Fix rsa-sha2 extension handling

Related: #1666342

.gitignore

@@ -25,3 +25,17 @@ libssh-0.4.4.tar.gz.asc
 /libssh-0.7.3.tar.xz
 /libssh-0.7.4.tar.xz
 /libssh-0.7.5.tar.xz
+/libssh-0.8.0.tar.xz
+/libssh-0.8.0.tar.xz.asc
+/libssh-0.8.1.tar.xz
+/libssh-0.8.1.tar.xz.asc
+/libssh-0.8.2.tar.xz
+/libssh-0.8.2.tar.xz.asc
+/libssh-0.8.3.tar.xz
+/libssh-0.8.3.tar.xz.asc
+/libssh-0.8.4.tar.xz
+/libssh-0.8.4.tar.xz.asc
+/libssh-0.8.5.tar.xz
+/libssh-0.8.5.tar.xz.asc
+/libssh-0.8.6.tar.xz
+/libssh-0.8.6.tar.xz.asc

libssh-0.7.5-fix-config-parsing.patch

@@ -1,32 +0,0 @@
-From 5333be5988c3789e7011598995f4df90d50d84d0 Mon Sep 17 00:00:00 2001
-From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
-Date: Sun, 4 Jun 2017 11:54:55 +0300
-Subject: config: Bugfix: Don't skip unseen opcodes
-
-libssh fails to read the configuration from a config file due to a
-wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
-effectively skipping every opcode (and therefore every option) from
-the file.  The change fixes that behaviour.
-
-Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/config.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/config.c b/src/config.c
-index 6478fc5f..519926e7 100644
---- a/src/config.c
-+++ b/src/config.c
-@@ -219,7 +219,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
- 
-   opcode = ssh_config_get_opcode(keyword);
-   if (*parsing == 1 && opcode != SOC_HOST) {
--      if (seen[opcode] == 0) {
-+      if (seen[opcode] != 0) {
-           return 0;
-       }
-       seen[opcode] = 1;
--- 
-cgit v1.1
-

libssh-0.8.6-fix-rsa-sha2-ext.patch

@@ -0,0 +1,261 @@
+From d028b2495d0bb2b7ae9b0af42b4377af4a964b00 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 8 Jan 2019 11:32:10 +0100
+Subject: [PATCH 1/3] dh: Make sure we do not access uninitialized memory
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit ca62632170c311923026f978c57d2e0a0be3e0e1)
+---
+ src/dh.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/dh.c b/src/dh.c
+index 90c1813c..cc12fd46 100644
+--- a/src/dh.c
++++ b/src/dh.c
+@@ -1274,6 +1274,10 @@ int ssh_get_server_publickey(ssh_session session, ssh_key *key)
+ 
+ ssh_key ssh_dh_get_current_server_publickey(ssh_session session)
+ {
++    if (session->current_crypto == NULL) {
++        return NULL;
++    }
++
+     return session->current_crypto->server_pubkey;
+ }
+ 
+-- 
+2.20.1
+
+
+From 0acfd81f85f8c41547ac700782fa96a000abdc79 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 7 Jan 2019 18:49:58 +0100
+Subject: [PATCH 2/3] server: Correctly handle extensions
+
+If the server had an RSA host key, it provided unconditionally SHA2
+signatures without consulting the client proposed list of supported host
+keys.
+
+This commit implements more fine-grained detection of the extension
+to provide the client with valid signatures according to RFC 8332
+Section 3.1.
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 27fe60954c29e548c30af239d92ab4faaf8cf788)
+---
+ include/libssh/session.h |  7 ++++---
+ src/kex.c                | 24 ++++++++++++++++++++----
+ src/server.c             |  2 +-
+ 3 files changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/include/libssh/session.h b/include/libssh/session.h
+index 8b963066..23633cc2 100644
+--- a/include/libssh/session.h
++++ b/include/libssh/session.h
+@@ -87,10 +87,11 @@ enum ssh_pending_call_e {
+ #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
+ 
+ /* extensions flags */
++/* negotiation enabled */
++#define SSH_EXT_NEGOTIATION     0x01
+ /* server-sig-algs extension */
+-#define SSH_EXT_SIG_RSA_SHA256  0x01
+-#define SSH_EXT_SIG_RSA_SHA512  0x02
+-#define SSH_EXT_ALL             SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512
++#define SSH_EXT_SIG_RSA_SHA256  0x02
++#define SSH_EXT_SIG_RSA_SHA512  0x04
+ 
+ /* members that are common to ssh_session and ssh_bind */
+ struct ssh_common_struct {
+diff --git a/src/kex.c b/src/kex.c
+index 35a5a602..d9d0c7e5 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -526,13 +526,29 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+         ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
+                              KEX_EXTENSION_CLIENT);
+         if (ok) {
++            const char *hostkeys = NULL;
++
++            /* The client supports extension negotiation */
++            session->extensions |= SSH_EXT_NEGOTIATION;
+             /*
+-             * Enable all the supported extensions and when the time comes
+-             * (after NEWKEYS) send them to the client.
++             * RFC 8332 Section 3.1: Use for Server Authentication
++             * Check what algorithms were provided in the SSH_HOSTKEYS list
++             * by the client and enable the respective extensions to provide
++             * correct signature in the next packet if RSA is negotiated
+              */
++            hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS];
++            ok = ssh_match_group(hostkeys, "rsa-sha2-512");
++            if (ok) {
++                session->extensions |= SSH_EXT_SIG_RSA_SHA512;
++            }
++            ok = ssh_match_group(hostkeys, "rsa-sha2-256");
++            if (ok) {
++                session->extensions |= SSH_EXT_SIG_RSA_SHA256;
++            }
+             SSH_LOG(SSH_LOG_DEBUG, "The client supports extension "
+-                    "negotiation: enabling all extensions");
+-            session->extensions = SSH_EXT_ALL;
++                    "negotiation. Enabled signature algorithms: %s%s",
++                    session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "",
++                    session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : "");
+         }
+ 
+         /*
+diff --git a/src/server.c b/src/server.c
+index 8197fd86..02471e91 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -523,7 +523,7 @@ static void ssh_server_connection_callback(ssh_session session){
+                  * our supported extensions now. This is the first message after
+                  * sending NEWKEYS message and after turning on crypto.
+                  */
+-                if (session->extensions &&
++                if (session->extensions & SSH_EXT_NEGOTIATION &&
+                     session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
+                     ssh_server_send_extensions(session);
+                 }
+-- 
+2.20.1
+
+
+From bfc39d578db2412d2ae379a105c3cb658f48748c Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 8 Jan 2019 14:27:39 +0100
+Subject: [PATCH 3/3] kex: List also the SHA2 extension when ordering hostkey
+ algorithms
+
+By default, the list of already stored known host types is preferred,
+but this selection so far ignored the SHA2 extension and excluded these
+keys in the KEXINIT list leading to not using this extension if not
+explicitly enabled from configuration.
+
+This commit extends the default list with the SHA2 signatures algoritms
+and compares only base types so they can be listed in the KEXINIT list.
+
+This adjust the tests to expect the full list of algorithms to pass.
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit 531b80a60bcb89c0ea09e85e36e240755407febf)
+---
+ src/kex.c                                    | 36 +++++++++++---------
+ tests/unittests/torture_knownhosts_parsing.c | 10 +++---
+ 2 files changed, 26 insertions(+), 20 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index d9d0c7e5..44d60f59 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -38,6 +38,7 @@
+ #include "libssh/curve25519.h"
+ #include "libssh/knownhosts.h"
+ #include "libssh/misc.h"
++#include "libssh/pki.h"
+ 
+ #ifdef HAVE_LIBGCRYPT
+ # define BLOWFISH "blowfish-cbc,"
+@@ -619,6 +620,8 @@ char *ssh_client_select_hostkeys(ssh_session session)
+         "ecdsa-sha2-nistp521",
+         "ecdsa-sha2-nistp384",
+         "ecdsa-sha2-nistp256",
++        "rsa-sha2-512",
++        "rsa-sha2-256",
+         "ssh-rsa",
+ #ifdef HAVE_DSA
+         "ssh-dss",
+@@ -644,29 +647,30 @@ char *ssh_client_select_hostkeys(ssh_session session)
+ 
+     for (i = 0; preferred_hostkeys[i] != NULL; ++i) {
+         bool found = false;
++        /* This is a signature type: We list also the SHA2 extensions */
++        enum ssh_keytypes_e base_preferred =
++            ssh_key_type_from_signature_name(preferred_hostkeys[i]);
+ 
+         for (it = ssh_list_get_iterator(algo_list);
+              it != NULL;
+              it = it->next) {
+             const char *algo = ssh_iterator_value(const char *, it);
+-            int cmp;
+-            int ok;
++            /* This is always key type so we do not have to care for the
++             * SHA2 extension */
++            enum ssh_keytypes_e base_algo = ssh_key_type_from_name(algo);
+ 
+-            cmp = strcmp(preferred_hostkeys[i], algo);
+-            if (cmp == 0) {
+-                ok = ssh_verify_existing_algo(SSH_HOSTKEYS, algo);
+-                if (ok) {
+-                    if (needcomma) {
+-                        strncat(methods_buffer,
+-                                ",",
+-                                sizeof(methods_buffer) - strlen(methods_buffer) - 1);
+-                    }
++            if (base_preferred == base_algo) {
++                /* Matching the keys already verified it is a known type */
++                if (needcomma) {
+                     strncat(methods_buffer,
+-                            algo,
++                            ",",
+                             sizeof(methods_buffer) - strlen(methods_buffer) - 1);
+-                    needcomma = 1;
+-                    found = true;
+                 }
++                strncat(methods_buffer,
++                        preferred_hostkeys[i],
++                        sizeof(methods_buffer) - strlen(methods_buffer) - 1);
++                needcomma = 1;
++                found = true;
+             }
+         }
+         /* Collect the rest of the algorithms in other buffer, that will
+@@ -728,10 +732,10 @@ int ssh_set_client_kex(ssh_session session)
+ 
+     memset(client->methods, 0, KEX_METHODS_SIZE * sizeof(char **));
+     /* first check if we have specific host key methods */
+-    if(session->opts.wanted_methods[SSH_HOSTKEYS] == NULL){
++    if (session->opts.wanted_methods[SSH_HOSTKEYS] == NULL) {
+     	/* Only if no override */
+     	session->opts.wanted_methods[SSH_HOSTKEYS] =
+-    			ssh_client_select_hostkeys(session);
++            ssh_client_select_hostkeys(session);
+     }
+ 
+     for (i = 0; i < KEX_METHODS_SIZE; i++) {
+diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c
+index 148c5da8..a7a0d99d 100644
+--- a/tests/unittests/torture_knownhosts_parsing.c
++++ b/tests/unittests/torture_knownhosts_parsing.c
+@@ -310,8 +310,9 @@ torture_knownhosts_algorithms(void **state)
+     const char *knownhosts_file = *state;
+     char *algo_list = NULL;
+     ssh_session session;
+-    const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
+-                         "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
++    const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,"
++                         "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
++                         "ecdsa-sha2-nistp256"
+ #ifdef HAVE_DSA
+                          ",ssh-dss"
+ #endif
+@@ -339,8 +340,9 @@ torture_knownhosts_algorithms_global(void **state)
+     const char *knownhosts_file = *state;
+     char *algo_list = NULL;
+     ssh_session session;
+-    const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
+-                         "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
++    const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,"
++                         "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
++                         "ecdsa-sha2-nistp256"
+ #ifdef HAVE_DSA
+                          ",ssh-dss"
+ #endif
+-- 
+2.20.1
+

libssh.spec

@@ -1,23 +1,32 @@
 Name:           libssh
-Version:        0.7.5
-Release:        7%{?dist}
+Version:        0.8.6
+Release:        2%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
 
-Source0:        https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
+Source0:        https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz
+Source1:        https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc
+Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
 
-Patch0:         libssh-0.7.5-fix-config-parsing.patch
-Patch1:         libssh-0.7.5-openssl-1.1.patch
+Patch0:         libssh-0.8.6-fix-rsa-sha2-ext.patch
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
+BuildRequires:  gcc-c++
+BuildRequires:  gnupg2
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  krb5-devel
 BuildRequires:  libcmocka-devel
 
+%ifarch aarch64 ppc64 ppc64le s390x x86_64
+Provides: libssh_threads.so.4()(64bit)
+%else
+Provides: libssh_threads.so.4
+%endif
+
 %description
 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client is
@@ -35,6 +44,7 @@ The %{name}-devel package contains libraries and header files for developing
 applications that use %{name}.
 
 %prep
+gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %autosetup -p1
 
 %build
@@ -44,29 +54,39 @@ fi
 pushd obj
 
 %cmake .. \
-    -DWITH_TESTING=ON
+    -DUNIT_TESTING=ON
 
-make %{?_smp_mflags} VERBOSE=1
-make doc
+%make_build VERBOSE=1
+make docs
 
 popd
 
 %install
 make DESTDIR=%{buildroot} install/fast -C obj
 
-## unpackaged files
-# static libs forced on using WITH_TESTING
-rm -fv %{buildroot}%{_libdir}/libssh.a
-rm -fv %{buildroot}%{_libdir}/libssh_threads.a
+#
+# Workaround for the removal of libssh_threads.so
+#
+# This will allow libraries which link against libssh_threads.so or packages
+# requiring it to continue working.
+#
+pushd %{buildroot}%{_libdir}
+for i in libssh.so*;
+do
+    _target="${i}"
+    _link_name="${i%libssh*}libssh_threads${i##*libssh}"
+    if [ -L "${i}" ]; then
+        _target="$(readlink ${i})"
+    fi
+    ln -s "${_target}" "${_link_name}"
+done;
+popd
 
 %ldconfig_scriptlets
 
 %check
 pushd obj
-make test || {
-    cat Testing/Temporary/LastTest.log;
-    exit 1;
-}
+ctest --output-on-failure
 popd
 
 %files
@@ -82,11 +102,62 @@ popd
 %dir  %{_libdir}/cmake/
 %{_libdir}/cmake/libssh/
 %{_libdir}/pkgconfig/libssh.pc
-%{_libdir}/pkgconfig/libssh_threads.pc
 %{_libdir}/libssh.so
 %{_libdir}/libssh_threads.so
 
 %changelog
+* Tue Jan 15 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.6-2
+- Fix rsa-sha2 extension handling (#1666342)
+
+* Thu Jan 03 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.6-1
+- Update to version 0.8.6
+  https://www.libssh.org/2018/12/24/libssh-0-8-6-xmas-edition/
+
+* Mon Oct 29 2018 Andreas Schneider <asn@redhat.com> - 0.8.5-1
+- Update to version 0.8.5
+  https://www.libssh.org/2018/10/29/libssh-0-8-5-and-libssh-0-7-7/
+
+* Tue Oct 16 2018 Andreas Schneider <asn@redhat.com> - 0.8.4-1
+- Update to version 0.8.4
+  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release
+- Fixes CVE-2018-10933
+
+* Mon Oct 01 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-3
+- Fixed errors found by static code analysis
+
+* Tue Sep 25 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-2
+- Add missing libssh_threads.so link to libssh-devel package
+
+* Fri Sep 21 2018 Andreas Schneider <asn@redhat.com> - 0.8.3-1
+- Update to version 0.8.3
+  https://www.libssh.org/2018/09/21/libssh-0-8-3/
+
+* Thu Aug 30 2018 Andreas Schneider <asn@redhat.com> - 0.8.2-1
+- Update to version 0.8.2
+  https://www.libssh.org/2018/08/30/libssh-0-8-2
+
+* Thu Aug 16 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-4
+- Fix link creation or RPM doesn't install it
+
+* Wed Aug 15 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-3
+- Add missing so version for libssh_threads.so.4
+
+* Tue Aug 14 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-2
+- Add Provides for libssh_threads.so to unbreak applications
+
+* Mon Aug 13 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-1
+- Update to version 0.8.1
+  https://www.libssh.org/2018/08/13/libssh-0-8-1
+- resolves: #1615248 - pkg-config --modversion
+- resolves: #1615132 - library initialization
+
+* Fri Aug 10 2018 Andreas Schneider <asn@redhat.com> - 0.8.0-1
+- Update to version 0.8.0
+  https://www.libssh.org/2018/08/10/libssh-0-8-0/
+
+* Wed Mar 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.7.5-8
+- BR: gcc-c++, use %%make_build
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 

sources

@@ -1 +1,2 @@
-SHA512 (libssh-0.7.5.tar.xz) = 6c7f539899caaedf13d66fa2e0fac1a475ecdfe389131abcbdf908bdebc50a0b9e6b0d43e67e52aea85c32f6aa68e46ca2f50695992f82ded83489f445a8e775
+SHA512 (libssh-0.8.6.tar.xz) = e91d1f4c1343aa232ade0fe4b5e9a92ca65e3716f4ebe2ec25b04def4fae5a3774349f05a6919836551f66fb0288ed6a3e19e0ab786c081616218be973356522
+SHA512 (libssh-0.8.6.tar.xz.asc) = 16955818de162847cf926d72c762943e0b931b1e24fb4f35cf82dec9af0247f4d8731041c837d474b0b070b0f6d2001f72b36bd6efecb9b24599d391d9a23266