On master as of d2a32ca6d3c40483a6d10340d3e11da9259e1379, and the 0.9 branch as of b33dcda94d313913a877bc8db006ad02141bc695, the keylen input parameter to the EVP_PKEY_derive function call in ssh_curve25519_build_k is uninitialized for HAVE_OPENSSL_X25519 builds.
In this code segment:
Depending on local stack contents at runtime, this can cause sporadic failures of the EVP_PKEY_derive invocation later on that when logged from libssh look something like:
"[libssh] ssh_curve25519_build_k: ssh_curve25519_build_k: Failed to derive X25519 shared secret: error:06000064:public key routines:OPENSSL_internal:BUFFER_TOO_SMALL"
The issue can be reproduced by manually setting the argument to zero here:
Wanted to file this bug report as a reference point for a proposed fix.