Add a batch of missing 'static's.

crypto/bcrypt.c

@@ -11,7 +11,7 @@
 #include "ssh.h"
 #include "blowfish.h"
 
-BlowfishContext *bcrypt_setup(const unsigned char *key, int keybytes,
+static BlowfishContext *bcrypt_setup(const unsigned char *key, int keybytes,
                                      const unsigned char *salt, int saltbytes)
 {
     int i;
@@ -32,7 +32,7 @@ BlowfishContext *bcrypt_setup(const unsigned char *key, int keybytes,
     return ctx;
 }
 
-void bcrypt_hash(const unsigned char *key, int keybytes,
+static void bcrypt_hash(const unsigned char *key, int keybytes,
                         const unsigned char *salt, int saltbytes,
                         unsigned char output[32])
 {
@@ -49,7 +49,7 @@ void bcrypt_hash(const unsigned char *key, int keybytes,
     blowfish_free_context(ctx);
 }
 
-void bcrypt_genblock(int counter,
+static void bcrypt_genblock(int counter,
                             const unsigned char hashed_passphrase[64],
                             const unsigned char *salt, int saltbytes,
                             unsigned char output[32])

crypto/ecc-ssh.c

@@ -1444,7 +1444,7 @@ typedef struct ecdh_key_m {
     ecdh_key ek;
 } ecdh_key_m;
 
-ecdh_key *ssh_ecdhkex_w_new(const ssh_kex *kex, bool is_server)
+static ecdh_key *ssh_ecdhkex_w_new(const ssh_kex *kex, bool is_server)
 {
     const struct eckex_extra *extra = (const struct eckex_extra *)kex->extra;
     const struct ec_curve *curve = extra->curve();
@@ -1463,7 +1463,7 @@ ecdh_key *ssh_ecdhkex_w_new(const ssh_kex *kex, bool is_server)
     return &dhw->ek;
 }
 
-ecdh_key *ssh_ecdhkex_m_new(const ssh_kex *kex, bool is_server)
+static ecdh_key *ssh_ecdhkex_m_new(const ssh_kex *kex, bool is_server)
 {
     const struct eckex_extra *extra = (const struct eckex_extra *)kex->extra;
     const struct ec_curve *curve = extra->curve();
@@ -1637,7 +1637,7 @@ const ssh_kex ssh_ec_kex_curve25519 = {
     .extra = &kex_extra_curve25519,
 };
 /* Pre-RFC alias */
-const ssh_kex ssh_ec_kex_curve25519_libssh = {
+static const ssh_kex ssh_ec_kex_curve25519_libssh = {
     .name = "curve25519-sha256@libssh.org",
     .main_type = KEXTYPE_ECDH,
     .hash = &ssh_sha256,

crypto/ntru.c

@@ -483,7 +483,8 @@ void ntru_scale(uint16_t *out, const uint16_t *in, uint16_t scale,
  * Given an array of values mod 3, convert them to values mod q in a
  * way that maps -1,0,+1 to -1,0,+1.
  */
-void ntru_expand(uint16_t *out, const uint16_t *in, unsigned p, unsigned q)
+static void ntru_expand(
+    uint16_t *out, const uint16_t *in, unsigned p, unsigned q)
 {
     for (size_t i = 0; i < p; i++) {
         uint16_t v = in[i];
@@ -1393,7 +1394,8 @@ void ntru_encode_plaintext(const uint16_t *plaintext, unsigned p,
  *
  * 'out' should therefore expect to receive 32 bytes of data.
  */
-void ntru_confirmation_hash(uint8_t *out, const uint16_t *plaintext,
+static void ntru_confirmation_hash(
+    uint8_t *out, const uint16_t *plaintext,
     const uint16_t *pubkey, unsigned p, unsigned q)
 {
     /* The outer hash object */
@@ -1450,7 +1452,8 @@ void ntru_confirmation_hash(uint8_t *out, const uint16_t *plaintext,
  *
  * The ciphertext is provided in already-encoded form.
  */
-void ntru_session_hash(uint8_t *out, unsigned ok, const uint16_t *plaintext,
+static void ntru_session_hash(
+    uint8_t *out, unsigned ok, const uint16_t *plaintext,
     unsigned p, ptrlen ciphertext, ptrlen confirmation_hash)
 {
     /* The outer hash object */
@@ -1866,7 +1869,7 @@ static const ecdh_keyalg ssh_ntru_selector_vt = {
     .description = ssh_ntru_description,
 };
 
-const ssh_kex ssh_ntru_curve25519 = {
+static const ssh_kex ssh_ntru_curve25519 = {
     .name = "sntrup761x25519-sha512@openssh.com",
     .main_type = KEXTYPE_ECDH,
     .hash = &ssh_sha512,

crypto/openssh-certs.c

@@ -93,35 +93,37 @@ typedef struct opensshcert_extra {
  * info appears at all, it's in the same order everywhere, and none of
  * it is repeated unnecessarily */
 enum { DSA_p, DSA_q, DSA_g, DSA_y, DSA_x };
-const unsigned dsa_pub_fmt[] = { DSA_p, DSA_q, DSA_g, DSA_y };
-const unsigned dsa_base_ossh_fmt[] = { DSA_p, DSA_q, DSA_g, DSA_y, DSA_x };
-const unsigned dsa_cert_ossh_fmt[] = { DSA_x };
+static const unsigned dsa_pub_fmt[] = { DSA_p, DSA_q, DSA_g, DSA_y };
+static const unsigned dsa_base_ossh_fmt[] = {
+    DSA_p, DSA_q, DSA_g, DSA_y, DSA_x };
+static const unsigned dsa_cert_ossh_fmt[] = { DSA_x };
 
 /* ECDSA is almost as nice, except that it pointlessly mentions the
  * curve name in the public data, which shouldn't be necessary given
  * that the SSH key id has already implied it. But at least that's
  * consistent everywhere. */
 enum { ECDSA_curve, ECDSA_point, ECDSA_exp };
-const unsigned ecdsa_pub_fmt[] = { ECDSA_curve, ECDSA_point };
-const unsigned ecdsa_base_ossh_fmt[] = { ECDSA_curve, ECDSA_point, ECDSA_exp };
-const unsigned ecdsa_cert_ossh_fmt[] = { ECDSA_exp };
+static const unsigned ecdsa_pub_fmt[] = { ECDSA_curve, ECDSA_point };
+static const unsigned ecdsa_base_ossh_fmt[] = {
+    ECDSA_curve, ECDSA_point, ECDSA_exp };
+static const unsigned ecdsa_cert_ossh_fmt[] = { ECDSA_exp };
 
 /* Ed25519 has the oddity that the private data following the
  * certificate in the OpenSSH blob is preceded by an extra copy of the
  * public data, for no obviously necessary reason since that doesn't
  * happen in any of the rest of these formats */
 enum { EDDSA_point, EDDSA_exp };
-const unsigned eddsa_pub_fmt[] = { EDDSA_point };
-const unsigned eddsa_base_ossh_fmt[] = { EDDSA_point, EDDSA_exp };
-const unsigned eddsa_cert_ossh_fmt[] = { EDDSA_point, EDDSA_exp };
+static const unsigned eddsa_pub_fmt[] = { EDDSA_point };
+static const unsigned eddsa_base_ossh_fmt[] = { EDDSA_point, EDDSA_exp };
+static const unsigned eddsa_cert_ossh_fmt[] = { EDDSA_point, EDDSA_exp };
 
 /* And RSA has the quirk that the modulus and exponent are reversed in
  * the base key type's OpenSSH blob! */
 enum { RSA_e, RSA_n, RSA_d, RSA_p, RSA_q, RSA_iqmp };
-const unsigned rsa_pub_fmt[] = { RSA_e, RSA_n };
-const unsigned rsa_base_ossh_fmt[] = {
+static const unsigned rsa_pub_fmt[] = { RSA_e, RSA_n };
+static const unsigned rsa_base_ossh_fmt[] = {
     RSA_n, RSA_e, RSA_d, RSA_p, RSA_q, RSA_iqmp };
-const unsigned rsa_cert_ossh_fmt[] = { RSA_d, RSA_p, RSA_q, RSA_iqmp };
+static const unsigned rsa_cert_ossh_fmt[] = { RSA_d, RSA_p, RSA_q, RSA_iqmp };
 
 /*
  * Routines to transform one kind of blob into another based on those
@@ -238,7 +240,7 @@ static const ssh_keyalg *opensshcert_related_alg(const ssh_keyalg *self,
     /* end of list */
 
 #define KEYALG_DEF(name, ssh_alg_id_prefix, ssh_key_id_prefix, fmt_prefix) \
-    const struct opensshcert_extra opensshcert_##name##_extra = {       \
+    static const struct opensshcert_extra opensshcert_##name##_extra = { \
         .pub_fmt = { .fmt = fmt_prefix ## _pub_fmt,                     \
                      .len = lenof(fmt_prefix ## _pub_fmt) },            \
         .base_ossh_fmt = { .fmt = fmt_prefix ## _base_ossh_fmt,         \

crypto/rsa.c

@@ -865,7 +865,8 @@ static unsigned ssh_rsa_supported_flags(const ssh_keyalg *self)
     return SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512;
 }
 
-const char *ssh_rsa_alternate_ssh_id(const ssh_keyalg *self, unsigned flags)
+static const char *ssh_rsa_alternate_ssh_id(
+    const ssh_keyalg *self, unsigned flags)
 {
     if (flags & SSH_AGENT_RSA_SHA2_512)
         return ssh_rsa_sha512.ssh_id;

import.c

@@ -317,7 +317,7 @@ struct openssh_pem_key {
     strbuf *keyblob;
 };
 
-void BinarySink_put_mp_ssh2_from_string(BinarySink *bs, ptrlen str)
+static void BinarySink_put_mp_ssh2_from_string(BinarySink *bs, ptrlen str)
 {
     const unsigned char *bytes = (const unsigned char *)str.ptr;
     size_t nbytes = str.len;
@@ -1893,7 +1893,7 @@ static bool sshcom_encrypted(BinarySource *filesrc, char **comment)
     return answer;
 }
 
-void BinarySink_put_mp_sshcom_from_string(BinarySink *bs, ptrlen str)
+static void BinarySink_put_mp_sshcom_from_string(BinarySink *bs, ptrlen str)
 {
     const unsigned char *bytes = (const unsigned char *)str.ptr;
     size_t nbytes = str.len;

proxy/cproxy.c

@@ -26,7 +26,8 @@ strbuf *chap_response(ptrlen challenge, ptrlen password)
     return sb;
 }
 
-void BinarySink_put_hex_data(BinarySink *bs, const void *vptr, size_t len)
+static void BinarySink_put_hex_data(BinarySink *bs, const void *vptr,
+                                    size_t len)
 {
     const unsigned char *p = (const unsigned char *)vptr;
     const char *hexdigits = "0123456789abcdef";

proxy/proxy.c

@@ -35,7 +35,7 @@ static void proxy_negotiator_cleanup(ProxySocket *ps)
  * Call this when proxy negotiation is complete, so that this
  * socket can begin working normally.
  */
-void proxy_activate(ProxySocket *ps)
+static void proxy_activate(ProxySocket *ps)
 {
     size_t output_before, output_after;
 

ssh/sftp.c

@@ -21,7 +21,7 @@ static void fxp_internal_error(const char *msg);
  * Client-specific parts of the send- and receive-packet system.
  */
 
-bool sftp_send(struct sftp_packet *pkt)
+static bool sftp_send(struct sftp_packet *pkt)
 {
     bool ret;
     sftp_send_prepare(pkt);

ssh/sharing.c

@@ -987,7 +987,7 @@ static void share_xchannel_add_message(
     xc->msgtail = msg;
 }
 
-void share_dead_xchannel_respond(struct ssh_sharing_connstate *cs,
+static void share_dead_xchannel_respond(struct ssh_sharing_connstate *cs,
                                         struct share_xchannel *xc)
 {
     /*
@@ -1033,10 +1033,9 @@ void share_dead_xchannel_respond(struct ssh_sharing_connstate *cs,
     }
 }
 
-void share_xchannel_confirmation(struct ssh_sharing_connstate *cs,
-                                 struct share_xchannel *xc,
-                                 struct share_channel *chan,
-                                 unsigned downstream_window)
+static void share_xchannel_confirmation(
+    struct ssh_sharing_connstate *cs, struct share_xchannel *xc,
+    struct share_channel *chan, unsigned downstream_window)
 {
     strbuf *packet;
 
@@ -1070,7 +1069,7 @@ void share_xchannel_confirmation(struct ssh_sharing_connstate *cs,
     strbuf_free(packet);
 }
 
-void share_xchannel_failure(struct ssh_sharing_connstate *cs,
+static void share_xchannel_failure(struct ssh_sharing_connstate *cs,
                                    struct share_xchannel *xc)
 {
     /*
@@ -1986,7 +1985,7 @@ static int share_listen_accepting(Plug *plug,
  * configurations which return the same string from this function will
  * be treated as potentially shareable with each other.
  */
-char *ssh_share_sockname(const char *host, int port, Conf *conf)
+static char *ssh_share_sockname(const char *host, int port, Conf *conf)
 {
     char *username = NULL;
     char *sockname;

ssh/zlib.c

@@ -573,7 +573,7 @@ struct ssh_zlib_compressor {
     ssh_compressor sc;
 };
 
-ssh_compressor *zlib_compress_init(void)
+static ssh_compressor *zlib_compress_init(void)
 {
     struct Outbuf *out;
     struct ssh_zlib_compressor *comp = snew(struct ssh_zlib_compressor);
@@ -592,7 +592,7 @@ ssh_compressor *zlib_compress_init(void)
     return &comp->sc;
 }
 
-void zlib_compress_cleanup(ssh_compressor *sc)
+static void zlib_compress_cleanup(ssh_compressor *sc)
 {
     struct ssh_zlib_compressor *comp =
         container_of(sc, struct ssh_zlib_compressor, sc);
@@ -604,10 +604,9 @@ void zlib_compress_cleanup(ssh_compressor *sc)
     sfree(comp);
 }
 
-void zlib_compress_block(ssh_compressor *sc,
-                         const unsigned char *block, int len,
-                         unsigned char **outblock, int *outlen,
-                         int minlen)
+static void zlib_compress_block(
+    ssh_compressor *sc, const unsigned char *block, int len,
+    unsigned char **outblock, int *outlen, int minlen)
 {
     struct ssh_zlib_compressor *comp =
         container_of(sc, struct ssh_zlib_compressor, sc);
@@ -904,7 +903,7 @@ struct zlib_decompress_ctx {
     ssh_decompressor dc;
 };
 
-ssh_decompressor *zlib_decompress_init(void)
+static ssh_decompressor *zlib_decompress_init(void)
 {
     struct zlib_decompress_ctx *dctx = snew(struct zlib_decompress_ctx);
     unsigned char lengths[288];
@@ -927,7 +926,7 @@ ssh_decompressor *zlib_decompress_init(void)
     return &dctx->dc;
 }
 
-void zlib_decompress_cleanup(ssh_decompressor *dc)
+static void zlib_decompress_cleanup(ssh_decompressor *dc)
 {
     struct zlib_decompress_ctx *dctx =
         container_of(dc, struct zlib_decompress_ctx, dc);
@@ -986,8 +985,8 @@ static void zlib_emit_char(struct zlib_decompress_ctx *dctx, int c)
 
 #define EATBITS(n) ( dctx->nbits -= (n), dctx->bits >>= (n) )
 
-bool zlib_decompress_block(ssh_decompressor *dc,
-                           const unsigned char *block, int len,
+static bool zlib_decompress_block(
+    ssh_decompressor *dc, const unsigned char *block, int len,
     unsigned char **outblock, int *outlen)
 {
     struct zlib_decompress_ctx *dctx =

terminal/bidi.c

@@ -3558,13 +3558,14 @@ static void reverse_sequences(BidiContext *ctx)
 }
 
 /*
- * The Main Bidi Function, and the only function that should be used
- * by the outside world.
+ * The Main Bidi Function. The two wrappers below it present different
+ * external APIs for different purposes, but everything comes through
+ * here.
  *
  * text: a buffer of size textlen containing text to apply the
  * Bidirectional algorithm to.
  */
-void do_bidi_new(BidiContext *ctx, bidi_char *text, size_t textlen)
+static void do_bidi_new(BidiContext *ctx, bidi_char *text, size_t textlen)
 {
     ensure_arrays(ctx, textlen);
     ctx->text = text;

terminal/terminal.c

@@ -1537,7 +1537,7 @@ static void set_erase_char(Terminal *term)
  * lookups which would be involved in fetching them from the former
  * every time.
  */
-void term_copy_stuff_from_conf(Terminal *term)
+static void term_copy_stuff_from_conf(Terminal *term)
 {
     term->ansi_colour = conf_get_bool(term->conf, CONF_ansi_colour);
     term->no_arabicshaping = conf_get_bool(term->conf, CONF_no_arabicshaping);

utils/x11authfile.c

@@ -9,7 +9,7 @@
 #include "putty.h"
 #include "ssh.h"
 
-ptrlen BinarySource_get_string_xauth(BinarySource *src)
+static ptrlen BinarySource_get_string_xauth(BinarySource *src)
 {
     size_t len = get_uint16(src);
     return get_data(src, len);
@@ -17,7 +17,7 @@ ptrlen BinarySource_get_string_xauth(BinarySource *src)
 #define get_string_xauth(src) \
     BinarySource_get_string_xauth(BinarySource_UPCAST(src))
 
-void BinarySink_put_stringpl_xauth(BinarySink *bs, ptrlen pl)
+static void BinarySink_put_stringpl_xauth(BinarySink *bs, ptrlen pl)
 {
     assert((pl.len >> 16) == 0);
     put_uint16(bs, pl.len);

windows/network.c

@@ -1124,7 +1124,8 @@ Socket *sk_new(SockAddr *addr, int port, bool privport, bool oobinline,
     return &ret->sock;
 }
 
-Socket *sk_newlistener_internal(const char *srcaddr, int port, Plug *plug,
+static Socket *sk_newlistener_internal(
+    const char *srcaddr, int port, Plug *plug,
     bool local_host_only, int orig_address_family)
 {
     SOCKET s;
@@ -1413,7 +1414,7 @@ static void socket_error_callback(void *vs)
  * The function which tries to send on a socket once it's deemed
  * writable.
  */
-void try_send(NetSocket *s)
+static void try_send(NetSocket *s)
 {
     while (s->sending_oob || bufchain_size(&s->output_data) > 0) {
         int nsent;

windows/unicode.c

@@ -728,7 +728,7 @@ wchar_t xlat_uskbd2cyrllic(int ch)
     return cyrtab[ch&0x7F];
 }
 
-int check_compose_internal(int first, int second, int recurse)
+static int check_compose_internal(int first, int second, int recurse)
 {
 
     static const struct {