40 files changed, 510 insertions, 497 deletions
diff --git a/ChangeLog b/ChangeLog
index a663e1210..a7497b581 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,17 @@
     [ssh-keygen.c]
     try to decode ssh-3.0.0 private rsa keys
     (allow migration to openssh, not vice versa), #910
+   - itojun@cvs.openbsd.org 2001/06/23 15:12:20
+     [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c 
+      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c 
+      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c 
+      readpass.c scp.c servconf.c serverloop.c session.c sftp.c 
+      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c 
+      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c 
+      ssh-keygen.c ssh-keyscan.c]
+     more strict prototypes.  raise warning level in Makefile.inc.  
+     markus ok'ed
+     TODO; cleanup headers
 20010622
 - (stevesk) handle systems without pw_expire and pw_change.
@@ -5751,4 +5762,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1314 2001/06/25 04:47:54 mouring Exp $
+$Id: ChangeLog,v 1.1315 2001/06/25 05:01:22 mouring Exp $
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 324a0f925..9ba64dbc3 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.23 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -34,7 +34,7 @@ extern ServerOptions options;
 * based on the file, and returns zero otherwise.
 */
-int
+static int
 check_rhosts_file(const char *filename, const char *hostname,
                  const char *ipaddr, const char *client_user,
                  const char *server_user)
diff --git a/auth1.c b/auth1.c
index 5ab6b06f1..d5b7fa7c8 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.23 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -35,7 +35,7 @@ extern char *aixloginmsg;
 /*
 * convert ssh auth msg type into description
 */
-char *
+static char *
 get_authname(int type)
 {
        static char buf[1024];
@@ -64,7 +64,7 @@ get_authname(int type)
 * read packets, try to authenticate the user and
 * return only if authentication is successful
 */
-void
+static void
 do_authloop(Authctxt *authctxt)
 {
        int authenticated = 0;
diff --git a/auth2-chall.c b/auth2-chall.c
index be741010e..5afd7d769 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.6 2001/06/03 20:06:11 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.7 2001/06/23 15:12:17 itojun Exp $");
 #include "ssh2.h"
 #include "auth.h"
@@ -33,9 +33,9 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.6 2001/06/03 20:06:11 markus Exp $");
 #include "auth.h"
 #include "log.h"
-static int auth2_challenge_start(Authctxt *authctxt);
+static int auth2_challenge_start(Authctxt *);
-static int send_userauth_info_request(Authctxt *authctxt);
+static int send_userauth_info_request(Authctxt *);
-static void input_userauth_info_response(int type, int plen, void *ctxt);
+static void input_userauth_info_response(int, int, void *);
 #ifdef BSD_AUTH
 extern KbdintDevice bsdauth_device;
@@ -64,7 +64,7 @@ struct KbdintAuthctxt
        KbdintDevice *device;
 };
-KbdintAuthctxt *
+static KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
        KbdintAuthctxt *kbdintctxt;
@@ -89,7 +89,7 @@ kbdint_alloc(const char *devs)
        return kbdintctxt;
 }
-void
+static void
 kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
 {
        if (kbdintctxt->ctxt) {
@@ -98,7 +98,7 @@ kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
        }
        kbdintctxt->device = NULL;
 }
-void
+static void
 kbdint_free(KbdintAuthctxt *kbdintctxt)
 {
        if (kbdintctxt->device)
@@ -110,7 +110,7 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
        xfree(kbdintctxt);
 }
 /* get next device */
-int
+static int
 kbdint_next_device(KbdintAuthctxt *kbdintctxt)
 {
        size_t len;
diff --git a/auth2.c b/auth2.c
index 272683bb2..ca0526649 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.65 2001/06/23 03:04:43 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.66 2001/06/23 15:12:17 itojun Exp $");
 #include <openssl/evp.h>
@@ -74,25 +74,23 @@ struct Authmethod {
 /* protocol */
-void    input_service_request(int type, int plen, void *ctxt);
+static void input_service_request(int, int, void *);
-void    input_userauth_request(int type, int plen, void *ctxt);
+static void input_userauth_request(int, int, void *);
-void    protocol_error(int type, int plen, void *ctxt);
+static void protocol_error(int, int, void *);
 /* helper */
-Authmethod      *authmethod_lookup(const char *name);
+static Authmethod *authmethod_lookup(const char *);
-char    *authmethods_get(void);
+char *authmethods_get(void);
-int     user_key_allowed(struct passwd *pw, Key *key);
+static int user_key_allowed(struct passwd *, Key *);
-int
+static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
-hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-    Key *key);
 /* auth */
-void    userauth_banner(void);
+static void userauth_banner(void);
-int     userauth_none(Authctxt *authctxt);
+static int userauth_none(Authctxt *);
-int     userauth_passwd(Authctxt *authctxt);
+static int userauth_passwd(Authctxt *);
-int     userauth_pubkey(Authctxt *authctxt);
+static int userauth_pubkey(Authctxt *);
-int     userauth_hostbased(Authctxt *authctxt);
+static int userauth_hostbased(Authctxt *);
-int     userauth_kbdint(Authctxt *authctxt);
+static int userauth_kbdint(Authctxt *);
 Authmethod authmethods[] = {
        {"none",
@@ -136,7 +134,7 @@ do_authentication2()
        do_authenticated(authctxt);
 }
-void
+static void
 protocol_error(int type, int plen, void *ctxt)
 {
        log("auth: protocol error: type %d plen %d", type, plen);
@@ -146,7 +144,7 @@ protocol_error(int type, int plen, void *ctxt)
        packet_write_wait();
 }
-void
+static void
 input_service_request(int type, int plen, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
@@ -179,7 +177,7 @@ input_service_request(int type, int plen, void *ctxt)
        xfree(service);
 }
-void
+static void
 input_userauth_request(int type, int plen, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
@@ -297,7 +295,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
        }
 }
-void
+static void
 userauth_banner(void)
 {
        struct stat st;
@@ -328,7 +326,7 @@ done:
        return;
 }
-int
+static int
 userauth_none(Authctxt *authctxt)
 {
        /* disable method "none", only allowed one time */
@@ -354,7 +352,7 @@ userauth_none(Authctxt *authctxt)
 #endif /* USE_PAM */
 }
-int
+static int
 userauth_passwd(Authctxt *authctxt)
 {
        char *password;
@@ -383,7 +381,7 @@ userauth_passwd(Authctxt *authctxt)
        return authenticated;
 }
-int
+static int
 userauth_kbdint(Authctxt *authctxt)
 {
        int authenticated = 0;
@@ -411,7 +409,7 @@ userauth_kbdint(Authctxt *authctxt)
        return authenticated;
 }
-int
+static int
 userauth_pubkey(Authctxt *authctxt)
 {
        Buffer b;
@@ -517,7 +515,7 @@ userauth_pubkey(Authctxt *authctxt)
        return authenticated;
 }
-int
+static int
 userauth_hostbased(Authctxt *authctxt)
 {
        Buffer b;
@@ -634,7 +632,7 @@ authmethods_get(void)
        return list;
 }
-Authmethod *
+static Authmethod *
 authmethod_lookup(const char *name)
 {
        Authmethod *method = NULL;
@@ -649,7 +647,7 @@ authmethod_lookup(const char *name)
 }
 /* return 1 if user allows given key */
-int
+static int
 user_key_allowed2(struct passwd *pw, Key *key, char *file)
 {
        char line[8192];
@@ -737,7 +735,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 }
 /* check whether given key is in .ssh/authorized_keys* */
-int
+static int
 user_key_allowed(struct passwd *pw, Key *key)
 {
        int success;
@@ -757,7 +755,7 @@ user_key_allowed(struct passwd *pw, Key *key)
 }
 /* return 1 if given hostkey is allowed */
-int
+static int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
    Key *key)
 {
diff --git a/authfd.c b/authfd.c
index 9f47b0ae8..dfa33a978 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.40 2001/06/07 20:23:03 markus Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.41 2001/06/23 15:12:17 itojun Exp $");
 #include <openssl/evp.h>
@@ -96,7 +96,7 @@ ssh_get_authentication_socket(void)
        return sock;
 }
-int
+static int
 ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
 {
        int l, len;
@@ -419,7 +419,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
 /* Encode key for a message to the agent. */
-void
+static void
 ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
 {
        buffer_clear(b);
@@ -435,7 +435,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
        buffer_put_cstring(b, comment);
 }
-void
+static void
 ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
 {
        buffer_clear(b);
diff --git a/authfile.c b/authfile.c
index c4da9aad3..b4b985c95 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.36 2001/06/07 20:23:03 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.37 2001/06/23 15:12:17 itojun Exp $");
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -62,7 +62,7 @@ static const char authfile_id_string[] =
 * passphrase.
 */
-int
+static int
 key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
    const char *comment)
 {
@@ -159,7 +159,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
 }
 /* save SSH v2 key in OpenSSL PEM format */
-int
+static int
 key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
    const char *comment)
 {
@@ -226,7 +226,7 @@ key_save_private(Key *key, const char *filename, const char *passphrase,
 * otherwise.
 */
-Key *
+static Key *
 key_load_public_rsa1(int fd, const char *filename, char **commentp)
 {
        Buffer buffer;
@@ -306,7 +306,7 @@ key_load_public_type(int type, const char *filename, char **commentp)
 * Assumes we are called under uid of the owner of the file.
 */
-Key *
+static Key *
 key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
    char **commentp)
 {
@@ -430,7 +430,7 @@ fail:
        return NULL;
 }
-Key *
+static Key *
 key_load_private_pem(int fd, int type, const char *passphrase,
    char **commentp)
 {
@@ -481,7 +481,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
        return prv;
 }
-int
+static int
 key_perm_ok(int fd, const char *filename)
 {
        struct stat st;
@@ -571,7 +571,7 @@ key_load_private(const char *filename, const char *passphrase,
        return prv;
 }
-int
+static int
 key_try_load_public(Key *k, const char *filename, char **commentp)
 {
        FILE *f;
diff --git a/canohost.c b/canohost.c
index 5d345eb27..6e6a04505 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,21 +12,21 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.26 2001/04/18 14:15:00 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.27 2001/06/23 15:12:17 itojun Exp $");
 #include "packet.h"
 #include "xmalloc.h"
 #include "log.h"
 #include "canohost.h"
-void    check_ip_options(int socket, char *ipaddr);
+static void check_ip_options(int, char *);
 /*
 * Return the canonical name of the host at the other end of the socket. The
 * caller should free the returned string with xfree.
 */
-char *
+static char *
 get_remote_hostname(int socket, int reverse_mapping_check)
 {
        struct sockaddr_storage from;
@@ -140,7 +140,7 @@ get_remote_hostname(int socket, int reverse_mapping_check)
 * exit here if we detect any IP options.
 */
 /* IPv4 only */
-void
+static void
 check_ip_options(int socket, char *ipaddr)
 {
        u_char options[200];
@@ -202,7 +202,7 @@ get_canonical_hostname(int reverse_mapping_check)
 * Returns the remote IP-address of socket as a string.  The returned
 * string must be freed.
 */
-char *
+static char *
 get_socket_address(int socket, int remote, int flags)
 {
        struct sockaddr_storage addr;
@@ -293,7 +293,7 @@ get_remote_name_or_ip(u_int utmp_len, int reverse_mapping_check)
 /* Returns the local/remote port for the socket. */
-int
+static int
 get_sock_port(int sock, int local)
 {
        struct sockaddr_storage from;
@@ -323,7 +323,7 @@ get_sock_port(int sock, int local)
 /* Returns remote/local port number for the current connection. */
-int
+static int
 get_port(int local)
 {
        /*
diff --git a/channels.c b/channels.c
index d9513fada..ce4c5952d 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.126 2001/06/20 13:56:39 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.127 2001/06/23 15:12:17 itojun Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -133,12 +133,11 @@ static u_int x11_fake_data_len;
 static char *auth_sock_name = NULL;
 static char *auth_sock_dir = NULL;
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
 /* helper */
-void    port_open_helper(Channel *c, char *rtype);
+static void port_open_helper(Channel *c, char *rtype);
 /* -- channel core */
@@ -164,7 +163,7 @@ channel_lookup(int id)
 * when the channel consumer/producer is ready, e.g. shell exec'd
 */
-void
+static void
 channel_register_fds(Channel *c, int rfd, int wfd, int efd,
    int extusage, int nonblock)
 {
@@ -270,7 +269,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
 /* Close all channel fd/socket. */
-void
+static void
 channel_close_fds(Channel *c)
 {
        debug3("channel_close_fds: channel %d: r %d w %d e %d",
@@ -633,20 +632,20 @@ typedef void chan_fn(Channel *c, fd_set * readset, fd_set * writeset);
 chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE];
 chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE];
-void
+static void
 channel_pre_listener(Channel *c, fd_set * readset, fd_set * writeset)
 {
        FD_SET(c->sock, readset);
 }
-void
+static void
 channel_pre_connecting(Channel *c, fd_set * readset, fd_set * writeset)
 {
        debug3("channel %d: waiting for connection", c->self);
        FD_SET(c->sock, writeset);
 }
-void
+static void
 channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset)
 {
        if (buffer_len(&c->input) < packet_get_maxsize())
@@ -655,7 +654,7 @@ channel_pre_open_13(Channel *c, fd_set * readset, fd_set * writeset)
                FD_SET(c->sock, writeset);
 }
-void
+static void
 channel_pre_open_15(Channel *c, fd_set * readset, fd_set * writeset)
 {
        /* test whether sockets are 'alive' for read/write */
@@ -672,7 +671,7 @@ channel_pre_open_15(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 channel_pre_open_20(Channel *c, fd_set * readset, fd_set * writeset)
 {
        if (c->istate == CHAN_INPUT_OPEN &&
@@ -698,7 +697,7 @@ channel_pre_open_20(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
 {
        if (buffer_len(&c->input) == 0) {
@@ -710,7 +709,7 @@ channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset)
 {
        if (buffer_len(&c->output) == 0)
@@ -728,7 +727,7 @@ channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset)
 * XXX All this happens at the client side.
 * Returns: 0 = need more data, -1 = wrong cookie, 1 = ok
 */
-int
+static int
 x11_open_helper(Buffer *b)
 {
        u_char *ucp;
@@ -786,7 +785,7 @@ x11_open_helper(Buffer *b)
        return 1;
 }
-void
+static void
 channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
 {
        int ret = x11_open_helper(&c->output);
@@ -811,7 +810,7 @@ channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
 {
        int ret = x11_open_helper(&c->output);
@@ -830,7 +829,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
 }
 /* try to decode a socks4 header */
-int
+static int
 channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
 {
        u_char *p, *host;
@@ -900,7 +899,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
 }
 /* dynamic port forwarding */
-void
+static void
 channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
 {
        u_char *p;
@@ -940,7 +939,7 @@ channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
 }
 /* This is our fake X11 server socket. */
-void
+static void
 channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
 {
        Channel *nc;
@@ -998,7 +997,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 port_open_helper(Channel *c, char *rtype)
 {
        int direct;
@@ -1052,7 +1051,7 @@ port_open_helper(Channel *c, char *rtype)
 /*
 * This socket is listening for connections to a forwarded TCP/IP port.
 */
-void
+static void
 channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
 {
        Channel *nc;
@@ -1100,7 +1099,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
 * This is the authentication agent socket listening for connections from
 * clients.
 */
-void
+static void
 channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
 {
        Channel *nc;
@@ -1140,7 +1139,7 @@ channel_post_auth_listener(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
 {
        int err = 0;
@@ -1187,7 +1186,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-int
+static int
 channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
 {
        char buf[16*1024];
@@ -1225,7 +1224,7 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
        }
        return 1;
 }
-int
+static int
 channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
 {
        struct termios tio;
@@ -1273,7 +1272,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
        }
        return 1;
 }
-int
+static int
 channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
 {
        char buf[16*1024];
@@ -1318,7 +1317,7 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
        }
        return 1;
 }
-int
+static int
 channel_check_window(Channel *c)
 {
        if (c->type == SSH_CHANNEL_OPEN &&
@@ -1338,14 +1337,14 @@ channel_check_window(Channel *c)
        return 1;
 }
-void
+static void
 channel_post_open_1(Channel *c, fd_set * readset, fd_set * writeset)
 {
        channel_handle_rfd(c, readset, writeset);
        channel_handle_wfd(c, readset, writeset);
 }
-void
+static void
 channel_post_open_2(Channel *c, fd_set * readset, fd_set * writeset)
 {
        channel_handle_rfd(c, readset, writeset);
@@ -1355,7 +1354,7 @@ channel_post_open_2(Channel *c, fd_set * readset, fd_set * writeset)
        channel_check_window(c);
 }
-void
+static void
 channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
 {
        int len;
@@ -1370,7 +1369,7 @@ channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
        }
 }
-void
+static void
 channel_handler_init_20(void)
 {
        channel_pre[SSH_CHANNEL_OPEN] =                 &channel_pre_open_20;
@@ -1391,7 +1390,7 @@ channel_handler_init_20(void)
        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_open_2;
 }
-void
+static void
 channel_handler_init_13(void)
 {
        channel_pre[SSH_CHANNEL_OPEN] =                 &channel_pre_open_13;
@@ -1413,7 +1412,7 @@ channel_handler_init_13(void)
        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_open_1;
 }
-void
+static void
 channel_handler_init_15(void)
 {
        channel_pre[SSH_CHANNEL_OPEN] =                 &channel_pre_open_15;
@@ -1432,7 +1431,7 @@ channel_handler_init_15(void)
        channel_post[SSH_CHANNEL_DYNAMIC] =             &channel_post_open_1;
 }
-void
+static void
 channel_handler_init(void)
 {
        int i;
@@ -1448,7 +1447,7 @@ channel_handler_init(void)
                channel_handler_init_15();
 }
-void
+static void
 channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
 {
        static int did_init = 0;
@@ -1828,7 +1827,7 @@ channel_input_open_confirmation(int type, int plen, void *ctxt)
        }
 }
-char *
+static char *
 reason2txt(int reason)
 {
        switch(reason) {
@@ -2220,7 +2219,7 @@ channel_clear_permitted_opens(void)
 /* return socket to remote host, port */
-int
+static int
 connect_to(const char *host, u_short port)
 {
        struct addrinfo hints, *ai, *aitop;
@@ -2455,8 +2454,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
 #define X_UNIX_PATH "/tmp/.X11-unix/X"
 #endif
-static
+static int
-int
 connect_local_xsocket(u_int dnr)
 {
        static const char *const x_sockets[] = {
diff --git a/cipher.c b/cipher.c
index fd93299ed..a7aacf284 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.44 2001/05/28 22:51:10 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.45 2001/06/23 15:12:18 itojun Exp $");
 #include "xmalloc.h"
 #include "log.h"
@@ -43,24 +43,23 @@ RCSID("$OpenBSD: cipher.c,v 1.44 2001/05/28 22:51:10 markus Exp $");
 #include <openssl/md5.h>
 /* no encryption */
-void
+static void
 none_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
 }
-void
+static void
 none_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
 }
-void
+static void
 none_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        memcpy(dest, src, len);
 }
 /* DES */
-void
+static void
 des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        static int dowarn = 1;
@@ -71,18 +70,18 @@ des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
        }
        des_set_key((void *)key, cc->u.des.key);
 }
-void
+static void
 des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
        memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv));
 }
-void
+static void
 des_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
            DES_ENCRYPT);
 }
-void
+static void
 des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
@@ -90,14 +89,14 @@ des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 }
 /* 3DES */
-void
+static void
 des3_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        des_set_key((void *) key, cc->u.des3.key1);
        des_set_key((void *) (key+8), cc->u.des3.key2);
        des_set_key((void *) (key+16), cc->u.des3.key3);
 }
-void
+static void
 des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
        memset(cc->u.des3.iv1, 0, sizeof(cc->u.des3.iv1));
@@ -107,14 +106,14 @@ des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
                return;
        memcpy(cc->u.des3.iv3, (char *)iv, 8);
 }
-void
+static void
 des3_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        des_ede3_cbc_encrypt(src, dest, len,
            cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
            &cc->u.des3.iv3, DES_ENCRYPT);
 }
-void
+static void
 des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        des_ede3_cbc_encrypt(src, dest, len,
@@ -136,7 +135,7 @@ des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 * result of that there is no longer any known iv1 to use when
 * choosing the X block.
 */
-void
+static void
 des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        des_set_key((void *) key, cc->u.des3.key1);
@@ -146,7 +145,7 @@ des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
        else
                des_set_key((void *) (key+16), cc->u.des3.key3);
 }
-void
+static void
 des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
    u_int len)
 {
@@ -157,7 +156,7 @@ des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
        des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
            DES_ENCRYPT);
 }
-void
+static void
 des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
    u_int len)
 {
@@ -170,12 +169,12 @@ des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
 }
 /* Blowfish */
-void
+static void
 blowfish_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        BF_set_key(&cc->u.bf.key, keylen, (u_char *)key);
 }
-void
+static void
 blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
        if (iv == NULL)
@@ -183,14 +182,14 @@ blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
        else
                memcpy(cc->u.bf.iv, (char *)iv, 8);
 }
-void
+static void
 blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
     u_int len)
 {
        BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
            BF_ENCRYPT);
 }
-void
+static void
 blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
     u_int len)
 {
@@ -221,7 +220,7 @@ swap_bytes(const u_char *src, u_char *dst, int n)
        }
 }
-void
+static void
 blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
    u_int len)
 {
@@ -230,7 +229,7 @@ blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
            BF_ENCRYPT);
        swap_bytes(dest, dest, len);
 }
-void
+static void
 blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
    u_int len)
 {
@@ -241,37 +240,37 @@ blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
 }
 /* alleged rc4 */
-void
+static void
 arcfour_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        RC4_set_key(&cc->u.rc4, keylen, (u_char *)key);
 }
-void
+static void
 arcfour_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        RC4(&cc->u.rc4, len, (u_char *)src, dest);
 }
 /* CAST */
-void
+static void
 cast_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        CAST_set_key(&cc->u.cast.key, keylen, (u_char *) key);
 }
-void
+static void
 cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
        if (iv == NULL)
                fatal("no IV for %s.", cc->cipher->name);
        memcpy(cc->u.cast.iv, (char *)iv, 8);
 }
-void
+static void
 cast_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
            CAST_ENCRYPT);
 }
-void
+static void
 cast_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
@@ -281,20 +280,20 @@ cast_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 /* RIJNDAEL */
 #define RIJNDAEL_BLOCKSIZE 16
-void
+static void
 rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 {
        rijndael_set_key(&cc->u.rijndael.enc, (u4byte *)key, 8*keylen, 1);
        rijndael_set_key(&cc->u.rijndael.dec, (u4byte *)key, 8*keylen, 0);
 }
-void
+static void
 rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
        if (iv == NULL)
                fatal("no IV for %s.", cc->cipher->name);
        memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
 }
-void
+static void
 rijndael_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
    u_int len)
 {
@@ -321,7 +320,7 @@ rijndael_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
        memcpy(iv, cprev, RIJNDAEL_BLOCKSIZE);
 }
-void
+static void
 rijndael_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
    u_int len)
 {
diff --git a/clientloop.c b/clientloop.c
index a62a71131..c96aea56f 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.76 2001/06/20 13:56:39 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.77 2001/06/23 15:12:18 itojun Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -124,7 +124,7 @@ static int connection_out;	/* Connection to server (output). */
 static int need_rekeying;       /* Set to non-zero if rekeying is requested. */
 static int session_closed = 0;  /* In SSH2: login session closed. */
-void    client_init_dispatch(void);
+static void client_init_dispatch(void);
 int     session_ident = -1;
 /*XXX*/
@@ -132,7 +132,7 @@ extern Kex *xxx_kex;
 /* Restores stdin to blocking mode. */
-void
+static void
 leave_non_blocking(void)
 {
        if (in_non_blocking_mode) {
@@ -144,7 +144,7 @@ leave_non_blocking(void)
 /* Puts stdin terminal in non-blocking mode. */
-void
+static void
 enter_non_blocking(void)
 {
        in_non_blocking_mode = 1;
@@ -157,7 +157,7 @@ enter_non_blocking(void)
 * flag indicating that the window has changed.
 */
-void
+static void
 window_change_handler(int sig)
 {
        received_window_change_signal = 1;
@@ -169,7 +169,7 @@ window_change_handler(int sig)
 * signals must be trapped to restore terminal modes.
 */
-void
+static void
 signal_handler(int sig)
 {
        received_signal = sig;
@@ -181,7 +181,7 @@ signal_handler(int sig)
 * available resolution.
 */
-double
+static double
 get_current_time(void)
 {
        struct timeval tv;
@@ -195,7 +195,7 @@ get_current_time(void)
 * not appear to wake up when redirecting from /dev/null.
 */
-void
+static void
 client_check_initial_eof_on_stdin(void)
 {
        int len;
@@ -247,7 +247,7 @@ client_check_initial_eof_on_stdin(void)
 * connection.
 */
-void
+static void
 client_make_packets_from_stdin_data(void)
 {
        u_int len;
@@ -279,7 +279,7 @@ client_make_packets_from_stdin_data(void)
 * appropriate.
 */
-void
+static void
 client_check_window_change(void)
 {
        struct winsize ws;
@@ -316,7 +316,7 @@ client_check_window_change(void)
 * one of the file descriptors).
 */
-void
+static void
 client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
    int *maxfdp, int rekeying)
 {
@@ -384,7 +384,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
        }
 }
-void
+static void
 client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
 {
        struct winsize oldws, newws;
@@ -427,7 +427,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
        enter_raw_mode();
 }
-void
+static void
 client_process_net_input(fd_set * readset)
 {
        int len;
@@ -468,7 +468,7 @@ client_process_net_input(fd_set * readset)
 }
 /* process the characters one by one */
-int
+static int
 process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
 {
        char string[1024];
@@ -618,7 +618,7 @@ Supported escape sequences:\r\n\
        return bytes;
 }
-void
+static void
 client_process_input(fd_set * readset)
 {
        int len;
@@ -671,7 +671,7 @@ client_process_input(fd_set * readset)
        }
 }
-void
+static void
 client_process_output(fd_set * writeset)
 {
        int len;
@@ -732,7 +732,7 @@ client_process_output(fd_set * writeset)
 * preparatory phase.
 */
-void
+static void
 client_process_buffered_input_packets(void)
 {
        dispatch_run(DISPATCH_NONBLOCK, &quit_pending, compat20 ? xxx_kex : NULL);
@@ -740,14 +740,14 @@ client_process_buffered_input_packets(void)
 /* scan buf[] for '~' before sending data to the peer */
-int
+static int
 simple_escape_filter(Channel *c, char *buf, int len)
 {
        /* XXX we assume c->extended is writeable */
        return process_escapes(&c->input, &c->output, &c->extended, buf, len);
 }
-void
+static void
 client_channel_closed(int id, void *arg)
 {
        if (id != session_ident)
@@ -1000,7 +1000,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 /*********/
-void
+static void
 client_input_stdout_data(int type, int plen, void *ctxt)
 {
        u_int data_len;
@@ -1010,7 +1010,7 @@ client_input_stdout_data(int type, int plen, void *ctxt)
        memset(data, 0, data_len);
        xfree(data);
 }
-void
+static void
 client_input_stderr_data(int type, int plen, void *ctxt)
 {
        u_int data_len;
@@ -1020,7 +1020,7 @@ client_input_stderr_data(int type, int plen, void *ctxt)
        memset(data, 0, data_len);
        xfree(data);
 }
-void
+static void
 client_input_exit_status(int type, int plen, void *ctxt)
 {
        packet_integrity_check(plen, 4, type);
@@ -1037,7 +1037,7 @@ client_input_exit_status(int type, int plen, void *ctxt)
        quit_pending = 1;
 }
-Channel *
+static Channel *
 client_request_forwarded_tcpip(const char *request_type, int rchan)
 {
        Channel* c = NULL;
@@ -1074,7 +1074,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
        return c;
 }
-Channel*
+static Channel*
 client_request_x11(const char *request_type, int rchan)
 {
        Channel *c = NULL;
@@ -1113,7 +1113,7 @@ client_request_x11(const char *request_type, int rchan)
        return c;
 }
-Channel*
+static Channel*
 client_request_agent(const char *request_type, int rchan)
 {
        Channel *c = NULL;
@@ -1139,7 +1139,7 @@ client_request_agent(const char *request_type, int rchan)
 }
 /* XXXX move to generic input handler */
-void
+static void
 client_input_channel_open(int type, int plen, void *ctxt)
 {
        Channel *c = NULL;
@@ -1191,7 +1191,7 @@ client_input_channel_open(int type, int plen, void *ctxt)
        }
        xfree(ctype);
 }
-void
+static void
 client_input_channel_req(int type, int plen, void *ctxt)
 {
        Channel *c = NULL;
@@ -1228,7 +1228,7 @@ client_input_channel_req(int type, int plen, void *ctxt)
        xfree(rtype);
 }
-void
+static void
 client_init_dispatch_20(void)
 {
        dispatch_init(&dispatch_protocol_error);
@@ -1245,7 +1245,7 @@ client_init_dispatch_20(void)
        /* rekeying */
        dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
 }
-void
+static void
 client_init_dispatch_13(void)
 {
        dispatch_init(NULL);
@@ -1264,7 +1264,7 @@ client_init_dispatch_13(void)
        dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
            &x11_input_open : &deny_input_open);
 }
-void
+static void
 client_init_dispatch_15(void)
 {
        client_init_dispatch_13();
diff --git a/deattack.c b/deattack.c
index 36023e0d3..1a89be4b8 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: deattack.c,v 1.13 2001/03/01 02:45:10 deraadt Exp $   */
+/*      $OpenBSD: deattack.c,v 1.14 2001/06/23 15:12:18 itojun Exp $    */
 /*
 * Cryptographic attack detector for ssh - source code
@@ -46,8 +46,7 @@
 #define CMP(a, b)       (memcmp(a, b, SSH_BLOCKSIZE))
+static void
-void
 crc_update(u_int32_t *a, u_int32_t b)
 {
        b ^= *a;
@@ -55,7 +54,7 @@ crc_update(u_int32_t *a, u_int32_t b)
 }
 /* detect if a block is used in a particular pattern */
-int
+static int
 check_crc(u_char *S, u_char *buf, u_int32_t len,
          u_char *IV)
 {
diff --git a/dh.c b/dh.c
index 66eb95545..fa2508af7 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.16 2001/06/22 21:57:59 provos Exp $");
+RCSID("$OpenBSD: dh.c,v 1.17 2001/06/23 15:12:18 itojun Exp $");
 #include "xmalloc.h"
@@ -39,7 +39,7 @@ RCSID("$OpenBSD: dh.c,v 1.16 2001/06/22 21:57:59 provos Exp $");
 #include "log.h"
 #include "misc.h"
-int
+static int
 parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
        char *cp, *arg;
diff --git a/hostfile.c b/hostfile.c
index d532bd6ad..39a1a8313 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.26 2001/04/12 19:15:24 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.27 2001/06/23 15:12:18 itojun Exp $");
 #include "packet.h"
 #include "match.h"
@@ -49,7 +49,7 @@ RCSID("$OpenBSD: hostfile.c,v 1.26 2001/04/12 19:15:24 markus Exp $");
 * pointer over the key.  Skips any whitespace at the beginning and at end.
 */
-int
+static int
 hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
 {
        char *cp;
@@ -82,7 +82,7 @@ auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n)
        return ret;
 }
-int
+static int
 hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum)
 {
        if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
diff --git a/kex.c b/kex.c
index 6b68ba504..25b3b8f8a 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.34 2001/04/30 15:50:46 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.35 2001/06/23 15:12:18 itojun Exp $");
 #include <openssl/crypto.h>
@@ -43,11 +43,12 @@ RCSID("$OpenBSD: kex.c,v 1.34 2001/04/30 15:50:46 markus Exp $");
 #define KEX_COOKIE_LEN  16
-void    kex_kexinit_finish(Kex *kex);
+/* prototype */
-void    kex_choose_conf(Kex *k);
+static void kex_kexinit_finish(Kex *);
+static void kex_choose_conf(Kex *);
 /* put algorithm proposal into buffer */
-void
+static void
 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 {
        u_int32_t rand = 0;
@@ -67,7 +68,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
 }
 /* parse buffer and return algorithm proposal */
-char **
+static char **
 kex_buf2prop(Buffer *raw)
 {
        Buffer b;
@@ -95,7 +96,7 @@ kex_buf2prop(Buffer *raw)
        return proposal;
 }
-void
+static void
 kex_prop_free(char **proposal)
 {
        int i;
@@ -105,13 +106,13 @@ kex_prop_free(char **proposal)
        xfree(proposal);
 }
-void
+static void
 kex_protocol_error(int type, int plen, void *ctxt)
 {
        error("Hm, kex protocol error: type %d plen %d", type, plen);
 }
-void
+static void
 kex_clear_dispatch(void)
 {
        int i;
@@ -210,7 +211,7 @@ kex_setup(char *proposal[PROPOSAL_MAX])
        return kex;
 }
-void
+static void
 kex_kexinit_finish(Kex *kex)
 {
        if (!(kex->flags & KEX_INIT_SENT))
@@ -230,7 +231,7 @@ kex_kexinit_finish(Kex *kex)
        }
 }
-void
+static void
 choose_enc(Enc *enc, char *client, char *server)
 {
        char *name = match_list(client, server, NULL);
@@ -244,7 +245,7 @@ choose_enc(Enc *enc, char *client, char *server)
        enc->iv = NULL;
        enc->key = NULL;
 }
-void
+static void
 choose_mac(Mac *mac, char *client, char *server)
 {
        char *name = match_list(client, server, NULL);
@@ -259,7 +260,7 @@ choose_mac(Mac *mac, char *client, char *server)
        mac->key = NULL;
        mac->enabled = 0;
 }
-void
+static void
 choose_comp(Comp *comp, char *client, char *server)
 {
        char *name = match_list(client, server, NULL);
@@ -274,7 +275,7 @@ choose_comp(Comp *comp, char *client, char *server)
        }
        comp->name = name;
 }
-void
+static void
 choose_kex(Kex *k, char *client, char *server)
 {
        k->name = match_list(client, server, NULL);
@@ -287,7 +288,7 @@ choose_kex(Kex *k, char *client, char *server)
        } else
                fatal("bad kex alg %s", k->name);
 }
-void
+static void
 choose_hostkeyalg(Kex *k, char *client, char *server)
 {
        char *hostkeyalg = match_list(client, server, NULL);
@@ -299,7 +300,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
        xfree(hostkeyalg);
 }
-void
+static void
 kex_choose_conf(Kex *kex)
 {
        Newkeys *newkeys;
@@ -359,7 +360,7 @@ kex_choose_conf(Kex *kex)
        kex_prop_free(peer);
 }
-u_char *
+static u_char *
 derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
 {
        Buffer b;
diff --git a/kexdh.c b/kexdh.c
index d7f90b756..3e96a1ab3 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.5 2001/06/23 02:34:29 markus Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.6 2001/06/23 15:12:18 itojun Exp $");
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
@@ -38,7 +38,7 @@ RCSID("$OpenBSD: kexdh.c,v 1.5 2001/06/23 02:34:29 markus Exp $");
 #include "dh.h"
 #include "ssh2.h"
-u_char *
+static u_char *
 kex_dh_hash(
    char *client_version_string,
    char *server_version_string,
@@ -88,7 +88,7 @@ kex_dh_hash(
 /* client */
-void
+static void
 kexdh_client(Kex *kex)
 {
        BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
@@ -193,7 +193,7 @@ kexdh_client(Kex *kex)
 /* server */
-void
+static void
 kexdh_server(Kex *kex)
 {
        BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
diff --git a/kexgex.c b/kexgex.c
index 01b86d903..1bc6b7e15 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.7 2001/06/23 02:34:29 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.8 2001/06/23 15:12:19 itojun Exp $");
 #include <openssl/bn.h>
@@ -39,7 +39,7 @@ RCSID("$OpenBSD: kexgex.c,v 1.7 2001/06/23 02:34:29 markus Exp $");
 #include "ssh2.h"
 #include "compat.h"
-u_char *
+static u_char *
 kexgex_hash(
    char *client_version_string,
    char *server_version_string,
@@ -99,7 +99,7 @@ kexgex_hash(
 /* client */
-void
+static void
 kexgex_client(Kex *kex)
 {
        BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
@@ -253,7 +253,7 @@ kexgex_client(Kex *kex)
 /* server */
-void
+static void
 kexgex_server(Kex *kex)
 {
        BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
diff --git a/key.c b/key.c
index 84306a9b0..cbe08a4c1 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.26 2001/06/23 05:26:02 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.27 2001/06/23 15:12:19 itojun Exp $");
 #include <openssl/evp.h>
@@ -153,7 +153,7 @@ key_equal(Key *a, Key *b)
        return 0;
 }
-u_char*
+static u_char*
 key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
 {
        EVP_MD *md = NULL;
@@ -210,7 +210,7 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
        return retval;
 }
-char*
+static char*
 key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
 {
        char *retval;
@@ -227,7 +227,7 @@ key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
        return retval;
 }
-char*
+static char*
 key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
 {
        char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
@@ -308,7 +308,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 * last processed (and maybe modified) character.  Note that this may modify
 * the buffer containing the number.
 */
-int
+static int
 read_bignum(char **cpp, BIGNUM * value)
 {
        char *cp = *cpp;
@@ -344,7 +344,7 @@ read_bignum(char **cpp, BIGNUM * value)
        *cpp = cp;
        return 1;
 }
-int
+static int
 write_bignum(FILE *f, BIGNUM *num)
 {
        char *buf = BN_bn2dec(num);
@@ -544,7 +544,7 @@ key_size(Key *k){
        return 0;
 }
-RSA *
+static RSA *
 rsa_generate_private_key(u_int bits)
 {
        RSA *private;
@@ -554,7 +554,7 @@ rsa_generate_private_key(u_int bits)
        return private;
 }
-DSA*
+static DSA*
 dsa_generate_private_key(u_int bits)
 {
        DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
diff --git a/nchan.c b/nchan.c
index 6871cd86b..8916c13f4 100644
--- a/nchan.c
+++ b/nchan.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: nchan.c,v 1.28 2001/05/31 10:30:16 markus Exp $");
+RCSID("$OpenBSD: nchan.c,v 1.29 2001/06/23 15:12:19 itojun Exp $");
 #include "ssh1.h"
 #include "ssh2.h"
@@ -74,14 +74,14 @@ chan_event_fn *chan_obuf_empty			= NULL;
 /*
 * ACTIONS: should never update the channel states
 */
-static void     chan_send_ieof1(Channel *c);
+static void     chan_send_ieof1(Channel *);
-static void     chan_send_oclose1(Channel *c);
+static void     chan_send_oclose1(Channel *);
-static void     chan_send_close2(Channel *c);
+static void     chan_send_close2(Channel *);
-static void     chan_send_eof2(Channel *c);
+static void     chan_send_eof2(Channel *);
 /* helper */
-static void     chan_shutdown_write(Channel *c);
+static void     chan_shutdown_write(Channel *);
-static void     chan_shutdown_read(Channel *c);
+static void     chan_shutdown_read(Channel *);
 /*
 * SSH1 specific implementation of event functions
diff --git a/packet.c b/packet.c
index 64aabb3b0..5365abaec 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.67 2001/06/20 13:56:39 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.68 2001/06/23 15:12:19 itojun Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@@ -260,8 +260,8 @@ packet_get_protocol_flags()
 * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
 */
-void
+static void
-packet_init_compression()
+packet_init_compression(void)
 {
        if (compression_buffer_ready == 1)
                return;
@@ -356,7 +356,7 @@ packet_put_bignum2(BIGNUM * value)
 * encrypts the packet before sending.
 */
-void
+static void
 packet_send1(void)
 {
        char buf[8], *cp;
@@ -427,7 +427,7 @@ packet_send1(void)
         */
 }
-void
+static void
 set_newkeys(int mode)
 {
        Enc *enc;
@@ -480,7 +480,7 @@ set_newkeys(int mode)
 /*
 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
 */
-void
+static void
 packet_send2(void)
 {
        static u_int32_t seqnr = 0;
@@ -683,7 +683,7 @@ packet_read_expect(int *payload_len_ptr, int expected_type)
 *      Check bytes
 */
-int
+static int
 packet_read_poll1(int *payload_len_ptr)
 {
        u_int len, padded_len;
@@ -761,7 +761,7 @@ packet_read_poll1(int *payload_len_ptr)
        return type;
 }
-int
+static int
 packet_read_poll2(int *payload_len_ptr)
 {
        static u_int32_t seqnr = 0;
diff --git a/radix.c b/radix.c
index 3b149a82b..26b1ebe52 100644
--- a/radix.c
+++ b/radix.c
@@ -25,11 +25,13 @@
 #include "includes.h"
 #include "uuencode.h"
-RCSID("$OpenBSD: radix.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
+RCSID("$OpenBSD: radix.c,v 1.16 2001/06/23 15:12:19 itojun Exp $");
 #ifdef AFS
 #include <krb.h>
+#include <radix.h>
 typedef u_char my_u_char;
 typedef u_int my_u_int32_t;
 typedef u_short my_u_short;
diff --git a/readpass.c b/readpass.c
index d059272e7..05883dfcd 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,7 +32,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.17 2001/05/06 17:52:07 mouring Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $");
 #include "xmalloc.h"
 #include "cli.h"
@@ -42,7 +42,7 @@ RCSID("$OpenBSD: readpass.c,v 1.17 2001/05/06 17:52:07 mouring Exp $");
 #include "atomicio.h"
 #include "ssh.h"
-char *
+static char *
 ssh_askpass(char *askpass, const char *msg)
 {
        pid_t pid;
diff --git a/scp.c b/scp.c
index 1a83a298f..e5e3a97b8 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.75 2001/06/23 00:16:16 deraadt Exp $");
+RCSID("$OpenBSD: scp.c,v 1.76 2001/06/23 15:12:19 itojun Exp $");
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -210,6 +210,7 @@ int pflag, iamremote, iamrecursive, targetshouldbedirectory;
 #define CMDNEEDS        64
 char cmd[CMDNEEDS];             /* must hold "rcp -r -p -d\0" */
+int main(int, char *[]);
 int response(void);
 void rsource(char *, struct stat *);
 void sink(int, char *[]);
@@ -1060,7 +1061,7 @@ lostconn(signo)
 }
-void
+static void
 alarmtimer(int wait)
 {
        struct itimerval itv;
@@ -1071,7 +1072,7 @@ alarmtimer(int wait)
        setitimer(ITIMER_REAL, &itv, NULL);
 }
-void
+static void
 updateprogressmeter(int ignore)
 {
        int save_errno = errno;
@@ -1080,7 +1081,7 @@ updateprogressmeter(int ignore)
        errno = save_errno;
 }
-int
+static int
 foregroundproc(void)
 {
        static pid_t pgrp = -1;
diff --git a/servconf.c b/servconf.c
index d1205a81f..55b0b0039 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.83 2001/06/08 15:25:40 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.84 2001/06/23 15:12:19 itojun Exp $");
 #ifdef KRB4
 #include <krb.h>
@@ -31,8 +31,8 @@ RCSID("$OpenBSD: servconf.c,v 1.83 2001/06/08 15:25:40 markus Exp $");
 #include "kex.h"
 #include "mac.h"
-void add_listen_addr(ServerOptions *options, char *addr, u_short port);
+static void add_listen_addr(ServerOptions *, char *, u_short);
-void add_one_listen_addr(ServerOptions *options, char *addr, u_short port);
+static void add_one_listen_addr(ServerOptions *, char *, u_short);
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
@@ -333,7 +333,7 @@ parse_token(const char *cp, const char *filename,
        return sBadOption;
 }
-void
+static void
 add_listen_addr(ServerOptions *options, char *addr, u_short port)
 {
        int i;
@@ -347,7 +347,7 @@ add_listen_addr(ServerOptions *options, char *addr, u_short port)
                add_one_listen_addr(options, addr, port);
 }
-void
+static void
 add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
 {
        struct addrinfo hints, *ai, *aitop;
diff --git a/serverloop.c b/serverloop.c
index 1ce6c9106..1ffa4dbfb 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.69 2001/06/20 13:56:39 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.70 2001/06/23 15:12:19 itojun Exp $");
 #include "xmalloc.h"
 #include "packet.h"
@@ -84,13 +84,15 @@ static u_int buffer_high;	/* "Soft" max buffer size. */
 * This SIGCHLD kludge is used to detect when the child exits.  The server
 * will exit after that, as soon as forwarded connections have terminated.
 */
 static volatile int child_terminated;   /* The child has terminated. */
-void    server_init_dispatch(void);
+/* prototypes */
+static void server_init_dispatch(void);
 int client_alive_timeouts = 0;
-void
+static void
 sigchld_handler(int sig)
 {
        int save_errno = errno;
@@ -104,7 +106,7 @@ sigchld_handler(int sig)
 * Make packets from buffered stderr data, and buffer it for sending
 * to the client.
 */
-void
+static void
 make_packets_from_stderr_data(void)
 {
        int len;
@@ -133,7 +135,7 @@ make_packets_from_stderr_data(void)
 * Make packets from buffered stdout data, and buffer it for sending to the
 * client.
 */
-void
+static void
 make_packets_from_stdout_data(void)
 {
        int len;
@@ -164,7 +166,7 @@ make_packets_from_stdout_data(void)
 * have data or can accept data.  Optionally, a maximum time can be specified
 * for the duration of the wait (0 = infinite).
 */
-void
+static void
 wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
    u_int max_time_milliseconds)
 {
@@ -286,7 +288,7 @@ retry_select:
 * Processes input from the client and the program.  Input data is stored
 * in buffers and processed later.
 */
-void
+static void
 process_input(fd_set * readset)
 {
        int len;
@@ -342,7 +344,7 @@ process_input(fd_set * readset)
 /*
 * Sends data from internal buffers to client program stdin.
 */
-void
+static void
 process_output(fd_set * writeset)
 {
        struct termios tio;
@@ -390,7 +392,7 @@ process_output(fd_set * writeset)
 * Wait until all buffered output has been sent to the client.
 * This is used when the program terminates.
 */
-void
+static void
 drain_output(void)
 {
        /* Send any buffered stdout data to the client. */
@@ -415,7 +417,7 @@ drain_output(void)
        packet_write_wait();
 }
-void
+static void
 process_buffered_input_packets(void)
 {
        dispatch_run(DISPATCH_NONBLOCK, NULL, compat20 ? xxx_kex : NULL);
@@ -706,7 +708,7 @@ server_loop2(void)
                session_close_by_pid(pid, status);
 }
-void
+static void
 server_input_channel_failure(int type, int plen, void *ctxt)
 {
        debug("Got CHANNEL_FAILURE for keepalive");
@@ -719,7 +721,7 @@ server_input_channel_failure(int type, int plen, void *ctxt)
 }
-void
+static void
 server_input_stdin_data(int type, int plen, void *ctxt)
 {
        char *data;
@@ -736,7 +738,7 @@ server_input_stdin_data(int type, int plen, void *ctxt)
        xfree(data);
 }
-void
+static void
 server_input_eof(int type, int plen, void *ctxt)
 {
        /*
@@ -749,7 +751,7 @@ server_input_eof(int type, int plen, void *ctxt)
        stdin_eof = 1;
 }
-void
+static void
 server_input_window_size(int type, int plen, void *ctxt)
 {
        int row = packet_get_int();
@@ -763,7 +765,7 @@ server_input_window_size(int type, int plen, void *ctxt)
                pty_change_window_size(fdin, row, col, xpixel, ypixel);
 }
-Channel *
+static Channel *
 server_request_direct_tcpip(char *ctype)
 {
        Channel *c;
@@ -796,7 +798,7 @@ server_request_direct_tcpip(char *ctype)
        return c;
 }
-Channel *
+static Channel *
 server_request_session(char *ctype)
 {
        Channel *c;
@@ -827,7 +829,7 @@ server_request_session(char *ctype)
        return c;
 }
-void
+static void
 server_input_channel_open(int type, int plen, void *ctxt)
 {
        Channel *c = NULL;
@@ -877,7 +879,7 @@ server_input_channel_open(int type, int plen, void *ctxt)
        xfree(ctype);
 }
-void
+static void
 server_input_global_request(int type, int plen, void *ctxt)
 {
        char *rtype;
@@ -927,7 +929,7 @@ server_input_global_request(int type, int plen, void *ctxt)
        xfree(rtype);
 }
-void
+static void
 server_init_dispatch_20(void)
 {
        debug("server_init_dispatch_20");
@@ -947,7 +949,7 @@ server_init_dispatch_20(void)
        /* rekeying */
        dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
 }
-void
+static void
 server_init_dispatch_13(void)
 {
        debug("server_init_dispatch_13");
@@ -962,7 +964,7 @@ server_init_dispatch_13(void)
        dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
        dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
 }
-void
+static void
 server_init_dispatch_15(void)
 {
        server_init_dispatch_13();
@@ -970,7 +972,7 @@ server_init_dispatch_15(void)
        dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
        dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
 }
-void
+static void
 server_init_dispatch(void)
 {
        if (compat20)
diff --git a/session.c b/session.c
index 0c723ef1a..92870a111 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.93 2001/06/21 21:08:25 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.94 2001/06/23 15:12:20 itojun Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -120,25 +120,22 @@ struct Session {
 /* func */
 Session *session_new(void);
-void    session_set_fds(Session *s, int fdin, int fdout, int fderr);
+void  session_set_fds(Session *, int, int, int);
-void    session_pty_cleanup(void *session);
+static void   session_pty_cleanup(void *);
-int     session_pty_req(Session *s);
+void  session_proctitle(Session *);
-void    session_proctitle(Session *s);
+int   session_setup_x11fwd(Session *);
-int     session_setup_x11fwd(Session *s);
+void  do_exec_pty(Session *, const char *);
-void    session_close(Session *s);
+void  do_exec_no_pty(Session *, const char *);
-void    do_exec_pty(Session *s, const char *command);
+void  do_exec(Session *, const char *);
-void    do_exec_no_pty(Session *s, const char *command);
+void  do_login(Session *, const char *);
-void    do_exec(Session *s, const char *command);
+void  do_child(Session *, const char *);
-void    do_login(Session *s, const char *command);
-#ifdef LOGIN_NEEDS_UTMPX
-void    do_pre_login(Session *s);
-#endif
-void    do_child(Session *s, const char *command);
 void    do_motd(void);
-int     check_quietlogin(Session *s, const char *command);
-void    do_authenticated1(Authctxt *authctxt);
+static void do_authenticated1(Authctxt *);
-void    do_authenticated2(Authctxt *authctxt);
+static void do_authenticated2(Authctxt *);
+ 
+static void session_close(Session *);
+static int session_pty_req(Session *);
 /* import */
 extern ServerOptions options;
@@ -209,7 +206,7 @@ do_authenticated(Authctxt *authctxt)
 * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
 * are requested, etc.
 */
-void
+static void
 do_authenticated1(Authctxt *authctxt)
 {
        Session *s;
@@ -738,7 +735,7 @@ check_quietlogin(Session *s, const char *command)
 * Sets the value of the given variable in the environment.  If the variable
 * already exists, its value is overriden.
 */
-void
+static void
 child_set_env(char ***envp, u_int *envsizep, const char *name,
              const char *value)
 {
@@ -779,7 +776,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
 * Otherwise, it must consist of empty lines, comments (line starts with '#')
 * and assignments of the form name=value.  No other forms are allowed.
 */
-void
+static void
 read_environment_file(char ***env, u_int *envsize,
                      const char *filename)
 {
@@ -1488,7 +1485,7 @@ session_new(void)
        return NULL;
 }
-void
+static void
 session_dump(void)
 {
        int i;
@@ -1520,7 +1517,7 @@ session_open(int chanid)
        return 1;
 }
-Session *
+static Session *
 session_by_channel(int id)
 {
        int i;
@@ -1536,7 +1533,7 @@ session_by_channel(int id)
        return NULL;
 }
-Session *
+static Session *
 session_by_pid(pid_t pid)
 {
        int i;
@@ -1551,7 +1548,7 @@ session_by_pid(pid_t pid)
        return NULL;
 }
-int
+static int
 session_window_change_req(Session *s)
 {
        s->col = packet_get_int();
@@ -1563,7 +1560,7 @@ session_window_change_req(Session *s)
        return 1;
 }
-int
+static int
 session_pty_req(Session *s)
 {
        u_int len;
@@ -1628,7 +1625,7 @@ session_pty_req(Session *s)
        return 1;
 }
-int
+static int
 session_subsystem_req(Session *s)
 {
        u_int len;
@@ -1655,7 +1652,7 @@ session_subsystem_req(Session *s)
        return success;
 }
-int
+static int
 session_x11_req(Session *s)
 {
        int success;
@@ -1676,7 +1673,7 @@ session_x11_req(Session *s)
        return success;
 }
-int
+static int
 session_shell_req(Session *s)
 {
        packet_done();
@@ -1684,7 +1681,7 @@ session_shell_req(Session *s)
        return 1;
 }
-int
+static int
 session_exec_req(Session *s)
 {
        u_int len;
@@ -1695,7 +1692,7 @@ session_exec_req(Session *s)
        return 1;
 }
-int
+static int
 session_auth_agent_req(Session *s)
 {
        static int called = 0;
@@ -1788,7 +1785,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
 * Function to perform pty cleanup. Also called if we get aborted abnormally
 * (e.g., due to a dropped connection).
 */
-void
+static void
 session_pty_cleanup(void *session)
 {
        Session *s = session;
@@ -1818,7 +1815,7 @@ session_pty_cleanup(void *session)
                error("close(s->ptymaster): %s", strerror(errno));
 }
-void
+static void
 session_exit_message(Session *s, int status)
 {
        Channel *c;
@@ -1867,7 +1864,7 @@ session_exit_message(Session *s, int status)
        s->chanid = -1;
 }
-void
+static void
 session_close(Session *s)
 {
        debug("session_close: session %d pid %d", s->self, s->pid);
@@ -1928,7 +1925,7 @@ session_close_by_channel(int id, void *arg)
        }
 }
-char *
+static char *
 session_tty_list(void)
 {
        static char buf[1024];
@@ -1991,7 +1988,7 @@ session_setup_x11fwd(Session *s)
        return 1;
 }
-void
+static void
 do_authenticated2(Authctxt *authctxt)
 {
        server_loop2();
diff --git a/sftp-client.c b/sftp-client.c
index cf672e70d..9670a7660 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -29,7 +29,7 @@
 /* XXX: copy between two remote sites */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.16 2001/04/05 10:42:52 markus Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.17 2001/06/23 15:12:20 itojun Exp $");
 #include "ssh.h"
 #include "buffer.h"
@@ -51,7 +51,7 @@ RCSID("$OpenBSD: sftp-client.c,v 1.16 2001/04/05 10:42:52 markus Exp $");
 /* Message ID */
 static u_int msg_id = 1;
-void
+static void
 send_msg(int fd, Buffer *m)
 {
        int mlen = buffer_len(m);
@@ -70,7 +70,7 @@ send_msg(int fd, Buffer *m)
        buffer_free(&oqueue);
 }
-void
+static void
 get_msg(int fd, Buffer *m)
 {
        u_int len, msg_len;
@@ -98,7 +98,7 @@ get_msg(int fd, Buffer *m)
        }
 }
-void
+static void
 send_string_request(int fd, u_int id, u_int code, char *s,
    u_int len)
 {
@@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s,
        buffer_free(&msg);
 }
-void
+static void
 send_string_attrs_request(int fd, u_int id, u_int code, char *s,
    u_int len, Attrib *a)
 {
@@ -129,7 +129,7 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s,
        buffer_free(&msg);
 }
-u_int
+static u_int
 get_status(int fd, int expected_id)
 {
        Buffer msg;
@@ -154,7 +154,7 @@ get_status(int fd, int expected_id)
        return(status);
 }
-char *
+static char *
 get_handle(int fd, u_int expected_id, u_int *len)
 {
        Buffer msg;
@@ -183,7 +183,7 @@ get_handle(int fd, u_int expected_id, u_int *len)
        return(handle);
 }
-Attrib *
+static Attrib *
 get_decode_stat(int fd, u_int expected_id, int quiet)
 {
        Buffer msg;
@@ -283,7 +283,7 @@ do_close(int fd_in, int fd_out, char *handle, u_int handle_len)
 }
-int
+static int
 do_lsreaddir(int fd_in, int fd_out, char *path, int printflag,
    SFTP_DIRENT ***dir)
 {
diff --git a/sftp-glob.c b/sftp-glob.c
index aee5e91ac..18b44f82e 100644
--- a/sftp-glob.c
+++ b/sftp-glob.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-glob.c,v 1.5 2001/04/15 08:43:46 markus Exp $");
+RCSID("$OpenBSD: sftp-glob.c,v 1.6 2001/06/23 15:12:20 itojun Exp $");
 #include "ssh.h"
 #include "buffer.h"
@@ -49,7 +49,8 @@ static struct {
        int fd_out;
 } cur;
-void *fudge_opendir(const char *path)
+static void *
+fudge_opendir(const char *path)
 {
        struct SFTP_OPENDIR *r;
        
@@ -63,7 +64,8 @@ void *fudge_opendir(const char *path)
        return((void*)r);
 }
-struct dirent *fudge_readdir(struct SFTP_OPENDIR *od)
+static struct dirent *
+fudge_readdir(struct SFTP_OPENDIR *od)
 {
        /* Solaris needs sizeof(dirent) + path length (see below) */
        static char buf[sizeof(struct dirent) + MAXPATHLEN];
@@ -101,13 +103,15 @@ struct dirent *fudge_readdir(struct SFTP_OPENDIR *od)
        return(ret);
 }
-void fudge_closedir(struct SFTP_OPENDIR *od)
+static void
+fudge_closedir(struct SFTP_OPENDIR *od)
 {
        free_sftp_dirents(od->dir);
        xfree(od);
 }
-void attrib_to_stat(Attrib *a, struct stat *st)
+static void
+attrib_to_stat(Attrib *a, struct stat *st)
 {
        memset(st, 0, sizeof(*st));
        
@@ -125,7 +129,8 @@ void attrib_to_stat(Attrib *a, struct stat *st)
        }
 }
-int fudge_lstat(const char *path, struct stat *st)
+static int
+fudge_lstat(const char *path, struct stat *st)
 {
        Attrib *a;
        
@@ -137,7 +142,8 @@ int fudge_lstat(const char *path, struct stat *st)
        return(0);
 }
-int fudge_stat(const char *path, struct stat *st)
+static int
+fudge_stat(const char *path, struct stat *st)
 {
        Attrib *a;
        
diff --git a/sftp-int.c b/sftp-int.c
index 03b229999..aa3a8a02f 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -26,7 +26,7 @@
 /* XXX: recursive operations */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.36 2001/04/15 08:43:46 markus Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.37 2001/06/23 15:12:20 itojun Exp $");
 #include "buffer.h"
 #include "xmalloc.h"
@@ -111,7 +111,7 @@ const struct CMD cmds[] = {
        { NULL,                 -1}
 };
-void
+static void
 help(void)
 {
        printf("Available commands:\n");
@@ -143,7 +143,7 @@ help(void)
        printf("?                             Synonym for help\n");
 }
-void
+static void
 local_do_shell(const char *args)
 {
        int status;
@@ -180,7 +180,7 @@ local_do_shell(const char *args)
                error("Shell exited with status %d", WEXITSTATUS(status));
 }
-void
+static void
 local_do_ls(const char *args)
 {
        if (!args || !*args)
@@ -196,7 +196,7 @@ local_do_ls(const char *args)
        }
 }
-char *
+static char *
 path_append(char *p1, char *p2)
 {
        char *ret;
@@ -210,7 +210,7 @@ path_append(char *p1, char *p2)
        return(ret);
 }
-char *
+static char *
 make_absolute(char *p, char *pwd)
 {
        char *abs;
@@ -224,7 +224,7 @@ make_absolute(char *p, char *pwd)
                return(p);
 }
-int
+static int
 infer_path(const char *p, char **ifp)
 {
        char *cp;
@@ -244,7 +244,7 @@ infer_path(const char *p, char **ifp)
        return(0);
 }
-int
+static int
 parse_getput_flags(const char **cpp, int *pflag)
 {
        const char *cp = *cpp;
@@ -267,7 +267,7 @@ parse_getput_flags(const char **cpp, int *pflag)
        return(0);
 }
-int
+static int
 get_pathname(const char **cpp, char **path)
 {
        const char *cp = *cpp, *end;
@@ -315,7 +315,7 @@ get_pathname(const char **cpp, char **path)
        return (-1);
 }
-int
+static int
 is_dir(char *path)
 {
        struct stat sb;
@@ -327,7 +327,7 @@ is_dir(char *path)
        return(sb.st_mode & S_IFDIR);
 }
-int
+static int
 remote_is_dir(int in, int out, char *path)
 {
        Attrib *a;
@@ -340,7 +340,7 @@ remote_is_dir(int in, int out, char *path)
        return(a->perm & S_IFDIR);
 }
-int
+static int
 process_get(int in, int out, char *src, char *dst, char *pwd, int pflag)
 {
        char *abs_src = NULL;
@@ -417,7 +417,7 @@ out:
        return(err);
 }
-int
+static int
 process_put(int in, int out, char *src, char *dst, char *pwd, int pflag)
 {
        char *tmp_dst = NULL;
@@ -497,7 +497,7 @@ out:
        return(err);
 }
-int
+static int
 parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
    char **path1, char **path2)
 {
@@ -642,7 +642,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
        return(cmdnum);
 }
-int
+static int
 parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
 {
        char *path1, *path2, *tmp;
diff --git a/sftp-server.c b/sftp-server.c
index ab6291e61..e6353bceb 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.27 2001/06/22 22:21:20 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.28 2001/06/23 15:12:20 itojun Exp $");
 #include "buffer.h"
 #include "bufaux.h"
@@ -62,7 +62,7 @@ struct Stat {
        Attrib attrib;
 };
-int
+static int
 errno_to_portable(int unixerrno)
 {
        int ret = 0;
@@ -93,7 +93,7 @@ errno_to_portable(int unixerrno)
        return ret;
 }
-int
+static int
 flags_from_portable(int pflags)
 {
        int flags = 0;
@@ -115,7 +115,7 @@ flags_from_portable(int pflags)
        return flags;
 }
-Attrib *
+static Attrib *
 get_attrib(void)
 {
        return decode_attrib(&iqueue);
@@ -139,7 +139,7 @@ enum {
 Handle  handles[100];
-void
+static void
 handle_init(void)
 {
        int i;
@@ -148,7 +148,7 @@ handle_init(void)
                handles[i].use = HANDLE_UNUSED;
 }
-int
+static int
 handle_new(int use, char *name, int fd, DIR *dirp)
 {
        int i;
@@ -165,14 +165,14 @@ handle_new(int use, char *name, int fd, DIR *dirp)
        return -1;
 }
-int
+static int
 handle_is_ok(int i, int type)
 {
        return i >= 0 && i < sizeof(handles)/sizeof(Handle) &&
            handles[i].use == type;
 }
-int
+static int
 handle_to_string(int handle, char **stringp, int *hlenp)
 {
        if (stringp == NULL || hlenp == NULL)
@@ -183,7 +183,7 @@ handle_to_string(int handle, char **stringp, int *hlenp)
        return 0;
 }
-int
+static int
 handle_from_string(char *handle, u_int hlen)
 {
        int val;
@@ -197,7 +197,7 @@ handle_from_string(char *handle, u_int hlen)
        return -1;
 }
-char *
+static char *
 handle_to_name(int handle)
 {
        if (handle_is_ok(handle, HANDLE_DIR)||
@@ -206,7 +206,7 @@ handle_to_name(int handle)
        return NULL;
 }
-DIR *
+static DIR *
 handle_to_dir(int handle)
 {
        if (handle_is_ok(handle, HANDLE_DIR))
@@ -214,7 +214,7 @@ handle_to_dir(int handle)
        return NULL;
 }
-int
+static int
 handle_to_fd(int handle)
 {
        if (handle_is_ok(handle, HANDLE_FILE))
@@ -222,7 +222,7 @@ handle_to_fd(int handle)
        return -1;
 }
-int
+static int
 handle_close(int handle)
 {
        int ret = -1;
@@ -239,7 +239,7 @@ handle_close(int handle)
        return ret;
 }
-int
+static int
 get_handle(void)
 {
        char *handle;
@@ -255,7 +255,7 @@ get_handle(void)
 /* send replies */
-void
+static void
 send_msg(Buffer *m)
 {
        int mlen = buffer_len(m);
@@ -265,7 +265,7 @@ send_msg(Buffer *m)
        buffer_consume(m, mlen);
 }
-void
+static void
 send_status(u_int32_t id, u_int32_t error)
 {
        Buffer msg;
@@ -295,7 +295,7 @@ send_status(u_int32_t id, u_int32_t error)
        send_msg(&msg);
        buffer_free(&msg);
 }
-void
+static void
 send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
 {
        Buffer msg;
@@ -308,14 +308,14 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
        buffer_free(&msg);
 }
-void
+static void
 send_data(u_int32_t id, char *data, int dlen)
 {
        TRACE("sent data id %d len %d", id, dlen);
        send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
 }
-void
+static void
 send_handle(u_int32_t id, int handle)
 {
        char *string;
@@ -327,7 +327,7 @@ send_handle(u_int32_t id, int handle)
        xfree(string);
 }
-void
+static void
 send_names(u_int32_t id, int count, Stat *stats)
 {
        Buffer msg;
@@ -347,7 +347,7 @@ send_names(u_int32_t id, int count, Stat *stats)
        buffer_free(&msg);
 }
-void
+static void
 send_attrib(u_int32_t id, Attrib *a)
 {
        Buffer msg;
@@ -363,7 +363,7 @@ send_attrib(u_int32_t id, Attrib *a)
 /* parse incoming */
-void
+static void
 process_init(void)
 {
        Buffer msg;
@@ -377,7 +377,7 @@ process_init(void)
        buffer_free(&msg);
 }
-void
+static void
 process_open(void)
 {
        u_int32_t id, pflags;
@@ -409,7 +409,7 @@ process_open(void)
        xfree(name);
 }
-void
+static void
 process_close(void)
 {
        u_int32_t id;
@@ -423,7 +423,7 @@ process_close(void)
        send_status(id, status);
 }
-void
+static void
 process_read(void)
 {
        char buf[64*1024];
@@ -463,7 +463,7 @@ process_read(void)
                send_status(id, status);
 }
-void
+static void
 process_write(void)
 {
        u_int32_t id;
@@ -501,7 +501,7 @@ process_write(void)
        xfree(data);
 }
-void
+static void
 process_do_stat(int do_lstat)
 {
        Attrib a;
@@ -526,19 +526,19 @@ process_do_stat(int do_lstat)
        xfree(name);
 }
-void
+static void
 process_stat(void)
 {
        process_do_stat(0);
 }
-void
+static void
 process_lstat(void)
 {
        process_do_stat(1);
 }
-void
+static void
 process_fstat(void)
 {
        Attrib a;
@@ -564,7 +564,7 @@ process_fstat(void)
                send_status(id, status);
 }
-struct timeval *
+static struct timeval *
 attrib_to_tv(Attrib *a)
 {
        static struct timeval tv[2];
@@ -576,7 +576,7 @@ attrib_to_tv(Attrib *a)
        return tv;
 }
-void
+static void
 process_setstat(void)
 {
        Attrib *a;
@@ -608,7 +608,7 @@ process_setstat(void)
        xfree(name);
 }
-void
+static void
 process_fsetstat(void)
 {
        Attrib *a;
@@ -657,7 +657,7 @@ process_fsetstat(void)
        send_status(id, status);
 }
-void
+static void
 process_opendir(void)
 {
        DIR *dirp = NULL;
@@ -689,7 +689,7 @@ process_opendir(void)
 /*
 * drwxr-xr-x    5 markus   markus       1024 Jan 13 18:39 .ssh
 */
-char *
+static char *
 ls_file(char *name, struct stat *st)
 {
        int ulen, glen, sz = 0;
@@ -728,7 +728,7 @@ ls_file(char *name, struct stat *st)
        return xstrdup(buf);
 }
-void
+static void
 process_readdir(void)
 {
        DIR *dirp;
@@ -782,7 +782,7 @@ process_readdir(void)
        }
 }
-void
+static void
 process_remove(void)
 {
        char *name;
@@ -799,7 +799,7 @@ process_remove(void)
        xfree(name);
 }
-void
+static void
 process_mkdir(void)
 {
        Attrib *a;
@@ -819,7 +819,7 @@ process_mkdir(void)
        xfree(name);
 }
-void
+static void
 process_rmdir(void)
 {
        u_int32_t id;
@@ -835,7 +835,7 @@ process_rmdir(void)
        xfree(name);
 }
-void
+static void
 process_realpath(void)
 {
        char resolvedname[MAXPATHLEN];
@@ -860,7 +860,7 @@ process_realpath(void)
        xfree(path);
 }
-void
+static void
 process_rename(void)
 {
        u_int32_t id;
@@ -882,7 +882,7 @@ process_rename(void)
        xfree(newpath);
 }
-void
+static void
 process_readlink(void)
 {
        u_int32_t id;
@@ -906,7 +906,7 @@ process_readlink(void)
        xfree(path);
 }
-void
+static void
 process_symlink(void)
 {
        u_int32_t id;
@@ -928,7 +928,7 @@ process_symlink(void)
        xfree(newpath);
 }
-void
+static void
 process_extended(void)
 {
        u_int32_t id;
@@ -942,7 +942,7 @@ process_extended(void)
 /* stolen from ssh-agent */
-void
+static void
 process(void)
 {
        u_int msg_len;
diff --git a/sftp.c b/sftp.c
index dd8c08b13..98294ab09 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
 #include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.17 2001/05/08 19:45:25 mouring Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.18 2001/06/23 15:12:20 itojun Exp $");
 /* XXX: commandline mode */
 /* XXX: short-form remote directory listings (like 'ls -C') */
@@ -49,7 +49,7 @@ char *__progname;
 char *ssh_program = _PATH_SSH_PROGRAM;
 FILE* infile;
-void
+static void
 connect_to_server(char **args, int *in, int *out, pid_t *sshpid)
 {
        int c_in, c_out;
@@ -90,7 +90,7 @@ connect_to_server(char **args, int *in, int *out, pid_t *sshpid)
        close(c_out);
 }
-void
+static void
 usage(void)
 {
        fprintf(stderr, "usage: sftp [-1vC] [-b batchfile] [-osshopt=value] [user@]host[:file [file]]\n");
diff --git a/ssh-add.c b/ssh-add.c
index 9240b0d1e..f03ce029e 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.38 2001/06/06 23:19:35 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $");
 #include <openssl/evp.h>
@@ -57,7 +57,7 @@ char *__progname;
 /* we keep a cache of one passphrases */
 static char *pass = NULL;
-void
+static void
 clear_pass(void)
 {
        if (pass) {
@@ -67,7 +67,7 @@ clear_pass(void)
        }
 }
-void
+static void
 delete_file(AuthenticationConnection *ac, const char *filename)
 {
        Key *public;
@@ -87,7 +87,7 @@ delete_file(AuthenticationConnection *ac, const char *filename)
 }
 /* Send a request to remove all identities. */
-void
+static void
 delete_all(AuthenticationConnection *ac)
 {
        int success = 1;
@@ -103,7 +103,7 @@ delete_all(AuthenticationConnection *ac)
                fprintf(stderr, "Failed to remove all identities.\n");
 }
-void
+static void
 add_file(AuthenticationConnection *ac, const char *filename)
 {
        struct stat st;
@@ -149,7 +149,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
        key_free(private);
 }
-void
+static void
 list_identities(AuthenticationConnection *ac, int do_fp)
 {
        Key *key;
diff --git a/ssh-agent.c b/ssh-agent.c
index 07dafaa57..6d94c6c29 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh-agent.c,v 1.54 2001/04/03 13:56:11 stevesk Exp $  */
+/*      $OpenBSD: ssh-agent.c,v 1.55 2001/06/23 15:12:20 itojun Exp $   */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.54 2001/04/03 13:56:11 stevesk Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.55 2001/06/23 15:12:20 itojun Exp $");
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -97,9 +97,7 @@ extern char *__progname;
 char *__progname;
 #endif
-int     prepare_select(fd_set **, fd_set **, int *);
+static void
-void
 idtab_init(void)
 {
        int i;
@@ -110,7 +108,7 @@ idtab_init(void)
 }
 /* return private key table for requested protocol version */
-Idtab *
+static Idtab *
 idtab_lookup(int version)
 {
        if (version < 1 || version > 2)
@@ -119,7 +117,7 @@ idtab_lookup(int version)
 }
 /* return matching private key for given public key */
-Key *
+static Key *
 lookup_private_key(Key *key, int *idx, int version)
 {
        int i;
@@ -135,7 +133,7 @@ lookup_private_key(Key *key, int *idx, int version)
 }
 /* send list of supported public keys to 'client' */
-void
+static void
 process_request_identities(SocketEntry *e, int version)
 {
        Idtab *tab = idtab_lookup(version);
@@ -167,7 +165,7 @@ process_request_identities(SocketEntry *e, int version)
 }
 /* ssh1 only */
-void
+static void
 process_authentication_challenge1(SocketEntry *e)
 {
        Key *key, *private;
@@ -233,7 +231,7 @@ send:
 }
 /* ssh2 only */
-void
+static void
 process_sign_request2(SocketEntry *e)
 {
        extern int datafellows;
@@ -278,7 +276,7 @@ process_sign_request2(SocketEntry *e)
 }
 /* shared */
-void
+static void
 process_remove_identity(SocketEntry *e, int version)
 {
        Key *key = NULL, *private;
@@ -339,7 +337,7 @@ process_remove_identity(SocketEntry *e, int version)
            success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
 }
-void
+static void
 process_remove_all_identities(SocketEntry *e, int version)
 {
        u_int i;
@@ -360,7 +358,7 @@ process_remove_all_identities(SocketEntry *e, int version)
        return;
 }
-void
+static void
 process_add_identity(SocketEntry *e, int version)
 {
        Key *k = NULL;
@@ -444,7 +442,7 @@ send:
 /* dispatch incoming messages */
-void
+static void
 process_message(SocketEntry *e)
 {
        u_int msg_len;
@@ -508,7 +506,7 @@ process_message(SocketEntry *e)
        }
 }
-void
+static void
 new_socket(int type, int fd)
 {
        u_int i, old_alloc;
@@ -540,7 +538,7 @@ new_socket(int type, int fd)
        buffer_init(&sockets[old_alloc].output);
 }
-int
+static int
 prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
 {
        u_int i, sz;
@@ -588,7 +586,7 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
        return (1);
 }
-void
+static void
 after_select(fd_set *readset, fd_set *writeset)
 {
        u_int i;
@@ -660,7 +658,7 @@ after_select(fd_set *readset, fd_set *writeset)
                }
 }
-void
+static void
 check_parent_exists(int sig)
 {
        int save_errno = errno;
@@ -674,7 +672,7 @@ check_parent_exists(int sig)
        errno = save_errno;
 }
-void
+static void
 cleanup_socket(void)
 {
        if (socket_name[0])
@@ -683,21 +681,21 @@ cleanup_socket(void)
                rmdir(socket_dir);
 }
-void
+static void
 cleanup_exit(int i)
 {
        cleanup_socket();
        exit(i);
 }
-void
+static void
 cleanup_handler(int sig)
 {
        cleanup_socket();
        _exit(2);
 }
-void
+static void
 usage(void)
 {
        fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index bd7eea9af..22946587f 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.62 2001/06/23 06:41:10 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.63 2001/06/23 15:12:20 itojun Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -79,7 +79,7 @@ char *__progname;
 char hostname[MAXHOSTNAMELEN];
-void
+static void
 ask_filename(struct passwd *pw, const char *prompt)
 {
        char buf[1024];
@@ -112,7 +112,7 @@ ask_filename(struct passwd *pw, const char *prompt)
        have_identity = 1;
 }
-Key *
+static Key *
 load_identity(char *filename)
 {
        char *pass;
@@ -136,7 +136,7 @@ load_identity(char *filename)
 #define SSH_COM_PRIVATE_BEGIN           "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
 #define SSH_COM_PRIVATE_KEY_MAGIC       0x3f6ff9eb
-void
+static void
 do_convert_to_ssh2(struct passwd *pw)
 {
        Key *k;
@@ -169,7 +169,7 @@ do_convert_to_ssh2(struct passwd *pw)
        exit(0);
 }
-void
+static void
 buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
 {
        int bits = buffer_get_int(b);
@@ -182,7 +182,7 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
        buffer_consume(b, bytes);
 }
-Key *
+static Key *
 do_convert_private_ssh2_from_blob(char *blob, int blen)
 {
        Buffer b;
@@ -277,7 +277,7 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
        return key;
 }
-void
+static void
 do_convert_from_ssh2(struct passwd *pw)
 {
        Key *k;
@@ -350,7 +350,7 @@ do_convert_from_ssh2(struct passwd *pw)
        exit(0);
 }
-void
+static void
 do_print_public(struct passwd *pw)
 {
        Key *prv;
@@ -374,7 +374,7 @@ do_print_public(struct passwd *pw)
        exit(0);
 }
-void
+static void
 do_fingerprint(struct passwd *pw)
 {
        FILE *f;
@@ -471,7 +471,7 @@ do_fingerprint(struct passwd *pw)
 * Perform changing a passphrase.  The argument is the passwd structure
 * for the current user.
 */
-void
+static void
 do_change_passphrase(struct passwd *pw)
 {
        char *comment;
@@ -547,7 +547,7 @@ do_change_passphrase(struct passwd *pw)
 /*
 * Change the comment of a private key file.
 */
-void
+static void
 do_change_comment(struct passwd *pw)
 {
        char new_comment[1024], *comment, *passphrase;
@@ -640,7 +640,7 @@ do_change_comment(struct passwd *pw)
        exit(0);
 }
-void
+static void
 usage(void)
 {
        printf("Usage: %s [-ceilpqyB] [-t type] [-b bits] [-f file] [-C comment] "
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index da34f7c63..9f7aa94aa 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.23 2001/06/05 05:05:39 pvalchev Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.24 2001/06/23 15:12:20 itojun Exp $");
 #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
 #include <sys/queue.h>
@@ -90,7 +90,7 @@ typedef struct {
        void (*errfun) (const char *,...);
 } Linebuf;
-Linebuf *
+static Linebuf *
 Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
 {
        Linebuf *lb;
@@ -124,7 +124,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
        return (lb);
 }
-void
+static void
 Linebuf_free(Linebuf * lb)
 {
        fclose(lb->stream);
@@ -132,7 +132,8 @@ Linebuf_free(Linebuf * lb)
        xfree(lb);
 }
-void
+#if 0
+static void
 Linebuf_restart(Linebuf * lb)
 {
        clearerr(lb->stream);
@@ -140,13 +141,14 @@ Linebuf_restart(Linebuf * lb)
        lb->lineno = 0;
 }
-int
+static int
 Linebuf_lineno(Linebuf * lb)
 {
        return (lb->lineno);
 }
+#endif
-char *
+static char *
 Linebuf_getline(Linebuf * lb)
 {
        int n = 0;
@@ -183,7 +185,7 @@ Linebuf_getline(Linebuf * lb)
        }
 }
-int
+static int
 fdlim_get(int hard)
 {
 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
@@ -202,7 +204,7 @@ fdlim_get(int hard)
 #endif
 }
-int
+static int
 fdlim_set(int lim)
 {
 #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
@@ -227,7 +229,7 @@ fdlim_set(int lim)
 * separators.  This is the same as the 4.4BSD strsep, but different from the
 * one in the GNU libc.
 */
-char *
+static char *
 xstrsep(char **str, const char *delim)
 {
        char *s, *e;
@@ -249,7 +251,7 @@ xstrsep(char **str, const char *delim)
 * Get the next non-null token (like GNU strsep).  Strsep() will return a
 * null token for two adjacent separators, so we may have to loop.
 */
-char *
+static char *
 strnnsep(char **stringp, char *delim)
 {
        char *tok;
@@ -260,7 +262,7 @@ strnnsep(char **stringp, char *delim)
        return (tok);
 }
-void
+static void
 keyprint(char *host, char *output_name, char *kd, int len)
 {
        static Key *rsa;
@@ -295,7 +297,7 @@ keyprint(char *host, char *output_name, char *kd, int len)
        fputs("\n", stdout);
 }
-int
+static int
 tcpconnect(char *host)
 {
        struct addrinfo hints, *ai, *aitop;
@@ -328,7 +330,7 @@ tcpconnect(char *host)
        return s;
 }
-int
+static int
 conalloc(char *iname, char *oname)
 {
        int s;
@@ -366,7 +368,7 @@ conalloc(char *iname, char *oname)
        return (s);
 }
-void
+static void
 confree(int s)
 {
        if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
@@ -382,7 +384,7 @@ confree(int s)
        ncon--;
 }
-void
+static void
 contouch(int s)
 {
        TAILQ_REMOVE(&tq, &fdcon[s], c_link);
@@ -391,7 +393,7 @@ contouch(int s)
        TAILQ_INSERT_TAIL(&tq, &fdcon[s], c_link);
 }
-int
+static int
 conrecycle(int s)
 {
        int ret;
@@ -407,7 +409,7 @@ conrecycle(int s)
        return (ret);
 }
-void
+static void
 congreet(int s)
 {
        char buf[80], *cp;
@@ -442,7 +444,7 @@ congreet(int s)
        contouch(s);
 }
-void
+static void
 conread(int s)
 {
        int n;
@@ -482,7 +484,7 @@ conread(int s)
        contouch(s);
 }
-void
+static void
 conloop(void)
 {
        fd_set *r, *e;
@@ -534,7 +536,7 @@ conloop(void)
        }
 }
-char *
+static char *
 nexthost(int argc, char **argv)
 {
        static Linebuf *lb;
@@ -577,7 +579,7 @@ nexthost(int argc, char **argv)
        }
 }
-void
+static void
 usage(void)
 {
        fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
diff --git a/ssh.c b/ssh.c
index e0e141fe1..484e5de46 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.125 2001/06/22 23:35:21 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.126 2001/06/23 15:12:21 itojun Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -148,7 +148,7 @@ int subsystem_flag = 0;
 /* Prints a help message to the user.  This function never returns. */
-void
+static void
 usage(void)
 {
        fprintf(stderr, "Usage: %s [options] host [command]\n", __progname);
@@ -198,7 +198,7 @@ usage(void)
 * Connects to the given host using rsh (or prints an error message and exits
 * if rsh is not available).  This function never returns.
 */
-void
+static void
 rsh_connect(char *host, char *user, Buffer * command)
 {
        char *args[10];
@@ -232,9 +232,9 @@ rsh_connect(char *host, char *user, Buffer * command)
        exit(1);
 }
-int     ssh_session(void);
+static int ssh_session(void);
-int     ssh_session2(void);
+static int ssh_session2(void);
-void    load_public_identity_files(void);
+static void load_public_identity_files(void);
 /*
 * Main program for the ssh client.
@@ -742,7 +742,7 @@ main(int ac, char **av)
        return exit_status;
 }
-void
+static void
 x11_get_proto(char *proto, int proto_len, char *data, int data_len)
 {
        char line[512];
@@ -781,7 +781,7 @@ x11_get_proto(char *proto, int proto_len, char *data, int data_len)
        }
 }
-void
+static void
 ssh_init_forwarding(void)
 {
        int success = 0;
@@ -815,7 +815,7 @@ ssh_init_forwarding(void)
        }
 }
-void
+static void
 check_agent_present(void)
 {
        if (options.forward_agent) {
@@ -828,7 +828,7 @@ check_agent_present(void)
        }
 }
-int
+static int
 ssh_session(void)
 {
        int type;
@@ -966,7 +966,7 @@ ssh_session(void)
            options.escape_char : SSH_ESCAPECHAR_NONE, 0);
 }
-void
+static void
 client_subsystem_reply(int type, int plen, void *ctxt)
 {
        int id, len;
@@ -981,7 +981,7 @@ client_subsystem_reply(int type, int plen, void *ctxt)
                    len, buffer_ptr(&command), id);
 }
-void
+static void
 ssh_session2_callback(int id, void *arg)
 {
        int len;
@@ -1057,7 +1057,7 @@ ssh_session2_callback(int id, void *arg)
        packet_set_interactive(interactive);
 }
-int
+static int
 ssh_session2_command(void)
 {
        Channel *c;
@@ -1104,7 +1104,7 @@ ssh_session2_command(void)
        return c->self;
 }
-int
+static int
 ssh_session2(void)
 {
        int id;
@@ -1123,7 +1123,7 @@ ssh_session2(void)
            options.escape_char : SSH_ESCAPECHAR_NONE, id);
 }
-void
+static void
 load_public_identity_files(void)
 {
        char *filename;
diff --git a/sshconnect.c b/sshconnect.c
index 1766de0c3..745eeb5c3 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.108 2001/06/23 02:34:31 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.109 2001/06/23 15:12:21 itojun Exp $");
 #include <openssl/bn.h>
@@ -44,7 +44,7 @@ extern int IPv4or6;
 /*
 * Connect to the given ssh server using a proxy command.
 */
-int
+static int
 ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
                  const char *proxy_command)
 {
@@ -144,7 +144,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
 /*
 * Creates a (possibly privileged) socket for use as the ssh connection.
 */
-int
+static int
 ssh_create_socket(struct passwd *pw, int privileged, int family)
 {
        int sock, gaierr;
@@ -345,7 +345,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 * Waits for the server identification string, and sends our own
 * identification string.
 */
-void
+static void
 ssh_exchange_identification(void)
 {
        char buf[256], remote_version[256];     /* must be same size! */
@@ -444,7 +444,7 @@ ssh_exchange_identification(void)
 }
 /* defaults to 'no' */
-int
+static int
 read_yes_or_no(const char *prompt, int defval)
 {
        char buf[1024];
@@ -500,7 +500,7 @@ read_yes_or_no(const char *prompt, int defval)
 * is not valid. the user_hostfile will not be updated if 'readonly' is true.
 */
-int
+static int
 check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
    int readonly, const char *user_hostfile, const char *system_hostfile)
 {
diff --git a/sshconnect1.c b/sshconnect1.c
index 4c469c20d..a03233f28 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.34 2001/06/23 02:34:32 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.35 2001/06/23 15:12:21 itojun Exp $");
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -55,7 +55,7 @@ extern char *__progname;
 * Checks if the user has an authentication agent, and if so, tries to
 * authenticate using the agent.
 */
-int
+static int
 try_agent_authentication(void)
 {
        int type;
@@ -155,7 +155,7 @@ try_agent_authentication(void)
 * Computes the proper response to a RSA challenge, and sends the response to
 * the server.
 */
-void
+static void
 respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
 {
        u_char buf[32], response[16];
@@ -200,7 +200,7 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
 * Checks if the user has authentication file, and if so, tries to authenticate
 * the user using it.
 */
-int
+static int
 try_rsa_authentication(const char *authfile)
 {
        BIGNUM *challenge;
@@ -321,7 +321,7 @@ try_rsa_authentication(const char *authfile)
 * Tries to authenticate the user using combined rhosts or /etc/hosts.equiv
 * authentication and RSA host authentication.
 */
-int
+static int
 try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
 {
        int type;
@@ -379,7 +379,7 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key)
 }
 #ifdef KRB4
-int
+static int
 try_kerberos_authentication(void)
 {
        KTEXT_ST auth;          /* Kerberos data */
@@ -496,7 +496,7 @@ try_kerberos_authentication(void)
 #endif /* KRB4 */
 #ifdef AFS
-int
+static int
 send_kerberos_tgt(void)
 {
        CREDENTIALS *creds;
@@ -541,7 +541,7 @@ send_kerberos_tgt(void)
        return 1;
 }
-void
+static void
 send_afs_tokens(void)
 {
        CREDENTIALS creds;
@@ -615,7 +615,7 @@ send_afs_tokens(void)
 * Tries to authenticate with any string-based challenge/response system.
 * Note that the client code is not tied to s/key or TIS.
 */
-int
+static int
 try_challenge_response_authentication(void)
 {
        int type, i;
@@ -677,7 +677,7 @@ try_challenge_response_authentication(void)
 /*
 * Tries to authenticate with plain passwd authentication.
 */
-int
+static int
 try_password_authentication(char *prompt)
 {
        int type, i, payload_len;
diff --git a/sshconnect2.c b/sshconnect2.c
index e2d64d7b1..1f57c3a9f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.75 2001/06/23 02:34:33 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -72,7 +72,7 @@ struct sockaddr *xxx_hostaddr;
 Kex *xxx_kex = NULL;
-int
+static int
 verify_host_key_callback(Key *hostkey)
 {
        if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
@@ -188,14 +188,12 @@ int	userauth_hostbased(Authctxt *authctxt);
 void    userauth(Authctxt *authctxt, char *authlist);
-int
+static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *);
-sign_and_send_pubkey(Authctxt *authctxt, Key *k,
+static void clear_auth_state(Authctxt *);
-    sign_cb_fn *sign_callback);
-void    clear_auth_state(Authctxt *authctxt);
-Authmethod *authmethod_get(char *authlist);
+static Authmethod *authmethod_get(char *authlist);
-Authmethod *authmethod_lookup(const char *name);
+static Authmethod *authmethod_lookup(const char *name);
-char *authmethods_get(void);
+static char *authmethods_get(void);
 Authmethod authmethods[] = {
        {"publickey",
@@ -477,7 +475,7 @@ clear_auth_state(Authctxt *authctxt)
        authctxt->last_key_sign = NULL;
 }
-int
+static int
 sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
 {
        Buffer b;
@@ -562,7 +560,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
        return 1;
 }
-int
+static int
 send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
    int hint)
 {
@@ -595,7 +593,7 @@ send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
        return 1;
 }
-Key *
+static Key *
 load_identity_file(char *filename)
 {
        Key *private;
@@ -633,7 +631,7 @@ load_identity_file(char *filename)
        return private;
 }
-int
+static int
 identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
    u_char *data, int datalen)
 {
@@ -651,19 +649,21 @@ identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
        return ret;
 }
-int agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
+static int
+agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
    u_char *data, int datalen)
 {
        return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
 }
-int key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
+static int
+key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
    u_char *data, int datalen)
 {
        return key_sign(key, sigp, lenp, data, datalen);
 }
-int
+static int
 userauth_pubkey_agent(Authctxt *authctxt)
 {
        static int called = 0;
@@ -900,7 +900,7 @@ userauth_hostbased(Authctxt *authctxt)
 * given auth method name, if configurable options permit this method fill
 * in auth_ident field and return true, otherwise return false.
 */
-int
+static int
 authmethod_is_enabled(Authmethod *method)
 {
        if (method == NULL)
@@ -914,7 +914,7 @@ authmethod_is_enabled(Authmethod *method)
        return 1;
 }
-Authmethod *
+static Authmethod *
 authmethod_lookup(const char *name)
 {
        Authmethod *method = NULL;
@@ -935,7 +935,7 @@ static char *preferred = NULL;
 * next method we should try.  If the server initially sends a nil list,
 * use a built-in default list.
 */
-Authmethod *
+static Authmethod *
 authmethod_get(char *authlist)
 {
diff --git a/sshd.c b/sshd.c
index 1dfcac0d7..431f4e2ac 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.199 2001/06/04 23:07:21 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.200 2001/06/23 15:12:21 itojun Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -182,16 +182,15 @@ int session_id2_len = 0;
 u_int utmp_len = MAXHOSTNAMELEN;
 /* Prototypes for various functions defined later in this file. */
-void do_ssh1_kex(void);
+void destroy_sensitive_data(void);
-void do_ssh2_kex(void);
-void ssh_dh1_server(Kex *, Buffer *_kexinit, Buffer *);
+static void do_ssh1_kex(void);
-void ssh_dhgex_server(Kex *, Buffer *_kexinit, Buffer *);
+static void do_ssh2_kex(void);
 /*
 * Close all listening sockets
 */
-void
+static void
 close_listen_socks(void)
 {
        int i;
@@ -205,7 +204,7 @@ close_listen_socks(void)
 * the effect is to reread the configuration file (and to regenerate
 * the server key).
 */
-void
+static void
 sighup_handler(int sig)
 {
        received_sighup = 1;
@@ -216,7 +215,7 @@ sighup_handler(int sig)
 * Called from the main program after receiving SIGHUP.
 * Restarts the server.
 */
-void
+static void
 sighup_restart(void)
 {
        log("Received SIGHUP; restarting.");
@@ -229,7 +228,7 @@ sighup_restart(void)
 /*
 * Generic signal handler for terminating signals in the master daemon.
 */
-void
+static void
 sigterm_handler(int sig)
 {
        received_sigterm = sig;
@@ -239,7 +238,7 @@ sigterm_handler(int sig)
 * SIGCHLD handler.  This is called whenever a child dies.  This will then
 * reap any zombies left by exited children.
 */
-void
+static void
 main_sigchld_handler(int sig)
 {
        int save_errno = errno;
@@ -255,7 +254,7 @@ main_sigchld_handler(int sig)
 /*
 * Signal handler for the alarm after the login grace period has expired.
 */
-void
+static void
 grace_alarm_handler(int sig)
 {
        /* XXX no idea how fix this signal handler */
@@ -274,7 +273,7 @@ grace_alarm_handler(int sig)
 * Thus there should be no concurrency control/asynchronous execution
 * problems.
 */
-void
+static void
 generate_ephemeral_server_key(void)
 {
        u_int32_t rand = 0;
@@ -297,7 +296,7 @@ generate_ephemeral_server_key(void)
        arc4random_stir();
 }
-void
+static void
 key_regeneration_alarm(int sig)
 {
        int save_errno = errno;
@@ -306,7 +305,7 @@ key_regeneration_alarm(int sig)
        key_do_regen = 1;
 }
-void
+static void
 sshd_exchange_identification(int sock_in, int sock_out)
 {
        int i, mismatch;
@@ -456,7 +455,7 @@ destroy_sensitive_data(void)
        memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
 }
-char *
+static char *
 list_hostkey_types(void)
 {
        static char buf[1024];
@@ -481,7 +480,7 @@ list_hostkey_types(void)
        return buf;
 }
-Key *
+static Key *
 get_hostkey_by_type(int type)
 {
        int i;
@@ -499,7 +498,7 @@ get_hostkey_by_type(int type)
 * of (max_startups_rate/100). the probability increases linearly until
 * all connections are dropped for startups > max_startups
 */
-int
+static int
 drop_connection(int startups)
 {
        double p, r;
@@ -1203,7 +1202,7 @@ main(int ac, char **av)
 /*
 * SSH1 key exchange
 */
-void
+static void
 do_ssh1_kex(void)
 {
        int i, len;
@@ -1424,7 +1423,7 @@ do_ssh1_kex(void)
 /*
 * SSH2 key exchange: diffie-hellman-group1-sha1
 */
-void
+static void
 do_ssh2_kex(void)
 {
        Kex *kex;