7 files changed, 147 insertions, 56 deletions

diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src
index 42eb2167e0..8269f89e40 100644
--- a/lib/ssh/src/ssh.appup.src
+++ b/lib/ssh/src/ssh.appup.src
@@ -19,13 +19,25 @@
 
 {"%VSN%",	
  [
+  {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
   {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []},
-	     {load_module, ssh_acceptor, soft_purge, soft_purge, []}]},
+	     {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+	     {load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
   {<<".*">>, [{restart_application, ssh}]}
  ],
  [
+  {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
   {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []},
-	     {load_module, ssh_acceptor, soft_purge, soft_purge, []}]},
+	     {load_module, ssh_acceptor, soft_purge, soft_purge, []},
+	     {load_module, ssh_message, soft_purge, soft_purge, []},
+	     {load_module, ssh_connection_handler, soft_purge, soft_purge, []},
+	     {load_module, ssh_io, soft_purge, soft_purge, []}]},
   {<<".*">>, [{restart_application, ssh}]}
  ]
 }.
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 240de69eff..8a8d4bb89e 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -74,8 +74,7 @@ connect(Host, Port, Options, Timeout) ->
 	    {_, Transport, _} = TransportOpts =
 		proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
 	    ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity),
-	    Inet = proplists:get_value(inet, SshOptions, inet),
-	    try Transport:connect(Host, Port,  [ {active, false}, Inet | SocketOptions], ConnectionTimeout) of
+	    try Transport:connect(Host, Port,  [ {active, false} | SocketOptions], ConnectionTimeout) of
 		{ok, Socket} ->
 		    Opts =  [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)],
 		    ssh_connection_handler:start_connection(client, Socket, Opts, Timeout);
@@ -256,8 +255,8 @@ do_start_daemon(Host, Port, Options, SocketOptions) ->
 
 handle_options(Opts) ->
     try handle_option(proplists:unfold(Opts), [], []) of
-	{_,_} = Options ->
-	    Options
+	{Inet, Ssh} ->
+	    {handle_ip(Inet), Ssh}
     catch
 	throw:Error ->
 	    Error
@@ -393,7 +392,8 @@ handle_ssh_option({compression, Value} = Opt) when is_atom(Value) ->
     Opt;
 handle_ssh_option({exec, {Module, Function, _}} = Opt) when is_atom(Module), 
 							    is_atom(Function) ->
-
+    Opt;
+handle_ssh_option({exec, Function} = Opt) when is_function(Function) ->
     Opt;
 handle_ssh_option({auth_methods, Value} = Opt)  when is_list(Value) ->
     Opt;
@@ -433,13 +433,14 @@ handle_ssh_option(Opt) ->
     throw({error, {eoptions, Opt}}).
 
 handle_inet_option({active, _} = Opt) ->
-    throw({error, {{eoptions, Opt}, "Ssh has built in flow control, "
-		   "and activ is handled internaly user is not allowd"
+    throw({error, {{eoptions, Opt}, "SSH has built in flow control, "
+		   "and active is handled internally, user is not allowed"
 		   "to specify this option"}});
-handle_inet_option({inet, Value} = Opt) when (Value == inet) or (Value == inet6) ->
-    Opt;
+
+handle_inet_option({inet, Value}) when (Value == inet) or (Value == inet6) ->
+    Value;
 handle_inet_option({reuseaddr, _} = Opt) ->
-    throw({error, {{eoptions, Opt},"Is set internaly user is not allowd"
+    throw({error, {{eoptions, Opt},"Is set internally, user is not allowed"
 		   "to specify this option"}});
 %% Option verified by inet
 handle_inet_option(Opt) ->
@@ -460,3 +461,17 @@ handle_pref_algs([H|T], Acc) ->
 	_ ->
 	    false
     end.
+
+handle_ip(Inet) -> %% Default to ipv4
+    case lists:member(inet, Inet) of
+	true ->
+	    Inet;
+	false ->
+	    case lists:member(inet6, Inet) of
+		true -> 
+		    Inet;
+		false ->
+		    [inet | Inet]
+	    end
+    end.
+	
diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl
index 77453e8fd7..18841e3d2d 100644
--- a/lib/ssh/src/ssh_cli.erl
+++ b/lib/ssh/src/ssh_cli.erl
@@ -457,17 +457,17 @@ bin_to_list(I) when is_integer(I) ->
 
 start_shell(ConnectionHandler, State) ->
     Shell = State#state.shell,
-    ConnectionInfo = ssh_connection_handler:info(ConnectionHandler,
+    ConnectionInfo = ssh_connection_handler:connection_info(ConnectionHandler,
 						  [peer, user]),
     ShellFun = case is_function(Shell) of
 		   true ->
-		       {ok, User} = 
+		       User = 
 			   proplists:get_value(user, ConnectionInfo),
 		       case erlang:fun_info(Shell, arity) of
 			   {arity, 1} ->
 			       fun() -> Shell(User) end;
 			   {arity, 2} ->
-			       [{_, PeerAddr}] =
+			       {_, PeerAddr} =
 				   proplists:get_value(peer, ConnectionInfo),
 			       fun() -> Shell(User, PeerAddr) end;
 			   _ ->
@@ -485,9 +485,9 @@ start_shell(_ConnectionHandler, Cmd, #state{exec={M, F, A}} = State) ->
     State#state{group = Group, buf = empty_buf()};
 start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function(Shell) ->
 
-    ConnectionInfo = ssh_connection_handler:info(ConnectionHandler,
+    ConnectionInfo = ssh_connection_handler:connection_info(ConnectionHandler,
 						 [peer, user]),
-    {ok, User} = 
+    User = 
 	proplists:get_value(user, ConnectionInfo),
     ShellFun = 
 	case erlang:fun_info(Shell, arity) of
@@ -496,7 +496,7 @@ start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function
 	    {arity, 2} ->
 		fun() -> Shell(Cmd, User) end;
 	    {arity, 3} ->
-		[{_, PeerAddr}] =
+		{_, PeerAddr} =
 		    proplists:get_value(peer, ConnectionInfo),
 		fun() -> Shell(Cmd, User, PeerAddr) end;
 	    _ ->
diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index b377614949..33849f4527 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -782,9 +782,8 @@ handle_cli_msg(#connection{channel_cache = Cache} = Connection,
 	    erlang:monitor(process, Pid),
 	    Channel = Channel0#channel{user = Pid},
 	    ssh_channel:cache_update(Cache, Channel),
-	    Reply = {connection_reply,
-		     channel_success_msg(RemoteId)},
-	    {{replies, [{channel_data, Pid, Reply0}, Reply]}, Connection};
+	    {Reply, Connection1} = reply_msg(Channel, Connection, Reply0),
+ 	    {{replies, [Reply]}, Connection1};
 	_Other ->
 	    Reply = {connection_reply,
 		     channel_failure_msg(RemoteId)},
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 06866392da..86804c4436 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -104,21 +104,11 @@ start_connection(client = Role, Socket, Options, Timeout) ->
 
 start_connection(server = Role, Socket, Options, Timeout) ->
     try
-	Sups = proplists:get_value(supervisors, Options),
-	ConnectionSup = proplists:get_value(connection_sup, Sups),
-	Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])],
-	{ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]),
-	{_, Callback, _} =  proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
-	socket_control(Socket, Pid, Callback),
-	case proplists:get_value(parallel_login, Opts, false) of
+	case proplists:get_value(parallel_login, Options, false) of
 	    true ->
-		spawn(fun() -> 
-			      Ref = erlang:monitor(process, Pid),
-			      handshake(Pid, Ref, Timeout) 
-		      end);
+		spawn(fun() -> start_server_connection(Role, Socket, Options, Timeout) end);
 	    false ->
-		Ref = erlang:monitor(process, Pid),
-		handshake(Pid, Ref, Timeout)
+		start_server_connection(Role, Socket, Options, Timeout)
 	end
     catch
 	exit:{noproc, _} ->
@@ -127,6 +117,18 @@ start_connection(server = Role, Socket, Options, Timeout) ->
 	    {error, Error}
     end.
 
+
+start_server_connection(server = Role, Socket, Options, Timeout) ->
+    Sups = proplists:get_value(supervisors, Options),
+    ConnectionSup = proplists:get_value(connection_sup, Sups),
+    Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])],
+    {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]),
+    {_, Callback, _} =  proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
+    socket_control(Socket, Pid, Callback),
+    Ref = erlang:monitor(process, Pid),
+    handshake(Pid, Ref, Timeout).
+
+
 start_link(Role, Socket, Options) ->
     {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}.
 
diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl
index 8d6c77c0ed..76b57cb995 100644
--- a/lib/ssh/src/ssh_message.erl
+++ b/lib/ssh/src/ssh_message.erl
@@ -255,7 +255,7 @@ encode(#ssh_msg_ignore{data = Data}) ->
     ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]);
 
 encode(#ssh_msg_unimplemented{sequence = Seq}) ->
-    ssh_bits:encode([?SSH_MSG_IGNORE, Seq], [byte, uint32]);
+    ssh_bits:encode([?SSH_MSG_UNIMPLEMENTED, Seq], [byte, uint32]);
 
 encode(#ssh_msg_debug{always_display = Bool,
 		      message = Msg,
@@ -391,13 +391,6 @@ decode(<<?BYTE(?SSH_MSG_USERAUTH_INFO_REQUEST), ?UINT32(Len0), Name:Len0/binary,
        data = Data};
 
 %%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST:
-decode(<<?BYTE(?SSH_MSG_USERAUTH_PK_OK), ?UINT32(Len), Alg:Len/binary, KeyBlob/binary>>) ->
-    #ssh_msg_userauth_pk_ok{
-       algorithm_name = Alg,
-       key_blob = KeyBlob
-      };
-
-%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST:
 decode(<<?BYTE(?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ), ?UINT32(Len0), Prompt:Len0/binary,
 	 ?UINT32(Len1), Lang:Len1/binary>>) ->
     #ssh_msg_userauth_passwd_changereq{
@@ -405,6 +398,13 @@ decode(<<?BYTE(?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ), ?UINT32(Len0), Prompt:Len0/b
        languge = Lang
       };
 
+%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST:
+decode(<<?BYTE(?SSH_MSG_USERAUTH_PK_OK), ?UINT32(Len), Alg:Len/binary, KeyBlob/binary>>) ->
+    #ssh_msg_userauth_pk_ok{
+       algorithm_name = Alg,
+       key_blob = KeyBlob
+      };
+
 decode(<<?BYTE(?SSH_MSG_USERAUTH_INFO_RESPONSE), ?UINT32(Num), Data/binary>>) ->
     #ssh_msg_userauth_info_response{
        num_responses = Num,
@@ -461,10 +461,19 @@ decode(<<?BYTE(?SSH_MSG_DISCONNECT), ?UINT32(Code),
        language = Lang
       };
 
+%% Accept bad disconnects from ancient openssh clients that doesn't send language tag.  Use english as a work-around.
+decode(<<?BYTE(?SSH_MSG_DISCONNECT), ?UINT32(Code),
+       ?UINT32(Len0), Desc:Len0/binary>>) ->
+    #ssh_msg_disconnect{
+       code = Code,
+       description = unicode:characters_to_list(Desc),
+       language = <<"en">>
+      };
+
 decode(<<?SSH_MSG_NEWKEYS>>) ->
     #ssh_msg_newkeys{};
 
-decode(<<?BYTE(?SSH_MSG_IGNORE), Data/binary>>) ->
+decode(<<?BYTE(?SSH_MSG_IGNORE), ?UINT32(Len), Data:Len/binary>>) ->
     #ssh_msg_ignore{data = Data};
 
 decode(<<?BYTE(?SSH_MSG_UNIMPLEMENTED), ?UINT32(Seq)>>) ->
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 27723dc870..ea05c849b7 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -113,15 +113,28 @@ key_init(client, Ssh, Value) ->
 key_init(server, Ssh, Value) ->
     Ssh#ssh{s_keyinit = Value}.
 
+available_ssh_algos() ->
+    Supports = crypto:supports(),
+    CipherAlgos = [{aes_ctr, "aes128-ctr"}, {aes_cbc128, "aes128-cbc"}, {des3_cbc, "3des-cbc"}],
+    Ciphers = [SshAlgo ||
+	{CryptoAlgo, SshAlgo} <- CipherAlgos,
+	lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))],
+    HashAlgos = [{sha256, "hmac-sha2-256"}, {sha, "hmac-sha1"}],
+    Hashs = [SshAlgo ||
+	{CryptoAlgo, SshAlgo} <- HashAlgos,
+	lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))],
+    {Ciphers, Hashs}.
+
 kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
+    {CipherAlgs, HashAlgs} = available_ssh_algos(),
     #ssh_msg_kexinit{ 
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
 		  server_host_key_algorithms = HostKeyAlgs,
-		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
-		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
-		  mac_algorithms_client_to_server = ["hmac-sha1"],
-		  mac_algorithms_server_to_client = ["hmac-sha1"],
+		  encryption_algorithms_client_to_server = CipherAlgs,
+		  encryption_algorithms_server_to_client = CipherAlgs,
+		  mac_algorithms_client_to_server = HashAlgs,
+		  mac_algorithms_server_to_client = HashAlgs,
 		  compression_algorithms_client_to_server = Compression,
 		  compression_algorithms_server_to_client = Compression,
 		  languages_client_to_server = [],
@@ -129,14 +142,15 @@ kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
 		 };
 
 kexinit_messsage(server, Random, Compression, HostKeyAlgs) ->
+    {CipherAlgs, HashAlgs} = available_ssh_algos(),
     #ssh_msg_kexinit{
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
 		  server_host_key_algorithms = HostKeyAlgs,
-		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
-		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
-		  mac_algorithms_client_to_server = ["hmac-sha1"],
-		  mac_algorithms_server_to_client = ["hmac-sha1"],
+		  encryption_algorithms_client_to_server = CipherAlgs,
+		  encryption_algorithms_server_to_client = CipherAlgs,
+		  mac_algorithms_client_to_server = HashAlgs,
+		  mac_algorithms_server_to_client = HashAlgs,
 		  compression_algorithms_client_to_server = Compression,
 		  compression_algorithms_server_to_client = Compression,
 		  languages_client_to_server = [],
@@ -636,7 +650,21 @@ encrypt_init(#ssh{encrypt = 'aes128-cbc', role = server} = Ssh) ->
     <<K:16/binary>> = hash(Ssh, "D", 128),
     {ok, Ssh#ssh{encrypt_keys = K,
 		 encrypt_block_size = 16,
-                 encrypt_ctx = IV}}.
+                 encrypt_ctx = IV}};
+encrypt_init(#ssh{encrypt = 'aes128-ctr', role = client} = Ssh) ->
+	IV = hash(Ssh, "A", 128),
+    <<K:16/binary>> = hash(Ssh, "C", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{encrypt_keys = K,
+		 encrypt_block_size = 16,
+                 encrypt_ctx = State}};
+encrypt_init(#ssh{encrypt = 'aes128-ctr', role = server} = Ssh) ->
+	IV = hash(Ssh, "B", 128),
+    <<K:16/binary>> = hash(Ssh, "D", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{encrypt_keys = K,
+		 encrypt_block_size = 16,
+                 encrypt_ctx = State}}.
 
 encrypt_final(Ssh) ->
     {ok, Ssh#ssh{encrypt = none, 
@@ -658,7 +686,11 @@ encrypt(#ssh{encrypt = 'aes128-cbc',
             encrypt_ctx = IV0} = Ssh, Data) ->
     Enc = crypto:block_encrypt(aes_cbc128, K,IV0,Data),
     IV = crypto:next_iv(aes_cbc, Enc),
-    {Ssh#ssh{encrypt_ctx = IV}, Enc}.
+    {Ssh#ssh{encrypt_ctx = IV}, Enc};
+encrypt(#ssh{encrypt = 'aes128-ctr',
+            encrypt_ctx = State0} = Ssh, Data) ->
+    {State, Enc} = crypto:stream_encrypt(State0,Data),
+    {Ssh#ssh{encrypt_ctx = State}, Enc}.
   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -690,7 +722,21 @@ decrypt_init(#ssh{decrypt = 'aes128-cbc', role = server} = Ssh) ->
 		hash(Ssh, "C", 128)},
     <<K:16/binary>> = KD,
     {ok, Ssh#ssh{decrypt_keys = K, decrypt_ctx = IV,
-		 decrypt_block_size = 16}}.
+		 decrypt_block_size = 16}};
+decrypt_init(#ssh{decrypt = 'aes128-ctr', role = client} = Ssh) ->
+	IV = hash(Ssh, "B", 128),
+    <<K:16/binary>> = hash(Ssh, "D", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{decrypt_keys = K,
+		 decrypt_block_size = 16,
+                 decrypt_ctx = State}};
+decrypt_init(#ssh{decrypt = 'aes128-ctr', role = server} = Ssh) ->
+	IV = hash(Ssh, "A", 128),
+    <<K:16/binary>> = hash(Ssh, "C", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{decrypt_keys = K,
+		 decrypt_block_size = 16,
+                 decrypt_ctx = State}}.
 
   
 decrypt_final(Ssh) ->
@@ -711,7 +757,11 @@ decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key,
 	     decrypt_ctx = IV0} = Ssh, Data) ->
     Dec = crypto:block_decrypt(aes_cbc128, Key,IV0,Data),
     IV = crypto:next_iv(aes_cbc, Data),
-    {Ssh#ssh{decrypt_ctx = IV}, Dec}.
+    {Ssh#ssh{decrypt_ctx = IV}, Dec};
+decrypt(#ssh{decrypt = 'aes128-ctr',
+            decrypt_ctx = State0} = Ssh, Data) ->
+    {State, Enc} = crypto:stream_decrypt(State0,Data),
+    {Ssh#ssh{decrypt_ctx = State}, Enc}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Compression
@@ -846,7 +896,9 @@ mac('hmac-sha1-96', Key, SeqNum, Data) ->
 mac('hmac-md5', Key, SeqNum, Data) ->
     crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data]);
 mac('hmac-md5-96', Key, SeqNum, Data) ->
-    crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data], mac_digest_size('hmac-md5-96')).
+    crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data], mac_digest_size('hmac-md5-96'));
+mac('hmac-sha2-256', Key, SeqNum, Data) ->
+	crypto:hmac(sha256, Key, [<<?UINT32(SeqNum)>>, Data]).
 
 %% return N hash bytes (HASH)
 hash(SSH, Char, Bits) ->
@@ -911,12 +963,14 @@ mac_key_size('hmac-sha1')    -> 20*8;
 mac_key_size('hmac-sha1-96') -> 20*8;
 mac_key_size('hmac-md5')     -> 16*8;
 mac_key_size('hmac-md5-96')  -> 16*8;
+mac_key_size('hmac-sha2-256')-> 32*8;
 mac_key_size(none) -> 0.
 
 mac_digest_size('hmac-sha1')    -> 20;
 mac_digest_size('hmac-sha1-96') -> 12;
 mac_digest_size('hmac-md5')    -> 20;
 mac_digest_size('hmac-md5-96') -> 12;
+mac_digest_size('hmac-sha2-256') -> 32;
 mac_digest_size(none) -> 0.
 
 peer_name({Host, _}) ->