https://bugzilla.mindrot.org/show_bug.cgi?id=2588
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #18 from Darren Tucker <[email protected]> --- The #ifdef maze in myproposal.h was becoming increasingly problematic, so we finally moved the filtering to runtime and deleted all the ifdefs: https://github.com/openssh/openssh-portable/commit/c4b3a128954ee1b7fbcbda167baf8aca1a3d1c84 which should prevent this class of bug in future. We also added a regression test that has ssh parse its default config to ensure that it's usable (https://github.com/openssh/openssh-portable/blob/master/regress/sshcfgparse.sh) and enabled the internal SHA2 functions for these MACs in the --without-openssl case so the advertised ones do indeed work: $ ./configure --without-openssl && make && ./ssh -F/dev/null -G localhost | grep "macs " [...] macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 $ nm ssh | grep -i sha512 000000000004db40 T crypto_hash_sha512 0000000000067740 T SHA512Final 00000000000663c0 T SHA512Init 0000000000097300 r sha512_initial_hash_value 0000000000067550 T SHA512Pad 0000000000066430 T SHA512Transform 0000000000067300 T SHA512Update $ for i in `./ssh -F/dev/null -G localhost | awk '/macs /{print $2}' | tr , ' '`; do echo $i; ./ssh -omacs=$i localhost true; done [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] hmac-sha2-256 hmac-sha2-512 hmac-sha1 Thanks for the report. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
