Bump version to 0.9.4

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

.gitlab-ci.yml

@@ -456,9 +456,11 @@ tumbleweed/static-analysis:
       - obj/scan
 
 visualstudio/x86_64:
+  variables:
+    ErrorActionPreference: STOP
   script:
   - $env:VCPKG_DEFAULT_TRIPLET="x64-windows"
-  - cd obj
+  - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1}
   - cmake
       -A x64
       -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_TOOLCHAIN_FILE"
@@ -484,9 +486,11 @@ visualstudio/x86_64:
       - obj/
 
 visualstudio/x86:
+  variables:
+    ErrorActionPreference: STOP
   script:
   - $env:VCPKG_DEFAULT_TRIPLET="x86-windows"
-  - cd obj
+  - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1}
   - cmake
       -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_TOOLCHAIN_FILE"
       -DPICKY_DEVELOPER=ON

CMakeLists.txt

@@ -10,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.9.3 LANGUAGES C)
+project(libssh VERSION 0.9.4 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.8.4")
+set(LIBRARY_VERSION "4.8.5")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked

ChangeLog

@@ -1,6 +1,12 @@
 ChangeLog
 ==========
 
+version 0.9.4 (released 2020-04-09)
+  * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
+    AES-CTR keys with OpenSSL
+  * Added diffie-hellman-group14-sha256
+  * Fixed serveral possible memory leaks
+
 version 0.9.3 (released 2019-12-10)
   * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
   * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state

doc/CMakeLists.txt

@@ -15,6 +15,8 @@ if (DOXYGEN_FOUND)
     set(DOXYGEN_MARKDOWN_SUPPORT YES)
 
     set(DOXYGEN_PREDEFINED DOXYGEN
+                           WITH_SERVER
+                           WITH_SFTP
                            PRINTF_ATTRIBUTE(x,y))
 
     set(DOXYGEN_EXCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/that_style)

doc/linking.dox

@@ -28,6 +28,6 @@ the dllimport attribute.
 @endcode
 
 If you're are statically linking with OpenSSL, read the "Linking your
-application" section in the NOTES.<OS> in the OpenSSL source tree!
+application" section in the NOTES.[OS] in the OpenSSL source tree!
 
 */

include/libssh/crypto.h

@@ -80,6 +80,8 @@ enum ssh_key_exchange_e {
   SSH_KEX_DH_GROUP16_SHA512,
   /* diffie-hellman-group18-sha512 */
   SSH_KEX_DH_GROUP18_SHA512,
+  /* diffie-hellman-group14-sha256 */
+  SSH_KEX_DH_GROUP14_SHA256,
 };
 
 enum ssh_cipher_e {

include/libssh/keys.h

@@ -28,13 +28,13 @@
 struct ssh_public_key_struct {
     int type;
     const char *type_c; /* Don't free it ! it is static */
-#ifdef HAVE_LIBGCRYPT
+#if defined(HAVE_LIBGCRYPT)
     gcry_sexp_t dsa_pub;
     gcry_sexp_t rsa_pub;
-#elif HAVE_LIBCRYPTO
+#elif defined(HAVE_LIBCRYPTO)
     DSA *dsa_pub;
     RSA *rsa_pub;
-#elif HAVE_LIBMBEDCRYPTO
+#elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa_pub;
     void *dsa_pub;
 #endif
@@ -42,13 +42,13 @@ struct ssh_public_key_struct {
 
 struct ssh_private_key_struct {
     int type;
-#ifdef HAVE_LIBGCRYPT
+#if defined(HAVE_LIBGCRYPT)
     gcry_sexp_t dsa_priv;
     gcry_sexp_t rsa_priv;
-#elif defined HAVE_LIBCRYPTO
+#elif defined(HAVE_LIBCRYPTO)
     DSA *dsa_priv;
     RSA *rsa_priv;
-#elif HAVE_LIBMBEDCRYPTO
+#elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa_priv;
     void *dsa_priv;
 #endif

include/libssh/libssh.h

@@ -633,7 +633,13 @@ LIBSSH_API ssh_pcap_file ssh_pcap_file_new(void);
 LIBSSH_API int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename);
 
 /**
- * @brief SSH authentication callback.
+ * @addtogroup libssh_auth
+ *
+ * @{
+ */
+
+/**
+ * @brief SSH authentication callback for password and publickey auth.
  *
  * @param prompt        Prompt to be displayed.
  * @param buf           Buffer to save the password. You should null-terminate it.
@@ -648,6 +654,8 @@ LIBSSH_API int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename);
 typedef int (*ssh_auth_callback) (const char *prompt, char *buf, size_t len,
     int echo, int verify, void *userdata);
 
+/** @} */
+
 LIBSSH_API ssh_key ssh_key_new(void);
 #define SSH_KEY_FREE(x) \
     do { if ((x) != NULL) { ssh_key_free(x); x = NULL; } } while(0)

include/libssh/priv.h

@@ -405,20 +405,20 @@ void explicit_bzero(void *s, size_t n);
 # endif /* HAVE_FALLTHROUGH_ATTRIBUTE */
 #endif /* FALL_THROUGH */
 
-#ifndef __unused__
+#ifndef __attr_unused__
 # ifdef HAVE_UNUSED_ATTRIBUTE
-#  define __unused__ __attribute__((unused))
+#  define __attr_unused__ __attribute__((unused))
 # else /* HAVE_UNUSED_ATTRIBUTE */
-#  define __unused__
+#  define __attr_unused__
 # endif /* HAVE_UNUSED_ATTRIBUTE */
-#endif /* __unused__ */
+#endif /* __attr_unused__ */
 
 #ifndef UNUSED_PARAM
-#define UNUSED_PARAM(param) param __unused__
+#define UNUSED_PARAM(param) param __attr_unused__
 #endif /* UNUSED_PARAM */
 
 #ifndef UNUSED_VAR
-#define UNUSED_VAR(var) __unused__ var
+#define UNUSED_VAR(var) __attr_unused__ var
 #endif /* UNUSED_VAR */
 
 void ssh_agent_state_free(void *data);

src/ABI/current

@@ -1 +1 @@
-4.8.4
+4.8.5

src/ABI/libssh-4.8.5.symbols

@@ -0,0 +1,421 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_try_publickey
+ssh_version
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char

src/CMakeLists.txt

@@ -85,6 +85,13 @@ if (WITH_NACL AND NACL_FOUND)
   )
 endif (WITH_NACL AND NACL_FOUND)
 
+if (MINGW AND Threads_FOUND)
+  set(LIBSSH_LINK_LIBRARIES
+    ${LIBSSH_LINK_LIBRARIES}
+    Threads::Threads
+  )
+endif()
+
 if (BUILD_STATIC_LIB)
   set(LIBSSH_STATIC_LIBRARY
     ssh_static

src/auth.c

@@ -1116,7 +1116,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                         "Public key authentication error for %s",
                         privkey_file);
                 ssh_key_free(state->privkey);
+                state->privkey = NULL;
                 ssh_key_free(state->pubkey);
+                state->pubkey = NULL;
                 SAFE_FREE(session->auth.auto_state);
                 return rc;
             } else if (rc == SSH_AUTH_AGAIN) {
@@ -1182,6 +1184,9 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 return rc;
             }
 
+            ssh_key_free(state->privkey);
+            ssh_key_free(state->pubkey);
+
             SSH_LOG(SSH_LOG_WARN,
                     "The server accepted the public key but refused the signature");
             state->it = state->it->next;

src/channels.c

@@ -3119,6 +3119,11 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
     }
     len = ssh_buffer_get_len(stdbuf);
     if (len > 0) {
+        if (len > INT_MAX) {
+            rc = SSH_ERROR;
+        } else {
+            rc = (int)len;
+        }
         goto out;
     }
     if (channel->remote_eof) {

src/client.c

@@ -252,6 +252,7 @@ static int dh_handshake(ssh_session session) {
       switch(session->next_crypto->kex_type){
         case SSH_KEX_DH_GROUP1_SHA1:
         case SSH_KEX_DH_GROUP14_SHA1:
+        case SSH_KEX_DH_GROUP14_SHA256:
         case SSH_KEX_DH_GROUP16_SHA512:
         case SSH_KEX_DH_GROUP18_SHA512:
           rc = ssh_client_dh_init(session);

src/curve25519.c

@@ -179,8 +179,8 @@ static int ssh_curve25519_build_k(ssh_session session)
 #ifdef HAVE_OPENSSL_X25519
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL, *pubkey = NULL;
-    size_t shared_key_len;
-    int rc;
+    size_t shared_key_len = sizeof(k);
+    int rc, ret = SSH_ERROR;
 
     pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL,
                                         session->next_crypto->curve25519_privkey,
@@ -197,8 +197,7 @@ static int ssh_curve25519_build_k(ssh_session session)
         SSH_LOG(SSH_LOG_TRACE,
                 "Failed to initialize X25519 context: %s",
                 ERR_error_string(ERR_get_error(), NULL));
-        EVP_PKEY_free(pkey);
-        return SSH_ERROR;
+        goto out;
     }
 
     rc = EVP_PKEY_derive_init(pctx);
@@ -206,9 +205,7 @@ static int ssh_curve25519_build_k(ssh_session session)
         SSH_LOG(SSH_LOG_TRACE,
                 "Failed to initialize X25519 key derivation: %s",
                 ERR_error_string(ERR_get_error(), NULL));
-        EVP_PKEY_free(pkey);
-        EVP_PKEY_CTX_free(pctx);
-        return SSH_ERROR;
+        goto out;
     }
 
     if (session->server) {
@@ -224,9 +221,7 @@ static int ssh_curve25519_build_k(ssh_session session)
         SSH_LOG(SSH_LOG_TRACE,
                 "Failed to create X25519 public key EVP_PKEY: %s",
                 ERR_error_string(ERR_get_error(), NULL));
-        EVP_PKEY_free(pkey);
-        EVP_PKEY_CTX_free(pctx);
-        return SSH_ERROR;
+        goto out;
     }
 
     rc = EVP_PKEY_derive_set_peer(pctx, pubkey);
@@ -234,23 +229,23 @@ static int ssh_curve25519_build_k(ssh_session session)
         SSH_LOG(SSH_LOG_TRACE,
                 "Failed to set peer X25519 public key: %s",
                 ERR_error_string(ERR_get_error(), NULL));
-        EVP_PKEY_free(pkey);
-        EVP_PKEY_free(pubkey);
-        EVP_PKEY_CTX_free(pctx);
-        return SSH_ERROR;
+        goto out;
     }
 
-    rc = EVP_PKEY_derive(pctx,
-                         k,
-                         &shared_key_len);
+    rc = EVP_PKEY_derive(pctx, k, &shared_key_len);
     if (rc != 1) {
         SSH_LOG(SSH_LOG_TRACE,
                 "Failed to derive X25519 shared secret: %s",
                 ERR_error_string(ERR_get_error(), NULL));
-        EVP_PKEY_free(pkey);
-        EVP_PKEY_free(pubkey);
-        EVP_PKEY_CTX_free(pctx);
-        return SSH_ERROR;
+        goto out;
+    }
+    ret = SSH_OK;
+out:
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_free(pubkey);
+    EVP_PKEY_CTX_free(pctx);
+    if (ret == SSH_ERROR) {
+        return ret;
     }
 #else
     if (session->server) {

src/dh-gex.c

@@ -366,8 +366,13 @@ static bool dhgroup_better_size(uint32_t pmin,
  */
 static bool invn_chance(int n)
 {
-    uint32_t nounce;
-    ssh_get_random(&nounce, sizeof(nounce), 0);
+    uint32_t nounce = 0;
+    int ok;
+
+    ok = ssh_get_random(&nounce, sizeof(nounce), 0);
+    if (!ok) {
+        return false;
+    }
     return (nounce % n) == 0;
 }
 

src/dh.c

@@ -482,6 +482,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
     switch (crypto->kex_type){
     case SSH_KEX_DH_GROUP1_SHA1:
     case SSH_KEX_DH_GROUP14_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA256:
     case SSH_KEX_DH_GROUP16_SHA512:
     case SSH_KEX_DH_GROUP18_SHA512:
         packet_type = SSH2_MSG_KEXDH_REPLY;

src/dh_crypto.c

@@ -179,6 +179,7 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
         rc = ssh_dh_set_parameters(ctx, ssh_dh_group1, ssh_dh_generator);
         break;
     case SSH_KEX_DH_GROUP14_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA256:
         rc = ssh_dh_set_parameters(ctx, ssh_dh_group14, ssh_dh_generator);
         break;
     case SSH_KEX_DH_GROUP16_SHA512:

src/dh_key.c

@@ -247,6 +247,7 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
         rc = ssh_dh_set_parameters(ctx, ssh_dh_group1, ssh_dh_generator);
         break;
     case SSH_KEX_DH_GROUP14_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA256:
         rc = ssh_dh_set_parameters(ctx, ssh_dh_group14, ssh_dh_generator);
         break;
     case SSH_KEX_DH_GROUP16_SHA512:

src/init.c

@@ -106,7 +106,6 @@ _ret:
  *
  * This functions is automatically called when the library is loaded.
  *
- * @returns             0 on success, -1 if an error occured.
  */
 void libssh_constructor(void)
 {
@@ -188,8 +187,6 @@ _ret:
  *
  * This function is automatically called when the library is unloaded.
  *
- * @returns             SSH_OK on success, SSH_ERROR if an error occurred.
- *
  */
 void libssh_destructor(void)
 {

src/kex.c

@@ -154,6 +154,7 @@
     ECDH \
     "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
     GEX_SHA256 \
+    "diffie-hellman-group14-sha256," \
     "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
 #define KEY_EXCHANGE_SUPPORTED \
     GEX_SHA1 \
@@ -183,6 +184,7 @@
                          "ecdh-sha2-nistp384,"\
                          "ecdh-sha2-nistp521,"\
                          "diffie-hellman-group-exchange-sha256,"\
+                         "diffie-hellman-group14-sha256,"\
                          "diffie-hellman-group16-sha512,"\
                          "diffie-hellman-group18-sha512"
 
@@ -356,8 +358,8 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
             goto error;
         }
 
-        len = ssh_hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie);
-        if (len < 0) {
+        ok = ssh_hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie);
+        if (ok < 0) {
             ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
             goto error;
         }
@@ -368,8 +370,8 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
             goto error;
         }
 
-        len = ssh_hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie);
-        if (len < 0) {
+        ok = ssh_hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie);
+        if (ok < 0) {
             ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
             goto error;
         }
@@ -764,6 +766,8 @@ int ssh_kex_select_methods (ssh_session session){
       session->next_crypto->kex_type=SSH_KEX_DH_GROUP1_SHA1;
     } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha1") == 0){
       session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA1;
+    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha256") == 0){
+      session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA256;
     } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group16-sha512") == 0){
       session->next_crypto->kex_type=SSH_KEX_DH_GROUP16_SHA512;
     } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group18-sha512") == 0){
@@ -1026,6 +1030,7 @@ int ssh_make_sessionid(ssh_session session)
     switch(session->next_crypto->kex_type) {
     case SSH_KEX_DH_GROUP1_SHA1:
     case SSH_KEX_DH_GROUP14_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA256:
     case SSH_KEX_DH_GROUP16_SHA512:
     case SSH_KEX_DH_GROUP18_SHA512:
         rc = ssh_dh_keypair_get_keys(session->next_crypto->dh_ctx,
@@ -1137,6 +1142,7 @@ int ssh_make_sessionid(ssh_session session)
         sha1(ssh_buffer_get(buf), ssh_buffer_get_len(buf),
                                    session->next_crypto->secret_hash);
         break;
+    case SSH_KEX_DH_GROUP14_SHA256:
     case SSH_KEX_ECDH_SHA2_NISTP256:
     case SSH_KEX_CURVE25519_SHA256:
     case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:

src/legacy.c

@@ -353,7 +353,7 @@ void publickey_free(ssh_public_key key) {
     case SSH_KEYTYPE_DSS:
 #ifdef HAVE_LIBGCRYPT
       gcry_sexp_release(key->dsa_pub);
-#elif HAVE_LIBCRYPTO
+#elif defined HAVE_LIBCRYPTO
       DSA_free(key->dsa_pub);
 #endif
       break;

src/libcrypto.c

@@ -708,8 +708,12 @@ aes_ctr_encrypt(struct ssh_cipher_struct *cipher,
 }
 
 static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
-    explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
-    SAFE_FREE(cipher->aes_key);
+    if (cipher != NULL) {
+        if (cipher->aes_key != NULL) {
+            explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+        }
+        SAFE_FREE(cipher->aes_key);
+    }
 }
 
 #endif /* HAVE_OPENSSL_EVP_AES_CTR */

src/libgcrypt.c

@@ -328,6 +328,10 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
           return -1;
         }
         break;
+      default:
+        SSH_LOG(SSH_LOG_WARNING, "Unksupported key length %u.", cipher->keysize);
+        SAFE_FREE(cipher->key);
+        return -1;
     }
     if (gcry_cipher_setkey(cipher->key[0], key, cipher->keysize / 8)) {
       SAFE_FREE(cipher->key);

src/mbedcrypto_missing.c

@@ -104,6 +104,9 @@ int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom)
 
     if (top == 0) {
         rc = mbedtls_mpi_set_bit(rnd, bits - 1, 0);
+        if (rc != 0) {
+            return 0;
+        }
     }
 
     if (top == 1) {
@@ -149,7 +152,8 @@ int ssh_mbedcry_rand_range(bignum dest, bignum max)
         return 0;
     }
     rc = bignum_rand(rnd, bits);
-    if (rc != 1){
+    if (rc != 1) {
+        bignum_safe_free(rnd);
         return rc;
     }
     mbedtls_mpi_mod_mpi(dest, rnd, max);

src/messages.c

@@ -692,6 +692,9 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
     int rc;
 
     crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
+    if (crypto == NULL) {
+        return NULL;
+    }
 
     buffer = ssh_buffer_new();
     if (buffer == NULL) {

src/options.c

@@ -968,7 +968,6 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
         case SSH_OPTIONS_PUBKEY_AUTH:
         case SSH_OPTIONS_KBDINT_AUTH:
         case SSH_OPTIONS_GSSAPI_AUTH:
-            u = 0;
             if (value == NULL) {
                 ssh_set_error_invalid(session);
                 return -1;

src/packet_crypt.c

@@ -60,7 +60,7 @@ uint32_t ssh_packet_decrypt_len(ssh_session session,
     crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
     if (crypto != NULL) {
         if (crypto->in_cipher->aead_decrypt_length != NULL) {
-            crypto->in_cipher->aead_decrypt_length(
+            rc = crypto->in_cipher->aead_decrypt_length(
                     crypto->in_cipher, source, destination,
                     crypto->in_cipher->lenfield_blocksize,
                     session->recv_seq);
@@ -71,9 +71,9 @@ uint32_t ssh_packet_decrypt_len(ssh_session session,
                     source,
                     0,
                     crypto->in_cipher->blocksize);
-            if (rc < 0) {
-                return 0;
-            }
+        }
+        if (rc < 0) {
+            return 0;
         }
     } else {
         memcpy(destination, source, 8);

src/pki_crypto.c

@@ -94,7 +94,7 @@ static int pki_key_ecdsa_to_nid(EC_KEY *k)
 
 static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EC_KEY *k)
 {
-    static int nid;
+    int nid;
 
     nid = pki_key_ecdsa_to_nid(k);
 
@@ -1569,9 +1569,9 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
                                        ssh_signature sig)
 {
     uint32_t pad_len = 0;
-    char *blob_orig;
-    char *blob_padded_data;
-    ssh_string sig_blob_padded;
+    char *blob_orig = NULL;
+    char *blob_padded_data = NULL;
+    ssh_string sig_blob_padded = NULL;
 
     size_t rsalen = 0;
     size_t len = ssh_string_len(sig_blob);
@@ -1629,6 +1629,7 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
     return SSH_OK;
 
 errout:
+    SSH_STRING_FREE(sig_blob_padded);
     return SSH_ERROR;
 }
 

src/pki_gcrypt.c

@@ -315,7 +315,7 @@ static int privatekey_decrypt(int algo, int mode, unsigned int key_len,
   if (gcry_cipher_open(&cipher, algo, mode, 0)
       || gcry_cipher_setkey(cipher, key, key_len)
       || gcry_cipher_setiv(cipher, iv, iv_len)
-      || (tmp = calloc(ssh_buffer_get_len(data), sizeof(char))) == NULL
+      || (tmp = calloc(ssh_buffer_get_len(data), sizeof(unsigned char))) == NULL
       || gcry_cipher_decrypt(cipher, tmp, ssh_buffer_get_len(data),
                        ssh_buffer_get(data), ssh_buffer_get_len(data))) {
     gcry_cipher_close(cipher);
@@ -741,7 +741,7 @@ static int pki_key_ecdsa_to_nid(gcry_sexp_t k)
 
 static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(gcry_sexp_t k)
 {
-    static int nid;
+    int nid;
 
     nid = pki_key_ecdsa_to_nid(k);
 
@@ -938,6 +938,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
     (void) auth_fn;
     (void) auth_data;
 
+    SSH_LOG(SSH_LOG_WARN, "PEM export not supported by gcrypt backend!");
+
     return NULL;
 }
 

src/pki_mbedcrypto.c

@@ -64,7 +64,7 @@ static int pki_key_ecdsa_to_nid(mbedtls_ecdsa_context *ecdsa)
 
 static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(mbedtls_ecdsa_context *ecdsa)
 {
-    static int nid;
+    int nid;
 
     nid = pki_key_ecdsa_to_nid(ecdsa);
 
@@ -113,7 +113,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
                     valid = auth_fn("Passphrase for private key:", (char *) tmp,
                             MAX_PASSPHRASE_SIZE, 0, 0, auth_data);
                     if (valid < 0) {
-                        return NULL;
+                        goto fail;
                     }
                     /* TODO fix signedness and strlen */
                     valid = mbedtls_pk_parse_key(rsa,
@@ -155,7 +155,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
                     valid = auth_fn("Passphrase for private key:", (char *) tmp,
                             MAX_PASSPHRASE_SIZE, 0, 0, auth_data);
                     if (valid < 0) {
-                        return NULL;
+                        goto fail;
                     }
                     valid = mbedtls_pk_parse_key(ecdsa,
                             (const unsigned char *) b64_key,
@@ -246,7 +246,7 @@ int pki_privkey_build_rsa(ssh_key key,
                           ssh_string n,
                           ssh_string e,
                           ssh_string d,
-                          ssh_string iqmp,
+                          UNUSED_PARAM(ssh_string iqmp),
                           ssh_string p,
                           ssh_string q)
 {

src/session.c

@@ -372,6 +372,8 @@ const char* ssh_get_kex_algo(ssh_session session) {
             return "diffie-hellman-group1-sha1";
         case SSH_KEX_DH_GROUP14_SHA1:
             return "diffie-hellman-group14-sha1";
+        case SSH_KEX_DH_GROUP14_SHA256:
+            return "diffie-hellman-group14-sha256";
         case SSH_KEX_DH_GROUP16_SHA512:
             return "diffie-hellman-group16-sha512";
         case SSH_KEX_DH_GROUP18_SHA512:

src/socket.c

@@ -42,8 +42,10 @@
 #else /* _WIN32 */
 #include <fcntl.h>
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <signal.h>
 #endif /* _WIN32 */
 
 #include "libssh/priv.h"
@@ -87,6 +89,9 @@ struct ssh_socket_struct {
   ssh_session session;
   ssh_socket_callbacks callbacks;
   ssh_poll_handle poll_handle;
+#ifndef _WIN32
+  pid_t proxy_pid;
+#endif
 };
 
 static int sockets_initialized = 0;
@@ -191,6 +196,9 @@ void ssh_socket_reset(ssh_socket s)
     s->data_except = 0;
     s->poll_handle = NULL;
     s->state=SSH_SOCKET_NONE;
+#ifndef _WIN32
+    s->proxy_pid = 0;
+#endif
 }
 
 /**
@@ -454,6 +462,28 @@ void ssh_socket_close(ssh_socket s)
     }
 
     s->state = SSH_SOCKET_CLOSED;
+
+#ifndef _WIN32
+    /* If the proxy command still runs try to kill it */
+    if (s->proxy_pid != 0) {
+        int status;
+        pid_t pid = s->proxy_pid;
+
+        s->proxy_pid = 0;
+        kill(pid, SIGTERM);
+        while (waitpid(pid, &status, 0) == -1) {
+            if (errno != EINTR) {
+                SSH_LOG(SSH_LOG_WARN, "waitpid failed: %s", strerror(errno));
+                return;
+            }
+        }
+        if (!WIFEXITED(status)) {
+            SSH_LOG(SSH_LOG_WARN, "Proxy command exitted abnormally");
+            return;
+        }
+        SSH_LOG(SSH_LOG_TRACE, "Proxy command returned %d", WEXITSTATUS(status));
+    }
+#endif
 }
 
 /**
@@ -843,7 +873,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
     /* Prepare /dev/null socket for the stderr redirection */
     int devnull = open("/dev/null", O_WRONLY);
     if (devnull == -1) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to open stderr");
+        SSH_LOG(SSH_LOG_WARNING, "Failed to open /dev/null");
         exit(1);
     }
 
@@ -886,9 +916,11 @@ ssh_socket_connect_proxycommand(ssh_socket s, const char *command)
 
     SSH_LOG(SSH_LOG_PROTOCOL, "Executing proxycommand '%s'", command);
     pid = fork();
-    if(pid == 0) {
+    if (pid == 0) {
         ssh_execute_command(command, pair[0], pair[0]);
+        /* Does not return */
     }
+    s->proxy_pid = pid;
     close(pair[0]);
     SSH_LOG(SSH_LOG_PROTOCOL, "ProxyCommand connection pipe: [%d,%d]",pair[0],pair[1]);
     ssh_socket_set_fd(s, pair[1]);

src/wrapper.c

@@ -545,6 +545,7 @@ int crypt_set_algorithms_server(ssh_session session){
     switch (session->next_crypto->kex_type) {
     case SSH_KEX_DH_GROUP1_SHA1:
     case SSH_KEX_DH_GROUP14_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA256:
     case SSH_KEX_DH_GROUP16_SHA512:
     case SSH_KEX_DH_GROUP18_SHA512:
       ssh_server_dh_init(session);

tests/CMakeLists.txt

@@ -119,7 +119,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)
     file(COPY keys/id_ed25519 DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
     file(COPY keys/id_ed25519.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
 
-    # Allow to auth with bob his public keys on alice account
+    # Allow to auth with bob's public keys on alice account
     configure_file(keys/id_rsa.pub ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys @ONLY)
     # append ECDSA public key
     file(READ keys/id_ecdsa.pub CONTENTS)

tests/client/torture_algorithms.c

@@ -691,6 +691,16 @@ static void torture_algorithms_dh_group14(void **state) {
     test_algorithm(s->ssh.session, "diffie-hellman-group14-sha1", NULL/*cipher*/, NULL/*hmac*/);
 }
 
+static void torture_algorithms_dh_group14_sha256(void **state) {
+    struct torture_state *s = *state;
+
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
+    test_algorithm(s->ssh.session, "diffie-hellman-group14-sha256", NULL/*cipher*/, NULL/*hmac*/);
+}
+
 static void torture_algorithms_dh_group16(void **state) {
     struct torture_state *s = *state;
 
@@ -901,6 +911,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_algorithms_dh_group14,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_algorithms_dh_group14_sha256,
+                                        session_setup,
+                                        session_teardown),
         cmocka_unit_test_setup_teardown(torture_algorithms_dh_group16,
                                         session_setup,
                                         session_teardown),

tests/client/torture_proxycommand.c

@@ -110,7 +110,9 @@ static void torture_options_set_proxycommand_ssh(void **state)
     int rc;
     socket_t fd;
 
-    rc = snprintf(command, sizeof(command), "ssh -W [%%h]:%%p alice@%s", address);
+    rc = snprintf(command, sizeof(command),
+                  "ssh -oStrictHostKeyChecking=no -W [%%h]:%%p alice@%s",
+                  address);
     assert_true((size_t)rc < sizeof(command));
 
     rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
@@ -132,7 +134,10 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
     int rc;
     socket_t fd;
 
-    rc = snprintf(command, sizeof(command), "ssh -vvv -W [%%h]:%%p alice@%s", address);
+    /* The -vvv switches produce the desired output on the standard error */
+    rc = snprintf(command, sizeof(command),
+                  "ssh -vvv -oStrictHostKeyChecking=no -W [%%h]:%%p alice@%s",
+                  address);
     assert_true((size_t)rc < sizeof(command));
 
     rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);

tests/client/torture_rekey.c

@@ -72,7 +72,7 @@ static int session_setup(void **state)
     ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
     ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
 
-    /* Authenticate as alice with bob his pubkey */
+    /* Authenticate as alice with bob's pubkey */
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
     assert_int_equal(rc, SSH_OK);
 

tests/client/torture_scp.c

@@ -157,7 +157,7 @@ static void torture_scp_upload(void **state)
     char expected_a[BUF_SIZE];
     char buf[BUF_SIZE];
     FILE *file = NULL;
-
+    size_t len = 0;
     int rc;
 
     assert_non_null(state);
@@ -202,7 +202,8 @@ static void torture_scp_upload(void **state)
     file = fopen(buf, "r");
     assert_non_null(file);
 
-    fread(buf, BUF_SIZE, 1, file);
+    len = fread(buf, BUF_SIZE, 1, file);
+    assert_int_equal(len, 1);
     assert_memory_equal(buf, expected_a, BUF_SIZE);
 
     fclose(file);
@@ -218,8 +219,8 @@ static void torture_scp_upload_recursive(void **state)
 
     char expected_b[BUF_SIZE];
     char buf[BUF_SIZE];
-
     FILE *file = NULL;
+    size_t len = 0;
 
     int rc;
 
@@ -273,7 +274,8 @@ static void torture_scp_upload_recursive(void **state)
     file = fopen(buf, "r");
     assert_non_null(file);
 
-    fread(buf, BUF_SIZE, 1, file);
+    len = fread(buf, BUF_SIZE, 1, file);
+    assert_int_equal(len, 1);
     assert_memory_equal(buf, expected_b, BUF_SIZE);
 
     fclose(file);
@@ -480,7 +482,7 @@ static void torture_scp_upload_newline(void **state)
     FILE *file = NULL;
 
     char buf[1024];
-
+    char *rs = NULL;
     int rc;
 
     assert_non_null(state);
@@ -531,7 +533,8 @@ static void torture_scp_upload_newline(void **state)
     file = fopen(buf, "r");
     assert_non_null(file);
 
-    fgets(buf, 1024, file);
+    rs = fgets(buf, 1024, file);
+    assert_non_null(rs);
     assert_string_equal(buf, "original");
 
     fclose(file);

tests/pkd/pkd_hello.c

@@ -266,21 +266,25 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, rsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256"),            setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp384,                 kexcmd("ecdh-sha2-nistp384"),            setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp521,                 kexcmd("ecdh-sha2-nistp521"),            setup_rsa,        teardown) \
+    f(client, rsa_diffie_hellman_group14_sha256,      kexcmd("diffie-hellman-group14-sha256"), setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group16_sha512,      kexcmd("diffie-hellman-group16-sha512"), setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group18_sha512,      kexcmd("diffie-hellman-group18-sha512"), setup_rsa,        teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256"),            setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp384,           kexcmd("ecdh-sha2-nistp384"),            setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp521,           kexcmd("ecdh-sha2-nistp521"),            setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_group14_sha256,kexcmd("diffie-hellman-group14-sha256"), setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_256,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256"),            setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp384,           kexcmd("ecdh-sha2-nistp384"),            setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp521,           kexcmd("ecdh-sha2-nistp521"),            setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_group14_sha256,kexcmd("diffie-hellman-group14-sha256"), setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_384,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256"),            setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp384,           kexcmd("ecdh-sha2-nistp384"),            setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp521,           kexcmd("ecdh-sha2-nistp521"),            setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_group14_sha256,kexcmd("diffie-hellman-group14-sha256"), setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_521,  teardown)
 #endif
@@ -318,6 +322,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, dsa_diffie_hellman_group16_sha512,      kexcmd("diffie-hellman-group16-sha512"), setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group18_sha512,      kexcmd("diffie-hellman-group18-sha512"), setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_group14_sha256,      kexcmd("diffie-hellman-group14-sha256"), setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256),                    setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                        setup_dsa,        teardown) \
@@ -337,6 +342,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, dsa_diffie_hellman_group16_sha512,      kexcmd("diffie-hellman-group16-sha512"), setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group18_sha512,      kexcmd("diffie-hellman-group18-sha512"), setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_group14_sha256,      kexcmd("diffie-hellman-group14-sha256"), setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown)
 
 #elif defined(WITH_GEX) /* && !defined(HAVE_DSA) */
@@ -362,6 +368,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ed25519_ecdh_sha2_nistp256,             kexcmd("ecdh-sha2-nistp256"),            setup_ed25519,    teardown) \
     f(client, ed25519_ecdh_sha2_nistp384,             kexcmd("ecdh-sha2-nistp384"),            setup_ed25519,    teardown) \
     f(client, ed25519_ecdh_sha2_nistp521,             kexcmd("ecdh-sha2-nistp521"),            setup_ed25519,    teardown) \
+    f(client, ed25519_diffie_hellman_group14_sha256,  kexcmd("diffie-hellman-group14-sha256"), setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group16_sha512,  kexcmd("diffie-hellman-group16-sha512"), setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group18_sha512,  kexcmd("diffie-hellman-group18-sha512"), setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group14_sha1,    kexcmd("diffie-hellman-group14-sha1"),   setup_ed25519,    teardown) \
@@ -376,6 +383,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ed25519_ecdh_sha2_nistp256,             kexcmd("ecdh-sha2-nistp256"),            setup_ed25519,    teardown) \
     f(client, ed25519_ecdh_sha2_nistp384,             kexcmd("ecdh-sha2-nistp384"),            setup_ed25519,    teardown) \
     f(client, ed25519_ecdh_sha2_nistp521,             kexcmd("ecdh-sha2-nistp521"),            setup_ed25519,    teardown) \
+    f(client, ed25519_diffie_hellman_group14_sha256,  kexcmd("diffie-hellman-group14-sha256"), setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group16_sha512,  kexcmd("diffie-hellman-group16-sha512"), setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group18_sha512,  kexcmd("diffie-hellman-group18-sha512"), setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group1_sha1,     kexcmd("diffie-hellman-group1-sha1"),    setup_ed25519,    teardown) \
@@ -1006,7 +1014,6 @@ int main(int argc, char **argv) {
 
     rc = ssh_init();
     if (rc != 0) {
-        rc = SSH_ERROR;
         goto out;
     }
 

tests/server/torture_server.c

@@ -404,7 +404,7 @@ static void torture_server_auth_pubkey(void **state)
     session = s->ssh.session;
     assert_non_null(session);
 
-    /* Authenticate as alice with bob his pubkey */
+    /* Authenticate as alice with bob's pubkey */
     rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
     assert_int_equal(rc, SSH_OK);
 

tests/server/torture_server_config.c

@@ -321,9 +321,9 @@ static int session_setup(void **state)
     assert_non_null(s->ssh.session);
 
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
-    assert_return_code(s->ssh.session, rc);
+    assert_ssh_return_code(s->ssh.session, rc);
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
-    assert_return_code(s->ssh.session, rc);
+    assert_ssh_return_code(s->ssh.session, rc);
     /* Make sure no other configuration options from system will get used */
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
     assert_ssh_return_code(s->ssh.session, rc);

tests/torture.c

@@ -196,6 +196,7 @@ torture_read_pidfile(const char *pidfile)
 {
     char buf[8] = {0};
     long int tmp;
+    pid_t ret;
     ssize_t rc;
     int fd;
 
@@ -213,11 +214,16 @@ torture_read_pidfile(const char *pidfile)
     buf[sizeof(buf) - 1] = '\0';
 
     tmp = strtol(buf, NULL, 10);
-    if (tmp == 0 || tmp > 0xFFFF || errno == ERANGE) {
+    if (tmp == 0 || errno == ERANGE) {
+        return -1;
+    }
+    ret = (pid_t)tmp;
+    /* Check if we are out of pid_t range on this system */
+    if ((long)ret != tmp) {
         return -1;
     }
 
-    return (pid_t)(tmp & 0xFFFF);
+    return ret;
 }
 
 int torture_terminate_process(const char *pidfile)
@@ -588,7 +594,7 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
     char rsa_hostkey[1024];
     char ecdsa_hostkey[1024];
     char trusted_ca_pubkey[1024];
-    char sshd_config[2048];
+    char sshd_config[4096];
     char sshd_path[1024];
     const char *additional_config = NULL;
     struct stat sb;

tests/unittests/torture_options.c

@@ -109,18 +109,21 @@ static void torture_options_set_key_exchange(void **state)
                          "curve25519-sha256,curve25519-sha256@libssh.org,"
                          "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                          "diffie-hellman-group18-sha512,"
+                         "diffie-hellman-group14-sha256,"
                          "diffie-hellman-group14-sha1");
     assert_true(rc == 0);
     assert_non_null(session->opts.wanted_methods[SSH_KEX]);
     if (ssh_fips_mode()) {
         assert_string_equal(session->opts.wanted_methods[SSH_KEX],
                             "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
-                            "diffie-hellman-group18-sha512");
+                            "diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group14-sha256");
     } else {
         assert_string_equal(session->opts.wanted_methods[SSH_KEX],
                             "curve25519-sha256,curve25519-sha256@libssh.org,"
                             "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                             "diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group14-sha256,"
                             "diffie-hellman-group14-sha1");
     }
 
@@ -1327,18 +1330,21 @@ static void torture_bind_options_set_key_exchange(void **state)
                               "curve25519-sha256,curve25519-sha256@libssh.org,"
                               "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                               "diffie-hellman-group18-sha512,"
+                              "diffie-hellman-group14-sha256,"
                               "diffie-hellman-group14-sha1");
     assert_int_equal(rc, 0);
     assert_non_null(bind->wanted_methods[SSH_KEX]);
     if (ssh_fips_mode()) {
         assert_string_equal(bind->wanted_methods[SSH_KEX],
                             "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
-                            "diffie-hellman-group18-sha512");
+                            "diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group14-sha256");
     } else {
         assert_string_equal(bind->wanted_methods[SSH_KEX],
                             "curve25519-sha256,curve25519-sha256@libssh.org,"
                             "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                             "diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group14-sha256,"
                             "diffie-hellman-group14-sha1");
     }