From 98c6e6496d19fcb61cfe1a761a873d3da171796c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 21 Jul 2014 10:27:39 -0700
Subject: [PATCH] GUAC-780: Ensure libgcrypt is initialized for pthreads if
 used by libssh2. OpenSSL should be OK.

---
 configure.ac                   | 21 +++++++++++++++++++++
 src/protocols/ssh/ssh_client.c | 16 ++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/configure.ac b/configure.ac
index c4dd723a..f0c1bb3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -612,6 +612,27 @@ AM_CONDITIONAL([ENABLE_SSH], [test "x${have_libssh2}"  = "xyes" \
 
 AC_SUBST(SSH_LIBS)
 
+#
+# Underlying crypto library usage of libssh2
+#
+
+if test "x${have_libssh2}" = "xyes"
+then
+
+    # Whether libssh2 was built against libgcrypt
+    AC_CHECK_LIB([ssh2], [gcry_control],
+                         [AC_CHECK_HEADER(gcrypt.h,
+                                          [AC_DEFINE([LIBSSH2_USES_GCRYPT],,
+                                                     [Whether libssh2 was built against libgcrypt])],
+                                          [AC_MSG_WARN([
+  --------------------------------------------
+   libssh2 appears to be built against libgcrypt, but the libgcrypt headers
+   could not be found. SSH will be disabled.
+  --------------------------------------------])
+                                           have_libssh2=no])])
+
+fi
+
 #
 # Agent forwarding support within libssh2
 #
diff --git a/src/protocols/ssh/ssh_client.c b/src/protocols/ssh/ssh_client.c
index 3dabdaf2..5e3fea12 100644
--- a/src/protocols/ssh/ssh_client.c
+++ b/src/protocols/ssh/ssh_client.c
@@ -38,6 +38,10 @@
 #include <guacamole/socket.h>
 #include <openssl/ssl.h>
 
+#ifdef LIBSSH2_USES_GCRYPT
+#include <gcrypt.h>
+#endif
+
 #include <errno.h>
 #include <netdb.h>
 #include <netinet/in.h>
@@ -260,6 +264,10 @@ static LIBSSH2_SESSION* __guac_ssh_create_session(guac_client* client,
 
 }
 
+#ifdef LIBSSH2_USES_GCRYPT
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
 void* ssh_client_thread(void* data) {
 
     guac_client* client = (guac_client*) data;
@@ -275,6 +283,14 @@ void* ssh_client_thread(void* data) {
 
     pthread_t input_thread;
 
+#ifdef LIBSSH2_USES_GCRYPT
+    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+    if (!gcry_check_version(GCRYPT_VERSION)) {
+        guac_client_log_error(client, "libgcrypt version mismatch.");
+        return NULL;
+    }
+#endif
+
     SSL_library_init();
     libssh2_init(0);