[openssh-commits] [openssh] 05/05: upstream: Provide defaults for ciphers and macs

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jun 19 20:37:14 AEST 2024 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Wed Jun 19 10:15:51 2024 +0000

    upstream: Provide defaults for ciphers and macs
    
    if querying for them fails since on some versions of Dropbear (at least
    v2024.85) "-m help" doesn't seem to work.  Enable all supported pubkey
    algorithms in the server.
    
    OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
---
 regress/dropbear-ciphers.sh | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/regress/dropbear-ciphers.sh b/regress/dropbear-ciphers.sh
index 2e0f9a1d..7b0924ce 100644
--- a/regress/dropbear-ciphers.sh
+++ b/regress/dropbear-ciphers.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: dropbear-ciphers.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
+#	$OpenBSD: dropbear-ciphers.sh,v 1.2 2024/06/19 10:15:51 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="dropbear ciphers"
@@ -7,13 +7,23 @@ if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
 	skip "dropbear interop tests not enabled"
 fi
 
+# Enable all support algorithms
+algs=`$SSH -Q key-sig | tr '\n' ,`
 cat >>$OBJ/sshd_proxy <<EOD
-PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
-HostkeyAlgorithms +ssh-rsa,ssh-dss
+PubkeyAcceptedAlgorithms $algs
+HostkeyAlgorithms $algs
 EOD
 
 ciphers=`$DBCLIENT -c help 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '`
+if [ -z "$ciphers" ]; then
+	trace dbclient query ciphers failed, making assumptions.
+	ciphers="chacha20-poly1305 at openssh.com aes128-ctr aes256-ctr"
+fi
 macs=`$DBCLIENT -m help 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '`
+if [ -z "$macs" ]; then
+	trace dbclient query macs failed, making assumptions.
+	macs="hmac-sha1 hmac-sha2-256"
+fi
 keytype=`(cd $OBJ/.dropbear && ls id_*)`
 
 for c in $ciphers ; do

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list