@electerm/ssh2 1.2.1 → 1.9.0

package/install.js

@@ -2,19 +2,26 @@
 
 const { spawnSync } = require('child_process');
 
+const forceFailOnNonZero = (process.env.CI_CHECK_FAIL === 'ssh2');
+
 // Attempt to build the bundled optional binding
-const result = spawnSync('node-gyp', [
+const args = [
   `--target=${process.version}`,
-  'rebuild'
-], {
+  `--real_openssl_major=${/^\d+/.exec(process.versions.openssl)[0]}`,
+  'rebuild',
+];
+const result = spawnSync('node-gyp', args, {
   cwd: 'lib/protocol/crypto',
   encoding: 'utf8',
   shell: true,
   stdio: 'inherit',
   windowsHide: true,
 });
-if (result.error || result.status !== 0)
+if (result.error || result.status !== 0) {
   console.log('Failed to build optional crypto binding');
-else
+  if (forceFailOnNonZero)
+    process.exit(1);
+} else {
   console.log('Succeeded in building optional crypto binding');
+}
 process.exit(0);

package/lib/Channel.js

@@ -214,6 +214,7 @@ class Channel extends DuplexStream {
   destroy() {
     this.end();
     this.close();
+    return this;
   }
 
   // Session type-specific methods =============================================

package/lib/client.js

@@ -707,6 +707,7 @@ class Client extends EventEmitter {
         this.emit('connect');
 
         cryptoInit.then(() => {
+          proto.start();
           sock.on('data', (data) => {
             try {
               proto.parse(data, 0, data.length);

package/lib/protocol/Protocol.js

@@ -260,14 +260,15 @@ class Protocol {
         this._debug('Custom crypto binding not available');
     }
 
-    process.nextTick(() => {
-      this._debug && this._debug(
-        `Local ident: ${inspect(this._identRaw.toString())}`
-      );
+    this._debug && this._debug(
+      `Local ident: ${inspect(this._identRaw.toString())}`
+    );
+    this.start = () => {
+      this.start = undefined;
       if (greeting)
         this._onWrite(greeting);
       this._onWrite(sentIdent);
-    });
+    };
   }
   _destruct(reason) {
     this._packetRW.read.cleanup();
@@ -1669,6 +1670,9 @@ class Protocol {
 
     const origSignal = name;
 
+    if (typeof origSignal !== 'string' || !origSignal)
+      throw new Error(`Invalid signal: ${origSignal}`);
+
     let signal = name.toUpperCase();
     if (signal.slice(0, 3) === 'SIG')
       signal = signal.slice(3);

package/lib/protocol/SFTP.js

@@ -154,7 +154,14 @@ class SFTP extends EventEmitter {
     this._pktData = undefined;
     this._writeReqid = -1;
     this._requests = {};
-    this._maxPktLen = (this._isOpenSSH ? OPENSSH_MAX_PKT_LEN : 34000);
+    this._maxInPktLen = OPENSSH_MAX_PKT_LEN;
+    this._maxOutPktLen = 34000;
+    this._maxReadLen =
+      (this._isOpenSSH ? OPENSSH_MAX_PKT_LEN : 34000) - PKT_RW_OVERHEAD;
+    this._maxWriteLen =
+      (this._isOpenSSH ? OPENSSH_MAX_PKT_LEN : 34000) - PKT_RW_OVERHEAD;
+
+    this.maxOpenHandles = undefined;
 
     // Channel compatibility
     this._client = client;
@@ -208,8 +215,8 @@ class SFTP extends EventEmitter {
           return;
         if (this._pktLen === 0)
           return doFatalSFTPError(this, 'Invalid packet length');
-        if (this._pktLen > this._maxPktLen) {
-          const max = this._maxPktLen;
+        if (this._pktLen > this._maxInPktLen) {
+          const max = this._maxInPktLen;
           return doFatalSFTPError(
             this,
             `Packet length ${this._pktLen} exceeds max length of ${max}`
@@ -432,7 +439,7 @@ class SFTP extends EventEmitter {
       return;
     }
 
-    const maxDataLen = this._maxPktLen - PKT_RW_OVERHEAD;
+    const maxDataLen = this._maxWriteLen;
     const overflow = Math.max(len - maxDataLen, 0);
     const origPosition = position;
 
@@ -1421,7 +1428,7 @@ class SFTP extends EventEmitter {
       throw new Error('Client-only method called in server mode');
 
     const ext = this._extensions['hardlink@openssh.com'];
-    if (!ext || ext.indexOf('1') === -1)
+    if (ext !== '1')
       throw new Error('Server does not support this extended request');
 
     /*
@@ -1461,7 +1468,7 @@ class SFTP extends EventEmitter {
       throw new Error('Client-only method called in server mode');
 
     const ext = this._extensions['fsync@openssh.com'];
-    if (!ext || ext.indexOf('1') === -1)
+    if (ext !== '1')
       throw new Error('Server does not support this extended request');
     if (!Buffer.isBuffer(handle))
       throw new Error('handle is not a Buffer');
@@ -1492,6 +1499,103 @@ class SFTP extends EventEmitter {
       `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} fsync@openssh.com`
     );
   }
+  ext_openssh_lsetstat(path, attrs, cb) {
+    if (this.server)
+      throw new Error('Client-only method called in server mode');
+
+    const ext = this._extensions['lsetstat@openssh.com'];
+    if (ext !== '1')
+      throw new Error('Server does not support this extended request');
+
+    let flags = 0;
+    let attrsLen = 0;
+
+    if (typeof attrs === 'object' && attrs !== null) {
+      attrs = attrsToBytes(attrs);
+      flags = attrs.flags;
+      attrsLen = attrs.nb;
+    } else if (typeof attrs === 'function') {
+      cb = attrs;
+    }
+
+    /*
+      uint32    id
+      string    "lsetstat@openssh.com"
+      string    path
+      ATTRS     attrs
+    */
+    const pathLen = Buffer.byteLength(path);
+    let p = 9;
+    const buf =
+      Buffer.allocUnsafe(4 + 1 + 4 + 4 + 20 + 4 + pathLen + 4 + attrsLen);
+
+    writeUInt32BE(buf, buf.length - 4, 0);
+    buf[4] = REQUEST.EXTENDED;
+    const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID;
+    writeUInt32BE(buf, reqid, 5);
+
+    writeUInt32BE(buf, 20, p);
+    buf.utf8Write('lsetstat@openssh.com', p += 4, 20);
+
+    writeUInt32BE(buf, pathLen, p += 20);
+    buf.utf8Write(path, p += 4, pathLen);
+
+    writeUInt32BE(buf, flags, p += pathLen);
+    if (attrsLen) {
+      p += 4;
+
+      if (attrsLen === ATTRS_BUF.length)
+        buf.set(ATTRS_BUF, p);
+      else
+        bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p);
+
+      p += attrsLen;
+    }
+
+    this._requests[reqid] = { cb };
+
+    const isBuffered = sendOrBuffer(this, buf);
+    if (this._debug) {
+      const status = (isBuffered ? 'Buffered' : 'Sending');
+      this._debug(`SFTP: Outbound: ${status} lsetstat@openssh.com`);
+    }
+  }
+  ext_openssh_expandPath(path, cb) {
+    if (this.server)
+      throw new Error('Client-only method called in server mode');
+
+    const ext = this._extensions['expand-path@openssh.com'];
+    if (ext !== '1')
+      throw new Error('Server does not support this extended request');
+
+    /*
+      uint32    id
+      string    "expand-path@openssh.com"
+      string    path
+    */
+    const pathLen = Buffer.byteLength(path);
+    let p = 9;
+    const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 23 + 4 + pathLen);
+
+    writeUInt32BE(buf, buf.length - 4, 0);
+    buf[4] = REQUEST.EXTENDED;
+    const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID;
+    writeUInt32BE(buf, reqid, 5);
+
+    writeUInt32BE(buf, 23, p);
+    buf.utf8Write('expand-path@openssh.com', p += 4, 23);
+
+    writeUInt32BE(buf, pathLen, p += 20);
+    buf.utf8Write(path, p += 4, pathLen);
+
+    this._requests[reqid] = { cb };
+
+    const isBuffered = sendOrBuffer(this, buf);
+    if (this._debug) {
+      const status = (isBuffered ? 'Buffered' : 'Sending');
+      this._debug(`SFTP: Outbound: ${status} expand-path@openssh.com`);
+    }
+  }
   // ===========================================================================
   // Server-specific ===========================================================
   // ===========================================================================
@@ -1760,7 +1864,7 @@ function tryCreateBuffer(size) {
 }
 
 function read_(self, handle, buf, off, len, position, cb, req_) {
-  const maxDataLen = self._maxPktLen - PKT_RW_OVERHEAD;
+  const maxDataLen = self._maxReadLen;
   const overflow = Math.max(len - maxDataLen, 0);
 
   if (overflow)
@@ -2394,6 +2498,31 @@ function cleanupRequests(sftp) {
   }
 }
 
+function requestLimits(sftp, cb) {
+  /*
+    uint32    id
+    string    "limits@openssh.com"
+  */
+  let p = 9;
+  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 18);
+
+  writeUInt32BE(buf, buf.length - 4, 0);
+  buf[4] = REQUEST.EXTENDED;
+  const reqid = sftp._writeReqid = (sftp._writeReqid + 1) & MAX_REQID;
+  writeUInt32BE(buf, reqid, 5);
+
+  writeUInt32BE(buf, 18, p);
+  buf.utf8Write('limits@openssh.com', p += 4, 18);
+
+  sftp._requests[reqid] = { extended: 'limits@openssh.com', cb };
+
+  const isBuffered = sendOrBuffer(sftp, buf);
+  if (sftp._debug) {
+    const which = (isBuffered ? 'Buffered' : 'Sending');
+    sftp._debug(`SFTP: Outbound: ${which} limits@openssh.com`);
+  }
+}
+
 const CLIENT_HANDLERS = {
   [RESPONSE.VERSION]: (sftp, payload) => {
     if (sftp._version !== -1)
@@ -2434,6 +2563,24 @@ const CLIENT_HANDLERS = {
 
     sftp._version = version;
     sftp._extensions = extensions;
+
+    if (extensions['limits@openssh.com'] === '1') {
+      return requestLimits(sftp, (err, limits) => {
+        if (!err) {
+          if (limits.maxPktLen > 0)
+            sftp._maxOutPktLen = limits.maxPktLen;
+          if (limits.maxReadLen > 0)
+            sftp._maxReadLen = limits.maxReadLen;
+          if (limits.maxWriteLen > 0)
+            sftp._maxWriteLen = limits.maxWriteLen;
+          sftp.maxOpenHandles = (
+            limits.maxOpenHandles > 0 ? limits.maxOpenHandles : Infinity
+          );
+        }
+        sftp.emit('ready');
+      });
+    }
+
     sftp.emit('ready');
   },
   [RESPONSE.STATUS]: (sftp, payload) => {
@@ -2446,14 +2593,13 @@ const CLIENT_HANDLERS = {
     */
     const errorCode = bufferParser.readUInt32BE();
     const errorMsg = bufferParser.readString(true);
-    const lang = bufferParser.skipString();
     bufferParser.clear();
 
-    if (lang === undefined) {
-      if (reqID !== undefined)
-        delete sftp._requests[reqID];
-      return doFatalSFTPError(sftp, 'Malformed STATUS packet');
-    }
+    // Note: we avoid checking that the error message and language tag are in
+    // the packet because there are some broken implementations that incorrectly
+    // omit them. The language tag in general was never really used amongst ssh
+    // implementations, so in the case of a missing error message we just
+    // default to something sensible.
 
     if (sftp._debug) {
       const jsonMsg = JSON.stringify(errorMsg);
@@ -2669,6 +2815,32 @@ const CLIENT_HANDLERS = {
               req.cb(undefined, stats);
             return;
           }
+          case 'limits@openssh.com': {
+            /*
+              uint64          max-packet-length
+              uint64          max-read-length
+              uint64          max-write-length
+              uint64          max-open-handles
+            */
+            const limits = {
+              maxPktLen: bufferParser.readUInt64BE(),
+              maxReadLen: bufferParser.readUInt64BE(),
+              maxWriteLen: bufferParser.readUInt64BE(),
+              maxOpenHandles: bufferParser.readUInt64BE(),
+            };
+            if (limits.maxOpenHandles === undefined)
+              break;
+            if (sftp._debug) {
+              sftp._debug(
+                'SFTP: Inbound: Received EXTENDED_REPLY '
+                  + `(id:${reqID}, ${req.extended})`
+              );
+            }
+            bufferParser.clear();
+            if (typeof req.cb === 'function')
+              req.cb(undefined, limits);
+            return;
+          }
           default:
             // Unknown extended request
             sftp._debug && sftp._debug(

package/lib/protocol/constants.js

@@ -7,7 +7,7 @@ try {
   cpuInfo = require('cpu-features')();
 } catch {}
 
-const { bindingAvailable } = require('./crypto.js');
+const { bindingAvailable, CIPHER_INFO, MAC_INFO } = require('./crypto.js');
 
 const eddsaSupported = (() => {
   if (typeof crypto.sign === 'function'
@@ -76,11 +76,13 @@ const SUPPORTED_SERVER_HOST_KEY = DEFAULT_SERVER_HOST_KEY.concat([
 ]);
 
 
-const DEFAULT_CIPHER = [
+const canUseCipher = (() => {
+  const ciphers = crypto.getCiphers();
+  return (name) => ciphers.includes(CIPHER_INFO[name].sslName);
+})();
+let DEFAULT_CIPHER = [
   // http://tools.ietf.org/html/rfc5647
-  'aes128-gcm',
   'aes128-gcm@openssh.com',
-  'aes256-gcm',
   'aes256-gcm@openssh.com',
 
   // http://tools.ietf.org/html/rfc4344#section-4
@@ -101,12 +103,15 @@ if (cpuInfo && cpuInfo.flags && !cpuInfo.flags.aes) {
 } else {
   DEFAULT_CIPHER.push('chacha20-poly1305@openssh.com');
 }
+DEFAULT_CIPHER = DEFAULT_CIPHER.filter(canUseCipher);
 const SUPPORTED_CIPHER = DEFAULT_CIPHER.concat([
   'aes256-cbc',
   'aes192-cbc',
   'aes128-cbc',
   'blowfish-cbc',
   '3des-cbc',
+  'aes128-gcm',
+  'aes256-gcm',
 
   // http://tools.ietf.org/html/rfc4345#section-4:
   'arcfour256',
@@ -114,9 +119,13 @@ const SUPPORTED_CIPHER = DEFAULT_CIPHER.concat([
 
   'cast128-cbc',
   'arcfour',
-]);
+].filter(canUseCipher));
 
 
+const canUseMAC = (() => {
+  const hashes = crypto.getHashes();
+  return (name) => hashes.includes(MAC_INFO[name].sslName);
+})();
 const DEFAULT_MAC = [
   'hmac-sha2-256-etm@openssh.com',
   'hmac-sha2-512-etm@openssh.com',
@@ -124,7 +133,7 @@ const DEFAULT_MAC = [
   'hmac-sha2-256',
   'hmac-sha2-512',
   'hmac-sha1',
-];
+].filter(canUseMAC);
 const SUPPORTED_MAC = DEFAULT_MAC.concat([
   'hmac-md5',
   'hmac-sha2-256-96', // first 96 bits of HMAC-SHA256
@@ -132,7 +141,7 @@ const SUPPORTED_MAC = DEFAULT_MAC.concat([
   'hmac-ripemd160',
   'hmac-sha1-96',     // first 96 bits of HMAC-SHA1
   'hmac-md5-96',      // first 96 bits of HMAC-MD5
-]);
+].filter(canUseMAC));
 
 const DEFAULT_COMPRESSION = [
   'none',

package/lib/protocol/crypto/binding.gyp

@@ -1,4 +1,7 @@
 {
+  'variables': {
+    'real_openssl_major%': '0',
+  },
   'targets': [
     {
       'target_name': 'sshcrypto',
@@ -9,6 +12,12 @@
         'src/binding.cc'
       ],
       'cflags': [ '-O3' ],
+
+      # Needed for OpenSSL 3.x/node.js v17.x+
+      'defines': [
+        'OPENSSL_API_COMPAT=0x10100000L',
+        'REAL_OPENSSL_MAJOR=<(real_openssl_major)',
+      ],
     },
   ],
 }

package/lib/protocol/crypto/src/binding.cc

@@ -1,4 +1,3 @@
-// TODO: switch from obsolete EVP_* APIs in CCP
 #include <stdio.h>
 #include <string.h>
 #include <assert.h>
@@ -7,10 +6,34 @@
 #include <node_buffer.h>
 #include <nan.h>
 
+#if NODE_MAJOR_VERSION >= 17
+#  include <openssl/configuration.h>
+#endif
+
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 
+#ifndef _WIN32
+#  include <dlfcn.h>
+#endif
+
+typedef int (*ctx_iv_len_func)(const EVP_CIPHER_CTX*);
+typedef int (*ctx_key_len_func)(const EVP_CIPHER_CTX*);
+typedef int (*ctx_get_block_size_func)(const EVP_CIPHER_CTX*);
+typedef int (*cipher_flags_func)(const EVP_CIPHER*);
+ctx_iv_len_func ctx_iv_len = nullptr;
+ctx_key_len_func ctx_key_len = nullptr;
+ctx_get_block_size_func ctx_get_block_size = nullptr;
+cipher_flags_func cipher_flags = nullptr;
+
+#if REAL_OPENSSL_MAJOR < 3
+#  undef EVP_DigestSignUpdate
+#  define EVP_DigestSignUpdate EVP_DigestUpdate
+#  undef EVP_PKEY_OP_SIGNCTX
+#  define EVP_PKEY_OP_SIGNCTX (1 << 6)
+#endif
+
 using namespace node;
 using namespace v8;
 using namespace std;
@@ -62,8 +85,14 @@ class ChaChaPolyCipher : public ObjectWrap {
   explicit ChaChaPolyCipher()
     : ctx_main_(nullptr),
       ctx_pktlen_(nullptr),
+#if REAL_OPENSSL_MAJOR >= 3
+      mac_(nullptr),
+      mac_ctx_(nullptr) {}
+#else
       md_ctx_(nullptr),
-      polykey_(nullptr) {}
+      polykey_(nullptr),
+      polykey_ctx_(nullptr) {}
+#endif
 
   ~ChaChaPolyCipher() {
     clear();
@@ -71,15 +100,23 @@ class ChaChaPolyCipher : public ObjectWrap {
 
   void clear() {
     if (ctx_pktlen_) {
-      EVP_CIPHER_CTX_cleanup(ctx_pktlen_);
       EVP_CIPHER_CTX_free(ctx_pktlen_);
       ctx_pktlen_ = nullptr;
     }
     if (ctx_main_) {
-      EVP_CIPHER_CTX_cleanup(ctx_main_);
       EVP_CIPHER_CTX_free(ctx_main_);
       ctx_main_ = nullptr;
     }
+#if REAL_OPENSSL_MAJOR >= 3
+    if (mac_ctx_) {
+      EVP_MAC_CTX_free(mac_ctx_);
+      mac_ctx_ = nullptr;
+    }
+    if (mac_) {
+      EVP_MAC_free(mac_);
+      mac_ = nullptr;
+    }
+#else
     if (polykey_) {
       EVP_PKEY_free(polykey_);
       polykey_ = nullptr;
@@ -90,6 +127,7 @@ class ChaChaPolyCipher : public ObjectWrap {
     }
     // `polykey_ctx_` is not explicitly freed as it is freed implicitly when
     // `md_ctx_` is freed
+#endif
   }
 
   ErrorType init(unsigned char* keys, size_t keys_len) {
@@ -108,7 +146,14 @@ class ChaChaPolyCipher : public ObjectWrap {
 
     if ((ctx_pktlen_ = EVP_CIPHER_CTX_new()) == nullptr
         || (ctx_main_ = EVP_CIPHER_CTX_new()) == nullptr
+#if REAL_OPENSSL_MAJOR >= 3
+        || (mac_ = EVP_MAC_fetch(nullptr,
+                                 "POLY1305",
+                                 "provider=default")) == nullptr
+        || (mac_ctx_ = EVP_MAC_CTX_new(mac_)) == nullptr
+#else
         || (md_ctx_ = EVP_MD_CTX_new()) == nullptr
+#endif
         || EVP_EncryptInit_ex(ctx_pktlen_,
                               cipher,
                               nullptr,
@@ -122,7 +167,7 @@ class ChaChaPolyCipher : public ObjectWrap {
       r = kErrOpenSSL;
       goto out;
     }
-    if (EVP_CIPHER_CTX_iv_length(ctx_pktlen_) != 16) {
+    if (ctx_iv_len(ctx_pktlen_) != 16) {
       r = kErrBadIVLen;
       goto out;
     }
@@ -206,6 +251,14 @@ out:
     }
 
     // Poly1305 over ciphertext
+#if REAL_OPENSSL_MAJOR >= 3
+    if (EVP_MAC_init(mac_ctx_, polykey, sizeof(polykey), nullptr) != 1
+        || EVP_MAC_update(mac_ctx_, packet, data_len) != 1
+        || EVP_MAC_final(mac_ctx_, packet + data_len, &sig_len, sig_len) != 1) {
+      r = kErrOpenSSL;
+      goto out;
+    }
+#else
     if (polykey_) {
       if (EVP_PKEY_CTX_ctrl(polykey_ctx_,
                             -1,
@@ -245,9 +298,10 @@ out:
       r = kErrOpenSSL;
       goto out;
     }
+#endif
 
-  out:
-    return r;
+    out:
+      return r;
   }
 
   static NAN_METHOD(New) {
@@ -328,9 +382,14 @@ out:
 
   EVP_CIPHER_CTX* ctx_main_;
   EVP_CIPHER_CTX* ctx_pktlen_;
+#if REAL_OPENSSL_MAJOR >= 3
+  EVP_MAC* mac_;
+  EVP_MAC_CTX* mac_ctx_;
+#else
   EVP_MD_CTX* md_ctx_;
   EVP_PKEY* polykey_;
   EVP_PKEY_CTX* polykey_ctx_;
+#endif
 };
 
 class AESGCMCipher : public ObjectWrap {
@@ -359,7 +418,6 @@ class AESGCMCipher : public ObjectWrap {
 
   void clear() {
     if (ctx_) {
-      EVP_CIPHER_CTX_cleanup(ctx_);
       EVP_CIPHER_CTX_free(ctx_);
       ctx_ = nullptr;
     }
@@ -394,12 +452,12 @@ class AESGCMCipher : public ObjectWrap {
       goto out;
     }
 
-    //~ if (iv_len != static_cast<size_t>(EVP_CIPHER_CTX_iv_length(ctx_))) {
+    //~ if (iv_len != static_cast<size_t>(ctx_iv_len(ctx_))) {
       //~ r = kErrBadIVLen;
       //~ goto out;
     //~ }
 
-    if (key_len != static_cast<size_t>(EVP_CIPHER_CTX_key_length(ctx_))) {
+    if (key_len != static_cast<size_t>(ctx_key_len(ctx_))) {
       if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) {
         r = kErrBadKeyLen;
         goto out;
@@ -606,7 +664,6 @@ class GenericCipher : public ObjectWrap {
 
   void clear() {
     if (ctx_) {
-      EVP_CIPHER_CTX_cleanup(ctx_);
       EVP_CIPHER_CTX_free(ctx_);
       ctx_ = nullptr;
     }
@@ -640,12 +697,12 @@ class GenericCipher : public ObjectWrap {
       goto out;
     }
 
-    if (iv_len != static_cast<size_t>(EVP_CIPHER_CTX_iv_length(ctx_))) {
+    if (iv_len != static_cast<size_t>(ctx_iv_len(ctx_))) {
       r = kErrBadIVLen;
       goto out;
     }
 
-    if (key_len != static_cast<size_t>(EVP_CIPHER_CTX_key_length(ctx_))) {
+    if (key_len != static_cast<size_t>(ctx_key_len(ctx_))) {
       if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) {
         r = kErrBadKeyLen;
         goto out;
@@ -930,8 +987,14 @@ class ChaChaPolyDecipher : public ObjectWrap {
   explicit ChaChaPolyDecipher()
     : ctx_main_(nullptr),
       ctx_pktlen_(nullptr),
+#if REAL_OPENSSL_MAJOR >= 3
+      mac_(nullptr),
+      mac_ctx_(nullptr) {}
+#else
       md_ctx_(nullptr),
-      polykey_(nullptr) {}
+      polykey_(nullptr),
+      polykey_ctx_(nullptr) {}
+#endif
 
   ~ChaChaPolyDecipher() {
     clear();
@@ -939,15 +1002,23 @@ class ChaChaPolyDecipher : public ObjectWrap {
 
   void clear() {
     if (ctx_pktlen_) {
-      EVP_CIPHER_CTX_cleanup(ctx_pktlen_);
       EVP_CIPHER_CTX_free(ctx_pktlen_);
       ctx_pktlen_ = nullptr;
     }
     if (ctx_main_) {
-      EVP_CIPHER_CTX_cleanup(ctx_main_);
       EVP_CIPHER_CTX_free(ctx_main_);
       ctx_main_ = nullptr;
     }
+#if REAL_OPENSSL_MAJOR >= 3
+    if (mac_ctx_) {
+      EVP_MAC_CTX_free(mac_ctx_);
+      mac_ctx_ = nullptr;
+    }
+    if (mac_) {
+      EVP_MAC_free(mac_);
+      mac_ = nullptr;
+    }
+#else
     if (polykey_) {
       EVP_PKEY_free(polykey_);
       polykey_ = nullptr;
@@ -958,6 +1029,7 @@ class ChaChaPolyDecipher : public ObjectWrap {
     }
     // `polykey_ctx_` is not explicitly freed as it is freed implicitly when
     // `md_ctx_` is freed
+#endif
   }
 
   ErrorType init(unsigned char* keys, size_t keys_len) {
@@ -976,7 +1048,14 @@ class ChaChaPolyDecipher : public ObjectWrap {
 
     if ((ctx_pktlen_ = EVP_CIPHER_CTX_new()) == nullptr
         || (ctx_main_ = EVP_CIPHER_CTX_new()) == nullptr
+#if REAL_OPENSSL_MAJOR >= 3
+        || (mac_ = EVP_MAC_fetch(nullptr,
+                                 "POLY1305",
+                                 "provider=default")) == nullptr
+        || (mac_ctx_ = EVP_MAC_CTX_new(mac_)) == nullptr
+#else
         || (md_ctx_ = EVP_MD_CTX_new()) == nullptr
+#endif
         || EVP_DecryptInit_ex(ctx_pktlen_,
                               cipher,
                               nullptr,
@@ -990,7 +1069,7 @@ class ChaChaPolyDecipher : public ObjectWrap {
       r = kErrOpenSSL;
       goto out;
     }
-    if (EVP_CIPHER_CTX_iv_length(ctx_pktlen_) != 16) {
+    if (ctx_iv_len(ctx_pktlen_) != 16) {
       r = kErrBadIVLen;
       goto out;
     }
@@ -1083,6 +1162,15 @@ out:
     }
 
     // Poly1305 over ciphertext
+#if REAL_OPENSSL_MAJOR >= 3
+    if (EVP_MAC_init(mac_ctx_, polykey, sizeof(polykey), nullptr) != 1
+        || EVP_MAC_update(mac_ctx_, length_bytes, sizeof(length_bytes)) != 1
+        || EVP_MAC_update(mac_ctx_, packet, packet_len) != 1
+        || EVP_MAC_final(mac_ctx_, calc_mac, &sig_len, sig_len) != 1) {
+      r = kErrOpenSSL;
+      goto out;
+    }
+#else
     if (polykey_) {
       if (EVP_PKEY_CTX_ctrl(polykey_ctx_,
                             -1,
@@ -1128,6 +1216,7 @@ out:
       r = kErrOpenSSL;
       goto out;
     }
+#endif
 
     // Compare MACs
     if (CRYPTO_memcmp(mac, calc_mac, sizeof(calc_mac))) {
@@ -1289,9 +1378,14 @@ out:
   unsigned char length_bytes[4];
   EVP_CIPHER_CTX* ctx_main_;
   EVP_CIPHER_CTX* ctx_pktlen_;
+#if REAL_OPENSSL_MAJOR >= 3
+  EVP_MAC* mac_;
+  EVP_MAC_CTX* mac_ctx_;
+#else
   EVP_MD_CTX* md_ctx_;
   EVP_PKEY* polykey_;
   EVP_PKEY_CTX* polykey_ctx_;
+#endif
 };
 
 class AESGCMDecipher : public ObjectWrap {
@@ -1320,7 +1414,6 @@ class AESGCMDecipher : public ObjectWrap {
 
   void clear() {
     if (ctx_) {
-      EVP_CIPHER_CTX_cleanup(ctx_);
       EVP_CIPHER_CTX_free(ctx_);
       ctx_ = nullptr;
     }
@@ -1355,12 +1448,12 @@ class AESGCMDecipher : public ObjectWrap {
       goto out;
     }
 
-    //~ if (iv_len != static_cast<size_t>(EVP_CIPHER_CTX_iv_length(ctx_))) {
+    //~ if (iv_len != static_cast<size_t>(ctx_iv_len(ctx_))) {
       //~ r = kErrBadIVLen;
       //~ goto out;
     //~ }
 
-    if (key_len != static_cast<size_t>(EVP_CIPHER_CTX_key_length(ctx_))) {
+    if (key_len != static_cast<size_t>(ctx_key_len(ctx_))) {
       if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) {
         r = kErrBadKeyLen;
         goto out;
@@ -1578,7 +1671,6 @@ class GenericDecipher : public ObjectWrap {
 
   void clear() {
     if (ctx_) {
-      EVP_CIPHER_CTX_cleanup(ctx_);
       EVP_CIPHER_CTX_free(ctx_);
       ctx_ = nullptr;
     }
@@ -1613,12 +1705,12 @@ class GenericDecipher : public ObjectWrap {
       goto out;
     }
 
-    if (iv_len != static_cast<size_t>(EVP_CIPHER_CTX_iv_length(ctx_))) {
+    if (iv_len != static_cast<size_t>(ctx_iv_len(ctx_))) {
       r = kErrBadIVLen;
       goto out;
     }
 
-    if (key_len != static_cast<size_t>(EVP_CIPHER_CTX_key_length(ctx_))) {
+    if (key_len != static_cast<size_t>(ctx_key_len(ctx_))) {
       if (!EVP_CIPHER_CTX_set_key_length(ctx_, key_len)) {
         r = kErrBadKeyLen;
         goto out;
@@ -1673,7 +1765,11 @@ class GenericDecipher : public ObjectWrap {
     hmac_len_ = HMAC_size(ctx_hmac_);
     hmac_actual_len_ = hmac_actual_len;
     is_etm_ = is_etm;
+#if REAL_OPENSSL_MAJOR >= 3
     switch (EVP_CIPHER_CTX_mode(ctx_)) {
+#else
+    switch (cipher_flags(EVP_CIPHER_CTX_cipher(ctx_)) & EVP_CIPH_MODE) {
+#endif
       case EVP_CIPH_STREAM_CIPHER:
       case EVP_CIPH_CTR_MODE:
         is_stream_ = 1;
@@ -1681,25 +1777,17 @@ class GenericDecipher : public ObjectWrap {
       default:
         is_stream_ = 0;
     }
-    block_size_ = EVP_CIPHER_CTX_block_size(ctx_);
+    block_size_ = ctx_get_block_size(ctx_);
 
 out:
     return r;
   }
 
-  ErrorType decrypt_block(unsigned char* data,
-                          uint32_t data_len,
-                          uint32_t seqno) {
+  ErrorType decrypt_block(unsigned char* data, uint32_t data_len) {
     ErrorType r = kErrNone;
 
     int outlen;
 
-    uint8_t seqbuf[4] = {0};
-    ((uint8_t*)(seqbuf))[0] = (seqno >> 24) & 0xff;
-    ((uint8_t*)(seqbuf))[1] = (seqno >> 16) & 0xff;
-    ((uint8_t*)(seqbuf))[2] = (seqno >> 8) & 0xff;
-    ((uint8_t*)(seqbuf))[3] = seqno & 0xff;
-
     if (!is_stream_ && data_len != block_size_) {
       r = kErrBadBlockLen;
       goto out;
@@ -1749,7 +1837,7 @@ out:
         unsigned int outlen = hmac_len_;
         if (HMAC_Init_ex(ctx_hmac_, nullptr, 0, nullptr, nullptr) != 1
             || HMAC_Update(ctx_hmac_, seqbuf, sizeof(seqbuf)) != 1
-            || HMAC_Update(ctx_hmac_, first_block, first_block_len) != 1
+            || HMAC_Update(ctx_hmac_, first_block, 4) != 1
             || HMAC_Update(ctx_hmac_, packet, packet_len) != 1
             || HMAC_Final(ctx_hmac_, calc_mac, &outlen) != 1) {
           r = kErrOpenSSL;
@@ -1804,7 +1892,7 @@ out:
         unsigned int outlen = hmac_len_;
         if (HMAC_Init_ex(ctx_hmac_, nullptr, 0, nullptr, nullptr) != 1
             || HMAC_Update(ctx_hmac_, seqbuf, sizeof(seqbuf)) != 1
-            || HMAC_Update(ctx_hmac_, first_block, first_block_len) != 1
+            || HMAC_Update(ctx_hmac_, first_block, 4) != 1
             || HMAC_Update(ctx_hmac_, packet, packet_len) != 1
             || HMAC_Final(ctx_hmac_, calc_mac, &outlen) != 1) {
           r = kErrOpenSSL;
@@ -1908,13 +1996,9 @@ out:
     if (!Buffer::HasInstance(info[0]))
       return Nan::ThrowTypeError("Missing/Invalid block");
 
-    if (!info[1]->IsUint32())
-      return Nan::ThrowTypeError("Missing/Invalid sequence number");
-
     ErrorType r = obj->decrypt_block(
       reinterpret_cast<unsigned char*>(Buffer::Data(info[0])),
-      Buffer::Length(info[0]),
-      Nan::To<uint32_t>(info[1]).FromJust()
+      Buffer::Length(info[0])
     );
     switch (r) {
       case kErrNone:
@@ -1969,6 +2053,8 @@ out:
         return Nan::ThrowError("Failed to completely decrypt packet");
       case kErrBadHMACLen:
         return Nan::ThrowError("Unexpected HMAC length");
+      case kErrInvalidMAC:
+        return Nan::ThrowError("Invalid MAC");
       case kErrOpenSSL: {
         char msg_buf[128] = {0};
         ERR_error_string_n(ERR_get_error(), msg_buf, sizeof(msg_buf));
@@ -2001,6 +2087,55 @@ out:
 
 
 NAN_MODULE_INIT(init) {
+  // These are needed because node-gyp (as of this writing) does not use the
+  // proper (OpenSSL) system headers when node was built against a shared
+  // version of OpenSSL. Usually this isn't an issue because OSes that build
+  // node in this way typically use the same version of OpenSSL as was bundled
+  // with node for a particular node version for the best compatibility. However
+  // with the inclusion of OpenSSL 3.x in node v17.x, some OSes are still
+  // linking with a shared OpenSSL 1.x, which can cause both compilation and
+  // runtime errors because of changes in OpenSSL's code.
+  //
+  // For that reason, we need to make sure we need to resolve some specific
+  // symbols at runtime to workaround these buggy situations.
+#ifdef _WIN32
+#  define load_sym(name) GetProcAddress(GetModuleHandle(NULL), name)
+#else
+#  define load_sym(name) dlsym(RTLD_DEFAULT, name)
+#endif
+  ctx_iv_len = reinterpret_cast<ctx_iv_len_func>(
+    load_sym("EVP_CIPHER_CTX_get_iv_length")
+  );
+  if (!ctx_iv_len) {
+    ctx_iv_len = reinterpret_cast<ctx_iv_len_func>(
+      load_sym("EVP_CIPHER_CTX_iv_length")
+    );
+  }
+  ctx_key_len = reinterpret_cast<ctx_key_len_func>(
+    load_sym("EVP_CIPHER_CTX_get_key_length")
+  );
+  if (!ctx_key_len) {
+    ctx_key_len = reinterpret_cast<ctx_key_len_func>(
+      load_sym("EVP_CIPHER_CTX_key_length")
+    );
+  }
+  cipher_flags = reinterpret_cast<cipher_flags_func>(
+    load_sym("EVP_CIPHER_get_flags")
+  );
+  if (!cipher_flags) {
+    cipher_flags = reinterpret_cast<cipher_flags_func>(
+      load_sym("EVP_CIPHER_flags")
+    );
+  }
+  ctx_get_block_size = reinterpret_cast<ctx_get_block_size_func>(
+    load_sym("EVP_CIPHER_CTX_get_block_size")
+  );
+  if (!ctx_get_block_size) {
+    ctx_get_block_size = reinterpret_cast<ctx_get_block_size_func>(
+      load_sym("EVP_CIPHER_CTX_block_size")
+    );
+  }
+
   ChaChaPolyCipher::Init(target);
   AESGCMCipher::Init(target);
   GenericCipher::Init(target);

package/lib/protocol/crypto.js

@@ -576,22 +576,17 @@ class NullDecipher {
       // Read padding length, payload, and padding
       if (this._packetPos < this._len) {
         const nb = Math.min(this._len - this._packetPos, dataLen - p);
-        if (p !== 0 || nb !== dataLen) {
-          if (nb === this._len) {
-            this._packet = new FastBuffer(data.buffer, data.byteOffset + p, nb);
-          } else {
-            this._packet = Buffer.allocUnsafe(this._len);
-            this._packet.set(
-              new Uint8Array(data.buffer, data.byteOffset + p, nb),
-              this._packetPos
-            );
-          }
-        } else if (nb === this._len) {
-          this._packet = data;
+        let chunk;
+        if (p !== 0 || nb !== dataLen)
+          chunk = new Uint8Array(data.buffer, data.byteOffset + p, nb);
+        else
+          chunk = data;
+        if (nb === this._len) {
+          this._packet = chunk;
         } else {
           if (!this._packet)
             this._packet = Buffer.allocUnsafe(this._len);
-          this._packet.set(data, this._packetPos);
+          this._packet.set(chunk, this._packetPos);
         }
         p += nb;
         this._packetPos += nb;
@@ -1334,7 +1329,7 @@ class GenericDecipherBinding {
           this._len = need = readUInt32BE(this._block, 0);
         } else {
           // Decrypt first block to get packet length
-          this._instance.decryptBlock(this._block, this.inSeqno);
+          this._instance.decryptBlock(this._block);
           this._len = readUInt32BE(this._block, 0);
           need = 4 + this._len - this._block.length;
         }
@@ -1346,35 +1341,15 @@ class GenericDecipherBinding {
         }
 
         if (!this._macETM) {
-          const pktStart = (this._block.length - 4);
-          const startP = p - pktStart;
-          let endP;
-          if (p >= pktStart && (endP = startP + this._len) <= dataLen) {
-            // The entire packet exists within the current chunk, with the
-            // first block already decrypted
-            if (startP === 0 && endP === dataLen) {
-              this._packet = data;
-              this._pktLen = this._len;
-            } else {
-              this._packet = new FastBuffer(
-                data.buffer,
-                data.byteOffset + startP,
-                this._len
-              );
-              this._pktLen = this._len;
-            }
-            p = endP;
-          } else {
-            this._pktLen = pktStart;
-            if (this._pktLen) {
-              this._packet = Buffer.allocUnsafe(this._len);
-              this._packet.set(
-                new Uint8Array(this._block.buffer,
-                               this._block.byteOffset + 4,
-                               this._pktLen),
-                0
-              );
-            }
+          this._pktLen = (this._block.length - 4);
+          if (this._pktLen) {
+            this._packet = Buffer.allocUnsafe(this._len);
+            this._packet.set(
+              new Uint8Array(this._block.buffer,
+                             this._block.byteOffset + 4,
+                             this._pktLen),
+              0
+            );
           }
         }
 

package/lib/protocol/kex.js

@@ -79,7 +79,7 @@ function kexinit(self) {
     let kex = entry.array;
     let found = false;
     for (let i = 0; i < kex.length; ++i) {
-      if (kex[i].indexOf('group-exchange') !== -1) {
+      if (kex[i].includes('group-exchange')) {
         if (!found) {
           found = true;
           // Copy array lazily
@@ -101,9 +101,9 @@ function kexinit(self) {
       );
 
       payload = Buffer.allocUnsafe(len);
-      writeUInt32BE(payload, newKexBuf.length, 0);
-      payload.set(newKexBuf, 4);
-      payload.set(rest, 4 + newKexBuf.length);
+      writeUInt32BE(payload, newKexBuf.length, 17);
+      payload.set(newKexBuf, 17 + 4);
+      payload.set(rest, 17 + 4 + newKexBuf.length);
     }
   }
 
@@ -778,18 +778,7 @@ const createKeyExchange = (() => {
           this._protocol._packetRW.write.finalize(packet, true)
         );
       }
-      if (!this._sentNEWKEYS) {
-        this._protocol._debug && this._protocol._debug(
-          'Outbound: Sending NEWKEYS'
-        );
-        const p = this._protocol._packetRW.write.allocStartKEX;
-        const packet = this._protocol._packetRW.write.alloc(1, true);
-        packet[p] = MESSAGE.NEWKEYS;
-        this._protocol._cipher.encrypt(
-          this._protocol._packetRW.write.finalize(packet, true)
-        );
-        this._sentNEWKEYS = true;
-      }
+      trySendNEWKEYS(this);
 
       const completeHandshake = () => {
         if (!this.sessionID)
@@ -1180,6 +1169,8 @@ const createKeyExchange = (() => {
                 this._hostVerified = true;
                 if (this._receivedNEWKEYS)
                   this.finish();
+                else
+                  trySendNEWKEYS(this);
               });
             }
             if (ret === undefined) {
@@ -1203,6 +1194,7 @@ const createKeyExchange = (() => {
               'Host accepted (verified)'
             );
             this._hostVerified = true;
+            trySendNEWKEYS(this);
           }
           ++this._step;
           break;
@@ -1798,6 +1790,21 @@ function dhEstimate(neg) {
   return 8192;
 }
 
+function trySendNEWKEYS(kex) {
+  if (!kex._sentNEWKEYS) {
+    kex._protocol._debug && kex._protocol._debug(
+      'Outbound: Sending NEWKEYS'
+    );
+    const p = kex._protocol._packetRW.write.allocStartKEX;
+    const packet = kex._protocol._packetRW.write.alloc(1, true);
+    packet[p] = MESSAGE.NEWKEYS;
+    kex._protocol._cipher.encrypt(
+      kex._protocol._packetRW.write.finalize(packet, true)
+    );
+    kex._sentNEWKEYS = true;
+  }
+}
+
 module.exports = {
   KexInit,
   kexinit,

package/lib/protocol/keyParser.js

@@ -595,6 +595,8 @@ OpenSSH_Private.prototype = BaseKey;
     } else {
       ret = [];
     }
+    if (ret instanceof Error)
+      return ret;
     // This will need to change if/when OpenSSH ever starts storing multiple
     // keys in their key files
     return ret[0];

package/lib/protocol/utils.js

@@ -171,7 +171,7 @@ module.exports = {
   doFatalError: (protocol, msg, level, reason) => {
     let err;
     if (DISCONNECT_REASON === undefined)
-      ({ DISCONNECT_REASON } = require('./utils.js'));
+      ({ DISCONNECT_REASON } = require('./constants.js'));
     if (msg instanceof Error) {
       // doFatalError(protocol, err[, reason])
       err = msg;

package/lib/server.js

@@ -189,6 +189,7 @@ class Session extends EventEmitter {
 
     this.type = 'session';
     this.subtype = undefined;
+    this.server = true;
     this._ending = false;
     this._channel = undefined;
     this._chanInfo = {
@@ -351,6 +352,10 @@ class Server extends EventEmitter {
     this.maxConnections = Infinity;
   }
 
+  injectSocket(socket) {
+    this._srv.emit('connection', socket);
+  }
+
   listen(...args) {
     this._srv.listen(...args);
     return this;
@@ -552,6 +557,8 @@ class Client extends EventEmitter {
                 reason = CHANNEL_OPEN_FAILURE.CONNECT_FAILED;
             }
 
+            if (localChan !== -1)
+              this._chanMgr.remove(localChan);
             proto.channelOpenFail(info.sender, reason, '');
           };
           const reserveChannel = () => {
@@ -1194,6 +1201,7 @@ class Client extends EventEmitter {
 
     socket.pause();
     cryptoInit.then(() => {
+      proto.start();
       socket.on('data', (data) => {
         try {
           proto.parse(data, 0, data.length);

package/lib/utils.js

@@ -32,11 +32,17 @@ function onCHANNEL_CLOSE(self, recipient, channel, err, dead) {
     onChannelOpenFailure(self, recipient, err, channel);
     return;
   }
-  if (typeof channel !== 'object'
-      || channel === null
-      || channel.incoming.state === 'closed') {
+
+  if (typeof channel !== 'object' || channel === null)
+    return;
+
+  if (channel.incoming && channel.incoming.state === 'closed')
+    return;
+
+  self._chanMgr.remove(recipient);
+
+  if (channel.server && channel.constructor.name === 'Session')
     return;
-  }
 
   channel.incoming.state = 'closed';
 
@@ -58,8 +64,6 @@ function onCHANNEL_CLOSE(self, recipient, channel, err, dead) {
   if (channel.outgoing.state === 'closing')
     channel.outgoing.state = 'closed';
 
-  self._chanMgr.remove(recipient);
-
   const readState = channel._readableState;
   const writeState = channel._writableState;
   if (writeState && !writeState.ending && !writeState.finished && !dead)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@electerm/ssh2",
-  "version": "1.2.1",
+  "version": "1.9.0",
   "author": "Brian White <mscdex@mscdex.net>",
   "description": "SSH2 client and server modules written in pure JavaScript for node.js",
   "main": "./lib/index.js",
@@ -15,10 +15,6 @@
     "@mscdex/eslint-config": "^1.0.0",
     "eslint": "^7.0.0"
   },
-  "peerDependencies": {
-    "cpu-features": "0.0.2",
-    "nan": "^2.14.2"
-  },
   "scripts": {
     "install": "node install.js",
     "rebuild": "node install.js",