,
+	                    unsigned char **sig, size_t *siglen,
+	                    int count, const struct iovec vector[],
+	                    libssh2_rsa_ctx *ctx);
+RSA signs the SHA-1 hash computed over the count data chunks in vector.
+Signature is stored at (sig, siglen).
+Signature buffer must be allocated from the given session.
+Returns 0 if OK, else -1.
+Note: this procedure is optional: if provided, it MUST be defined as a macro.
+
+int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
+                           libssh2_rsa_ctx *rsactx,
+                           const unsigned char *hash,
+                           size_t hash_len,
+                           unsigned char **signature,
+                           size_t *signature_len);
+RSA signs the (hash, hashlen) SHA-1 hash bytes and stores the allocated
+signature at (signature, signature_len).
+Signature buffer must be allocated from the given session.
+Returns 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+Note: this procedure is not used if macro _libssh2_rsa_sha1_signv() is defined.
+
+void _libssh2_rsa_free(libssh2_rsa_ctx *rsactx);
+Releases the RSA computation context at rsactx.
+
+
+6.2) DSA
+LIBSSH2_DSA
+#define as 1 if the crypto library supports DSA, else 0.
+If defined as 0, the rest of this section can be omitted.
+
+
+libssh2_dsa_ctx
+Type of a DSA computation context. Generally a struct.
+
+int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
+                     const unsigned char *pdata,
+                     unsigned long plen,
+                     const unsigned char *qdata,
+                     unsigned long qlen,
+                     const unsigned char *gdata,
+                     unsigned long glen,
+                     const unsigned char *ydata,
+                     unsigned long ylen,
+                     const unsigned char *x, unsigned long x_len);
+Creates a new context for DSA computations from source key values:
+	pdata, plen	Prime number p. Only used if private key known (ddata).
+	qdata, qlen	Prime number q. Only used if private key known (ddata).
+	gdata, glen	G number.
+	ydata, ylen	Public key.
+	xdata, xlen	Private key. Only taken if xlen non-zero.
+Returns 0 if OK.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_dsa_new_private(libssh2_dsa_ctx **dsa,
+                             LIBSSH2_SESSION *session,
+                             const char *filename,
+                             unsigned const char *passphrase);
+Gets a DSA private key from file filename into a new DSA context.
+Must call _libssh2_init_if_needed().
+Return 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx **dsa,
+                                        LIBSSH2_SESSION *session,
+                                        const char *data,
+					size_t data_len,
+                                        unsigned const char *passphrase);
+Gets a DSA private key from the data_len-bytes data into a new DSA context.
+Must call _libssh2_init_if_needed().
+Returns 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
+                             const unsigned char *sig,
+                             const unsigned char *m, unsigned long m_len);
+Verify (sig, siglen) signature of (m, m_len) using an SHA1 hash and the
+DSA context.
+Returns 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
+                           const unsigned char *hash,
+                           unsigned long hash_len, unsigned char *sig);
+DSA signs the (hash, hash_len) data using SHA-1 and store the signature at sig.
+Returns 0 if OK, else -1.
+This procedure is already prototyped in crypto.h.
+
+void _libssh2_dsa_free(libssh2_dsa_ctx *dsactx);
+Releases the DSA computation context at dsactx.
+
+
+7) Miscellaneous
+
+void libssh2_prepare_iovec(struct iovec *vector, unsigned int len);
+Prepare len consecutive iovec slots before using them.
+In example, this is needed to preset unused structure slacks on platforms
+requiring it.
+If this is not needed, it should be defined as an empty macro.
+
+void _libssh2_random(unsigned char *buf, int len);
+Store len random bytes at buf.

docs/INSTALL_CMAKE

@@ -0,0 +1,174 @@
+License: see COPYING
+
+Source code: https://github.com/libssh2/libssh2
+
+Web site source code: https://github.com/libssh2/www
+
+Installation instructions are in docs/INSTALL
+=======
+To build libssh2 you will need CMake v2.8 or later [1] and one of the
+following cryptography libraries:
+
+* OpenSSL
+* Libgcrypt
+* WinCNG
+
+Getting started
+---------------
+
+If you are happy with the default options, make a new build directory,
+change to it, configure the build environment and build the project:
+
+  mkdir bin
+  cd bin
+  cmake ..
+  cmake --build .
+
+libssh2 will be built as a static library and will use any
+cryptography library available.  The library binary will be put in
+`bin/src`, with the examples in `bin/example` and the tests in
+`bin/tests`.
+
+Customising the build
+---------------------
+
+Of course, you might want to customise the build options.  You can
+pass the options to CMake on the command line:
+
+  cmake -D<option>=<value> ..
+
+The following options are available:
+
+ * `BUILD_SHARED_LIBS=OFF`
+
+    Determines whether libssh2 is built as a static library or as a
+    shared library (.dll/.so).  Can be `ON` or `OFF`.
+
+ * `CRYPTO_BACKEND=`
+
+    Chooses a specific cryptography library to use for cryptographic
+    operations.  Can be `OpenSSL` (http://www.openssl.org),
+    `Libgcrypt` (http://www.gnupg.org/), `WinCNG` (Windows Vista+) or
+    blank to use any library available.
+
+    CMake will attempt to locate the libraries automatically.  See [2]
+    for more information.
+
+ * `ENABLE_ZLIB_COMPRESSION=OFF`
+
+    Will use zlib (http://www.zlib.org) for payload compression.  Can
+    be `ON` or `OFF`.
+
+ * `ENABLE_CRYPT_NONE=OFF`
+
+    The SSH2 Transport allows for unencrypted data transmission using
+    the "none" cipher.  Because this is such a huge security hole, it
+    is typically disabled on SSH2 implementations and is disabled in
+    libssh2 by default as well.
+
+    Enabling this option will allow for "none" as a negotiable method,
+    however it still requires that the method be advertized by the
+    remote end and that no more-preferable methods are available.
+
+ * `ENABLE_MAC_NONE=OFF`
+
+    The SSH2 Transport also allows implementations to forego a message
+    authentication code.  While this is less of a security risk than
+    using a "none" cipher, it is still not recommended as disabling
+    MAC hashes removes a layer of security.
+
+    Enabling this option will allow for "none" as a negotiable method,
+    however it still requires that the method be advertized by the
+    remote end and that no more-preferable methods are available.
+
+ * `ENABLE_GEX_NEW=ON`
+
+    The diffie-hellman-group-exchange-sha1 (dh-gex) key exchange
+    method originally defined an exchange negotiation using packet
+    type 30 to request a generation pair based on a single target
+    value.  Later refinement of dh-gex provided for range and target
+    values.  By default libssh2 will use the newer range method.
+
+    If you experience trouble connecting to an old SSH server using
+    dh-gex, try this option to fallback on the older more reliable
+    method.
+
+ * `ENABLE_DEBUG_LOGGING=ON` in Debug, `=OFF` in Release
+
+    Will enable the libssh2_trace() function for showing debug traces.
+
+Build tools
+-----------
+
+The previous examples used CMake to start the build using:
+
+  cmake --build .
+
+Alternatively, once CMake has configured your project, you can just
+use your own build tool, e.g GNU make, Visual Studio, etc., from that
+point onwards.
+
+Tests
+-----
+
+To test the build, run the appropriate test target for your build
+system.  For example:
+
+  cmake --build . --target test
+or
+  cmake --build . --target RUN_TESTS
+
+How do I use libssh2 in my project if my project doesn't use CMake?
+-------------------------------------------------------------------
+
+If you are not using CMake for your own project, install libssh2
+
+  cmake <libssh2 source location>
+  cmake --build .
+  cmake --build . --target install
+or
+  cmake --build . --target INSTALL
+
+and then specify the install location to your project in the normal
+way for your build environment.  If you don't like the default install
+location, add `-DCMAKE_INSTALL_PREFIX=<chosen prefix>` when initially
+configuring the project.
+
+How can I use libssh2 in my project if it also uses CMake?
+----------------------------------------------------------
+
+If your own project also uses CMake, you don't need to worry about
+setting it up with libssh2's location.  Just add just the following
+lines and CMake will find libssh2 on your system, set up the necessary
+paths and link the library with your binary.
+
+    find_package(Libssh2 REQUIRED CONFIG)
+    target_link_libraries(my_project_target Libssh2::libssh2)
+
+Of course, you still have to make libssh2 available on your system
+first.  You can install it in the traditional way shown above, but you
+don't have to.  Instead you can just build it, which will export its
+location to the user package registry [3] where `find_package` will
+find it.
+
+You can even combine the two steps using a so-called 'superbuild'
+project [4] that downloads, builds and exports libssh2, and then
+builds your project:
+
+    include(ExternalProject)
+
+    ExternalProject_Add(
+        Libssh2
+        URL <libssh2 download location>
+        URL_HASH SHA1=<libssh2 archive SHA1>
+	INSTALL_COMMAND "")
+
+    ExternalProject_Add(
+        MyProject DEPENDS Libssh2
+        SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src
+        INSTALL_COMMAND "")
+
+[1] http://www.cmake.org/cmake/resources/software.html
+[2] http://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html
+[3] http://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html#package-registry
+[4] http://www.kitware.com/media/html/BuildingExternalProjectsWithCMake2.8.html

docs/Makefile.am

@@ -1,6 +1,7 @@
 # $Id: Makefile.am,v 1.37 2009/03/26 15:41:15 bagder Exp $
 
-EXTRA_DIST = template.3 BINDINGS INSTALL HACKING TODO AUTHORS
+EXTRA_DIST = template.3 BINDINGS INSTALL_AUTOTOOLS INSTALL_CMAKE HACKING TODO	\
+ AUTHORS CMakeLists.txt HACKING.CRYPTO
 
 dist_man_MANS = \
 	libssh2_agent_connect.3 \
@@ -88,6 +89,7 @@ dist_man_MANS = \
 	libssh2_publickey_remove_ex.3 \
 	libssh2_publickey_shutdown.3 \
 	libssh2_scp_recv.3 \
+	libssh2_scp_recv2.3 \
 	libssh2_scp_send.3 \
 	libssh2_scp_send64.3 \
 	libssh2_scp_send_ex.3 \
@@ -108,6 +110,7 @@ dist_man_MANS = \
 	libssh2_session_init_ex.3 \
 	libssh2_session_last_errno.3 \
 	libssh2_session_last_error.3 \
+	libssh2_session_set_last_error.3 \
 	libssh2_session_method_pref.3 \
 	libssh2_session_methods.3 \
 	libssh2_session_set_blocking.3 \
@@ -168,4 +171,5 @@ dist_man_MANS = \
 	libssh2_userauth_publickey.3 \
 	libssh2_userauth_publickey_fromfile.3 \
 	libssh2_userauth_publickey_fromfile_ex.3 \
+	libssh2_userauth_publickey_frommemory.3 \
 	libssh2_version.3

docs/libssh2_scp_recv.3

@@ -8,6 +8,9 @@ LIBSSH2_CHANNEL *
 libssh2_scp_recv(LIBSSH2_SESSION *session, const char *path, struct stat *sb);
 
 .SH DESCRIPTION
+This function is \fBDEPRECATED\fP. Use \fIlibssh2_scp_recv2(3)\fP
+instead!
+
 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)
 

docs/libssh2_scp_recv2.3

@@ -0,0 +1,32 @@
+.TH libssh2_scp_recv2 3 "29 Jun 2015" "libssh2 1.6.1" "libssh2 manual"
+.SH NAME
+libssh2_scp_recv2 - request a remote file via SCP
+.SH SYNOPSIS
+#include <libssh2.h>
+
+LIBSSH2_CHANNEL *
+libssh2_scp_recv2(LIBSSH2_SESSION *session, const char *path, struct_stat *sb);
+
+.SH DESCRIPTION
+\fIsession\fP - Session instance as returned by 
+.BR libssh2_session_init_ex(3)
+
+\fIpath\fP - Full path and filename of file to transfer. That is the remote
+file name.
+
+\fIsb\fP - Populated with remote file's size, mode, mtime, and atime
+
+Request a file from the remote host via SCP.
+.SH RETURN VALUE
+Pointer to a newly allocated LIBSSH2_CHANNEL instance, or NULL on errors.
+.SH ERRORS
+\fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
+
+\fILIBSSH2_ERROR_SCP_PROTOCOL\fP - 
+
+\fILIBSSH2_ERROR_EAGAIN\fP - Marked for non-blocking I/O but the call would
+block.
+.SH SEE ALSO
+.BR libssh2_session_init_ex(3)
+.BR libssh2_channel_open_ex(3)
+

docs/libssh2_session_last_errno.3

@@ -18,3 +18,4 @@ Numeric error code corresponding to the the Error Code constants.
 
 .SH SEE ALSO
 .BR libssh2_session_last_error(3)
+.BR libssh2_session_set_last_error(3)

docs/libssh2_session_last_error.3

@@ -29,3 +29,4 @@ Numeric error code corresponding to the the Error Code constants.
 
 .SH SEE ALSO
 .BR libssh2_session_last_errno(3)
+.BR libssh2_session_set_last_error(3)

docs/libssh2_session_set_last_error.3

@@ -0,0 +1,33 @@
+.TH libssh2_session_set_last_error 3 "26 Oct 2015" "libssh2 1.6.1" "libssh2 manual"
+.SH NAME
+libssh2_session_set_last_error - sets the internal error state
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int
+libssh2_session_set_last_error(LIBSSH2_SESSION *session, int errcode, const char *errmsg)
+
+.SH DESCRIPTION
+\fIsession\fP - Session instance as returned by
+.BR libssh2_session_init_ex(3)
+
+\fIerrcode\fP - One of the error codes as defined in the public
+libssh2 header file.
+
+\fIerrmsg\fP - If not NULL, a copy of the given string is stored
+inside the session object as the error message.
+
+This function is provided for high level language wrappers
+(i.e. Python or Perl) and other libraries that may extend libssh2 with
+additional features while still relying on its error reporting
+mechanism.
+
+.SH RETURN VALUE
+Numeric error code corresponding to the the Error Code constants.
+
+.SH AVAILABILITY
+Added in 1.6.1
+
+.SH SEE ALSO
+.BR libssh2_session_last_error(3)
+.BR libssh2_session_last_errno(3)

docs/libssh2_userauth_publickey_frommemory.3

@@ -0,0 +1,56 @@
+.TH libssh2_userauth_publickey_frommemory 3 "1 Sep 2014" "libssh2 1.5" "libssh2 manual"
+.SH NAME
+libssh2_userauth_publickey_frommemory - authenticate a session with a public key, read from memory
+.SH SYNOPSIS
+#include <libssh2.h>
+
+.nf
+int libssh2_userauth_publickey_frommemory(LIBSSH2_SESSION *session,
+                                           const char *username,
+                                           size_t username_len,
+                                           const char *publickeydata,
+                                           size_t publickeydata_len,
+                                           const char *privatekeydata,
+                                           size_t privatekeydata_len,
+                                           const char *passphrase);
+.SH DESCRIPTION
+This function allows to authenticate a session with a public key read from memory.
+It's only supported when libssh2 is backed by OpenSSL.
+\fIsession\fP - Session instance as returned by
+.BR libssh2_session_init_ex(3)
+
+\fIusername\fP - Remote user name to authenticate as.
+
+\fIusername_len\fP - Length of username.
+
+\fIpublickeydata\fP - Buffer containing the contents of a public key file.
+
+\fIpublickeydata_len\fP - Length of public key data.
+
+\fIprivatekeydata\fP - Buffer containing the contents of a private key file.
+
+\fIprivatekeydata_len\fP - Length of private key data.
+
+\fIpassphrase\fP - Passphrase to use when decoding private key file.
+
+Attempt public key authentication using a PEM encoded private key file stored in memory.
+.SH RETURN VALUE
+Return 0 on success or negative on failure.  It returns
+LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
+LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
+.SH ERRORS
+\fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
+
+\fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
+
+\fILIBSSH2_ERROR_SOCKET_TIMEOUT\fP - 
+
+\fILIBSSH2_ERROR_PUBLICKEY_UNVERIFIED\fP - The username/public key
+combination was invalid.
+
+\fILIBSSH2_ERROR_AUTHENTICATION_FAILED\fP - Authentication using the supplied
+public key was not accepted.
+.SH AVAILABILITY
+libssh2_userauth_publickey_frommemory was added in libssh2 1.6.0
+.SH SEE ALSO
+.BR libssh2_session_init_ex(3)

example/CMakeLists.txt

@@ -0,0 +1,100 @@
+# Copyright (c) 2014, 2015 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CheckIncludeFiles)
+include(CheckSymbolExists)
+include(CopyRuntimeDependencies)
+include(SocketLibraries)
+
+set(EXAMPLES
+  direct_tcpip
+  ssh2
+  scp
+  scp_nonblock
+  scp_write
+  scp_write_nonblock
+  sftp
+  sftp_nonblock
+  sftp_write
+  sftp_write_nonblock
+  sftp_mkdir
+  sftp_mkdir_nonblock
+  sftp_RW_nonblock
+  sftp_write_sliding
+  sftpdir
+  sftpdir_nonblock
+  ssh2_exec
+  ssh2_agent
+  ssh2_echo
+  sftp_append
+  subsystem_netconf
+  tcpip-forward)
+
+append_needed_socket_libraries(LIBRARIES)
+
+foreach(example ${EXAMPLES})
+  add_executable(example-${example} ${example}.c)
+  list(APPEND EXAMPLE_TARGETS example-${example})
+  # to find generated header
+  target_include_directories(example-${example} PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+  target_link_libraries(example-${example} libssh2 ${LIBRARIES})
+endforeach()
+add_target_to_copy_dependencies(
+  TARGET copy_example_dependencies
+  DEPENDENCIES ${RUNTIME_DEPENDENCIES}
+  BEFORE_TARGETS ${EXAMPLE_TARGETS})
+
+## Platform checks
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files(stdlib.h HAVE_STDLIB_H)
+check_include_files(sys/select.h HAVE_SYS_SELECT_H)
+check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
+check_include_files(sys/time.h HAVE_SYS_TIME_H)
+check_include_files(arpa/inet.h HAVE_ARPA_INET_H)
+check_include_files(netinet/in.h HAVE_NETINET_IN_H)
+check_include_files(winsock2.h HAVE_WINSOCK2_H)
+
+check_symbol_exists(strcasecmp strings.h HAVE_STRCASECMP)
+check_symbol_exists(_stricmp string.h HAVE__STRICMP)
+check_symbol_exists(snprintf stdio.h HAVE_SNPRINTF)
+check_symbol_exists(_snprintf stdio.h HAVE__SNPRINTF)
+
+check_symbol_exists(__func__ "" HAVE___FUNC__)
+check_symbol_exists(__FUNCTION__ "" HAVE___FUNCTION__)
+
+configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in
+  ${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h)

example/Makefile.am

@@ -1,6 +1,6 @@
 AUTOMAKE_OPTIONS = foreign nostdinc
 
-EXTRA_DIST = libssh2_config.h.in
+EXTRA_DIST = libssh2_config.h.in libssh2_config_cmake.h.in CMakeLists.txt
 
 # samples
 noinst_PROGRAMS = direct_tcpip ssh2 scp scp_nonblock scp_write		\

example/direct_tcpip.c

@@ -15,10 +15,13 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 #include <sys/types.h>
-
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
@@ -272,14 +275,17 @@ int main(int argc, char *argv[])
                 goto shutdown;
             }
             wr = 0;
-            do {
-                i = libssh2_channel_write(channel, buf, len);
+            while(wr < len) {
+                i = libssh2_channel_write(channel, buf + wr, len - wr);
+                if (LIBSSH2_ERROR_EAGAIN == i) {
+                    continue;
+                }
                 if (i < 0) {
                     fprintf(stderr, "libssh2_channel_write: %d\n", i);
                     goto shutdown;
                 }
                 wr += i;
-            } while(i > 0 && wr < len);
+            }
         }
         while (1) {
             len = libssh2_channel_read(channel, buf, sizeof(buf));

example/libssh2_config_cmake.h.in

@@ -0,0 +1,72 @@
+/* Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Headers */
+#cmakedefine HAVE_UNISTD_H
+#cmakedefine HAVE_INTTYPES_H
+#cmakedefine HAVE_STDLIB_H
+#cmakedefine HAVE_SYS_SELECT_H
+#cmakedefine HAVE_SYS_SOCKET_H
+#cmakedefine HAVE_SYS_TIME_H
+#cmakedefine HAVE_ARPA_INET_H
+#cmakedefine HAVE_NETINET_IN_H
+#cmakedefine HAVE_WINSOCK2_H
+
+/* Functions */
+#cmakedefine HAVE_STRCASECMP
+#cmakedefine HAVE__STRICMP
+#cmakedefine HAVE_SNPRINTF
+#cmakedefine HAVE__SNPRINTF
+
+/* Workaround for platforms without POSIX strcasecmp (e.g. Windows) */
+#ifndef HAVE_STRCASECMP
+# ifdef HAVE__STRICMP
+# define strcasecmp _stricmp
+# define HAVE_STRCASECMP
+# endif
+#endif
+
+/* Symbols */
+#cmakedefine HAVE___FUNC__
+#cmakedefine HAVE___FUNCTION__
+
+/* Workaround for platforms without C90 __func__ */
+#ifndef HAVE___FUNC__
+# ifdef HAVE___FUNCTION__
+# define __func__ __FUNCTION__
+# define HAVE___FUNC__
+# endif
+#endif

example/scp.c

@@ -41,9 +41,9 @@ int main(int argc, char *argv[])
     const char *username="username";
     const char *password="password";
     const char *scppath="/tmp/TEST";
-    struct stat fileinfo;
+    libssh2_struct_stat fileinfo;
     int rc;
-    off_t got=0;
+    libssh2_struct_stat_size got = 0;
 
 #ifdef WIN32
     WSADATA wsadata;
@@ -137,7 +137,7 @@ int main(int argc, char *argv[])
     }
 
     /* Request a file via SCP */
-    channel = libssh2_scp_recv(session, scppath, &fileinfo);
+    channel = libssh2_scp_recv2(session, scppath, &fileinfo);
 
     if (!channel) {
         fprintf(stderr, "Unable to open a session: %d\n",
@@ -151,7 +151,7 @@ int main(int argc, char *argv[])
         int amount=sizeof(mem);
 
         if((fileinfo.st_size -got) < amount) {
-            amount = fileinfo.st_size -got;
+            amount = (int)(fileinfo.st_size -got);
         }
 
         rc = libssh2_channel_read(channel, mem, amount);

example/scp_nonblock.c

@@ -38,12 +38,14 @@
 #include <stdio.h>
 #include <ctype.h>
 
+#ifdef HAVE_GETTIMEOFDAY
 /* diff in ms */
 static long tvdiff(struct timeval newer, struct timeval older)
 {
   return (newer.tv_sec-older.tv_sec)*1000+
       (newer.tv_usec-older.tv_usec)/1000;
 }
+#endif
 
 static int waitsocket(int socket_fd, LIBSSH2_SESSION *session)
 {
@@ -86,14 +88,16 @@ int main(int argc, char *argv[])
     const char *username="username";
     const char *password="password";
     const char *scppath="/tmp/TEST";
-    struct stat fileinfo;
+    libssh2_struct_stat fileinfo;
+#ifdef HAVE_GETTIMEOFDAY
     struct timeval start;
     struct timeval end;
-    int rc;
-    int total = 0;
     long time_ms;
+#endif
+    int rc;
     int spin = 0;
-    off_t got=0;
+    libssh2_struct_stat_size got = 0;
+    libssh2_struct_stat_size total = 0;
 
 #ifdef WIN32
     WSADATA wsadata;
@@ -149,7 +153,9 @@ int main(int argc, char *argv[])
     /* Since we have set non-blocking, tell libssh2 we are non-blocking */
     libssh2_session_set_blocking(session, 0);
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&start, NULL);
+#endif
 
     /* ... start it up. This will trade welcome banners, exchange keys,
      * and setup crypto, compression, and MAC layers
@@ -201,9 +207,9 @@ int main(int argc, char *argv[])
 #endif
 
     /* Request a file via SCP */
-    fprintf(stderr, "libssh2_scp_recv()!\n");
+    fprintf(stderr, "libssh2_scp_recv2()!\n");
     do {
-        channel = libssh2_scp_recv(session, scppath, &fileinfo);
+        channel = libssh2_scp_recv2(session, scppath, &fileinfo);
 
         if (!channel) {
             if(libssh2_session_last_errno(session) != LIBSSH2_ERROR_EAGAIN) {
@@ -229,7 +235,7 @@ int main(int argc, char *argv[])
             int amount=sizeof(mem);
 
             if ((fileinfo.st_size -got) < amount) {
-                amount = fileinfo.st_size - got;
+                amount = (int)(fileinfo.st_size - got);
             }
 
             /* loop until we block */
@@ -252,11 +258,15 @@ int main(int argc, char *argv[])
         break;
     }
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&end, NULL);
 
     time_ms = tvdiff(end, start);
-    fprintf(stderr, "Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total,
+    fprintf(stderr, "Got " LIBSSH2_STRUCT_STAT_SIZE_FORMAT " bytes in %ld ms = %.1f bytes/sec spin: %d\n", total,
            time_ms, total/(time_ms/1000.0), spin);
+#else
+    fprintf(stderr, "Got " LIBSSH2_STRUCT_STAT_SIZE_FORMAT " bytes spin: %d\n", total, spin);
+#endif
 
     libssh2_channel_free(channel);
     channel = NULL;

example/sftp_nonblock.c

@@ -39,12 +39,14 @@
 #include <stdio.h>
 #include <ctype.h>
 
+#ifdef HAVE_GETTIMEOFDAY
 /* diff in ms */
 static long tvdiff(struct timeval newer, struct timeval older)
 {
   return (newer.tv_sec-older.tv_sec)*1000+
       (newer.tv_usec-older.tv_usec)/1000;
 }
+#endif
 
 static int waitsocket(int socket_fd, LIBSSH2_SESSION *session)
 {
@@ -86,11 +88,13 @@ int main(int argc, char *argv[])
     const char *username="username";
     const char *password="password";
     const char *sftppath="/tmp/TEST";
+#ifdef HAVE_GETTIMEOFDAY
     struct timeval start;
     struct timeval end;
+    long time_ms;
+#endif
     int rc;
     int total = 0;
-    long time_ms;
     int spin = 0;
     LIBSSH2_SFTP *sftp_session;
     LIBSSH2_SFTP_HANDLE *sftp_handle;
@@ -151,7 +155,9 @@ int main(int argc, char *argv[])
     /* Since we have set non-blocking, tell libssh2 we are non-blocking */
     libssh2_session_set_blocking(session, 0);
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&start, NULL);
+#endif
 
     /* ... start it up. This will trade welcome banners, exchange keys,
         * and setup crypto, compression, and MAC layers
@@ -254,10 +260,14 @@ int main(int argc, char *argv[])
         }
     } while (1);
 
+#ifdef HAVE_GETTIMEOFDAY
     gettimeofday(&end, NULL);
     time_ms = tvdiff(end, start);
     fprintf(stderr, "Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total,
            time_ms, total/(time_ms/1000.0), spin );
+#else
+    fprintf(stderr, "Got %d bytes spin: %d\n", total, spin);
+#endif
 
     libssh2_sftp_close(sftp_handle);
     libssh2_sftp_shutdown(sftp_session);

example/ssh2.c

@@ -243,7 +243,7 @@ int main(int argc, char *argv[])
 
     /* Other channel types are supported via:
      * libssh2_scp_send()
-     * libssh2_scp_recv()
+     * libssh2_scp_recv2()
      * libssh2_channel_direct_tcpip()
      */
 

example/ssh2_agent.c

@@ -217,7 +217,7 @@ int main(int argc, char *argv[])
 
     /* Other channel types are supported via:
      * libssh2_scp_send()
-     * libssh2_scp_recv()
+     * libssh2_scp_recv2()
      * libssh2_channel_direct_tcpip()
      */
 

example/ssh2_echo.c

@@ -29,10 +29,13 @@
 #ifdef HAVE_ARPA_INET_H
 # include <arpa/inet.h>
 #endif
-
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
+#endif
 #include <sys/types.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>

example/ssh2_exec.c

@@ -31,10 +31,13 @@
 #ifdef HAVE_ARPA_INET_H
 # include <arpa/inet.h>
 #endif
-
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
+#endif
 #include <sys/types.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>

example/subsystem_netconf.c

@@ -16,10 +16,13 @@
 #include <errno.h>
 #include <stdio.h>
 #include <string.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 #include <sys/types.h>
-
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
@@ -28,6 +31,12 @@
 #define INADDR_NONE (in_addr_t)~0
 #endif
 
+#ifndef HAVE_SNPRINTF
+# ifdef HAVE__SNPRINTF
+# define snprintf _snprintf
+# endif
+#endif
+
 const char *keyfile1 = "/home/username/.ssh/id_rsa.pub";
 const char *keyfile2 = "/home/username/.ssh/id_rsa";
 const char *username = "username";

example/tcpip-forward.c

@@ -15,10 +15,13 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <stdio.h>
+#ifdef HAVE_STDLIB_H
 #include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
 #include <unistd.h>
+#endif
 #include <sys/types.h>
-
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif

include/libssh2.h

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2009, Sara Golemon <sarag@libssh2.org>
- * Copyright (c) 2009-2012 Daniel Stenberg
+ * Copyright (c) 2009-2015 Daniel Stenberg
  * Copyright (c) 2010 Simon Josefsson <simon@josefsson.org>
  * All rights reserved.
  *
@@ -40,19 +40,19 @@
 #ifndef LIBSSH2_H
 #define LIBSSH2_H 1
 
-#define LIBSSH2_COPYRIGHT "2004-2014 The libssh2 project and its contributors."
+#define LIBSSH2_COPYRIGHT "2004-2016 The libssh2 project and its contributors."
 
 /* We use underscore instead of dash when appending DEV in dev versions just
    to make the BANNER define (used by src/session.c) be a valid SSH
    banner. Release versions have no appended strings and may of course not
    have dashes either. */
-#define LIBSSH2_VERSION                             "1.4.4_DEV"
+#define LIBSSH2_VERSION                             "1.7.0_DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBSSH2_VERSION_MAJOR                       1
-#define LIBSSH2_VERSION_MINOR                       4
-#define LIBSSH2_VERSION_PATCH                       4
+#define LIBSSH2_VERSION_MINOR                       7
+#define LIBSSH2_VERSION_PATCH                       0
 
 /* This is the numeric version of the libssh2 version number, meant for easier
    parsing and comparions by programs. The LIBSSH2_VERSION_NUM define will
@@ -69,7 +69,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBSSH2_VERSION_NUM                         0x010404
+#define LIBSSH2_VERSION_NUM                         0x010700
 
 /*
  * This is the date and time when the full source package was created. The
@@ -114,7 +114,7 @@ extern "C" {
 # endif /* LIBSSH2_WIN32 */
 #endif /* LIBSSH2_API */
 
-#if defined(LIBSSH2_DARWIN)
+#ifdef HAVE_SYS_UIO_H
 # include <sys/uio.h>
 #endif
 
@@ -145,6 +145,68 @@ typedef int libssh2_socket_t;
 #define LIBSSH2_INVALID_SOCKET -1
 #endif /* WIN32 */
 
+/*
+ * Determine whether there is small or large file support on windows.
+ */
+
+#if defined(_MSC_VER) && !defined(_WIN32_WCE)
+#  if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64)
+#    define LIBSSH2_USE_WIN32_LARGE_FILES
+#  else
+#    define LIBSSH2_USE_WIN32_SMALL_FILES
+#  endif
+#endif
+
+#if defined(__MINGW32__) && !defined(LIBSSH2_USE_WIN32_LARGE_FILES)
+#  define LIBSSH2_USE_WIN32_LARGE_FILES
+#endif
+
+#if defined(__WATCOMC__) && !defined(LIBSSH2_USE_WIN32_LARGE_FILES)
+#  define LIBSSH2_USE_WIN32_LARGE_FILES
+#endif
+
+#if defined(__POCC__)
+#  undef LIBSSH2_USE_WIN32_LARGE_FILES
+#endif
+
+#if defined(_WIN32) && !defined(LIBSSH2_USE_WIN32_LARGE_FILES) && \
+    !defined(LIBSSH2_USE_WIN32_SMALL_FILES)
+#  define LIBSSH2_USE_WIN32_SMALL_FILES
+#endif
+
+/*
+ * Large file (>2Gb) support using WIN32 functions.
+ */
+
+#ifdef LIBSSH2_USE_WIN32_LARGE_FILES
+#  include <io.h>
+#  include <sys/types.h>
+#  include <sys/stat.h>
+#  define LIBSSH2_STRUCT_STAT_SIZE_FORMAT    "%I64d"
+typedef struct _stati64 libssh2_struct_stat;
+typedef __int64 libssh2_struct_stat_size;
+#endif
+
+/*
+ * Small file (<2Gb) support using WIN32 functions.
+ */
+
+#ifdef LIBSSH2_USE_WIN32_SMALL_FILES
+#  include <sys/types.h>
+#  include <sys/stat.h>
+#  ifndef _WIN32_WCE
+#    define LIBSSH2_STRUCT_STAT_SIZE_FORMAT    "%d"
+typedef struct _stat libssh2_struct_stat;
+typedef off_t libssh2_struct_stat_size;
+#  endif
+#endif
+
+#ifndef LIBSSH2_STRUCT_STAT_SIZE_FORMAT
+#  define LIBSSH2_STRUCT_STAT_SIZE_FORMAT      "%zd"
+typedef struct stat libssh2_struct_stat;
+typedef off_t libssh2_struct_stat_size;
+#endif
+
 /* Part of every banner, user specified or not */
 #define LIBSSH2_SSH_BANNER                  "SSH-2.0-libssh2_" LIBSSH2_VERSION
 
@@ -506,6 +568,9 @@ LIBSSH2_API int libssh2_session_last_error(LIBSSH2_SESSION *session,
                                            char **errmsg,
                                            int *errmsg_len, int want_buf);
 LIBSSH2_API int libssh2_session_last_errno(LIBSSH2_SESSION *session);
+LIBSSH2_API int libssh2_session_set_last_error(LIBSSH2_SESSION* session,
+                                               int errcode,
+                                               const char* errmsg);
 LIBSSH2_API int libssh2_session_block_directions(LIBSSH2_SESSION *session);
 
 LIBSSH2_API int libssh2_session_flag(LIBSSH2_SESSION *session, int flag,
@@ -576,6 +641,16 @@ libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session,
                                         (username),                     \
                                         (unsigned int)strlen(username))
 
+LIBSSH2_API int
+libssh2_userauth_publickey_frommemory(LIBSSH2_SESSION *session,
+                                      const char *username,
+                                      size_t username_len,
+                                      const char *publickeyfiledata,
+                                      size_t publickeyfiledata_len,
+                                      const char *privatekeyfiledata,
+                                      size_t privatekeyfiledata_len,
+                                      const char *passphrase);
+
 /*
  * response_callback is provided with filled by library prompts array,
  * but client must allocate and fill individual responses. Responses
@@ -586,7 +661,8 @@ LIBSSH2_API int
 libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION* session,
                                          const char *username,
                                          unsigned int username_len,
-                                         LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback)));
+                                         LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC(
+                                                       (*response_callback)));
 
 #define libssh2_userauth_keyboard_interactive(session, username,        \
                                               response_callback)        \
@@ -795,9 +871,14 @@ LIBSSH2_API int libssh2_channel_close(LIBSSH2_CHANNEL *channel);
 LIBSSH2_API int libssh2_channel_wait_closed(LIBSSH2_CHANNEL *channel);
 LIBSSH2_API int libssh2_channel_free(LIBSSH2_CHANNEL *channel);
 
+/* libssh2_scp_recv is DEPRECATED, do not use! */
 LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_recv(LIBSSH2_SESSION *session,
                                               const char *path,
                                               struct stat *sb);
+/* Use libssh2_scp_recv2 for large (> 2GB) file support on windows */
+LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_recv2(LIBSSH2_SESSION *session,
+                                               const char *path,
+                                               libssh2_struct_stat *sb);
 LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_send_ex(LIBSSH2_SESSION *session,
                                                  const char *path, int mode,
                                                  size_t size, long mtime,

include/libssh2_publickey.h

@@ -69,7 +69,8 @@ typedef struct _libssh2_publickey_list {
     libssh2_publickey_attribute *attrs; /* free me */
 } libssh2_publickey_list;
 
-/* Generally use the first macro here, but if both name and value are string literals, you can use _fast() to take advantage of preprocessing */
+/* Generally use the first macro here, but if both name and value are string
+   literals, you can use _fast() to take advantage of preprocessing */
 #define libssh2_publickey_attribute(name, value, mandatory) \
   { (name), strlen(name), (value), strlen(value), (mandatory) },
 #define libssh2_publickey_attribute_fast(name, value, mandatory) \

libssh2.pc.in

@@ -12,6 +12,6 @@ URL: http://www.libssh2.org/
 Description: Library for SSH-based communication
 Version: @LIBSSH2VER@
 Requires.private: @LIBSREQUIRED@
-Libs: -L${libdir} -lssh2 @LDFLAGS@ @LIBS@
+Libs: -L${libdir} -lssh2 @LIBS@
 Libs.private: @LIBS@
 Cflags: -I${includedir}

nw/GNUmakefile

@@ -545,6 +545,7 @@ endif
 	@echo $(DL)  libssh2_knownhost_readfile,$(DL) >> $@
 	@echo $(DL)  libssh2_knownhost_writefile,$(DL) >> $@
 	@echo $(DL)  libssh2_scp_recv,$(DL) >> $@
+	@echo $(DL)  libssh2_scp_recv2,$(DL) >> $@
 	@echo $(DL)  libssh2_scp_send64,$(DL) >> $@
 	@echo $(DL)  libssh2_scp_send_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_session_abstract,$(DL) >> $@

os400/README400

@@ -0,0 +1,169 @@
+
+Implementation notes:
+
+  This is a true OS/400 implementation, not a PASE implementation (for PASE,
+use AIX implementation).
+
+It uses ASCII as internal character set. This has been accomplished using the
+QADRT library and include files, a C and system procedures ASCII wrapper
+library. See IBM QADRT description for more information.
+  This results in libssh2 being an ASCII library: any function string
+argument is taken/returned in ASCII and a C/C++ calling program built around
+QADRT may use libssh2 functions as on any other platform.
+  QADRT does not define ASCII wrappers for all C/system procedures: an
+additional module (os400sys.c) define some more of them, that are used by
+libssh2 and that QADRT left out.
+  Since standard library entry points expect and return ASCII character strings,
+additional procedures are provided for string transcoding (see below). No
+wrappers to standard procedures are provided: however, nested calls to
+transcoding procedures may be used.
+
+Crypto API is provided by the IBM QC3 API library. It supports RSA, but not DSA.
+
+
+  Standard compilation environment does support neither autotools nor make;
+in fact, very few common utilities are available. As a consequence, the
+libssh2_config.h has been coded manually and the compilation scripts are
+a set of shell scripts stored in subdirectory os400.
+
+  The test environment is currently not supported on OS/400.
+
+
+
+Compiling on OS/400:
+
+  These instructions target people who knows about OS/400, compiling, IFS and
+archive extraction. Do not ask questions about these subjects if you're not
+familiar with.
+
+_ As a prerequisite, QADRT development environment must be installed.
+_ Install the libssh2 sources directory in IFS.
+_ Enter shell (QSH)
+_ Change current directory to the libssh2 sources installation directory
+_ Change current directory to os400
+_ Edit file iniscript.sh. You may want to change tunable configuration
+  parameters, like debug info generation, optimisation level, listing option,
+  target library, zlib availability and location, etc.
+_ Copy any file in the current directory to makelog (i.e.:
+  cp initscript.sh makelog): this is intended to create the makelog file with
+  an ASCII CCSID!
+_ Enter the command "sh make.sh > makelog 2>&1'
+_ Examine the makelog file to check for compilation errors.
+
+  Leaving file initscript.sh unchanged, this will produce the following OS/400
+objects:
+_ Library LIBSSH2. All other objects will be stored in this library.
+_ Modules for all libssh2 units.
+_ Binding directory LIBSSH2_A, to be used at calling program link time for
+  statically binding the modules (specify BNDSRVPGM(QADRTTS) when creating a
+  program using LIBSSH2_A. Also give access to the zlib BNDDIR/SRVPGM if
+  libssh2 is compiled with zlib).
+_ Service program LIBSSH2.<soname>, where <soname> is extracted from the
+  src/Makefile.am VERSION variable. To be used at calling program run-time
+  when this program has dynamically bound libssh2 at link time.
+_ Binding directory LIBSSH2. To be used to dynamically bind libssh2 when
+  linking a calling program.
+_ Source file H. It contains all the include members needed to compile a C/C++
+  module using libssh2.
+_ LIBSSH2, SSH2_PKEY, SSH2_SFTP members in file H. These are the C/C++ header
+  files. Original fames have been mangled to fit member name allowed syntax.
+_ Source file LIBSSH2RPG. It contains all the ILE/RPG /INCLUDE members
+  needed to compile an ILE/RPG program calling libssh2 procedures.
+_ LIBSSH2, SSH2_PKEY, SSH2_SFTP members in file LIBSSH2RPG. These are
+  ILE/RPG translations of the corresponding C header files.
+
+
+
+Special programming consideration:
+
+QADRT being used, the following points must be considered:
+_ If static binding is used, service program QADRTTS must be linked too.
+_ Likewise, if libssh2 has been compiled with zlib support, access to the
+  zlib objects must be provided at link time.
+_ The EBCDIC CCSID used by QADRT is 37 by default, NOT THE JOB'S CCSID. If
+  another EBCDIC CCSID is required, it must be set via a locale through a call
+  to setlocale_a (QADRT's setlocale() ASCII wrapper) with category LC_ALL or
+  LC_CTYPE, or by setting environment variable QADRT_ENV_LOCALE to the locale
+  object path before executing the program.
+_ Do not use original source include files unless you know what you are doing.
+  Use the installed members instead (in /QSYS.LIB/LIBSSH2.LIB/H.FILE).
+
+
+
+String transcoding support:
+
+  To help passing arbitrarily encoded string arguments and/or receiving string
+values from/to the libssh2 API, three non-standard additional procedures are
+provided. They use a session pointer and a "string cache" pointer.
+  Each time a string is transcoded, it is cached in the given cache. It is
+the responsibility of the caller to release the cache when its associted strings
+are no longer needed. These procedures and the string cache type are defined
+in a new libssh2_ccsid.h header file.
+  To create a string cache, use:
+
+#include <libssh2_ccsid.h>
+libssh2_string_cache *  cache = NULL;
+
+  To release all strings in a cache, call:
+
+libssh2_release_string_cache(session, &cache);
+
+  The transcoding procedures are:
+
+char * libssh2_from_ccsid(LIBSSH2_SESSION *session,
+                          libssh2_string_cache **cache,
+                          unsigned short ccsid,
+                          const char *string, ssize_t inlen,
+                          size_t *outlen);
+char * libssh2_to_ccsid(LIBSSH2_SESSION *session,
+                        libssh2_string_cache **cache,
+                        unsigned short ccsid,
+                        const char *string, ssize_t inlen,
+                        size_t *outlen);
+
+where:
+    session      is a libssh2 session used for memory allocation.
+    cache        is the address of a string cache.
+    ccsid        is the external (i.e.: non libssh2) coded character set id.
+                 65535 means no conversion and 0 means the current job's CCSID.
+    string       is the string to convert.
+    inlen        is the source string length in bytes: set to -1 if
+                 null-terminated.
+    outlen       if not NULL, is the address of a variable that will receive
+                 the transcoded string length upon return.
+
+  libssh2_from_ccsid() transcodes the string from the given CCSID to libssh2
+internal encoding (UTF-8). It is intended to be used to convert API input
+parameters.
+  libssh2_to_ccsid() transcodes the string from libssh2 internal encoding
+(UTF-8) to the given CCSID. This has been implemented to get standard API
+string results in a program's native encoding.
+
+  Both these functions return a pointer to the null-terminated converted string,
+or NULL if an error occurred. In addition, the variable pointed by outlen
+receives the effective byte length of the (cached) translated string, or -1
+in case of error.
+
+
+
+ILE/RPG support:
+
+  Since 95% of the OS/400 programmers use ILE/RPG exclusively, a definition
+  /INCLUDE member is provided for this language. To include libssh2
+  definitions in an ILE/RPG module, line
+
+     h bnddir('LIBSSH2/LIBSSH2')
+
+must figure in the program header, and line
+
+     d/include libssh2/libssh2rpg,libssh2
+
+in the global data section of the module's source code.
+If required, members ssh2_sftp, ssh2_pkey and ssh2_ccsid may also be included.
+
+For IFS source compilations, include members are located in directory
+/libssh2/include/libssh2rpg and have their original names retained.
+
+ILE/RPG lacks a serious macro preprocessor, thus C macros requiring this
+feature have not been translated. However, function-like C macros have been
+implemented as procedures and therefore supported in ILE/RPG.

os400/ccsid.c

@@ -0,0 +1,252 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Character encoding wrappers. */
+
+#include "libssh2_priv.h"
+#include "libssh2_ccsid.h"
+
+#include <qtqiconv.h>
+#include <iconv.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+
+
+
+#define CCSID_UTF8      1208
+#define CCSID_UTF16BE   13488
+#define STRING_GRANULE  256
+#define MAX_CHAR_SIZE   4
+
+#define OFFSET_OF(t, f) ((size_t) ((char *) &((t *) 0)->f - (char *) 0))
+
+
+struct _libssh2_string_cache {
+    libssh2_string_cache *  next;
+    char                    string[1];
+};
+
+
+static const QtqCode_T  utf8code = { CCSID_UTF8 };
+
+
+static ssize_t
+terminator_size(unsigned short ccsid)
+{
+    QtqCode_T outcode;
+    iconv_t cd;
+    char *inp;
+    char *outp;
+    size_t ilen;
+    size_t olen;
+    char buf[MAX_CHAR_SIZE];
+
+    /* Return the null-terminator size for the given CCSID. */
+
+    /* Fast check usual CCSIDs. */
+    switch (ccsid) {
+    case CCSID_UTF8:
+    case 0:                                 /* Job CCSID is SBCS EBCDIC. */
+        return 1;
+    case CCSID_UTF16BE:
+        return 2;
+    }
+
+    /* Convert an UTF-8 NUL to the target CCSID: use the converted size as
+       result. */
+    memset((void *) &outcode, 0, sizeof outcode);
+    outcode.CCSID = ccsid;
+    cd = QtqIconvOpen(&outcode, (QtqCode_T *) &utf8code);
+    if (cd.return_value == -1)
+        return -1;
+    inp = "";
+    ilen = 1;
+    outp = buf;
+    olen = sizeof buf;
+    iconv(cd, &inp, &ilen, &outp, &olen);
+    iconv_close(cd);
+    olen = sizeof buf - olen;
+    return olen? olen: -1;
+}
+
+static char *
+convert_ccsid(LIBSSH2_SESSION *session, libssh2_string_cache **cache,
+              unsigned short outccsid, unsigned short inccsid,
+              const char *instring, ssize_t inlen, size_t *outlen)
+{
+    char *inp;
+    char *outp;
+    size_t olen;
+    size_t ilen;
+    size_t buflen;
+    size_t curlen;
+    ssize_t termsize;
+    int i;
+    char *dst;
+    libssh2_string_cache *outstring;
+    QtqCode_T incode;
+    QtqCode_T outcode;
+    iconv_t cd;
+
+    if (!instring) {
+        if (outlen)
+            *outlen = 0;
+        return NULL;
+    }
+    if (outlen)
+        *outlen = -1;
+    if (!session || !cache)
+        return NULL;
+
+    /* Get terminator size. */
+    termsize = terminator_size(outccsid);
+    if (termsize < 0)
+        return NULL;
+ 
+    /* Prepare conversion parameters. */
+    memset((void *) &incode, 0, sizeof incode);
+    memset((void *) &outcode, 0, sizeof outcode);
+    incode.CCSID = inccsid;
+    outcode.CCSID = outccsid;
+    curlen = OFFSET_OF(libssh2_string_cache, string);
+    inp = (char *) instring;
+    ilen = inlen;
+    buflen = inlen + curlen;
+    if (inlen < 0) {
+        incode.length_option = 1;
+        buflen = STRING_GRANULE;
+        ilen = 0;
+    }
+
+    /* Allocate output string buffer and open conversion descriptor. */
+    dst = LIBSSH2_ALLOC(session, buflen + termsize);
+    if (!dst)
+        return NULL;
+    cd = QtqIconvOpen(&outcode, &incode);
+    if (cd.return_value == -1) {
+        LIBSSH2_FREE(session, (char *) dst);
+        return NULL;
+    }
+
+    /* Convert string. */
+    for (;;) {
+        outp = dst + curlen;
+        olen = buflen - curlen;
+        i = iconv(cd, &inp, &ilen, &outp, &olen);
+        if (inlen < 0 && olen == buflen - curlen) {
+            /* Special case: converted 0-length (sub)strings do not store the
+               terminator. */
+            if (termsize) {
+                memset(outp, 0, termsize);
+                olen -= termsize;
+            }
+        }
+        curlen = buflen - olen;
+        if (i >= 0 || errno != E2BIG)
+            break;
+        /* Must expand buffer. */
+        buflen += STRING_GRANULE;
+        outp = LIBSSH2_REALLOC(session, dst, buflen + termsize);
+        if (!outp)
+            break;
+        dst = outp;
+    }
+
+    iconv_close(cd);
+
+    /* Check for error. */
+    if (i < 0 || !outp) {
+        LIBSSH2_FREE(session, dst);
+        return NULL;
+    }
+
+    /* Process terminator. */
+    if (inlen < 0)
+        curlen -= termsize;
+    else if (termsize)
+        memset(dst + curlen, 0, termsize);
+
+    /* Shorten buffer if possible. */
+    if (curlen < buflen)
+        dst = LIBSSH2_REALLOC(session, dst, curlen + termsize);
+
+    /* Link to cache. */
+    outstring = (libssh2_string_cache *) dst;
+    outstring->next = *cache;
+    *cache = outstring;
+
+    /* Return length if required. */
+    if (outlen)
+        *outlen = curlen - OFFSET_OF(libssh2_string_cache, string);
+
+    return outstring->string;
+}
+
+LIBSSH2_API char *
+libssh2_from_ccsid(LIBSSH2_SESSION *session, libssh2_string_cache **cache,
+                   unsigned short ccsid, const char *string, ssize_t inlen,
+                   size_t *outlen)
+{
+    return convert_ccsid(session, cache,
+                         CCSID_UTF8, ccsid, string, inlen, outlen);
+}
+
+LIBSSH2_API char *
+libssh2_to_ccsid(LIBSSH2_SESSION *session, libssh2_string_cache **cache,
+                 unsigned short ccsid, const char *string, ssize_t inlen,
+                 size_t *outlen)
+{
+    return convert_ccsid(session, cache,
+                         ccsid, CCSID_UTF8, string, inlen, outlen);
+}
+
+LIBSSH2_API void
+libssh2_release_string_cache(LIBSSH2_SESSION *session,
+                             libssh2_string_cache **cache)
+{
+    libssh2_string_cache *p;
+
+    if (session && cache)
+        while ((p = *cache)) {
+            *cache = p->next;
+            LIBSSH2_FREE(session, (char *) p);
+        }
+}
+
+/* vim: set expandtab ts=4 sw=4: */

os400/include/alloca.h

@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#ifndef LIBSSH2_ALLOCA_H
+#define LIBSSH2_ALLOCA_H
+
+/* alloca() emulation. */
+
+#include <modasa.mih>
+
+#define alloca(n)       _MODASA(n)
+
+#endif
+
+/* vim: set expandtab ts=4 sw=4: */

os400/include/stdio.h

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#ifndef LIBSSH2_STDIO_H
+#define LIBSSH2_STDIO_H
+
+/*
+ *  <stdio.h> wrapper.
+ *  Its goal is to redefine snprintf/vsnprintf which are not supported by QADRT.
+ */
+
+#include <qadrt.h>
+
+#if __ILEC400_TGTVRM__ >= 710
+# include_next <stdio.h>
+#elif __ILEC400_TGTVRM__ >= 510
+# ifndef __SRCSTMF__
+#  include <QADRT/h/stdio>
+# else
+#  include </QIBM/ProdData/qadrt/include/stdio.h>
+# endif
+#endif
+
+extern int  _libssh2_os400_vsnprintf(char *dst, size_t len,
+                                     const char *fmt, va_list args);
+extern int  _libssh2_os400_snprintf(char *dst, size_t len,
+                                    const char *fmt, ...);
+
+#ifndef LIBSSH2_DISABLE_QADRT_EXT
+# define vsnprintf(dst, len, fmt, args)                                     \
+                        _libssh2_os400_vsnprintf((dst), (len), (fmt), (args))
+# define snprintf       _libssh2_os400_snprintf
+#endif
+
+#endif
+
+/* vim: set expandtab ts=4 sw=4: */

os400/include/sys/socket.h

@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#ifndef LIBSSH2_SYS_SOCKET_H
+#define LIBSSH2_SYS_SOCKET_H
+
+/*
+ *  <sys/socket.h> wrapper.
+ *  Redefines connect().
+ */
+
+#include <qadrt.h>
+
+#ifndef _QADRT_LT
+# define _QADRT_LT <
+#endif
+#ifndef _QADRT_GT
+# define _QADRT_GT >
+#endif
+
+#ifdef QADRT_SYSINC
+# include _QADRT_LT QADRT_SYSINC/sys/socket.h _QADRT_GT
+#elif __ILEC400_TGTVRM__ >= 710
+# include_next <sys/socket.h>
+#elif !defined(__SRCSTMF__)
+# include <QSYSINC/sys/socket>
+#else
+# include </QIBM/include/sys/socket.h>
+#endif
+
+extern int  _libssh2_os400_connect(int sd,
+                                   struct sockaddr * destaddr, int addrlen);
+
+#ifndef LIBSSH2_DISABLE_QADRT_EXT
+#define connect(sd, addr, len)  _libssh2_os400_connect((sd), (addr), (len))
+#endif
+
+#endif
+
+/* vim: set expandtab ts=4 sw=4: */

os400/initscript.sh

@@ -0,0 +1,243 @@
+#!/bin/sh
+
+
+setenv()
+
+{
+        #       Define and export.
+
+        eval ${1}="${2}"
+        export ${1}
+}
+
+
+case "${SCRIPTDIR}" in
+/*)     ;;
+*)      SCRIPTDIR="`pwd`/${SCRIPTDIR}"
+esac
+
+while true
+do      case "${SCRIPTDIR}" in
+        */.)    SCRIPTDIR="${SCRIPTDIR%/.}";;
+        *)      break;;
+        esac
+done
+
+#  The script directory is supposed to be in $TOPDIR/os400.
+
+TOPDIR=`dirname "${SCRIPTDIR}"`
+export SCRIPTDIR TOPDIR
+
+#  Extract the SONAME from the library makefile.
+
+SONAME=`sed -e '/^VERSION=/!d' -e 's/^.* \([0-9]*\):.*$/\1/' -e 'q'     \
+                                                < "${TOPDIR}/src/Makefile.am"`
+export SONAME
+
+
+################################################################################
+#
+#                       Tunable configuration parameters.
+#
+################################################################################
+
+setenv TARGETLIB        'LIBSSH2'               # Target OS/400 program library.
+setenv STATBNDDIR       'LIBSSH2_A'             # Static binding directory.
+setenv DYNBNDDIR        'LIBSSH2'               # Dynamic binding directory.
+setenv SRVPGM           "LIBSSH2.${SONAME}"     # Service program.
+setenv TGTCCSID         '500'                   # Target CCSID of objects.
+setenv DEBUG            '*ALL'                  # Debug level.
+setenv OPTIMIZE         '10'                    # Optimisation level
+setenv OUTPUT           '*NONE'                 # Compilation output option.
+setenv TGTRLS           'V5R3M0'                # Target OS release.
+setenv IFSDIR           '/libssh2'              # Installation IFS directory.
+
+#       Define ZLIB availability and locations.
+
+setenv WITH_ZLIB        0                       # Define to 1 to enable.
+setenv ZLIB_INCLUDE     '/zlib/include'         # ZLIB include IFS directory.
+setenv ZLIB_LIB         'ZLIB'                  # ZLIB library.
+setenv ZLIB_BNDDIR      'ZLIB_A'                # ZLIB binding directory.
+
+
+################################################################################
+
+#       Need to get the version definitions.
+
+LIBSSH2_VERSION=`grep '^#define  *LIBSSH2_VERSION '                     \
+                        "${TOPDIR}/include/libssh2.h"                   |
+                sed 's/.*"\(.*\)".*/\1/'`
+LIBSSH2_VERSION_MAJOR=`grep '^#define  *LIBSSH2_VERSION_MAJOR '         \
+                        "${TOPDIR}/include/libssh2.h"                   |
+                sed 's/^#define  *LIBSSH2_VERSION_MAJOR  *\([^ ]*\).*/\1/'`
+LIBSSH2_VERSION_MINOR=`grep '^#define  *LIBSSH2_VERSION_MINOR '         \
+                        "${TOPDIR}/include/libssh2.h"                   |
+                sed 's/^#define  *LIBSSH2_VERSION_MINOR  *\([^ ]*\).*/\1/'`
+LIBSSH2_VERSION_PATCH=`grep '^#define  *LIBSSH2_VERSION_PATCH '         \
+                        "${TOPDIR}/include/libssh2.h"                   |
+                sed 's/^#define  *LIBSSH2_VERSION_PATCH  *\([^ ]*\).*/\1/'`
+LIBSSH2_VERSION_NUM=`grep '^#define  *LIBSSH2_VERSION_NUM '             \
+                        "${TOPDIR}/include/libssh2.h"                   |
+                sed 's/^#define  *LIBSSH2_VERSION_NUM  *0x\([^ ]*\).*/\1/'`
+LIBSSH2_TIMESTAMP=`grep '^#define  *LIBSSH2_TIMESTAMP '                 \
+                        "${TOPDIR}/include/libssh2.h"                   |
+                sed 's/.*"\(.*\)".*/\1/'`
+export LIBSSH2_VERSION
+export LIBSSH2_VERSION_MAJOR LIBSSH2_VERSION_MINOR LIBSSH2_VERSION_PATCH
+export LIBSSH2_VERSION_NUM LIBSSH2_TIMESTAMP
+
+################################################################################
+#
+#                       OS/400 specific definitions.
+#
+################################################################################
+
+LIBIFSNAME="/QSYS.LIB/${TARGETLIB}.LIB"
+
+
+################################################################################
+#
+#                               Procedures.
+#
+################################################################################
+
+#       action_needed dest [src]
+#
+#       dest is an object to build
+#       if specified, src is an object on which dest depends.
+#
+#       exit 0 (succeeds) if some action has to be taken, else 1.
+
+action_needed()
+
+{
+        [ ! -e "${1}" ] && return 0
+        [ "${2}" ] || return 1
+        [ "${1}" -ot "${2}" ] && return 0
+        return 1
+}
+
+
+#       canonicalize_path path
+#
+#       Return canonicalized path as:
+#       - Absolute
+#       - No . or .. component.
+
+canonicalize_path()
+
+{
+        if expr "${1}" : '^/' > /dev/null
+        then    P="${1}"
+        else    P="`pwd`/${1}"
+        fi
+
+        R=
+        IFSSAVE="${IFS}"
+        IFS="/"
+
+        for C in ${P}
+        do      IFS="${IFSSAVE}"
+                case "${C}" in
+                .)      ;;
+                ..)     R=`expr "${R}" : '^\(.*/\)..*'`
+                        ;;
+                ?*)     R="${R}${C}/"
+                        ;;
+                *)      ;;
+                esac
+        done
+
+        IFS="${IFSSAVE}"
+        echo "/`expr "${R}" : '^\(.*\)/'`"
+}
+
+
+#       make_module module_name source_name [additional_definitions]
+#
+#       Compile source name into ASCII module if needed.
+#       As side effect, append the module name to variable MODULES.
+#       Set LINK to "YES" if the module has been compiled.
+
+make_module()
+
+{
+        MODULES="${MODULES} ${1}"
+        MODIFSNAME="${LIBIFSNAME}/${1}.MODULE"
+        action_needed "${MODIFSNAME}" "${2}" || return 0;
+        SRCDIR=`dirname \`canonicalize_path "${2}"\``
+
+        #       #pragma convert has to be in the source file itself, i.e.
+        #               putting it in an include file makes it only active
+        #               for that include file.
+        #       Thus we build a temporary file with the pragma prepended to
+        #               the source file and we compile that temporary file.
+
+        echo "#line 1 \"${2}\"" > __tmpsrcf.c
+        echo "#pragma convert(819)" >> __tmpsrcf.c
+        echo "#line 1" >> __tmpsrcf.c
+        cat "${2}" >> __tmpsrcf.c
+        CMD="CRTCMOD MODULE(${TARGETLIB}/${1}) SRCSTMF('__tmpsrcf.c')"
+#       CMD="${CMD} SYSIFCOPT(*IFS64IO) OPTION(*INCDIRFIRST *SHOWINC *SHOWSYS)"
+        CMD="${CMD} SYSIFCOPT(*IFS64IO) OPTION(*INCDIRFIRST)"
+        CMD="${CMD} LOCALETYPE(*LOCALE)"
+        CMD="${CMD} INCDIR('${TOPDIR}/os400/include'"
+        CMD="${CMD} '/QIBM/ProdData/qadrt/include' '${TOPDIR}/include'"
+        CMD="${CMD} '${TOPDIR}/os400' '${SRCDIR}'"
+
+        if [ "${WITH_ZLIB}" != "0" ]
+        then    CMD="${CMD} '${ZLIB_INCLUDE}'"
+        fi
+
+        CMD="${CMD} ${INCLUDES})"
+        CMD="${CMD} TGTCCSID(${TGTCCSID}) TGTRLS(${TGTRLS})"
+        CMD="${CMD} OUTPUT(${OUTPUT})"
+        CMD="${CMD} OPTIMIZE(${OPTIMIZE})"
+        CMD="${CMD} DBGVIEW(${DEBUG})"
+
+        DEFINES="${3}"
+
+        if [ "${WITH_ZLIB}" != "0" ]
+        then    DEFINES="${DEFINES} HAVE_LIBZ LIBSSH2_HAVE_ZLIB"
+        fi
+
+        if [ "${DEFINES}" ]
+        then    CMD="${CMD} DEFINE(${DEFINES})"
+        fi
+
+        system "${CMD}"
+        rm -f __tmpsrcf.c
+        LINK=YES
+}
+
+
+#       Determine DB2 object name from IFS name.
+
+db2_name()
+
+{
+        if [ "${2}" = 'nomangle' ]
+        then    basename "${1}"                                         |
+                tr 'a-z-' 'A-Z_'                                        |
+                sed -e 's/\..*//;s/^\(.\).*\(.........\)$/\1\2/'
+        else    basename "${1}"                                         |
+                tr 'a-z-' 'A-Z_'                                        |
+                sed -e 's/\..*//;s/^LIBSSH2_/SSH2_/'                    \
+                    -e 's/^\(.\).*\(.........\)$/\1\2/'                 \
+                    -e 's/^SPUBLICKEY$/SSH2_PKEY/'
+        fi
+}
+
+
+#       Copy stream replacing version info.
+
+versioned_copy()
+
+{
+        sed -e "s/@LIBSSH2_VERSION@/${LIBSSH2_VERSION}/g"               \
+            -e "s/@LIBSSH2_VERSION_MAJOR@/${LIBSSH2_VERSION_MAJOR}/g"   \
+            -e "s/@LIBSSH2_VERSION_MINOR@/${LIBSSH2_VERSION_MINOR}/g"   \
+            -e "s/@LIBSSH2_VERSION_PATCH@/${LIBSSH2_VERSION_PATCH}/g"   \
+            -e "s/@LIBSSH2_VERSION_NUM@/${LIBSSH2_VERSION_NUM}/g"       \
+            -e "s/@LIBSSH2_TIMESTAMP@/${LIBSSH2_TIMESTAMP}/g"
+}

os400/libssh2_ccsid.h

@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* CCSID conversion support. */
+
+#ifndef LIBSSH2_CCSID_H_
+#define LIBSSH2_CCSID_H_
+
+#include "libssh2.h"
+
+typedef struct _libssh2_string_cache    libssh2_string_cache;
+
+
+LIBSSH2_API char *
+libssh2_from_ccsid(LIBSSH2_SESSION *session, libssh2_string_cache **cache,
+                   unsigned short ccsid, const char *string, ssize_t inlen,
+                   size_t *outlen);
+LIBSSH2_API char *
+libssh2_to_ccsid(LIBSSH2_SESSION *session, libssh2_string_cache **cache,
+                 unsigned short ccsid, const char *string, ssize_t inlen,
+                 size_t *outlen);
+LIBSSH2_API void
+libssh2_release_string_cache(LIBSSH2_SESSION *session,
+                             libssh2_string_cache **cache);
+
+#endif
+
+/* vim: set expandtab ts=4 sw=4: */

os400/libssh2_config.h

@@ -0,0 +1,299 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#ifndef LIBSSH2_CONFIG_H
+#define LIBSSH2_CONFIG_H
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
+   systems. This function is required for `alloca.c' support on those systems.
+*/
+#undef CRAY_STACKSEG_END
+
+/* Define to 1 if using `alloca.c'. */
+#undef C_ALLOCA
+
+/* Define to 1 if you have `alloca', as a function or macro. */
+#define HAVE_ALLOCA 1
+
+/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix). */
+#define HAVE_ALLOCA_H 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the declaration of `SecureZeroMemory', and to 0 if
+   you don't. */
+#undef HAVE_DECL_SECUREZEROMEMORY
+
+/* disabled non-blocking sockets */
+#undef HAVE_DISABLED_NONBLOCKING
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the `EVP_aes_128_ctr' function. */
+#undef HAVE_EVP_AES_128_CTR
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* use FIONBIO for non-blocking sockets */
+#undef HAVE_FIONBIO
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* use ioctlsocket() for non-blocking sockets */
+#undef HAVE_IOCTLSOCKET
+
+/* use Ioctlsocket() for non-blocking sockets */
+#undef HAVE_IOCTLSOCKET_CASE
+
+/* Define if you have the bcrypt library. */
+#undef HAVE_LIBBCRYPT
+
+/* Define if you have the crypt32 library. */
+#undef HAVE_LIBCRYPT32
+
+/* Define if you have the gcrypt library. */
+#undef HAVE_LIBGCRYPT
+
+/* Define if you have the ssl library. */
+#undef HAVE_LIBSSL
+
+/* Define if you have the z library. */
+/* #undef HAVE_LIBZ */
+
+/* Define to 1 if the compiler supports the 'long long' data type. */
+#define HAVE_LONGLONG 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <ntdef.h> header file. */
+#undef HAVE_NTDEF_H
+
+/* Define to 1 if you have the <ntstatus.h> header file. */
+#undef HAVE_NTSTATUS_H
+
+/* use O_NONBLOCK for non-blocking sockets */
+#define HAVE_O_NONBLOCK 1
+
+/* Define to 1 if you have the `poll' function. */
+#undef HAVE_POLL
+
+/* Define to 1 if you have the select function. */
+#define HAVE_SELECT 1
+
+/* use SO_NONBLOCK for non-blocking sockets */
+#undef HAVE_SO_NONBLOCK
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#define HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the `strtoll' function. */
+#define HAVE_STRTOLL 1
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#define HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#define HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the <windows.h> header file. */
+#undef HAVE_WINDOWS_H
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to 1 if you have the <ws2tcpip.h> header file. */
+#undef HAVE_WS2TCPIP_H
+
+/* to make a symbol visible */
+#undef LIBSSH2_API
+
+/* Enable clearing of memory before being freed */
+#define LIBSSH2_CLEAR_MEMORY 1
+
+/* Enable "none" cipher -- NOT RECOMMENDED */
+#undef LIBSSH2_CRYPT_NONE
+
+/* Enable newer diffie-hellman-group-exchange-sha1 syntax */
+#define LIBSSH2_DH_GEX_NEW 1
+
+/* Compile in zlib support */
+/* #undef LIBSSH2_HAVE_ZLIB */
+
+/* Use libgcrypt */
+#undef LIBSSH2_LIBGCRYPT
+
+/* Enable "none" MAC -- NOT RECOMMENDED */
+#undef LIBSSH2_MAC_NONE
+
+/* Use OpenSSL */
+#undef LIBSSH2_OPENSSL
+
+/* Use Windows CNG */
+#undef LIBSSH2_WINCNG
+
+/* Use OS/400 Qc3 */
+#define LIBSSH2_OS400QC3
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+*/
+#define LT_OBJDIR ".libs/"
+
+/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
+#undef NEED_REENTRANT
+
+/* Name of package */
+#define PACKAGE "libssh2"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "libssh2-devel@cool.haxx.se"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "libssh2"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "libssh2 -"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "libssh2"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "-"
+
+/* If using the C implementation of alloca, define if you know the
+   direction of stack growth for your system; otherwise it will be
+   automatically deduced at runtime.
+	STACK_DIRECTION > 0 => grows toward higher addresses
+	STACK_DIRECTION < 0 => grows toward lower addresses
+	STACK_DIRECTION = 0 => direction of growth unknown */
+#undef STACK_DIRECTION
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Version number of package */
+#define VERSION "-"
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#define WORDS_BIGENDIAN 1
+
+/* Enable large inode numbers on Mac OS X 10.5.  */
+#ifndef _DARWIN_USE_64_BIT_INODE
+# define _DARWIN_USE_64_BIT_INODE 1
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#define inline
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+
+#ifndef LIBSSH2_DISABLE_QADRT_EXT
+/* Remap zlib procedures to ASCII versions. */
+#pragma map(inflateInit_, "_libssh2_os400_inflateInit_")
+#pragma map(deflateInit_, "_libssh2_os400_deflateInit_")
+#endif
+
+#endif
+/* vim: set expandtab ts=4 sw=4: */

os400/libssh2rpg/libssh2_ccsid.rpgle.in

@@ -0,0 +1,69 @@
+      * Copyright (c) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+      * All rights reserved.
+      *
+      * Redistribution and use in source and binary forms,
+      * with or without modification, are permitted provided
+      * that the following conditions are met:
+      *
+      *   Redistributions of source code must retain the above
+      *   copyright notice, this list of conditions and the
+      *   following disclaimer.
+      *
+      *   Redistributions in binary form must reproduce the above
+      *   copyright notice, this list of conditions and the following
+      *   disclaimer in the documentation and/or other materials
+      *   provided with the distribution.
+      *
+      *   Neither the name of the copyright holder nor the names
+      *   of any other contributors may be used to endorse or
+      *   promote products derived from this software without
+      *   specific prior written permission.
+      *
+      * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+      * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+      * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+      * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+      * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+      * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+      * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+      * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+      * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+      * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+      * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+      * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+      * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+      * OF SUCH DAMAGE.
+
+      /if not defined(LIBSSH2_CCSID_H_)
+      /define LIBSSH2_CCSID_H_
+
+      /include "libssh2rpg/libssh2"
+
+     d libssh2_from_ccsid...
+     d                 pr              *   extproc('libssh2_from_ccsid')        char *
+     d  session                        *   value                                LIBSSH2_SESSION *
+     d  cache                          *                                        libssh2_string_cache
+     d                                                                          *(*)
+     d  ccsid                              value like(libssh2_Cushort)
+     d  string                         *   value options(*string)               const char *
+     d  inlen                              value like(libssh2_Cssize_t)
+     d  outlen                             like(libssh2_Csize_t) options(*omit)
+
+     d libssh2_to_ccsid...
+     d                 pr              *   extproc('libssh2_to_ccsid')          char *
+     d  session                        *   value                                LIBSSH2_SESSION *
+     d  cache                          *                                        libssh2_string_cache
+     d                                                                          *(*)
+     d  ccsid                              value like(libssh2_Cushort)
+     d  string                         *   value options(*string)               const char *
+     d  inlen                              value like(libssh2_Cssize_t)
+     d  outlen                             like(libssh2_Csize_t) options(*omit)
+
+     d libssh2_release_string_cache...
+     d                 pr                  extproc(
+     d                                     'libssh2_release_string_cache')
+     d  session                        *   value                                LIBSSH2_SESSION *
+     d  cache                          *                                        libssh2_string_cache
+     d                                                                          *(*)
+
+      /endif                                                                    LIBSSH2_CCSID_H_

os400/libssh2rpg/libssh2_publickey.rpgle

@@ -0,0 +1,141 @@
+      * Copyright (c) 2015, Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+      * All rights reserved.
+      *
+      * Redistribution and use in source and binary forms,
+      * with or without modification, are permitted provided
+      * that the following conditions are met:
+      *
+      *   Redistributions of source code must retain the above
+      *   copyright notice, this list of conditions and the
+      *   following disclaimer.
+      *
+      *   Redistributions in binary form must reproduce the above
+      *   copyright notice, this list of conditions and the following
+      *   disclaimer in the documentation and/or other materials
+      *   provided with the distribution.
+      *
+      *   Neither the name of the copyright holder nor the names
+      *   of any other contributors may be used to endorse or
+      *   promote products derived from this software without
+      *   specific prior written permission.
+      *
+      * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+      * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+      * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+      * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+      * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+      * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+      * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+      * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+      * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+      * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+      * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+      * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+      * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+      * OF SUCH DAMAGE.
+
+      * Note: This include file is only needed for using the
+      * publickey SUBSYSTEM which is not the same as publickey
+      * authentication.  For authentication you only need libssh2.h
+      *
+      * For more information on the publickey subsystem,
+      * refer to IETF draft: secsh-publickey
+
+      /if not defined(LIBSSH2_PUBLICKEY_H_)
+      /define LIBSSH2_PUBLICKEY_H_
+
+      /include "libssh2rpg/libssh2"
+
+     d libssh2_publickey_attribute...
+     d                 ds                  based(######typedef######)
+     d                                     align qualified
+     d  name                           *                                        const char *
+     d  name_len                           like(libssh2_Culong)
+     d  value                          *                                        const char *
+     d  value_len                          like(libssh2_Culong)
+     d  mandatory                          like(libssh2_Cchar)
+
+     d libssh2_publickey_list...
+     d                 ds                  based(######typedef######)
+     d                                     align qualified
+     d  name                           *                                        const char *
+     d  name_len                           like(libssh2_Culong)
+     d  blob                           *                                        const uns char *
+     d  blob_len                           like(libssh2_Culong)
+     d  num_attrs                          like(libssh2_Culong)
+     d  attrs                          *                                        libssh2_publickey...
+     d                                                                          attribute *
+
+      * Publickey Subsystem.
+     d libssh2_publickey_init...
+     d                 pr              *   extproc('libssh2_publickey_init')    LIBSSH2_PUBLICKEY *
+     d  session                        *   value                                LIBSSH2_SESSION *
+
+     d libssh2_publickey_add_ex...
+     d                 pr                  extproc('libssh2_publickey_add_ex')
+     d                                     like(libssh2_Cint)
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+     d  name                           *   value options(*string)               const uns char *
+     d  name_len                           value like(libssh2_Culong)
+     d  blob                           *   value options(*string)               const uns char *
+     d  blob_len                           value like(libssh2_Culong)
+     d  overwrite                          value like(libssh2_Cchar)
+     d  num_attrs                          value like(libssh2_Culong)
+     d  attrs                              likeds(libssh2_publickey_attribute)
+     d                                     dim(1000)
+
+      * C macro implementation.
+     d libssh2_publickey_add...
+     d                 pr                  extproc('libssh2_publickey_add')
+     d                                     like(libssh2_Cint)
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+     d  name                           *   value options(*string)               const unsigned char
+     d                                                                          *
+     d  blob                           *   value options(*string)               const unsigned char
+     d                                                                          *
+     d  blob_len                           value like(libssh2_Culong)
+     d  overwrite                          value like(libssh2_Cchar)
+     d  num_attrs                          value like(libssh2_Culong)
+     d  attrs                              likeds(libssh2_publickey_attribute)
+     d                                     dim(1000)
+
+     d libssh2_publickey_remove_ex...
+     d                 pr                  extproc(
+     d                                     'libssh2_publickey_remove_ex')
+     d                                     like(libssh2_Cint)
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+     d  name                           *   value options(*string)               const uns char *
+     d  name_len                           value like(libssh2_Culong)
+     d  blob                           *   value options(*string)               const uns char *
+     d  blob_len                           value like(libssh2_Culong)
+
+      * C macro implementation.
+     d libssh2_publickey_remove...
+     d                 pr                  extproc('libssh2_publickey_remove')
+     d                                     like(libssh2_Cint)
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+     d  name                           *   value options(*string)               const uns char *
+     d  blob                           *   value options(*string)               const uns char *
+     d  blob_len                           value like(libssh2_Culong)
+
+     d libssh2_publickey_list_fetch...
+     d                 pr                  extproc(
+     d                                     'libssh2_publickey_list_fetch')
+     d                                     like(libssh2_Cint)
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+     d  num_keys                       *   value                                unsigned long *
+     d  pkey_list                      *                                        libssh2_publickey...
+     d                                                                          _list *(*)
+
+     d libssh2_publickey_list_free...
+     d                 pr                  extproc(
+     d                                     'libssh2_publickey_list_free')
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+     d  pkey_list                          likeds(libssh2_publickey_list)
+
+     d libssh2_publickey_shutdown...
+     d                 pr                  extproc('libssh2_publickey_shutdown')
+     d                                     like(libssh2_Cint)
+     d  pkey                           *   value                                LIBSSH2_PUBLICKEY *
+
+      /endif                                                                    LIBSSH2_PUBLICKEY_H_

os400/libssh2rpg/libssh2_sftp.rpgle

@@ -0,0 +1,621 @@
+      * Copyright (c) 2015, Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+      * All rights reserved.
+      *
+      * Redistribution and use in source and binary forms,
+      * with or without modification, are permitted provided
+      * that the following conditions are met:
+      *
+      *   Redistributions of source code must retain the above
+      *   copyright notice, this list of conditions and the
+      *   following disclaimer.
+      *
+      *   Redistributions in binary form must reproduce the above
+      *   copyright notice, this list of conditions and the following
+      *   disclaimer in the documentation and/or other materials
+      *   provided with the distribution.
+      *
+      *   Neither the name of the copyright holder nor the names
+      *   of any other contributors may be used to endorse or
+      *   promote products derived from this software without
+      *   specific prior written permission.
+      *
+      * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+      * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+      * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+      * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+      * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+      * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+      * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+      * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+      * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+      * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+      * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+      * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+      * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+      * OF SUCH DAMAGE.
+
+      /if not defined(LIBSSH2_SFTP_H_)
+      /define LIBSSH2_SFTP_H_
+
+      /include "libssh2rpg/libssh2"
+
+      * Note: Version 6 was documented at the time of writing
+      * However it was marked as "DO NOT IMPLEMENT" due to pending changes
+      *
+      * Let's start with Version 3 (The version found in OpenSSH) and go from
+      * there.
+     d LIBSSH2_SFTP_VERSION...
+     d                 c                   3
+
+      * Flags for open_ex().
+     d LIBSSH2_SFTP_OPENFILE...
+     d                 c                   0
+     d LIBSSH2_SFTP_OPENDIR...
+     d                 c                   1
+
+      * Flags for rename_ex().
+     d LIBSSH2_SFTP_RENAME_OVERWRITE...
+     d                 c                   X'00000001'
+     d LIBSSH2_SFTP_RENAME_ATOMIC...
+     d                 c                   X'00000002'
+     d LIBSSH2_SFTP_RENAME_NATIVE...
+     d                 c                   X'00000004'
+
+      * Flags for stat_ex().
+     d LIBSSH2_SFTP_STAT...
+     d                 c                   0
+     d LIBSSH2_SFTP_LSTAT...
+     d                 c                   1
+     d LIBSSH2_SFTP_SETSTAT...
+     d                 c                   2
+
+      * Flags for symlink_ex().
+     d LIBSSH2_SFTP_SYMLINK...
+     d                 c                   0
+     d LIBSSH2_SFTP_READLINK...
+     d                 c                   1
+     d LIBSSH2_SFTP_REALPATH...
+     d                 c                   2
+
+      * SFTP attribute flag bits.
+     d LIBSSH2_SFTP_ATTR_SIZE...
+     d                 c                   X'00000001'
+     d LIBSSH2_SFTP_ATTR_UIDGID...
+     d                 c                   X'00000002'
+     d LIBSSH2_SFTP_ATTR_PERMISSIONS...
+     d                 c                   X'00000004'
+     d LIBSSH2_SFTP_ATTR_ACMODTIME...
+     d                 c                   X'00000008'
+     d LIBSSH2_SFTP_ATTR_EXTENDED...
+     d                 c                   X'80000000'
+
+      * SFTP statvfs flag bits.
+     d LIBSSH2_SFTP_ST_RDONLY...
+     d                 c                   X'00000001'
+     d LIBSSH2_SFTP_ST_NOSUID...
+     d                 c                   X'00000002'
+
+     d #LIBSSH2_SFTP_ATTRIBUTES...
+     d                 ds                  based(######typedef######)
+     d                                     align qualified
+      * If flags & ATTR_* bit is set, then the value in this struct will be
+      * meaningful Otherwise it should be ignored.
+     d  flags                              like(libssh2_Culong)
+     d  filesize                           like(libssh2_uint64_t)
+     d  uid                                like(libssh2_Culong)
+     d  gid                                like(libssh2_Culong)
+     d  permissions                        like(libssh2_Culong)
+     d  atime                              like(libssh2_Culong)
+     d  mtime                              like(libssh2_Culong)
+
+     d #LIBSSH2_SFTP_STATVFS...
+     d                 ds                  based(######typedef######)
+     d                                     align qualified
+     d  f_bsize                            like(libssh2_uint64_t)               Filesys block size
+     d  f_frsize                           like(libssh2_uint64_t)               Fragment size
+     d  f_blocks                           like(libssh2_uint64_t)               FS size in f_frsize
+     d  f_bfree                            like(libssh2_uint64_t)               Free blocks
+     d  f_bavail                           like(libssh2_uint64_t)               Free blks f. nonroot
+     d  f_files                            like(libssh2_uint64_t)               Inodes
+     d  f_ffree                            like(libssh2_uint64_t)               Free inodes
+     d  f_favail                           like(libssh2_uint64_t)               Free inds f. nonroot
+     d  f_fsid                             like(libssh2_uint64_t)               File system ID
+     d  f_flag                             like(libssh2_uint64_t)               Mount flags
+     d  f_namemax                          like(libssh2_uint64_t)               Max filename length
+
+      * SFTP filetypes.
+     d LIBSSH2_SFTP_TYPE_REGULAR...
+     d                 c                   1
+     d LIBSSH2_SFTP_TYPE_DIRECTORY...
+     d                 c                   2
+     d LIBSSH2_SFTP_TYPE_SYMLINK...
+     d                 c                   3
+     d LIBSSH2_SFTP_TYPE_SPECIAL...
+     d                 c                   4
+     d LIBSSH2_SFTP_TYPE_UNKNOWN...
+     d                 c                   5
+     d LIBSSH2_SFTP_TYPE_SOCKET...
+     d                 c                   6
+     d LIBSSH2_SFTP_TYPE_CHAR_DEVICE...
+     d                 c                   7
+     d LIBSSH2_SFTP_TYPE_BLOCK_DEVICE...
+     d                 c                   8
+     d LIBSSH2_SFTP_TYPE_FIFO...
+     d                 c                   9
+
+      * Reproduce the POSIX file modes here for systems that are not POSIX
+      * compliant.
+      *
+      * These is used in "permissions" of "struct _LIBSSH2_SFTP_ATTRIBUTES"
+
+      * File type.
+     d LIBSSH2_SFTP_S_IFMT...                                                   type of file mask
+     d                 c                   X'F000'
+     d LIBSSH2_SFTP_S_IFIFO...                                                  named pipe (fifo)
+     d                 c                   X'1000'
+     d LIBSSH2_SFTP_S_IFCHR...                                                  character special
+     d                 c                   X'2000'
+     d LIBSSH2_SFTP_S_IFDIR...                                                  directory
+     d                 c                   X'4000'
+     d LIBSSH2_SFTP_S_IFBLK...                                                  block special
+     d                 c                   X'6000'
+     d LIBSSH2_SFTP_S_IFREG...                                                  regular
+     d                 c                   X'8000'
+     d LIBSSH2_SFTP_S_IFLNK...                                                  symbolic link
+     d                 c                   X'A000'
+     d LIBSSH2_SFTP_S_IFSOCK...                                                 socket
+     d                 c                   X'C000'
+
+      * File mode.
+      * Read, write, execute/search by owner.
+     d LIBSSH2_SFTP_S_IRWXU...                                                  RWX mask for owner
+     d                 c                   X'01C0'
+     d LIBSSH2_SFTP_S_IRUSR...                                                  R for owner
+     d                 c                   X'0100'
+     d LIBSSH2_SFTP_S_IWUSR...                                                  W for owner
+     d                 c                   X'0080'
+     d LIBSSH2_SFTP_S_IXUSR...                                                  X for owner
+     d                 c                   X'0040'
+      * Read, write, execute/search by group.
+     d LIBSSH2_SFTP_S_IRWXG...                                                  RWX mask for group
+     d                 c                   X'0038'
+     d LIBSSH2_SFTP_S_IRGRP...                                                  R for group
+     d                 c                   X'0020'
+     d LIBSSH2_SFTP_S_IWGRP...                                                  W for group
+     d                 c                   X'0010'
+     d LIBSSH2_SFTP_S_IXGRP...                                                  X for group
+     d                 c                   X'0008'
+      * Read, write, execute/search by others.
+     d LIBSSH2_SFTP_S_IRWXO...                                                  RWX mask for other
+     d                 c                   X'0007'
+     d LIBSSH2_SFTP_S_IROTH...                                                  R for other
+     d                 c                   X'0004'
+     d LIBSSH2_SFTP_S_IWOTH...                                                  W for other
+     d                 c                   X'0002'
+     d LIBSSH2_SFTP_S_IXOTH...                                                  X for other
+     d                 c                   X'0001'
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISLNK...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISLNK')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISREG...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISREG')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISDIR...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISDIR')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISCHR...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISCHR')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISBLK...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISBLK')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISFIFO...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISFIFO')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * C macro implementation.
+     d LIBSSH2_SFTP_S_ISSOCK...
+     d                 pr                  extproc('LIBSSH2_SFTP_S_ISSOCK')
+     d                                     like(libssh2_Cint)
+     d  permissions                        value like(libssh2_Culong)
+
+      * SFTP File Transfer Flags -- (e.g. flags parameter to sftp_open())
+      * Danger will robinson... APPEND doesn't have any effect on OpenSSH
+      * servers.
+     d LIBSSH2_FXF_READ...
+     d                 c                   X'00000001'
+     d LIBSSH2_FXF_WRITE...
+     d                 c                   X'00000002'
+     d LIBSSH2_FXF_APPEND...
+     d                 c                   X'00000004'
+     d LIBSSH2_FXF_CREAT...
+     d                 c                   X'00000008'
+     d LIBSSH2_FXF_TRUNC...
+     d                 c                   X'00000010'
+     d LIBSSH2_FXF_EXCL...
+     d                 c                   X'00000020'
+
+      * SFTP Status Codes (returned by libssh2_sftp_last_error()).
+     d LIBSSH2_FX_OK...
+     d                 c                   0
+     d LIBSSH2_FX_EOF...
+     d                 c                   1
+     d LIBSSH2_FX_NO_SUCH_FILE...
+     d                 c                   2
+     d LIBSSH2_FX_PERMISSION_DENIED...
+     d                 c                   3
+     d LIBSSH2_FX_FAILURE...
+     d                 c                   4
+     d LIBSSH2_FX_BAD_MESSAGE...
+     d                 c                   5
+     d LIBSSH2_FX_NO_CONNECTION...
+     d                 c                   6
+     d LIBSSH2_FX_CONNECTION_LOST...
+     d                 c                   7
+     d LIBSSH2_FX_OP_UNSUPPORTED...
+     d                 c                   8
+     d LIBSSH2_FX_INVALID_HANDLE...
+     d                 c                   9
+     d LIBSSH2_FX_NO_SUCH_PATH...
+     d                 c                   10
+     d LIBSSH2_FX_FILE_ALREADY_EXISTS...
+     d                 c                   11
+     d LIBSSH2_FX_WRITE_PROTECT...
+     d                 c                   12
+     d LIBSSH2_FX_NO_MEDIA...
+     d                 c                   13
+     d LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM...
+     d                 c                   14
+     d LIBSSH2_FX_QUOTA_EXCEEDED...
+     d                 c                   15
+     d LIBSSH2_FX_UNKNOWN_PRINCIPAL...
+     d                 c                   16
+     d LIBSSH2_FX_LOCK_CONFLICT...
+     d                 c                   17
+     d LIBSSH2_FX_DIR_NOT_EMPTY...
+     d                 c                   18
+     d LIBSSH2_FX_NOT_A_DIRECTORY...
+     d                 c                   19
+     d LIBSSH2_FX_INVALID_FILENAME...
+     d                 c                   20
+     d LIBSSH2_FX_LINK_LOOP...
+     d                 c                   21
+
+      * Returned by any function that would block during a read/write operation.
+     d LIBSSH2SFTP_EAGAIN...
+     d                 c                   -37
+
+      * SFTP API.
+     d libssh2_sftp_init...
+     d                 pr              *   extproc('libssh2_sftp_init')         LIBSSH2_SFTP *
+     d  session                        *   value                                LIBSSH2_SESSION *
+
+     d libssh2_sftp_shutdown...
+     d                 pr                  extproc('libssh2_sftp_shutdown')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+
+     d libssh2_sftp_last_error...
+     d                 pr                  extproc('libssh2_sftp_last_error')
+     d                                     like(libssh2_Culong)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+
+     d libssh2_sftp_get_channel...
+     d                 pr              *   extproc('libssh2_sftp_get_channel')  LIBSSH2_CHANNEL *
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+
+      * File / Directory Ops.
+     d libssh2_sftp_open_ex...
+     d                 pr              *   extproc('libssh2_sftp_open_ex')      LIBSSH2_SFTP_HANDLE*
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  filename                       *   value options(*string)               const char *
+     d  filename_len                       value like(libssh2_Cuint)
+     d  flags                              value like(libssh2_Culong)
+     d  mode                               value like(libssh2_Clong)
+     d  open_type                          value like(libssh2_Cint)
+
+      * C macro implementation.
+     d libssh2_sftp_open...
+     d                 pr              *   extproc('libssh2_sftp_open')         LIBSSH2_SFTP_HANDLE
+     d                                                                          *
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  filename                       *   value options(*string)               const char *
+     d  flags                              value like(libssh2_Culong)
+     d  mode                               value like(libssh2_Clong)
+
+      * C macro libssh2_sftp_opendir implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_open_dir...
+     d                 pr              *   extproc('libssh2_sftp_opendir')      LIBSSH2_SFTP_HANDLE
+     d                                                                          *
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+
+     d libssh2_sftp_read...
+     d                 pr                  extproc('libssh2_sftp_read')
+     d                                     like(libssh2_Cssize_t)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  buffer                         *   value options(*string)               char *
+     d  buffer_maxlen                      value like(libssh2_Csize_t)
+
+     d libssh2_sftp_readdir_ex...
+     d                 pr                  extproc('libssh2_sftp_readdir_ex')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  buffer                         *   value                                char *
+     d  buffer_maxlen                      value like(libssh2_Csize_t)
+     d  longentry                      *   value                                char *
+     d  longentry_maxlen...
+     d                                     value like(libssh2_Csize_t)
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+      * C macro implementation.
+     d libssh2_sftp_readdir...
+     d                 pr                  extproc('libssh2_sftp_readdir')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  buffer                         *   value                                char *
+     d  buffer_maxlen                      value like(libssh2_Csize_t)
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+     d libssh2_sftp_write...
+     d                 pr                  extproc('libssh2_sftp_write')
+     d                                     like(libssh2_Cssize_t)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  buffer                         *   value options(*string)               const char *
+     d  count                              value like(libssh2_Csize_t)
+
+     d libssh2_sftp_fsync...
+     d                 pr                  extproc('libssh2_sftp_fsync')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+     d libssh2_sftp_close_handle...
+     d                 pr                  extproc('libssh2_sftp_close_handle')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+      * C macro implementation.
+     d libssh2_sftp_close...
+     d                 pr                  extproc('libssh2_sftp_close_handle')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+      * C macro implementation.
+     d libssh2_sftp_closedir...
+     d                 pr                  extproc('libssh2_sftp_close_handle')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+     d libssh2_sftp_seek...
+     d                 pr                  extproc('libssh2_sftp_seek')
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  offset                             value like(libssh2_Csize_t)
+
+     d libssh2_sftp_seek64...
+     d                 pr                  extproc('libssh2_sftp_seek64')
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  offset                             value like(libssh2_uint64_t)
+
+      * C macro implementation.
+     d libssh2_sftp_rewind...
+     d                 pr                  extproc('libssh2_sftp_rewind')
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+     d libssh2_sftp_tell...
+     d                 pr                  extproc('libssh2_sftp_tell')
+     d                                     like(libssh2_Csize_t)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+     d libssh2_sftp_tell64...
+     d                 pr                  extproc('libssh2_sftp_tell64')
+     d                                     like(libssh2_uint64_t)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+
+     d libssh2_sftp_fstat_ex...
+     d                 pr                  extproc('libssh2_sftp_fstat_ex')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+     d  setstat                            value like(libssh2_Cint)
+
+      * C macro implementation.
+     d libssh2_sftp_fstat...
+     d                 pr                  extproc('libssh2_sftp_fstat')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+      * C macro implementation.
+     d libssh2_sftp_fsetstat...
+     d                 pr                  extproc('libssh2_sftp_fsetstat')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+      * Miscellaneous Ops.
+     d libssh2_sftp_rename_ex...
+     d                 pr                  extproc('libssh2_sftp_rename_ex')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  source_filename...
+     d                                 *   value options(*string)               const char *
+     d  source_filename_len...
+     d                                     value like(libssh2_Cuint)
+     d  dest_filename                  *   value options(*string)               const char *
+     d  dest_filename_len...
+     d                                     value like(libssh2_Cuint)
+     d  flags                              value like(libssh2_Clong)
+
+      * C macro implementation.
+     d libssh2_sftp_rename...
+     d                 pr                  extproc('libssh2_sftp_rename')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  source_filename...
+     d                                 *   value options(*string)               const char *
+     d  dest_filename                  *   value options(*string)               const char *
+
+     d libssh2_sftp_unlink_ex...
+     d                 pr                  extproc('libssh2_sftp_unlink_ex')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  filename                       *   value options(*string)               const char *
+     d  filename_len                       value like(libssh2_Cuint)
+
+      * C macro implementation.
+     d libssh2_sftp_unlink...
+     d                 pr                  extproc('libssh2_sftp_unlink')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  filename                       *   value options(*string)               const char *
+
+     d libssh2_sftp_fstatvfs...
+     d                 pr                  extproc('libssh2_sftp_fstatvfs')
+     d                                     like(libssh2_Cint)
+     d  handle                         *   value                                LIBSSH2_SFTP_HANDLE*
+     d  st                             *   value                                LIBSSH2_SFTP_STATVFS
+     d                                                                          *
+
+     d libssh2_sftp_statvfs...
+     d                 pr                  extproc('libssh2_sftp_statvfs')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  path_len                           value like(libssh2_Csize_t)
+     d  st                             *   value                                LIBSSH2_SFTP_STATVFS
+     d                                                                          *
+
+     d libssh2_sftp_mkdir_ex...
+     d                 pr                  extproc('libssh2_sftp_mkdir_ex')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  path_len                           value like(libssh2_Cuint)
+     d  mode                               value like(libssh2_Clong)
+
+      * C macro implementation.
+     d libssh2_sftp_mkdir...
+     d                 pr                  extproc('libssh2_sftp_mkdir')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  mode                               value like(libssh2_Clong)
+
+     d libssh2_sftp_rmdir_ex...
+     d                 pr                  extproc('libssh2_sftp_rmdir_ex')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  path_len                           value like(libssh2_Cuint)
+
+      * C macro implementation.
+     d libssh2_sftp_rmdir...
+     d                 pr                  extproc('libssh2_sftp_rmdir')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+
+     d libssh2_sftp_stat_ex...
+     d                 pr                  extproc('libssh2_sftp_stat_ex')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  path_len                           value like(libssh2_Cuint)
+     d  stat_type                          value like(libssh2_Cint)
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+      * C macro libssh2_sftp_stat implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_get_stat...
+     d                 pr                  extproc('libssh2_sftp_stat')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+      * C macro libssh2_sftp_lstat implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_get_lstat...
+     d                 pr                  extproc('libssh2_sftp_lstat')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+      * C macro libssh2_sftp_setstat implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_set_stat...
+     d                 pr                  extproc('libssh2_sftp_setstat')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  attrs                          *   value                                LIBSSH2_SFTP_...
+     d                                                                          ATTRIBUTES *
+
+     d libssh2_sftp_symlink_ex...
+     d                 pr                  extproc('libssh2_sftp_symlink_ex')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  path_len                           value like(libssh2_Cuint)
+     d  target                         *   value options(*string)               char *
+     d  target_len                         value like(libssh2_Cuint)
+     d  link_type                          value like(libssh2_Cint)
+
+      * C macro libssh2_sftp_symlink implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_sym_link...
+     d                 pr                  extproc('libssh2_sftp_symlink')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  orig                           *   value options(*string)               const char *
+     d  linkpath                       *   value options(*string)               char *
+
+      * C macro libssh2_sftp_readlink implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_read_link...
+     d                 pr                  extproc('libssh2_sftp_readlink')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  target                         *   value                                char *
+     d  maxlen                             value like(libssh2_Cuint)
+
+      * C macro libssh2_sftp_realpath implementation.
+      * Renamed to avoid upper/lower case name clash.
+     d libssh2_sftp_real_path...
+     d                 pr                  extproc('libssh2_sftp_realpath')
+     d                                     like(libssh2_Cint)
+     d  sftp                           *   value                                LIBSSH2_SFTP *
+     d  path                           *   value options(*string)               const char *
+     d  target                         *   value                                char *
+     d  maxlen                             value like(libssh2_Cuint)
+
+      /endif                                                                    LIBSSH2_SFTP_H_

os400/macros.h

@@ -0,0 +1,168 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#ifndef LIBSSH2_MACROS_H_
+#define LIBSSH2_MACROS_H_
+
+#include "libssh2.h"
+#include "libssh2_publickey.h"
+#include "libssh2_sftp.h"
+
+/*
+ * Dummy prototypes to generate wrapper procedures to C macros.
+ * This is a helper for languages without a clever preprocessor (ILE/RPG).
+ */
+
+LIBSSH2_API LIBSSH2_SESSION * libssh2_session_init(void);
+LIBSSH2_API int libssh2_session_disconnect(LIBSSH2_SESSION *session,
+                                           const char *description);
+LIBSSH2_API int libssh2_userauth_password(LIBSSH2_SESSION *session,
+                                          const char *username,
+                                          const char *password);
+LIBSSH2_API int
+libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,
+                                    const char *username,
+                                    const char *publickey,
+                                    const char *privatekey,
+                                    const char *passphrase);
+LIBSSH2_API int
+libssh2_userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
+                                    const char *username,
+                                    const char *publickey,
+                                    const char *privatekey,
+                                    const char *passphrase,
+                                    const char *hostname);
+LIBSSH2_API int
+libssh2_userauth_keyboard_interactive(LIBSSH2_SESSION* session,
+                                      const char *username,
+                                      LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC(
+                                                       (*response_callback)));
+LIBSSH2_API LIBSSH2_CHANNEL *
+libssh2_channel_open_session(LIBSSH2_SESSION *session);
+LIBSSH2_API LIBSSH2_CHANNEL *
+libssh2_channel_direct_tcpip(LIBSSH2_SESSION *session, const char *host,
+                             int port);
+LIBSSH2_API LIBSSH2_LISTENER *
+libssh2_channel_forward_listen(LIBSSH2_SESSION *session, int port);
+LIBSSH2_API int
+libssh2_channel_setenv(LIBSSH2_CHANNEL *channel,
+                       const char *varname, const char *value);
+LIBSSH2_API int
+libssh2_channel_request_pty(LIBSSH2_CHANNEL *channel, const char *term);
+LIBSSH2_API int
+libssh2_channel_request_pty_size(LIBSSH2_CHANNEL *channel,
+                                 int width, int height);
+LIBSSH2_API int
+libssh2_channel_x11_req(LIBSSH2_CHANNEL *channel, int screen_number);
+LIBSSH2_API int
+libssh2_channel_shell(LIBSSH2_CHANNEL *channel);
+LIBSSH2_API int
+libssh2_channel_exec(LIBSSH2_CHANNEL *channel, const char *command);
+LIBSSH2_API int
+libssh2_channel_subsystem(LIBSSH2_CHANNEL *channel, const char *subsystem);
+LIBSSH2_API ssize_t
+libssh2_channel_read(LIBSSH2_CHANNEL *channel, char *buf, size_t buflen);
+LIBSSH2_API ssize_t
+libssh2_channel_read_stderr(LIBSSH2_CHANNEL *channel, char *buf, size_t buflen);
+LIBSSH2_API unsigned long
+libssh2_channel_window_read(LIBSSH2_CHANNEL *channel);
+LIBSSH2_API ssize_t
+libssh2_channel_write(LIBSSH2_CHANNEL *channel, const char *buf, size_t buflen);
+LIBSSH2_API ssize_t
+libssh2_channel_write_stderr(LIBSSH2_CHANNEL *channel,
+                             const char *buf, size_t buflen);
+LIBSSH2_API unsigned long
+libssh2_channel_window_write(LIBSSH2_CHANNEL *channel);
+LIBSSH2_API int libssh2_channel_flush(LIBSSH2_CHANNEL *channel);
+LIBSSH2_API int libssh2_channel_flush_stderr(LIBSSH2_CHANNEL *channel);
+LIBSSH2_API LIBSSH2_CHANNEL *
+libssh2_scp_send(LIBSSH2_SESSION *session,
+                 const char *path, int mode, libssh2_int64_t size);
+
+LIBSSH2_API int
+libssh2_publickey_add(LIBSSH2_PUBLICKEY *pkey, const unsigned char *name,
+		      const unsigned char *blob, unsigned long blob_len,
+                      char overwrite, unsigned long num_attrs,
+		      const libssh2_publickey_attribute attrs[]);
+LIBSSH2_API int
+libssh2_publickey_remove(LIBSSH2_PUBLICKEY *pkey, const unsigned char *name,
+                         const unsigned char *blob, unsigned long blob_len);
+
+LIBSSH2_API int LIBSSH2_SFTP_S_ISLNK(unsigned long permissions);
+LIBSSH2_API int LIBSSH2_SFTP_S_ISREG(unsigned long permissions);
+LIBSSH2_API int LIBSSH2_SFTP_S_ISDIR(unsigned long permissions);
+LIBSSH2_API int LIBSSH2_SFTP_S_ISCHR(unsigned long permissions);
+LIBSSH2_API int LIBSSH2_SFTP_S_ISBLK(unsigned long permissions);
+LIBSSH2_API int LIBSSH2_SFTP_S_ISFIFO(unsigned long permissions);
+LIBSSH2_API int LIBSSH2_SFTP_S_ISSOCK(unsigned long permissions);
+LIBSSH2_API LIBSSH2_SFTP_HANDLE *
+libssh2_sftp_open(LIBSSH2_SFTP *sftp, const char *filename,
+                  unsigned long flags, long mode);
+LIBSSH2_API LIBSSH2_SFTP_HANDLE *
+libssh2_sftp_opendir(LIBSSH2_SFTP *sftp, const char *path);
+LIBSSH2_API int libssh2_sftp_readdir(LIBSSH2_SFTP_HANDLE *handle,
+                                     char *buffer, size_t buffer_maxlen,
+                                     LIBSSH2_SFTP_ATTRIBUTES *attrs);
+LIBSSH2_API int libssh2_sftp_close(LIBSSH2_SFTP_HANDLE *handle);
+LIBSSH2_API int libssh2_sftp_closedir(LIBSSH2_SFTP_HANDLE *handle);
+LIBSSH2_API void libssh2_sftp_rewind(LIBSSH2_SFTP_HANDLE *handle);
+LIBSSH2_API int libssh2_sftp_fstat(LIBSSH2_SFTP_HANDLE *handle,
+                                   LIBSSH2_SFTP_ATTRIBUTES *attrs);
+LIBSSH2_API int libssh2_sftp_fsetstat(LIBSSH2_SFTP_HANDLE *handle,
+                                      LIBSSH2_SFTP_ATTRIBUTES *attrs);
+LIBSSH2_API int libssh2_sftp_rename(LIBSSH2_SFTP *sftp,
+                                    const char *source_filename,
+                                    const char *dest_filename);
+LIBSSH2_API int libssh2_sftp_unlink(LIBSSH2_SFTP *sftp, const char *filename);
+LIBSSH2_API int libssh2_sftp_mkdir(LIBSSH2_SFTP *sftp,
+                                   const char *path, long mode);
+LIBSSH2_API int libssh2_sftp_rmdir(LIBSSH2_SFTP *sftp, const char *path);
+LIBSSH2_API int libssh2_sftp_stat(LIBSSH2_SFTP *sftp, const char *path,
+                                  LIBSSH2_SFTP_ATTRIBUTES *attrs);
+LIBSSH2_API int libssh2_sftp_lstat(LIBSSH2_SFTP *sftp, const char *path,
+                                   LIBSSH2_SFTP_ATTRIBUTES *attrs);
+LIBSSH2_API int libssh2_sftp_setstat(LIBSSH2_SFTP *sftp, const char *path,
+                                     LIBSSH2_SFTP_ATTRIBUTES *attrs);
+LIBSSH2_API int libssh2_sftp_symlink(LIBSSH2_SFTP *sftp, const char *orig,
+                                     char *linkpath);
+LIBSSH2_API int libssh2_sftp_readlink(LIBSSH2_SFTP *sftp, const char *path,
+                                      char *target, unsigned int maxlen);
+LIBSSH2_API int libssh2_sftp_realpath(LIBSSH2_SFTP *sftp, const char *path,
+                                      char *target, unsigned int maxlen);
+
+#endif

os400/make-include.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+#       Installation of the header files in the OS/400 library.
+#
+
+SCRIPTDIR=`dirname "${0}"`
+. "${SCRIPTDIR}/initscript.sh"
+cd "${TOPDIR}/include"
+
+
+#       Create the OS/400 source program file for the header files.
+
+SRCPF="${LIBIFSNAME}/H.FILE"
+
+if action_needed "${SRCPF}"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/H) RCDLEN(112)"
+        CMD="${CMD} CCSID(${TGTCCSID}) TEXT('libssh2: Header files')"
+        system "${CMD}"
+fi
+
+
+#       Create the IFS directory for the header files.
+
+IFSINCLUDE="${IFSDIR}/include"
+
+if action_needed "${IFSINCLUDE}"
+then    mkdir -p "${IFSINCLUDE}"
+fi
+
+
+copy_hfile()
+
+{
+        destfile="${1}"
+        srcfile="${2}"
+        shift
+        shift
+        sed -e '1i\
+#pragma datamodel(P128)\
+' "${@}" -e '$a\
+#pragma datamodel(pop)\
+' < "${srcfile}" > "${destfile}"
+}
+
+#       Copy the header files.
+
+for HFILE in *.h "${TOPDIR}/os400/libssh2_ccsid.h"
+do      DEST="${SRCPF}/`db2_name \"${HFILE}\"`.MBR"
+
+        if action_needed "${DEST}" "${HFILE}"
+        then    copy_hfile "${DEST}" "${HFILE}"
+                IFSDEST="${IFSINCLUDE}/`basename \"${HFILE}\"`"
+                rm -f "${IFSDEST}"
+                ln -s "${DEST}" "${IFSDEST}"
+        fi
+done

os400/make-rpg.sh

@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+#       Installation of the ILE/RPG header files in the OS/400 library.
+#
+
+SCRIPTDIR=`dirname "${0}"`
+. "${SCRIPTDIR}/initscript.sh"
+cd "${TOPDIR}/os400/libssh2rpg"
+
+
+#       Create the OS/400 source program file for the ILE/RPG header files.
+
+SRCPF="${LIBIFSNAME}/LIBSSH2RPG.FILE"
+
+if action_needed "${SRCPF}"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/LIBSSH2RPG) RCDLEN(112)"
+        CMD="${CMD} CCSID(${TGTCCSID}) TEXT('libssh2: ILE/RPG header files')"
+        system "${CMD}"
+fi
+
+
+#       Map file names to DB2 name syntax.
+
+for HFILE in *.rpgle *.rpgle.in
+do      NAME="`basename \"${HFILE}\" .in`"
+        VAR="`basename \"${NAME}\" .rpgle`"
+        VAL="`db2_name \"${NAME}\"`"
+
+        eval "VAR_${VAR}=\"${VAL}\""
+        echo "${VAR} s/${VAR}/${VAL}/g"
+done > tmpsubstfile1
+
+#       Order substitution commands so that a prefix appears after all
+#               file names beginning with the prefix.
+
+sort -r tmpsubstfile1 | sed 's/^[^ ]*[ ]*//' > tmpsubstfile2
+
+
+change_include()
+
+{
+        sed -e '\#^....../include  *"libssh2rpg/#{'                     \
+            -e 's///'                                                   \
+            -e 's/".*//'                                                \
+            -f tmpsubstfile2                                            \
+            -e 's#.*#      /include libssh2rpg,&#'                      \
+            -e '}'
+}
+
+
+#       Create the IFS directory for the ILE/RPG header files.
+
+RPGIFSDIR="${IFSDIR}/include/libssh2rpg"
+
+if action_needed "${RPGIFSDIR}"
+then    mkdir -p "${RPGIFSDIR}"
+fi
+
+#       Copy the header files to IFS ILE/RPG include directory.
+#       Copy them with include path editing to the DB2 library.
+
+for HFILE in *.rpgle *.rpgle.in
+do      IFSCMD="cat \"${HFILE}\""
+        DB2CMD="change_include < \"${HFILE}\""
+        IFSFILE="`basename \"${HFILE}\" .in`"
+
+        case "${HFILE}" in
+
+        *.in)   IFSCMD="${IFSCMD} | versioned_copy"
+                DB2CMD="${DB2CMD} | versioned_copy"
+                ;;
+        esac
+
+        IFSDEST="${RPGIFSDIR}/${IFSFILE}"
+
+        if action_needed "${IFSDEST}" "${HFILE}"
+        then    eval "${IFSCMD}" > "${IFSDEST}"
+        fi
+
+        eval DB2MBR="\"\${VAR_`basename \"${IFSDEST}\" .rpgle`}\""
+        DB2DEST="${SRCPF}/${DB2MBR}.MBR"
+
+        if action_needed "${DB2DEST}" "${HFILE}"
+        then    eval "${DB2CMD}" | change_include > tmphdrfile
+
+                #       Need to translate to target CCSID.
+
+                CMD="CPY OBJ('`pwd`/tmphdrfile') TOOBJ('${DB2DEST}')"
+                CMD="${CMD} TOCCSID(${TGTCCSID}) DTAFMT(*TEXT) REPLACE(*YES)"
+                system "${CMD}"
+        fi
+done

os400/make-src.sh

@@ -0,0 +1,208 @@
+#!/bin/sh
+#
+#       libssh2 compilation script for the OS/400.
+#
+
+SCRIPTDIR=`dirname "${0}"`
+. "${SCRIPTDIR}/initscript.sh"
+cd "${TOPDIR}/src"
+
+
+#       Function to extract external prototypes from header files.
+#       Input: concatenated header files.
+#       Output: external prototypes, one per (long) line.
+
+extproto()
+{
+        sed -e 'x;G;s/^\n//;s/\n/ /g'                                   \
+            -e 's#[[:space:]]*/\*[^*]*\(\*\([^/*][^*]*\)\{0,1\}\)*\*/[[:space:]]*##g' \
+            -e 'h'                                                      \
+            -e '/\/\*/!{'                                               \
+            -e '/^#/{s/^.*[^\\]$//;h;d'                                 \
+            -e '}'                                                      \
+            -e 's/[{}]/;/g;s/\\$//'                                     \
+            -e ':loop1'                                                 \
+            -e '/;/{'                                                   \
+            -e 's/^[^;]*;//;x;s/;.*//'                                  \
+            -e '/^[[:space:]]*LIBSSH2_API[[:space:]].*(/{'              \
+            -e 's/^[[:space:]]*LIBSSH2_API[[:space:]]*//'               \
+            -e 's/[[:space:]]*$//'                                      \
+            -e 's/[[:space:]][[:space:]]*/ /g'                          \
+            -e 'p'                                                      \
+            -e '}'                                                      \
+            -e 'g;bloop1'                                               \
+            -e '}'                                                      \
+            -e '}'                                                      \
+            -n
+}
+
+#       Need to have IFS access to the mih/modasa header file.
+
+if action_needed modasa.mih '/QSYS.LIB/QSYSINC.LIB/MIH.FILE/MODASA.MBR'
+then    rm -f modasa.mih
+        ln -s '/QSYS.LIB/QSYSINC.LIB/MIH.FILE/MODASA.MBR' modasa.mih
+fi
+
+
+#      Create and compile the identification source file.
+
+echo '#pragma comment(user, "libssh2 version '"${LIBSSH2_VERSION}"'")' > os400.c
+echo '#pragma comment(user, __DATE__)' >> os400.c
+echo '#pragma comment(user, __TIME__)' >> os400.c
+echo '#pragma comment(copyright, "See COPYING file. OS/400 version by P. Monnerat")' >> os400.c
+make_module     OS400           os400.c
+LINK=                           # No need to rebuild service program yet.
+MODULES=
+
+
+#       Generate the procedures implementing macros.
+
+if action_needed macros.c "${TOPDIR}/os400/macros.h"
+then    (
+                echo '#include "libssh2_publickey.h"'
+                echo '#include "libssh2_sftp.h"'
+                extproto < "${TOPDIR}/os400/macros.h"                   |
+                sed -e 'h;s/^[^(]*[ *]\([^ (]*\) *(.*/\1/'              \
+                    -e 's/.*/#pragma map(_&, "&")/;p'                   \
+                    -e 'g;s/^\([^(]*[ *]\)\([^ (]*\)\( *(.*\)/\1_\2\3 {/;p' \
+                    -e 'g;s/^[^(]*(\(.*\))$/,\1,/;s/[^A-Za-z0-9_,]/ /g' \
+                    -e 's/  *,/,/g;s/,[^,]* \([^ ,]*\)/,\1/g'           \
+                    -e 's/ //g;s/^,void,$/,,/'                          \
+                    -e 's/^,\(.*\),$/(\1); }/;s/,/, /g'                 \
+                    -e 'x;s/(.*//;s/ *$//;G;s/\n//g'                    \
+                    -e 's/^void\([ *]\)/\1/;s/^ *//'                    \
+                    -e 's/^[^(]*[ *]\([A-Za-z][A-Za-z0-9_]* *(\)/return \1/' \
+                    -e 's/.*/    &/'
+        ) > macros.c
+fi
+
+#       Get source list.
+
+cat ../Makefile.inc ../Makefile.os400qc3.inc                            |
+  sed -e ':begin'                                                       \
+    -e '/\\$/{'                                                         \
+    -e 's/\\$/ /'                                                       \
+    -e 'N'                                                              \
+    -e 'bbegin'                                                         \
+    -e '}'                                                              \
+    -e 's/\n//g'                                                        \
+    -e 's/[[:space:]]*$//'                                              \
+    -e 's/^\([A-Za-z][A-Za-z0-9_]*\)[[:space:]]*=[[:space:]]*\(.*\)/\1="\2"/' \
+    -e 's/\$(\([A-Za-z][A-Za-z0-9_]*\))/${\1}/g'                        \
+        > tmpscript.sh
+. ./tmpscript.sh
+
+
+#       Compile the sources into modules.
+
+INCLUDES="'`pwd`'"
+
+for SRC in "${TOPDIR}/os400/os400sys.c" "${TOPDIR}/os400/ccsid.c"       \
+           ${CSOURCES} ${CRYPTO_CSOURCES} macros.c
+do      MODULE=`db2_name "${SRC}"`
+        make_module "${MODULE}" "${SRC}"
+done
+
+
+#       If needed, (re)create the static binding directory.
+
+if action_needed "${LIBIFSNAME}/${STATBNDDIR}.BNDDIR"
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    rm -rf "${LIBIFSNAME}/${STATBNDDIR}.BNDDIR"
+        CMD="CRTBNDDIR BNDDIR(${TARGETLIB}/${STATBNDDIR})"
+        CMD="${CMD} TEXT('libssh2 API static binding directory')"
+        system "${CMD}"
+
+        for MODULE in ${MODULES}
+        do      CMD="ADDBNDDIRE BNDDIR(${TARGETLIB}/${STATBNDDIR})"
+                CMD="${CMD} OBJ((${TARGETLIB}/${MODULE} *MODULE))"
+                system "${CMD}"
+        done
+
+#       V6R1M0 does not list system service program QC3PBEXT in the
+#       implicit binding directory: thus we add it here in ours.
+
+        CMD="ADDBNDDIRE BNDDIR(${TARGETLIB}/${STATBNDDIR})"
+        CMD="${CMD} OBJ((QSYS/QC3PBEXT *SRVPGM))"
+        system "${CMD}"
+fi
+
+
+#       The exportation file for service program creation must be in a DB2
+#               source file, so make sure it exists.
+
+if action_needed "${LIBIFSNAME}/TOOLS.FILE"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/TOOLS) RCDLEN(112)"
+        CMD="${CMD} TEXT('libssh2: build tools')"
+        system "${CMD}"
+fi
+
+
+#       Gather the list of symbols to export.
+
+EXPORTS=`cat "${TOPDIR}"/include/*.h "${TOPDIR}/os400/macros.h"         \
+             "${TOPDIR}/os400/libssh2_ccsid.h"                          |
+         extproto                                                       |
+         sed -e 's/(.*//;s/[^A-Za-z0-9_]/ /g;s/ *$//;s/^.* //'`
+
+#       Create the service program exportation file in DB2 member if needed.
+
+BSF="${LIBIFSNAME}/TOOLS.FILE/BNDSRC.MBR"
+
+if action_needed "${BSF}" Makefile.am
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    echo " STRPGMEXP PGMLVL(*CURRENT) SIGNATURE('LIBSSH2_${SONAME}')" \
+            > "${BSF}"
+        for EXPORT in ${EXPORTS}
+        do      echo ' EXPORT    SYMBOL("'"${EXPORT}"'")' >> "${BSF}"
+        done
+
+        echo ' ENDPGMEXP' >> "${BSF}"
+fi
+
+
+#       Build the service program if needed.
+
+if action_needed "${LIBIFSNAME}/${SRVPGM}.SRVPGM"
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    CMD="CRTSRVPGM SRVPGM(${TARGETLIB}/${SRVPGM})"
+        CMD="${CMD} SRCFILE(${TARGETLIB}/TOOLS) SRCMBR(BNDSRC)"
+        CMD="${CMD} MODULE(${TARGETLIB}/OS400)"
+        CMD="${CMD} BNDDIR(${TARGETLIB}/${STATBNDDIR}"
+        if [ "${WITH_ZLIB}" != 0 ]
+        then    CMD="${CMD} ${ZLIB_LIB}/${ZLIB_BNDDIR}"
+                liblist -a "${ZLIB_LIB}"
+        fi
+        CMD="${CMD})"
+        CMD="${CMD} BNDSRVPGM(QADRTTS)"
+        CMD="${CMD} TEXT('libssh2 API library')"
+        CMD="${CMD} TGTRLS(${TGTRLS})"
+        system "${CMD}"
+        LINK=YES
+fi
+
+
+#       If needed, (re)create the dynamic binding directory.
+
+if action_needed "${LIBIFSNAME}/${DYNBNDDIR}.BNDDIR"
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    rm -rf "${LIBIFSNAME}/${DYNBNDDIR}.BNDDIR"
+        CMD="CRTBNDDIR BNDDIR(${TARGETLIB}/${DYNBNDDIR})"
+        CMD="${CMD} TEXT('libssh2 API dynamic binding directory')"
+        system "${CMD}"
+        CMD="ADDBNDDIRE BNDDIR(${TARGETLIB}/${DYNBNDDIR})"
+        CMD="${CMD} OBJ((*LIBL/${SRVPGM} *SRVPGM))"
+        system "${CMD}"
+fi

os400/make.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+#       libssh2 compilation script for the OS/400.
+#
+#
+#       This is a shell script since make is not a standard component of OS/400.
+
+SCRIPTDIR=`dirname "${0}"`
+. "${SCRIPTDIR}/initscript.sh"
+cd "${TOPDIR}"
+
+
+#       Create the OS/400 library if it does not exist.
+
+if action_needed "${LIBIFSNAME}"
+then    CMD="CRTLIB LIB(${TARGETLIB}) TEXT('libssh2: SSH2 protocol API')"
+        system "${CMD}"
+fi
+
+
+#       Create the DOCS source file if it does not exist.
+
+if action_needed "${LIBIFSNAME}/DOCS.FILE"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/DOCS) RCDLEN(240)"
+        CMD="${CMD} CCSID(${TGTCCSID}) TEXT('Documentation texts')"
+        system "${CMD}"
+fi
+
+
+#       Copy some documentation files if needed.
+
+for TEXT in "${TOPDIR}/COPYING" "${SCRIPTDIR}/README400"                \
+    "${TOPDIR}/NEWS" "${TOPDIR}/README" "${TOPDIR}/docs/AUTHORS"        \
+    "${TOPDIR}/docs/BINDINGS"
+do      MEMBER="${LIBIFSNAME}/DOCS.FILE/`db2_name \"${TEXT}\"`.MBR"
+
+        if action_needed "${MEMBER}" "${TEXT}"
+        then    CMD="CPY OBJ('${TEXT}') TOOBJ('${MEMBER}') TOCCSID(${TGTCCSID})"
+                CMD="${CMD} DTAFMT(*TEXT) REPLACE(*YES)"
+                system "${CMD}"
+        fi
+done
+
+
+#       Build in each directory.
+
+for SUBDIR in include rpg src
+do      "${SCRIPTDIR}/make-${SUBDIR}.sh"
+done

os400/os400sys.c

@@ -0,0 +1,218 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* OS/400 additional support. */
+
+#define LIBSSH2_DISABLE_QADRT_EXT
+
+#include "libssh2_priv.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <alloca.h>
+#include <netdb.h>
+#include <qadrt.h>
+#include <errno.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#ifdef LIBSSH2_HAVE_ZLIB
+# include <zlib.h>
+#endif
+
+
+/**
+***     QADRT OS/400 ASCII runtime defines only the most used procedures, but
+***             a lot of them are not supported. This module implements
+***             ASCII wrappers for those that are used by libssh2, but not
+***             defined by QADRT.
+**/
+
+#pragma convert(37)                             /* Restore EBCDIC. */
+
+
+static int
+convert_sockaddr(struct sockaddr_storage * dstaddr,
+                                const struct sockaddr * srcaddr, int srclen)
+
+{
+  const struct sockaddr_un * srcu;
+  struct sockaddr_un * dstu;
+  unsigned int i;
+  unsigned int dstsize;
+
+  /* Convert a socket address into job CCSID, if needed. */
+
+  if(!srcaddr || srclen < offsetof(struct sockaddr, sa_family) +
+     sizeof srcaddr->sa_family || srclen > sizeof *dstaddr) {
+    errno = EINVAL;
+    return -1;
+    }
+
+  memcpy((char *) dstaddr, (char *) srcaddr, srclen);
+
+  switch (srcaddr->sa_family) {
+
+  case AF_UNIX:
+    srcu = (const struct sockaddr_un *) srcaddr;
+    dstu = (struct sockaddr_un *) dstaddr;
+    dstsize = sizeof *dstaddr - offsetof(struct sockaddr_un, sun_path);
+    srclen -= offsetof(struct sockaddr_un, sun_path);
+    i = QadrtConvertA2E(dstu->sun_path, srcu->sun_path, dstsize - 1, srclen);
+    dstu->sun_path[i] = '\0';
+    i += offsetof(struct sockaddr_un, sun_path);
+    srclen = i;
+    }
+
+  return srclen;
+}
+
+
+int
+_libssh2_os400_connect(int sd, struct sockaddr * destaddr, int addrlen)
+
+{
+  int i;
+  struct sockaddr_storage laddr;
+
+  i = convert_sockaddr(&laddr, destaddr, addrlen);
+
+  if(i < 0)
+    return -1;
+
+  return connect(sd, (struct sockaddr *) &laddr, i);
+}
+
+
+int
+_libssh2_os400_vsnprintf(char *dst, size_t len, const char *fmt, va_list args)
+{
+    size_t l = 4096;
+    int i;
+    char *buf;
+
+    if (!dst || !len) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    if (l < len)
+        l = len;
+
+    buf = alloca(l);
+
+    if (!buf) {
+        errno = ENOMEM;
+        return -1;
+    }
+
+    i = vsprintf(buf, fmt, args);
+
+    if (i < 0)
+        return i;
+
+    if (--len > i)
+        len = i;
+
+    if (len)
+        memcpy(dst, buf, len);
+
+    dst[len] = '\0';
+    return len;
+}
+
+/* VARARGS3 */
+int
+_libssh2_os400_snprintf(char *dst, size_t len, const char *fmt, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, fmt);
+    ret = _libssh2_os400_vsnprintf(dst, len, fmt, args);
+    va_end(args);
+    return ret;
+}
+
+
+#ifdef LIBSSH2_HAVE_ZLIB
+int
+_libssh2_os400_inflateInit_(z_streamp strm,
+                            const char *version, int stream_size)
+{
+    char *ebcversion;
+    int i;
+
+    if (!version)
+        return Z_VERSION_ERROR;
+    i = strlen(version);
+    ebcversion = alloca(i + 1);
+    if (!ebcversion)
+        return Z_VERSION_ERROR;
+    i = QadrtConvertA2E(ebcversion, version, i, i - 1);
+    ebcversion[i] = '\0';
+    return inflateInit_(strm, ebcversion, stream_size);
+}
+
+int
+_libssh2_os400_deflateInit_(z_streamp strm, int level,
+                            const char *version, int stream_size)
+{
+    char *ebcversion;
+    int i;
+
+    if (!version)
+        return Z_VERSION_ERROR;
+    i = strlen(version);
+    ebcversion = alloca(i + 1);
+    if (!ebcversion)
+        return Z_VERSION_ERROR;
+    i = QadrtConvertA2E(ebcversion, version, i, i - 1);
+    ebcversion[i] = '\0';
+    return deflateInit_(strm, level, ebcversion, stream_size);
+}
+
+#endif

src/CMakeLists.txt

@@ -0,0 +1,398 @@
+# Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CheckFunctionExists)
+include(CheckSymbolExists)
+include(CheckFunctionExistsMayNeedLibrary)
+include(CheckIncludeFiles)
+include(CheckTypeSize)
+include(CheckSymbolExists)
+include(CheckNonblockingSocketSupport)
+include(SocketLibraries)
+
+## Cryptography backend choice
+
+set(CRYPTO_BACKEND
+  ""
+  CACHE
+  STRING
+  "The backend to use for cryptography: OpenSSL, Libgcrypt or WinCNG,
+or empty to try any available")
+
+# If the crypto backend was given, rather than searching for the first
+# we are able to find, the find_package commands must abort configuration
+# and report to the user.
+if(CRYPTO_BACKEND)
+  set(SPECIFIC_CRYPTO_REQUIREMENT REQUIRED)
+endif()
+
+if(CRYPTO_BACKEND STREQUAL "OpenSSL" OR NOT CRYPTO_BACKEND)
+
+  find_package(OpenSSL ${SPECIFIC_CRYPTO_REQUIREMENT})
+
+  if(OPENSSL_FOUND)
+    set(CRYPTO_BACKEND "OpenSSL")
+    set(CRYPTO_SOURCES openssl.c openssl.h)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_OPENSSL)
+    list(APPEND PRIVATE_INCLUDE_DIRECTORIES ${OPENSSL_INCLUDE_DIR})
+    list(APPEND LIBRARIES ${OPENSSL_LIBRARIES})
+    list(APPEND PC_REQUIRES_PRIVATE libssl libcrypto)
+
+    if (WIN32)
+      find_file(DLL_LIBEAY32
+	NAMES libeay32.dll crypto.dll
+        HINTS ${_OPENSSL_ROOT_HINTS} PATHS ${_OPENSSL_ROOT_PATHS}
+        PATH_SUFFIXES bin)
+      if (NOT DLL_LIBEAY32)
+        message(WARNING
+          "Unable to find OpenSSL libeay32 DLL, executables may not run")
+      endif()
+
+      find_file(DLL_SSLEAY32
+        NAMES ssleay32.dll ssl.dll
+        HINTS ${_OPENSSL_ROOT_HINTS} PATHS ${_OPENSSL_ROOT_PATHS}
+        PATH_SUFFIXES bin)
+      if (NOT DLL_SSLEAY32)
+        message(WARNING
+          "Unable to find OpenSSL ssleay32 DLL, executables may not run")
+      endif()
+
+      if(DLL_LIBEAY32 AND DLL_SSLEAY32)
+        list(APPEND _RUNTIME_DEPENDENCIES ${DLL_LIBEAY32} ${DLL_SSLEAY32})
+      endif()
+    endif()
+
+    # Not all OpenSSL have AES-CTR functions.
+    set(SAVE_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
+    check_function_exists(EVP_aes_128_ctr HAVE_EVP_AES_128_CTR)
+    set(CMAKE_REQUIRED_LIBRARIES ${SAVE_CMAKE_REQUIRED_LIBRARIES})
+  endif()
+endif()
+
+if(CRYPTO_BACKEND STREQUAL "Libgcrypt" OR NOT CRYPTO_BACKEND)
+
+  find_package(Libgcrypt ${SPECIFIC_CRYPTO_REQUIREMENT})
+
+  if(LIBGCRYPT_FOUND)
+    set(CRYPTO_BACKEND "Libgcrypt")
+    set(CRYPTO_SOURCES libgcrypt.c libgcrypt.h)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_LIBGCRYPT)
+    list(APPEND PRIVATE_INCLUDE_DIRECTORIES ${LIBGCRYPT_INCLUDE_DIRS})
+    list(APPEND LIBRARIES ${LIBGCRYPT_LIBRARIES})
+    list(APPEND PC_LIBS -lgcrypt)
+  endif()
+endif()
+
+if(CRYPTO_BACKEND STREQUAL "WinCNG" OR NOT CRYPTO_BACKEND)
+
+  # The check actually compiles the header.  This requires windows.h.
+  check_include_files("windows.h;bcrypt.h" HAVE_BCRYPT_H)
+
+  if(HAVE_BCRYPT_H)
+    set(CRYPTO_BACKEND "WinCNG")
+    set(CRYPTO_SOURCES wincng.c wincng.h)
+    list(APPEND PRIVATE_COMPILE_DEFINITIONS LIBSSH2_WINCNG)
+
+    set(HAVE_LIBCRYPT32 TRUE)
+    list(APPEND LIBRARIES bcrypt)
+    list(APPEND PC_LIBS -lbcrypt)
+
+    check_include_files(ntdef.h HAVE_NTDEF_H)
+    check_include_files(ntstatus.h HAVE_NTSTATUS_H)
+
+    # Reading keys from files is optional and depends on Wincrypt
+    check_include_files("windows.h;wincrypt.h" HAVE_WINCRYPT_H)
+
+    if(HAVE_WINCRYPT_H)
+      list(APPEND LIBRARIES crypt32)
+      list(APPEND PC_LIBS -lcrypt32)
+    endif()
+
+  elseif(${SPECIFIC_CRYPTO_REQUIREMENT} STREQUAL ${REQUIRED})
+    message(FATAL_ERROR "WinCNG not available")
+  endif()
+endif()
+
+if(NOT CRYPTO_BACKEND)
+  message(FATAL_ERROR "No suitable cryptography backend found.")
+endif()
+
+## Library definition
+
+include(GNUInstallDirs)
+set(SOURCES
+  ${CRYPTO_SOURCES}
+  agent.c
+  channel.c
+  channel.h
+  comp.c
+  comp.h
+  crypt.c
+  crypto.h
+  global.c
+  hostkey.c
+  keepalive.c
+  kex.c
+  knownhost.c
+  libssh2_priv.h
+  mac.c
+  mac.h
+  misc.c
+  misc.h
+  packet.c
+  packet.h
+  pem.c
+  publickey.c
+  scp.c
+  session.c
+  session.h
+  sftp.c
+  sftp.h
+  transport.c
+  transport.h
+  userauth.c
+  userauth.h
+  version.c)
+
+if(WIN32)
+  list(APPEND SOURCES ${PROJECT_SOURCE_DIR}/win32/libssh2.rc)
+endif()
+
+add_library(libssh2 ${SOURCES})
+# we want it to be called libssh2 on all platforms
+set_target_properties(libssh2 PROPERTIES PREFIX "")
+
+target_compile_definitions(libssh2 PRIVATE ${PRIVATE_COMPILE_DEFINITIONS})
+target_include_directories(libssh2
+  PRIVATE ${PRIVATE_INCLUDE_DIRECTORIES}
+  PUBLIC
+    $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include>
+    $<INSTALL_INTERFACE:$<INSTALL_PREFIX>/${CMAKE_INSTALL_INCLUDEDIR}>)
+
+## Options
+
+add_feature_info("Shared library" BUILD_SHARED_LIBS
+  "creating libssh2 as a shared library (.so/.dll)")
+
+option(ENABLE_ZLIB_COMPRESSION "Use zlib for compression")
+add_feature_info(Compression ENABLE_ZLIB_COMPRESSION
+  "using zlib for compression")
+if(ENABLE_ZLIB_COMPRESSION)
+  find_package(ZLIB REQUIRED)
+
+  target_include_directories(libssh2 PRIVATE ${ZLIB_INCLUDE_DIRS})
+  list(APPEND LIBRARIES ${ZLIB_LIBRARIES})
+  list(APPEND PC_REQUIRES_PRIVATE zlib)
+  if(ZLIB_FOUND)
+    target_compile_definitions(libssh2 PRIVATE LIBSSH2_HAVE_ZLIB=1)
+  endif()
+endif()
+
+option(ENABLE_CRYPT_NONE "Permit \"none\" cipher -- NOT RECOMMENDED")
+add_feature_info("\"none\" cipher" ENABLE_CRYPT_NONE "")
+if(ENABLE_CRYPT_NONE)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_CRYPT_NONE=1)
+endif()
+
+option(ENABLE_MAC_NONE "Permit \"none\" MAC -- NOT RECOMMMENDED")
+add_feature_info("\"none\" MAC" ENABLE_MAC_NONE "")
+if(ENABLE_MAC_NONE)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_MAC_NONE=1)
+endif()
+
+option(ENABLE_GEX_NEW
+  "Enable diffie-hellman-group-exchange-sha1 method" ON)
+add_feature_info("diffie-hellman-group-exchange-sha1" ENABLE_GEX_NEW
+  "\"new\" diffie-hellman-group-exchange-sha1 method")
+if(ENABLE_GEX_NEW)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_DH_GEX_NEW=1)
+endif()
+
+# Enable debugging logging by default if the user configured a debug build
+if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+  set(DEBUG_LOGGING_DEFAULT ON)
+else()
+  set(DEBUG_LOGGING_DEFAULT OFF)
+endif()
+option(ENABLE_DEBUG_LOGGING "log execution with debug trace"
+  ${DEBUG_LOGGING_DEFAULT})
+add_feature_info(Logging ENABLE_DEBUG_LOGGING
+   "Logging of execution with debug trace")
+if(ENABLE_DEBUG_LOGGING)
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2DEBUG)
+endif()
+
+## Platform checks
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(stdlib.h HAVE_STDLIB_H)
+check_include_files(sys/select.h HAVE_SYS_SELECT_H)
+
+check_include_files(sys/uio.h HAVE_SYS_UIO_H)
+check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
+check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H)
+check_include_files(sys/time.h HAVE_SYS_TIME_H)
+check_include_files(sys/un.h HAVE_SYS_UN_H)
+check_include_files(windows.h HAVE_WINDOWS_H)
+check_include_files(ws2tcpip.h HAVE_WS2TCPIP_H)
+check_include_files(winsock2.h HAVE_WINSOCK2_H)
+
+check_type_size("long long" LONGLONG)
+
+if(HAVE_SYS_TIME_H)
+  check_symbol_exists(gettimeofday sys/time.h HAVE_GETTIMEOFDAY)
+else()
+  check_function_exists(gettimeofday HAVE_GETTIMEOFDAY)
+endif()
+if(HAVE_STDLIB_H)
+  check_symbol_exists(strtoll stdlib.h HAVE_STRTOLL)
+else()
+  check_function_exists(strtoll HAVE_STRTOLL)
+endif()
+if (NOT HAVE_STRTOLL)
+  # Try _strtoi64 if strtoll isn't available
+  check_symbol_exists(_strtoi64 stdlib.h HAVE_STRTOI64)
+endif()
+check_symbol_exists(snprintf stdio.h HAVE_SNPRINTF)
+
+if(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin" OR
+   ${CMAKE_SYSTEM_NAME} STREQUAL "Interix")
+  # poll() does not work on these platforms
+  #
+  # Interix: "does provide poll(), but the implementing developer must
+  # have been in a bad mood, because poll() only works on the /proc
+  # filesystem here"
+  #
+  # Mac OS X's poll has funny behaviors, like:
+  # not being able to do poll on no fildescriptors (10.3?)
+  # not being able to poll on some files (like anything in /dev)
+  # not having reliable timeout support
+  # inconsistent return of POLLHUP where other implementations give POLLIN
+  message("poll use is disabled on this platform")
+else()
+  check_function_exists(poll HAVE_POLL)
+endif()
+
+append_needed_socket_libraries(LIBRARIES)
+
+# Non-blocking socket support tests.  Must be after after library tests to
+# link correctly
+set(SAVE_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
+set(CMAKE_REQUIRED_LIBRARIES ${LIBRARIES})
+check_nonblocking_socket_support()
+set(CMAKE_REQUIRED_LIBRARIES ${SAVE_CMAKE_REQUIRED_LIBRARIES})
+
+configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in
+  ${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h)
+# to find generated header
+target_include_directories(libssh2 PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+
+# Check for the OS.
+# Daniel's note: this should not be necessary and we need to work to
+# get this removed.
+if(${CMAKE_SYSTEM_NAME} STREQUAL "Windows")
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_WIN32)
+elseif(${CMAKE_SYSTEM_NAME} STREQUAL "Darwin")
+  target_compile_definitions(libssh2 PRIVATE LIBSSH2_DARWIN)
+endif()
+
+if(CMAKE_VERSION VERSION_LESS "2.8.12")
+  # Fall back to over-linking dependencies
+  target_link_libraries(libssh2 ${LIBRARIES})
+else()
+  target_link_libraries(libssh2 PRIVATE ${LIBRARIES})
+endif()
+
+## Installation
+
+install(FILES
+  ${PROJECT_SOURCE_DIR}/include/libssh2.h
+  ${PROJECT_SOURCE_DIR}/include/libssh2_publickey.h
+  ${PROJECT_SOURCE_DIR}/include/libssh2_sftp.h
+  DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
+
+install(TARGETS libssh2
+  EXPORT Libssh2Config
+  RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+  LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+  ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
+
+if(BUILD_SHARED_LIBS)
+  list(APPEND _RUNTIME_DEPENDENCIES $<TARGET_FILE:libssh2>)
+endif()
+
+set(RUNTIME_DEPENDENCIES ${_RUNTIME_DEPENDENCIES} CACHE INTERNAL
+    "Files that must be in the same directory as the executables at runtime.")
+
+# Package config
+
+## During package installation, install Libssh2Config.cmake
+install(EXPORT Libssh2Config
+  NAMESPACE Libssh2::
+  DESTINATION lib/cmake/libssh2)
+
+## During build, register directly from build tree
+# create Libssh2Config.cmake
+export(TARGETS libssh2 NAMESPACE Libssh2:: FILE Libssh2Config.cmake)
+export(PACKAGE Libssh2) # register it
+
+## Export a .pc file for client projects not using CMaek
+if(PC_REQUIRES_PRIVATE)
+  string(REPLACE ";" "," PC_REQUIRES_PRIVATE "${PC_REQUIRES_PRIVATE}")
+endif()
+if(PC_LIBS)
+  string(REPLACE ";" " " PC_LIBS "${PC_LIBS}")
+endif()
+configure_file(libssh2.pc.in libssh2.pc @ONLY)
+install(
+  FILES ${CMAKE_CURRENT_BINARY_DIR}/libssh2.pc
+  DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+## Versioning
+
+set_target_properties(libssh2 PROPERTIES
+  SOVERSION 1
+  VERSION 1.0.1)
+
+include(CMakePackageConfigHelpers)
+write_basic_package_version_file(
+  ${CMAKE_CURRENT_BINARY_DIR}/Libssh2ConfigVersion.cmake
+  VERSION "${LIBSSH2_VERSION_MAJOR}.${LIBSSH2_VERSION_MINOR}.${LIBSSH2_VERSION_PATCH}"
+  COMPATIBILITY SameMajorVersion)
+install(
+  FILES ${CMAKE_CURRENT_BINARY_DIR}/Libssh2ConfigVersion.cmake
+  DESTINATION lib/cmake/libssh2)

src/Makefile.am

@@ -11,13 +11,17 @@ endif
 if WINCNG
 include ../Makefile.WinCNG.inc
 endif
+if OS400QC3
+include ../Makefile.os400qc3.inc
+endif
 
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include ../Makefile.inc
 
 libssh2_la_SOURCES = $(CSOURCES) $(HHEADERS)
 
-EXTRA_DIST = libssh2_config.h.in NMakefile
+EXTRA_DIST = libssh2_config.h.in libssh2_config_cmake.h.in libssh2.pc.in
+EXTRA_DIST += CMakeLists.txt NMakefile
 
 lib_LTLIBRARIES = libssh2.la
 

src/agent.c

@@ -239,8 +239,9 @@ agent_disconnect_unix(LIBSSH2_AGENT *agent)
 {
     int ret;
     ret = close(agent->fd);
-
-    if(ret == -1)
+    if(ret != -1)
+        agent->fd = LIBSSH2_INVALID_SOCKET;
+    else
         return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
                               "failed closing the agent socket");
     return LIBSSH2_ERROR_NONE;
@@ -688,7 +689,7 @@ libssh2_agent_connect(LIBSSH2_AGENT *agent)
     int i, rc = -1;
     for (i = 0; supported_backends[i].name; i++) {
         agent->ops = supported_backends[i].ops;
-        rc = agent->ops->connect(agent);
+        rc = (agent->ops->connect)(agent);
         if (!rc)
             return 0;
     }

src/channel.c

@@ -266,10 +266,30 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type,
         }
 
         if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) {
+            unsigned int reason_code = _libssh2_ntohu32(session->open_data + 5);
+            switch (reason_code) {
+            case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (admininstratively prohibited)");
+                break;
+            case SSH_OPEN_CONNECT_FAILED:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (connect failed)");
+                break;
+            case SSH_OPEN_UNKNOWN_CHANNELTYPE:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (unknown channel type)");
+                break;
+            case SSH_OPEN_RESOURCE_SHORTAGE:
+                _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
+                               "Channel open failure (resource shortage)");
+                break;
+            default:
                 _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE,
                                "Channel open failure");
             }
         }
+    }
 
   channel_error:
 
@@ -1232,6 +1252,11 @@ _libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel,
         { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 };
     int rc;
 
+    if (channel->process_state == libssh2_NB_state_end) {
+        return _libssh2_error(session, LIBSSH2_ERROR_BAD_USE,
+                              "Channel can not be reused");
+    }
+
     if (channel->process_state == libssh2_NB_state_idle) {
         /* 10 = packet_type(1) + channel(4) + request_len(4) + want_reply(1) */
         channel->process_packet_len = request_len + 10;
@@ -1278,7 +1303,7 @@ _libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel,
         else if (rc) {
             LIBSSH2_FREE(session, channel->process_packet);
             channel->process_packet = NULL;
-            channel->process_state = libssh2_NB_state_idle;
+            channel->process_state = libssh2_NB_state_end;
             return _libssh2_error(session, rc,
                                   "Unable to send channel request");
         }
@@ -1300,14 +1325,14 @@ _libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel,
         if (rc == LIBSSH2_ERROR_EAGAIN) {
             return rc;
         } else if (rc) {
-            channel->process_state = libssh2_NB_state_idle;
+            channel->process_state = libssh2_NB_state_end;
             return _libssh2_error(session, rc,
                                   "Failed waiting for channel success");
         }
 
         code = data[0];
         LIBSSH2_FREE(session, data);
-        channel->process_state = libssh2_NB_state_idle;
+        channel->process_state = libssh2_NB_state_end;
 
         if (code == SSH_MSG_CHANNEL_SUCCESS)
             return 0;

src/crypto.h

@@ -50,6 +50,10 @@
 #include "wincng.h"
 #endif
 
+#ifdef LIBSSH2_OS400QC3
+#include "os400qc3.h"
+#endif
+
 int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
                      const unsigned char *edata,
                      unsigned long elen,
@@ -80,6 +84,10 @@ int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
                            size_t hash_len,
                            unsigned char **signature,
                            size_t *signature_len);
+int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
+                                        LIBSSH2_SESSION * session,
+                                        const char *filedata, size_t filedata_len,
+                                        unsigned const char *passphrase);
 
 #if LIBSSH2_DSA
 int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa,
@@ -102,6 +110,10 @@ int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
 int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
                            const unsigned char *hash,
                            unsigned long hash_len, unsigned char *sig);
+int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
+                                        LIBSSH2_SESSION * session,
+                                        const char *filedata, size_t filedata_len,
+                                        unsigned const char *passphrase);
 #endif
 
 int _libssh2_cipher_init(_libssh2_cipher_ctx * h,
@@ -120,6 +132,14 @@ int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                               size_t *pubkeydata_len,
                               const char *privatekey,
                               const char *passphrase);
+int _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                    unsigned char **method,
+                                    size_t *method_len,
+                                    unsigned char **pubkeydata,
+                                    size_t *pubkeydata_len,
+                                    const char *privatekeydata,
+                                    size_t privatekeydata_len,
+                                    const char *passphrase);
 
 void _libssh2_init_aes_ctr(void);
 

src/hostkey.c

@@ -66,6 +66,7 @@ hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session,
     libssh2_rsa_ctx *rsactx;
     const unsigned char *s, *e, *n;
     unsigned long len, e_len, n_len;
+    int ret;
 
     (void) hostkey_data_len;
 
@@ -92,9 +93,11 @@ hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session,
     s += 4;
     n = s;
 
-    if (_libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0,
-                         NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0))
+    ret = _libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0,
+                           NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0);
+    if (ret) {
         return -1;
+    }
 
     *abstract = rsactx;
 
@@ -130,6 +133,38 @@ hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session,
     return 0;
 }
 
+/*
+ * hostkey_method_ssh_rsa_initPEMFromMemory
+ *
+ * Load a Private Key from a memory
+ */
+static int
+hostkey_method_ssh_rsa_initPEMFromMemory(LIBSSH2_SESSION * session,
+                                         const char *privkeyfiledata,
+                                         size_t privkeyfiledata_len,
+                                         unsigned const char *passphrase,
+                                         void **abstract)
+{
+    libssh2_rsa_ctx *rsactx;
+    int ret;
+
+    if (*abstract) {
+        hostkey_method_ssh_rsa_dtor(session, abstract);
+        *abstract = NULL;
+    }
+
+    ret = _libssh2_rsa_new_private_frommemory(&rsactx, session,
+                                              privkeyfiledata,
+                                              privkeyfiledata_len, passphrase);
+    if (ret) {
+        return -1;
+    }
+
+    *abstract = rsactx;
+
+    return 0;
+}
+
 /*
  * hostkey_method_ssh_rsa_sign
  *
@@ -165,6 +200,11 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session,
                              void **abstract)
 {
     libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx *) (*abstract);
+
+#ifdef _libssh2_rsa_sha1_signv
+    return _libssh2_rsa_sha1_signv(session, signature, signature_len,
+                                   veccount, datavec, rsactx);
+#else
     int ret;
     int i;
     unsigned char hash[SHA_DIGEST_LENGTH];
@@ -183,6 +223,7 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session,
     }
 
     return 0;
+#endif
 }
 
 /*
@@ -203,11 +244,16 @@ hostkey_method_ssh_rsa_dtor(LIBSSH2_SESSION * session, void **abstract)
     return 0;
 }
 
+#ifdef OPENSSL_NO_MD5
+#define MD5_DIGEST_LENGTH 16
+#endif
+
 static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ssh_rsa = {
     "ssh-rsa",
     MD5_DIGEST_LENGTH,
     hostkey_method_ssh_rsa_init,
     hostkey_method_ssh_rsa_initPEM,
+    hostkey_method_ssh_rsa_initPEMFromMemory,
     hostkey_method_ssh_rsa_sig_verify,
     hostkey_method_ssh_rsa_signv,
     NULL,                       /* encrypt */
@@ -237,6 +283,8 @@ hostkey_method_ssh_dss_init(LIBSSH2_SESSION * session,
     libssh2_dsa_ctx *dsactx;
     const unsigned char *p, *q, *g, *y, *s;
     unsigned long p_len, q_len, g_len, y_len, len;
+    int ret;
+
     (void) hostkey_data_len;
 
     if (*abstract) {
@@ -269,7 +317,11 @@ hostkey_method_ssh_dss_init(LIBSSH2_SESSION * session,
     y = s;
     /* s += y_len; */
 
-    _libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len, y, y_len, NULL, 0);
+    ret = _libssh2_dsa_new(&dsactx, p, p_len, q, q_len,
+                           g, g_len, y, y_len, NULL, 0);
+    if (ret) {
+        return -1;
+    }
 
     *abstract = dsactx;
 
@@ -305,6 +357,38 @@ hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session,
     return 0;
 }
 
+/*
+ * hostkey_method_ssh_dss_initPEMFromMemory
+ *
+ * Load a Private Key from memory
+ */
+static int
+hostkey_method_ssh_dss_initPEMFromMemory(LIBSSH2_SESSION * session,
+                                         const char *privkeyfiledata,
+                                         size_t privkeyfiledata_len,
+                                         unsigned const char *passphrase,
+                                         void **abstract)
+{
+    libssh2_dsa_ctx *dsactx;
+    int ret;
+
+    if (*abstract) {
+        hostkey_method_ssh_dss_dtor(session, abstract);
+        *abstract = NULL;
+    }
+
+    ret = _libssh2_dsa_new_private_frommemory(&dsactx, session,
+                                              privkeyfiledata,
+                                              privkeyfiledata_len, passphrase);
+    if (ret) {
+        return -1;
+    }
+
+    *abstract = dsactx;
+
+    return 0;
+}
+
 /*
  * libssh2_hostkey_method_ssh_dss_sign
  *
@@ -391,6 +475,7 @@ static const LIBSSH2_HOSTKEY_METHOD hostkey_method_ssh_dss = {
     MD5_DIGEST_LENGTH,
     hostkey_method_ssh_dss_init,
     hostkey_method_ssh_dss_initPEM,
+    hostkey_method_ssh_dss_initPEMFromMemory,
     hostkey_method_ssh_dss_sig_verify,
     hostkey_method_ssh_dss_signv,
     NULL,                       /* encrypt */
@@ -434,7 +519,9 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
         break;
 #endif /* LIBSSH2_MD5 */
     case LIBSSH2_HOSTKEY_HASH_SHA1:
-        return (char *) session->server_hostkey_sha1;
+        return (session->server_hostkey_sha1_valid)
+          ? (char *) session->server_hostkey_sha1
+          : NULL;
         break;
     default:
         return NULL;

src/kex.c

@@ -70,6 +70,35 @@
             }                                                           \
     }
 
+
+/* Helper macro called from kex_method_diffie_hellman_group1_sha256_key_exchange */
+#define LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(value, reqlen, version) \
+    {                                                                      \
+        libssh2_sha256_ctx hash;                                           \
+        unsigned long len = 0;                                             \
+        if (!(value)) {                                                    \
+            value = LIBSSH2_ALLOC(session, reqlen + SHA256_DIGEST_LENGTH); \
+        }                                                                  \
+        if (value)                                                         \
+            while (len < (unsigned long)reqlen) {                          \
+                libssh2_sha256_init(&hash);                                \
+                libssh2_sha256_update(hash, exchange_state->k_value,       \
+                                      exchange_state->k_value_len);        \
+                libssh2_sha256_update(hash, exchange_state->h_sig_comp,    \
+                                      SHA256_DIGEST_LENGTH);               \
+                if (len > 0) {                                             \
+                    libssh2_sha256_update(hash, value, len);               \
+                } else {                                                   \
+                    libssh2_sha256_update(hash, (version), 1);             \
+                    libssh2_sha256_update(hash, session->session_id,       \
+                                          session->session_id_len);        \
+                }                                                          \
+                libssh2_sha256_final(hash, (value) + len);                 \
+                len += SHA256_DIGEST_LENGTH;                               \
+            }                                                              \
+    }
+
+
 /*
  * diffie_hellman_sha1
  *
@@ -83,10 +112,11 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
                                unsigned char packet_type_reply,
                                unsigned char *midhash,
                                unsigned long midhash_len,
-                               kmdhgGPsha1kex_state_t *exchange_state)
+                               kmdhgGPshakex_state_t *exchange_state)
 {
     int ret = 0;
     int rc;
+    libssh2_sha1_ctx exchange_hash_ctx;
 
     if (exchange_state->state == libssh2_NB_state_idle) {
         /* Setup initial values */
@@ -96,7 +126,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
         exchange_state->ctx = _libssh2_bn_ctx_new();
         exchange_state->x = _libssh2_bn_init(); /* Random from client */
         exchange_state->e = _libssh2_bn_init(); /* g^x mod p */
-        exchange_state->f = _libssh2_bn_init(); /* g^(Random from server) mod p */
+        exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from server) mod p */
         exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */
 
         /* Zero the whole thing out */
@@ -202,6 +232,10 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
 
         session->server_hostkey_len = _libssh2_ntohu32(exchange_state->s);
         exchange_state->s += 4;
+
+        if (session->server_hostkey)
+            LIBSSH2_FREE(session, session->server_hostkey);
+
         session->server_hostkey =
             LIBSSH2_ALLOC(session, session->server_hostkey_len);
         if (!session->server_hostkey) {
@@ -221,7 +255,8 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
             if (libssh2_md5_init(&fingerprint_ctx)) {
                 libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
                                    session->server_hostkey_len);
-                libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
+                libssh2_md5_final(fingerprint_ctx,
+                                  session->server_hostkey_md5);
                 session->server_hostkey_md5_valid = TRUE;
             }
             else {
@@ -245,10 +280,16 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
         {
             libssh2_sha1_ctx fingerprint_ctx;
 
-            libssh2_sha1_init(&fingerprint_ctx);
+            if (libssh2_sha1_init(&fingerprint_ctx)) {
                 libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,
                                     session->server_hostkey_len);
-            libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1);
+                libssh2_sha1_final(fingerprint_ctx,
+                                   session->server_hostkey_sha1);
+                session->server_hostkey_sha1_valid = TRUE;
+            }
+            else {
+                session->server_hostkey_sha1_valid = FALSE;
+            }
         }
 #ifdef LIBSSH2DEBUG
         {
@@ -307,54 +348,56 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
             _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 5);
         }
 
-        libssh2_sha1_init(&exchange_state->exchange_hash);
+        exchange_state->exchange_hash = (void*)&exchange_hash_ctx;
+        libssh2_sha1_init(&exchange_hash_ctx);
+
         if (session->local.banner) {
             _libssh2_htonu32(exchange_state->h_sig_comp,
                              strlen((char *) session->local.banner) - 2);
-            libssh2_sha1_update(exchange_state->exchange_hash,
+            libssh2_sha1_update(exchange_hash_ctx,
                                 exchange_state->h_sig_comp, 4);
-            libssh2_sha1_update(exchange_state->exchange_hash,
+            libssh2_sha1_update(exchange_hash_ctx,
                                 (char *) session->local.banner,
                                 strlen((char *) session->local.banner) - 2);
         } else {
             _libssh2_htonu32(exchange_state->h_sig_comp,
                              sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
-            libssh2_sha1_update(exchange_state->exchange_hash,
+            libssh2_sha1_update(exchange_hash_ctx,
                                 exchange_state->h_sig_comp, 4);
-            libssh2_sha1_update(exchange_state->exchange_hash,
+            libssh2_sha1_update(exchange_hash_ctx,
                                 LIBSSH2_SSH_DEFAULT_BANNER,
                                 sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
         }
 
         _libssh2_htonu32(exchange_state->h_sig_comp,
                          strlen((char *) session->remote.banner));
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->h_sig_comp, 4);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             session->remote.banner,
                             strlen((char *) session->remote.banner));
 
         _libssh2_htonu32(exchange_state->h_sig_comp,
                          session->local.kexinit_len);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->h_sig_comp, 4);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             session->local.kexinit,
                             session->local.kexinit_len);
 
         _libssh2_htonu32(exchange_state->h_sig_comp,
                          session->remote.kexinit_len);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->h_sig_comp, 4);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             session->remote.kexinit,
                             session->remote.kexinit_len);
 
         _libssh2_htonu32(exchange_state->h_sig_comp,
                          session->server_hostkey_len);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->h_sig_comp, 4);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             session->server_hostkey,
                             session->server_hostkey_len);
 
@@ -367,38 +410,38 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
                              LIBSSH2_DH_GEX_OPTGROUP);
             _libssh2_htonu32(exchange_state->h_sig_comp + 8,
                              LIBSSH2_DH_GEX_MAXGROUP);
-            libssh2_sha1_update(exchange_state->exchange_hash,
+            libssh2_sha1_update(exchange_hash_ctx,
                                 exchange_state->h_sig_comp, 12);
 #else
             _libssh2_htonu32(exchange_state->h_sig_comp,
                              LIBSSH2_DH_GEX_OPTGROUP);
-            libssh2_sha1_update(exchange_state->exchange_hash,
+            libssh2_sha1_update(exchange_hash_ctx,
                                 exchange_state->h_sig_comp, 4);
 #endif
         }
 
         if (midhash) {
-            libssh2_sha1_update(exchange_state->exchange_hash, midhash,
+            libssh2_sha1_update(exchange_hash_ctx, midhash,
                                 midhash_len);
         }
 
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->e_packet + 1,
                             exchange_state->e_packet_len - 1);
 
         _libssh2_htonu32(exchange_state->h_sig_comp,
                          exchange_state->f_value_len);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->h_sig_comp, 4);
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->f_value,
                             exchange_state->f_value_len);
 
-        libssh2_sha1_update(exchange_state->exchange_hash,
+        libssh2_sha1_update(exchange_hash_ctx,
                             exchange_state->k_value,
                             exchange_state->k_value_len);
 
-        libssh2_sha1_final(exchange_state->exchange_hash,
+        libssh2_sha1_final(exchange_hash_ctx,
                            exchange_state->h_sig_comp);
 
         if (session->hostkey->
@@ -676,6 +719,628 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
 }
 
 
+/*
+ * diffie_hellman_sha256
+ *
+ * Diffie Hellman Key Exchange, Group Agnostic
+ */
+static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
+                                 _libssh2_bn *g,
+                                 _libssh2_bn *p,
+                                 int group_order,
+                                 unsigned char packet_type_init,
+                                 unsigned char packet_type_reply,
+                                 unsigned char *midhash,
+                                 unsigned long midhash_len,
+                                 kmdhgGPshakex_state_t *exchange_state)
+{
+    int ret = 0;
+    int rc;
+    libssh2_sha256_ctx exchange_hash_ctx;
+
+    if (exchange_state->state == libssh2_NB_state_idle) {
+        /* Setup initial values */
+        exchange_state->e_packet = NULL;
+        exchange_state->s_packet = NULL;
+        exchange_state->k_value = NULL;
+        exchange_state->ctx = _libssh2_bn_ctx_new();
+        exchange_state->x = _libssh2_bn_init(); /* Random from client */
+        exchange_state->e = _libssh2_bn_init(); /* g^x mod p */
+        exchange_state->f = _libssh2_bn_init_from_bin(); /* g^(Random from server) mod p */
+        exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */
+
+        /* Zero the whole thing out */
+        memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
+
+        /* Generate x and e */
+        _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
+        _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
+                            exchange_state->ctx);
+
+        /* Send KEX init */
+        /* packet_type(1) + String Length(4) + leading 0(1) */
+        exchange_state->e_packet_len =
+            _libssh2_bn_bytes(exchange_state->e) + 6;
+        if (_libssh2_bn_bits(exchange_state->e) % 8) {
+            /* Leading 00 not needed */
+            exchange_state->e_packet_len--;
+        }
+
+        exchange_state->e_packet =
+            LIBSSH2_ALLOC(session, exchange_state->e_packet_len);
+        if (!exchange_state->e_packet) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                 "Out of memory error");
+            goto clean_exit;
+        }
+        exchange_state->e_packet[0] = packet_type_init;
+        _libssh2_htonu32(exchange_state->e_packet + 1,
+                         exchange_state->e_packet_len - 5);
+        if (_libssh2_bn_bits(exchange_state->e) % 8) {
+            _libssh2_bn_to_bin(exchange_state->e,
+                               exchange_state->e_packet + 5);
+        } else {
+            exchange_state->e_packet[5] = 0;
+            _libssh2_bn_to_bin(exchange_state->e,
+                               exchange_state->e_packet + 6);
+        }
+
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sending KEX packet %d",
+                       (int) packet_type_init);
+        exchange_state->state = libssh2_NB_state_created;
+    }
+
+    if (exchange_state->state == libssh2_NB_state_created) {
+        rc = _libssh2_transport_send(session, exchange_state->e_packet,
+                                     exchange_state->e_packet_len,
+                                     NULL, 0);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
+            return rc;
+        } else if (rc) {
+            ret = _libssh2_error(session, rc,
+                                 "Unable to send KEX init message");
+            goto clean_exit;
+        }
+        exchange_state->state = libssh2_NB_state_sent;
+    }
+
+    if (exchange_state->state == libssh2_NB_state_sent) {
+        if (session->burn_optimistic_kexinit) {
+            /* The first KEX packet to come along will be the guess initially
+             * sent by the server.  That guess turned out to be wrong so we
+             * need to silently ignore it */
+            int burn_type;
+
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                           "Waiting for badly guessed KEX packet (to be ignored)");
+            burn_type =
+                _libssh2_packet_burn(session, &exchange_state->burn_state);
+            if (burn_type == LIBSSH2_ERROR_EAGAIN) {
+                return burn_type;
+            } else if (burn_type <= 0) {
+                /* Failed to receive a packet */
+                ret = burn_type;
+                goto clean_exit;
+            }
+            session->burn_optimistic_kexinit = 0;
+
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                           "Burnt packet of type: %02x",
+                           (unsigned int) burn_type);
+        }
+
+        exchange_state->state = libssh2_NB_state_sent1;
+    }
+
+    if (exchange_state->state == libssh2_NB_state_sent1) {
+        /* Wait for KEX reply */
+        rc = _libssh2_packet_require(session, packet_type_reply,
+                                     &exchange_state->s_packet,
+                                     &exchange_state->s_packet_len, 0, NULL,
+                                     0, &exchange_state->req_state);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
+            return rc;
+        }
+        if (rc) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
+                                 "Timed out waiting for KEX reply");
+            goto clean_exit;
+        }
+
+        /* Parse KEXDH_REPLY */
+        exchange_state->s = exchange_state->s_packet + 1;
+
+        session->server_hostkey_len = _libssh2_ntohu32(exchange_state->s);
+        exchange_state->s += 4;
+
+        if (session->server_hostkey)
+            LIBSSH2_FREE(session, session->server_hostkey);
+
+        session->server_hostkey =
+            LIBSSH2_ALLOC(session, session->server_hostkey_len);
+        if (!session->server_hostkey) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                 "Unable to allocate memory for a copy "
+                                 "of the host key");
+            goto clean_exit;
+        }
+        memcpy(session->server_hostkey, exchange_state->s,
+               session->server_hostkey_len);
+        exchange_state->s += session->server_hostkey_len;
+
+#if LIBSSH2_MD5
+        {
+            libssh2_md5_ctx fingerprint_ctx;
+
+            if (libssh2_md5_init(&fingerprint_ctx)) {
+                libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
+                                   session->server_hostkey_len);
+                libssh2_md5_final(fingerprint_ctx,
+                                  session->server_hostkey_md5);
+                session->server_hostkey_md5_valid = TRUE;
+            }
+            else {
+                session->server_hostkey_md5_valid = FALSE;
+            }
+        }
+#ifdef LIBSSH2DEBUG
+        {
+            char fingerprint[50], *fprint = fingerprint;
+            int i;
+            for(i = 0; i < 16; i++, fprint += 3) {
+                snprintf(fprint, 4, "%02x:", session->server_hostkey_md5[i]);
+            }
+            *(--fprint) = '\0';
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                           "Server's MD5 Fingerprint: %s", fingerprint);
+        }
+#endif /* LIBSSH2DEBUG */
+#endif /* ! LIBSSH2_MD5 */
+
+        {
+            libssh2_sha1_ctx fingerprint_ctx;
+
+            if (libssh2_sha1_init(&fingerprint_ctx)) {
+                libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,
+                                    session->server_hostkey_len);
+                libssh2_sha1_final(fingerprint_ctx,
+                                   session->server_hostkey_sha1);
+                session->server_hostkey_sha1_valid = TRUE;
+            }
+            else {
+                session->server_hostkey_sha1_valid = FALSE;
+            }
+        }
+#ifdef LIBSSH2DEBUG
+        {
+            char fingerprint[64], *fprint = fingerprint;
+            int i;
+
+            for(i = 0; i < 20; i++, fprint += 3) {
+                snprintf(fprint, 4, "%02x:", session->server_hostkey_sha1[i]);
+            }
+            *(--fprint) = '\0';
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                           "Server's SHA1 Fingerprint: %s", fingerprint);
+        }
+#endif /* LIBSSH2DEBUG */
+
+        if (session->hostkey->init(session, session->server_hostkey,
+                                   session->server_hostkey_len,
+                                   &session->server_hostkey_abstract)) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT,
+                                 "Unable to initialize hostkey importer");
+            goto clean_exit;
+        }
+
+        exchange_state->f_value_len = _libssh2_ntohu32(exchange_state->s);
+        exchange_state->s += 4;
+        exchange_state->f_value = exchange_state->s;
+        exchange_state->s += exchange_state->f_value_len;
+        _libssh2_bn_from_bin(exchange_state->f, exchange_state->f_value_len,
+                             exchange_state->f_value);
+
+        exchange_state->h_sig_len = _libssh2_ntohu32(exchange_state->s);
+        exchange_state->s += 4;
+        exchange_state->h_sig = exchange_state->s;
+
+        /* Compute the shared secret */
+        _libssh2_bn_mod_exp(exchange_state->k, exchange_state->f,
+                            exchange_state->x, p, exchange_state->ctx);
+        exchange_state->k_value_len = _libssh2_bn_bytes(exchange_state->k) + 5;
+        if (_libssh2_bn_bits(exchange_state->k) % 8) {
+            /* don't need leading 00 */
+            exchange_state->k_value_len--;
+        }
+        exchange_state->k_value =
+            LIBSSH2_ALLOC(session, exchange_state->k_value_len);
+        if (!exchange_state->k_value) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                 "Unable to allocate buffer for K");
+            goto clean_exit;
+        }
+        _libssh2_htonu32(exchange_state->k_value,
+                         exchange_state->k_value_len - 4);
+        if (_libssh2_bn_bits(exchange_state->k) % 8) {
+            _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 4);
+        } else {
+            exchange_state->k_value[4] = 0;
+            _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 5);
+        }
+
+        exchange_state->exchange_hash = (void*)&exchange_hash_ctx;
+        libssh2_sha256_init(&exchange_hash_ctx);
+
+        if (session->local.banner) {
+            _libssh2_htonu32(exchange_state->h_sig_comp,
+                             strlen((char *) session->local.banner) - 2);
+            libssh2_sha256_update(exchange_hash_ctx,
+                                  exchange_state->h_sig_comp, 4);
+            libssh2_sha256_update(exchange_hash_ctx,
+                                  (char *) session->local.banner,
+                                  strlen((char *) session->local.banner) - 2);
+        } else {
+            _libssh2_htonu32(exchange_state->h_sig_comp,
+                             sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
+            libssh2_sha256_update(exchange_hash_ctx,
+                                  exchange_state->h_sig_comp, 4);
+            libssh2_sha256_update(exchange_hash_ctx,
+                                  LIBSSH2_SSH_DEFAULT_BANNER,
+                                  sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1);
+        }
+
+        _libssh2_htonu32(exchange_state->h_sig_comp,
+                         strlen((char *) session->remote.banner));
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->h_sig_comp, 4);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              session->remote.banner,
+                              strlen((char *) session->remote.banner));
+
+        _libssh2_htonu32(exchange_state->h_sig_comp,
+                         session->local.kexinit_len);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->h_sig_comp, 4);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              session->local.kexinit,
+                              session->local.kexinit_len);
+
+        _libssh2_htonu32(exchange_state->h_sig_comp,
+                         session->remote.kexinit_len);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->h_sig_comp, 4);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              session->remote.kexinit,
+                              session->remote.kexinit_len);
+
+        _libssh2_htonu32(exchange_state->h_sig_comp,
+                         session->server_hostkey_len);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->h_sig_comp, 4);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              session->server_hostkey,
+                              session->server_hostkey_len);
+
+        if (packet_type_init == SSH_MSG_KEX_DH_GEX_INIT) {
+            /* diffie-hellman-group-exchange hashes additional fields */
+#ifdef LIBSSH2_DH_GEX_NEW
+            _libssh2_htonu32(exchange_state->h_sig_comp,
+                             LIBSSH2_DH_GEX_MINGROUP);
+            _libssh2_htonu32(exchange_state->h_sig_comp + 4,
+                             LIBSSH2_DH_GEX_OPTGROUP);
+            _libssh2_htonu32(exchange_state->h_sig_comp + 8,
+                             LIBSSH2_DH_GEX_MAXGROUP);
+            libssh2_sha256_update(exchange_hash_ctx,
+                                  exchange_state->h_sig_comp, 12);
+#else
+            _libssh2_htonu32(exchange_state->h_sig_comp,
+                             LIBSSH2_DH_GEX_OPTGROUP);
+            libssh2_sha256_update(exchange_hash_ctx,
+                                  exchange_state->h_sig_comp, 4);
+#endif
+        }
+
+        if (midhash) {
+            libssh2_sha256_update(exchange_hash_ctx, midhash,
+                                  midhash_len);
+        }
+
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->e_packet + 1,
+                              exchange_state->e_packet_len - 1);
+
+        _libssh2_htonu32(exchange_state->h_sig_comp,
+                         exchange_state->f_value_len);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->h_sig_comp, 4);
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->f_value,
+                              exchange_state->f_value_len);
+
+        libssh2_sha256_update(exchange_hash_ctx,
+                              exchange_state->k_value,
+                              exchange_state->k_value_len);
+
+        libssh2_sha256_final(exchange_hash_ctx,
+                             exchange_state->h_sig_comp);
+
+        if (session->hostkey->
+            sig_verify(session, exchange_state->h_sig,
+                       exchange_state->h_sig_len, exchange_state->h_sig_comp,
+                       SHA256_DIGEST_LENGTH, &session->server_hostkey_abstract)) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_SIGN,
+                                 "Unable to verify hostkey signature");
+            goto clean_exit;
+        }
+
+
+
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sending NEWKEYS message");
+        exchange_state->c = SSH_MSG_NEWKEYS;
+
+        exchange_state->state = libssh2_NB_state_sent2;
+    }
+
+    if (exchange_state->state == libssh2_NB_state_sent2) {
+        rc = _libssh2_transport_send(session, &exchange_state->c, 1, NULL, 0);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
+            return rc;
+        } else if (rc) {
+            ret = _libssh2_error(session, rc, "Unable to send NEWKEYS message");
+            goto clean_exit;
+        }
+
+        exchange_state->state = libssh2_NB_state_sent3;
+    }
+
+    if (exchange_state->state == libssh2_NB_state_sent3) {
+        rc = _libssh2_packet_require(session, SSH_MSG_NEWKEYS,
+                                     &exchange_state->tmp,
+                                     &exchange_state->tmp_len, 0, NULL, 0,
+                                     &exchange_state->req_state);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
+            return rc;
+        } else if (rc) {
+            ret = _libssh2_error(session, rc, "Timed out waiting for NEWKEYS");
+            goto clean_exit;
+        }
+        /* The first key exchange has been performed,
+           switch to active crypt/comp/mac mode */
+        session->state |= LIBSSH2_STATE_NEWKEYS;
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Received NEWKEYS message");
+
+        /* This will actually end up being just packet_type(1)
+           for this packet type anyway */
+        LIBSSH2_FREE(session, exchange_state->tmp);
+
+        if (!session->session_id) {
+            session->session_id = LIBSSH2_ALLOC(session, SHA256_DIGEST_LENGTH);
+            if (!session->session_id) {
+                ret = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                     "Unable to allocate buffer for SHA digest");
+                goto clean_exit;
+            }
+            memcpy(session->session_id, exchange_state->h_sig_comp,
+                   SHA256_DIGEST_LENGTH);
+            session->session_id_len = SHA256_DIGEST_LENGTH;
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "session_id calculated");
+        }
+
+        /* Cleanup any existing cipher */
+        if (session->local.crypt->dtor) {
+            session->local.crypt->dtor(session,
+                                       &session->local.crypt_abstract);
+        }
+
+        /* Calculate IV/Secret/Key for each direction */
+        if (session->local.crypt->init) {
+            unsigned char *iv = NULL, *secret = NULL;
+            int free_iv = 0, free_secret = 0;
+
+            LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(iv,
+                                                          session->local.crypt->
+                                                          iv_len, "A");
+            if (!iv) {
+                ret = -1;
+                goto clean_exit;
+            }
+            LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(secret,
+                                                          session->local.crypt->
+                                                          secret_len, "C");
+            if (!secret) {
+                LIBSSH2_FREE(session, iv);
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+            if (session->local.crypt->
+                init(session, session->local.crypt, iv, &free_iv, secret,
+                     &free_secret, 1, &session->local.crypt_abstract)) {
+                LIBSSH2_FREE(session, iv);
+                LIBSSH2_FREE(session, secret);
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+
+            if (free_iv) {
+                memset(iv, 0, session->local.crypt->iv_len);
+                LIBSSH2_FREE(session, iv);
+            }
+
+            if (free_secret) {
+                memset(secret, 0, session->local.crypt->secret_len);
+                LIBSSH2_FREE(session, secret);
+            }
+        }
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Client to Server IV and Key calculated");
+
+        if (session->remote.crypt->dtor) {
+            /* Cleanup any existing cipher */
+            session->remote.crypt->dtor(session,
+                                        &session->remote.crypt_abstract);
+        }
+
+        if (session->remote.crypt->init) {
+            unsigned char *iv = NULL, *secret = NULL;
+            int free_iv = 0, free_secret = 0;
+
+            LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(iv,
+                                                          session->remote.crypt->
+                                                          iv_len, "B");
+            if (!iv) {
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+            LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(secret,
+                                                          session->remote.crypt->
+                                                          secret_len, "D");
+            if (!secret) {
+                LIBSSH2_FREE(session, iv);
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+            if (session->remote.crypt->
+                init(session, session->remote.crypt, iv, &free_iv, secret,
+                     &free_secret, 0, &session->remote.crypt_abstract)) {
+                LIBSSH2_FREE(session, iv);
+                LIBSSH2_FREE(session, secret);
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+
+            if (free_iv) {
+                memset(iv, 0, session->remote.crypt->iv_len);
+                LIBSSH2_FREE(session, iv);
+            }
+
+            if (free_secret) {
+                memset(secret, 0, session->remote.crypt->secret_len);
+                LIBSSH2_FREE(session, secret);
+            }
+        }
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Server to Client IV and Key calculated");
+
+        if (session->local.mac->dtor) {
+            session->local.mac->dtor(session, &session->local.mac_abstract);
+        }
+
+        if (session->local.mac->init) {
+            unsigned char *key = NULL;
+            int free_key = 0;
+
+            LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(key,
+                                                          session->local.mac->
+                                                          key_len, "E");
+            if (!key) {
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+            session->local.mac->init(session, key, &free_key,
+                                     &session->local.mac_abstract);
+
+            if (free_key) {
+                memset(key, 0, session->local.mac->key_len);
+                LIBSSH2_FREE(session, key);
+            }
+        }
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Client to Server HMAC Key calculated");
+
+        if (session->remote.mac->dtor) {
+            session->remote.mac->dtor(session, &session->remote.mac_abstract);
+        }
+
+        if (session->remote.mac->init) {
+            unsigned char *key = NULL;
+            int free_key = 0;
+
+            LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA256_HASH(key,
+                                                          session->remote.mac->
+                                                          key_len, "F");
+            if (!key) {
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+            session->remote.mac->init(session, key, &free_key,
+                                      &session->remote.mac_abstract);
+
+            if (free_key) {
+                memset(key, 0, session->remote.mac->key_len);
+                LIBSSH2_FREE(session, key);
+            }
+        }
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Server to Client HMAC Key calculated");
+
+        /* Initialize compression for each direction */
+
+        /* Cleanup any existing compression */
+        if (session->local.comp && session->local.comp->dtor) {
+            session->local.comp->dtor(session, 1,
+                                      &session->local.comp_abstract);
+        }
+
+        if (session->local.comp && session->local.comp->init) {
+            if (session->local.comp->init(session, 1,
+                                          &session->local.comp_abstract)) {
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+        }
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Client to Server compression initialized");
+
+        if (session->remote.comp && session->remote.comp->dtor) {
+            session->remote.comp->dtor(session, 0,
+                                       &session->remote.comp_abstract);
+        }
+
+        if (session->remote.comp && session->remote.comp->init) {
+            if (session->remote.comp->init(session, 0,
+                                           &session->remote.comp_abstract)) {
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
+                goto clean_exit;
+            }
+        }
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Server to Client compression initialized");
+
+    }
+
+  clean_exit:
+    _libssh2_bn_free(exchange_state->x);
+    exchange_state->x = NULL;
+    _libssh2_bn_free(exchange_state->e);
+    exchange_state->e = NULL;
+    _libssh2_bn_free(exchange_state->f);
+    exchange_state->f = NULL;
+    _libssh2_bn_free(exchange_state->k);
+    exchange_state->k = NULL;
+    _libssh2_bn_ctx_free(exchange_state->ctx);
+    exchange_state->ctx = NULL;
+
+    if (exchange_state->e_packet) {
+        LIBSSH2_FREE(session, exchange_state->e_packet);
+        exchange_state->e_packet = NULL;
+    }
+
+    if (exchange_state->s_packet) {
+        LIBSSH2_FREE(session, exchange_state->s_packet);
+        exchange_state->s_packet = NULL;
+    }
+
+    if (exchange_state->k_value) {
+        LIBSSH2_FREE(session, exchange_state->k_value);
+        exchange_state->k_value = NULL;
+    }
+
+    exchange_state->state = libssh2_NB_state_idle;
+
+    return ret;
+}
+
+
 
 /* kex_method_diffie_hellman_group1_sha1_key_exchange
  * Diffie-Hellman Group1 (Actually Group2) Key Exchange using SHA1
@@ -708,7 +1373,7 @@ kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SESSION *session,
 
     if (key_state->state == libssh2_NB_state_idle) {
         /* g == 2 */
-        key_state->p = _libssh2_bn_init();      /* SSH2 defined value (p_value) */
+        key_state->p = _libssh2_bn_init_from_bin();      /* SSH2 defined value (p_value) */
         key_state->g = _libssh2_bn_init();      /* SSH2 defined value (2) */
 
         /* Initialize P and G */
@@ -783,7 +1448,7 @@ kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_SESSION *session,
     int ret;
 
     if (key_state->state == libssh2_NB_state_idle) {
-        key_state->p = _libssh2_bn_init();      /* SSH2 defined value (p_value) */
+        key_state->p = _libssh2_bn_init_from_bin();      /* SSH2 defined value (p_value) */
         key_state->g = _libssh2_bn_init();      /* SSH2 defined value (2) */
 
         /* g == 2 */
@@ -827,8 +1492,8 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
     int rc;
 
     if (key_state->state == libssh2_NB_state_idle) {
-        key_state->p = _libssh2_bn_init();
-        key_state->g = _libssh2_bn_init();
+        key_state->p = _libssh2_bn_init_from_bin();
+        key_state->g = _libssh2_bn_init_from_bin();
         /* Ask for a P and G pair */
 #ifdef LIBSSH2_DH_GEX_NEW
         key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST;
@@ -914,6 +1579,105 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
 
 
 
+/* kex_method_diffie_hellman_group_exchange_sha256_key_exchange
+ * Diffie-Hellman Group Exchange Key Exchange using SHA256
+ * Negotiates random(ish) group for secret derivation
+ */
+static int
+kex_method_diffie_hellman_group_exchange_sha256_key_exchange
+(LIBSSH2_SESSION * session, key_exchange_state_low_t * key_state)
+{
+    unsigned long p_len, g_len;
+    int ret = 0;
+    int rc;
+
+    if (key_state->state == libssh2_NB_state_idle) {
+        key_state->p = _libssh2_bn_init();
+        key_state->g = _libssh2_bn_init();
+        /* Ask for a P and G pair */
+#ifdef LIBSSH2_DH_GEX_NEW
+        key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST;
+        _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_MINGROUP);
+        _libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP);
+        _libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP);
+        key_state->request_len = 13;
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Initiating Diffie-Hellman Group-Exchange (New Method SHA256)");
+#else
+        key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD;
+        _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP);
+        key_state->request_len = 5;
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
+                       "Initiating Diffie-Hellman Group-Exchange (Old Method SHA256)");
+#endif
+
+        key_state->state = libssh2_NB_state_created;
+    }
+
+    if (key_state->state == libssh2_NB_state_created) {
+        rc = _libssh2_transport_send(session, key_state->request,
+                                     key_state->request_len, NULL, 0);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
+            return rc;
+        } else if (rc) {
+            ret = _libssh2_error(session, rc,
+                                 "Unable to send Group Exchange Request SHA256");
+            goto dh_gex_clean_exit;
+        }
+
+        key_state->state = libssh2_NB_state_sent;
+    }
+
+    if (key_state->state == libssh2_NB_state_sent) {
+        rc = _libssh2_packet_require(session, SSH_MSG_KEX_DH_GEX_GROUP,
+                                     &key_state->data, &key_state->data_len,
+                                     0, NULL, 0, &key_state->req_state);
+        if (rc == LIBSSH2_ERROR_EAGAIN) {
+            return rc;
+        } else if (rc) {
+            ret = _libssh2_error(session, rc,
+                                 "Timeout waiting for GEX_GROUP reply SHA256");
+            goto dh_gex_clean_exit;
+        }
+
+        key_state->state = libssh2_NB_state_sent1;
+    }
+
+    if (key_state->state == libssh2_NB_state_sent1) {
+        unsigned char *s = key_state->data + 1;
+        p_len = _libssh2_ntohu32(s);
+        s += 4;
+        _libssh2_bn_from_bin(key_state->p, p_len, s);
+        s += p_len;
+
+        g_len = _libssh2_ntohu32(s);
+        s += 4;
+        _libssh2_bn_from_bin(key_state->g, g_len, s);
+
+        ret = diffie_hellman_sha256(session, key_state->g, key_state->p, p_len,
+                                    SSH_MSG_KEX_DH_GEX_INIT,
+                                    SSH_MSG_KEX_DH_GEX_REPLY,
+                                    key_state->data + 1,
+                                    key_state->data_len - 1,
+                                    &key_state->exchange_state);
+        if (ret == LIBSSH2_ERROR_EAGAIN) {
+            return ret;
+        }
+
+        LIBSSH2_FREE(session, key_state->data);
+    }
+
+  dh_gex_clean_exit:
+    key_state->state = libssh2_NB_state_idle;
+    _libssh2_bn_free(key_state->g);
+    key_state->g = NULL;
+    _libssh2_bn_free(key_state->p);
+    key_state->p = NULL;
+
+    return ret;
+}
+
+
 #define LIBSSH2_KEX_METHOD_FLAG_REQ_ENC_HOSTKEY     0x0001
 #define LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY    0x0002
 
@@ -936,9 +1700,17 @@ kex_method_diffie_helman_group_exchange_sha1 = {
     LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY,
 };
 
+static const LIBSSH2_KEX_METHOD
+kex_method_diffie_helman_group_exchange_sha256 = {
+    "diffie-hellman-group-exchange-sha256",
+    kex_method_diffie_hellman_group_exchange_sha256_key_exchange,
+    LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY,
+};
+
 static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = {
-    &kex_method_diffie_helman_group14_sha1,
+    &kex_method_diffie_helman_group_exchange_sha256,
     &kex_method_diffie_helman_group_exchange_sha1,
+    &kex_method_diffie_helman_group14_sha1,
     &kex_method_diffie_helman_group1_sha1,
     NULL
 };

src/knownhost.c

@@ -417,8 +417,9 @@ knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
                        plain input to produce a hash to compare with the
                        stored hash.
                     */
-                    libssh2_hmac_ctx ctx;
                     unsigned char hash[SHA_DIGEST_LENGTH];
+                    libssh2_hmac_ctx ctx;
+                    libssh2_hmac_ctx_init(ctx);
 
                     if(SHA_DIGEST_LENGTH != node->name_len) {
                         /* the name hash length must be the sha1 size or

src/libgcrypt.c

@@ -149,6 +149,17 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
     return 0;
 }
 
+int
+_libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
+                                    LIBSSH2_SESSION * session,
+                                    const char *filedata, size_t filedata_len,
+                                    unsigned const char *passphrase)
+{
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                         "Unable to extract private key from memory: "
+                         "Method unimplemented in libgcrypt backend");
+}
+
 int
 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                          LIBSSH2_SESSION * session,
@@ -251,6 +262,17 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
     return ret;
 }
 
+int
+_libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
+                                    LIBSSH2_SESSION * session,
+                                    const char *filedata, size_t filedata_len,
+                                    unsigned const char *passphrase)
+{
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                         "Unable to extract private key from memory: "
+                         "Method unimplemented in libgcrypt backend");
+}
+
 int
 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                          LIBSSH2_SESSION * session,
@@ -566,6 +588,21 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
     return ret;
 }
 
+int
+_libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                unsigned char **method,
+                                size_t *method_len,
+                                unsigned char **pubkeydata,
+                                size_t *pubkeydata_len,
+                                const char *privatekeydata,
+                                size_t privatekeydata_len,
+                                const char *passphrase)
+{
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                         "Unable to extract public key from private key in memory: "
+                         "Method unimplemented in libgcrypt backend");
+}
+
 int
 _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                           unsigned char **method,

src/libgcrypt.h

@@ -42,6 +42,8 @@
 #define LIBSSH2_MD5 1
 
 #define LIBSSH2_HMAC_RIPEMD 1
+#define LIBSSH2_HMAC_SHA256 1
+#define LIBSSH2_HMAC_SHA512 1
 
 #define LIBSSH2_AES 1
 #define LIBSSH2_AES_CTR 1
@@ -55,12 +57,18 @@
 
 #define MD5_DIGEST_LENGTH 16
 #define SHA_DIGEST_LENGTH 20
+#define SHA256_DIGEST_LENGTH 32
 
 #define _libssh2_random(buf, len)                \
   (gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1)
 
+#define libssh2_prepare_iovec(vec, len)  /* Empty. */
+
 #define libssh2_sha1_ctx gcry_md_hd_t
-#define libssh2_sha1_init(ctx) gcry_md_open (ctx,  GCRY_MD_SHA1, 0);
+
+/* returns 0 in case of failure */
+#define libssh2_sha1_init(ctx) \
+  (GPG_ERR_NO_ERROR == gcry_md_open (ctx,  GCRY_MD_SHA1, 0))
 #define libssh2_sha1_update(ctx, data, len) \
   gcry_md_write (ctx, (unsigned char *) data, len)
 #define libssh2_sha1_final(ctx, out) \
@@ -68,6 +76,17 @@
 #define libssh2_sha1(message, len, out) \
   gcry_md_hash_buffer (GCRY_MD_SHA1, out, message, len)
 
+#define libssh2_sha256_ctx gcry_md_hd_t
+
+#define libssh2_sha256_init(ctx) \
+  (GPG_ERR_NO_ERROR == gcry_md_open (ctx,  GCRY_MD_SHA256, 0))
+#define libssh2_sha256_update(ctx, data, len) \
+  gcry_md_write (ctx, (unsigned char *) data, len)
+#define libssh2_sha256_final(ctx, out) \
+  memcpy (out, gcry_md_read (ctx, 0), SHA256_DIGEST_LENGTH), gcry_md_close (ctx)
+#define libssh2_sha256(message, len, out) \
+  gcry_md_hash_buffer (GCRY_MD_SHA256, out, message, len)
+
 #define libssh2_md5_ctx gcry_md_hd_t
 
 /* returns 0 in case of failure */
@@ -82,6 +101,7 @@
   gcry_md_hash_buffer (GCRY_MD_MD5, out, message, len)
 
 #define libssh2_hmac_ctx gcry_md_hd_t
+#define libssh2_hmac_ctx_init(ctx)
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
   gcry_md_open (ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey (*ctx, key, keylen)
@@ -91,6 +111,12 @@
 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
   gcry_md_open (ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC), \
     gcry_md_setkey (*ctx, key, keylen)
+#define libssh2_hmac_sha256_init(ctx, key, keylen) \
+  gcry_md_open (ctx, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC), \
+    gcry_md_setkey (*ctx, key, keylen)
+#define libssh2_hmac_sha512_init(ctx, key, keylen) \
+  gcry_md_open (ctx, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC), \
+    gcry_md_setkey (*ctx, key, keylen)
 #define libssh2_hmac_update(ctx, data, datalen) \
   gcry_md_write (ctx, (unsigned char *) data, datalen)
 #define libssh2_hmac_final(ctx, data) \
@@ -145,6 +171,7 @@
 #define _libssh2_bn_ctx_new() 0
 #define _libssh2_bn_ctx_free(bnctx) ((void)0)
 #define _libssh2_bn_init() gcry_mpi_new(0)
+#define _libssh2_bn_init_from_bin() NULL /* because gcry_mpi_scan() creates a new bignum */
 #define _libssh2_bn_rand(bn, bits, top, bottom) gcry_mpi_randomize (bn, bits, GCRY_WEAK_RANDOM)
 #define _libssh2_bn_mod_exp(r, a, p, m, ctx) gcry_mpi_powm (r, a, p, m)
 #define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val)

src/libssh2.pc.in

@@ -0,0 +1,17 @@
+###########################################################################
+# libssh2 installation details
+###########################################################################
+
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+Name: @PROJECT_NAME@
+URL: @PROJECT_URL@
+Description: @PROJECT_DESCRIPTION@
+Version: @LIBSSH2_VERSION@
+Requires.private: @PC_REQUIRES_PRIVATE@
+Libs: -L${libdir} -lssh2 @PC_LIBS@
+Libs.private: @PC_LIBS@
+Cflags: -I${includedir}

src/libssh2_config_cmake.h.in

@@ -0,0 +1,105 @@
+/* Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+ * Copyright (c) 1999-2011 Douglas Gilbert. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Headers */
+#cmakedefine HAVE_UNISTD_H
+#cmakedefine HAVE_INTTYPES_H
+#cmakedefine HAVE_STDLIB_H
+#cmakedefine HAVE_SYS_SELECT_H
+#cmakedefine HAVE_SYS_UIO_H
+#cmakedefine HAVE_SYS_SOCKET_H
+#cmakedefine HAVE_SYS_IOCTL_H
+#cmakedefine HAVE_SYS_TIME_H
+#cmakedefine HAVE_SYS_UN_H
+#cmakedefine HAVE_WINDOWS_H
+#cmakedefine HAVE_WS2TCPIP_H
+#cmakedefine HAVE_WINSOCK2_H
+#cmakedefine HAVE_NTDEF_H
+#cmakedefine HAVE_NTSTATUS_H
+
+/* Libraries */
+#cmakedefine HAVE_LIBCRYPT32
+
+/* Types */
+#cmakedefine HAVE_LONGLONG
+
+/* Functions */
+#cmakedefine HAVE_GETTIMEOFDAY
+#cmakedefine HAVE_INET_ADDR
+#cmakedefine HAVE_POLL
+#cmakedefine HAVE_SELECT
+#cmakedefine HAVE_SOCKET
+#cmakedefine HAVE_STRTOLL
+#cmakedefine HAVE_STRTOI64
+#cmakedefine HAVE_SNPRINTF
+
+/* OpenSSL functions */
+#cmakedefine HAVE_EVP_AES_128_CTR
+
+/* Socket non-blocking support */
+#cmakedefine HAVE_O_NONBLOCK
+#cmakedefine HAVE_FIONBIO
+#cmakedefine HAVE_IOCTLSOCKET
+#cmakedefine HAVE_IOCTLSOCKET_CASE
+#cmakedefine HAVE_SO_NONBLOCK
+#cmakedefine HAVE_DISABLED_NONBLOCKING
+
+/* snprintf not in Visual Studio CRT and _snprintf dangerously incompatible.
+   We provide a safe wrapper if snprintf not found */
+#ifndef HAVE_SNPRINTF
+#include <stdio.h>
+#include <stdarg.h>
+/* Want safe, 'n += snprintf(b + n ...)' like function. If cp_max_len is 1
+* then assume cp is pointing to a null char and do nothing. Returns number
+* number of chars placed in cp excluding the trailing null char. So for
+* cp_max_len > 0 the return value is always < cp_max_len; for cp_max_len
+* <= 0 the return value is 0 (and no chars are written to cp). */
+static int snprintf(char * cp, int cp_max_len, const char * fmt, ...)
+{
+    va_list args;
+    int n;
+
+    if (cp_max_len < 2)
+        return 0;
+    va_start(args, fmt);
+    n = vsnprintf(cp, cp_max_len, fmt, args);
+    va_end(args);
+    return (n < cp_max_len) ? n : (cp_max_len - 1);
+}
+
+#define HAVE_SNPRINTF
+#endif

src/libssh2_priv.h

@@ -132,6 +132,11 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
 
 #endif /* WIN32 */
 
+#ifdef __OS400__
+/* Force parameter type. */
+#define send(s, b, l, f)    send((s), (unsigned char *) (b), (l), (f))
+#endif
+
 #include "crypto.h"
 
 #ifdef HAVE_WINSOCK2_H
@@ -149,6 +154,7 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
  * padding length, payload, padding, and MAC.)."
  */
 #define MAX_SSH_PACKET_LEN 35000
+#define MAX_SHA_DIGEST_LEN SHA256_DIGEST_LENGTH
 
 #define LIBSSH2_ALLOC(session, count) \
   session->alloc((count), &(session)->abstract)
@@ -182,9 +188,9 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
                       (channel), &(channel)->abstract)
 
 #define LIBSSH2_SEND_FD(session, fd, buffer, length, flags) \
-    session->send(fd, buffer, length, flags, &session->abstract)
+    (session->send)(fd, buffer, length, flags, &session->abstract)
 #define LIBSSH2_RECV_FD(session, fd, buffer, length, flags) \
-    session->recv(fd, buffer, length, flags, &session->abstract)
+    (session->recv)(fd, buffer, length, flags, &session->abstract)
 
 #define LIBSSH2_SEND(session, buffer, length, flags)  \
     LIBSSH2_SEND_FD(session, session->socket_fd, buffer, length, flags)
@@ -215,7 +221,8 @@ typedef enum
     libssh2_NB_state_jump2,
     libssh2_NB_state_jump3,
     libssh2_NB_state_jump4,
-    libssh2_NB_state_jump5
+    libssh2_NB_state_jump5,
+    libssh2_NB_state_end
 } libssh2_nonblocking_states;
 
 typedef struct packet_require_state_t
@@ -229,13 +236,13 @@ typedef struct packet_requirev_state_t
     time_t start;
 } packet_requirev_state_t;
 
-typedef struct kmdhgGPsha1kex_state_t
+typedef struct kmdhgGPshakex_state_t
 {
     libssh2_nonblocking_states state;
     unsigned char *e_packet;
     unsigned char *s_packet;
     unsigned char *tmp;
-    unsigned char h_sig_comp[SHA_DIGEST_LENGTH];
+    unsigned char h_sig_comp[MAX_SHA_DIGEST_LEN];
     unsigned char c;
     size_t e_packet_len;
     size_t s_packet_len;
@@ -252,16 +259,16 @@ typedef struct kmdhgGPsha1kex_state_t
     size_t f_value_len;
     size_t k_value_len;
     size_t h_sig_len;
-    libssh2_sha1_ctx exchange_hash;
+    void *exchange_hash;
     packet_require_state_t req_state;
     libssh2_nonblocking_states burn_state;
-} kmdhgGPsha1kex_state_t;
+} kmdhgGPshakex_state_t;
 
 typedef struct key_exchange_state_low_t
 {
     libssh2_nonblocking_states state;
     packet_require_state_t req_state;
-    kmdhgGPsha1kex_state_t exchange_state;
+    kmdhgGPshakex_state_t exchange_state;
     _libssh2_bn *p;             /* SSH2 defined value (p_value) */
     _libssh2_bn *g;             /* SSH2 defined value (2) */
     unsigned char request[13];
@@ -600,6 +607,7 @@ struct _LIBSSH2_SESSION
     int server_hostkey_md5_valid;
 #endif                          /* ! LIBSSH2_MD5 */
     unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH];
+    int server_hostkey_sha1_valid;
 
     /* (remote as source of data -- packet_read ) */
     libssh2_endpoint_data remote;
@@ -628,6 +636,7 @@ struct _LIBSSH2_SESSION
     /* Error tracking */
     const char *err_msg;
     int err_code;
+    int err_flags;
 
     /* struct members for packet-level reading */
     struct transportpacket packet;
@@ -778,7 +787,7 @@ struct _LIBSSH2_SESSION
     int sftpInit_sent; /* number of bytes from the buffer that have been
                           sent */
 
-    /* State variables used in libssh2_scp_recv() */
+    /* State variables used in libssh2_scp_recv() / libssh_scp_recv2() */
     libssh2_nonblocking_states scpRecv_state;
     unsigned char *scpRecv_command;
     size_t scpRecv_command_len;
@@ -789,6 +798,9 @@ struct _LIBSSH2_SESSION
     /* we have the type and we can parse such numbers */
     long long scpRecv_size;
 #define scpsize_strtol strtoll
+#elif defined(HAVE_STRTOI64)
+    __int64 scpRecv_size;
+#define scpsize_strtol _strtoi64
 #else
     long scpRecv_size;
 #define scpsize_strtol strtol
@@ -854,6 +866,9 @@ struct _LIBSSH2_HOSTKEY_METHOD
                  size_t hostkey_data_len, void **abstract);
     int (*initPEM) (LIBSSH2_SESSION * session, const char *privkeyfile,
                     unsigned const char *passphrase, void **abstract);
+    int (*initPEMFromMemory) (LIBSSH2_SESSION * session,
+                              const char *privkeyfiledata, size_t privkeyfiledata_len,
+                              unsigned const char *passphrase, void **abstract);
     int (*sig_verify) (LIBSSH2_SESSION * session, const unsigned char *sig,
                        size_t sig_len, const unsigned char *m,
                        size_t m_len, void **abstract);
@@ -941,6 +956,10 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
 /* Something very bad is going on */
 #define LIBSSH2_MAC_INVALID                     -1
 
+/* Flags for _libssh2_error_flags */
+/* Error message is allocated on the heap */
+#define LIBSSH2_ERR_FLAG_DUP                     1
+
 /* SSH Packet Types -- Defined by internet draft */
 /* Transport Layer */
 #define SSH_MSG_DISCONNECT                          1
@@ -957,7 +976,7 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
 #define SSH_MSG_KEXDH_INIT                          30
 #define SSH_MSG_KEXDH_REPLY                         31
 
-/* diffie-hellman-group-exchange-sha1 */
+/* diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256 */
 #define SSH_MSG_KEX_DH_GEX_REQUEST_OLD              30
 #define SSH_MSG_KEX_DH_GEX_REQUEST                  34
 #define SSH_MSG_KEX_DH_GEX_GROUP                    31
@@ -1023,6 +1042,11 @@ int _libssh2_pem_parse(LIBSSH2_SESSION * session,
                        const char *headerbegin,
                        const char *headerend,
                        FILE * fp, unsigned char **data, unsigned int *datalen);
+int _libssh2_pem_parse_memory(LIBSSH2_SESSION * session,
+                              const char *headerbegin,
+                              const char *headerend,
+                              const char *filedata, size_t filedata_len,
+                              unsigned char **data, unsigned int *datalen);
 int _libssh2_pem_decode_sequence(unsigned char **data, unsigned int *datalen);
 int _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen,
                                 unsigned char **i, unsigned int *ilen);

src/mac.c

@@ -96,6 +96,97 @@ mac_method_common_dtor(LIBSSH2_SESSION * session, void **abstract)
 
 
 
+#if LIBSSH2_HMAC_SHA512
+/* mac_method_hmac_sha512_hash
+ * Calculate hash using full sha512 value
+ */
+static int
+mac_method_hmac_sha2_512_hash(LIBSSH2_SESSION * session,
+                          unsigned char *buf, uint32_t seqno,
+                          const unsigned char *packet,
+                          uint32_t packet_len,
+                          const unsigned char *addtl,
+                          uint32_t addtl_len, void **abstract)
+{
+    libssh2_hmac_ctx ctx;
+    unsigned char seqno_buf[4];
+    (void) session;
+
+    _libssh2_htonu32(seqno_buf, seqno);
+
+    libssh2_hmac_ctx_init(ctx);
+    libssh2_hmac_sha512_init(&ctx, *abstract, 64);
+    libssh2_hmac_update(ctx, seqno_buf, 4);
+    libssh2_hmac_update(ctx, packet, packet_len);
+    if (addtl && addtl_len) {
+        libssh2_hmac_update(ctx, addtl, addtl_len);
+    }
+    libssh2_hmac_final(ctx, buf);
+    libssh2_hmac_cleanup(&ctx);
+
+    return 0;
+}
+
+
+
+static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_512 = {
+    "hmac-sha2-512",
+    64,
+    64,
+    mac_method_common_init,
+    mac_method_hmac_sha2_512_hash,
+    mac_method_common_dtor,
+};
+#endif
+
+
+
+#if LIBSSH2_HMAC_SHA256
+/* mac_method_hmac_sha256_hash
+ * Calculate hash using full sha256 value
+ */
+static int
+mac_method_hmac_sha2_256_hash(LIBSSH2_SESSION * session,
+                          unsigned char *buf, uint32_t seqno,
+                          const unsigned char *packet,
+                          uint32_t packet_len,
+                          const unsigned char *addtl,
+                          uint32_t addtl_len, void **abstract)
+{
+    libssh2_hmac_ctx ctx;
+    unsigned char seqno_buf[4];
+    (void) session;
+
+    _libssh2_htonu32(seqno_buf, seqno);
+
+    libssh2_hmac_ctx_init(ctx);
+    libssh2_hmac_sha256_init(&ctx, *abstract, 32);
+    libssh2_hmac_update(ctx, seqno_buf, 4);
+    libssh2_hmac_update(ctx, packet, packet_len);
+    if (addtl && addtl_len) {
+        libssh2_hmac_update(ctx, addtl, addtl_len);
+    }
+    libssh2_hmac_final(ctx, buf);
+    libssh2_hmac_cleanup(&ctx);
+
+    return 0;
+}
+
+
+
+static const LIBSSH2_MAC_METHOD mac_method_hmac_sha2_256 = {
+    "hmac-sha2-256",
+    32,
+    32,
+    mac_method_common_init,
+    mac_method_hmac_sha2_256_hash,
+    mac_method_common_dtor,
+};
+#endif
+
+
+
+
 /* mac_method_hmac_sha1_hash
  * Calculate hash using full sha1 value
  */
@@ -113,6 +204,7 @@ mac_method_hmac_sha1_hash(LIBSSH2_SESSION * session,
 
     _libssh2_htonu32(seqno_buf, seqno);
 
+    libssh2_hmac_ctx_init(ctx);
     libssh2_hmac_sha1_init(&ctx, *abstract, 20);
     libssh2_hmac_update(ctx, seqno_buf, 4);
     libssh2_hmac_update(ctx, packet, packet_len);
@@ -185,6 +277,7 @@ mac_method_hmac_md5_hash(LIBSSH2_SESSION * session, unsigned char *buf,
 
     _libssh2_htonu32(seqno_buf, seqno);
 
+    libssh2_hmac_ctx_init(ctx);
     libssh2_hmac_md5_init(&ctx, *abstract, 16);
     libssh2_hmac_update(ctx, seqno_buf, 4);
     libssh2_hmac_update(ctx, packet, packet_len);
@@ -257,6 +350,7 @@ mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION * session,
 
     _libssh2_htonu32(seqno_buf, seqno);
 
+    libssh2_hmac_ctx_init(ctx);
     libssh2_hmac_ripemd160_init(&ctx, *abstract, 20);
     libssh2_hmac_update(ctx, seqno_buf, 4);
     libssh2_hmac_update(ctx, packet, packet_len);
@@ -291,6 +385,12 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160_openssh_com = {
 #endif /* LIBSSH2_HMAC_RIPEMD */
 
 static const LIBSSH2_MAC_METHOD *mac_methods[] = {
+#if LIBSSH2_HMAC_SHA256
+    &mac_method_hmac_sha2_256,
+#endif
+#if LIBSSH2_HMAC_SHA512
+    &mac_method_hmac_sha2_512,
+#endif
     &mac_method_hmac_sha1,
     &mac_method_hmac_sha1_96,
 #if LIBSSH2_MD5

src/misc.c

@@ -51,10 +51,29 @@
 #include <stdio.h>
 #include <errno.h>
 
-int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char* errmsg)
+int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode, const char* errmsg, int errflags)
 {
-    session->err_msg = errmsg;
+    if (session->err_flags & LIBSSH2_ERR_FLAG_DUP)
+        LIBSSH2_FREE(session, (char *)session->err_msg);
+
     session->err_code = errcode;
+    session->err_flags = 0;
+
+    if ((errmsg != NULL) && ((errflags & LIBSSH2_ERR_FLAG_DUP) != 0)) {
+        size_t len = strlen(errmsg);
+        char *copy = LIBSSH2_ALLOC(session, len + 1);
+        if (copy) {
+            memcpy(copy, errmsg, len + 1);
+            session->err_flags = LIBSSH2_ERR_FLAG_DUP;
+            session->err_msg = copy;
+        }
+        else
+            /* Out of memory: this code path is very unlikely */
+            session->err_msg = "former error forgotten (OOM)";
+    }
+    else
+        session->err_msg = errmsg;
+
 #ifdef LIBSSH2DEBUG
     if((errcode == LIBSSH2_ERROR_EAGAIN) && !session->api_block_mode)
         /* if this is EAGAIN and we're in non-blocking mode, don't generate
@@ -67,6 +86,11 @@ int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char* errmsg)
     return errcode;
 }
 
+int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char* errmsg)
+{
+    return _libssh2_error_flags(session, errcode, errmsg, 0);
+}
+
 #ifdef WIN32
 static int wsa2errno(void)
 {
@@ -380,6 +404,8 @@ libssh2_free(LIBSSH2_SESSION *session, void *ptr)
 }
 
 #ifdef LIBSSH2DEBUG
+#include <stdarg.h>
+
 LIBSSH2_API int
 libssh2_trace(LIBSSH2_SESSION * session, int bitmask)
 {

src/misc.h

@@ -49,6 +49,7 @@ struct list_node {
     struct list_head *head;
 };
 
+int _libssh2_error_flags(LIBSSH2_SESSION* session, int errcode, const char* errmsg, int errflags);
 int _libssh2_error(LIBSSH2_SESSION* session, int errcode, const char* errmsg);
 
 void _libssh2_list_init(struct list_head *head);

src/openssl.c

@@ -105,7 +105,8 @@ _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
     unsigned char hash[SHA_DIGEST_LENGTH];
     int ret;
 
-    libssh2_sha1(m, m_len, hash);
+    if (_libssh2_sha1(m, m_len, hash))
+        return -1; /* failure */
     ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
                      (unsigned char *) sig, sig_len, rsactx);
     return (ret == 1) ? 0 : -1;
@@ -153,15 +154,17 @@ _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
 {
     unsigned char hash[SHA_DIGEST_LENGTH];
     DSA_SIG dsasig;
-    int ret;
+    int ret = -1;
 
     dsasig.r = BN_new();
     BN_bin2bn(sig, 20, dsasig.r);
     dsasig.s = BN_new();
     BN_bin2bn(sig + 20, 20, dsasig.s);
 
-    libssh2_sha1(m, m_len, hash);
+    if (!_libssh2_sha1(m, m_len, hash))
+        /* _libssh2_sha1() succeeded */
         ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx);
+
     BN_clear_free(dsasig.s);
     BN_clear_free(dsasig.r);
 
@@ -174,8 +177,13 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
                      _libssh2_cipher_type(algo),
                      unsigned char *iv, unsigned char *secret, int encrypt)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    *h = EVP_CIPHER_CTX_new();
+    return !EVP_CipherInit(*h, algo(), secret, iv, encrypt);
+#else
     EVP_CIPHER_CTX_init(h);
     return !EVP_CipherInit(h, algo(), secret, iv, encrypt);
+#endif
 }
 
 int
@@ -188,7 +196,11 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
     (void) algo;
     (void) encrypt;
 
+#ifdef HAVE_OPAQUE_STRUCTS
+    ret = EVP_Cipher(*ctx, buf, block, blocksize);
+#else
     ret = EVP_Cipher(ctx, buf, block, blocksize);
+#endif
     if (ret == 1) {
         memcpy(block, buf, blocksize);
     }
@@ -219,7 +231,7 @@ aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const EVP_CIPHER *aes_cipher;
     (void) enc;
 
-    switch (ctx->key_len) {
+    switch (EVP_CIPHER_CTX_key_length(ctx)) {
     case 16:
         aes_cipher = EVP_aes_128_ecb();
         break;
@@ -237,14 +249,22 @@ aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     if (c == NULL)
         return 0;
 
+#ifdef HAVE_OPAQUE_STRUCTS
+    c->aes_ctx = EVP_CIPHER_CTX_new();
+#else
     c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX));
+#endif
     if (c->aes_ctx == NULL) {
         free(c);
         return 0;
     }
 
     if (EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {
+#ifdef HAVE_OPAQUE_STRUCTS
+        EVP_CIPHER_CTX_free(c->aes_ctx);
+#else
         free(c->aes_ctx);
+#endif
         free(c);
         return 0;
     }
@@ -309,8 +329,12 @@ aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) /* cleanup ctx */
     }
 
     if (c->aes_ctx != NULL) {
+#ifdef HAVE_OPAQUE_STRUCTS
+        EVP_CIPHER_CTX_free(c->aes_ctx);
+#else
         _libssh2_cipher_dtor(c->aes_ctx);
         free(c->aes_ctx);
+#endif
     }
 
     free(c);
@@ -319,14 +343,25 @@ aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) /* cleanup ctx */
 }
 
 static const EVP_CIPHER *
-make_ctr_evp (size_t keylen, EVP_CIPHER *aes_ctr_cipher)
+make_ctr_evp (size_t keylen, EVP_CIPHER *aes_ctr_cipher, int type)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    aes_ctr_cipher = EVP_CIPHER_meth_new(type, 16, keylen);
+    if (aes_ctr_cipher) {
+        EVP_CIPHER_meth_set_iv_length(aes_ctr_cipher, 16);
+        EVP_CIPHER_meth_set_init(aes_ctr_cipher, aes_ctr_init);
+        EVP_CIPHER_meth_set_do_cipher(aes_ctr_cipher, aes_ctr_do_cipher);
+        EVP_CIPHER_meth_set_cleanup(aes_ctr_cipher, aes_ctr_cleanup);
+    }
+#else
+    aes_ctr_cipher->nid = type;
     aes_ctr_cipher->block_size = 16;
     aes_ctr_cipher->key_len = keylen;
     aes_ctr_cipher->iv_len = 16;
     aes_ctr_cipher->init = aes_ctr_init;
     aes_ctr_cipher->do_cipher = aes_ctr_do_cipher;
     aes_ctr_cipher->cleanup = aes_ctr_cleanup;
+#endif
 
     return aes_ctr_cipher;
 }
@@ -334,25 +369,43 @@ make_ctr_evp (size_t keylen, EVP_CIPHER *aes_ctr_cipher)
 const EVP_CIPHER *
 _libssh2_EVP_aes_128_ctr(void)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    static EVP_CIPHER * aes_ctr_cipher;
+    return !aes_ctr_cipher?
+        make_ctr_evp (16, aes_ctr_cipher, NID_aes_128_ctr) : aes_ctr_cipher;
+#else
     static EVP_CIPHER aes_ctr_cipher;
     return !aes_ctr_cipher.key_len?
-        make_ctr_evp (16, &aes_ctr_cipher) : &aes_ctr_cipher;
+        make_ctr_evp (16, &aes_ctr_cipher, 0) : &aes_ctr_cipher;
+#endif
 }
 
 const EVP_CIPHER *
 _libssh2_EVP_aes_192_ctr(void)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    static EVP_CIPHER * aes_ctr_cipher;
+    return !aes_ctr_cipher?
+        make_ctr_evp (24, aes_ctr_cipher, NID_aes_192_ctr) : aes_ctr_cipher;
+#else
     static EVP_CIPHER aes_ctr_cipher;
     return !aes_ctr_cipher.key_len?
-        make_ctr_evp (24, &aes_ctr_cipher) : &aes_ctr_cipher;
+        make_ctr_evp (24, &aes_ctr_cipher, 0) : &aes_ctr_cipher;
+#endif
 }
 
 const EVP_CIPHER *
 _libssh2_EVP_aes_256_ctr(void)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    static EVP_CIPHER * aes_ctr_cipher;
+    return !aes_ctr_cipher?
+        make_ctr_evp (32, aes_ctr_cipher, NID_aes_256_ctr) : aes_ctr_cipher;
+#else
     static EVP_CIPHER aes_ctr_cipher;
     return !aes_ctr_cipher.key_len?
-        make_ctr_evp (32, &aes_ctr_cipher) : &aes_ctr_cipher;
+        make_ctr_evp (32, &aes_ctr_cipher, 0) : &aes_ctr_cipher;
+#endif
 }
 
 void _libssh2_init_aes_ctr(void)
@@ -387,6 +440,28 @@ passphrase_cb(char *buf, int size, int rwflag, char *passphrase)
 typedef void * (*pem_read_bio_func)(BIO *, void **, pem_password_cb *,
                                     void * u);
 
+static int
+read_private_key_from_memory(void ** key_ctx,
+                             pem_read_bio_func read_private_key,
+                             const char * filedata,
+                             size_t filedata_len,
+                             unsigned const char *passphrase)
+{
+    BIO * bp;
+
+    *key_ctx = NULL;
+
+    bp = BIO_new_mem_buf((char *)filedata, filedata_len);
+    if (!bp) {
+        return -1;
+    }
+    *key_ctx = read_private_key(bp, NULL, (pem_password_cb *) passphrase_cb,
+                                (void *) passphrase);
+
+    BIO_free(bp);
+    return (*key_ctx) ? 0 : -1;
+}
+
 static int
 read_private_key_from_file(void ** key_ctx,
                            pem_read_bio_func read_private_key,
@@ -409,6 +484,22 @@ read_private_key_from_file(void ** key_ctx,
     return (*key_ctx) ? 0 : -1;
 }
 
+int
+_libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
+                                    LIBSSH2_SESSION * session,
+                                    const char *filedata, size_t filedata_len,
+                                    unsigned const char *passphrase)
+{
+    pem_read_bio_func read_rsa =
+        (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
+    (void) session;
+
+    _libssh2_init_if_needed();
+
+    return read_private_key_from_memory((void **) rsa, read_rsa,
+                                        filedata, filedata_len, passphrase);
+}
+
 int
 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                          LIBSSH2_SESSION * session,
@@ -425,6 +516,22 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
 }
 
 #if LIBSSH2_DSA
+int
+_libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
+                                    LIBSSH2_SESSION * session,
+                                    const char *filedata, size_t filedata_len,
+                                    unsigned const char *passphrase)
+{
+    pem_read_bio_func read_dsa =
+        (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
+    (void) session;
+
+    _libssh2_init_if_needed();
+
+    return read_private_key_from_memory((void **) dsa, read_dsa,
+                                        filedata, filedata_len, passphrase);
+}
+
 int
 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                          LIBSSH2_SESSION * session,
@@ -510,41 +617,129 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
 #endif /* LIBSSH_DSA */
 
 int
-libssh2_sha1_init(libssh2_sha1_ctx *ctx)
+_libssh2_sha1_init(libssh2_sha1_ctx *ctx)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    *ctx = EVP_MD_CTX_new();
+
+    if (*ctx == NULL)
+        return 0;
+
+    if (EVP_DigestInit(*ctx, EVP_get_digestbyname("sha1")))
+        return 1;
+
+    EVP_MD_CTX_free(*ctx);
+    *ctx = NULL;
+
+    return 0;
+#else
     EVP_MD_CTX_init(ctx);
     return EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"));
-}
-
-void
-libssh2_sha1(const unsigned char *message, unsigned long len,
-             unsigned char *out)
-{
-    EVP_MD_CTX ctx;
-
-    EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit(&ctx, EVP_get_digestbyname("sha1"));
-    EVP_DigestUpdate(&ctx, message, len);
-    EVP_DigestFinal(&ctx, out, NULL);
+#endif
 }
 
 int
-libssh2_md5_init(libssh2_md5_ctx *ctx)
-{
-    EVP_MD_CTX_init(ctx);
-    return EVP_DigestInit(ctx, EVP_get_digestbyname("md5"));
-}
-
-void
-libssh2_md5(const unsigned char *message, unsigned long len,
+_libssh2_sha1(const unsigned char *message, unsigned long len,
               unsigned char *out)
 {
+#ifdef HAVE_OPAQUE_STRUCTS
+    EVP_MD_CTX * ctx = EVP_MD_CTX_new();
+
+    if (ctx == NULL)
+        return 1; /* error */
+
+    if (EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"))) {
+        EVP_DigestUpdate(ctx, message, len);
+        EVP_DigestFinal(ctx, out, NULL);
+        EVP_MD_CTX_free(ctx);
+        return 0; /* success */
+    }
+    EVP_MD_CTX_free(ctx);
+#else
     EVP_MD_CTX ctx;
 
     EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit(&ctx, EVP_get_digestbyname("md5"));
+    if (EVP_DigestInit(&ctx, EVP_get_digestbyname("sha1"))) {
         EVP_DigestUpdate(&ctx, message, len);
         EVP_DigestFinal(&ctx, out, NULL);
+        return 0; /* success */
+    }
+#endif
+    return 1; /* error */
+}
+
+int
+_libssh2_sha256_init(libssh2_sha256_ctx *ctx)
+{
+#ifdef HAVE_OPAQUE_STRUCTS
+    *ctx = EVP_MD_CTX_new();
+
+    if (*ctx == NULL)
+        return 0;
+
+    if (EVP_DigestInit(*ctx, EVP_get_digestbyname("sha256")))
+        return 1;
+
+    EVP_MD_CTX_free(*ctx);
+    *ctx = NULL;
+
+    return 0;
+#else
+    EVP_MD_CTX_init(ctx);
+    return EVP_DigestInit(ctx, EVP_get_digestbyname("sha256"));
+#endif
+}
+
+int
+_libssh2_sha256(const unsigned char *message, unsigned long len,
+                unsigned char *out)
+{
+#ifdef HAVE_OPAQUE_STRUCTS
+    EVP_MD_CTX * ctx = EVP_MD_CTX_new();
+
+    if (ctx == NULL)
+        return 1; /* error */
+
+    if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha256"))) {
+        EVP_DigestUpdate(ctx, message, len);
+        EVP_DigestFinal(ctx, out, NULL);
+        EVP_MD_CTX_free(ctx);
+        return 0; /* success */
+    }
+    EVP_MD_CTX_free(ctx);
+#else
+    EVP_MD_CTX ctx;
+
+    EVP_MD_CTX_init(&ctx);
+    if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha256"))) {
+        EVP_DigestUpdate(&ctx, message, len);
+        EVP_DigestFinal(&ctx, out, NULL);
+        return 0; /* success */
+    }
+#endif
+    return 1; /* error */
+}
+
+int
+_libssh2_md5_init(libssh2_md5_ctx *ctx)
+{
+#ifdef HAVE_OPAQUE_STRUCTS
+    *ctx = EVP_MD_CTX_new();
+
+    if (*ctx == NULL)
+        return 0;
+
+    if (EVP_DigestInit(*ctx, EVP_get_digestbyname("md5")))
+        return 1;
+
+    EVP_MD_CTX_free(*ctx);
+    *ctx = NULL;
+
+    return 0;
+#else
+    EVP_MD_CTX_init(ctx);
+    return EVP_DigestInit(ctx, EVP_get_digestbyname("md5"));
+#endif
 }
 
 static unsigned char *
@@ -600,6 +795,7 @@ gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
     return key;
 }
 
+#if LIBSSH2_DSA
 static unsigned char *
 gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
                        size_t *key_len)
@@ -638,6 +834,7 @@ gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
     *key_len = (size_t)(p - key);
     return key;
 }
+#endif /* LIBSSH_DSA */
 
 static int
 gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
@@ -693,6 +890,7 @@ gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
                           "Unable to allocate memory for private key data");
 }
 
+#if LIBSSH2_DSA
 static int
 gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
                            unsigned char **method,
@@ -746,6 +944,7 @@ gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
                           LIBSSH2_ERROR_ALLOC,
                           "Unable to allocate memory for private key data");
 }
+#endif /* LIBSSH_DSA */
 
 int
 _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
@@ -759,6 +958,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
     int       st;
     BIO*      bp;
     EVP_PKEY* pk;
+    int       pktype;
 
     _libssh2_debug(session,
                    LIBSSH2_TRACE_AUTH,
@@ -793,16 +993,24 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                               "private key file format");
     }
 
-    switch (pk->type) {
+#ifdef HAVE_OPAQUE_STRUCTS
+    pktype = EVP_PKEY_id(pk);
+#else
+    pktype = pk->type;
+#endif
+
+    switch (pktype) {
     case EVP_PKEY_RSA :
         st = gen_publickey_from_rsa_evp(
             session, method, method_len, pubkeydata, pubkeydata_len, pk);
         break;
 
+#if LIBSSH2_DSA
     case EVP_PKEY_DSA :
         st = gen_publickey_from_dsa_evp(
             session, method, method_len, pubkeydata, pubkeydata_len, pk);
         break;
+#endif /* LIBSSH_DSA */
 
     default :
         st = _libssh2_error(session,
@@ -817,4 +1025,78 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
     return st;
 }
 
+int
+_libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                unsigned char **method,
+                                size_t *method_len,
+                                unsigned char **pubkeydata,
+                                size_t *pubkeydata_len,
+                                const char *privatekeydata,
+                                size_t privatekeydata_len,
+                                const char *passphrase)
+{
+    int       st;
+    BIO*      bp;
+    EVP_PKEY* pk;
+    int       pktype;
+
+    _libssh2_debug(session,
+                   LIBSSH2_TRACE_AUTH,
+                   "Computing public key from private key.");
+
+    bp = BIO_new_mem_buf((char *)privatekeydata, privatekeydata_len);
+    if (!bp) {
+        return -1;
+    }
+    if (!EVP_get_cipherbyname("des")) {
+        /* If this cipher isn't loaded it's a pretty good indication that none
+         * are.  I have *NO DOUBT* that there's a better way to deal with this
+         * ($#&%#$(%$#( Someone buy me an OpenSSL manual and I'll read up on
+         * it.
+         */
+        OpenSSL_add_all_ciphers();
+    }
+    BIO_reset(bp);
+    pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
+    BIO_free(bp);
+
+    if (pk == NULL) {
+        return _libssh2_error(session,
+                              LIBSSH2_ERROR_FILE,
+                              "Unable to extract public key "
+                              "from private key file: "
+                              "Wrong passphrase or invalid/unrecognized "
+                              "private key file format");
+    }
+
+#ifdef HAVE_OPAQUE_STRUCTS
+    pktype = EVP_PKEY_id(pk);
+#else
+    pktype = pk->type;
+#endif
+
+    switch (pktype) {
+    case EVP_PKEY_RSA :
+        st = gen_publickey_from_rsa_evp(session, method, method_len,
+                                        pubkeydata, pubkeydata_len, pk);
+        break;
+#if LIBSSH2_DSA
+    case EVP_PKEY_DSA :
+        st = gen_publickey_from_dsa_evp(session, method, method_len,
+                                        pubkeydata, pubkeydata_len, pk);
+        break;
+#endif /* LIBSSH_DSA */
+    default :
+        st = _libssh2_error(session,
+                            LIBSSH2_ERROR_FILE,
+                            "Unable to extract public key "
+                            "from private key file: "
+                            "Unsupported private key file format");
+        break;
+    }
+
+    EVP_PKEY_free(pk);
+    return st;
+}
+
 #endif /* LIBSSH2_OPENSSL */

src/openssl.h

@@ -39,6 +39,11 @@
 
 #include <openssl/opensslconf.h>
 #include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 #ifndef OPENSSL_NO_MD5
 #include <openssl/md5.h>
 #endif
@@ -48,6 +53,11 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+    !defined(LIBRESSL_VERSION_NUMBER)
+# define HAVE_OPAQUE_STRUCTS 1
+#endif
+
 #ifdef OPENSSL_NO_RSA
 # define LIBSSH2_RSA 0
 #else
@@ -72,6 +82,9 @@
 # define LIBSSH2_HMAC_RIPEMD 1
 #endif
 
+#define LIBSSH2_HMAC_SHA256 1
+#define LIBSSH2_HMAC_SHA512 1
+
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
 # define LIBSSH2_AES_CTR 1
 # define LIBSSH2_AES 1
@@ -80,7 +93,7 @@
 # define LIBSSH2_AES 0
 #endif
 
-#ifdef OPENSSL_NO_BLOWFISH
+#ifdef OPENSSL_NO_BF
 # define LIBSSH2_BLOWFISH 0
 #else
 # define LIBSSH2_BLOWFISH 1
@@ -106,33 +119,118 @@
 
 #define _libssh2_random(buf, len) RAND_bytes ((buf), (len))
 
-#define libssh2_sha1_ctx EVP_MD_CTX
-int libssh2_sha1_init(libssh2_sha1_ctx *ctx);
-#define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len)
-#define libssh2_sha1_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
-void libssh2_sha1(const unsigned char *message, unsigned long len, unsigned char *out);
+#define libssh2_prepare_iovec(vec, len)  /* Empty. */
 
-#define libssh2_md5_ctx EVP_MD_CTX
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_sha1_ctx EVP_MD_CTX *
+#else
+#define libssh2_sha1_ctx EVP_MD_CTX
+#endif
 
 /* returns 0 in case of failure */
-int libssh2_md5_init(libssh2_md5_ctx *); 
+int _libssh2_sha1_init(libssh2_sha1_ctx *ctx);
+#define libssh2_sha1_init(x) _libssh2_sha1_init(x)
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len)
+#define libssh2_sha1_final(ctx, out) do { \
+                                         EVP_DigestFinal(ctx, out, NULL); \
+                                         EVP_MD_CTX_free(ctx); \
+                                     } while(0)
+#else
+#define libssh2_sha1_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len)
+#define libssh2_sha1_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
+#endif
+int _libssh2_sha1(const unsigned char *message, unsigned long len,
+                  unsigned char *out);
+#define libssh2_sha1(x,y,z) _libssh2_sha1(x,y,z)
+
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_sha256_ctx EVP_MD_CTX *
+#else
+#define libssh2_sha256_ctx EVP_MD_CTX
+#endif
+
+/* returns 0 in case of failure */
+int _libssh2_sha256_init(libssh2_sha256_ctx *ctx);
+#define libssh2_sha256_init(x) _libssh2_sha256_init(x)
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_sha256_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len)
+#define libssh2_sha256_final(ctx, out) do { \
+                                           EVP_DigestFinal(ctx, out, NULL); \
+                                           EVP_MD_CTX_free(ctx); \
+                                       } while(0)
+#else
+#define libssh2_sha256_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len)
+#define libssh2_sha256_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
+#endif
+int _libssh2_sha256(const unsigned char *message, unsigned long len,
+                  unsigned char *out);
+#define libssh2_sha256(x,y,z) _libssh2_sha256(x,y,z)
+
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_md5_ctx EVP_MD_CTX *
+#else
+#define libssh2_md5_ctx EVP_MD_CTX
+#endif
+
+/* returns 0 in case of failure */
+int _libssh2_md5_init(libssh2_md5_ctx *ctx);
+#define libssh2_md5_init(x) _libssh2_md5_init(x)
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(ctx, data, len)
+#define libssh2_md5_final(ctx, out) do { \
+                                        EVP_DigestFinal(ctx, out, NULL); \
+                                        EVP_MD_CTX_free(ctx); \
+                                    } while(0)
+#else
 #define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len)
 #define libssh2_md5_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL)
-void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char *out);
+#endif
 
-#define libssh2_hmac_ctx HMAC_CTX
+#ifdef HAVE_OPAQUE_STRUCTS
+#define libssh2_hmac_ctx HMAC_CTX *
+#define libssh2_hmac_ctx_init(ctx) ctx = HMAC_CTX_new()
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
-  HMAC_Init(ctx, key, keylen, EVP_sha1())
+  HMAC_Init_ex(*(ctx), key, keylen, EVP_sha1(), NULL)
 #define libssh2_hmac_md5_init(ctx, key, keylen) \
-  HMAC_Init(ctx, key, keylen, EVP_md5())
+  HMAC_Init_ex(*(ctx), key, keylen, EVP_md5(), NULL)
 #define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
-  HMAC_Init(ctx, key, keylen, EVP_ripemd160())
+  HMAC_Init_ex(*(ctx), key, keylen, EVP_ripemd160(), NULL)
+#define libssh2_hmac_sha256_init(ctx, key, keylen) \
+  HMAC_Init_ex(*(ctx), key, keylen, EVP_sha256(), NULL)
+#define libssh2_hmac_sha512_init(ctx, key, keylen) \
+  HMAC_Init_ex(*(ctx), key, keylen, EVP_sha512(), NULL)
+
+#define libssh2_hmac_update(ctx, data, datalen) \
+  HMAC_Update(ctx, data, datalen)
+#define libssh2_hmac_final(ctx, data) HMAC_Final(ctx, data, NULL)
+#define libssh2_hmac_cleanup(ctx) HMAC_CTX_free(*(ctx))
+#else
+#define libssh2_hmac_ctx HMAC_CTX
+#define libssh2_hmac_ctx_init(ctx) \
+  HMAC_CTX_init(&ctx)
+#define libssh2_hmac_sha1_init(ctx, key, keylen) \
+  HMAC_Init_ex(ctx, key, keylen, EVP_sha1(), NULL)
+#define libssh2_hmac_md5_init(ctx, key, keylen) \
+  HMAC_Init_ex(ctx, key, keylen, EVP_md5(), NULL)
+#define libssh2_hmac_ripemd160_init(ctx, key, keylen) \
+  HMAC_Init_ex(ctx, key, keylen, EVP_ripemd160(), NULL)
+#define libssh2_hmac_sha256_init(ctx, key, keylen) \
+  HMAC_Init_ex(ctx, key, keylen, EVP_sha256(), NULL)
+#define libssh2_hmac_sha512_init(ctx, key, keylen) \
+  HMAC_Init_ex(ctx, key, keylen, EVP_sha512(), NULL)
+
 #define libssh2_hmac_update(ctx, data, datalen) \
   HMAC_Update(&(ctx), data, datalen)
 #define libssh2_hmac_final(ctx, data) HMAC_Final(&(ctx), data, NULL)
 #define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx)
+#endif
+
+#define libssh2_crypto_init() \
+  OpenSSL_add_all_algorithms(); \
+  ENGINE_load_builtin_engines(); \
+  ENGINE_register_all_complete()
 
-#define libssh2_crypto_init() OpenSSL_add_all_algorithms()
 #define libssh2_crypto_exit()
 
 #define libssh2_rsa_ctx RSA
@@ -145,7 +243,11 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
 #define _libssh2_dsa_free(dsactx) DSA_free(dsactx)
 
 #define _libssh2_cipher_type(name) const EVP_CIPHER *(*name)(void)
+#ifdef HAVE_OPAQUE_STRUCTS
+#define _libssh2_cipher_ctx EVP_CIPHER_CTX *
+#else
 #define _libssh2_cipher_ctx EVP_CIPHER_CTX
+#endif
 
 #define _libssh2_cipher_aes256 EVP_aes_256_cbc
 #define _libssh2_cipher_aes192 EVP_aes_192_cbc
@@ -164,13 +266,18 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
 #define _libssh2_cipher_cast5 EVP_cast5_cbc
 #define _libssh2_cipher_3des EVP_des_ede3_cbc
 
+#ifdef HAVE_OPAQUE_STRUCTS
+#define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_reset(*(ctx))
+#else
 #define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_cleanup(ctx)
+#endif
 
 #define _libssh2_bn BIGNUM
 #define _libssh2_bn_ctx BN_CTX
 #define _libssh2_bn_ctx_new() BN_CTX_new()
 #define _libssh2_bn_ctx_free(bnctx) BN_CTX_free(bnctx)
 #define _libssh2_bn_init() BN_new()
+#define _libssh2_bn_init_from_bin() _libssh2_bn_init()
 #define _libssh2_bn_rand(bn, bits, top, bottom) BN_rand(bn, bits, top, bottom)
 #define _libssh2_bn_mod_exp(r, a, p, m, ctx) BN_mod_exp(r, a, p, m, ctx)
 #define _libssh2_bn_set_word(bn, val) BN_set_word(bn, val)

src/os400qc3.h

@@ -0,0 +1,358 @@
+/*
+ * Copyright (C) 2015 Patrick Monnerat, D+H <patrick.monnerat@dh.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#ifndef LIBSSH2_OS400QC3_H
+#define LIBSSH2_OS400QC3_H
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <qc3cci.h>
+
+
+/* Redefine character/string literals as always EBCDIC. */
+#undef Qc3_Alg_Token
+#define Qc3_Alg_Token       "\xC1\xD3\xC7\xC4\xF0\xF1\xF0\xF0"  /* ALGD0100 */
+#undef Qc3_Alg_Block_Cipher
+#define Qc3_Alg_Block_Cipher "\xC1\xD3\xC7\xC4\xF0\xF2\xF0\xF0" /* ALGD0200 */
+#undef Qc3_Alg_Block_CipherAuth
+#define Qc3_Alg_Block_CipherAuth                                            \
+                            "\xC1\xD3\xC7\xC4\xF0\xF2\xF1\xF0"  /* ALGD0210 */
+#undef Qc3_Alg_Stream_Cipher
+#define Qc3_Alg_Stream_Cipher                                               \
+                            "\xC1\xD3\xC7\xC4\xF0\xF3\xF0\xF0"  /* ALGD0300 */
+#undef Qc3_Alg_Public_Key
+#define Qc3_Alg_Public_Key  "\xC1\xD3\xC7\xC4\xF0\xF4\xF0\xF0"  /* ALGD0400 */
+#undef Qc3_Alg_Hash
+#define Qc3_Alg_Hash        "\xC1\xD3\xC7\xC4\xF0\xF5\xF0\xF0"  /* ALGD0500 */
+#undef Qc3_Data
+#define Qc3_Data            "\xC4\xC1\xE3\xC1\xF0\xF1\xF0\xF0"  /* DATA0100 */
+#undef Qc3_Array
+#define Qc3_Array           "\xC4\xC1\xE3\xC1\xF0\xF2\xF0\xF0"  /* DATA0200 */
+#undef Qc3_Key_Token
+#define Qc3_Key_Token       "\xD2\xC5\xE8\xC4\xF0\xF1\xF0\xF0"  /* KEYD0100 */
+#undef Qc3_Key_Parms
+#define Qc3_Key_Parms       "\xD2\xC5\xE8\xC4\xF0\xF2\xF0\xF0"  /* KEYD0200 */
+#undef Qc3_Key_KSLabel
+#define Qc3_Key_KSLabel     "\xD2\xC5\xE8\xC4\xF0\xF4\xF0\xF0"  /* KEYD0400 */
+#undef Qc3_Key_PKCS5
+#define Qc3_Key_PKCS5       "\xD2\xC5\xE8\xC4\xF0\xF5\xF0\xF0"  /* KEYD0500 */
+#undef Qc3_Key_PEMCert
+#define Qc3_Key_PEMCert     "\xD2\xC5\xE8\xC4\xF0\xF6\xF0\xF0"  /* KEYD0600 */
+#undef Qc3_Key_CSLabel
+#define Qc3_Key_CSLabel     "\xD2\xC5\xE8\xC4\xF0\xF7\xF0\xF0"  /* KEYD0700 */
+#undef Qc3_Key_CSDN
+#define Qc3_Key_CSDN        "\xD2\xC5\xE8\xC4\xF0\xF8\xF0\xF0"  /* KEYD0800 */
+#undef Qc3_Key_AppID
+#define Qc3_Key_AppID       "\xD2\xC5\xE8\xC4\xF0\xF9\xF0\xF0"  /* KEYD0900 */
+
+#undef Qc3_ECB
+#define Qc3_ECB             '\xF0'      /* '0' */
+#undef Qc3_CBC
+#define Qc3_CBC             '\xF1'      /* '1' */
+#undef Qc3_OFB
+#define Qc3_OFB             '\xF2'      /* '2' */
+#undef Qc3_CFB1Bit
+#define Qc3_CFB1Bit         '\xF3'      /* '3' */
+#undef Qc3_CFB8Bit
+#define Qc3_CFB8Bit         '\xF4'      /* '4' */
+#undef Qc3_CFB64Bit
+#define Qc3_CFB64Bit        '\xF5'      /* '5' */
+#undef Qc3_CUSP
+#define Qc3_CUSP            '\xF6'      /* '6' */
+#undef Qc3_CTR
+#define Qc3_CTR             '\xF7'      /* '7' */
+#undef Qc3_CCM
+#define Qc3_CCM             '\xF8'      /* '8' */
+#undef Qc3_No_Pad
+#define Qc3_No_Pad          '\xF0'      /* '0' */
+#undef Qc3_Pad_Char
+#define Qc3_Pad_Char        '\xF1'      /* '1' */
+#undef Qc3_Pad_Counter
+#define Qc3_Pad_Counter     '\xF2'      /* '2' */
+#undef Qc3_PKCS1_00
+#define Qc3_PKCS1_00        '\xF0'      /* '0' */
+#undef Qc3_PKCS1_01
+#define Qc3_PKCS1_01        '\xF1'      /* '1' */
+#undef Qc3_PKCS1_02
+#define Qc3_PKCS1_02        '\xF2'      /* '2' */
+#undef Qc3_ISO9796
+#define Qc3_ISO9796         '\xF3'      /* '3' */
+#undef Qc3_Zero_Pad
+#define Qc3_Zero_Pad        '\xF4'      /* '4' */
+#undef Qc3_ANSI_X931
+#define Qc3_ANSI_X931       '\xF5'      /* '5' */
+#undef Qc3_OAEP
+#define Qc3_OAEP            '\xF6'      /* '6' */
+#undef Qc3_Bin_String
+#define Qc3_Bin_String      '\xF0'      /* '0' */
+#undef Qc3_BER_String
+#define Qc3_BER_String      '\xF1'      /* '1' */
+#undef Qc3_MK_Struct
+#define Qc3_MK_Struct       '\xF3'      /* '3' */
+#undef Qc3_KSLabel_Struct
+#define Qc3_KSLabel_Struct  '\xF4'      /* '4' */
+#undef Qc3_PKCS5_Struct
+#define Qc3_PKCS5_Struct    '\xF5'      /* '5' */
+#undef Qc3_PEMCert_String
+#define Qc3_PEMCert_String  '\xF6'      /* '6' */
+#undef Qc3_CSLabel_String
+#define Qc3_CSLabel_String  '\xF7'      /* '7' */
+#undef Qc3_CSDN_String
+#define Qc3_CSDN_String     '\xF8'      /* '8' */
+#undef Qc3_Clear
+#define Qc3_Clear           '\xF0'      /* '0' */
+#undef Qc3_Encrypted
+#define Qc3_Encrypted       '\xF1'      /* '1' */
+#undef Qc3_MK_Encrypted
+#define Qc3_MK_Encrypted    '\xF2'      /* '2' */
+#undef Qc3_Any_CSP
+#define Qc3_Any_CSP         '\xF0'      /* '0' */
+#undef Qc3_Sfw_CSP
+#define Qc3_Sfw_CSP         '\xF1'      /* '1' */
+#undef Qc3_Hdw_CSP
+#define Qc3_Hdw_CSP         '\xF2'      /* '2' */
+#undef Qc3_Continue
+#define Qc3_Continue        '\xF0'      /* '0' */
+#undef Qc3_Final
+#define Qc3_Final           '\xF1'      /* '1' */
+#undef Qc3_MK_New
+#define Qc3_MK_New          '\xF0'      /* '0' */
+#undef Qc3_MK_Current
+#define Qc3_MK_Current      '\xF1'      /* '1' */
+#undef Qc3_MK_Old
+#define Qc3_MK_Old          '\xF2'      /* '2' */
+#undef Qc3_MK_Pending
+#define Qc3_MK_Pending      '\xF3'      /* '3' */
+
+
+/* Define which features are supported. */
+#define LIBSSH2_MD5             1
+#define LIBSSH2_HMAC_RIPEMD     0
+#define LIBSSH2_HMAC_SHA256     1
+#define LIBSSH2_HMAC_SHA512     1
+
+#define LIBSSH2_AES             1
+#define LIBSSH2_AES_CTR         1
+#define LIBSSH2_BLOWFISH        0
+#define LIBSSH2_RC4             1
+#define LIBSSH2_CAST            0
+#define LIBSSH2_3DES            1
+
+#define LIBSSH2_RSA             1
+#define LIBSSH2_DSA             0
+
+#define MD5_DIGEST_LENGTH       16
+#define SHA_DIGEST_LENGTH       20
+#define SHA256_DIGEST_LENGTH    32
+#define SHA512_DIGEST_LENGTH    64
+
+
+/*******************************************************************
+ *
+ * OS/400 QC3 crypto-library backend: global handles structures.
+ *
+ *******************************************************************/
+
+/* HMAC & private key algorithms support structure. */
+typedef struct _libssh2_os400qc3_crypto_ctx _libssh2_os400qc3_crypto_ctx;
+struct _libssh2_os400qc3_crypto_ctx {
+    Qc3_Format_ALGD0100_T           hash;           /* Hash algorithm. */
+    Qc3_Format_KEYD0100_T           key;            /* Key. */
+    _libssh2_os400qc3_crypto_ctx *  kek;            /* Key encryption. */
+};
+
+typedef struct {        /* Big number. */
+    unsigned char *         bignum;         /* Number bits, little-endian. */
+    unsigned int            length;         /* Length of bignum (# bytes). */
+}       _libssh2_bn;
+
+typedef struct {        /* Algorithm description. */
+    char *                  fmt;            /* Format of Qc3 structure. */
+    int                     algo;           /* Algorithm identifier. */
+    unsigned char           size;           /* Block length. */
+    unsigned char           mode;           /* Block mode. */
+    int                     keylen;         /* Key length. */
+}       _libssh2_os400qc3_cipher_t;
+
+/*******************************************************************
+ *
+ * OS/400 QC3 crypto-library backend: Define global types/codes.
+ *
+ *******************************************************************/
+
+#define libssh2_crypto_init()
+#define libssh2_crypto_exit()
+
+#define libssh2_sha1_ctx        Qc3_Format_ALGD0100_T
+#define libssh2_sha256_ctx      Qc3_Format_ALGD0100_T
+#define libssh2_md5_ctx         Qc3_Format_ALGD0100_T
+#define libssh2_hmac_ctx        _libssh2_os400qc3_crypto_ctx
+#define _libssh2_cipher_ctx     _libssh2_os400qc3_crypto_ctx
+
+#define libssh2_sha1_init(x)    libssh2_os400qc3_hash_init(x, Qc3_SHA1)
+#define libssh2_sha1_update(ctx, data, len)                                 \
+                                libssh2_os400qc3_hash_update(&(ctx), data, len)
+#define libssh2_sha1_final(ctx, out)                                        \
+                                libssh2_os400qc3_hash_final(&(ctx), out)
+#define libssh2_sha256_init(x)  libssh2_os400qc3_hash_init(x, Qc3_SHA256)
+#define libssh2_sha256_update(ctx, data, len)                               \
+                                libssh2_os400qc3_hash_update(&(ctx), data, len)
+#define libssh2_sha256_final(ctx, out)                                      \
+                                libssh2_os400qc3_hash_final(&(ctx), out)
+#define libssh2_sha256(message, len, out)                                   \
+                                libssh2_os400qc3_hash(message, len, out,    \
+                                                      Qc3_SHA256)
+#define libssh2_md5_init(x)     libssh2_os400qc3_hash_init(x, Qc3_MD5)
+#define libssh2_md5_update(ctx, data, len)                                  \
+                                libssh2_os400qc3_hash_update(&(ctx), data, len)
+#define libssh2_md5_final(ctx, out)                                         \
+                                libssh2_os400qc3_hash_final(&(ctx), out)
+#define libssh2_hmac_ctx_init(ctx)                                          \
+                                memset((char *) &(ctx), 0,                  \
+                                       sizeof(libssh2_hmac_ctx))
+#define libssh2_hmac_md5_init(ctx, key, keylen)                             \
+                                libssh2_os400qc3_hmac_init(ctx, Qc3_MD5,    \
+                                                           MD5_DIGEST_LENGTH, \
+                                                           key, keylen)
+#define libssh2_hmac_sha1_init(ctx, key, keylen)                            \
+                                libssh2_os400qc3_hmac_init(ctx, Qc3_SHA1,   \
+                                                           SHA_DIGEST_LENGTH, \
+                                                           key, keylen)
+#define libssh2_hmac_sha256_init(ctx, key, keylen)                          \
+                                libssh2_os400qc3_hmac_init(ctx, Qc3_SHA256, \
+                                                         SHA256_DIGEST_LENGTH, \
+                                                         key, keylen)
+#define libssh2_hmac_sha512_init(ctx, key, keylen)                          \
+                                libssh2_os400qc3_hmac_init(ctx, Qc3_SHA512, \
+                                                         SHA512_DIGEST_LENGTH, \
+                                                         key, keylen)
+#define libssh2_hmac_update(ctx, data, datalen)                             \
+                                libssh2_os400qc3_hmac_update(&(ctx),        \
+                                                             data, datalen)
+#define libssh2_hmac_final(ctx, data)                                       \
+                                libssh2_os400qc3_hmac_final(&(ctx), data)
+#define libssh2_hmac_cleanup(ctx)                                           \
+                                _libssh2_os400qc3_crypto_dtor(ctx)
+
+
+#define _libssh2_bn_ctx         int                 /* Not used. */
+
+#define _libssh2_bn_ctx_new()           0
+#define _libssh2_bn_ctx_free(bnctx)     ((void) 0)
+
+#define _libssh2_bn_init_from_bin() _libssh2_bn_init()
+#define _libssh2_bn_mod_exp(r, a, p, m, ctx)                                \
+                                _libssh2_os400qc3_bn_mod_exp(r, a, p, m)
+#define _libssh2_bn_bytes(bn)   ((bn)->length)
+
+#define _libssh2_cipher_type(name)  _libssh2_os400qc3_cipher_t name
+#define _libssh2_cipher_aes128 {Qc3_Alg_Block_Cipher, Qc3_AES, 16,          \
+                                Qc3_CBC, 16}
+#define _libssh2_cipher_aes192 {Qc3_Alg_Block_Cipher, Qc3_AES, 24,          \
+                                Qc3_CBC, 24}
+#define _libssh2_cipher_aes256 {Qc3_Alg_Block_Cipher, Qc3_AES, 32,          \
+                                Qc3_CBC, 32}
+#define _libssh2_cipher_aes128ctr {Qc3_Alg_Block_Cipher, Qc3_AES, 16,       \
+                                   Qc3_CTR, 16}
+#define _libssh2_cipher_aes192ctr {Qc3_Alg_Block_Cipher, Qc3_AES, 24,       \
+                                   Qc3_CTR, 24}
+#define _libssh2_cipher_aes256ctr {Qc3_Alg_Block_Cipher, Qc3_AES, 32,       \
+                                   Qc3_CTR, 32}
+#define _libssh2_cipher_3des   {Qc3_Alg_Block_Cipher, Qc3_TDES, 0,          \
+                                Qc3_CBC, 24}
+#define _libssh2_cipher_arcfour {Qc3_Alg_Stream_Cipher, Qc3_RC4, 0, 0, 16}
+
+#define _libssh2_cipher_dtor(ctx) _libssh2_os400qc3_crypto_dtor(ctx)
+
+#define libssh2_rsa_ctx         _libssh2_os400qc3_crypto_ctx
+#define _libssh2_rsa_free(ctx)  (_libssh2_os400qc3_crypto_dtor(ctx),        \
+                                 free((char *) ctx))
+#define libssh2_prepare_iovec(vec, len) memset((char *) (vec), 0,           \
+                                               (len) * sizeof(struct iovec))
+#define _libssh2_rsa_sha1_signv(session, sig, siglen, count, vector, ctx)   \
+            _libssh2_os400qc3_rsa_sha1_signv(session, sig, siglen,          \
+                                             count, vector, ctx)
+
+
+/*******************************************************************
+ *
+ * OS/400 QC3 crypto-library backend: Support procedure prototypes.
+ *
+ *******************************************************************/
+
+extern _libssh2_bn *    _libssh2_bn_init(void);
+extern void     _libssh2_bn_free(_libssh2_bn *bn);
+extern unsigned long    _libssh2_bn_bits(_libssh2_bn *bn);
+extern int      _libssh2_bn_from_bin(_libssh2_bn *bn, int len,
+                                     const unsigned char *v);
+extern int      _libssh2_bn_set_word(_libssh2_bn *bn, unsigned long val);
+extern int      _libssh2_bn_to_bin(_libssh2_bn *bn, unsigned char *val);
+extern void     _libssh2_random(unsigned char *buf, int len);
+extern int      _libssh2_bn_rand(_libssh2_bn *bn, int bits,
+                                int top, int bottom);
+extern int      _libssh2_os400qc3_bn_mod_exp(_libssh2_bn *r, _libssh2_bn *a,
+                                             _libssh2_bn *p, _libssh2_bn *m);
+extern void     _libssh2_os400qc3_crypto_dtor(_libssh2_os400qc3_crypto_ctx *x);
+extern int      libssh2_os400qc3_hash_init(Qc3_Format_ALGD0100_T *x,
+                                           unsigned int algo);
+extern void     libssh2_os400qc3_hash_update(Qc3_Format_ALGD0100_T *ctx,
+                                             unsigned char *data, int len);
+extern void     libssh2_os400qc3_hash_final(Qc3_Format_ALGD0100_T *ctx,
+                                            unsigned char *out);
+extern int      libssh2_os400qc3_hash(const unsigned char *message,
+                                      unsigned long len, unsigned char *out,
+                                      unsigned int algo);
+extern void     libssh2_os400qc3_hmac_init(_libssh2_os400qc3_crypto_ctx *x,
+                                           int algo, size_t minkeylen,
+                                           void *key, int keylen);
+extern void     libssh2_os400qc3_hmac_update(_libssh2_os400qc3_crypto_ctx *ctx,
+                                             const unsigned char *data,
+                                             int len);
+extern void     libssh2_os400qc3_hmac_final(_libssh2_os400qc3_crypto_ctx *ctx,
+                                            unsigned char *out);
+extern int      _libssh2_os400qc3_rsa_sha1_signv(LIBSSH2_SESSION *session,
+                                                 unsigned char **signature,
+                                                 size_t *signature_len,
+                                                 int veccount,
+                                                 const struct iovec vector[],
+                                                 libssh2_rsa_ctx *ctx);
+
+#endif
+
+/* vim: set expandtab ts=4 sw=4: */

src/pem.c

@@ -41,15 +41,56 @@
 static int
 readline(char *line, int line_size, FILE * fp)
 {
+    size_t len;
+
+    if (!line) {
+        return -1;
+    }
     if (!fgets(line, line_size, fp)) {
         return -1;
     }
-    if (*line && line[strlen(line) - 1] == '\n') {
-        line[strlen(line) - 1] = '\0';
+
+    if (*line) {
+        len = strlen(line);
+        if (len > 0 && line[len - 1] == '\n') {
+            line[len - 1] = '\0';
         }
-    if (*line && line[strlen(line) - 1] == '\r') {
-        line[strlen(line) - 1] = '\0';
     }
+
+    if (*line) {
+        len = strlen(line);
+        if (len > 0 && line[len - 1] == '\r') {
+            line[len - 1] = '\0';
+        }
+    }
+
+    return 0;
+}
+
+static int
+readline_memory(char *line, size_t line_size,
+                const char *filedata, size_t filedata_len,
+                size_t *filedata_offset)
+{
+    size_t off, len;
+
+    off = *filedata_offset;
+
+    for (len = 0; off + len < filedata_len && len < line_size; len++) {
+        if (filedata[off + len] == '\n' ||
+            filedata[off + len] == '\r') {
+                break;
+        }
+    }
+
+    if (len) {
+        memcpy(line, filedata + off, len);
+        *filedata_offset += len;
+    }
+
+    line[len] = '\0';
+    *filedata_offset += 1;
+
     return 0;
 }
 
@@ -119,6 +160,72 @@ _libssh2_pem_parse(LIBSSH2_SESSION * session,
     return ret;
 }
 
+int
+_libssh2_pem_parse_memory(LIBSSH2_SESSION * session,
+                          const char *headerbegin,
+                          const char *headerend,
+                          const char *filedata, size_t filedata_len,
+                          unsigned char **data, unsigned int *datalen)
+{
+    char line[LINE_SIZE];
+    char *b64data = NULL;
+    unsigned int b64datalen = 0;
+    size_t off = 0;
+    int ret;
+
+    do {
+        *line = '\0';
+
+        if (readline_memory(line, LINE_SIZE, filedata, filedata_len, &off)) {
+            return -1;
+        }
+    }
+    while (strcmp(line, headerbegin) != 0);
+
+    *line = '\0';
+
+    do {
+        if (*line) {
+            char *tmp;
+            size_t linelen;
+
+            linelen = strlen(line);
+            tmp = LIBSSH2_REALLOC(session, b64data, b64datalen + linelen);
+            if (!tmp) {
+                ret = -1;
+                goto out;
+            }
+            memcpy(tmp + b64datalen, line, linelen);
+            b64data = tmp;
+            b64datalen += linelen;
+        }
+
+        *line = '\0';
+
+        if (readline_memory(line, LINE_SIZE, filedata, filedata_len, &off)) {
+            ret = -1;
+            goto out;
+        }
+    } while (strcmp(line, headerend) != 0);
+
+    if (!b64data) {
+        return -1;
+    }
+
+    if (libssh2_base64_decode(session, (char**) data, datalen,
+                              b64data, b64datalen)) {
+        ret = -1;
+        goto out;
+    }
+
+    ret = 0;
+  out:
+    if (b64data) {
+        LIBSSH2_FREE(session, b64data);
+    }
+    return ret;
+}
+
 static int
 read_asn1_length(const unsigned char *data,
                  unsigned int datalen, unsigned int *len)

src/scp.c

@@ -268,7 +268,7 @@ shell_quotearg(const char *path, unsigned char *buf,
  *
  */
 static LIBSSH2_CHANNEL *
-scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
+scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
 {
     int cmd_len;
     int rc;
@@ -295,14 +295,16 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
         }
 
         snprintf((char *)session->scpRecv_command,
-                 session->scpRecv_command_len, "scp -%sf ", sb?"p":"");
+                 session->scpRecv_command_len,
+                 "scp -%sf ", sb?"p":"");
 
         cmd_len = strlen((char *)session->scpRecv_command);
-
-        (void) shell_quotearg(path,
+        cmd_len += shell_quotearg(path,
                                   &session->scpRecv_command[cmd_len],
                                   session->scpRecv_command_len - cmd_len);
 
+        session->scpRecv_command[cmd_len] = '\0';
+        session->scpRecv_command_len = cmd_len + 1;
 
         _libssh2_debug(session, LIBSSH2_TRACE_SCP,
                        "Opening channel for SCP receive");
@@ -722,7 +724,7 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
     }
 
     if (sb) {
-        memset(sb, 0, sizeof(struct stat));
+        memset(sb, 0, sizeof(libssh2_struct_stat));
 
         sb->st_mtime = session->scpRecv_mtime;
         sb->st_atime = session->scpRecv_atime;
@@ -757,11 +759,47 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
 /*
  * libssh2_scp_recv
  *
- * Open a channel and request a remote file via SCP
+ * DEPRECATED
+ *
+ * Open a channel and request a remote file via SCP.  This receives files larger
+ * than 2 GB, but is unable to report the proper size on platforms where the
+ * st_size member of struct stat is limited to 2 GB (e.g. windows).
  *
  */
 LIBSSH2_API LIBSSH2_CHANNEL *
 libssh2_scp_recv(LIBSSH2_SESSION *session, const char *path, struct stat * sb)
+{
+    LIBSSH2_CHANNEL *ptr;
+
+    /* scp_recv uses libssh2_struct_stat, so pass one if the caller gave us a struct to populate... */
+    libssh2_struct_stat sb_intl;
+    libssh2_struct_stat *sb_ptr;
+    sb_ptr = sb ? &sb_intl : NULL;
+
+    BLOCK_ADJUST_ERRNO(ptr, session, scp_recv(session, path, sb_ptr));
+
+    /* ...and populate the caller's with as much info as fits. */
+    if (sb) {
+        memset(sb, 0, sizeof(struct stat));
+
+        sb->st_mtime = sb_intl.st_mtime;
+        sb->st_atime = sb_intl.st_atime;
+        sb->st_size = (off_t)sb_intl.st_size;
+        sb->st_mode = sb_intl.st_mode;
+    }
+
+    return ptr;
+}
+
+/*
+ * libssh2_scp_recv2
+ *
+ * Open a channel and request a remote file via SCP.  This supports files > 2GB
+ * on platforms that support it.
+ *
+ */
+LIBSSH2_API LIBSSH2_CHANNEL *
+libssh2_scp_recv2(LIBSSH2_SESSION *session, const char *path, libssh2_struct_stat * sb)
 {
     LIBSSH2_CHANNEL *ptr;
     BLOCK_ADJUST_ERRNO(ptr, session, scp_recv(session, path, sb));
@@ -790,22 +828,25 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode,
 
         session->scpSend_command =
             LIBSSH2_ALLOC(session, session->scpSend_command_len);
+
         if (!session->scpSend_command) {
             _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
-                           "Unable to allocate a command buffer for scp session");
+                           "Unable to allocate a command buffer for "
+                           "SCP session");
             return NULL;
         }
 
-        snprintf((char *)session->scpSend_command, session->scpSend_command_len,
+        snprintf((char *)session->scpSend_command,
+                 session->scpSend_command_len,
                  "scp -%st ", (mtime || atime)?"p":"");
 
         cmd_len = strlen((char *)session->scpSend_command);
-
-        (void)shell_quotearg(path,
+        cmd_len += shell_quotearg(path,
                                   &session->scpSend_command[cmd_len],
                                   session->scpSend_command_len - cmd_len);
 
-        session->scpSend_command[session->scpSend_command_len - 1] = '\0';
+        session->scpSend_command[cmd_len] = '\0';
+        session->scpSend_command_len = cmd_len + 1;
 
         _libssh2_debug(session, LIBSSH2_TRACE_SCP,
                        "Opening channel for SCP send");

src/session.c

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org>
- * Copyright (c) 2009-2011 by Daniel Stenberg
+ * Copyright (c) 2009-2015 by Daniel Stenberg
  * Copyright (c) 2010 Simon Josefsson <simon@josefsson.org>
  * All rights reserved.
  *
@@ -601,7 +601,7 @@ int _libssh2_wait_socket(LIBSSH2_SESSION *session, time_t start_time)
         (seconds_to_next == 0 ||
          seconds_to_next > session->api_timeout)) {
         time_t now = time (NULL);
-        elapsed_ms = (long)(1000*difftime(start_time, now));
+        elapsed_ms = (long)(1000*difftime(now, start_time));
         if (elapsed_ms > session->api_timeout) {
             session->err_code = LIBSSH2_ERROR_TIMEOUT;
             return LIBSSH2_ERROR_TIMEOUT;
@@ -1058,6 +1058,11 @@ session_free(LIBSSH2_SESSION *session)
         LIBSSH2_FREE(session, session->server_hostkey);
     }
 
+    /* error string */
+    if (session->err_msg && ((session->err_flags & LIBSSH2_ERR_FLAG_DUP) != 0)) {
+        LIBSSH2_FREE(session, (char *)session->err_msg);
+    }
+
     LIBSSH2_FREE(session, session);
 
     return 0;
@@ -1285,7 +1290,24 @@ libssh2_session_last_errno(LIBSSH2_SESSION * session)
     return session->err_code;
 }
 
-/* libssh2_session_flag
+/* libssh2_session_set_last_error
+ *
+ * Sets the internal error code for the session.
+ *
+ * This function is available specifically to be used by high level
+ * language wrappers (i.e. Python or Perl) that may extend the library
+ * features while still relying on its error reporting mechanism.
+ */
+LIBSSH2_API int
+libssh2_session_set_last_error(LIBSSH2_SESSION* session,
+                               int errcode,
+                               const char* errmsg)
+{
+    return _libssh2_error_flags(session, errcode, errmsg,
+                                LIBSSH2_ERR_FLAG_DUP);
+}
+
+/* Libssh2_session_flag
  *
  * Set/Get session flags
  *

src/sftp.c

@@ -204,7 +204,8 @@ sftp_packet_add(LIBSSH2_SFTP *sftp, unsigned char *data,
     LIBSSH2_SFTP_PACKET *packet;
     uint32_t request_id;
 
-    _libssh2_debug(session, LIBSSH2_TRACE_SFTP, "Received packet %d (len %d)",
+    _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
+                   "Received packet type %d (len %d)",
                    (int) data[0], data_len);
 
     /*
@@ -250,6 +251,9 @@ sftp_packet_add(LIBSSH2_SFTP *sftp, unsigned char *data,
 
     request_id = _libssh2_ntohu32(&data[1]);
 
+    _libssh2_debug(session, LIBSSH2_TRACE_SFTP, "Received packet id %d",
+                   request_id);
+
     /* Don't add the packet if it answers a request we've given up on. */
     if((data[0] == SSH_FXP_STATUS || data[0] == SSH_FXP_DATA)
        && find_zombie_request(sftp, request_id)) {
@@ -1245,6 +1249,8 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
     ssize_t rc;
     struct _libssh2_sftp_handle_file_data *filep =
         &handle->u.file;
+    size_t bytes_in_buffer = 0;
+    char *sliding_bufferp = buffer;
 
     /* This function can be interrupted in three different places where it
        might need to wait for data from the network.  It returns EAGAIN to
@@ -1301,11 +1307,14 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
             return copy;
         }
 
+        if (filep->eof) {
+            return 0;
+        } else {
             /* We allow a number of bytes being requested at any given time
                without having been acked - until we reach EOF. */
-        if(!filep->eof) {
+
             /* Number of bytes asked for that haven't been acked yet */
-            size_t already = (filep->offset_sent - filep->offset);
+            size_t already = (size_t)(filep->offset_sent - filep->offset);
 
             size_t max_read_ahead = buffer_size*4;
             unsigned long recv_window;
@@ -1358,19 +1367,25 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
 
         while(count > 0) {
             unsigned char *s;
-            uint32_t size = MIN(MAX_SFTP_READ_SIZE, count);
 
             /* 25 = packet_len(4) + packet_type(1) + request_id(4) +
                handle_len(4) + offset(8) + count(4) */
             uint32_t packet_len = (uint32_t)handle->handle_len + 25;
             uint32_t request_id;
 
+            uint32_t size = count;
+            if (size < buffer_size)
+                size = buffer_size;
+            if (size > MAX_SFTP_READ_SIZE)
+                size = MAX_SFTP_READ_SIZE;
+
             chunk = LIBSSH2_ALLOC(session, packet_len +
                                   sizeof(struct sftp_pipeline_chunk));
             if (!chunk)
                 return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                                       "malloc fail for FXP_WRITE");
 
+            chunk->offset = filep->offset_sent;
             chunk->len = size;
             chunk->lefttosend = packet_len;
             chunk->sent = 0;
@@ -1389,8 +1404,11 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
 
             /* add this new entry LAST in the list */
             _libssh2_list_add(&handle->packet_list, &chunk->node);
-            count -= size; /* deduct the size we used, as we might have
-                              to create more packets */
+            count -= MIN(size,count); /* deduct the size we used, as we might
+                                       * have to create more packets */
+            _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
+                           "read request id %d sent (offset: %d, size: %d)",
+                           request_id, (int)chunk->offset, (int)chunk->len);
         }
 
     case libssh2_NB_state_sent:
@@ -1416,9 +1434,16 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
                 chunk->lefttosend -= rc;
                 chunk->sent += rc;
 
-                if(chunk->lefttosend)
-                    /* data left to send, get out of loop */
+                if(chunk->lefttosend) {
+                    /* We still have data left to send for this chunk.
+                     * If there is at least one completely sent chunk,
+                     * we can get out of this loop and start reading.  */
+                    if (chunk != _libssh2_list_first(&handle->packet_list)) {
                         break;
+                    } else {
+                        continue;
+                    }
+                }
             }
 
             /* move on to the next chunk with data to send */
@@ -1442,13 +1467,27 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
                 SSH_FXP_DATA, SSH_FXP_STATUS
             };
 
-            if(chunk->lefttosend)
+            if(chunk->lefttosend) {
                 /* if the chunk still has data left to send, we shouldn't wait
                    for an ACK for it just yet */
-                break;
+                if (bytes_in_buffer > 0) {
+                    return bytes_in_buffer;
+                } else {
+                    /* we should never reach this point */
+                    return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
+                                          "sftp_read() internal error");
+                }
+            }
 
             rc = sftp_packet_requirev(sftp, 2, read_responses,
                                       chunk->request_id, &data, &data_len);
+
+            if (rc==LIBSSH2_ERROR_EAGAIN && bytes_in_buffer != 0) {
+                /* do not return EAGAIN if we have already
+                 * written data into the buffer */
+                return bytes_in_buffer;
+            }
+
             if (rc < 0) {
                 sftp->read_state = libssh2_NB_state_sent2;
                 return rc;
@@ -1475,7 +1514,7 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
 
                 if (rc32 == LIBSSH2_FX_EOF) {
                     filep->eof = TRUE;
-                    return 0;
+                    return bytes_in_buffer;
                 }
                 else {
                     sftp->last_errno = rc32;
@@ -1485,6 +1524,16 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
                 break;
 
             case SSH_FXP_DATA:
+                if (chunk->offset != filep->offset) {
+                    /* This could happen if the server returns less bytes than
+                       requested, which shouldn't happen for normal files. See:
+                       http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02
+                       #section-6.4
+                    */
+                    return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
+                                          "Read Packet At Unexpected Offset");
+                }
+
                 rc32 = _libssh2_ntohu32(data + 5);
                 if (rc32 > (data_len - 9))
                     return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
@@ -1505,13 +1554,13 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
                     filep->offset_sent -= (chunk->len - rc32);
                 }
 
-                if(rc32 > buffer_size) {
+                if((bytes_in_buffer + rc32) > buffer_size) {
                     /* figure out the overlap amount */
-                    filep->data_left = rc32 - buffer_size;
+                    filep->data_left = (bytes_in_buffer + rc32) - buffer_size;
 
                     /* getting the full packet would overflow the buffer, so
                        only get the correct amount and keep the remainder */
-                    rc32 = (uint32_t)buffer_size;
+                    rc32 = (uint32_t)buffer_size - bytes_in_buffer;
 
                     /* store data to keep for next call */
                     filep->data = data;
@@ -1522,29 +1571,28 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
 
                 /* copy the received data from the received FXP_DATA packet to
                    the buffer at the correct index */
-                memcpy(buffer, data + 9, rc32);
+                memcpy(sliding_bufferp, data + 9, rc32);
                 filep->offset += rc32;
+                bytes_in_buffer += rc32;
+                sliding_bufferp += rc32;
 
                 if(filep->data_len == 0)
                     /* free the allocated data if not stored to keep */
                     LIBSSH2_FREE(session, data);
 
-
                 /* remove the chunk we just processed keeping track of the
                  * next one in case we need it */
                 next = _libssh2_list_next(&chunk->node);
                 _libssh2_list_remove(&chunk->node);
                 LIBSSH2_FREE(session, chunk);
-                chunk = NULL;
 
-                if(rc32 > 0) {
-                    /* we must return as we wrote some data to the buffer */
-                    return rc32;
-                } else {
-                    /* A zero-byte read is not necessarily EOF so we must not
-                     * return 0 (that would signal EOF to the caller) so
-                     * instead we carry on to the next chunk */
+                /* check if we have space left in the buffer
+                 * and either continue to the next chunk or stop
+                 */
+                if (bytes_in_buffer < buffer_size) {
                     chunk = next;
+                } else {
+                    chunk = NULL;
                 }
 
                 break;
@@ -1555,13 +1603,18 @@ static ssize_t sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer,
             }
         }
 
+        if (bytes_in_buffer > 0)
+            return bytes_in_buffer;
+
         break;
 
     default:
         assert(!"State machine error; unrecognised read state");
     }
 
-    return 0;
+    /* we should never reach this point */
+    return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL,
+                          "sftp_read() internal error");
 }
 
 /* libssh2_sftp_read
@@ -1827,7 +1880,7 @@ static ssize_t sftp_write(LIBSSH2_SFTP_HANDLE *handle, const char *buffer,
            acked but we haven't been able to return as such yet, so we will
            get that data as well passed in here again.
         */
-        already = (handle->u.file.offset_sent - handle->u.file.offset)+
+        already = (size_t) (handle->u.file.offset_sent - handle->u.file.offset)+
             handle->u.file.acked;
 
         if(count >= already) {
@@ -2767,7 +2820,7 @@ static int sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, LIBSSH2_SFTP_STATVFS *st)
     st->f_ffree = _libssh2_ntohu64(data + 53);
     st->f_favail = _libssh2_ntohu64(data + 61);
     st->f_fsid = _libssh2_ntohu64(data + 69);
-    flag = _libssh2_ntohu64(data + 77);
+    flag = (unsigned int)_libssh2_ntohu64(data + 77);
     st->f_namemax = _libssh2_ntohu64(data + 85);
 
     st->f_flag = (flag & SSH_FXE_STATVFS_ST_RDONLY)
@@ -2893,7 +2946,7 @@ static int sftp_statvfs(LIBSSH2_SFTP *sftp, const char *path,
     st->f_ffree = _libssh2_ntohu64(data + 53);
     st->f_favail = _libssh2_ntohu64(data + 61);
     st->f_fsid = _libssh2_ntohu64(data + 69);
-    flag = _libssh2_ntohu64(data + 77);
+    flag = (unsigned int)_libssh2_ntohu64(data + 77);
     st->f_namemax = _libssh2_ntohu64(data + 85);
 
     st->f_flag = (flag & SSH_FXE_STATVFS_ST_RDONLY)

src/sftp.h

@@ -48,10 +48,12 @@
 /* MAX_SFTP_READ_SIZE is how much data is asked for at max in each FXP_READ
  * packets.
  */
-#define MAX_SFTP_READ_SIZE 2000
+#define MAX_SFTP_READ_SIZE 30000
 
 struct sftp_pipeline_chunk {
     struct list_node node;
+    libssh2_uint64_t offset; /* READ: offset at which to start reading
+                                WRITE: not used */
     size_t len; /* WRITE: size of the data to write
                    READ: how many bytes that was asked for */
     size_t sent;

src/transport.c

@@ -52,7 +52,7 @@
 #include "mac.h"
 
 #define MAX_BLOCKSIZE 32    /* MUST fit biggest crypto block size we use/get */
-#define MAX_MACSIZE 20      /* MUST fit biggest MAC length we support */
+#define MAX_MACSIZE 64      /* MUST fit biggest MAC length we support */
 
 #ifdef LIBSSH2DEBUG
 #define UNPRINTABLE_CHAR '.'

src/userauth.c

@@ -442,6 +442,76 @@ libssh2_userauth_password_ex(LIBSSH2_SESSION *session, const char *username,
     return rc;
 }
 
+static int
+memory_read_publickey(LIBSSH2_SESSION * session, unsigned char **method,
+                      size_t *method_len,
+                      unsigned char **pubkeydata,
+                      size_t *pubkeydata_len,
+                      const char *pubkeyfiledata,
+                      size_t pubkeyfiledata_len)
+{
+    unsigned char *pubkey = NULL, *sp1, *sp2, *tmp;
+    size_t pubkey_len = pubkeyfiledata_len;
+    unsigned int tmp_len;
+
+    if (pubkeyfiledata_len <= 1) {
+        return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                              "Invalid data in public key file");
+    }
+
+    pubkey = LIBSSH2_ALLOC(session, pubkeyfiledata_len);
+    if (!pubkey) {
+        return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                              "Unable to allocate memory for public key data");
+    }
+
+    memcpy(pubkey, pubkeyfiledata, pubkeyfiledata_len);
+
+    /*
+     *   Remove trailing whitespace
+     */
+    while (pubkey_len && isspace(pubkey[pubkey_len - 1]))
+        pubkey_len--;
+
+    if (!pubkey_len) {
+        LIBSSH2_FREE(session, pubkey);
+        return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                              "Missing public key data");
+    }
+
+    if ((sp1 = memchr(pubkey, ' ', pubkey_len)) == NULL) {
+        LIBSSH2_FREE(session, pubkey);
+        return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                              "Invalid public key data");
+    }
+
+    sp1++;
+
+    if ((sp2 = memchr(sp1, ' ', pubkey_len - (sp1 - pubkey - 1))) == NULL) {
+        /* Assume that the id string is missing, but that it's okay */
+        sp2 = pubkey + pubkey_len;
+    }
+
+    if (libssh2_base64_decode(session, (char **) &tmp, &tmp_len,
+                              (char *) sp1, sp2 - sp1)) {
+        LIBSSH2_FREE(session, pubkey);
+        return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                                  "Invalid key data, not base64 encoded");
+    }
+
+    /* Wasting some bytes here (okay, more than some), but since it's likely
+     * to be freed soon anyway, we'll just avoid the extra free/alloc and call
+     * it a wash
+     */
+    *method = pubkey;
+    *method_len = sp1 - pubkey - 1;
+
+    *pubkeydata = tmp;
+    *pubkeydata_len = tmp_len;
+
+    return 0;
+}
+
 /*
  * file_read_publickey
  *
@@ -476,10 +546,6 @@ file_read_publickey(LIBSSH2_SESSION * session, unsigned char **method,
     while (!feof(fd) && 1 == fread(&c, 1, 1, fd) && c != '\r' && c != '\n') {
         pubkey_len++;
     }
-    if (feof(fd)) {
-        /* the last character was EOF */
-        pubkey_len--;
-    }
     rewind(fd);
 
     if (pubkey_len <= 1) {
@@ -547,7 +613,43 @@ file_read_publickey(LIBSSH2_SESSION * session, unsigned char **method,
     return 0;
 }
 
+static int
+memory_read_privatekey(LIBSSH2_SESSION * session,
+                       const LIBSSH2_HOSTKEY_METHOD ** hostkey_method,
+                       void **hostkey_abstract,
+                       const unsigned char *method, int method_len,
+                       const char *privkeyfiledata, size_t privkeyfiledata_len,
+                       const char *passphrase)
+{
+    const LIBSSH2_HOSTKEY_METHOD **hostkey_methods_avail =
+        libssh2_hostkey_methods();
 
+    *hostkey_method = NULL;
+    *hostkey_abstract = NULL;
+    while (*hostkey_methods_avail && (*hostkey_methods_avail)->name) {
+        if ((*hostkey_methods_avail)->initPEMFromMemory
+             && strncmp((*hostkey_methods_avail)->name, (const char *) method,
+                        method_len) == 0) {
+            *hostkey_method = *hostkey_methods_avail;
+            break;
+        }
+        hostkey_methods_avail++;
+    }
+    if (!*hostkey_method) {
+        return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NONE,
+                              "No handler for specified private key");
+    }
+
+    if ((*hostkey_method)->
+        initPEMFromMemory(session, privkeyfiledata, privkeyfiledata_len,
+                          (unsigned char *) passphrase,
+                          hostkey_abstract)) {
+        return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                              "Unable to initialize private key from file");
+    }
+
+    return 0;
+}
 
 /* libssh2_file_read_privatekey
  * Read a PEM encoded private key from an id_??? style file
@@ -595,6 +697,43 @@ struct privkey_file {
     const char *passphrase;
 };
 
+static int
+sign_frommemory(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
+                const unsigned char *data, size_t data_len, void **abstract)
+{
+    struct privkey_file *pk_file = (struct privkey_file *) (*abstract);
+    const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
+    void *hostkey_abstract;
+    struct iovec datavec;
+    int rc;
+
+    rc = memory_read_privatekey(session, &privkeyobj, &hostkey_abstract,
+                                session->userauth_pblc_method,
+                                session->userauth_pblc_method_len,
+                                pk_file->filename,
+                                strlen(pk_file->filename),
+                                pk_file->passphrase);
+    if(rc)
+        return rc;
+
+    libssh2_prepare_iovec(&datavec, 1);
+    datavec.iov_base = (void *)data;
+    datavec.iov_len  = data_len;
+
+    if (privkeyobj->signv(session, sig, sig_len, 1, &datavec,
+                          &hostkey_abstract)) {
+        if (privkeyobj->dtor) {
+            privkeyobj->dtor(session, abstract);
+        }
+        return -1;
+    }
+
+    if (privkeyobj->dtor) {
+        privkeyobj->dtor(session, &hostkey_abstract);
+    }
+    return 0;
+}
+
 static int
 sign_fromfile(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
               const unsigned char *data, size_t data_len, void **abstract)
@@ -613,6 +752,7 @@ sign_fromfile(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
     if(rc)
         return rc;
 
+    libssh2_prepare_iovec(&datavec, 1);
     datavec.iov_base = (void *)data;
     datavec.iov_len  = data_len;
 
@@ -648,9 +788,9 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
 
     if (session->userauth_host_state == libssh2_NB_state_idle) {
         const LIBSSH2_HOSTKEY_METHOD *privkeyobj;
-        unsigned char *pubkeydata, *sig;
+        unsigned char *pubkeydata, *sig = NULL;
         size_t pubkeydata_len = 0;
-        size_t sig_len;
+        size_t sig_len = 0;
         void *abstract;
         unsigned char buf[5];
         struct iovec datavec[4];
@@ -735,6 +875,7 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
         }
 
         _libssh2_htonu32(buf, session->session_id_len);
+        libssh2_prepare_iovec(datavec, 4);
         datavec[0].iov_base = (void *)buf;
         datavec[0].iov_len = 4;
         datavec[1].iov_base = (void *)session->session_id;
@@ -742,7 +883,9 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
         datavec[2].iov_base = (void *)session->userauth_host_packet;
         datavec[2].iov_len = session->userauth_host_packet_len;
 
-        if (privkeyobj->signv(session, &sig, &sig_len, 3, datavec, &abstract)) {
+        if (privkeyobj && privkeyobj->signv &&
+                          privkeyobj->signv(session, &sig, &sig_len, 3,
+                                            datavec, &abstract)) {
             LIBSSH2_FREE(session, session->userauth_host_method);
             session->userauth_host_method = NULL;
             LIBSSH2_FREE(session, session->userauth_host_packet);
@@ -753,7 +896,7 @@ userauth_hostbased_fromfile(LIBSSH2_SESSION *session,
             return -1;
         }
 
-        if (privkeyobj->dtor) {
+        if (privkeyobj && privkeyobj->dtor) {
             privkeyobj->dtor(session, &abstract);
         }
 
@@ -1215,6 +1358,65 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
                           "username/public key combination");
 }
 
+ /*
+  * userauth_publickey_frommemory
+  * Authenticate using a keypair from memory
+  */
+static int
+userauth_publickey_frommemory(LIBSSH2_SESSION *session,
+                              const char *username,
+                              size_t username_len,
+                              const char *publickeydata,
+                              size_t publickeydata_len,
+                              const char *privatekeydata,
+                              size_t privatekeydata_len,
+                              const char *passphrase)
+{
+    unsigned char *pubkeydata = NULL;
+    size_t pubkeydata_len = 0;
+    struct privkey_file privkey_file;
+    void *abstract = &privkey_file;
+    int rc;
+
+    privkey_file.filename = privatekeydata;
+    privkey_file.passphrase = passphrase;
+
+    if (session->userauth_pblc_state == libssh2_NB_state_idle) {
+        if (publickeydata_len && publickeydata) {
+            rc = memory_read_publickey(session, &session->userauth_pblc_method,
+                                       &session->userauth_pblc_method_len,
+                                       &pubkeydata, &pubkeydata_len,
+                                       publickeydata, publickeydata_len);
+            if(rc)
+                return rc;
+        }
+        else if (privatekeydata_len && privatekeydata) {
+            /* Compute public key from private key. */
+            if (_libssh2_pub_priv_keyfilememory(session,
+                                                &session->userauth_pblc_method,
+                                                &session->userauth_pblc_method_len,
+                                                &pubkeydata, &pubkeydata_len,
+                                                privatekeydata, privatekeydata_len,
+                                                passphrase))
+                return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                                      "Unable to extract public key "
+                                      "from private key.");
+        }
+        else {
+            return _libssh2_error(session, LIBSSH2_ERROR_FILE,
+                                  "Invalid data in public and private key.");
+        }
+    }
+
+    rc = _libssh2_userauth_publickey(session, username, username_len,
+                                     pubkeydata, pubkeydata_len,
+                                     sign_frommemory, &abstract);
+    if(pubkeydata)
+        LIBSSH2_FREE(session, pubkeydata);
+
+    return rc;
+}
+
 /*
  * userauth_publickey_fromfile
  * Authenticate using a keypair found in the named files
@@ -1267,6 +1469,36 @@ userauth_publickey_fromfile(LIBSSH2_SESSION *session,
     return rc;
 }
 
+/* libssh2_userauth_publickey_frommemory
+ * Authenticate using a keypair from memory
+ */
+LIBSSH2_API int
+libssh2_userauth_publickey_frommemory(LIBSSH2_SESSION *session,
+                                      const char *user,
+                                      size_t user_len,
+                                      const char *publickeyfiledata,
+                                      size_t publickeyfiledata_len,
+                                      const char *privatekeyfiledata,
+                                      size_t privatekeyfiledata_len,
+                                      const char *passphrase)
+{
+    int rc;
+
+    if(NULL == passphrase)
+        /* if given a NULL pointer, make it point to a zero-length
+           string to save us from having to check this all over */
+        passphrase="";
+
+    BLOCK_ADJUST(rc, session,
+                 userauth_publickey_frommemory(session, user, user_len,
+                                               publickeyfiledata,
+                                               publickeyfiledata_len,
+                                               privatekeyfiledata,
+                                               privatekeyfiledata_len,
+                                               passphrase));
+    return rc;
+}
+
 /* libssh2_userauth_publickey_fromfile_ex
  * Authenticate using a keypair found in the named files
  */
@@ -1540,6 +1772,8 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
                                        "keyboard-interactive prompt message");
                         goto cleanup;
                     }
+                    memcpy(session->userauth_kybd_prompts[i].text, s,
+                           session->userauth_kybd_prompts[i].length);
                     s += session->userauth_kybd_prompts[i].length;
 
                     /* boolean   echo[1] */

src/wincng.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013-2014 Marc Hoersken <info@marc-hoersken.de>
+ * Copyright (C) 2013-2015 Marc Hoersken <info@marc-hoersken.de>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -67,6 +67,11 @@
 #include <wincrypt.h>
 #endif
 
+#define PEM_RSA_HEADER "-----BEGIN RSA PRIVATE KEY-----"
+#define PEM_RSA_FOOTER "-----END RSA PRIVATE KEY-----"
+#define PEM_DSA_HEADER "-----BEGIN DSA PRIVATE KEY-----"
+#define PEM_DSA_FOOTER "-----END DSA PRIVATE KEY-----"
+
 
 /*******************************************************************/
 /*
@@ -88,6 +93,14 @@
 #define BCRYPT_SHA1_ALGORITHM L"SHA1"
 #endif
 
+#ifndef BCRYPT_SHA256_ALGORITHM
+#define BCRYPT_SHA256_ALGORITHM L"SHA256"
+#endif
+
+#ifndef BCRYPT_SHA512_ALGORITHM
+#define BCRYPT_SHA512_ALGORITHM L"SHA512"
+#endif
+
 #ifndef BCRYPT_RSA_ALGORITHM
 #define BCRYPT_RSA_ALGORITHM L"RSA"
 #endif
@@ -206,6 +219,10 @@ _libssh2_wincng_init(void)
                                       BCRYPT_MD5_ALGORITHM, NULL, 0);
     (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA1,
                                       BCRYPT_SHA1_ALGORITHM, NULL, 0);
+    (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA256,
+                                      BCRYPT_SHA256_ALGORITHM, NULL, 0);
+    (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA512,
+                                      BCRYPT_SHA512_ALGORITHM, NULL, 0);
 
     (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacMD5,
                                       BCRYPT_MD5_ALGORITHM, NULL,
@@ -213,6 +230,12 @@ _libssh2_wincng_init(void)
     (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA1,
                                       BCRYPT_SHA1_ALGORITHM, NULL,
                                       BCRYPT_ALG_HANDLE_HMAC_FLAG);
+    (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA256,
+                                      BCRYPT_SHA256_ALGORITHM, NULL,
+                                      BCRYPT_ALG_HANDLE_HMAC_FLAG);
+    (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA512,
+                                      BCRYPT_SHA512_ALGORITHM, NULL,
+                                      BCRYPT_ALG_HANDLE_HMAC_FLAG);
 
     (void)BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgRSA,
                                       BCRYPT_RSA_ALGORITHM, NULL, 0);
@@ -259,8 +282,12 @@ _libssh2_wincng_free(void)
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRNG, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashMD5, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA1, 0);
+    (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA256, 0);
+    (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA512, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacMD5, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA1, 0);
+    (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA256, 0);
+    (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA512, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgRSA, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgDSA, 0);
     (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgAES_CBC, 0);
@@ -280,6 +307,24 @@ _libssh2_wincng_random(void *buf, int len)
     return BCRYPT_SUCCESS(ret) ? 0 : -1;
 }
 
+static void
+_libssh2_wincng_safe_free(void *buf, int len)
+{
+#ifndef LIBSSH2_CLEAR_MEMORY
+    (void)len;
+#endif
+
+    if (!buf)
+        return;
+
+#ifdef LIBSSH2_CLEAR_MEMORY
+    if (len > 0)
+        SecureZeroMemory(buf, len);
+#endif
+
+    free(buf);
+}
+
 
 /*******************************************************************/
 /*
@@ -322,7 +367,7 @@ _libssh2_wincng_hash_init(_libssh2_wincng_hash_ctx *ctx,
                            pbHashObject, dwHashObject,
                            key, keylen, 0);
     if (!BCRYPT_SUCCESS(ret)) {
-        free(pbHashObject);
+        _libssh2_wincng_safe_free(pbHashObject, dwHashObject);
         return -1;
     }
 
@@ -355,13 +400,13 @@ _libssh2_wincng_hash_final(_libssh2_wincng_hash_ctx *ctx,
     ret = BCryptFinishHash(ctx->hHash, hash, ctx->cbHash, 0);
 
     BCryptDestroyHash(ctx->hHash);
+    ctx->hHash = NULL;
 
-    if (ctx->pbHashObject)
-        free(ctx->pbHashObject);
+    _libssh2_wincng_safe_free(ctx->pbHashObject, ctx->dwHashObject);
+    ctx->pbHashObject = NULL;
+    ctx->dwHashObject = 0;
 
-    memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx));
-
-    return ret;
+    return BCRYPT_SUCCESS(ret) ? 0 : -1;
 }
 
 int
@@ -370,16 +415,15 @@ _libssh2_wincng_hash(unsigned char *data, unsigned long datalen,
                      unsigned char *hash, unsigned long hashlen)
 {
     _libssh2_wincng_hash_ctx ctx;
+    int ret;
 
-    if (!_libssh2_wincng_hash_init(&ctx, hAlg, hashlen, NULL, 0)) {
-        if (!_libssh2_wincng_hash_update(&ctx, data, datalen)) {
-            if (!_libssh2_wincng_hash_final(&ctx, hash)) {
-                return 0;
-            }
-        }
+    ret = _libssh2_wincng_hash_init(&ctx, hAlg, hashlen, NULL, 0);
+    if (!ret) {
+        ret = _libssh2_wincng_hash_update(&ctx, data, datalen);
+        ret |= _libssh2_wincng_hash_final(&ctx, hash);
     }
 
-    return -1;
+    return ret;
 }
 
 
@@ -403,11 +447,11 @@ void
 _libssh2_wincng_hmac_cleanup(_libssh2_wincng_hash_ctx *ctx)
 {
     BCryptDestroyHash(ctx->hHash);
+    ctx->hHash = NULL;
 
-    if (ctx->pbHashObject)
-        free(ctx->pbHashObject);
-
-    memset(ctx, 0, sizeof(_libssh2_wincng_hash_ctx));
+    _libssh2_wincng_safe_free(ctx->pbHashObject, ctx->dwHashObject);
+    ctx->pbHashObject = NULL;
+    ctx->dwHashObject = 0;
 }
 
 
@@ -449,17 +493,17 @@ _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx,
                                _libssh2_wincng.hAlgHashSHA1,
                                hash, hashlen);
 
-    free(data);
+    _libssh2_wincng_safe_free(data, datalen);
 
     if (ret) {
-        free(hash);
+        _libssh2_wincng_safe_free(hash, hashlen);
         return -1;
     }
 
     datalen = sig_len;
     data = malloc(datalen);
     if (!data) {
-        free(hash);
+        _libssh2_wincng_safe_free(hash, hashlen);
         return -1;
     }
 
@@ -474,8 +518,8 @@ _libssh2_wincng_key_sha1_verify(_libssh2_wincng_key_ctx *ctx,
     ret = BCryptVerifySignature(ctx->hKey, pPaddingInfo,
                                 hash, hashlen, data, datalen, flags);
 
-    free(hash);
-    free(data);
+    _libssh2_wincng_safe_free(hash, hashlen);
+    _libssh2_wincng_safe_free(data, datalen);
 
     return BCRYPT_SUCCESS(ret) ? 0 : -1;
 }
@@ -513,21 +557,59 @@ _libssh2_wincng_load_private(LIBSSH2_SESSION *session,
                              const char *filename,
                              const char *passphrase,
                              unsigned char **ppbEncoded,
-                             unsigned long *pcbEncoded)
+                             unsigned long *pcbEncoded,
+                             int tryLoadRSA, int tryLoadDSA)
 {
-    unsigned char *data;
-    unsigned int datalen;
-    int ret;
+    unsigned char *data = NULL;
+    unsigned int datalen = 0;
+    int ret = -1;
 
+    if (ret && tryLoadRSA) {
         ret = _libssh2_wincng_load_pem(session, filename, passphrase,
-                                   "-----BEGIN RSA PRIVATE KEY-----",
-                                   "-----END RSA PRIVATE KEY-----",
+                                       PEM_RSA_HEADER, PEM_RSA_FOOTER,
                                        &data, &datalen);
+    }
 
-    if (ret) {
+    if (ret && tryLoadDSA) {
         ret = _libssh2_wincng_load_pem(session, filename, passphrase,
-                                       "-----BEGIN DSA PRIVATE KEY-----",
-                                       "-----END DSA PRIVATE KEY-----",
+                                       PEM_DSA_HEADER, PEM_DSA_FOOTER,
+                                       &data, &datalen);
+    }
+
+    if (!ret) {
+        *ppbEncoded = data;
+        *pcbEncoded = datalen;
+    }
+
+    return ret;
+}
+
+static int
+_libssh2_wincng_load_private_memory(LIBSSH2_SESSION *session,
+                                    const char *privatekeydata,
+                                    size_t privatekeydata_len,
+                                    const char *passphrase,
+                                    unsigned char **ppbEncoded,
+                                    unsigned long *pcbEncoded,
+                                    int tryLoadRSA, int tryLoadDSA)
+{
+    unsigned char *data = NULL;
+    unsigned int datalen = 0;
+    int ret = -1;
+
+    (void)passphrase;
+
+    if (ret && tryLoadRSA) {
+        ret = _libssh2_pem_parse_memory(session,
+                                        PEM_RSA_HEADER, PEM_RSA_FOOTER,
+                                        privatekeydata, privatekeydata_len,
+                                        &data, &datalen);
+    }
+
+    if (ret && tryLoadDSA) {
+        ret = _libssh2_pem_parse_memory(session,
+                                        PEM_DSA_HEADER, PEM_DSA_FOOTER,
+                                        privatekeydata, privatekeydata_len,
                                         &data, &datalen);
     }
 
@@ -568,7 +650,7 @@ _libssh2_wincng_asn_decode(unsigned char *pbEncoded,
                               pbEncoded, cbEncoded, 0, NULL,
                               pbDecoded, &cbDecoded);
     if (!ret) {
-        free(pbDecoded);
+        _libssh2_wincng_safe_free(pbDecoded, cbDecoded);
         return -1;
     }
 
@@ -639,7 +721,7 @@ _libssh2_wincng_asn_decode_bn(unsigned char *pbEncoded,
             *ppbDecoded = pbDecoded;
             *pcbDecoded = cbDecoded;
         }
-        free(pbInteger);
+        _libssh2_wincng_safe_free(pbInteger, cbInteger);
     }
 
     return ret;
@@ -684,10 +766,10 @@ _libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded,
                     *pcbCount = length;
                 } else {
                     for (length = 0; length < index; length++) {
-                        if (rpbDecoded[length]) {
-                            free(rpbDecoded[length]);
+                        _libssh2_wincng_safe_free(rpbDecoded[length],
+                                                  rcbDecoded[length]);
                         rpbDecoded[length] = NULL;
-                        }
+                        rcbDecoded[length] = 0;
                     }
                     free(rpbDecoded);
                     free(rcbDecoded);
@@ -700,7 +782,7 @@ _libssh2_wincng_asn_decode_bns(unsigned char *pbEncoded,
             ret = -1;
         }
 
-        free(pbDecoded);
+        _libssh2_wincng_safe_free(pbDecoded, cbDecoded);
     }
 
     return ret;
@@ -846,7 +928,7 @@ _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,
     ret = BCryptImportKeyPair(_libssh2_wincng.hAlgRSA, NULL, lpszBlobType,
                               &hKey, key, keylen, 0);
     if (!BCRYPT_SUCCESS(ret)) {
-        free(key);
+        _libssh2_wincng_safe_free(key, keylen);
         return -1;
     }
 
@@ -854,7 +936,7 @@ _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,
     *rsa = malloc(sizeof(libssh2_rsa_ctx));
     if (!(*rsa)) {
         BCryptDestroyKey(hKey);
-        free(key);
+        _libssh2_wincng_safe_free(key, keylen);
         return -1;
     }
 
@@ -865,32 +947,25 @@ _libssh2_wincng_rsa_new(libssh2_rsa_ctx **rsa,
     return 0;
 }
 
-int
-_libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
-                                LIBSSH2_SESSION *session,
-                                const char *filename,
-                                const unsigned char *passphrase)
-{
 #ifdef HAVE_LIBCRYPT32
+static int
+_libssh2_wincng_rsa_new_private_parse(libssh2_rsa_ctx **rsa,
+                                      LIBSSH2_SESSION *session,
+                                      unsigned char *pbEncoded,
+                                      unsigned long cbEncoded)
+{
     BCRYPT_KEY_HANDLE hKey;
-    unsigned char *pbEncoded, *pbStructInfo;
-    unsigned long cbEncoded, cbStructInfo;
+    unsigned char *pbStructInfo;
+    unsigned long cbStructInfo;
     int ret;
 
     (void)session;
 
-    ret = _libssh2_wincng_load_private(session, filename,
-                                       (const char *)passphrase,
-                                       &pbEncoded, &cbEncoded);
-    if (ret) {
-        return -1;
-    }
-
     ret = _libssh2_wincng_asn_decode(pbEncoded, cbEncoded,
                                      PKCS_RSA_PRIVATE_KEY,
                                      &pbStructInfo, &cbStructInfo);
 
-    free(pbEncoded);
+    _libssh2_wincng_safe_free(pbEncoded, cbEncoded);
 
     if (ret) {
         return -1;
@@ -901,7 +976,7 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
                               LEGACY_RSAPRIVATE_BLOB, &hKey,
                               pbStructInfo, cbStructInfo, 0);
     if (!BCRYPT_SUCCESS(ret)) {
-        free(pbStructInfo);
+        _libssh2_wincng_safe_free(pbStructInfo, cbStructInfo);
         return -1;
     }
 
@@ -909,7 +984,7 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
     *rsa = malloc(sizeof(libssh2_rsa_ctx));
     if (!(*rsa)) {
         BCryptDestroyKey(hKey);
-        free(pbStructInfo);
+        _libssh2_wincng_safe_free(pbStructInfo, cbStructInfo);
         return -1;
     }
 
@@ -918,6 +993,31 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
     (*rsa)->cbKeyObject = cbStructInfo;
 
     return 0;
+}
+#endif /* HAVE_LIBCRYPT32 */
+
+int
+_libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
+                                LIBSSH2_SESSION *session,
+                                const char *filename,
+                                const unsigned char *passphrase)
+{
+#ifdef HAVE_LIBCRYPT32
+    unsigned char *pbEncoded;
+    unsigned long cbEncoded;
+    int ret;
+
+    (void)session;
+
+    ret = _libssh2_wincng_load_private(session, filename,
+                                       (const char *)passphrase,
+                                       &pbEncoded, &cbEncoded, 1, 0);
+    if (ret) {
+        return -1;
+    }
+
+    return _libssh2_wincng_rsa_new_private_parse(rsa, session,
+                                                 pbEncoded, cbEncoded);
 #else
     (void)rsa;
     (void)filename;
@@ -929,6 +1029,41 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
 #endif /* HAVE_LIBCRYPT32 */
 }
 
+int
+_libssh2_wincng_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
+                                           LIBSSH2_SESSION *session,
+                                           const char *filedata,
+                                           size_t filedata_len,
+                                           unsigned const char *passphrase)
+{
+#ifdef HAVE_LIBCRYPT32
+    unsigned char *pbEncoded;
+    unsigned long cbEncoded;
+    int ret;
+
+    (void)session;
+
+    ret = _libssh2_wincng_load_private_memory(session, filedata, filedata_len,
+                                              (const char *)passphrase,
+                                              &pbEncoded, &cbEncoded, 1, 0);
+    if (ret) {
+        return -1;
+    }
+
+    return _libssh2_wincng_rsa_new_private_parse(rsa, session,
+                                                 pbEncoded, cbEncoded);
+#else
+    (void)rsa;
+    (void)filedata;
+    (void)filedata_len;
+    (void)passphrase;
+
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                          "Unable to extract private key from memory: "
+                          "Method unsupported in Windows CNG backend");
+#endif /* HAVE_LIBCRYPT32 */
+}
+
 int
 _libssh2_wincng_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
                                 const unsigned char *sig,
@@ -983,7 +1118,7 @@ _libssh2_wincng_rsa_sha1_sign(LIBSSH2_SESSION *session,
             ret = STATUS_NO_MEMORY;
     }
 
-    free(data);
+    _libssh2_wincng_safe_free(data, datalen);
 
     return BCRYPT_SUCCESS(ret) ? 0 : -1;
 }
@@ -995,12 +1130,10 @@ _libssh2_wincng_rsa_free(libssh2_rsa_ctx *rsa)
         return;
 
     BCryptDestroyKey(rsa->hKey);
+    rsa->hKey = NULL;
 
-    if (rsa->pbKeyObject)
-        free(rsa->pbKeyObject);
-
-    memset(rsa, 0, sizeof(libssh2_rsa_ctx));
-    free(rsa);
+    _libssh2_wincng_safe_free(rsa->pbKeyObject, rsa->cbKeyObject);
+    _libssh2_wincng_safe_free(rsa, sizeof(libssh2_rsa_ctx));
 }
 
 
@@ -1094,7 +1227,7 @@ _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,
     ret = BCryptImportKeyPair(_libssh2_wincng.hAlgDSA, NULL, lpszBlobType,
                               &hKey, key, keylen, 0);
     if (!BCRYPT_SUCCESS(ret)) {
-        free(key);
+        _libssh2_wincng_safe_free(key, keylen);
         return -1;
     }
 
@@ -1102,7 +1235,7 @@ _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,
     *dsa = malloc(sizeof(libssh2_dsa_ctx));
     if (!(*dsa)) {
         BCryptDestroyKey(hKey);
-        free(key);
+        _libssh2_wincng_safe_free(key, keylen);
         return -1;
     }
 
@@ -1113,30 +1246,23 @@ _libssh2_wincng_dsa_new(libssh2_dsa_ctx **dsa,
     return 0;
 }
 
-int
-_libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
-                                LIBSSH2_SESSION *session,
-                                const char *filename,
-                                const unsigned char *passphrase)
-{
 #ifdef HAVE_LIBCRYPT32
-    unsigned char *pbEncoded, **rpbDecoded;
-    unsigned long cbEncoded, *rcbDecoded, index, length;
+static int
+_libssh2_wincng_dsa_new_private_parse(libssh2_dsa_ctx **dsa,
+                                      LIBSSH2_SESSION *session,
+                                      unsigned char *pbEncoded,
+                                      unsigned long cbEncoded)
+{
+    unsigned char **rpbDecoded;
+    unsigned long *rcbDecoded, index, length;
     int ret;
 
     (void)session;
 
-    ret = _libssh2_wincng_load_private(session, filename,
-                                       (const char *)passphrase,
-                                       &pbEncoded, &cbEncoded);
-    if (ret) {
-        return -1;
-    }
-
     ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded,
                                          &rpbDecoded, &rcbDecoded, &length);
 
-    free(pbEncoded);
+    _libssh2_wincng_safe_free(pbEncoded, cbEncoded);
 
     if (ret) {
         return -1;
@@ -1155,16 +1281,38 @@ _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
     }
 
     for (index = 0; index < length; index++) {
-        if (rpbDecoded[index]) {
-            free(rpbDecoded[index]);
+        _libssh2_wincng_safe_free(rpbDecoded[index], rcbDecoded[index]);
         rpbDecoded[index] = NULL;
-        }
+        rcbDecoded[index] = 0;
     }
 
     free(rpbDecoded);
     free(rcbDecoded);
 
     return ret;
+}
+#endif /* HAVE_LIBCRYPT32 */
+
+int
+_libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
+                                LIBSSH2_SESSION *session,
+                                const char *filename,
+                                const unsigned char *passphrase)
+{
+#ifdef HAVE_LIBCRYPT32
+    unsigned char *pbEncoded;
+    unsigned long cbEncoded;
+    int ret;
+
+    ret = _libssh2_wincng_load_private(session, filename,
+                                       (const char *)passphrase,
+                                       &pbEncoded, &cbEncoded, 0, 1);
+    if (ret) {
+        return -1;
+    }
+
+    return _libssh2_wincng_dsa_new_private_parse(dsa, session,
+                                                 pbEncoded, cbEncoded);
 #else
     (void)dsa;
     (void)filename;
@@ -1176,6 +1324,39 @@ _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
 #endif /* HAVE_LIBCRYPT32 */
 }
 
+int
+_libssh2_wincng_dsa_new_private_frommemory(libssh2_dsa_ctx **dsa,
+                                           LIBSSH2_SESSION *session,
+                                           const char *filedata,
+                                           size_t filedata_len,
+                                           unsigned const char *passphrase)
+{
+#ifdef HAVE_LIBCRYPT32
+    unsigned char *pbEncoded;
+    unsigned long cbEncoded;
+    int ret;
+
+    ret = _libssh2_wincng_load_private_memory(session, filedata, filedata_len,
+                                              (const char *)passphrase,
+                                              &pbEncoded, &cbEncoded, 0, 1);
+    if (ret) {
+        return -1;
+    }
+
+    return _libssh2_wincng_dsa_new_private_parse(dsa, session,
+                                                 pbEncoded, cbEncoded);
+#else
+    (void)dsa;
+    (void)filedata;
+    (void)filedata_len;
+    (void)passphrase;
+
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                          "Unable to extract private key from memory: "
+                          "Method unsupported in Windows CNG backend");
+#endif /* HAVE_LIBCRYPT32 */
+}
+
 int
 _libssh2_wincng_dsa_sha1_verify(libssh2_dsa_ctx *dsa,
                                 const unsigned char *sig_fixed,
@@ -1216,14 +1397,14 @@ _libssh2_wincng_dsa_sha1_sign(libssh2_dsa_ctx *dsa,
                     memcpy(sig_fixed, sig, siglen);
                 }
 
-                free(sig);
+                _libssh2_wincng_safe_free(sig, siglen);
             } else
                 ret = STATUS_NO_MEMORY;
         } else
             ret = STATUS_NO_MEMORY;
     }
 
-    free(data);
+    _libssh2_wincng_safe_free(data, datalen);
 
     return BCRYPT_SUCCESS(ret) ? 0 : -1;
 }
@@ -1235,12 +1416,10 @@ _libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa)
         return;
 
     BCryptDestroyKey(dsa->hKey);
+    dsa->hKey = NULL;
 
-    if (dsa->pbKeyObject)
-        free(dsa->pbKeyObject);
-
-    memset(dsa, 0, sizeof(libssh2_dsa_ctx));
-    free(dsa);
+    _libssh2_wincng_safe_free(dsa->pbKeyObject, dsa->cbKeyObject);
+    _libssh2_wincng_safe_free(dsa, sizeof(libssh2_dsa_ctx));
 }
 #endif
 
@@ -1250,6 +1429,7 @@ _libssh2_wincng_dsa_free(libssh2_dsa_ctx *dsa)
  * Windows CNG backend: Key functions
  */
 
+#ifdef HAVE_LIBCRYPT32
 static unsigned long
 _libssh2_wincng_pub_priv_write(unsigned char *key,
                                unsigned long offset,
@@ -1265,33 +1445,26 @@ _libssh2_wincng_pub_priv_write(unsigned char *key,
     return offset;
 }
 
-int
-_libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
+static int
+_libssh2_wincng_pub_priv_keyfile_parse(LIBSSH2_SESSION *session,
                                        unsigned char **method,
                                        size_t *method_len,
                                        unsigned char **pubkeydata,
                                        size_t *pubkeydata_len,
-                                 const char *privatekey,
-                                 const char *passphrase)
+                                       unsigned char *pbEncoded,
+                                       unsigned long cbEncoded)
 {
-#ifdef HAVE_LIBCRYPT32
-    unsigned char *pbEncoded, **rpbDecoded;
-    unsigned long cbEncoded, *rcbDecoded;
+    unsigned char **rpbDecoded;
+    unsigned long *rcbDecoded;
     unsigned char *key = NULL, *mth = NULL;
     unsigned long keylen = 0, mthlen = 0;
     unsigned long index, offset, length;
     int ret;
 
-    ret = _libssh2_wincng_load_private(session, privatekey, passphrase,
-                                       &pbEncoded, &cbEncoded);
-    if (ret) {
-        return -1;
-    }
-
     ret = _libssh2_wincng_asn_decode_bns(pbEncoded, cbEncoded,
                                          &rpbDecoded, &rcbDecoded, &length);
 
-    free(pbEncoded);
+    _libssh2_wincng_safe_free(pbEncoded, cbEncoded);
 
     if (ret) {
         return -1;
@@ -1364,10 +1537,9 @@ _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
 
 
     for (index = 0; index < length; index++) {
-        if (rpbDecoded[index]) {
-            free(rpbDecoded[index]);
+        _libssh2_wincng_safe_free(rpbDecoded[index], rcbDecoded[index]);
         rpbDecoded[index] = NULL;
-        }
+        rcbDecoded[index] = 0;
     }
 
     free(rpbDecoded);
@@ -1387,6 +1559,32 @@ _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
     }
 
     return ret;
+}
+#endif /* HAVE_LIBCRYPT32 */
+
+int
+_libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
+                                 unsigned char **method,
+                                 size_t *method_len,
+                                 unsigned char **pubkeydata,
+                                 size_t *pubkeydata_len,
+                                 const char *privatekey,
+                                 const char *passphrase)
+{
+#ifdef HAVE_LIBCRYPT32
+    unsigned char *pbEncoded;
+    unsigned long cbEncoded;
+    int ret;
+
+    ret = _libssh2_wincng_load_private(session, privatekey, passphrase,
+                                       &pbEncoded, &cbEncoded, 1, 1);
+    if (ret) {
+        return -1;
+    }
+
+    return _libssh2_wincng_pub_priv_keyfile_parse(session, method, method_len,
+                                                  pubkeydata, pubkeydata_len,
+                                                  pbEncoded, cbEncoded);
 #else
     (void)method;
     (void)method_len;
@@ -1401,6 +1599,45 @@ _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
 #endif /* HAVE_LIBCRYPT32 */
 }
 
+int
+_libssh2_wincng_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                       unsigned char **method,
+                                       size_t *method_len,
+                                       unsigned char **pubkeydata,
+                                       size_t *pubkeydata_len,
+                                       const char *privatekeydata,
+                                       size_t privatekeydata_len,
+                                       const char *passphrase)
+{
+#ifdef HAVE_LIBCRYPT32
+    unsigned char *pbEncoded;
+    unsigned long cbEncoded;
+    int ret;
+
+    ret = _libssh2_wincng_load_private_memory(session, privatekeydata,
+                                              privatekeydata_len, passphrase,
+                                              &pbEncoded, &cbEncoded, 1, 1);
+    if (ret) {
+        return -1;
+    }
+
+    return _libssh2_wincng_pub_priv_keyfile_parse(session, method, method_len,
+                                                  pubkeydata, pubkeydata_len,
+                                                  pbEncoded, cbEncoded);
+#else
+    (void)method;
+    (void)method_len;
+    (void)pubkeydata_len;
+    (void)pubkeydata;
+    (void)privatekeydata;
+    (void)privatekeydata_len;
+    (void)passphrase;
+
+    return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
+                          "Unable to extract public key from private key in memory: "
+                          "Method unsupported in Windows CNG backend");
+#endif /* HAVE_LIBCRYPT32 */
+}
 
 /*******************************************************************/
 /*
@@ -1463,10 +1700,10 @@ _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx,
     ret = BCryptImportKey(*type.phAlg, NULL, BCRYPT_KEY_DATA_BLOB, &hKey,
                           pbKeyObject, dwKeyObject, key, keylen, 0);
 
-    free(key);
+    _libssh2_wincng_safe_free(key, keylen);
 
     if (!BCRYPT_SUCCESS(ret)) {
-        free(pbKeyObject);
+        _libssh2_wincng_safe_free(pbKeyObject, dwKeyObject);
         return -1;
     }
 
@@ -1474,7 +1711,7 @@ _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx,
         pbIV = malloc(dwBlockLength);
         if (!pbIV) {
             BCryptDestroyKey(hKey);
-            free(pbKeyObject);
+            _libssh2_wincng_safe_free(pbKeyObject, dwKeyObject);
             return -1;
         }
         dwIV = dwBlockLength;
@@ -1533,7 +1770,7 @@ _libssh2_wincng_cipher_crypt(_libssh2_cipher_ctx *ctx,
                 memcpy(block, pbOutput, cbOutput);
             }
 
-            free(pbOutput);
+            _libssh2_wincng_safe_free(pbOutput, cbOutput);
         } else
             ret = STATUS_NO_MEMORY;
     }
@@ -1545,13 +1782,15 @@ void
 _libssh2_wincng_cipher_dtor(_libssh2_cipher_ctx *ctx)
 {
     BCryptDestroyKey(ctx->hKey);
+    ctx->hKey = NULL;
 
-    if (ctx->pbKeyObject) {
-        free(ctx->pbKeyObject);
+    _libssh2_wincng_safe_free(ctx->pbKeyObject, ctx->dwKeyObject);
     ctx->pbKeyObject = NULL;
-    }
+    ctx->dwKeyObject = 0;
 
-    memset(ctx, 0, sizeof(_libssh2_cipher_ctx));
+    _libssh2_wincng_safe_free(ctx->pbIV, ctx->dwBlockLength);
+    ctx->pbIV = NULL;
+    ctx->dwBlockLength = 0;
 }
 
 
@@ -1585,6 +1824,12 @@ _libssh2_wincng_bignum_resize(_libssh2_bn *bn, unsigned long length)
     if (length == bn->length)
         return 0;
 
+#ifdef LIBSSH2_CLEAR_MEMORY
+    if (bn->bignum && bn->length > 0 && length < bn->length) {
+        SecureZeroMemory(bn->bignum + length, bn->length - length);
+    }
+#endif
+
     bignum = realloc(bn->bignum, length);
     if (!bignum)
         return -1;
@@ -1692,7 +1937,7 @@ _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,
                                         r->bignum, r->length, &offset,
                                         BCRYPT_PAD_NONE);
 
-                    free(bignum);
+                    _libssh2_wincng_safe_free(bignum, length);
 
                     if (BCRYPT_SUCCESS(ret)) {
                         _libssh2_wincng_bignum_resize(r, offset);
@@ -1706,7 +1951,7 @@ _libssh2_wincng_bignum_mod_exp(_libssh2_bn *r,
         BCryptDestroyKey(hKey);
     }
 
-    free(key);
+    _libssh2_wincng_safe_free(key, keylen);
 
     return BCRYPT_SUCCESS(ret) ? 0 : -1;
 }
@@ -1784,6 +2029,10 @@ _libssh2_wincng_bignum_from_bin(_libssh2_bn *bn, unsigned long len,
     if (offset > 0) {
         memmove(bn->bignum, bn->bignum + offset, length);
 
+#ifdef LIBSSH2_CLEAR_MEMORY
+        SecureZeroMemory(bn->bignum + length, offset);
+#endif
+
         bignum = realloc(bn->bignum, length);
         if (bignum) {
             bn->bignum = bignum;
@@ -1805,11 +2054,11 @@ _libssh2_wincng_bignum_free(_libssh2_bn *bn)
 {
     if (bn) {
         if (bn->bignum) {
-            free(bn->bignum);
+            _libssh2_wincng_safe_free(bn->bignum, bn->length);
             bn->bignum = NULL;
         }
         bn->length = 0;
-        free(bn);
+        _libssh2_wincng_safe_free(bn, sizeof(_libssh2_bn));
     }
 }
 

src/wincng.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013-2014 Marc Hoersken <info@marc-hoersken.de>
+ * Copyright (C) 2013-2015 Marc Hoersken <info@marc-hoersken.de>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -51,6 +51,8 @@
 #define LIBSSH2_MD5 1
 
 #define LIBSSH2_HMAC_RIPEMD 0
+#define LIBSSH2_HMAC_SHA256 1
+#define LIBSSH2_HMAC_SHA512 1
 
 #define LIBSSH2_AES 1
 #define LIBSSH2_AES_CTR 0
@@ -64,6 +66,8 @@
 
 #define MD5_DIGEST_LENGTH 16
 #define SHA_DIGEST_LENGTH 20
+#define SHA256_DIGEST_LENGTH 32
+#define SHA512_DIGEST_LENGTH 64
 
 
 /*******************************************************************/
@@ -75,8 +79,12 @@ struct _libssh2_wincng_ctx {
     BCRYPT_ALG_HANDLE hAlgRNG;
     BCRYPT_ALG_HANDLE hAlgHashMD5;
     BCRYPT_ALG_HANDLE hAlgHashSHA1;
+    BCRYPT_ALG_HANDLE hAlgHashSHA256;
+    BCRYPT_ALG_HANDLE hAlgHashSHA512;
     BCRYPT_ALG_HANDLE hAlgHmacMD5;
     BCRYPT_ALG_HANDLE hAlgHmacSHA1;
+    BCRYPT_ALG_HANDLE hAlgHmacSHA256;
+    BCRYPT_ALG_HANDLE hAlgHmacSHA512;
     BCRYPT_ALG_HANDLE hAlgRSA;
     BCRYPT_ALG_HANDLE hAlgDSA;
     BCRYPT_ALG_HANDLE hAlgAES_CBC;
@@ -103,6 +111,8 @@ void _libssh2_wincng_free(void);
 #define _libssh2_random(buf, len) \
   _libssh2_wincng_random(buf, len)
 
+#define libssh2_prepare_iovec(vec, len)  /* Empty. */
+
 
 /*******************************************************************/
 /*
@@ -122,8 +132,8 @@ typedef struct __libssh2_wincng_hash_ctx {
 
 #define libssh2_sha1_ctx _libssh2_wincng_hash_ctx
 #define libssh2_sha1_init(ctx) \
-  _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA1, \
-                            SHA_DIGEST_LENGTH, NULL, 0)
+  (_libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA1, \
+                            SHA_DIGEST_LENGTH, NULL, 0) == 0)
 #define libssh2_sha1_update(ctx, data, datalen) \
   _libssh2_wincng_hash_update(&ctx, (unsigned char *) data, datalen)
 #define libssh2_sha1_final(ctx, hash) \
@@ -132,10 +142,34 @@ typedef struct __libssh2_wincng_hash_ctx {
   _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA1, \
                        hash, SHA_DIGEST_LENGTH)
 
+#define libssh2_sha256_ctx _libssh2_wincng_hash_ctx
+#define libssh2_sha256_init(ctx) \
+  (_libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA256, \
+                            SHA256_DIGEST_LENGTH, NULL, 0) == 0)
+#define libssh2_sha256_update(ctx, data, datalen) \
+  _libssh2_wincng_hash_update(&ctx, (unsigned char *) data, datalen)
+#define libssh2_sha256_final(ctx, hash) \
+  _libssh2_wincng_hash_final(&ctx, hash)
+#define libssh2_sha256(data, datalen, hash) \
+  _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA256, \
+                       hash, SHA256_DIGEST_LENGTH)
+
+#define libssh2_sha512_ctx _libssh2_wincng_hash_ctx
+#define libssh2_sha512_init(ctx) \
+  (_libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA512, \
+                            SHA512_DIGEST_LENGTH, NULL, 0) == 0)
+#define libssh2_sha512_update(ctx, data, datalen) \
+  _libssh2_wincng_hash_update(&ctx, (unsigned char *) data, datalen)
+#define libssh2_sha512_final(ctx, hash) \
+  _libssh2_wincng_hash_final(&ctx, hash)
+#define libssh2_sha512(data, datalen, hash) \
+  _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA512, \
+                       hash, SHA512_DIGEST_LENGTH)
+
 #define libssh2_md5_ctx _libssh2_wincng_hash_ctx
 #define libssh2_md5_init(ctx) \
-  _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashMD5, \
-                            MD5_DIGEST_LENGTH, NULL, 0)
+  (_libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashMD5, \
+                            MD5_DIGEST_LENGTH, NULL, 0) == 0)
 #define libssh2_md5_update(ctx, data, datalen) \
   _libssh2_wincng_hash_update(&ctx, (unsigned char *) data, datalen)
 #define libssh2_md5_final(ctx, hash) \
@@ -149,6 +183,7 @@ typedef struct __libssh2_wincng_hash_ctx {
  */
 
 #define libssh2_hmac_ctx _libssh2_wincng_hash_ctx
+#define libssh2_hmac_ctx_init(ctx)
 #define libssh2_hmac_sha1_init(ctx, key, keylen) \
   _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacSHA1, \
                             SHA_DIGEST_LENGTH, key, keylen)
@@ -157,6 +192,12 @@ typedef struct __libssh2_wincng_hash_ctx {
                             MD5_DIGEST_LENGTH, key, keylen)
 #define libssh2_hmac_ripemd160_init(ctx, key, keylen)
   /* not implemented */
+#define libssh2_hmac_sha256_init(ctx, key, keylen) \
+  _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacSHA256, \
+                            SHA256_DIGEST_LENGTH, key, keylen)
+#define libssh2_hmac_sha512_init(ctx, key, keylen) \
+  _libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHmacSHA512, \
+                            SHA512_DIGEST_LENGTH, key, keylen)
 #define libssh2_hmac_update(ctx, data, datalen) \
   _libssh2_wincng_hash_update(&ctx, (unsigned char *) data, datalen)
 #define libssh2_hmac_final(ctx, hash) \
@@ -190,6 +231,10 @@ typedef struct __libssh2_wincng_key_ctx {
                           e1, e1_len, e2, e2_len, c, c_len)
 #define _libssh2_rsa_new_private(rsactx, s, filename, passphrase) \
   _libssh2_wincng_rsa_new_private(rsactx, s, filename, passphrase)
+#define _libssh2_rsa_new_private_frommemory(rsactx, s, filedata, \
+                                            filedata_len, passphrase) \
+  _libssh2_wincng_rsa_new_private_frommemory(rsactx, s, filedata, \
+                                             filedata_len, passphrase)
 #define _libssh2_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len) \
   _libssh2_wincng_rsa_sha1_sign(s, rsactx, hash, hash_len, sig, sig_len)
 #define _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len) \
@@ -206,8 +251,12 @@ typedef struct __libssh2_wincng_key_ctx {
                          g, g_len, y, y_len, x, x_len) \
   _libssh2_wincng_dsa_new(dsactx, p, p_len, q, q_len, \
                           g, g_len, y, y_len, x, x_len)
-#define _libssh2_dsa_new_private(rsactx, s, filename, passphrase) \
-  _libssh2_wincng_dsa_new_private(rsactx, s, filename, passphrase)
+#define _libssh2_dsa_new_private(dsactx, s, filename, passphrase) \
+  _libssh2_wincng_dsa_new_private(dsactx, s, filename, passphrase)
+#define _libssh2_dsa_new_private_frommemory(dsactx, s, filedata, \
+                                            filedata_len, passphrase) \
+  _libssh2_wincng_dsa_new_private_frommemory(dsactx, s, filedata, \
+                                             filedata_len, passphrase)
 #define _libssh2_dsa_sha1_sign(dsactx, hash, hash_len, sig) \
   _libssh2_wincng_dsa_sha1_sign(dsactx, hash, hash_len, sig)
 #define _libssh2_dsa_sha1_verify(dsactx, sig, m, m_len) \
@@ -221,6 +270,10 @@ typedef struct __libssh2_wincng_key_ctx {
 
 #define _libssh2_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw) \
   _libssh2_wincng_pub_priv_keyfile(s, m, m_len, p, p_len, pk, pw)
+#define _libssh2_pub_priv_keyfilememory(s, m, m_len, p, p_len, \
+                                                     pk, pk_len, pw) \
+  _libssh2_wincng_pub_priv_keyfilememory(s, m, m_len, p, p_len, \
+                                                      pk, pk_len, pw)
 
 
 /*******************************************************************/
@@ -303,6 +356,8 @@ _libssh2_bn *_libssh2_wincng_bignum_init(void);
 
 #define _libssh2_bn_init() \
   _libssh2_wincng_bignum_init()
+#define _libssh2_bn_init_from_bin() \
+  _libssh2_bn_init()
 #define _libssh2_bn_rand(bn, bits, top, bottom) \
   _libssh2_wincng_bignum_rand(bn, bits, top, bottom)
 #define _libssh2_bn_mod_exp(r, a, p, m, ctx) \
@@ -381,6 +436,12 @@ _libssh2_wincng_rsa_new_private(libssh2_rsa_ctx **rsa,
                                 const char *filename,
                                 const unsigned char *passphrase);
 int
+_libssh2_wincng_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
+                                           LIBSSH2_SESSION *session,
+                                           const char *filedata,
+                                           size_t filedata_len,
+                                           unsigned const char *passphrase);
+int
 _libssh2_wincng_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
                                 const unsigned char *sig,
                                 unsigned long sig_len,
@@ -415,6 +476,12 @@ _libssh2_wincng_dsa_new_private(libssh2_dsa_ctx **dsa,
                                 const char *filename,
                                 const unsigned char *passphrase);
 int
+_libssh2_wincng_dsa_new_private_frommemory(libssh2_dsa_ctx **dsa,
+                                           LIBSSH2_SESSION *session,
+                                           const char *filedata,
+                                           size_t filedata_len,
+                                           unsigned const char *passphrase);
+int
 _libssh2_wincng_dsa_sha1_verify(libssh2_dsa_ctx *dsa,
                                 const unsigned char *sig_fixed,
                                 const unsigned char *m,
@@ -436,6 +503,15 @@ _libssh2_wincng_pub_priv_keyfile(LIBSSH2_SESSION *session,
                                  size_t *pubkeydata_len,
                                  const char *privatekey,
                                  const char *passphrase);
+int
+_libssh2_wincng_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
+                                       unsigned char **method,
+                                       size_t *method_len,
+                                       unsigned char **pubkeydata,
+                                       size_t *pubkeydata_len,
+                                       const char *privatekeydata,
+                                       size_t privatekeydata_len,
+                                       const char *passphrase);
 
 int
 _libssh2_wincng_cipher_init(_libssh2_cipher_ctx *ctx,

tests/CMakeLists.txt

@@ -0,0 +1,111 @@
+# Copyright (c) 2014, 2015 Alexander Lamaison <alexander.lamaison@gmail.com>
+#
+# Redistribution and use in source and binary forms,
+# with or without modification, are permitted provided
+# that the following conditions are met:
+#
+#   Redistributions of source code must retain the above
+#   copyright notice, this list of conditions and the
+#   following disclaimer.
+#
+#   Redistributions in binary form must reproduce the above
+#   copyright notice, this list of conditions and the following
+#   disclaimer in the documentation and/or other materials
+#   provided with the distribution.
+#
+#   Neither the name of the copyright holder nor the names
+#   of any other contributors may be used to endorse or
+#   promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+
+include(CheckIncludeFiles)
+include(CheckFunctionExists)
+include(CheckSymbolExists)
+include(BundleUtilities)
+include(CopyRuntimeDependencies)
+include(SocketLibraries)
+
+## Platform checks
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+check_include_files(sys/socket.h HAVE_SYS_SOCKET_H)
+check_include_files(arpa/inet.h HAVE_ARPA_INET_H)
+check_include_files(windows.h HAVE_WINDOWS_H)
+check_include_files(winsock2.h HAVE_WINSOCK2_H)
+
+configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/libssh2_config_cmake.h.in
+  ${CMAKE_CURRENT_BINARY_DIR}/libssh2_config.h)
+
+set(TESTS
+  simple
+  ssh2)
+
+append_needed_socket_libraries(LIBRARIES)
+
+foreach(test ${TESTS})
+  add_executable(test-${test} ${test}.c)
+  target_link_libraries(test-${test} libssh2 ${LIBRARIES})
+  target_include_directories(test-${test} PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+  list(APPEND TEST_TARGETS test-${test})
+endforeach()
+
+add_target_to_copy_dependencies(
+  TARGET copy_test_dependencies
+  DEPENDENCIES ${RUNTIME_DEPENDENCIES}
+  BEFORE_TARGETS ${TEST_TARGETS})
+
+# TODO convert mansyntax.sh into CMake script.
+# XXX Just because we can find all three programs, doesn't mean sh can
+# find man and grep
+find_program(SH_EXECUTABLE sh)
+find_program(MAN_EXECUTABLE man)
+find_program(GREP_EXECUTABLE grep)
+mark_as_advanced(SH_EXECUTABLE MAN_EXECUTABLE GREP_EXECUTABLE)
+if(SH_EXECUTABLE AND MAN_EXECUTABLE AND GREP_EXECUTABLE)
+  set(cmd "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+  set(cmd "${cmd} ${CMAKE_CURRENT_SOURCE_DIR}/mansyntax.sh")
+  add_test(mansyntax ${SH_EXECUTABLE} -c "${cmd}")
+endif()
+
+add_test(simple test-simple)
+
+find_program(SSHD_EXECUTABLE sshd)
+find_program(CHMOD_EXECUTABLE chmod)
+find_program(KILL_EXECUTABLE kill)
+mark_as_advanced(SSHD_EXECUTABLE CHMOD_EXECUTABLE KILL_EXECUTABLE)
+if(SSHD_EXECUTABLE AND CHMOD_EXECUTABLE AND KILL_EXECUTABLE)
+  set(SSHD_TEST_CONFIG_DIR ${CMAKE_CURRENT_BINARY_DIR})
+  set(TEST_NAME ssh2)
+
+  add_custom_command(
+    TARGET test-${TEST_NAME}
+    COMMAND ${CMAKE_COMMAND} -E copy_directory
+    ${CMAKE_CURRENT_SOURCE_DIR}/etc
+    ${SSHD_TEST_CONFIG_DIR}/etc)
+
+  configure_file(
+    ${CMAKE_CURRENT_SOURCE_DIR}/sshd_fixture.sh.in
+    ${CMAKE_CURRENT_BINARY_DIR}/test-${TEST_NAME}_fixture.sh
+    @ONLY)
+
+  add_test(NAME ssh2 COMMAND ${SH_EXECUTABLE}
+    ${CMAKE_CURRENT_BINARY_DIR}/test-${TEST_NAME}_fixture.sh
+    $<TARGET_FILE:test-${TEST_NAME}>)
+
+endif()

tests/Makefile.am

@@ -14,6 +14,8 @@ endif
 check_PROGRAMS = $(ctests)
 
 TESTS_ENVIRONMENT = SSHD=$(SSHD) EXEEXT=$(EXEEXT)
+TESTS_ENVIRONMENT += srcdir=$(top_srcdir)/tests builddir=$(top_builddir)/tests
 
 EXTRA_DIST = ssh2.sh mansyntax.sh
 EXTRA_DIST += etc/host etc/host.pub etc/user etc/user.pub
+EXTRA_DIST += CMakeLists.txt libssh2_config_cmake.h.in sshd_fixture.sh.in

tests/libssh2_config_cmake.h.in

@@ -0,0 +1,43 @@
+/* Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Headers */
+#cmakedefine HAVE_UNISTD_H
+#cmakedefine HAVE_INTTYPES_H
+#cmakedefine HAVE_SYS_SOCKET_H
+#cmakedefine HAVE_ARPA_INET_H
+#cmakedefine HAVE_WINDOWS_H
+#cmakedefine HAVE_WINSOCK2_H

tests/mansyntax.sh

@@ -7,24 +7,26 @@ set -e
 #
 
 srcdir=${srcdir:-$PWD}
+dstdir=${builddir:-$PWD}
 mandir=${srcdir}/../docs
 
 #
 # Only test if suitable man is available
 #
 if ! man --help | grep -q warnings; then
-  exit 77
+  echo "man version not suitable, skipping tests"
+  exit 0
 fi
 
 ec=0
 
-trap "rm -f $srcdir/man3" EXIT
+trap "rm -f $dstdir/man3" EXIT
 
-ln -sf "$mandir" "$srcdir/man3"
+ln -sf "$mandir" "$dstdir/man3"
 
 for manpage in $mandir/libssh2_*.*; do
   echo "$manpage"
-  warnings=$(LANG=en_US.UTF-8 MANWIDTH=80 man -M "$srcdir" --warnings \
+  warnings=$(LANG=en_US.UTF-8 MANWIDTH=80 man -M "$dstdir" --warnings \
     -E UTF-8 -l "$manpage" 2>&1 >/dev/null)
   if [ -n "$warnings" ]; then
     echo "$warnings"

tests/ssh2.c

@@ -80,7 +80,7 @@ int main(int argc, char *argv[])
     if (connect(sock, (struct sockaddr*)(&sin),
                 sizeof(struct sockaddr_in)) != 0) {
         fprintf(stderr, "failed to connect!\n");
-        return -1;
+        return 1;
     }
 
     /* Create a session instance and start it up
@@ -89,7 +89,7 @@ int main(int argc, char *argv[])
     session = libssh2_session_init();
     if (libssh2_session_startup(session, sock)) {
         fprintf(stderr, "Failure establishing SSH session\n");
-        return -1;
+        return 1;
     }
 
     /* At this point we havn't authenticated,

tests/sshd_fixture.sh.in

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Written by Simon Josefsson.
+
+# Start sshd, invoke parameters, saving exit code, kill sshd, and
+# return exit code.
+
+srcdir="@SSHD_TEST_CONFIG_DIR@"
+SSHD="@SSHD_EXECUTABLE@"
+
+cmd="\"$1\""
+
+PRIVKEY=$srcdir/etc/user
+export PRIVKEY
+PUBKEY=$srcdir/etc/user.pub
+export PUBKEY
+
+if test -n "$DEBUG"; then
+    libssh2_sshd_params="-d -d"
+fi
+
+chmod go-rwx "$srcdir"/etc/host*
+"$SSHD" -f /dev/null -h "$srcdir/etc/host" \
+    -o 'Port 4711' \
+    -o 'Protocol 2' \
+    -o "AuthorizedKeysFile \"$srcdir/etc/user.pub\"" \
+    -o 'UsePrivilegeSeparation no' \
+    -o 'StrictModes no' \
+    -D \
+    $libssh2_sshd_params &
+sshdpid=$!
+
+trap "kill ${sshdpid}; echo signal killing sshd; exit 1;" EXIT
+
+: "started sshd (${sshdpid})"
+
+sleep 3
+
+if ! kill -0 ${sshdpid}
+then
+    echo "SSHD exited before test started"
+    exit 1
+fi
+
+: Invoking $cmd...
+eval "$cmd"
+ec=$?
+: Self-test exit code $ec
+
+: "killing sshd (${sshdpid})"
+kill "${sshdpid}" > /dev/null 2>&1
+trap "" EXIT
+exit $ec

vms/readme.vms

@@ -8,7 +8,7 @@ LIBSSH2
 
 LIBSSH2 is a client-side library written in C that aims to 
 implement the SSH2 protocol. It is an open source project, 
-to be found at http://libssh2.org. 
+to be found at https://libssh2.org.
 
 GNV
 ---
@@ -190,7 +190,7 @@ You will need to have the following available:
 
 Optional:
 
-- curl, to be found at  http://curl.haxx.se
+- curl, to be found at  https://curl.haxx.se
   You might want to use curl to download the libssh2 kit directly
   to you VMS machine. Interestingly, sftp in curl is implemented using
   libssh2, soon to be expected on VMS as well, hopefully.
@@ -217,7 +217,7 @@ $ then
 $   delete libssh2-'libssh2_version'-'currentday'.tar.gz;*
 $ endif
 $!
-$ curl 'proxy_line' "http://libssh2.org/snapshots/libssh2-''libssh2_version'-''currentday'.tar.gz" -
+$ curl 'proxy_line' "https://libssh2.org/snapshots/libssh2-''libssh2_version'-''currentday'.tar.gz" -
                     -o libssh2-'libssh2_version'-'currentday'.tar.gz
 $!
 $!

win32/GNUmakefile

@@ -14,7 +14,7 @@ endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8zc
+OPENSSL_PATH = ../../openssl-1.0.2d
 endif
 
 # Edit the path below to point to your Distribution folder.
@@ -34,7 +34,7 @@ PROOT	= ..
 
 # Edit the vars below to change target settings.
 TARGET	= libssh2
-WWWURL	= http://www.libssh2.org/
+WWWURL	= https://www.libssh2.org/
 DESCR	= libssh2 $(LIBSSH2_VERSION_STR)
 #STACK	= 64000
 
@@ -110,19 +110,19 @@ endif
 -include $(OBJDIR)/version.inc
 
 # Global flags for all compilers
-CFLAGS	= $(OPT) -D$(DB) -DLIBSSH2_WIN32 # -DHAVE_CONFIG_H
+CFLAGS	= $(LIBSSH2_CFLAG_EXTRAS) $(OPT) -D$(DB) -DLIBSSH2_WIN32 # -DHAVE_CONFIG_H
+LDFLAGS = $(LIBSSH2_LDFLAG_EXTRAS)
 
 ifeq ($(CC),mwcc)
 LD	= mwld
 RC	= mwwinrc
-LDFLAGS	= -nostdlib
+LDFLAGS	+= -nostdlib
 AR	= $(LD)
 ARFLAGS	= -nostdlib -library -o
 LIBEXT	= lib
 #RANLIB	=
 LIBPATH	+= -lr "$(METROWERKS)/MSL" -lr "$(METROWERKS)/Win32-x86 Support"
 LDLIBS	+= -lMSL_Runtime_x86.lib -lMSL_C_x86.lib -lMSL_Extras_x86.lib
-LDLIBS	+= -lkernel32.lib -luser32.lib -lwsock32.lib
 RCFLAGS	=
 CFLAGS	+= -nostdinc -gccinc -msgstyle gcc -inline off -opt nointrinsics -proc 586
 CFLAGS	+= -ir "$(METROWERKS)/MSL" -ir "$(METROWERKS)/Win32-x86 Support"
@@ -130,22 +130,22 @@ CFLAGS	+= -w on,nounused,nounusedexpr # -ansi strict
 else
 LD	= $(CROSSPREFIX)gcc
 RC	= $(CROSSPREFIX)windres
-LDFLAGS	= -s -shared -Wl,--output-def,$(TARGET).def,--out-implib,$(TARGET)dll.a
+LDFLAGS	+= -s -shared -Wl,--output-def,$(TARGET).def,--out-implib,$(TARGET)dll.a
 AR	= $(CROSSPREFIX)ar
 ARFLAGS	= -cq
 LIBEXT	= a
 RANLIB	= $(CROSSPREFIX)ranlib
-#LDLIBS	+= -lwsock32
-LDLIBS	+= -lws2_32
 RCFLAGS	= -I $(PROOT)/include -O coff
 CFLAGS	+= -fno-builtin
 CFLAGS	+= -fno-strict-aliasing
 CFLAGS	+= -Wall # -pedantic
 ifeq ($(ARCH),w64)
-CFLAGS	+= -D_AMD64_
+CFLAGS	+= -m64 -D_AMD64_
+LDFLAGS += -m64
 RCFLAGS	+= -F pe-x86-64
 else
 CFLAGS	+= -m32
+LDFLAGS += -m32
 RCFLAGS	+= -F pe-i386
 endif
 endif
@@ -186,6 +186,12 @@ else
 	LDLIBS += $(patsubst %,$(OPENSSL_LIBPATH)/lib%.$(LIBEXT), $(OPENSSL_LIBS_DYN))
 endif
 endif
+ifeq ($(CC),mwcc)
+LDLIBS	+= -lkernel32.lib -luser32.lib -lwsock32.lib
+else
+#LDLIBS	+= -lwsock32
+LDLIBS	+= -lws2_32
+endif
 
 ifdef WITH_ZLIB
 	CFLAGS += -DLIBSSH2_HAVE_ZLIB
@@ -342,5 +348,3 @@ help: $(OBJDIR)/version.inc
 	@echo $(DL)$(MAKE) objclean$(DL)
 	@echo $(DL)$(MAKE) test$(DL)
 	@echo $(DL)===========================================================$(DL)
-
-

win32/libssh2.rc

@@ -26,7 +26,7 @@ BEGIN
   BEGIN
     BLOCK "040904b0"
     BEGIN
-      VALUE "CompanyName",      "The libssh2 library, http://www.libssh2.org/\0"
+      VALUE "CompanyName",      "The libssh2 library, https://www.libssh2.org/\0"
       VALUE "FileDescription",  "libssh2 Shared Library\0"
       VALUE "FileVersion",      LIBSSH2_VERSION "\0"
       VALUE "InternalName",     "libssh2\0"
@@ -34,7 +34,7 @@ BEGIN
       VALUE "ProductName",      "The libssh2 library\0"
       VALUE "ProductVersion",   LIBSSH2_VERSION "\0"
       VALUE "LegalCopyright",   "© " LIBSSH2_COPYRIGHT "\0"
-      VALUE "License",          "http://www.libssh2.org/license.html\0"
+      VALUE "License",          "https://www.libssh2.org/license.html\0"
     END
   END
 

win32/test/GNUmakefile

@@ -26,7 +26,7 @@ LINK_STATIC = 1
 # Edit the vars below to change target settings.
 SAMPLES	= $(PROOT)/example
 TARGETS := $(filter-out x11.exe,$(patsubst $(SAMPLES)/%.c,%.exe,$(strip $(wildcard $(SAMPLES)/*.c))))
-WWWURL	= http://www.libssh2.org/
+WWWURL	= https://www.libssh2.org/
 DESCR	= libssh2 $(subst .rc,,$(notdir $@)) $(LIBSSH2_VERSION_STR)
 #STACK	= 64000