Hello community, here is the log from the commit of package libssh for openSUSE:Factory checked in at 2019-03-01 20:29:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libssh (Old) and /work/SRC/openSUSE:Factory/.libssh.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh" Fri Mar 1 20:29:59 2019 rev:55 rq:680032 version:0.8.7 Changes: -------- --- /work/SRC/openSUSE:Factory/libssh/libssh.changes 2019-02-24 16:59:15.472798539 +0100 +++ /work/SRC/openSUSE:Factory/.libssh.new.28833/libssh.changes 2019-03-01 20:30:02.474002378 +0100 @@ -1,0 +2,15 @@ +Thu Feb 28 07:17:52 UTC 2019 - Stephan Kulow <[email protected]> + +- Avoid build cycle between curl and libssh by using obs hint to + prefer curl-mini + +------------------------------------------------------------------- +Mon Feb 25 09:28:34 UTC 2019 - Andreas Schneider <[email protected]> + +- Update to version 0.8.7 + * Fixed handling extension flags in the server implementation + * Fixed exporting ed25519 private keys + * Fixed corner cases for rsa-sha2 signatures + * Fixed some issues with connector + +------------------------------------------------------------------- Old: ---- libssh-0.8.6.tar.xz libssh-0.8.6.tar.xz.asc New: ---- libssh-0.8.7.tar.xz libssh-0.8.7.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libssh.spec ++++++ --- /var/tmp/diff_new_pack.AJI0Rl/_old 2019-03-01 20:30:03.218002198 +0100 +++ /var/tmp/diff_new_pack.AJI0Rl/_new 2019-03-01 20:30:03.218002198 +0100 @@ -25,7 +25,7 @@ %bcond_with test %endif Name: libssh%{suffix} -Version: 0.8.6 +Version: 0.8.7 Release: 0 Summary: The SSH library License: LGPL-2.1-or-later @@ -36,6 +36,8 @@ Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/libssh.keyring Source99: baselibs.conf Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch +# cmake pulls curl, but libssh is a dependency of it, so avoid cycles by using curl-mini +#!BuildRequires: libcurl4-mini BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: krb5-devel @@ -86,7 +88,7 @@ Documentation for libssh development. %prep -%autosetup -p1 -n libssh-0.8.6 +%autosetup -p1 -n libssh-%{version} %build ++++++ libssh-0.8.6.tar.xz -> libssh-0.8.7.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/.gitlab-ci.yml new/libssh-0.8.7/.gitlab-ci.yml --- old/libssh-0.8.6/.gitlab-ci.yml 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/.gitlab-ci.yml 2019-02-25 09:58:49.000000000 +0100 @@ -357,5 +357,5 @@ paths: - obj/ -Debian.cross.mips-linux-gnu: +.Debian.cross.mips-linux-gnu: <<: *Debian_cross_template diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/CMakeLists.txt new/libssh-0.8.7/CMakeLists.txt --- old/libssh-0.8.6/CMakeLists.txt 2018-12-24 08:36:06.000000000 +0100 +++ new/libssh-0.8.7/CMakeLists.txt 2019-02-25 09:58:49.000000000 +0100 @@ -10,7 +10,7 @@ include(DefineCMakeDefaults) include(DefineCompilerFlags) -project(libssh VERSION 0.8.6 LANGUAGES C) +project(libssh VERSION 0.8.7 LANGUAGES C) # global needed variable set(APPLICATION_NAME ${PROJECT_NAME}) @@ -22,7 +22,7 @@ # Increment AGE. Set REVISION to 0 # If the source code was changed, but there were no interface changes: # Increment REVISION. -set(LIBRARY_VERSION "4.7.3") +set(LIBRARY_VERSION "4.7.4") set(LIBRARY_SOVERSION "4") # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/ChangeLog new/libssh-0.8.7/ChangeLog --- old/libssh-0.8.6/ChangeLog 2018-12-24 08:36:06.000000000 +0100 +++ new/libssh-0.8.7/ChangeLog 2019-02-25 09:59:53.000000000 +0100 @@ -1,6 +1,12 @@ ChangeLog ========== +version 0.8.7 (released 2019-02-25) + * Fixed handling extension flags in the server implementation + * Fixed exporting ed25519 private keys + * Fixed corner cases for rsa-sha2 signatures + * Fixed some issues with connector + version 0.8.6 (released 2018-12-24) * Fixed compilation issues with different OpenSSL versions * Fixed StrictHostKeyChecking in new knownhosts API diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/doc/mainpage.dox new/libssh-0.8.7/doc/mainpage.dox --- old/libssh-0.8.6/doc/mainpage.dox 2018-12-07 14:33:25.000000000 +0100 +++ new/libssh-0.8.7/doc/mainpage.dox 2019-02-22 18:21:25.000000000 +0100 @@ -23,7 +23,7 @@ - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256,ssh-dss - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc ([email protected]), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none - <strong>Compression Schemes</strong>: zlib, <i>[email protected]</i>, none - - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-384, hmac-sha2-512, hmac-md5, none + - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5, none - <strong>Authentication</strong>: none, password, public-key, keyboard-interactive, <i>gssapi-with-mic</i> - <strong>Channels</strong>: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, <i>[email protected]</i> - <strong>Global Requests</strong>: tcpip-forward, forwarded-tcpip diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/include/libssh/libssh.h new/libssh-0.8.7/include/libssh/libssh.h --- old/libssh-0.8.6/include/libssh/libssh.h 2018-12-24 08:36:06.000000000 +0100 +++ new/libssh-0.8.7/include/libssh/libssh.h 2019-02-25 09:58:49.000000000 +0100 @@ -79,7 +79,7 @@ /* libssh version */ #define LIBSSH_VERSION_MAJOR 0 #define LIBSSH_VERSION_MINOR 8 -#define LIBSSH_VERSION_MICRO 6 +#define LIBSSH_VERSION_MICRO 7 #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \ LIBSSH_VERSION_MINOR, \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/include/libssh/session.h new/libssh-0.8.7/include/libssh/session.h --- old/libssh-0.8.6/include/libssh/session.h 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/include/libssh/session.h 2019-02-25 09:58:49.000000000 +0100 @@ -87,10 +87,11 @@ #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8 /* extensions flags */ +/* negotiation enabled */ +#define SSH_EXT_NEGOTIATION 0x01 /* server-sig-algs extension */ -#define SSH_EXT_SIG_RSA_SHA256 0x01 -#define SSH_EXT_SIG_RSA_SHA512 0x02 -#define SSH_EXT_ALL SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512 +#define SSH_EXT_SIG_RSA_SHA256 0x02 +#define SSH_EXT_SIG_RSA_SHA512 0x04 /* members that are common to ssh_session and ssh_bind */ struct ssh_common_struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/include/libssh/wrapper.h new/libssh-0.8.7/include/libssh/wrapper.h --- old/libssh-0.8.6/include/libssh/wrapper.h 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/include/libssh/wrapper.h 2019-02-25 09:58:49.000000000 +0100 @@ -44,7 +44,6 @@ enum ssh_hmac_e { SSH_HMAC_SHA1 = 1, SSH_HMAC_SHA256, - SSH_HMAC_SHA384, SSH_HMAC_SHA512, SSH_HMAC_MD5, SSH_HMAC_AEAD_POLY1305 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/ABI/current new/libssh-0.8.7/src/ABI/current --- old/libssh-0.8.6/src/ABI/current 2018-12-24 08:36:06.000000000 +0100 +++ new/libssh-0.8.7/src/ABI/current 2019-02-22 18:21:25.000000000 +0100 @@ -1 +1 @@ -4.7.3 \ No newline at end of file +4.7.4 \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/ABI/libssh-4.7.4.symbols new/libssh-0.8.7/src/ABI/libssh-4.7.4.symbols --- old/libssh-0.8.6/src/ABI/libssh-4.7.4.symbols 1970-01-01 01:00:00.000000000 +0100 +++ new/libssh-0.8.7/src/ABI/libssh-4.7.4.symbols 2019-02-22 18:21:25.000000000 +0100 @@ -0,0 +1,415 @@ +_ssh_log +buffer_free +buffer_get +buffer_get_len +buffer_new +channel_accept_x11 +channel_change_pty_size +channel_close +channel_forward_accept +channel_forward_cancel +channel_forward_listen +channel_free +channel_get_exit_status +channel_get_session +channel_is_closed +channel_is_eof +channel_is_open +channel_new +channel_open_forward +channel_open_session +channel_poll +channel_read +channel_read_buffer +channel_read_nonblocking +channel_request_env +channel_request_exec +channel_request_pty +channel_request_pty_size +channel_request_send_signal +channel_request_sftp +channel_request_shell +channel_request_subsystem +channel_request_x11 +channel_select +channel_send_eof +channel_set_blocking +channel_write +channel_write_stderr +privatekey_free +privatekey_from_file +publickey_free +publickey_from_file +publickey_from_privatekey +publickey_to_string +sftp_async_read +sftp_async_read_begin +sftp_attributes_free +sftp_canonicalize_path +sftp_chmod +sftp_chown +sftp_client_message_free +sftp_client_message_get_data +sftp_client_message_get_filename +sftp_client_message_get_flags +sftp_client_message_get_submessage +sftp_client_message_get_type +sftp_client_message_set_filename +sftp_close +sftp_closedir +sftp_dir_eof +sftp_extension_supported +sftp_extensions_get_count +sftp_extensions_get_data +sftp_extensions_get_name +sftp_file_set_blocking +sftp_file_set_nonblocking +sftp_free +sftp_fstat +sftp_fstatvfs +sftp_fsync +sftp_get_client_message +sftp_get_error +sftp_handle +sftp_handle_alloc +sftp_handle_remove +sftp_init +sftp_lstat +sftp_mkdir +sftp_new +sftp_new_channel +sftp_open +sftp_opendir +sftp_read +sftp_readdir +sftp_readlink +sftp_rename +sftp_reply_attr +sftp_reply_data +sftp_reply_handle +sftp_reply_name +sftp_reply_names +sftp_reply_names_add +sftp_reply_status +sftp_rewind +sftp_rmdir +sftp_seek +sftp_seek64 +sftp_send_client_message +sftp_server_init +sftp_server_new +sftp_server_version +sftp_setstat +sftp_stat +sftp_statvfs +sftp_statvfs_free +sftp_symlink +sftp_tell +sftp_tell64 +sftp_unlink +sftp_utimes +sftp_write +ssh_accept +ssh_add_channel_callbacks +ssh_auth_list +ssh_basename +ssh_bind_accept +ssh_bind_accept_fd +ssh_bind_fd_toaccept +ssh_bind_free +ssh_bind_get_fd +ssh_bind_listen +ssh_bind_new +ssh_bind_options_set +ssh_bind_set_blocking +ssh_bind_set_callbacks +ssh_bind_set_fd +ssh_blocking_flush +ssh_buffer_add_data +ssh_buffer_free +ssh_buffer_get +ssh_buffer_get_data +ssh_buffer_get_len +ssh_buffer_new +ssh_buffer_reinit +ssh_channel_accept_forward +ssh_channel_accept_x11 +ssh_channel_cancel_forward +ssh_channel_change_pty_size +ssh_channel_close +ssh_channel_free +ssh_channel_get_exit_status +ssh_channel_get_session +ssh_channel_is_closed +ssh_channel_is_eof +ssh_channel_is_open +ssh_channel_listen_forward +ssh_channel_new +ssh_channel_open_auth_agent +ssh_channel_open_forward +ssh_channel_open_reverse_forward +ssh_channel_open_session +ssh_channel_open_x11 +ssh_channel_poll +ssh_channel_poll_timeout +ssh_channel_read +ssh_channel_read_nonblocking +ssh_channel_read_timeout +ssh_channel_request_auth_agent +ssh_channel_request_env +ssh_channel_request_exec +ssh_channel_request_pty +ssh_channel_request_pty_size +ssh_channel_request_send_break +ssh_channel_request_send_exit_signal +ssh_channel_request_send_exit_status +ssh_channel_request_send_signal +ssh_channel_request_sftp +ssh_channel_request_shell +ssh_channel_request_subsystem +ssh_channel_request_x11 +ssh_channel_select +ssh_channel_send_eof +ssh_channel_set_blocking +ssh_channel_set_counter +ssh_channel_window_size +ssh_channel_write +ssh_channel_write_stderr +ssh_clean_pubkey_hash +ssh_connect +ssh_connector_free +ssh_connector_new +ssh_connector_set_in_channel +ssh_connector_set_in_fd +ssh_connector_set_out_channel +ssh_connector_set_out_fd +ssh_copyright +ssh_dirname +ssh_disconnect +ssh_dump_knownhost +ssh_event_add_connector +ssh_event_add_fd +ssh_event_add_session +ssh_event_dopoll +ssh_event_free +ssh_event_new +ssh_event_remove_connector +ssh_event_remove_fd +ssh_event_remove_session +ssh_execute_message_callbacks +ssh_finalize +ssh_forward_accept +ssh_forward_cancel +ssh_forward_listen +ssh_free +ssh_get_cipher_in +ssh_get_cipher_out +ssh_get_clientbanner +ssh_get_disconnect_message +ssh_get_error +ssh_get_error_code +ssh_get_fd +ssh_get_fingerprint_hash +ssh_get_hexa +ssh_get_hmac_in +ssh_get_hmac_out +ssh_get_issue_banner +ssh_get_kex_algo +ssh_get_log_callback +ssh_get_log_level +ssh_get_log_userdata +ssh_get_openssh_version +ssh_get_poll_flags +ssh_get_pubkey +ssh_get_pubkey_hash +ssh_get_publickey +ssh_get_publickey_hash +ssh_get_random +ssh_get_server_publickey +ssh_get_serverbanner +ssh_get_status +ssh_get_version +ssh_getpass +ssh_gssapi_get_creds +ssh_gssapi_set_creds +ssh_handle_key_exchange +ssh_init +ssh_is_blocking +ssh_is_connected +ssh_is_server_known +ssh_key_cmp +ssh_key_free +ssh_key_is_private +ssh_key_is_public +ssh_key_new +ssh_key_type +ssh_key_type_from_name +ssh_key_type_to_char +ssh_known_hosts_parse_line +ssh_knownhosts_entry_free +ssh_log +ssh_message_auth_interactive_request +ssh_message_auth_kbdint_is_response +ssh_message_auth_password +ssh_message_auth_pubkey +ssh_message_auth_publickey +ssh_message_auth_publickey_state +ssh_message_auth_reply_pk_ok +ssh_message_auth_reply_pk_ok_simple +ssh_message_auth_reply_success +ssh_message_auth_set_methods +ssh_message_auth_user +ssh_message_channel_request_channel +ssh_message_channel_request_command +ssh_message_channel_request_env_name +ssh_message_channel_request_env_value +ssh_message_channel_request_open_destination +ssh_message_channel_request_open_destination_port +ssh_message_channel_request_open_originator +ssh_message_channel_request_open_originator_port +ssh_message_channel_request_open_reply_accept +ssh_message_channel_request_pty_height +ssh_message_channel_request_pty_pxheight +ssh_message_channel_request_pty_pxwidth +ssh_message_channel_request_pty_term +ssh_message_channel_request_pty_width +ssh_message_channel_request_reply_success +ssh_message_channel_request_subsystem +ssh_message_channel_request_x11_auth_cookie +ssh_message_channel_request_x11_auth_protocol +ssh_message_channel_request_x11_screen_number +ssh_message_channel_request_x11_single_connection +ssh_message_free +ssh_message_get +ssh_message_global_request_address +ssh_message_global_request_port +ssh_message_global_request_reply_success +ssh_message_reply_default +ssh_message_retrieve +ssh_message_service_reply_success +ssh_message_service_service +ssh_message_subtype +ssh_message_type +ssh_mkdir +ssh_new +ssh_options_copy +ssh_options_get +ssh_options_get_port +ssh_options_getopt +ssh_options_parse_config +ssh_options_set +ssh_pcap_file_close +ssh_pcap_file_free +ssh_pcap_file_new +ssh_pcap_file_open +ssh_pki_copy_cert_to_privkey +ssh_pki_export_privkey_base64 +ssh_pki_export_privkey_file +ssh_pki_export_privkey_to_pubkey +ssh_pki_export_pubkey_base64 +ssh_pki_export_pubkey_file +ssh_pki_generate +ssh_pki_import_cert_base64 +ssh_pki_import_cert_file +ssh_pki_import_privkey_base64 +ssh_pki_import_privkey_file +ssh_pki_import_pubkey_base64 +ssh_pki_import_pubkey_file +ssh_pki_key_ecdsa_name +ssh_print_hash +ssh_print_hexa +ssh_privatekey_type +ssh_publickey_to_file +ssh_remove_channel_callbacks +ssh_scp_accept_request +ssh_scp_close +ssh_scp_deny_request +ssh_scp_free +ssh_scp_init +ssh_scp_leave_directory +ssh_scp_new +ssh_scp_pull_request +ssh_scp_push_directory +ssh_scp_push_file +ssh_scp_push_file64 +ssh_scp_read +ssh_scp_request_get_filename +ssh_scp_request_get_permissions +ssh_scp_request_get_size +ssh_scp_request_get_size64 +ssh_scp_request_get_warning +ssh_scp_write +ssh_select +ssh_send_debug +ssh_send_ignore +ssh_send_keepalive +ssh_server_init_kex +ssh_service_request +ssh_session_export_known_hosts_entry +ssh_session_has_known_hosts_entry +ssh_session_is_known_server +ssh_session_update_known_hosts +ssh_set_agent_channel +ssh_set_agent_socket +ssh_set_auth_methods +ssh_set_blocking +ssh_set_callbacks +ssh_set_channel_callbacks +ssh_set_counters +ssh_set_fd_except +ssh_set_fd_toread +ssh_set_fd_towrite +ssh_set_log_callback +ssh_set_log_level +ssh_set_log_userdata +ssh_set_message_callback +ssh_set_pcap_file +ssh_set_server_callbacks +ssh_silent_disconnect +ssh_string_burn +ssh_string_copy +ssh_string_data +ssh_string_fill +ssh_string_free +ssh_string_free_char +ssh_string_from_char +ssh_string_get_char +ssh_string_len +ssh_string_new +ssh_string_to_char +ssh_threads_get_noop +ssh_threads_get_pthread +ssh_threads_set_callbacks +ssh_try_publickey_from_file +ssh_userauth_agent +ssh_userauth_agent_pubkey +ssh_userauth_autopubkey +ssh_userauth_gssapi +ssh_userauth_kbdint +ssh_userauth_kbdint_getanswer +ssh_userauth_kbdint_getinstruction +ssh_userauth_kbdint_getname +ssh_userauth_kbdint_getnanswers +ssh_userauth_kbdint_getnprompts +ssh_userauth_kbdint_getprompt +ssh_userauth_kbdint_setanswer +ssh_userauth_list +ssh_userauth_none +ssh_userauth_offer_pubkey +ssh_userauth_password +ssh_userauth_privatekey_file +ssh_userauth_pubkey +ssh_userauth_publickey +ssh_userauth_publickey_auto +ssh_userauth_try_publickey +ssh_version +ssh_write_knownhost +string_burn +string_copy +string_data +string_fill +string_free +string_from_char +string_len +string_new +string_to_char \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/config.c new/libssh-0.8.7/src/config.c --- old/libssh-0.8.6/src/config.c 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/src/config.c 2019-02-25 09:58:49.000000000 +0100 @@ -210,6 +210,7 @@ { "originalhost", MATCH_ORIGINALHOST }, { "user", MATCH_USER }, { "localuser", MATCH_LOCALUSER }, + { NULL, MATCH_UNKNOWN }, }; static int ssh_config_parse_line(ssh_session session, const char *line, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/connect.c new/libssh-0.8.7/src/connect.c --- old/libssh-0.8.6/src/connect.c 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/src/connect.c 2019-02-25 09:58:49.000000000 +0100 @@ -476,7 +476,7 @@ fd_set *readfds, struct timeval *timeout) { fd_set origfds; socket_t fd; - int i,j; + size_t i, j; int rc; int base_tm, tm; struct ssh_timestamp ts; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/connector.c new/libssh-0.8.7/src/connector.c --- old/libssh-0.8.6/src/connector.c 2018-12-07 14:33:25.000000000 +0100 +++ new/libssh-0.8.7/src/connector.c 2019-02-22 11:42:26.000000000 +0100 @@ -641,14 +641,12 @@ session = ssh_channel_get_session(connector->in_channel); ssh_event_remove_session(connector->event, session); - connector->in_channel = NULL; } if (connector->out_channel != NULL) { session = ssh_channel_get_session(connector->out_channel); ssh_event_remove_session(connector->event, session); - connector->out_channel = NULL; } connector->event = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/dh.c new/libssh-0.8.7/src/dh.c --- old/libssh-0.8.6/src/dh.c 2018-12-07 14:33:25.000000000 +0100 +++ new/libssh-0.8.7/src/dh.c 2019-02-25 09:58:49.000000000 +0100 @@ -1274,6 +1274,10 @@ ssh_key ssh_dh_get_current_server_publickey(ssh_session session) { + if (session->current_crypto == NULL) { + return NULL; + } + return session->current_crypto->server_pubkey; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/kex.c new/libssh-0.8.7/src/kex.c --- old/libssh-0.8.6/src/kex.c 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/src/kex.c 2019-02-25 09:58:49.000000000 +0100 @@ -38,6 +38,7 @@ #include "libssh/curve25519.h" #include "libssh/knownhosts.h" #include "libssh/misc.h" +#include "libssh/pki.h" #ifdef HAVE_LIBGCRYPT # define BLOWFISH "blowfish-cbc," @@ -420,6 +421,7 @@ int server_kex=session->server; ssh_string str = NULL; char *strings[KEX_METHODS_SIZE] = {0}; + char *rsa_sig_ext = NULL; int rc = SSH_ERROR; uint8_t first_kex_packet_follows = 0; @@ -526,13 +528,52 @@ ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX], KEX_EXTENSION_CLIENT); if (ok) { + const char *hostkeys = NULL; + + /* The client supports extension negotiation */ + session->extensions |= SSH_EXT_NEGOTIATION; + /* + * RFC 8332 Section 3.1: Use for Server Authentication + * Check what algorithms were provided in the SSH_HOSTKEYS list + * by the client and enable the respective extensions to provide + * correct signature in the next packet if RSA is negotiated + */ + hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS]; + ok = ssh_match_group(hostkeys, "rsa-sha2-512"); + if (ok) { + session->extensions |= SSH_EXT_SIG_RSA_SHA512; + } + ok = ssh_match_group(hostkeys, "rsa-sha2-256"); + if (ok) { + session->extensions |= SSH_EXT_SIG_RSA_SHA256; + } + /* - * Enable all the supported extensions and when the time comes - * (after NEWKEYS) send them to the client. + * Ensure that the client preference is honored for the case + * both signature types are enabled. */ + if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) && + (session->extensions & SSH_EXT_SIG_RSA_SHA512)) { + session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512); + rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256", + session->next_crypto->client_kex.methods[SSH_HOSTKEYS]); + if (rsa_sig_ext == NULL) { + goto error; /* should never happen */ + } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) { + session->extensions |= SSH_EXT_SIG_RSA_SHA512; + } else if (strcmp(rsa_sig_ext, "rsa-sha2-256") == 0) { + session->extensions |= SSH_EXT_SIG_RSA_SHA256; + } else { + SAFE_FREE(rsa_sig_ext); + goto error; /* should never happen */ + } + SAFE_FREE(rsa_sig_ext); + } + SSH_LOG(SSH_LOG_DEBUG, "The client supports extension " - "negotiation: enabling all extensions"); - session->extensions = SSH_EXT_ALL; + "negotiation. Enabled signature algorithms: %s%s", + session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "", + session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : ""); } /* @@ -603,6 +644,8 @@ "ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", + "rsa-sha2-512", + "rsa-sha2-256", "ssh-rsa", #ifdef HAVE_DSA "ssh-dss", @@ -628,29 +671,30 @@ for (i = 0; preferred_hostkeys[i] != NULL; ++i) { bool found = false; + /* This is a signature type: We list also the SHA2 extensions */ + enum ssh_keytypes_e base_preferred = + ssh_key_type_from_signature_name(preferred_hostkeys[i]); for (it = ssh_list_get_iterator(algo_list); it != NULL; it = it->next) { const char *algo = ssh_iterator_value(const char *, it); - int cmp; - int ok; - - cmp = strcmp(preferred_hostkeys[i], algo); - if (cmp == 0) { - ok = ssh_verify_existing_algo(SSH_HOSTKEYS, algo); - if (ok) { - if (needcomma) { - strncat(methods_buffer, - ",", - sizeof(methods_buffer) - strlen(methods_buffer) - 1); - } + /* This is always key type so we do not have to care for the + * SHA2 extension */ + enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo); + + if (base_preferred == base_algo) { + /* Matching the keys already verified it is a known type */ + if (needcomma) { strncat(methods_buffer, - algo, + ",", sizeof(methods_buffer) - strlen(methods_buffer) - 1); - needcomma = 1; - found = true; } + strncat(methods_buffer, + preferred_hostkeys[i], + sizeof(methods_buffer) - strlen(methods_buffer) - 1); + needcomma = 1; + found = true; } } /* Collect the rest of the algorithms in other buffer, that will @@ -712,10 +756,10 @@ memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **)); /* first check if we have specific host key methods */ - if(session->opts.wanted_methods[SSH_HOSTKEYS] == NULL){ + if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) { /* Only if no override */ session->opts.wanted_methods[SSH_HOSTKEYS] = - ssh_client_select_hostkeys(session); + ssh_client_select_hostkeys(session); } for (i = 0; i < KEX_METHODS_SIZE; i++) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/libcrypto.c new/libssh-0.8.7/src/libcrypto.c --- old/libssh-0.8.6/src/libcrypto.c 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/src/libcrypto.c 2019-02-25 09:58:49.000000000 +0100 @@ -427,9 +427,6 @@ case SSH_HMAC_SHA256: HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL); break; - case SSH_HMAC_SHA384: - HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL); - break; case SSH_HMAC_SHA512: HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/libgcrypt.c new/libssh-0.8.7/src/libgcrypt.c --- old/libssh-0.8.6/src/libgcrypt.c 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/src/libgcrypt.c 2019-02-25 09:58:49.000000000 +0100 @@ -282,9 +282,6 @@ case SSH_HMAC_SHA256: gcry_md_open(&c, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC); break; - case SSH_HMAC_SHA384: - gcry_md_open(&c, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC); - break; case SSH_HMAC_SHA512: gcry_md_open(&c, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/libmbedcrypto.c new/libssh-0.8.7/src/libmbedcrypto.c --- old/libssh-0.8.6/src/libmbedcrypto.c 2018-12-24 08:35:54.000000000 +0100 +++ new/libssh-0.8.7/src/libmbedcrypto.c 2019-02-25 09:58:49.000000000 +0100 @@ -462,9 +462,6 @@ case SSH_HMAC_SHA256: md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); break; - case SSH_HMAC_SHA384: - md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); - break; case SSH_HMAC_SHA512: md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/options.c new/libssh-0.8.7/src/options.c --- old/libssh-0.8.6/src/options.c 2018-12-24 08:35:55.000000000 +0100 +++ new/libssh-0.8.7/src/options.c 2019-02-25 09:58:49.000000000 +0100 @@ -302,37 +302,6 @@ * \n * See the corresponding numbers in libssh.h. * - * - SSH_OPTIONS_AUTH_CALLBACK: - * Set a callback to use your own authentication function - * (function pointer). - * - * - SSH_OPTIONS_AUTH_USERDATA: - * Set the user data passed to the authentication - * function (generic pointer). - * - * - SSH_OPTIONS_LOG_CALLBACK: - * Set a callback to use your own logging function - * (function pointer). - * - * - SSH_OPTIONS_LOG_USERDATA: - * Set the user data passed to the logging function - * (generic pointer). - * - * - SSH_OPTIONS_STATUS_CALLBACK: - * Set a callback to show connection status in realtime - * (function pointer).\n - * \n - * @code - * fn(void *arg, float status) - * @endcode - * \n - * During ssh_connect(), libssh will call the callback - * with status from 0.0 to 1.0. - * - * - SSH_OPTIONS_STATUS_ARG: - * Set the status argument which should be passed to the - * status callback (generic pointer). - * * - SSH_OPTIONS_CIPHERS_C_S: * Set the symmetric cipher client to server (const char *, * comma-separated list). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/packet_crypt.c new/libssh-0.8.7/src/packet_crypt.c --- old/libssh-0.8.6/src/packet_crypt.c 2018-12-24 08:35:55.000000000 +0100 +++ new/libssh-0.8.7/src/packet_crypt.c 2019-02-25 09:58:49.000000000 +0100 @@ -176,6 +176,17 @@ return session->current_crypto->hmacbuf; } +static int secure_memcmp(const void *s1, const void *s2, size_t n) +{ + int rc = 0; + const unsigned char *p1 = s1; + const unsigned char *p2 = s2; + for (; n > 0; --n) { + rc |= *p1++ ^ *p2++; + } + return (rc != 0); +} + /** * @internal * @@ -219,7 +230,7 @@ ssh_print_hexa("Computed mac",hmacbuf,len); ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t)); #endif - if (memcmp(mac, hmacbuf, len) == 0) { + if (secure_memcmp(mac, hmacbuf, len) == 0) { return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/pki_container_openssh.c new/libssh-0.8.7/src/pki_container_openssh.c --- old/libssh-0.8.6/src/pki_container_openssh.c 2018-12-24 08:35:55.000000000 +0100 +++ new/libssh-0.8.7/src/pki_container_openssh.c 2019-02-25 09:58:49.000000000 +0100 @@ -409,7 +409,7 @@ return SSH_ERROR; } if (privkey->ed25519_privkey == NULL || - privkey->ed25519_pubkey == NULL){ + privkey->ed25519_pubkey == NULL) { return SSH_ERROR; } rc = ssh_buffer_pack(buffer, @@ -442,7 +442,6 @@ char passphrase_buffer[128]; int rc; int i; - uint8_t padding = 1; int cmp; cmp = strcmp(ciphername, "none"); @@ -469,14 +468,6 @@ SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); return SSH_ERROR; } - while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) { - rc = ssh_buffer_add_u8(privkey_buffer, padding); - if (rc < 0) { - return SSH_ERROR; - } - padding++; - } - /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)){ @@ -553,6 +544,7 @@ int to_encrypt=0; unsigned char *b64; uint32_t str_len, len; + uint8_t padding = 1; int ok; int rc; @@ -603,6 +595,18 @@ goto error; } + /* Add padding regardless encryption because it is expected + * by OpenSSH tools. + * XXX Using 16 B as we use only AES cipher below anyway. + */ + while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) { + rc = ssh_buffer_add_u8(privkey_buffer, padding); + if (rc < 0) { + goto error; + } + padding++; + } + if (to_encrypt){ ssh_buffer kdf_buf; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/pki_crypto.c new/libssh-0.8.7/src/pki_crypto.c --- old/libssh-0.8.6/src/pki_crypto.c 2018-12-24 08:35:55.000000000 +0100 +++ new/libssh-0.8.7/src/pki_crypto.c 2019-02-25 09:58:49.000000000 +0100 @@ -1657,6 +1657,7 @@ s = ssh_string_new(20); if (s == NULL) { + bignum_safe_free(pr); ssh_signature_free(sig); return NULL; } @@ -1665,6 +1666,7 @@ ps = ssh_make_string_bn(s); ssh_string_free(s); if (ps == NULL) { + bignum_safe_free(pr); ssh_signature_free(sig); return NULL; } @@ -1673,6 +1675,8 @@ * object */ rc = DSA_SIG_set0(sig->dsa_sig, pr, ps); if (rc == 0) { + bignum_safe_free(ps); + bignum_safe_free(pr); ssh_signature_free(sig); return NULL; } @@ -1681,6 +1685,9 @@ case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig); + if (sig == NULL) { + return NULL; + } sig->type_c = ssh_key_signature_to_char(type, hash_type); break; case SSH_KEYTYPE_ECDSA: @@ -1734,6 +1741,7 @@ rlen = ssh_buffer_get_len(b); ssh_buffer_free(b); if (s == NULL) { + bignum_safe_free(pr); ssh_signature_free(sig); return NULL; } @@ -1746,6 +1754,7 @@ ssh_string_burn(s); ssh_string_free(s); if (ps == NULL) { + bignum_safe_free(pr); ssh_signature_free(sig); return NULL; } @@ -1754,6 +1763,8 @@ * ECDSA signature object */ rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps); if (rc == 0) { + bignum_safe_free(ps); + bignum_safe_free(pr); ssh_signature_free(sig); return NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/pki_gcrypt.c new/libssh-0.8.7/src/pki_gcrypt.c --- old/libssh-0.8.6/src/pki_gcrypt.c 2018-12-07 15:21:24.000000000 +0100 +++ new/libssh-0.8.7/src/pki_gcrypt.c 2019-02-22 11:42:26.000000000 +0100 @@ -28,6 +28,7 @@ #ifdef HAVE_LIBGCRYPT #include <assert.h> +#include <stdbool.h> #include <string.h> #include <stdlib.h> #include <gcrypt.h> @@ -389,7 +390,7 @@ while(p[len] == '\n' || p[len] == '\r') /* skip empty lines */ \ len++; \ if(p[len] == '\0') /* EOL */ \ - len = -1; \ + eol = true; \ else /* calculate length */ \ for(p += len, len = 0; p[len] && p[len] != '\n' \ && p[len] != '\r'; len++); \ @@ -409,7 +410,8 @@ unsigned int iv_len = 0; int algo = 0; int mode = 0; - int len; + bool eol = false; + size_t len; buffer = ssh_buffer_new(); if (buffer == NULL) { @@ -441,25 +443,38 @@ len = 0; get_next_line(p, len); - while(len > 0 && strncmp(p, header_begin, header_begin_size)) { + while(!eol && strncmp(p, header_begin, header_begin_size)) { /* skip line */ get_next_line(p, len); } - if(len < 0) { - /* no header found */ + if (eol) { + ssh_buffer_free(buffer); return NULL; } + /* skip header line */ get_next_line(p, len); + if (eol) { + ssh_buffer_free(buffer); + return NULL; + } if (len > 11 && strncmp("Proc-Type: 4,ENCRYPTED", p, 11) == 0) { /* skip line */ get_next_line(p, len); + if (eol) { + ssh_buffer_free(buffer); + return NULL; + } if (len > 10 && strncmp("DEK-Info: ", p, 10) == 0) { p += 10; len = 0; get_next_line(p, len); + if (eol) { + ssh_buffer_free(buffer); + return NULL; + } if (privatekey_dek_header(p, len, &algo, &mode, &key_len, &iv, &iv_len) < 0) { ssh_buffer_free(buffer); @@ -482,7 +497,7 @@ } get_next_line(p, len); - while(len > 0 && strncmp(p, header_end, header_end_size) != 0) { + while(!eol && strncmp(p, header_end, header_end_size) != 0) { if (ssh_buffer_add_data(buffer, p, len) < 0) { ssh_buffer_free(buffer); SAFE_FREE(iv); @@ -491,7 +506,7 @@ get_next_line(p, len); } - if (len == -1 || strncmp(p, header_end, header_end_size) != 0) { + if (eol || strncmp(p, header_end, header_end_size) != 0) { ssh_buffer_free(buffer); SAFE_FREE(iv); return NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/pki_mbedcrypto.c new/libssh-0.8.7/src/pki_mbedcrypto.c --- old/libssh-0.8.6/src/pki_mbedcrypto.c 2018-12-07 15:21:24.000000000 +0100 +++ new/libssh-0.8.7/src/pki_mbedcrypto.c 2019-02-07 14:22:23.000000000 +0100 @@ -917,6 +917,9 @@ switch(type) { case SSH_KEYTYPE_RSA: sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig); + if (sig == NULL) { + return NULL; + } sig->type_c = ssh_key_signature_to_char(type, hash_type); break; case SSH_KEYTYPE_ECDSA: { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/server.c new/libssh-0.8.7/src/server.c --- old/libssh-0.8.6/src/server.c 2018-12-07 14:33:25.000000000 +0100 +++ new/libssh-0.8.7/src/server.c 2019-02-25 09:58:49.000000000 +0100 @@ -453,6 +453,7 @@ /* from now, the packet layer is handling incoming packets */ session->socket_callbacks.data=ssh_packet_socket_callback; + ssh_packet_register_socket_callback(session, session->socket); ssh_packet_set_default_callbacks(session); set_status(session, 0.5f); @@ -523,7 +524,7 @@ * our supported extensions now. This is the first message after * sending NEWKEYS message and after turning on crypto. */ - if (session->extensions && + if (session->extensions & SSH_EXT_NEGOTIATION && session->session_state != SSH_SESSION_STATE_AUTHENTICATED) { ssh_server_send_extensions(session); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/src/wrapper.c new/libssh-0.8.7/src/wrapper.c --- old/libssh-0.8.6/src/wrapper.c 2018-12-24 08:35:55.000000000 +0100 +++ new/libssh-0.8.7/src/wrapper.c 2019-02-25 09:58:49.000000000 +0100 @@ -52,7 +52,6 @@ static struct ssh_hmac_struct ssh_hmac_tab[] = { { "hmac-sha1", SSH_HMAC_SHA1 }, { "hmac-sha2-256", SSH_HMAC_SHA256 }, - { "hmac-sha2-384", SSH_HMAC_SHA384 }, { "hmac-sha2-512", SSH_HMAC_SHA512 }, { "hmac-md5", SSH_HMAC_MD5 }, { "aead-poly1305", SSH_HMAC_AEAD_POLY1305 }, @@ -69,8 +68,6 @@ return SHA_DIGEST_LEN; case SSH_HMAC_SHA256: return SHA256_DIGEST_LEN; - case SSH_HMAC_SHA384: - return SHA384_DIGEST_LEN; case SSH_HMAC_SHA512: return SHA512_DIGEST_LEN; case SSH_HMAC_MD5: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/tests/pkd/pkd_client.h new/libssh-0.8.7/tests/pkd/pkd_client.h --- old/libssh-0.8.6/tests/pkd/pkd_client.h 2018-12-07 14:33:25.000000000 +0100 +++ new/libssh-0.8.7/tests/pkd/pkd_client.h 2019-02-25 09:58:49.000000000 +0100 @@ -46,12 +46,12 @@ OPENSSH_PKACCEPTED_ECDSA \ OPENSSH_PKACCEPTED_DSA -#define OPENSSH_CMD_START \ +#define OPENSSH_CMD_START(hostkey_algos) \ OPENSSH_BINARY " " \ "-o UserKnownHostsFile=/dev/null " \ "-o StrictHostKeyChecking=no " \ "-F /dev/null " \ - OPENSSH_HOSTKEY_ALGOS " " \ + hostkey_algos " " \ OPENSSH_PKACCEPTED_TYPES " " \ "-i " CLIENT_ID_FILE " " \ "1> %s.out " \ @@ -61,16 +61,19 @@ #define OPENSSH_CMD_END "-p 1234 localhost ls" #define OPENSSH_CMD \ - OPENSSH_CMD_START OPENSSH_CMD_END + OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) OPENSSH_CMD_END #define OPENSSH_KEX_CMD(kexalgo) \ - OPENSSH_CMD_START "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END + OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END #define OPENSSH_CIPHER_CMD(ciphers) \ - OPENSSH_CMD_START "-c " ciphers " " OPENSSH_CMD_END + OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-c " ciphers " " OPENSSH_CMD_END #define OPENSSH_MAC_CMD(macs) \ - OPENSSH_CMD_START "-o MACs=" macs " " OPENSSH_CMD_END + OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o MACs=" macs " " OPENSSH_CMD_END + +#define OPENSSH_HOSTKEY_CMD(hostkeyalgo) \ + OPENSSH_CMD_START("-o HostKeyAlgorithms=" hostkeyalgo " ") OPENSSH_CMD_END /* Dropbear */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/tests/pkd/pkd_hello.c new/libssh-0.8.7/tests/pkd/pkd_hello.c --- old/libssh-0.8.6/tests/pkd/pkd_hello.c 2018-12-24 08:36:05.000000000 +0100 +++ new/libssh-0.8.7/tests/pkd/pkd_hello.c 2019-02-25 09:58:49.000000000 +0100 @@ -478,6 +478,12 @@ f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown) #endif +#define PKDTESTS_HOSTKEY_OPENSSHONLY(f, client, hkcmd) \ + f(client, rsa_sha2_256, hkcmd("rsa-sha2-256"), setup_rsa, teardown) \ + f(client, rsa_sha2_512, hkcmd("rsa-sha2-512"), setup_rsa, teardown) \ + f(client, rsa_sha2_256_512, hkcmd("rsa-sha2-256,rsa-sha2-512"), setup_rsa, teardown) \ + f(client, rsa_sha2_512_256, hkcmd("rsa-sha2-512,rsa-sha2-256"), setup_rsa, teardown) + static void torture_pkd_client_noop(void **state) { struct pkd_state *pstate = (struct pkd_state *) (*state); (void) pstate; @@ -545,6 +551,7 @@ PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD) PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD) +PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD) #undef CLIENT_ID_FILE #define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY @@ -621,6 +628,7 @@ PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD) PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD) + PKDTESTS_HOSTKEY_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_HOSTKEY_CMD) PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD) PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libssh-0.8.6/tests/unittests/torture_knownhosts_parsing.c new/libssh-0.8.7/tests/unittests/torture_knownhosts_parsing.c --- old/libssh-0.8.6/tests/unittests/torture_knownhosts_parsing.c 2018-12-24 08:36:06.000000000 +0100 +++ new/libssh-0.8.7/tests/unittests/torture_knownhosts_parsing.c 2019-02-25 09:58:49.000000000 +0100 @@ -310,8 +310,9 @@ const char *knownhosts_file = *state; char *algo_list = NULL; ssh_session session; - const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521," - "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256" + const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa," + "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," + "ecdsa-sha2-nistp256" #ifdef HAVE_DSA ",ssh-dss" #endif @@ -339,8 +340,9 @@ const char *knownhosts_file = *state; char *algo_list = NULL; ssh_session session; - const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521," - "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256" + const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa," + "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384," + "ecdsa-sha2-nistp256" #ifdef HAVE_DSA ",ssh-dss" #endif
