[BUG] Error on git sync: "parameter must be ECParameterSpec ..."

[cmol]

Describe the bug
When running a git operation, a popup with the following text occurs:

"An error occured during a Git operation

parameter must be ECParameterSync or ECGenParameterSpec"

The repo is not syncronized.

To Reproduce
Steps to reproduce the behavior:

1. Open application
2. Synchronize the repo

Expected behavior
Git repo synchronizes.

Device information:

• Device: Google pixel 3a
• OS: stock ROM Android version 11
• App version 1.12.0

[msfjarvis]

Can you provide more information regarding the authentication and the Git host that you're using?

[cmol]

I'm using ssh-keys and are running git over ssh.
Basically I have just initialized a bare repo on a debian box.

[cmol]

It should also be noted that this has worked for a long time. It is now a new clone of the repo I am seeing this issue with.

[fmeum]

Could you provide more information on what type of SSH key you are using and whether you imported or generated it in Password Store? Also, do you know which host key types your server is offering?

[cmol]

I am using imported 4096 bit RSA keys.

Host keys:
2048 bit RSA
1024 bit DSA
256 bit ECDSA

[fmeum]

I am using imported 4096 bit RSA keys.

Host keys:
2048 bit RSA
1024 bit DSA
256 bit ECDSA

I might have an idea then, I'll investigate.

[cmol]

It should also be noted that this has worked for a long time. It is now a new clone of the repo I am seeing this issue with.

Just realized I made a typo here. It's supposed to say "NOT a new clone".

[fmeum]

I can reproduce the issue: An Android compatibility issue in SSHJ lets ECDSA key exchanges fail. Since we rank them relatively high in our config, the only workaround I see at the moment is to upgrade the server to an OpenSSH version with support for Curve25519 based key exchange.

@msfjarvis I could work around this and a different issue that prevents connections to hosts with only ECDSA host keys by reordering the ciphers in our config. Would this warrant a point release or should we wait a bit longer for a new SSHJ release?

[msfjarvis]

I can reproduce the issue: An Android compatibility issue in SSHJ lets ECDSA key exchanges fail. Since we rank them relatively high in our config, the only workaround I see at the moment is to upgrade the server to an OpenSSH version with support for Curve25519 based key exchange.

@msfjarvis I could work around this and a different issue that prevents connections to hosts with only ECDSA host keys by reordering the ciphers in our config. Would this warrant a point release or should we wait a bit longer for a new SSHJ release?

I say we land the fix now but a new patch release doesn't seem worthwhile since the bug isn't particularly widespread.

[fmeum]

I submitted the upstream PR: hierynomus/sshj#636 and will draft a workaround shortly.

[cmol]

I can reproduce the issue: An Android compatibility issue in SSHJ lets ECDSA key exchanges fail. Since we rank them relatively high in our config, the only workaround I see at the moment is to upgrade the server to an OpenSSH version with support for Curve25519 based key exchange.

@msfjarvis I could work around this and a different issue that prevents connections to hosts with only ECDSA host keys by reordering the ciphers in our config. Would this warrant a point release or should we wait a bit longer for a new SSHJ release?

That was a quick process! I'm assuming this will be in the next release? And do you know when that will hit the play store?

[cmol]

And thank you :)

[msfjarvis]

That was a quick process! I'm assuming this will be in the next release? And do you know when that will hit the play store?

The issue is linked to the milestone for the next release, which contains our expected timeline.