[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Status|RESOLVED|CLOSED

--- Comment #19 from Damien Miller  ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Darren Tucker  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #18 from Darren Tucker  ---
The #ifdef maze in myproposal.h was becoming increasingly problematic,
so we finally moved the filtering to runtime and deleted all the
ifdefs:

https://github.com/openssh/openssh-portable/commit/c4b3a128954ee1b7fbcbda167baf8aca1a3d1c84

which should prevent this class of bug in future.

We also added a regression test that has ssh parse its default config
to ensure that it's usable
(https://github.com/openssh/openssh-portable/blob/master/regress/sshcfgparse.sh)
and enabled the internal SHA2 functions for these MACs in the
--without-openssl case so the advertised ones do indeed work:

$ ./configure --without-openssl && make && ./ssh -F/dev/null -G
localhost | grep "macs "
[...]
macs
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

$ nm ssh | grep -i sha512
0004db40 T crypto_hash_sha512
00067740 T SHA512Final
000663c0 T SHA512Init
00097300 r sha512_initial_hash_value
00067550 T SHA512Pad
00066430 T SHA512Transform
00067300 T SHA512Update

$ for i in `./ssh -F/dev/null -G localhost | awk '/macs /{print $2}' |
tr , ' '`; do echo $i; ./ssh -omacs=$i localhost true; done
umac-64-...@openssh.com
umac-128-...@openssh.com
hmac-sha2-256-...@openssh.com
hmac-sha2-512-...@openssh.com
hmac-sha1-...@openssh.com
umac...@openssh.com
umac-...@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1

Thanks for the report.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2988|


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2988
[Bug 2988] Tracking bug for 8.1 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

--- Comment #17 from Damien Miller  ---
Retarget these bugs to 8.2 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2915|

--- Comment #16 from Damien Miller  ---
Retarget outstanding bugs at next release


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2915
[Bug 2915] Tracking bug for 8.0 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2988


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2988
[Bug 2988] Tracking bug for 8.1 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2893|

--- Comment #15 from Damien Miller  ---
Retarget unfinished bugs to OpenSSH 8.0


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2893
[Bug 2893] Tracking bug for 7.9 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

--- Comment #14 from Damien Miller  ---
Retarget unfinished bugs to OpenSSH 8.0

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2915

--- Comment #13 from Damien Miller  ---
Retarget unfinished bugs to OpenSSH 8.0


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2915
[Bug 2915] Tracking bug for 8.0 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2852|


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

--- Comment #12 from Damien Miller  ---
Retarget remaining bugs planned for 7.8 release to 7.9

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2893

--- Comment #11 from Damien Miller  ---
Retarget remaining bugs planned for 7.8 release to 7.9


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2893
[Bug 2893] Tracking bug for 7.9 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2782|

--- Comment #10 from Damien Miller  ---
Move to OpenSSH 7.8 tracking bug


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2852


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2698|


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2698
[Bug 2698] Tracking bug for OpenSSH 7.6 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2782


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2647|


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

--- Comment #9 from Damien Miller  ---
remove 7.5 target

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2698

--- Comment #8 from Damien Miller  ---
Move incomplete bugs to openssh-7.6 target since 7.5 shipped a while
back.

To calibrate expectations, there's little chance all of these are going
to make 7.6.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2698
[Bug 2698] Tracking bug for OpenSSH 7.6 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2594|


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2594
[Bug 2594] Tracking bug for OpenSSH 7.4 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks||2647

--- Comment #7 from Damien Miller  ---
OpenSSH 7.4 release is closing; punt the bugs to 7.5


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

--- Comment #3 from Damien Miller  ---
retarget unfinished bugs to next release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

Damien Miller  changed:

   What|Removed |Added

 Blocks|2543|


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2543
[Bug 2543] Tracking bug for OpenSSH 7.3 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2588] When no MAC is specified in config the server offers non-existing hmac-sha2* without openssl

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2588

--- Comment #6 from Damien Miller  ---
retarget unfinished bugs to next release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs