From 8bcdda4a08c6d008c11c53d75b7ff90f6d3aeba7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 16 Oct 2018 14:29:58 +0200 Subject: [PATCH] Update to version 0.8.4 Fixes CVE-2018-10933 --- .gitignore | 2 + libssh-0.8.3-fix-covscan-errors.patch | 2065 ------------------------- libssh.spec | 11 +- sources | 4 +- 4 files changed, 11 insertions(+), 2071 deletions(-) delete mode 100644 libssh-0.8.3-fix-covscan-errors.patch diff --git a/.gitignore b/.gitignore index 240b43d..e0df0fc 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,5 @@ libssh-0.4.4.tar.gz.asc /libssh-0.8.2.tar.xz.asc /libssh-0.8.3.tar.xz /libssh-0.8.3.tar.xz.asc +/libssh-0.8.4.tar.xz +/libssh-0.8.4.tar.xz.asc diff --git a/libssh-0.8.3-fix-covscan-errors.patch b/libssh-0.8.3-fix-covscan-errors.patch deleted file mode 100644 index 6110c82..0000000 --- a/libssh-0.8.3-fix-covscan-errors.patch +++ /dev/null @@ -1,2065 +0,0 @@ -diff --git a/examples/libssh_scp.c b/examples/libssh_scp.c -index 46199f47..ff38b830 100644 ---- a/examples/libssh_scp.c -+++ b/examples/libssh_scp.c -@@ -25,148 +25,230 @@ program. - static char **sources; - static int nsources; - static char *destination; --static int verbosity=0; -+static int verbosity = 0; - - struct location { -- int is_ssh; -- char *user; -- char *host; -- char *path; -- ssh_session session; -- ssh_scp scp; -- FILE *file; -+ int is_ssh; -+ char *user; -+ char *host; -+ char *path; -+ ssh_session session; -+ ssh_scp scp; -+ FILE *file; - }; - - enum { -- READ, -- WRITE -+ READ, -+ WRITE - }; - --static void usage(const char *argv0){ -- fprintf(stderr,"Usage : %s [options] [[user@]host1:]file1 ... \n" -- " [[user@]host2:]destination\n" -- "sample scp client - libssh-%s\n", --// "Options :\n", --// " -r : use RSA to verify host public key\n", -- argv0, -- ssh_version(0)); -- exit(0); -+static void usage(const char *argv0) { -+ fprintf(stderr, "Usage : %s [options] [[user@]host1:]file1 ... \n" -+ " [[user@]host2:]destination\n" -+ "sample scp client - libssh-%s\n", -+ // "Options :\n", -+ // " -r : use RSA to verify host public key\n", -+ argv0, -+ ssh_version(0)); -+ exit(0); - } - --static int opts(int argc, char **argv){ -- int i; -- while((i=getopt(argc,argv,"v"))!=-1){ -- switch(i){ -- case 'v': -- verbosity++; -- break; -- default: -- fprintf(stderr,"unknown option %c\n",optopt); -+static int opts(int argc, char **argv) { -+ int i; -+ -+ while((i = getopt(argc, argv, "v")) != -1) { -+ switch(i) { -+ case 'v': -+ verbosity++; -+ break; -+ default: -+ fprintf(stderr, "unknown option %c\n", optopt); -+ usage(argv[0]); -+ return -1; -+ } -+ } -+ -+ nsources = argc - optind - 1; -+ if (nsources < 1) { - usage(argv[0]); - return -1; - } -- } -- nsources=argc-optind-1; -- if(nsources < 1){ -- usage(argv[0]); -- return -1; -- } -- sources=malloc((nsources + 1) * sizeof(char *)); -- if(sources == NULL) -- return -1; -- for(i=0;ihost=location->user=NULL; -- ptr=strchr(loc,':'); -- if(ptr != NULL){ -- location->is_ssh=1; -- location->path=strdup(ptr+1); -- *ptr='\0'; -- ptr=strchr(loc,'@'); -- if(ptr != NULL){ -- location->host=strdup(ptr+1); -- *ptr='\0'; -- location->user=strdup(loc); -- } else { -- location->host=strdup(loc); -+ sources = malloc((nsources + 1) * sizeof(char *)); -+ if (sources == NULL) { -+ return -1; - } -- } else { -- location->is_ssh=0; -- location->path=strdup(loc); -- } -- return location; --} - --static int open_location(struct location *loc, int flag){ -- if(loc->is_ssh && flag==WRITE){ -- loc->session=connect_ssh(loc->host,loc->user,verbosity); -- if(!loc->session){ -- fprintf(stderr,"Couldn't connect to %s\n",loc->host); -- return -1; -+ for(i = 0; i < nsources; ++i) { -+ sources[i] = argv[optind]; -+ optind++; - } -- loc->scp=ssh_scp_new(loc->session,SSH_SCP_WRITE,loc->path); -- if(!loc->scp){ -- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); -- return -1; -+ -+ sources[i] = NULL; -+ destination = argv[optind]; -+ return 0; -+} -+ -+static void location_free(struct location *loc) -+{ -+ if (loc) { -+ if (loc->path) { -+ free(loc->path); -+ } -+ loc->path = NULL; -+ if (loc->is_ssh) { -+ if (loc->host) { -+ free(loc->host); -+ } -+ loc->host = NULL; -+ if (loc->user) { -+ free(loc->user); -+ } -+ loc->user = NULL; -+ if (loc->host) { -+ free(loc->host); -+ } -+ loc->host = NULL; -+ } -+ free(loc); - } -- if(ssh_scp_init(loc->scp)==SSH_ERROR){ -- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); -- ssh_scp_free(loc->scp); -- loc->scp = NULL; -- return -1; -+} -+ -+static struct location *parse_location(char *loc) { -+ struct location *location; -+ char *ptr; -+ -+ location = malloc(sizeof(struct location)); -+ if (location == NULL) { -+ return NULL; - } -- return 0; -- } else if(loc->is_ssh && flag==READ){ -- loc->session=connect_ssh(loc->host, loc->user,verbosity); -- if(!loc->session){ -- fprintf(stderr,"Couldn't connect to %s\n",loc->host); -- return -1; -+ memset(location, 0, sizeof(struct location)); -+ -+ location->host = location->user = NULL; -+ ptr = strchr(loc, ':'); -+ -+ if (ptr != NULL) { -+ location->is_ssh = 1; -+ location->path = strdup(ptr+1); -+ *ptr = '\0'; -+ ptr = strchr(loc, '@'); -+ -+ if (ptr != NULL) { -+ location->host = strdup(ptr+1); -+ *ptr = '\0'; -+ location->user = strdup(loc); -+ } else { -+ location->host = strdup(loc); -+ } -+ } else { -+ location->is_ssh = 0; -+ location->path = strdup(loc); - } -- loc->scp=ssh_scp_new(loc->session,SSH_SCP_READ,loc->path); -- if(!loc->scp){ -- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); -- return -1; -+ return location; -+} -+ -+static void close_location(struct location *loc) { -+ int rc; -+ -+ if (loc) { -+ if (loc->is_ssh) { -+ if (loc->scp) { -+ rc = ssh_scp_close(loc->scp); -+ if (rc == SSH_ERROR) { -+ fprintf(stderr, -+ "Error closing scp: %s\n", -+ ssh_get_error(loc->session)); -+ } -+ ssh_scp_free(loc->scp); -+ loc->scp = NULL; -+ } -+ if (loc->session) { -+ ssh_disconnect(loc->session); -+ ssh_free(loc->session); -+ loc->session = NULL; -+ } -+ } else { -+ if (loc->file) { -+ fclose(loc->file); -+ loc->file = NULL; -+ } -+ } - } -- if(ssh_scp_init(loc->scp)==SSH_ERROR){ -- fprintf(stderr,"error : %s\n",ssh_get_error(loc->session)); -- ssh_scp_free(loc->scp); -- loc->scp = NULL; -- return -1; -+} -+ -+static int open_location(struct location *loc, int flag) { -+ if (loc->is_ssh && flag == WRITE) { -+ loc->session = connect_ssh(loc->host, loc->user, verbosity); -+ if (!loc->session) { -+ fprintf(stderr, "Couldn't connect to %s\n", loc->host); -+ return -1; -+ } -+ -+ loc->scp = ssh_scp_new(loc->session, SSH_SCP_WRITE, loc->path); -+ if (!loc->scp) { -+ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); -+ ssh_disconnect(loc->session); -+ ssh_free(loc->session); -+ loc->session = NULL; -+ return -1; -+ } -+ -+ if (ssh_scp_init(loc->scp) == SSH_ERROR) { -+ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); -+ ssh_scp_free(loc->scp); -+ loc->scp = NULL; -+ ssh_disconnect(loc->session); -+ ssh_free(loc->session); -+ loc->session = NULL; -+ return -1; -+ } -+ return 0; -+ } else if (loc->is_ssh && flag == READ) { -+ loc->session = connect_ssh(loc->host, loc->user, verbosity); -+ if (!loc->session) { -+ fprintf(stderr, "Couldn't connect to %s\n", loc->host); -+ return -1; -+ } -+ -+ loc->scp = ssh_scp_new(loc->session, SSH_SCP_READ, loc->path); -+ if (!loc->scp) { -+ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); -+ ssh_disconnect(loc->session); -+ ssh_free(loc->session); -+ loc->session = NULL; -+ return -1; -+ } -+ -+ if (ssh_scp_init(loc->scp) == SSH_ERROR) { -+ fprintf(stderr, "error : %s\n", ssh_get_error(loc->session)); -+ ssh_scp_free(loc->scp); -+ loc->scp = NULL; -+ ssh_disconnect(loc->session); -+ ssh_free(loc->session); -+ loc->session = NULL; -+ return -1; -+ } -+ return 0; -+ } else { -+ loc->file = fopen(loc->path, flag == READ ? "r":"w"); -+ if (!loc->file) { -+ if (errno == EISDIR) { -+ if (chdir(loc->path)) { -+ fprintf(stderr, -+ "Error changing directory to %s: %s\n", -+ loc->path, strerror(errno)); -+ return -1; -+ } -+ return 0; -+ } -+ fprintf(stderr, -+ "Error opening %s: %s\n", -+ loc->path, strerror(errno)); -+ return -1; -+ } -+ return 0; - } -- return 0; -- } else { -- loc->file=fopen(loc->path,flag==READ ? "r":"w"); -- if(!loc->file){ -- if(errno==EISDIR){ -- if(chdir(loc->path)){ -- fprintf(stderr,"Error changing directory to %s: %s\n",loc->path,strerror(errno)); -- return -1; -- } -- return 0; -- } -- fprintf(stderr,"Error opening %s: %s\n",loc->path,strerror(errno)); -- return -1; -- } -- return 0; -- } -- return -1; -+ return -1; - } - - /** @brief copies files from source location to destination -@@ -174,155 +256,197 @@ static int open_location(struct location *loc, int flag){ - * @param dest destination location - * @param recursive Copy also directories - */ --static int do_copy(struct location *src, struct location *dest, int recursive){ -- int size; -- socket_t fd; -- struct stat s; -- int w,r; -- char buffer[16384]; -- int total=0; -- int mode; -- char *filename = NULL; -- /* recursive mode doesn't work yet */ -- (void)recursive; -- /* Get the file name and size*/ -- if(!src->is_ssh){ -- fd = fileno(src->file); -- if (fd < 0) { -- fprintf(stderr, "Invalid file pointer, error: %s\n", strerror(errno)); -- return -1; -+static int do_copy(struct location *src, struct location *dest, int recursive) { -+ int size; -+ socket_t fd; -+ struct stat s; -+ int w, r; -+ char buffer[16384]; -+ int total = 0; -+ int mode; -+ char *filename = NULL; -+ /* recursive mode doesn't work yet */ -+ (void)recursive; -+ /* Get the file name and size*/ -+ if (!src->is_ssh) { -+ fd = fileno(src->file); -+ if (fd < 0) { -+ fprintf(stderr, -+ "Invalid file pointer, error: %s\n", -+ strerror(errno)); -+ return -1; -+ } -+ r = fstat(fd, &s); -+ if (r < 0) { -+ return -1; -+ } -+ size = s.st_size; -+ mode = s.st_mode & ~S_IFMT; -+ filename = ssh_basename(src->path); -+ } else { -+ size = 0; -+ do { -+ r = ssh_scp_pull_request(src->scp); -+ if (r == SSH_SCP_REQUEST_NEWDIR) { -+ ssh_scp_deny_request(src->scp, "Not in recursive mode"); -+ continue; -+ } -+ if (r == SSH_SCP_REQUEST_NEWFILE) { -+ size = ssh_scp_request_get_size(src->scp); -+ filename = strdup(ssh_scp_request_get_filename(src->scp)); -+ mode = ssh_scp_request_get_permissions(src->scp); -+ //ssh_scp_accept_request(src->scp); -+ break; -+ } -+ if (r == SSH_ERROR) { -+ fprintf(stderr, -+ "Error: %s\n", -+ ssh_get_error(src->session)); -+ ssh_string_free_char(filename); -+ return -1; -+ } -+ } while(r != SSH_SCP_REQUEST_NEWFILE); - } -- r = fstat(fd, &s); -- if (r < 0) { -- return -1; -+ -+ if (dest->is_ssh) { -+ r = ssh_scp_push_file(dest->scp, src->path, size, mode); -+ // snprintf(buffer, sizeof(buffer), "C0644 %d %s\n", size, src->path); -+ if (r == SSH_ERROR) { -+ fprintf(stderr, -+ "error: %s\n", -+ ssh_get_error(dest->session)); -+ ssh_string_free_char(filename); -+ ssh_scp_free(dest->scp); -+ dest->scp = NULL; -+ return -1; -+ } -+ } else { -+ if (!dest->file) { -+ dest->file = fopen(filename, "w"); -+ if (!dest->file) { -+ fprintf(stderr, -+ "Cannot open %s for writing: %s\n", -+ filename, strerror(errno)); -+ if (src->is_ssh) { -+ ssh_scp_deny_request(src->scp, "Cannot open local file"); -+ } -+ ssh_string_free_char(filename); -+ return -1; -+ } -+ } -+ if (src->is_ssh) { -+ ssh_scp_accept_request(src->scp); -+ } - } -- size=s.st_size; -- mode = s.st_mode & ~S_IFMT; -- filename=ssh_basename(src->path); -- } else { -- size=0; -+ - do { -- r=ssh_scp_pull_request(src->scp); -- if(r==SSH_SCP_REQUEST_NEWDIR){ -- ssh_scp_deny_request(src->scp,"Not in recursive mode"); -- continue; -- } -- if(r==SSH_SCP_REQUEST_NEWFILE){ -- size=ssh_scp_request_get_size(src->scp); -- filename=strdup(ssh_scp_request_get_filename(src->scp)); -- mode=ssh_scp_request_get_permissions(src->scp); -- //ssh_scp_accept_request(src->scp); -- break; -- } -- if(r==SSH_ERROR){ -- fprintf(stderr,"Error: %s\n",ssh_get_error(src->session)); -+ if (src->is_ssh) { -+ r = ssh_scp_read(src->scp, buffer, sizeof(buffer)); -+ if (r == SSH_ERROR) { -+ fprintf(stderr, -+ "Error reading scp: %s\n", -+ ssh_get_error(src->session)); -+ ssh_string_free_char(filename); -+ return -1; -+ } -+ -+ if (r == 0) { -+ break; -+ } -+ } else { -+ r = fread(buffer, 1, sizeof(buffer), src->file); -+ if (r == 0) { -+ break; -+ } -+ -+ if (r < 0) { -+ fprintf(stderr, -+ "Error reading file: %s\n", -+ strerror(errno)); -+ ssh_string_free_char(filename); -+ return -1; -+ } -+ } -+ -+ if (dest->is_ssh) { -+ w = ssh_scp_write(dest->scp, buffer, r); -+ if (w == SSH_ERROR) { -+ fprintf(stderr, -+ "Error writing in scp: %s\n", -+ ssh_get_error(dest->session)); -+ ssh_scp_free(dest->scp); -+ dest->scp = NULL; -+ ssh_string_free_char(filename); -+ return -1; -+ } -+ } else { -+ w = fwrite(buffer, r, 1, dest->file); -+ if (w <= 0) { -+ fprintf(stderr, -+ "Error writing in local file: %s\n", -+ strerror(errno)); - ssh_string_free_char(filename); -- return -1; -- } -- } while(r != SSH_SCP_REQUEST_NEWFILE); -- } -- -- if(dest->is_ssh){ -- r=ssh_scp_push_file(dest->scp,src->path, size, mode); -- // snprintf(buffer,sizeof(buffer),"C0644 %d %s\n",size,src->path); -- if(r==SSH_ERROR){ -- fprintf(stderr,"error: %s\n",ssh_get_error(dest->session)); -- ssh_string_free_char(filename); -- ssh_scp_free(dest->scp); -- dest->scp = NULL; -- return -1; -- } -- } else { -- if(!dest->file){ -- dest->file=fopen(filename,"w"); -- if(!dest->file){ -- fprintf(stderr,"Cannot open %s for writing: %s\n",filename,strerror(errno)); -- if(src->is_ssh) -- ssh_scp_deny_request(src->scp,"Cannot open local file"); -- ssh_string_free_char(filename); -- return -1; -- } -- } -- if(src->is_ssh){ -- ssh_scp_accept_request(src->scp); -- } -- } -- do { -- if(src->is_ssh){ -- r=ssh_scp_read(src->scp,buffer,sizeof(buffer)); -- if(r==SSH_ERROR){ -- fprintf(stderr,"Error reading scp: %s\n",ssh_get_error(src->session)); -- ssh_string_free_char(filename); -- return -1; -- } -- if(r==0) -- break; -- } else { -- r=fread(buffer,1,sizeof(buffer),src->file); -- if(r==0) -- break; -- if(r<0){ -- fprintf(stderr,"Error reading file: %s\n",strerror(errno)); -- ssh_string_free_char(filename); -- return -1; -- } -- } -- if(dest->is_ssh){ -- w=ssh_scp_write(dest->scp,buffer,r); -- if(w == SSH_ERROR){ -- fprintf(stderr,"Error writing in scp: %s\n",ssh_get_error(dest->session)); -- ssh_scp_free(dest->scp); -- dest->scp=NULL; -- ssh_string_free_char(filename); -- return -1; -- } -- } else { -- w=fwrite(buffer,r,1,dest->file); -- if(w<=0){ -- fprintf(stderr,"Error writing in local file: %s\n",strerror(errno)); -- ssh_string_free_char(filename); -- return -1; -- } -- } -- total+=r; -- -- } while(total < size); -- ssh_string_free_char(filename); -- printf("wrote %d bytes\n",total); -- return 0; -+ return -1; -+ } -+ } -+ total += r; -+ -+ } while(total < size); -+ -+ ssh_string_free_char(filename); -+ printf("wrote %d bytes\n", total); -+ return 0; - } - --int main(int argc, char **argv){ -- struct location *dest, *src; -- int i; -- int r; -- if(opts(argc,argv)<0) -- return EXIT_FAILURE; -- dest=parse_location(destination); -- if(open_location(dest,WRITE)<0) -- return EXIT_FAILURE; -- for(i=0;iis_ssh && dest->scp != NULL) { -- r=ssh_scp_close(dest->scp); -- if(r == SSH_ERROR){ -- fprintf(stderr,"Error closing scp: %s\n",ssh_get_error(dest->session)); -- ssh_scp_free(dest->scp); -- dest->scp=NULL; -- return -1; -- } -- } else { -- fclose(dest->file); -- dest->file=NULL; -- } -- ssh_disconnect(dest->session); -- ssh_finalize(); -- return 0; -+ -+ for (i = 0; i < nsources; ++i) { -+ src = parse_location(sources[i]); -+ if (src == NULL) { -+ r = EXIT_FAILURE; -+ goto close_dest; -+ } -+ -+ if (open_location(src, READ) < 0) { -+ location_free(src); -+ r = EXIT_FAILURE; -+ goto close_dest; -+ } -+ -+ if (do_copy(src, dest, 0) < 0) { -+ close_location(src); -+ location_free(src); -+ break; -+ } -+ -+ close_location(src); -+ location_free(src); -+ } -+ -+ r = 0; -+ -+close_dest: -+ close_location(dest); -+ location_free(dest); -+end: -+ return r; - } -diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h -index a83bd8a2..a5d046f0 100644 ---- a/include/libssh/libssh.h -+++ b/include/libssh/libssh.h -@@ -630,6 +630,8 @@ typedef int (*ssh_auth_callback) (const char *prompt, char *buf, size_t len, - int echo, int verify, void *userdata); - - LIBSSH_API ssh_key ssh_key_new(void); -+#define SSH_KEY_FREE(x) \ -+ do { if ((x) != NULL) { ssh_key_free(x); x = NULL; } } while(0) - LIBSSH_API void ssh_key_free (ssh_key key); - LIBSSH_API enum ssh_keytypes_e ssh_key_type(const ssh_key key); - LIBSSH_API const char *ssh_key_type_to_char(enum ssh_keytypes_e type); -diff --git a/src/messages.c b/src/messages.c -index 9ddfe15c..8733875c 100644 ---- a/src/messages.c -+++ b/src/messages.c -@@ -430,6 +430,13 @@ void ssh_message_queue(ssh_session session, ssh_message message){ - } - if (session->ssh_message_list != NULL) { - ssh_list_append(session->ssh_message_list, message); -+ } else { -+ /* If the message list couldn't be allocated, the message can't be -+ * enqueued */ -+ ssh_message_reply_default(message); -+ ssh_set_error_oom(session); -+ ssh_message_free(message); -+ return; - } - } - } -diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c -index df7f2714..5f4a4ed8 100644 ---- a/tests/client/torture_auth.c -+++ b/tests/client/torture_auth.c -@@ -534,8 +534,8 @@ static void torture_auth_cert(void **state) { - rc = ssh_userauth_publickey(session, NULL, privkey); - assert_int_equal(rc, SSH_AUTH_SUCCESS); - -- ssh_key_free(privkey); -- ssh_key_free(cert); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(cert); - } - - static void torture_auth_agent_cert(void **state) { -diff --git a/tests/unittests/torture_buffer.c b/tests/unittests/torture_buffer.c -index 4d29a2a5..f5cb8f65 100644 ---- a/tests/unittests/torture_buffer.c -+++ b/tests/unittests/torture_buffer.c -@@ -22,7 +22,7 @@ static int setup(void **state) { - } - - static int teardown(void **state) { -- ssh_buffer_free(*state); -+ SSH_BUFFER_FREE(*state); - - return 0; - } -@@ -125,9 +125,9 @@ static void torture_ssh_buffer_get_ssh_string(void **state) { - for(l=0;lopts.wanted_methods[SSH_KEX], KEXALGORITHMS); - -@@ -223,14 +223,14 @@ static void torture_config_glob(void **state) { - assert_non_null(v); - - assert_string_equal(v, PROXYCMD); -- ssh_string_free_char(v); -+ SSH_STRING_FREE_CHAR(v); - - ret = ssh_options_get(session, SSH_OPTIONS_IDENTITY, &v); - assert_true(ret == 0); - assert_non_null(v); - - assert_string_equal(v, ID_FILE); -- ssh_string_free_char(v); -+ SSH_STRING_FREE_CHAR(v); - #endif /* HAVE_GLOB */ - } - -diff --git a/tests/unittests/torture_hashes.c b/tests/unittests/torture_hashes.c -index 104aa7c9..59e23d28 100644 ---- a/tests/unittests/torture_hashes.c -+++ b/tests/unittests/torture_hashes.c -@@ -41,88 +41,91 @@ static int setup_rsa_key(void **state) - - static int teardown(void **state) - { -- ssh_key_free(*state); -+ SSH_KEY_FREE(*state); - return 0; - } - - static void torture_md5_hash(void **state) - { - ssh_key pubkey = *state; -- unsigned char *hash = NULL; -+ char *hash = NULL; - char *hexa = NULL; - size_t hlen; - int rc = 0; - -- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hlen); -+ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, -+ (unsigned char **)&hash, &hlen); - assert_true(rc == 0); - -- hexa = ssh_get_hexa(hash, hlen); -- ssh_string_free_char((char *)hash); -+ hexa = ssh_get_hexa((unsigned char *)hash, hlen); -+ SSH_STRING_FREE_CHAR(hash); - assert_string_equal(hexa, - "50:15:a0:9b:92:bf:33:1c:01:c5:8c:fe:18:fa:ce:78"); - -- ssh_string_free_char(hexa); -+ SSH_STRING_FREE_CHAR(hexa); - } - - static void torture_sha1_hash(void **state) - { - ssh_key pubkey = *state; -- unsigned char *hash = NULL; -+ char *hash = NULL; - char *sha1 = NULL; - int rc = 0; - size_t hlen; - -- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, &hash, &hlen); -+ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, -+ (unsigned char **)&hash, &hlen); - assert_true(rc == 0); - -- sha1 = ssh_get_b64_unpadded(hash, hlen); -- ssh_string_free_char((char *)hash); -+ sha1 = ssh_get_b64_unpadded((unsigned char *)hash, hlen); -+ SSH_STRING_FREE_CHAR(hash); - assert_string_equal(sha1, "6wP+houujQmxLBiFugTcoeoODCM"); - -- ssh_string_free_char(sha1); -+ SSH_STRING_FREE_CHAR(sha1); - } - - static void torture_sha256_hash(void **state) - { - ssh_key pubkey = *state; -- unsigned char *hash = NULL; -+ char *hash = NULL; - char *sha256 = NULL; - int rc = 0; - size_t hlen; - -- rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256, &hash, &hlen); -+ rc = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256, -+ (unsigned char **)&hash, &hlen); - assert_true(rc == 0); - -- sha256 = ssh_get_b64_unpadded(hash, hlen); -- ssh_string_free_char((char *)hash); -+ sha256 = ssh_get_b64_unpadded((unsigned char *)hash, hlen); -+ SSH_STRING_FREE_CHAR(hash); - assert_string_equal(sha256, "jXstVLLe84fSDo1kEYGn6iumnPCSorhaiWxnJz8VTII"); - -- ssh_string_free_char(sha256); -+ SSH_STRING_FREE_CHAR(sha256); - - } - - static void torture_sha256_fingerprint(void **state) - { - ssh_key pubkey = *state; -- unsigned char *hash = NULL; -+ char *hash = NULL; - char *sha256 = NULL; - int rc = 0; - size_t hlen; - - rc = ssh_get_publickey_hash(pubkey, - SSH_PUBLICKEY_HASH_SHA256, -- &hash, -+ (unsigned char **)&hash, - &hlen); - assert_true(rc == 0); - - sha256 = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA256, -- hash, -+ (unsigned char *)hash, - hlen); -- ssh_string_free_char(discard_const(hash)); -+ SSH_STRING_FREE_CHAR(hash); - assert_string_equal(sha256, - "SHA256:jXstVLLe84fSDo1kEYGn6iumnPCSorhaiWxnJz8VTII"); - -- ssh_string_free_char(sha256); -+ SSH_STRING_FREE_CHAR(sha256); - } - - int torture_run_tests(void) { -diff --git a/tests/unittests/torture_keyfiles.c b/tests/unittests/torture_keyfiles.c -index de924f00..59a4f5ee 100644 ---- a/tests/unittests/torture_keyfiles.c -+++ b/tests/unittests/torture_keyfiles.c -@@ -111,7 +111,7 @@ static void torture_pubkey_from_file(void **state) { - - assert_true(rc == 0); - -- ssh_string_free(pubkey); -+ SSH_STRING_FREE(pubkey); - - /* test if it returns 1 if pubkey doesn't exist */ - unlink(LIBSSH_RSA_TESTKEY ".pub"); -@@ -119,11 +119,17 @@ static void torture_pubkey_from_file(void **state) { - rc = ssh_try_publickey_from_file(session, LIBSSH_RSA_TESTKEY, &pubkey, &type); - assert_true(rc == 1); - -+ /* This free is unnecessary, but the static analyser does not know */ -+ SSH_STRING_FREE(pubkey); -+ - /* test if it returns -1 if privkey doesn't exist */ - unlink(LIBSSH_RSA_TESTKEY); - - rc = ssh_try_publickey_from_file(session, LIBSSH_RSA_TESTKEY, &pubkey, &type); - assert_true(rc == -1); -+ -+ /* This free is unnecessary, but the static analyser does not know */ -+ SSH_STRING_FREE(pubkey); - } - - static int torture_read_one_line(const char *filename, char *buffer, size_t len) { -@@ -210,8 +216,8 @@ static void torture_pubkey_generate_from_privkey(void **state) { - - assert_string_equal(pubkey_line_orig, pubkey_line_new); - -- ssh_string_free(pubkey_orig); -- ssh_string_free(pubkey_new); -+ SSH_STRING_FREE(pubkey_orig); -+ SSH_STRING_FREE(pubkey_new); - } - - /** -diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c -index d9cd6e2a..7addce76 100644 ---- a/tests/unittests/torture_options.c -+++ b/tests/unittests/torture_options.c -@@ -560,7 +560,7 @@ static void torture_bind_options_import_key(void **state) - /* set invalid key */ - rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY, key); - assert_int_equal(rc, -1); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - - /* set rsa key */ - base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0); -diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c -index e8d03904..41ab9063 100644 ---- a/tests/unittests/torture_pki_dsa.c -+++ b/tests/unittests/torture_pki_dsa.c -@@ -82,7 +82,7 @@ static void torture_pki_dsa_import_pubkey_file(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state) -@@ -97,7 +97,7 @@ static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_dsa_import_privkey_base64(void **state) -@@ -115,7 +115,7 @@ static void torture_pki_dsa_import_privkey_base64(void **state) - &key); - assert_true(rc == 0); - -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - #ifdef HAVE_LIBCRYPTO -@@ -154,8 +154,8 @@ static void torture_pki_dsa_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - - /* Test with passphrase */ - rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, -@@ -192,8 +192,8 @@ static void torture_pki_dsa_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - } - #endif - -@@ -215,8 +215,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), -@@ -247,8 +246,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), -@@ -259,7 +257,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) - assert_true(rc == -1); - - /* This free in unnecessary, but the static analyser does not know */ -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - - #ifndef HAVE_LIBCRYPTO - /* test if it returns -1 if passphrase is NULL */ -@@ -272,7 +270,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state) - assert_true(rc == -1); - - /* This free in unnecessary, but the static analyser does not know */ -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - #endif /* HAVE_LIBCRYPTO */ - } - -@@ -299,8 +297,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(keystring, -@@ -328,8 +325,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(keystring, -@@ -339,6 +335,9 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) - &key); - assert_true(rc == -1); - -+ /* This free is unnecessary, but the static analyser does not know */ -+ SSH_KEY_FREE(key); -+ - /* test if it returns -1 if passphrase is NULL */ - rc = ssh_pki_import_privkey_base64(keystring, - NULL, -@@ -346,6 +345,9 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state) - NULL, - &key); - assert_true(rc == -1); -+ -+ /* This free is unnecessary, but the static analyser does not know */ -+ SSH_KEY_FREE(key); - } - - -@@ -371,8 +373,8 @@ static void torture_pki_dsa_publickey_from_privatekey(void **state) - rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); - assert_true(rc == SSH_OK); - -- ssh_key_free(key); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_dsa_import_cert_file(void **state) -@@ -392,7 +394,7 @@ static void torture_pki_dsa_import_cert_file(void **state) - rc = ssh_key_is_public(cert); - assert_true(rc == 1); - -- ssh_key_free(cert); -+ SSH_KEY_FREE(cert); - } - - static void torture_pki_dsa_publickey_base64(void **state) -@@ -443,7 +445,7 @@ static void torture_pki_dsa_publickey_base64(void **state) - - free(b64_key); - free(key_buf); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_dsa_generate_pubkey_from_privkey(void **state) -@@ -482,8 +484,8 @@ static void torture_pki_dsa_generate_pubkey_from_privkey(void **state) - pubkey_generated, - len); - -- ssh_key_free(privkey); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_dsa_duplicate_key(void **state) -@@ -503,7 +505,7 @@ static void torture_pki_dsa_duplicate_key(void **state) - - rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); - assert_true(rc == 0); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - - rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY, - NULL, -@@ -530,11 +532,11 @@ static void torture_pki_dsa_duplicate_key(void **state) - rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(pubkey); -- ssh_key_free(privkey); -- ssh_key_free(privkey_dup); -- ssh_string_free_char(b64_key); -- ssh_string_free_char(b64_key_gen); -+ SSH_KEY_FREE(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(privkey_dup); -+ SSH_STRING_FREE_CHAR(b64_key); -+ SSH_STRING_FREE_CHAR(b64_key_gen); - } - - static void torture_pki_dsa_generate_key(void **state) -@@ -553,8 +555,7 @@ static void torture_pki_dsa_generate_key(void **state) - rc = pki_signature_verify(session,sign,key,DSA_HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key); - assert_true(rc == SSH_OK); -@@ -564,8 +565,7 @@ static void torture_pki_dsa_generate_key(void **state) - rc = pki_signature_verify(session,sign,key,DSA_HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key); - assert_true(rc == SSH_OK); -@@ -575,8 +575,7 @@ static void torture_pki_dsa_generate_key(void **state) - rc = pki_signature_verify(session,sign,key,DSA_HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - ssh_free(session); - } -diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c -index 497c7379..7ef354f7 100644 ---- a/tests/unittests/torture_pki_ecdsa.c -+++ b/tests/unittests/torture_pki_ecdsa.c -@@ -121,7 +121,7 @@ static void torture_pki_ecdsa_import_pubkey_file(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ecdsa_import_pubkey_from_openssh_privkey(void **state) -@@ -136,7 +136,7 @@ static void torture_pki_ecdsa_import_pubkey_from_openssh_privkey(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ecdsa_import_privkey_base64(void **state) -@@ -158,7 +158,7 @@ static void torture_pki_ecdsa_import_privkey_base64(void **state) - assert_true(rc == 1); - - free(key_str); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_ecdsa_publickey_from_privatekey(void **state) -@@ -181,8 +181,8 @@ static void torture_pki_ecdsa_publickey_from_privatekey(void **state) - assert_true(rc == SSH_OK); - - free(key_str); -- ssh_key_free(key); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ecdsa_publickey_base64(void **state) -@@ -219,7 +219,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state) - - free(b64_key); - free(key_buf); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state) -@@ -261,8 +261,8 @@ static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state) - len = torture_pubkey_len(pubkey_original); - assert_int_equal(strncmp(pubkey_original, pubkey_generated, len), 0); - -- ssh_key_free(privkey); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ecdsa_duplicate_key(void **state) -@@ -281,7 +281,7 @@ static void torture_pki_ecdsa_duplicate_key(void **state) - - rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); - assert_true(rc == 0); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - - rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, - NULL, -@@ -307,11 +307,11 @@ static void torture_pki_ecdsa_duplicate_key(void **state) - rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(pubkey); -- ssh_key_free(privkey); -- ssh_key_free(privkey_dup); -- ssh_string_free_char(b64_key); -- ssh_string_free_char(b64_key_gen); -+ SSH_KEY_FREE(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(privkey_dup); -+ SSH_STRING_FREE_CHAR(b64_key); -+ SSH_STRING_FREE_CHAR(b64_key_gen); - } - - /* Test case for bug #147: Private ECDSA key duplication did not carry -@@ -342,9 +342,9 @@ static void torture_pki_ecdsa_duplicate_then_demote(void **state) - assert_true(rc == 0); - assert_int_equal(pubkey->ecdsa_nid, privkey->ecdsa_nid); - -- ssh_key_free(pubkey); -- ssh_key_free(privkey); -- ssh_key_free(privkey_dup); -+ SSH_KEY_FREE(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(privkey_dup); - } - - static void torture_pki_generate_key_ecdsa(void **state) -@@ -373,8 +373,7 @@ static void torture_pki_generate_key_ecdsa(void **state) - assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0); - - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key); - assert_true(rc == SSH_OK); -@@ -391,8 +390,7 @@ static void torture_pki_generate_key_ecdsa(void **state) - assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0); - - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 512, &key); - assert_true(rc == SSH_OK); -@@ -409,8 +407,7 @@ static void torture_pki_generate_key_ecdsa(void **state) - assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0); - - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - ssh_free(session); - } -@@ -451,8 +448,8 @@ static void torture_pki_ecdsa_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - - /* Test with passphrase */ - rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, -@@ -489,8 +486,8 @@ static void torture_pki_ecdsa_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - } - #endif /* HAVE_LIBCRYPTO */ - -@@ -508,7 +505,7 @@ static void torture_pki_ecdsa_name(void **state, const char *expected_name) - etype_char =ssh_pki_key_ecdsa_name(key); - assert_true(strcmp(etype_char, expected_name) == 0); - -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_ecdsa_name256(void **state) -diff --git a/tests/unittests/torture_pki_ed25519.c b/tests/unittests/torture_pki_ed25519.c -index 39012168..a4b147bf 100644 ---- a/tests/unittests/torture_pki_ed25519.c -+++ b/tests/unittests/torture_pki_ed25519.c -@@ -62,7 +62,7 @@ static void torture_pki_ed25519_import_pubkey_file(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ed25519_import_pubkey_from_openssh_privkey(void **state) -@@ -77,7 +77,7 @@ static void torture_pki_ed25519_import_pubkey_from_openssh_privkey(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ed25519_import_privkey_base64(void **state) -@@ -106,7 +106,7 @@ static void torture_pki_ed25519_import_privkey_base64(void **state) - assert_true(rc == 1); - - free(key_str); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - - } - -@@ -141,7 +141,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state) - NULL, - &b64_key); - assert_return_code(rc, errno); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - - rc = ssh_pki_import_privkey_base64(b64_key, - passphrase, -@@ -157,7 +157,7 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state) - assert_true(rc == 1); - - SSH_STRING_FREE_CHAR(b64_key); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_ed25519_publickey_from_privatekey(void **state) -@@ -184,8 +184,8 @@ static void torture_pki_ed25519_publickey_from_privatekey(void **state) - rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); - assert_true(rc == SSH_OK); - -- ssh_key_free(key); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ed25519_publickey_base64(void **state) -@@ -222,7 +222,7 @@ static void torture_pki_ed25519_publickey_base64(void **state) - - free(b64_key); - free(key_buf); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state) -@@ -261,8 +261,8 @@ static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state) - pubkey_generated, - len); - -- ssh_key_free(privkey); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_ed25519_generate_key(void **state) -@@ -293,8 +293,7 @@ static void torture_pki_ed25519_generate_key(void **state) - assert_true(rc == SSH_ERROR); - - ssh_signature_free(sign); -- ssh_key_free(key); -- key=NULL; -+ SSH_KEY_FREE(key); - - ssh_free(session); - } -@@ -336,7 +335,7 @@ static void torture_pki_ed25519_write_privkey(void **state) - assert_true(rc == 0); - - unlink(LIBSSH_ED25519_TESTKEY); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(privkey); - /* do the same with passphrase */ - rc = ssh_pki_export_privkey_file(origkey, - torture_get_testkey_passphrase(), -@@ -365,8 +364,8 @@ static void torture_pki_ed25519_write_privkey(void **state) - assert_true(rc == 0); - unlink(LIBSSH_ED25519_TESTKEY); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - - /* Test with passphrase */ - rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE, -@@ -404,8 +403,8 @@ static void torture_pki_ed25519_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - } - - static void torture_pki_ed25519_sign(void **state) -@@ -441,8 +440,8 @@ static void torture_pki_ed25519_sign(void **state) - assert_memory_equal(ssh_string_data(blob), ref_signature, sizeof(ref_signature)); - /* ssh_print_hexa("signature", ssh_string_data(blob), ssh_string_len(blob)); */ - ssh_signature_free(sig); -- ssh_key_free(privkey); -- ssh_string_free(blob); -+ SSH_KEY_FREE(privkey); -+ SSH_STRING_FREE(blob); - - } - -@@ -473,8 +472,8 @@ static void torture_pki_ed25519_verify(void **state){ - ssh_signature_free(sig); - /* alter signature and expect false result */ - -- ssh_key_free(pubkey); -- ssh_string_free(blob); -+ SSH_KEY_FREE(pubkey); -+ SSH_STRING_FREE(blob); - free(pkey_ptr); - } - -@@ -509,8 +508,8 @@ static void torture_pki_ed25519_verify_bad(void **state){ - ssh_signature_free(sig); - - } -- ssh_key_free(pubkey); -- ssh_string_free(blob); -+ SSH_KEY_FREE(pubkey); -+ SSH_STRING_FREE(blob); - free(pkey_ptr); - } - -@@ -535,8 +534,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(testkey, -@@ -545,7 +543,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_ed25519_privkey_dup(void **state) -@@ -572,8 +570,8 @@ static void torture_pki_ed25519_privkey_dup(void **state) - dup = ssh_key_dup(key); - assert_non_null(dup); - -- ssh_key_free(key); -- ssh_key_free(dup); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(dup); - } - - static void torture_pki_ed25519_pubkey_dup(void **state) -@@ -609,8 +607,8 @@ static void torture_pki_ed25519_pubkey_dup(void **state) - assert_true(rc == 1); - - SAFE_FREE(pub_str); -- ssh_key_free(pubkey); -- ssh_key_free(dup); -+ SSH_KEY_FREE(pubkey); -+ SSH_KEY_FREE(dup); - } - - int torture_run_tests(void) { -diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c -index 0d5e97fa..15ad6466 100644 ---- a/tests/unittests/torture_pki_rsa.c -+++ b/tests/unittests/torture_pki_rsa.c -@@ -84,7 +84,7 @@ static void torture_pki_rsa_import_pubkey_file(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_rsa_import_pubkey_from_openssh_privkey(void **state) -@@ -99,7 +99,7 @@ static void torture_pki_rsa_import_pubkey_from_openssh_privkey(void **state) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_rsa_import_privkey_base64_NULL_key(void **state) -@@ -131,7 +131,7 @@ static void torture_pki_rsa_import_privkey_base64_NULL_str(void **state) - rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key); - assert_true(rc == -1); - -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_rsa_import_privkey_base64(void **state) -@@ -160,7 +160,7 @@ static void torture_pki_rsa_import_privkey_base64(void **state) - assert_true(rc == 1); - - free(key_str); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_rsa_publickey_from_privatekey(void **state) -@@ -185,8 +185,8 @@ static void torture_pki_rsa_publickey_from_privatekey(void **state) - rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); - assert_true(rc == SSH_OK); - -- ssh_key_free(key); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_rsa_copy_cert_to_privkey(void **state) -@@ -239,9 +239,9 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state) - rc = ssh_pki_copy_cert_to_privkey(cert, privkey); - assert_true(rc == SSH_ERROR); - -- ssh_key_free(cert); -- ssh_key_free(privkey); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(cert); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_rsa_import_cert_file(void **state) { -@@ -260,7 +260,7 @@ static void torture_pki_rsa_import_cert_file(void **state) { - rc = ssh_key_is_public(cert); - assert_true(rc == 1); - -- ssh_key_free(cert); -+ SSH_KEY_FREE(cert); - } - - static void torture_pki_rsa_publickey_base64(void **state) -@@ -297,7 +297,7 @@ static void torture_pki_rsa_publickey_base64(void **state) - - free(b64_key); - free(key_buf); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - } - - static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) { -@@ -335,8 +335,8 @@ static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) { - pubkey_generated, - len); - -- ssh_key_free(privkey); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(pubkey); - } - - static void torture_pki_rsa_duplicate_key(void **state) -@@ -356,7 +356,7 @@ static void torture_pki_rsa_duplicate_key(void **state) - - rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); - assert_true(rc == 0); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, - NULL, -@@ -382,11 +382,11 @@ static void torture_pki_rsa_duplicate_key(void **state) - rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(pubkey); -- ssh_key_free(privkey); -- ssh_key_free(privkey_dup); -- ssh_string_free_char(b64_key); -- ssh_string_free_char(b64_key_gen); -+ SSH_KEY_FREE(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(privkey_dup); -+ SSH_STRING_FREE_CHAR(b64_key); -+ SSH_STRING_FREE_CHAR(b64_key_gen); - } - - static void torture_pki_rsa_generate_key(void **state) -@@ -405,7 +405,7 @@ static void torture_pki_rsa_generate_key(void **state) - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - key=NULL; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); -@@ -416,7 +416,7 @@ static void torture_pki_rsa_generate_key(void **state) - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - key=NULL; - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); -@@ -427,7 +427,7 @@ static void torture_pki_rsa_generate_key(void **state) - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); - assert_true(rc == SSH_OK); - ssh_signature_free(sign); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - key=NULL; - - ssh_free(session); -@@ -477,7 +477,7 @@ static void torture_pki_rsa_sha2(void **state) - ssh_signature_free(sign); - - /* Cleanup */ -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - ssh_free(session); - } - -@@ -518,8 +518,8 @@ static void torture_pki_rsa_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - - /* Test with passphrase */ - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, -@@ -557,8 +557,8 @@ static void torture_pki_rsa_write_privkey(void **state) - rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE); - assert_true(rc == 0); - -- ssh_key_free(origkey); -- ssh_key_free(privkey); -+ SSH_KEY_FREE(origkey); -+ SSH_KEY_FREE(privkey); - } - #endif /* HAVE_LIBCRYPTO */ - -@@ -581,8 +581,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), -@@ -591,8 +590,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - #ifndef HAVE_LIBCRYPTO - /* test if it returns -1 if passphrase is NULL */ -@@ -603,8 +601,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - #endif - } - -@@ -631,8 +628,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(keystring, -@@ -641,8 +637,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is NULL */ - /* libcrypto asks for a passphrase, so skip this test */ -@@ -652,8 +647,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - } - - int torture_run_tests(void) { -diff --git a/tests/unittests/torture_threads_buffer.c b/tests/unittests/torture_threads_buffer.c -index e3cebdc9..2e6f30b6 100644 ---- a/tests/unittests/torture_threads_buffer.c -+++ b/tests/unittests/torture_threads_buffer.c -@@ -87,7 +87,7 @@ static void *thread_growing_buffer(void *threadid) - } - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -@@ -134,14 +134,14 @@ static void *thread_growing_buffer_shifting(void *threadid) - if (ssh_buffer_get_len(buffer) * 4 < buffer->allocated) { - assert_true(ssh_buffer_get_len(buffer) * 4 >= buffer->allocated); - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - } - } - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -@@ -198,7 +198,7 @@ static void *thread_buffer_prepend(void *threadid) - assert_memory_equal(ssh_buffer_get(buffer), "12345bcdef", 10); - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -@@ -247,9 +247,9 @@ static void *thread_ssh_buffer_get_ssh_string(void *threadid) - for (l = 0; l < k; ++l) { - ssh_string str = ssh_buffer_get_ssh_string(buffer); - assert_null(str); -- ssh_string_free(str); -+ SSH_STRING_FREE(str); - } -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - } - } - } -@@ -316,10 +316,10 @@ static void *thread_ssh_buffer_add_format(void *threadid) - assert_int_equal(len, sizeof(verif) - 1); - assert_memory_equal(ssh_buffer_get(buffer), verif, sizeof(verif) -1); - -- ssh_string_free(s); -+ SSH_STRING_FREE(s); - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -@@ -397,7 +397,7 @@ static void *thread_ssh_buffer_get_format(void *threadid) { - SAFE_FREE(s2); - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -@@ -458,7 +458,7 @@ static void *thread_ssh_buffer_get_format_error(void *threadid) - assert_true(s2 == NULL); - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -@@ -514,7 +514,7 @@ static void *thread_buffer_pack_badformat(void *threadid) - * it could crash the process */ - - /* Teardown */ -- ssh_buffer_free(buffer); -+ SSH_BUFFER_FREE(buffer); - pthread_exit(NULL); - } - -diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c -index d19d8bbf..1313f566 100644 ---- a/tests/unittests/torture_threads_pki_rsa.c -+++ b/tests/unittests/torture_threads_pki_rsa.c -@@ -143,7 +143,7 @@ static void *thread_pki_rsa_import_pubkey_file(void *threadid) - assert_return_code(rc, errno); - assert_non_null(pubkey); - -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - - pthread_exit(NULL); - } -@@ -201,7 +201,7 @@ static void *thread_pki_rsa_import_privkey_base64_NULL_str(void *threadid) - rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key); - assert_true(rc == -1); - -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - pthread_exit(NULL); - } - -@@ -242,7 +242,7 @@ static void *thread_pki_rsa_import_privkey_base64(void *threadid) - assert_true(ok); - - free(key_str); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - - pthread_exit(NULL); - } -@@ -283,8 +283,8 @@ static void *thread_pki_rsa_publickey_from_privatekey(void *threadid) - assert_true(rc == SSH_OK); - assert_non_null(pubkey); - -- ssh_key_free(key); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(key); -+ SSH_KEY_FREE(pubkey); - pthread_exit(NULL); - } - -@@ -349,9 +349,9 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid) - rc = ssh_pki_copy_cert_to_privkey(cert, privkey); - assert_true(rc == SSH_ERROR); - -- ssh_key_free(cert); -- ssh_key_free(privkey); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(cert); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(pubkey); - pthread_exit(NULL); - } - -@@ -383,7 +383,7 @@ static void *thread_pki_rsa_import_cert_file(void *threadid) - rc = ssh_key_is_public(cert); - assert_true(rc == 1); - -- ssh_key_free(cert); -+ SSH_KEY_FREE(cert); - pthread_exit(NULL); - } - -@@ -432,7 +432,7 @@ static void *thread_pki_rsa_publickey_base64(void *threadid) - - free(b64_key); - free(key_buf); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - pthread_exit(NULL); - } - -@@ -464,7 +464,7 @@ static void *thread_pki_rsa_duplicate_key(void *threadid) - - rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key); - assert_true(rc == 0); -- ssh_key_free(pubkey); -+ SSH_KEY_FREE(pubkey); - - rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, - NULL, -@@ -489,11 +489,11 @@ static void *thread_pki_rsa_duplicate_key(void *threadid) - cmp = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); - assert_true(cmp == 0); - -- ssh_key_free(pubkey); -- ssh_key_free(privkey); -- ssh_key_free(privkey_dup); -- ssh_string_free_char(b64_key); -- ssh_string_free_char(b64_key_gen); -+ SSH_KEY_FREE(pubkey); -+ SSH_KEY_FREE(privkey); -+ SSH_KEY_FREE(privkey_dup); -+ SSH_STRING_FREE_CHAR(b64_key); -+ SSH_STRING_FREE_CHAR(b64_key_gen); - pthread_exit(NULL); - } - -@@ -531,8 +531,7 @@ static void *thread_pki_rsa_generate_key(void *threadid) - assert_ssh_return_code(session, rc); - - ssh_signature_free(sign); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); - assert_ssh_return_code(session, rc); -@@ -545,8 +544,7 @@ static void *thread_pki_rsa_generate_key(void *threadid) - assert_ssh_return_code(session, rc); - - ssh_signature_free(sign); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - - rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); -@@ -560,7 +558,7 @@ static void *thread_pki_rsa_generate_key(void *threadid) - assert_true(rc == SSH_OK); - - ssh_signature_free(sign); -- ssh_key_free(key); -+ SSH_KEY_FREE(key); - key = NULL; - - ssh_free(session); -@@ -596,8 +594,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid) - rc = ssh_key_is_private(key); - assert_true(rc == 1); - -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - /* test if it returns -1 if passphrase is wrong */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), -@@ -606,8 +603,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - - #ifndef HAVE_LIBCRYPTO - /* test if it returns -1 if passphrase is NULL */ -@@ -618,8 +614,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid) - NULL, - &key); - assert_true(rc == -1); -- ssh_key_free(key); -- key = NULL; -+ SSH_KEY_FREE(key); - #endif - pthread_exit(NULL); - } diff --git a/libssh.spec b/libssh.spec index 2eb5c71..0b7289c 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh -Version: 0.8.3 -Release: 3%{?dist} +Version: 0.8.4 +Release: 1%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -9,8 +9,6 @@ Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring -Patch1: libssh-0.8.3-fix-covscan-errors.patch - BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ @@ -106,6 +104,11 @@ popd %{_libdir}/libssh_threads.so %changelog +* Tue Oct 16 2018 Andreas Schneider - 0.8.4-1 +- Update to version 0.8.4 + https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release +- Fixes CVE-2018-10933 + * Mon Oct 01 2018 Anderson Sasaki - 0.8.3-3 - Fixed errors found by static code analysis diff --git a/sources b/sources index 2c8d9eb..6debfcb 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libssh-0.8.3.tar.xz) = 09e7ccbb2c584a9e51366a43f08f80cc5775c649886736629ab10f3520432d107c93e94a54c7d7e49a68f8f3b5d268bf1985acbe08d29dbffbfc0c53a4937ea5 -SHA512 (libssh-0.8.3.tar.xz.asc) = b67e639b737f7765d1481e09d655174660417280f6e8d4bee1a7d1d6130df999ba6c0bee284cb2825a1a11eeacde8b9a2368fecdc6428c31a818e6a13fcf754d +SHA512 (libssh-0.8.4.tar.xz) = 73d685bab2e88ff6b03c95cc13f1bd341bce4c527353c7e4870865d236cfbe23dfd2d198a1ec1531aed1afd700ce8e5b738ec68ca9152a4b6ae63dd6cbbf0d51 +SHA512 (libssh-0.8.4.tar.xz.asc) = ee6d5993bf3c9c7f3634109996f0d2aa8046f5c87aca6a24f557510308ec7c5ebbdab985cef84733dba3eacd2384bf7a7548c633b16e470e4926c9e85acedaaa