Page MenuHomePhabricator

Extend pkd_hello compatibility with dropbear 2020.79 (from 15 June 2020)
Open, Needs TriagePublic

Description

The recent dropbear version implements new ciphers (chacha20-poly1305), signature algorithms (rsa-sha2, ed25519) and removes support for some outdated ones (*-cbc modes of ciphers, hmacs sha1).

This makes it failing pkd_hello tests in CI with the following errors:

[root@b705e659d95c obj]# cat tests/pkd/*.err 
dbclient: This Dropbear program does not support '3des-cbc' cipher algorithm

dbclient: Exited: No valid ciphers specified for '-c'
dbclient: This Dropbear program does not support 'aes128-cbc' cipher algorithm

dbclient: Exited: No valid ciphers specified for '-c'
dbclient: This Dropbear program does not support 'aes256-cbc' cipher algorithm
[...]

Additionally, it does not test interoperability with new algorithms.

Simple fix is to remove *cbc modes from test, but correct one would be to do some runtime algorithm detection so we can extend interoperability tests.

https://matt.ucc.asn.au/dropbear/CHANGES