diff options
| author | Miklós Fazekas <mfazekas@szemafor.com> | 2020-04-25 16:30:02 +0200 |
|---|---|---|
| committer | Miklos Fazekas <mfazekas@szemafor.com> | 2020-04-25 16:41:11 +0200 |
| commit | ccb874c470977edc7d198f62cc844cce1e1893be (patch) | |
| tree | f39132c3e46d29526748e283b7ddf23f87e9008a | |
| parent | a6db052118693a6b4d7bbd2fe7e122f41ae8b10d (diff) | |
| download | net-ssh-revert-757-opt-in-etm-hmac.tar.gz | |
Revert "Make hmac-sha2-{256,512}-etm opt-in"revert-757-opt-in-etm-hmac
| -rw-r--r-- | CHANGES.txt | 11 | ||||
| -rw-r--r-- | lib/net/ssh/transport/algorithms.rb | 7 | ||||
| -rw-r--r-- | test/transport/test_algorithms.rb | 18 |
3 files changed, 13 insertions, 23 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 6707307..a84ac7c 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,14 +1,5 @@ -=== 6.0.1 - - * Make sha2-{256,512}-etm@openssh.com MAC opt-in as they seems to have issues [#757] - -=== 6.0.0 - - * Support empty lines and comments in known_hosts [donoghuc, #742] - * Add sha2-{256,512}-etm@openssh.com MAC algorithms [graaff, #714] - === 6.0.0 beta2 - + * Support :certkeys and CertificateFile configuration option [Anders Carling, #722] === 6.0.0 beta1 diff --git a/lib/net/ssh/transport/algorithms.rb b/lib/net/ssh/transport/algorithms.rb index c03c92a..8126aa6 100644 --- a/lib/net/ssh/transport/algorithms.rb +++ b/lib/net/ssh/transport/algorithms.rb @@ -43,7 +43,8 @@ module Net encryption: %w[aes256-ctr aes192-ctr aes128-ctr], - hmac: %w[hmac-sha2-512 hmac-sha2-256 + hmac: %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com + hmac-sha2-512 hmac-sha2-256 hmac-sha1] }.freeze @@ -83,9 +84,7 @@ module Net hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96 - none] + - %w[hmac-sha2-256-etm@openssh.com - hmac-sha2-512-etm@openssh.com], + none], compression: %w[none zlib@openssh.com zlib], language: %w[] diff --git a/test/transport/test_algorithms.rb b/test/transport/test_algorithms.rb index c985f2c..105f3af 100644 --- a/test/transport/test_algorithms.rb +++ b/test/transport/test_algorithms.rb @@ -21,7 +21,7 @@ module Transport assert_equal ed_ec_host_keys + %w[ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com ssh-rsa], algorithms[:host_key] assert_equal x25519_kex + ec_kex + %w[diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1], algorithms[:kex] assert_equal %w[aes256-ctr aes192-ctr aes128-ctr], algorithms[:encryption] - assert_equal %w[hmac-sha2-512 hmac-sha2-256 hmac-sha1], algorithms[:hmac] + assert_equal %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1], algorithms[:hmac] assert_equal %w[none zlib@openssh.com zlib], algorithms[:compression] assert_equal %w[], algorithms[:language] end @@ -30,7 +30,7 @@ module Transport assert_equal ed_ec_host_keys + %w[ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com ssh-rsa ssh-dss], algorithms(append_all_supported_algorithms: true)[:host_key] assert_equal x25519_kex + ec_kex + %w[diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1], algorithms(append_all_supported_algorithms: true)[:kex] assert_equal %w[aes256-ctr aes192-ctr aes128-ctr aes256-cbc aes192-cbc aes128-cbc rijndael-cbc@lysator.liu.se blowfish-ctr blowfish-cbc cast128-ctr cast128-cbc 3des-ctr 3des-cbc idea-cbc none], algorithms(append_all_supported_algorithms: true)[:encryption] - assert_equal %w[hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96 none hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com], algorithms(append_all_supported_algorithms: true)[:hmac] + assert_equal %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96 none], algorithms(append_all_supported_algorithms: true)[:hmac] assert_equal %w[none zlib@openssh.com zlib], algorithms(append_all_supported_algorithms: true)[:compression] assert_equal %w[], algorithms[:language] end @@ -135,25 +135,25 @@ module Transport end def test_constructor_with_preferred_hmac_should_put_preferred_hmac_first - assert_equal %w[hmac-md5-96 hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 none hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com], algorithms(hmac: "hmac-md5-96", append_all_supported_algorithms: true)[:hmac] + assert_equal %w[hmac-md5-96 hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 none], algorithms(hmac: "hmac-md5-96", append_all_supported_algorithms: true)[:hmac] end def test_constructor_with_multiple_preferred_hmac_should_put_all_preferred_hmac_first - assert_equal %w[hmac-md5-96 hmac-sha1-96 hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 none hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com], algorithms(hmac: %w[hmac-md5-96 hmac-sha1-96], append_all_supported_algorithms: true)[:hmac] + assert_equal %w[hmac-md5-96 hmac-sha1-96 hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 none], algorithms(hmac: %w[hmac-md5-96 hmac-sha1-96], append_all_supported_algorithms: true)[:hmac] end def test_constructor_with_unrecognized_hmac_should_ignore_those - assert_equal %w[hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96 none hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com], + assert_equal %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96 none], algorithms(hmac: "unknown hmac-md5-96", append_all_supported_algorithms: true)[:hmac] end def test_constructor_with_preferred_hmac_supports_additions - assert_equal %w[hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com], + assert_equal %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-sha2-512-96 hmac-sha2-256-96 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-md5 hmac-md5-96], algorithms(hmac: %w[+hmac-md5-96 -none])[:hmac] end def test_constructor_with_preferred_hmac_supports_removals_with_wildcard - assert_equal %w[hmac-sha2-512 hmac-sha2-256 hmac-sha2-512-96 hmac-sha2-256-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com], + assert_equal %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-256 hmac-sha2-512-96 hmac-sha2-256-96 hmac-ripemd160 hmac-ripemd160@openssh.com], algorithms(hmac: %w[-hmac-sha1* -hmac-md5* -none])[:hmac] end @@ -410,8 +410,8 @@ module Transport assert_equal options[:host_key] || (ed_ec_host_keys + %w[ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com ssh-rsa]).join(','), buffer.read_string assert_equal options[:encryption_client] || 'aes256-ctr,aes192-ctr,aes128-ctr', buffer.read_string assert_equal options[:encryption_server] || 'aes256-ctr,aes192-ctr,aes128-ctr', buffer.read_string - assert_equal options[:hmac_client] || 'hmac-sha2-512,hmac-sha2-256,hmac-sha1', buffer.read_string - assert_equal options[:hmac_server] || 'hmac-sha2-512,hmac-sha2-256,hmac-sha1', buffer.read_string + assert_equal options[:hmac_client] || 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1', buffer.read_string + assert_equal options[:hmac_server] || 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1', buffer.read_string assert_equal options[:compression_client] || 'none,zlib@openssh.com,zlib', buffer.read_string assert_equal options[:compression_server] || 'none,zlib@openssh.com,zlib', buffer.read_string assert_equal options[:language_client] || '', buffer.read_string |