6 files changed, 102 insertions, 60 deletions
diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl
index 18841e3d2d..de6d246403 100644
--- a/lib/ssh/src/ssh_cli.erl
+++ b/lib/ssh/src/ssh_cli.erl
@@ -98,7 +98,7 @@ handle_ssh_msg({ssh_cm, ConnectionHandler,
     Pty = Pty0#ssh_pty{width = Width, height = Height,
 		       pixel_width = PixWidth,
 		       pixel_height = PixHeight},
-    {Chars, NewBuf} = io_request({window_change, Pty0}, Buf, Pty),
+    {Chars, NewBuf} = io_request({window_change, Pty0}, Buf, Pty, undefined),
     write_chars(ConnectionHandler, ChannelId, Chars),
     {ok, State#state{pty = Pty, buf = NewBuf}};
 
@@ -188,7 +188,7 @@ handle_msg({Group, tty_geometry}, #state{group = Group,
 handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty,
 				 cm = ConnectionHandler,
 				 channel = ChannelId} = State) ->
-    {Chars, NewBuf} = io_request(Req, Buf, Pty),
+    {Chars, NewBuf} = io_request(Req, Buf, Pty, Group),
     write_chars(ConnectionHandler, ChannelId, Chars),
     {ok, State#state{buf = NewBuf}};
 
@@ -263,40 +263,49 @@ eval(Error) ->
 %%% displaying device...
 %%% We are *not* really unicode aware yet, we just filter away characters 
 %%% beyond the latin1 range. We however handle the unicode binaries...
-io_request({window_change, OldTty}, Buf, Tty) ->
+io_request({window_change, OldTty}, Buf, Tty, _Group) ->
     window_change(Tty, OldTty, Buf);
-io_request({put_chars, Cs}, Buf, Tty) ->
+io_request({put_chars, Cs}, Buf, Tty, _Group) ->
     put_chars(bin_to_list(Cs), Buf, Tty);
-io_request({put_chars, unicode, Cs}, Buf, Tty) ->
+io_request({put_chars, unicode, Cs}, Buf, Tty, _Group) ->
     put_chars(unicode:characters_to_list(Cs,unicode), Buf, Tty);
-io_request({insert_chars, Cs}, Buf, Tty) ->
+io_request({insert_chars, Cs}, Buf, Tty, _Group) ->
     insert_chars(bin_to_list(Cs), Buf, Tty);
-io_request({insert_chars, unicode, Cs}, Buf, Tty) ->
+io_request({insert_chars, unicode, Cs}, Buf, Tty, _Group) ->
     insert_chars(unicode:characters_to_list(Cs,unicode), Buf, Tty);
-io_request({move_rel, N}, Buf, Tty) ->
+io_request({move_rel, N}, Buf, Tty, _Group) ->
     move_rel(N, Buf, Tty);
-io_request({delete_chars,N}, Buf, Tty) ->
+io_request({delete_chars,N}, Buf, Tty, _Group) ->
     delete_chars(N, Buf, Tty);
-io_request(beep, Buf, _Tty) ->
+io_request(beep, Buf, _Tty, _Group) ->
     {[7], Buf};
 
 %% New in R12
-io_request({get_geometry,columns},Buf,Tty) ->
+io_request({get_geometry,columns},Buf,Tty, _Group) ->
     {ok, Tty#ssh_pty.width, Buf};
-io_request({get_geometry,rows},Buf,Tty) ->
+io_request({get_geometry,rows},Buf,Tty, _Group) ->
     {ok, Tty#ssh_pty.height, Buf};
-io_request({requests,Rs}, Buf, Tty) ->
-    io_requests(Rs, Buf, Tty, []);
-io_request(tty_geometry, Buf, Tty) ->
-    io_requests([{move_rel, 0}, {put_chars, unicode, [10]}], Buf, Tty, []);
+io_request({requests,Rs}, Buf, Tty, Group) ->
+    io_requests(Rs, Buf, Tty, [], Group);
+io_request(tty_geometry, Buf, Tty, Group) ->
+    io_requests([{move_rel, 0}, {put_chars, unicode, [10]}],
+                Buf, Tty, [], Group);
      %{[], Buf};
-io_request(_R, Buf, _Tty) ->
+
+%% New in 18
+io_request({put_chars_sync, Class, Cs, Reply}, Buf, Tty, Group) ->
+    %% We handle these asynchronous for now, if we need output guarantees
+    %% we have to handle these synchronously
+    Group ! {reply, Reply},
+    io_request({put_chars, Class, Cs}, Buf, Tty, Group);
+
+io_request(_R, Buf, _Tty, _Group) ->
     {[], Buf}.
 
-io_requests([R|Rs], Buf, Tty, Acc) ->
-    {Chars, NewBuf} = io_request(R, Buf, Tty),
-    io_requests(Rs, NewBuf, Tty, [Acc|Chars]);
-io_requests([], Buf, _Tty, Acc) ->
+io_requests([R|Rs], Buf, Tty, Acc, Group) ->
+    {Chars, NewBuf} = io_request(R, Buf, Tty, Group),
+    io_requests(Rs, NewBuf, Tty, [Acc|Chars], Group);
+io_requests([], Buf, _Tty, Acc, _Group) ->
     {Acc, Buf}.
 
 %%% return commands for cursor navigation, assume everything is ansi
diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl
index 654b9d4bde..d532d41009 100644
--- a/lib/ssh/src/ssh_connection.erl
+++ b/lib/ssh/src/ssh_connection.erl
@@ -196,15 +196,16 @@ reply_request(_,false, _, _) ->
 %%--------------------------------------------------------------------
 ptty_alloc(ConnectionHandler, Channel, Options) ->
     ptty_alloc(ConnectionHandler, Channel, Options, infinity).
-ptty_alloc(ConnectionHandler, Channel, Options, TimeOut) ->
+ptty_alloc(ConnectionHandler, Channel, Options0, TimeOut) ->
+    Options = backwards_compatible(Options0, []),
     {Width, PixWidth} = pty_default_dimensions(width, Options),
-    {Hight, PixHight} = pty_default_dimensions(hight, Options),
+    {Height, PixHeight} = pty_default_dimensions(height, Options),
     pty_req(ConnectionHandler, Channel,
-	    proplists:get_value(term, Options, default_term()),
+	    proplists:get_value(term, Options, os:getenv("TERM", ?DEFAULT_TERMINAL)),
 	    proplists:get_value(width, Options, Width),
-	    proplists:get_value(hight, Options, Hight),
+	    proplists:get_value(height, Options, Height),
 	    proplists:get_value(pixel_widh, Options, PixWidth),
-	    proplists:get_value(pixel_hight, Options, PixHight),
+	    proplists:get_value(pixel_height, Options, PixHeight),
 	    proplists:get_value(pty_opts, Options, []), TimeOut
 	   ).
 %%--------------------------------------------------------------------
@@ -1340,10 +1341,11 @@ decode_ip(Addr) when is_binary(Addr) ->
 	{ok,A}    -> A
     end.
 
-default_term() ->
-    case os:getenv("TERM") of
-	false ->
-	    ?DEFAULT_TERMINAL;
-	Str when is_list(Str)->
-	    Str
-    end.	
+backwards_compatible([], Acc) ->
+    Acc;
+backwards_compatible([{hight, Value} | Rest], Acc) ->
+    backwards_compatible(Rest, [{height, Value} | Acc]);
+backwards_compatible([{pixel_hight, Value} | Rest], Acc) ->
+    backwards_compatible(Rest, [{height, Value} | Acc]);
+backwards_compatible([Value| Rest], Acc) ->
+    backwards_compatible(Rest, [ Value | Acc]).
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 0f6162db60..2c7f132916 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -70,6 +70,7 @@
 	  undecoded_packet_length, %  integer()
 	  key_exchange_init_msg,   %  #ssh_msg_kexinit{}
 	  renegotiate = false,     %  boolean() 
+	  last_size_rekey = 0,
 	  connection_queue,
 	  address,
 	  port,
@@ -635,7 +636,8 @@ handle_event(renegotiate, StateName, State) ->
 
 %% Rekey due to sent data limit reached?
 handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) ->
-    {ok, [{send_oct,Sent}]} = inet:getstat(State#state.socket, [send_oct]),
+    {ok, [{send_oct,Sent0}]} = inet:getstat(State#state.socket, [send_oct]),
+    Sent = Sent0 - State#state.last_size_rekey,
     MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000),
     timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, [self(), data_size]),
     case Sent >= MaxSent of
@@ -645,7 +647,8 @@ handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) ->
 	    {next_state, kexinit,
 	     next_packet(State#state{ssh_params = Ssh,
 				     key_exchange_init_msg = KeyInitMsg,
-				     renegotiate = true})};
+				     renegotiate = true,
+				     last_size_rekey = Sent0})};
 	_ ->
 	    {next_state, connected, next_packet(State)}
     end;
diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl
index 30df32c4fd..9c79d773a7 100644
--- a/lib/ssh/src/ssh_info.erl
+++ b/lib/ssh/src/ssh_info.erl
@@ -187,7 +187,7 @@ line(D, Len, Char) ->
 	    
 
 datetime() ->
-    {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(now()),
+    {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(erlang:timestamp()),
     lists:flatten(io_lib:format('~4w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w UTC',[YYYY,MM,DD, H,M,S])).
 
 
diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl
index 613f8f25b2..bab688f226 100644
--- a/lib/ssh/src/ssh_sftp.erl
+++ b/lib/ssh/src/ssh_sftp.erl
@@ -111,7 +111,7 @@ start_channel(Cm, Opts) when is_pid(Cm) ->
 			    TimeOut
 		    end;
 		{error, Reason} ->
-		    {error, Reason};
+		    {error, format_channel_start_error(Reason)};
 		ignore ->
 		    {error, ignore}
 	    end;
@@ -136,7 +136,7 @@ start_channel(Host, Port, Opts) ->
 			    TimeOut
 		    end;
 		{error, Reason} ->
-		    {error, Reason};
+		    {error, format_channel_start_error(Reason)};
 		ignore ->
 		    {error, ignore}
 	    end;
@@ -491,9 +491,9 @@ init([Cm, ChannelId, Options]) ->
 			inf = new_inf(),
 			opts = Options}};
 	failure ->
-	    {stop, "server failed to start sftp subsystem"};
+	    {stop, {shutdown, "server failed to start sftp subsystem"}};
 	Error ->
-	    {stop, Error}
+	    {stop, {shutdown, Error}}
     end.
     
 %%--------------------------------------------------------------------
@@ -508,12 +508,12 @@ init([Cm, ChannelId, Options]) ->
 %%--------------------------------------------------------------------
 handle_call({{timeout, infinity}, wait_for_version_negotiation}, From,
 	    #state{xf = #ssh_xfer{vsn = undefined} = Xf} = State) ->
-    {noreply, State#state{xf = Xf#ssh_xfer{vsn = From}}}; 
+    {noreply, State#state{xf = Xf#ssh_xfer{vsn = {wait, From, undefined}}}};
 
 handle_call({{timeout, Timeout}, wait_for_version_negotiation}, From,
 	    #state{xf = #ssh_xfer{vsn = undefined} = Xf} = State) ->
-    timer:send_after(Timeout, {timeout, undefined, From}),
-    {noreply, State#state{xf = Xf#ssh_xfer{vsn = From}}}; 
+    TRef = erlang:send_after(Timeout, self(), {timeout, undefined, From}),
+    {noreply, State#state{xf = Xf#ssh_xfer{vsn = {wait, From, TRef}}}};
 
 handle_call({_, wait_for_version_negotiation}, _, State) ->
     {reply, ok, State};
@@ -865,7 +865,12 @@ do_handle_reply(#state{xf = Xf} = State,
     case Xf#ssh_xfer.vsn of
 	undefined ->
 	    ok;
-	From ->
+	{wait, From, TRef} ->
+	    if is_reference(TRef) ->
+		    erlang:cancel_timer(TRef);
+	       true ->
+		    ok
+	    end,
 	    ssh_channel:reply(From, ok)
     end,    
     State#state{xf = Xf#ssh_xfer{vsn = Version, ext = Ext}, rep_buf = Rest};
@@ -1412,3 +1417,8 @@ open_buf1(Pid, BufInfo0, FileOpTimeout, CryptoState, ChunkSize) ->
     BufHandle = make_ref(),
     call(Pid, {put_bufinf,BufHandle,BufInfo}, FileOpTimeout),
     {ok,BufHandle}.
+
+format_channel_start_error({shutdown, Reason}) ->
+    Reason;
+format_channel_start_error(Reason) ->
+    Reason.
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 8669be570e..d6414bab6c 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -240,20 +240,30 @@ key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) ->
 
 handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) ->
     {G, P} = dh_group1(),
-    {Private, Public} = dh_gen_key(G, P, 1024),
-    K = ssh_math:ipow(E, Private, P),
-    Key = get_host_key(Ssh0),
-    H = kex_h(Ssh0, Key, E, Public, K),
-    H_SIG = sign_host_key(Ssh0, Key, H),
-    {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key,
-							f = Public,
-							h_sig = H_SIG
-						       }, Ssh0),
-
-    {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}},
-			     shared_secret = K,
-			     exchanged_hash = H,
-			     session_id = sid(Ssh1, H)}}.
+    if
+	1=<E, E=<(P-1) ->
+	    {Private, Public} = dh_gen_key(G, P, 1024),
+	    K = ssh_math:ipow(E, Private, P),
+	    Key = get_host_key(Ssh0),
+	    H = kex_h(Ssh0, Key, E, Public, K),
+	    H_SIG = sign_host_key(Ssh0, Key, H),
+	    {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key,
+								f = Public,
+								h_sig = H_SIG
+							       }, Ssh0),
+	    
+	    {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}},
+				     shared_secret = K,
+				     exchanged_hash = H,
+				     session_id = sid(Ssh1, H)}};
+	true ->
+	    Error = {error,bad_e_from_peer},
+	    Disconnect = #ssh_msg_disconnect{
+			    code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
+			    description = "Key exchange failed, 'f' out of bounds",
+			    language = "en"},
+	    throw({Error, Disconnect})
+    end.
 
 handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) ->
     {Private, Public} = dh_gen_key(G,P,1024),
@@ -277,7 +287,7 @@ handle_new_keys(#ssh_msg_newkeys{}, Ssh0) ->
 %% %% Select algorithms
 handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F,
 					h_sig = H_SIG}, 
-		   #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) ->
+		   #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) when 1=<F, F=<(P-1)->
     K = ssh_math:ipow(F, Private, P),
     H = kex_h(Ssh0, HostKey, Public, F, K),
 
@@ -293,7 +303,15 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F,
 	      description = "Key exchange failed",
 	      language = "en"},
 	    throw({Error, Disconnect})
-    end.
+    end;
+handle_kexdh_reply(#ssh_msg_kexdh_reply{}, _SSH) ->
+    Error = {error,bad_f_from_peer},
+    Disconnect = #ssh_msg_disconnect{
+		    code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
+		    description = "Key exchange failed, 'f' out of bounds",
+		    language = "en"},
+    throw({Error, Disconnect}).
+
 
 handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = _Min,
 						      n   = _NBits,