[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch: add curve25519-sha256 alias (was: Removing DSS and other unreasonable algorithms)

Subject: Patch: add curve25519-sha256 alias (was: Removing DSS and other unreasonable algorithms)
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Mon, 25 Jun 2018 13:37:56 +0200
To: libssh@xxxxxxxxxx

A series of patches is attached that adds the curve25519-sha256 kex algo
as an alias to its private counterpart curve25519-sha256@xxxxxxxxxx and
adds some tests (there weren't any client tests).

I had some trouble getting the client tests to work. There was no hint
in the docs that WITH_CLIENT_TESTING needs to be enabled and that some
wrapper libraries are required to get them to work. I added a paragraph
to the INSTALL file and also updated all links therein.

Regards
Tilo

Am 22.06.2018 um 13:51 schrieb Andreas Schneider:
> Could you prepare a patch for adding curve25519-sha256 as an alias and add a 
> test in torture_algorithms for that?

From 76256475f27e6435fcd2b3d11ca0d39c60755459 Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Date: Mon, 25 Jun 2018 13:01:57 +0200
Subject: [PATCH 1/6] kex: add curve25519-sha256 as alias for
 curve25519-sha256@xxxxxxxxxx

see: https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-07.html

Signed-off-by: Tilo Eckert <tilo.eckert@xxxxxxx>
---
 doc/mainpage.dox        | 2 +-
 include/libssh/crypto.h | 4 +++-
 src/client.c            | 1 +
 src/curve25519.c        | 4 ++--
 src/dh.c                | 4 +++-
 src/kex.c               | 4 +++-
 src/packet_cb.c         | 1 +
 src/server.c            | 1 +
 src/session.c           | 2 ++
 9 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/doc/mainpage.dox b/doc/mainpage.dox
index 1b86baa9..a65caf9b 100644
--- a/doc/mainpage.dox
+++ b/doc/mainpage.dox
@@ -19,7 +19,7 @@ the interesting functions as you go.
 
 The libssh library provides:
 
- - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256@xxxxxxxxxx, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
+ - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256, curve25519-sha256@xxxxxxxxxx, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
  - <strong>Hostkey Types</strong>: <i>ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521</i>, ssh-dss, ssh-rsa
  - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@xxxxxxxxxxxxxx), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none
  - <strong>Compression Schemes</strong>: zlib, <i>zlib@xxxxxxxxxxx</i>, none
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index fab39ed1..2e62d5ce 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -60,7 +60,9 @@ enum ssh_key_exchange_e {
   /* ecdh-sha2-nistp521 */
   SSH_KEX_ECDH_SHA2_NISTP521,
   /* curve25519-sha256@xxxxxxxxxx */
-  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG
+  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
+  /* curve25519-sha256 */
+  SSH_KEX_CURVE25519_SHA256
 };
 
 enum ssh_cipher_e {
diff --git a/src/client.c b/src/client.c
index 5a554647..e0b8d102 100644
--- a/src/client.c
+++ b/src/client.c
@@ -266,6 +266,7 @@ static int dh_handshake(ssh_session session) {
           break;
 #endif
 #ifdef HAVE_CURVE25519
+        case SSH_KEX_CURVE25519_SHA256:
         case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
           rc = ssh_client_curve25519_init(session);
           break;
diff --git a/src/curve25519.c b/src/curve25519.c
index 8e08f512..42b3b64e 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -1,6 +1,6 @@
 /*
  * curve25519.c - Curve25519 ECDH functions for key exchange
- * curve25519-sha256@xxxxxxxxxx
+ * curve25519-sha256@xxxxxxxxxx and curve25519-sha256
  *
  * This file is part of the SSH Library
  *
@@ -40,7 +40,7 @@
 #include "libssh/bignum.h"
 
 /** @internal
- * @brief Starts curve25519-sha256@xxxxxxxxxx key exchange
+ * @brief Starts curve25519-sha256@xxxxxxxxxx / curve25519-sha256 key exchange
  */
 int ssh_client_curve25519_init(ssh_session session){
   int rc;
diff --git a/src/dh.c b/src/dh.c
index d2ddfabd..0d9b1ebe 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -682,7 +682,8 @@ int ssh_make_sessionid(ssh_session session) {
         }
 #endif
 #ifdef HAVE_CURVE25519
-    } else if (session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG) {
+    } else if ((session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256) ||
+               (session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG)) {
         rc = ssh_buffer_pack(buf,
                              "dPdP",
                              CURVE25519_PUBKEY_SIZE,
@@ -718,6 +719,7 @@ int ssh_make_sessionid(ssh_session session) {
                                    session->next_crypto->secret_hash);
         break;
     case SSH_KEX_ECDH_SHA2_NISTP256:
+    case SSH_KEX_CURVE25519_SHA256:
     case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
         session->next_crypto->digest_len = SHA256_DIGEST_LENGTH;
         session->next_crypto->mac_type = SSH_MAC_SHA256;
diff --git a/src/kex.c b/src/kex.c
index b658ed44..441fe23a 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -78,7 +78,7 @@
 #endif
 
 #ifdef HAVE_CURVE25519
-#define CURVE25519 "curve25519-sha256@xxxxxxxxxx,"
+#define CURVE25519 "curve25519-sha256,curve25519-sha256@xxxxxxxxxx,"
 #else
 #define CURVE25519 ""
 #endif
@@ -672,6 +672,8 @@ int ssh_kex_select_methods (ssh_session session){
       session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP521;
     } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256@xxxxxxxxxx") == 0){
       session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG;
+    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256") == 0){
+      session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256;
     }
 
     return SSH_OK;
diff --git a/src/packet_cb.c b/src/packet_cb.c
index fc676257..f0c21a93 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -116,6 +116,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){
       break;
 #endif
 #ifdef HAVE_CURVE25519
+    case SSH_KEX_CURVE25519_SHA256:
     case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
       rc = ssh_client_curve25519_reply(session, packet);
       break;
diff --git a/src/server.c b/src/server.c
index 1be948f1..769dd0a1 100644
--- a/src/server.c
+++ b/src/server.c
@@ -221,6 +221,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
         break;
   #endif
   #ifdef HAVE_CURVE25519
+      case SSH_KEX_CURVE25519_SHA256:
       case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
     	rc = ssh_server_curve25519_init(session, packet);
     	break;
diff --git a/src/session.c b/src/session.c
index deaa1ae1..26ba1e85 100644
--- a/src/session.c
+++ b/src/session.c
@@ -365,6 +365,8 @@ const char* ssh_get_kex_algo(ssh_session session) {
             return "ecdh-sha2-nistp384";
         case SSH_KEX_ECDH_SHA2_NISTP521:
             return "ecdh-sha2-nistp521";
+        case SSH_KEX_CURVE25519_SHA256:
+           return "curve25519-sha256";
         case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
             return "curve25519-sha256@xxxxxxxxxx";
         default:
-- 
2.17.1

From b28103b914f425a8fa41f9ac5bd40ec4ead20392 Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Date: Mon, 25 Jun 2018 13:07:30 +0200
Subject: [PATCH 2/6] tests: add algorithm tests for kex curve25519

Signed-off-by: Tilo Eckert <tilo.eckert@xxxxxxx>
---
 tests/client/torture_algorithms.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c
index 76ea2cef..0401f9bd 100644
--- a/tests/client/torture_algorithms.c
+++ b/tests/client/torture_algorithms.c
@@ -358,6 +358,22 @@ static void torture_algorithms_ecdh_sha2_nistp521(void **state) {
 }
 #endif
 
+#if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR >= 3) || OPENSSH_VERSION_MAJOR > 7)
+static void torture_algorithms_ecdh_curve25519_sha256(void **state) {
+    struct torture_state *s = *state;
+
+    test_algorithm(s->ssh.session, "curve25519-sha256", NULL/*cipher*/, NULL/*hmac*/);
+}
+#endif
+
+#if ((OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 5) || OPENSSH_VERSION_MAJOR > 6)
+static void torture_algorithms_ecdh_curve25519_sha256_libssh_org(void **state) {
+    struct torture_state *s = *state;
+
+    test_algorithm(s->ssh.session, "curve25519-sha256@xxxxxxxxxx", NULL/*cipher*/, NULL/*hmac*/);
+}
+#endif
+
 static void torture_algorithms_dh_group1(void **state) {
     struct torture_state *s = *state;
 
@@ -450,6 +466,16 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_algorithms_dh_group1,
                                         session_setup,
                                         session_teardown),
+#if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR >= 3) || OPENSSH_VERSION_MAJOR > 7)
+        cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_curve25519_sha256,
+                                        session_setup,
+                                        session_teardown),
+#endif
+#if ((OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 5) || OPENSSH_VERSION_MAJOR > 6)
+        cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_curve25519_sha256_libssh_org,
+                                        session_setup,
+                                        session_teardown),
+#endif
 #if defined(HAVE_ECC)
         cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256,
                                         session_setup,
-- 
2.17.1

From 31dd3056262926beeb47ab4b8b9d5f01d59aa612 Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Date: Mon, 25 Jun 2018 13:07:49 +0200
Subject: [PATCH 3/6] tests: add pkd tests for kex curve25519

Signed-off-by: Tilo Eckert <tilo.eckert@xxxxxxx>
---
 tests/pkd/pkd_hello.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c
index e0c0cbf6..66bbbbcc 100644
--- a/tests/pkd/pkd_hello.c
+++ b/tests/pkd/pkd_hello.c
@@ -200,31 +200,36 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #ifdef HAVE_DSA
 #define PKDTESTS_KEX(f, client, kexcmd) \
     /* Kex algorithms. */ \
-    f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_rsa,        teardown) \
+    f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256"),             setup_rsa,        teardown) \
+    f(client, rsa_curve25519_sha256_libssh_org,       kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp384,                 kexcmd("ecdh-sha2-nistp384 "),           setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp521,                 kexcmd("ecdh-sha2-nistp521 "),           setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_rsa,        teardown) \
-    f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_dsa,        teardown) \
+    f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256"),             setup_dsa,        teardown) \
+    f(client, dsa_curve25519_sha256_libssh_org,       kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_dsa,        teardown) \
     f(client, dsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_dsa,        teardown) \
     f(client, dsa_ecdh_sha2_nistp384,                 kexcmd("ecdh-sha2-nistp384 "),           setup_dsa,        teardown) \
     f(client, dsa_ecdh_sha2_nistp521,                 kexcmd("ecdh-sha2-nistp521 "),           setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown) \
-    f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256"),             setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp384,           kexcmd("ecdh-sha2-nistp384 "),           setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp521,           kexcmd("ecdh-sha2-nistp521 "),           setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256"),             setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp384,           kexcmd("ecdh-sha2-nistp384 "),           setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp521,           kexcmd("ecdh-sha2-nistp521 "),           setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256"),             setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp384,           kexcmd("ecdh-sha2-nistp384 "),           setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp521,           kexcmd("ecdh-sha2-nistp521 "),           setup_ecdsa_521,  teardown) \
@@ -233,19 +238,23 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #else
 #define PKDTESTS_KEX(f, client, kexcmd) \
     /* Kex algorithms. */ \
-    f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_rsa,        teardown) \
+    f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256"),             setup_rsa,        teardown) \
+    f(client, rsa_curve25519_sha256_libssh_org,       kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_rsa,        teardown) \
-    f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256"),             setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256"),             setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256"),             setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_521,  teardown)
-- 
2.17.1

From fa0b7f452ce99668b3fe50e73ae56c37253e47c2 Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Date: Mon, 25 Jun 2018 13:09:57 +0200
Subject: [PATCH 4/6] tests: adjust test for kex string "curve25519"

Signed-off-by: Tilo Eckert <tilo.eckert@xxxxxxx>
---
 tests/unittests/torture_options.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 6fc0df79..d0d11d4d 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -68,18 +68,18 @@ static void torture_options_set_key_exchange(void **state)
     /* Test known kexes */
     rc = ssh_options_set(session,
                          SSH_OPTIONS_KEY_EXCHANGE,
-                         "curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,diffie-hellman-group14-sha1");
+                         "curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,diffie-hellman-group14-sha1");
     assert_true(rc == 0);
     assert_string_equal(session->opts.wanted_methods[SSH_KEX],
-                        "curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,diffie-hellman-group14-sha1");
+                        "curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,diffie-hellman-group14-sha1");
 
     /* Test one unknown kex */
     rc = ssh_options_set(session,
                          SSH_OPTIONS_KEY_EXCHANGE,
-                         "curve25519-sha256@xxxxxxxxxx,unknown-crap@xxxxxxxxxxx,diffie-hellman-group14-sha1");
+                         "curve25519-sha256,curve25519-sha256@xxxxxxxxxx,unknown-crap@xxxxxxxxxxx,diffie-hellman-group14-sha1");
     assert_true(rc == 0);
     assert_string_equal(session->opts.wanted_methods[SSH_KEX],
-                        "curve25519-sha256@xxxxxxxxxx,diffie-hellman-group14-sha1");
+                        "curve25519-sha256,curve25519-sha256@xxxxxxxxxx,diffie-hellman-group14-sha1");
 
     /* Test all unknown kexes */
     rc = ssh_options_set(session,
-- 
2.17.1

From 0cd5e7b07b9f2e96e99fd873c52ae4b7abe33df5 Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Date: Mon, 25 Jun 2018 13:12:39 +0200
Subject: [PATCH 5/6] doc: add documentation about building with client tests

Signed-off-by: Tilo Eckert <tilo.eckert@xxxxxxx>
---
 INSTALL | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/INSTALL b/INSTALL
index 9e107881..70c28f79 100644
--- a/INSTALL
+++ b/INSTALL
@@ -14,6 +14,10 @@ or
 
 optional:
 - [libz](http://www.zlib.net) >= 1.2
+- [socket_wrapper](https://cwrap.org/) >= 1.1.5
+- [nss_wrapper](https://cwrap.org/) >= 1.1.2
+- [uid_wrapper](https://cwrap.org/) >= 1.2.0
+- [pam_wrapper](https://cwrap.org/) >= 1.0.1
 
 Note that these version numbers are version we know works correctly. If you
 build and run libssh successfully with an older version, please let us know.
@@ -38,6 +42,11 @@ On Windows you should choose a makefile gernerator with -G or use
 
     cmake-gui.exe ..
 
+To enable additional client tests against a local OpenSSH server, add the
+compile option -DWITH_CLIENT_TESTING=ON. These tests require an OpenSSH
+server package and some wrapper libraries (see optional requirements) to
+be installed.
+
 ## Testing build
 
     make test
-- 
2.17.1

From 909d73386313e023c3064affc2f51815779e1faf Mon Sep 17 00:00:00 2001
From: Tilo Eckert <tilo.eckert@xxxxxxx>
Date: Mon, 25 Jun 2018 13:14:26 +0200
Subject: [PATCH 6/6] doc: update links in INSTALL file

Signed-off-by: Tilo Eckert <tilo.eckert@xxxxxxx>
---
 INSTALL | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/INSTALL b/INSTALL
index 70c28f79..0d81cbcc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -7,25 +7,25 @@
 In order to build libssh, you need to install several components:
 
 - A C compiler
-- [CMake](http://www.cmake.org) >= 2.6.0.
-- [openssl](http://www.openssl.org) >= 0.9.8
+- [CMake](https://www.cmake.org) >= 2.6.0.
+- [openssl](https://www.openssl.org) >= 0.9.8
 or
-- [gcrypt](http://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
+- [gcrypt](https://gnupg.org/software/libgcrypt/) >= 1.4
 
 optional:
-- [libz](http://www.zlib.net) >= 1.2
+- [libz](https://www.zlib.net) >= 1.2
 - [socket_wrapper](https://cwrap.org/) >= 1.1.5
 - [nss_wrapper](https://cwrap.org/) >= 1.1.2
 - [uid_wrapper](https://cwrap.org/) >= 1.2.0
 - [pam_wrapper](https://cwrap.org/) >= 1.0.1
 
-Note that these version numbers are version we know works correctly. If you
+Note that these version numbers are versions we know work correctly. If you
 build and run libssh successfully with an older version, please let us know.
 
 Windows binaries known to be working:
 
-- http://www.slproweb.com/products/Win32OpenSSL.html
-- http://zlib.net/ -> zlib compiled DLL
+- https://slproweb.com/products/Win32OpenSSL.html
+- https://zlib.net/ -> zlib compiled DLL
 
 We installed them in C:\Program Files
 
-- 
2.17.1

Follow-Ups:
Re: Patch: add curve25519-sha256 alias (was: Removing DSS and other unreasonable algorithms)	Andreas Schneider <asn@xxxxxxxxxxxxxx>

References:
Missing signed-off for pkg chacha20 patches	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)	Tilo Eckert <tilo.eckert@xxxxxxx>
Re: Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)	Andreas Schneider <asn@xxxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org