Bump version to 0.8.7

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

.gitlab-ci.yml

@@ -357,5 +357,5 @@ mingw32:
     paths:
       - obj/
 
-Debian.cross.mips-linux-gnu:
+.Debian.cross.mips-linux-gnu:
   <<: *Debian_cross_template

CMakeLists.txt

@@ -10,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.8.6 LANGUAGES C)
+project(libssh VERSION 0.8.7 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.7.3")
+set(LIBRARY_VERSION "4.7.4")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked

ChangeLog

@@ -1,6 +1,12 @@
 ChangeLog
 ==========
 
+version 0.8.7 (released 2019-02-25)
+  * Fixed handling extension flags in the server implementation
+  * Fixed exporting ed25519 private keys
+  * Fixed corner cases for rsa-sha2 signatures
+  * Fixed some issues with connector
+
 version 0.8.6 (released 2018-12-24)
   * Fixed compilation issues with different OpenSSL versions
   * Fixed StrictHostKeyChecking in new knownhosts API

doc/mainpage.dox

@@ -23,7 +23,7 @@ The libssh library provides:
  - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256,ssh-dss
  - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none
  - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
- - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-384, hmac-sha2-512, hmac-md5, none
+ - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5, none
  - <strong>Authentication</strong>: none, password, public-key, keyboard-interactive, <i>gssapi-with-mic</i>
  - <strong>Channels</strong>: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, <i>auth-agent-req@openssh.com</i>
  - <strong>Global Requests</strong>: tcpip-forward, forwarded-tcpip

include/libssh/libssh.h

@@ -79,7 +79,7 @@
 /* libssh version */
 #define LIBSSH_VERSION_MAJOR  0
 #define LIBSSH_VERSION_MINOR  8
-#define LIBSSH_VERSION_MICRO  6
+#define LIBSSH_VERSION_MICRO  7
 
 #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
                                            LIBSSH_VERSION_MINOR, \

include/libssh/session.h

@@ -87,10 +87,11 @@ enum ssh_pending_call_e {
 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
 
 /* extensions flags */
+/* negotiation enabled */
+#define SSH_EXT_NEGOTIATION     0x01
 /* server-sig-algs extension */
-#define SSH_EXT_SIG_RSA_SHA256  0x01
-#define SSH_EXT_SIG_RSA_SHA512  0x02
-#define SSH_EXT_ALL             SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512
+#define SSH_EXT_SIG_RSA_SHA256  0x02
+#define SSH_EXT_SIG_RSA_SHA512  0x04
 
 /* members that are common to ssh_session and ssh_bind */
 struct ssh_common_struct {

include/libssh/wrapper.h

@@ -44,7 +44,6 @@ enum ssh_mac_e {
 enum ssh_hmac_e {
   SSH_HMAC_SHA1 = 1,
   SSH_HMAC_SHA256,
-  SSH_HMAC_SHA384,
   SSH_HMAC_SHA512,
   SSH_HMAC_MD5,
   SSH_HMAC_AEAD_POLY1305

src/ABI/current

@@ -1 +1 @@
-4.7.3
+4.7.4

src/ABI/libssh-4.7.4.symbols

@@ -0,0 +1,415 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_try_publickey
+ssh_version
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char

src/config.c

@@ -210,6 +210,7 @@ static struct ssh_config_match_keyword_table_s ssh_config_match_keyword_table[]
     { "originalhost", MATCH_ORIGINALHOST },
     { "user", MATCH_USER },
     { "localuser", MATCH_LOCALUSER },
+    { NULL, MATCH_UNKNOWN },
 };
 
 static int ssh_config_parse_line(ssh_session session, const char *line,

src/connect.c

@@ -476,7 +476,7 @@ int ssh_select(ssh_channel *channels, ssh_channel *outchannels, socket_t maxfd,
     fd_set *readfds, struct timeval *timeout) {
   fd_set origfds;
   socket_t fd;
-  int i,j;
+  size_t i, j;
   int rc;
   int base_tm, tm;
   struct ssh_timestamp ts;

src/connector.c

@@ -641,14 +641,12 @@ int ssh_connector_remove_event(ssh_connector connector) {
         session = ssh_channel_get_session(connector->in_channel);
 
         ssh_event_remove_session(connector->event, session);
-        connector->in_channel = NULL;
     }
 
     if (connector->out_channel != NULL) {
         session = ssh_channel_get_session(connector->out_channel);
 
         ssh_event_remove_session(connector->event, session);
-        connector->out_channel = NULL;
     }
     connector->event = NULL;
 

src/dh.c

@@ -1274,6 +1274,10 @@ int ssh_get_server_publickey(ssh_session session, ssh_key *key)
 
 ssh_key ssh_dh_get_current_server_publickey(ssh_session session)
 {
+    if (session->current_crypto == NULL) {
+        return NULL;
+    }
+
     return session->current_crypto->server_pubkey;
 }
 

src/kex.c

@@ -38,6 +38,7 @@
 #include "libssh/curve25519.h"
 #include "libssh/knownhosts.h"
 #include "libssh/misc.h"
+#include "libssh/pki.h"
 
 #ifdef HAVE_LIBGCRYPT
 # define BLOWFISH "blowfish-cbc,"
@@ -420,6 +421,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
     int server_kex=session->server;
     ssh_string str = NULL;
     char *strings[KEX_METHODS_SIZE] = {0};
+    char *rsa_sig_ext = NULL;
     int rc = SSH_ERROR;
 
     uint8_t first_kex_packet_follows = 0;
@@ -526,13 +528,52 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
         ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
                              KEX_EXTENSION_CLIENT);
         if (ok) {
+            const char *hostkeys = NULL;
+
+            /* The client supports extension negotiation */
+            session->extensions |= SSH_EXT_NEGOTIATION;
             /*
-             * Enable all the supported extensions and when the time comes
-             * (after NEWKEYS) send them to the client.
+             * RFC 8332 Section 3.1: Use for Server Authentication
+             * Check what algorithms were provided in the SSH_HOSTKEYS list
+             * by the client and enable the respective extensions to provide
+             * correct signature in the next packet if RSA is negotiated
              */
+            hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS];
+            ok = ssh_match_group(hostkeys, "rsa-sha2-512");
+            if (ok) {
+                session->extensions |= SSH_EXT_SIG_RSA_SHA512;
+            }
+            ok = ssh_match_group(hostkeys, "rsa-sha2-256");
+            if (ok) {
+                session->extensions |= SSH_EXT_SIG_RSA_SHA256;
+            }
+
+            /*
+             * Ensure that the client preference is honored for the case
+             * both signature types are enabled.
+             */
+            if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) &&
+                (session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
+                session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512);
+                rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256",
+                                                session->next_crypto->client_kex.methods[SSH_HOSTKEYS]);
+                if (rsa_sig_ext == NULL) {
+                    goto error; /* should never happen */
+                } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) {
+                    session->extensions |= SSH_EXT_SIG_RSA_SHA512;
+                } else if (strcmp(rsa_sig_ext, "rsa-sha2-256") == 0) {
+                    session->extensions |= SSH_EXT_SIG_RSA_SHA256;
+                } else {
+                    SAFE_FREE(rsa_sig_ext);
+                    goto error; /* should never happen */
+                }
+                SAFE_FREE(rsa_sig_ext);
+            }
+
             SSH_LOG(SSH_LOG_DEBUG, "The client supports extension "
-                    "negotiation: enabling all extensions");
-            session->extensions = SSH_EXT_ALL;
+                    "negotiation. Enabled signature algorithms: %s%s",
+                    session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "",
+                    session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : "");
         }
 
         /*
@@ -603,6 +644,8 @@ char *ssh_client_select_hostkeys(ssh_session session)
         "ecdsa-sha2-nistp521",
         "ecdsa-sha2-nistp384",
         "ecdsa-sha2-nistp256",
+        "rsa-sha2-512",
+        "rsa-sha2-256",
         "ssh-rsa",
 #ifdef HAVE_DSA
         "ssh-dss",
@@ -628,29 +671,30 @@ char *ssh_client_select_hostkeys(ssh_session session)
 
     for (i = 0; preferred_hostkeys[i] != NULL; ++i) {
         bool found = false;
+        /* This is a signature type: We list also the SHA2 extensions */
+        enum ssh_keytypes_e base_preferred =
+            ssh_key_type_from_signature_name(preferred_hostkeys[i]);
 
         for (it = ssh_list_get_iterator(algo_list);
              it != NULL;
              it = it->next) {
             const char *algo = ssh_iterator_value(const char *, it);
-            int cmp;
-            int ok;
+            /* This is always key type so we do not have to care for the
+             * SHA2 extension */
+            enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo);
 
-            cmp = strcmp(preferred_hostkeys[i], algo);
-            if (cmp == 0) {
-                ok = ssh_verify_existing_algo(SSH_HOSTKEYS, algo);
-                if (ok) {
-                    if (needcomma) {
-                        strncat(methods_buffer,
-                                ",",
-                                sizeof(methods_buffer) - strlen(methods_buffer) - 1);
-                    }
+            if (base_preferred == base_algo) {
+                /* Matching the keys already verified it is a known type */
+                if (needcomma) {
                     strncat(methods_buffer,
-                            algo,
+                            ",",
                             sizeof(methods_buffer) - strlen(methods_buffer) - 1);
-                    needcomma = 1;
-                    found = true;
                 }
+                strncat(methods_buffer,
+                        preferred_hostkeys[i],
+                        sizeof(methods_buffer) - strlen(methods_buffer) - 1);
+                needcomma = 1;
+                found = true;
             }
         }
         /* Collect the rest of the algorithms in other buffer, that will
@@ -712,10 +756,10 @@ int ssh_set_client_kex(ssh_session session)
 
     memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **));
     /* first check if we have specific host key methods */
-    if(session->opts.wanted_methods[SSH_HOSTKEYS] == NULL){
+    if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) {
     	/* Only if no override */
     	session->opts.wanted_methods[SSH_HOSTKEYS] =
-    			ssh_client_select_hostkeys(session);
+            ssh_client_select_hostkeys(session);
     }
 
     for (i = 0; i < KEX_METHODS_SIZE; i++) {

src/libcrypto.c

@@ -427,9 +427,6 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
     case SSH_HMAC_SHA256:
       HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
       break;
-    case SSH_HMAC_SHA384:
-      HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
-      break;
     case SSH_HMAC_SHA512:
       HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
       break;

src/libgcrypt.c

@@ -282,9 +282,6 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
     case SSH_HMAC_SHA256:
       gcry_md_open(&c, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
       break;
-    case SSH_HMAC_SHA384:
-      gcry_md_open(&c, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
-      break;
     case SSH_HMAC_SHA512:
       gcry_md_open(&c, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
       break;

src/libmbedcrypto.c

@@ -462,9 +462,6 @@ HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type)
         case SSH_HMAC_SHA256:
             md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
             break;
-        case SSH_HMAC_SHA384:
-            md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
-            break;
         case SSH_HMAC_SHA512:
             md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
             break;

src/options.c

@@ -302,37 +302,6 @@ int ssh_options_set_algo(ssh_session session,
  *                \n
  *                See the corresponding numbers in libssh.h.
  *
- *              - SSH_OPTIONS_AUTH_CALLBACK:
- *                Set a callback to use your own authentication function
- *                (function pointer).
- *
- *              - SSH_OPTIONS_AUTH_USERDATA:
- *                Set the user data passed to the authentication
- *                function (generic pointer).
- *
- *              - SSH_OPTIONS_LOG_CALLBACK:
- *                Set a callback to use your own logging function
- *                (function pointer).
- *
- *              - SSH_OPTIONS_LOG_USERDATA:
- *                Set the user data passed to the logging function
- *                (generic pointer).
- *
- *              - SSH_OPTIONS_STATUS_CALLBACK:
- *                Set a callback to show connection status in realtime
- *                (function pointer).\n
- *                \n
- *                @code
- *                fn(void *arg, float status)
- *                @endcode
- *                \n
- *                During ssh_connect(), libssh will call the callback
- *                with status from 0.0 to 1.0.
- *
- *              - SSH_OPTIONS_STATUS_ARG:
- *                Set the status argument which should be passed to the
- *                status callback (generic pointer).
- *
  *              - SSH_OPTIONS_CIPHERS_C_S:
  *                Set the symmetric cipher client to server (const char *,
  *                comma-separated list).

src/packet_crypt.c

@@ -176,6 +176,17 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
   return session->current_crypto->hmacbuf;
 }
 
+static int secure_memcmp(const void *s1, const void *s2, size_t n)
+{
+    int rc = 0;
+    const unsigned char *p1 = s1;
+    const unsigned char *p2 = s2;
+    for (; n > 0; --n) {
+        rc |= *p1++ ^ *p2++;
+    }
+    return (rc != 0);
+}
+
 /**
  * @internal
  *
@@ -219,7 +230,7 @@ int ssh_packet_hmac_verify(ssh_session session,
   ssh_print_hexa("Computed mac",hmacbuf,len);
   ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
 #endif
-  if (memcmp(mac, hmacbuf, len) == 0) {
+  if (secure_memcmp(mac, hmacbuf, len) == 0) {
     return 0;
   }
 

src/pki_container_openssh.c

@@ -409,7 +409,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey,
         return SSH_ERROR;
     }
     if (privkey->ed25519_privkey == NULL ||
-            privkey->ed25519_pubkey == NULL){
+        privkey->ed25519_pubkey == NULL) {
         return SSH_ERROR;
     }
     rc = ssh_buffer_pack(buffer,
@@ -442,7 +442,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
     char passphrase_buffer[128];
     int rc;
     int i;
-    uint8_t padding = 1;
     int cmp;
 
     cmp = strcmp(ciphername, "none");
@@ -469,14 +468,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
         SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
         return SSH_ERROR;
     }
-    while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) {
-        rc = ssh_buffer_add_u8(privkey_buffer, padding);
-        if (rc < 0) {
-            return SSH_ERROR;
-        }
-        padding++;
-    }
-
     /* We need material for key (keysize bits / 8) and IV (blocksize)  */
     key_material_len =  cipher.keysize/8 + cipher.blocksize;
     if (key_material_len > sizeof(key_material)){
@@ -553,6 +544,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
     int to_encrypt=0;
     unsigned char *b64;
     uint32_t str_len, len;
+    uint8_t padding = 1;
     int ok;
     int rc;
 
@@ -603,6 +595,18 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
         goto error;
     }
 
+    /* Add padding regardless encryption because it is expected
+     * by OpenSSH tools.
+     * XXX Using 16 B as we use only AES cipher below anyway.
+     */
+    while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) {
+        rc = ssh_buffer_add_u8(privkey_buffer, padding);
+        if (rc < 0) {
+            goto error;
+        }
+        padding++;
+    }
+
     if (to_encrypt){
         ssh_buffer kdf_buf;
 

src/pki_crypto.c

@@ -1657,6 +1657,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
 
             s = ssh_string_new(20);
             if (s == NULL) {
+                bignum_safe_free(pr);
                 ssh_signature_free(sig);
                 return NULL;
             }
@@ -1665,6 +1666,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
             ps = ssh_make_string_bn(s);
             ssh_string_free(s);
             if (ps == NULL) {
+                bignum_safe_free(pr);
                 ssh_signature_free(sig);
                 return NULL;
             }
@@ -1673,6 +1675,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
              * object */
             rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);
             if (rc == 0) {
+                bignum_safe_free(ps);
+                bignum_safe_free(pr);
                 ssh_signature_free(sig);
                 return NULL;
             }
@@ -1681,6 +1685,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
             sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
+            if (sig == NULL) {
+                return NULL;
+            }
             sig->type_c = ssh_key_signature_to_char(type, hash_type);
             break;
         case SSH_KEYTYPE_ECDSA:
@@ -1734,6 +1741,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                 rlen = ssh_buffer_get_len(b);
                 ssh_buffer_free(b);
                 if (s == NULL) {
+                    bignum_safe_free(pr);
                     ssh_signature_free(sig);
                     return NULL;
                 }
@@ -1746,6 +1754,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                 ssh_string_burn(s);
                 ssh_string_free(s);
                 if (ps == NULL) {
+                    bignum_safe_free(pr);
                     ssh_signature_free(sig);
                     return NULL;
                 }
@@ -1754,6 +1763,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                  * ECDSA signature object */
                 rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);
                 if (rc == 0) {
+                    bignum_safe_free(ps);
+                    bignum_safe_free(pr);
                     ssh_signature_free(sig);
                     return NULL;
                 }

src/pki_gcrypt.c

@@ -28,6 +28,7 @@
 #ifdef HAVE_LIBGCRYPT
 
 #include <assert.h>
+#include <stdbool.h>
 #include <string.h>
 #include <stdlib.h>
 #include <gcrypt.h>
@@ -389,7 +390,7 @@ static int privatekey_dek_header(const char *header, unsigned int header_len,
         while(p[len] == '\n' || p[len] == '\r') /* skip empty lines */  \
             len++;                                                      \
         if(p[len] == '\0')    /* EOL */                                 \
-            len = -1;                                                   \
+            eol = true;                                                 \
         else                  /* calculate length */                    \
             for(p += len, len = 0; p[len] && p[len] != '\n'             \
                                           && p[len] != '\r'; len++);    \
@@ -409,7 +410,8 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
     unsigned int iv_len = 0;
     int algo = 0;
     int mode = 0;
-    int len;
+    bool eol = false;
+    size_t len;
 
     buffer = ssh_buffer_new();
     if (buffer == NULL) {
@@ -441,25 +443,38 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
     len = 0;
     get_next_line(p, len);
 
-    while(len > 0 && strncmp(p, header_begin, header_begin_size)) {
+    while(!eol && strncmp(p, header_begin, header_begin_size)) {
         /* skip line */
         get_next_line(p, len);
     }
-    if(len < 0) {
-        /* no header found */
+    if (eol) {
+        ssh_buffer_free(buffer);
         return NULL;
     }
+
     /* skip header line */
     get_next_line(p, len);
+    if (eol) {
+        ssh_buffer_free(buffer);
+        return NULL;
+    }
 
     if (len > 11 && strncmp("Proc-Type: 4,ENCRYPTED", p, 11) == 0) {
         /* skip line */
         get_next_line(p, len);
+        if (eol) {
+            ssh_buffer_free(buffer);
+            return NULL;
+        }
 
         if (len > 10 && strncmp("DEK-Info: ", p, 10) == 0) {
             p += 10;
             len = 0;
             get_next_line(p, len);
+            if (eol) {
+                ssh_buffer_free(buffer);
+                return NULL;
+            }
             if (privatekey_dek_header(p, len, &algo, &mode, &key_len,
                         &iv, &iv_len) < 0) {
                 ssh_buffer_free(buffer);
@@ -482,7 +497,7 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
     }
 
     get_next_line(p, len);
-    while(len > 0 && strncmp(p, header_end, header_end_size) != 0) {
+    while(!eol && strncmp(p, header_end, header_end_size) != 0) {
         if (ssh_buffer_add_data(buffer, p, len) < 0) {
             ssh_buffer_free(buffer);
             SAFE_FREE(iv);
@@ -491,7 +506,7 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
         get_next_line(p, len);
     }
 
-    if (len == -1 || strncmp(p, header_end, header_end_size) != 0) {
+    if (eol || strncmp(p, header_end, header_end_size) != 0) {
         ssh_buffer_free(buffer);
         SAFE_FREE(iv);
         return NULL;

src/pki_mbedcrypto.c

@@ -917,6 +917,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     switch(type) {
         case SSH_KEYTYPE_RSA:
             sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
+            if (sig == NULL) {
+                return NULL;
+            }
             sig->type_c = ssh_key_signature_to_char(type, hash_type);
             break;
         case SSH_KEYTYPE_ECDSA: {

src/server.c

@@ -453,6 +453,7 @@ static void ssh_server_connection_callback(ssh_session session){
 
             /* from now, the packet layer is handling incoming packets */
             session->socket_callbacks.data=ssh_packet_socket_callback;
+            ssh_packet_register_socket_callback(session, session->socket);
 
             ssh_packet_set_default_callbacks(session);
             set_status(session, 0.5f);
@@ -523,7 +524,7 @@ static void ssh_server_connection_callback(ssh_session session){
                  * our supported extensions now. This is the first message after
                  * sending NEWKEYS message and after turning on crypto.
                  */
-                if (session->extensions &&
+                if (session->extensions & SSH_EXT_NEGOTIATION &&
                     session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
                     ssh_server_send_extensions(session);
                 }

src/wrapper.c

@@ -52,7 +52,6 @@
 static struct ssh_hmac_struct ssh_hmac_tab[] = {
   { "hmac-sha1",     SSH_HMAC_SHA1 },
   { "hmac-sha2-256", SSH_HMAC_SHA256 },
-  { "hmac-sha2-384", SSH_HMAC_SHA384 },
   { "hmac-sha2-512", SSH_HMAC_SHA512 },
   { "hmac-md5",      SSH_HMAC_MD5 },
   { "aead-poly1305", SSH_HMAC_AEAD_POLY1305 },
@@ -69,8 +68,6 @@ size_t hmac_digest_len(enum ssh_hmac_e type) {
       return SHA_DIGEST_LEN;
     case SSH_HMAC_SHA256:
       return SHA256_DIGEST_LEN;
-    case SSH_HMAC_SHA384:
-      return SHA384_DIGEST_LEN;
     case SSH_HMAC_SHA512:
       return SHA512_DIGEST_LEN;
     case SSH_HMAC_MD5:

tests/pkd/pkd_client.h

@@ -46,12 +46,12 @@
   OPENSSH_PKACCEPTED_ECDSA      \
   OPENSSH_PKACCEPTED_DSA
 
-#define OPENSSH_CMD_START \
+#define OPENSSH_CMD_START(hostkey_algos) \
     OPENSSH_BINARY " "                  \
     "-o UserKnownHostsFile=/dev/null "  \
     "-o StrictHostKeyChecking=no "      \
     "-F /dev/null "                     \
-    OPENSSH_HOSTKEY_ALGOS " "           \
+    hostkey_algos " "                   \
     OPENSSH_PKACCEPTED_TYPES " "        \
     "-i " CLIENT_ID_FILE " "            \
     "1> %s.out "                        \
@@ -61,16 +61,19 @@
 #define OPENSSH_CMD_END "-p 1234 localhost ls"
 
 #define OPENSSH_CMD \
-    OPENSSH_CMD_START OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) OPENSSH_CMD_END
 
 #define OPENSSH_KEX_CMD(kexalgo) \
-    OPENSSH_CMD_START "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END
 
 #define OPENSSH_CIPHER_CMD(ciphers) \
-    OPENSSH_CMD_START "-c " ciphers " " OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-c " ciphers " " OPENSSH_CMD_END
 
 #define OPENSSH_MAC_CMD(macs) \
-    OPENSSH_CMD_START "-o MACs=" macs " " OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o MACs=" macs " " OPENSSH_CMD_END
+
+#define OPENSSH_HOSTKEY_CMD(hostkeyalgo) \
+    OPENSSH_CMD_START("-o HostKeyAlgorithms=" hostkeyalgo " ") OPENSSH_CMD_END
 
 
 /* Dropbear */

tests/pkd/pkd_hello.c

@@ -478,6 +478,12 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_521_hmac_sha2_512,  maccmd("hmac-sha2-512"),  setup_ecdsa_521,  teardown)
 #endif
 
+#define PKDTESTS_HOSTKEY_OPENSSHONLY(f, client, hkcmd) \
+    f(client, rsa_sha2_256,     hkcmd("rsa-sha2-256"),               setup_rsa,    teardown) \
+    f(client, rsa_sha2_512,     hkcmd("rsa-sha2-512"),               setup_rsa,    teardown) \
+    f(client, rsa_sha2_256_512, hkcmd("rsa-sha2-256,rsa-sha2-512"),  setup_rsa,    teardown) \
+    f(client, rsa_sha2_512_256, hkcmd("rsa-sha2-512,rsa-sha2-256"),  setup_rsa,    teardown)
+
 static void torture_pkd_client_noop(void **state) {
     struct pkd_state *pstate = (struct pkd_state *) (*state);
     (void) pstate;
@@ -545,6 +551,7 @@ PKDTESTS_CIPHER(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
 PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
 PKDTESTS_MAC(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
 PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
+PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD)
 #undef CLIENT_ID_FILE
 
 #define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY
@@ -621,6 +628,7 @@ struct {
     PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD)
     PKDTESTS_MAC(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
     PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
+    PKDTESTS_HOSTKEY_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_HOSTKEY_CMD)
 
     PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD)
     PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD)

tests/unittests/torture_knownhosts_parsing.c

@@ -310,8 +310,9 @@ torture_knownhosts_algorithms(void **state)
     const char *knownhosts_file = *state;
     char *algo_list = NULL;
     ssh_session session;
-    const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
-                         "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
+    const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,"
+                         "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
+                         "ecdsa-sha2-nistp256"
 #ifdef HAVE_DSA
                          ",ssh-dss"
 #endif
@@ -339,8 +340,9 @@ torture_knownhosts_algorithms_global(void **state)
     const char *knownhosts_file = *state;
     char *algo_list = NULL;
     ssh_session session;
-    const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
-                         "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
+    const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,"
+                         "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
+                         "ecdsa-sha2-nistp256"
 #ifdef HAVE_DSA
                          ",ssh-dss"
 #endif