Add support for RSA SHA-2 public key algorithms #1177
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rob-Hague
requested review from
drieseng and
WojciechNagorski
as code owners
|
@Rob-Hague I've pushed some changes to this PR. Can you review this? |
Rob-Hague
commented
Sep 19, 2023
|
Thanks! I should have paid more attention to |
|
Thanks to removing PubkeyAcceptedAlgorithms from the config file we know that SSH.NET supports the latest version of OpenSSH without any hack (configuration). |
| @@ -14,13 +13,23 @@ public class RsaDigitalSignature : CipherDigitalSignature, IDisposable | |||
| private HashAlgorithm _hash; | |||
|
|
|||
| /// <summary> | |||
| /// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class. | |||
| /// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class with the SHA-1 hash algorithm. | |||
| /// </summary> | |||
| /// <param name="rsaKey">The RSA key.</param> | |||
| public RsaDigitalSignature(RsaKey rsaKey) | |||
There was a problem hiding this comment.
how about adding [Obsolete("Comment")] and using always new constructor?
There was a problem hiding this comment.
I do not think it is necessary here
(but I don't mind)
|
It looks that everything is ready. I have to look over |
WojciechNagorski
approved these changes
Sep 23, 2023
There was a problem hiding this comment.
Great work! Without you, we definitely wouldn't have rsa-sha-256 and rsa-sha-512 in this release. I'm merging this PR as is, but I will change the approach for IHostAlgorithmsProvide in the next PR. I've done many tests and experiments and it turned out that this was not the best approach.
WojciechNagorski
added a commit
to WojciechNagorski/SSH.NET
that referenced
this pull request
Sep 23, 2023
WojciechNagorski
added a commit
that referenced
this pull request
Sep 23, 2023
This was referenced Sep 23, 2023
This was referenced Sep 23, 2023
Closed
|
Awesome. Your approach to |
|
When are you thinking to release? |
|
This week or next. |
|
@WojciechNagorski I am very grateful about this release :) It will help us a lot. Thank you! |
|
I tested it with the current development branch. But it is still not working for me. Over console window with ssh root@xyz it works fine.
Exception in ClientAuthentication.cs: Do you have any Idea? Thank you all! |
|
Can you step through What are the algorithms returned in edit: your key path also says ed25519. Are you sure this is related to rsa? |
|
Thank you ... sure
|
|
Your key is an ed25519 so I would suggest that it is not related to this PR. Would you mind opening another issue and pasting the result of ssh console command with "-v" (verbose) argument? |
Do you have any update to share on the delivery timeline please ? |
|
@YohanSciubukgian If it doesn't work out this week, I'll do it at the beginning of next week, regardless of the thing I'm waiting for. |
WojciechNagorski
added a commit
that referenced
this pull request
Oct 10, 2023
* Assets/logos (#782) * Added logo assets * Added PNG 1260x640 with white border Co-authored-by: 103filgualan <f.gualandi@crif.com> * OPENSSH KeyReader for more keys (#614) * OPENSSH KeyReader for more keys Add support to parse OpenSSH Keys with ECDSA 256/384/521 and RSA. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key Change-Id: Iaa9cce0f2522e5fee377a82cb252f81f0b7cc563 * Fix ED25519Key KeyLength * Fix ED25519 PubKey-auth LeadingZeros of BigInteger-Conversion have to be removed before sending the Key. * Add interface to SftpFile #120 (#812) * Create ISftpFile interface. SftpFile sealed. Return ISftpFile from SftpClient instead of SftpFile. Make ISftpClient interface disposable. Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> * Start MessageListener with ThreadAbstraction.ExecuteThreadLongRunning (#902) * Fix Thread pool exhaustion due to MessageListener running on ThreadPool * Mark long running thread as background * Add async support to SftpClient and SftpFileStream (#819) * Add FEATURE_TAP and net472 target * Add TAP async support to SftpClient and SftpFileStream * Add async support to DnsAbstraction and SocketAbstraction * Add async support to *Connector and refactor the hierarchy * Add ConnectAsync to BaseClient * Add CODEOWNERS file. * Fix virus false-positive by Defender on Renci.SSHNet.Tests.dll (#867) Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> * Add unit tests for task-based asynchronous API (#906) * Fix runtime and culture dependant tests. * Set C# 7.3 in Tests.csproj to limit intellisense's suggestions under different targets * Add SftpClientTest.*Async * Add SftpFileStreamTest_OpenAsync_* * Add SftpFileStreamTest_WriteAsync_* * Add SftpFileStreamTest_ReadAsync_* * Align AppVeyor script with Test project target frameworks * correct 'Documenation' to 'Documentation' (#838) in the documentation's window title * Agent auth and Keygen (#794) * Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile. * Use cryptographically secure random number generator. Fixes CVE-2022-29245. * Remove unused import. * Add IBaseClient for BaseClient and ISftpClient to inherit from (#975) Add IBaseClient for BaseClient and ISftpClient to inherit from * fix typo (#999) * Fix Seek Operations in SftpFileStream (#910) * Fix offset operations in SftpFileStream.Seek * Fix seek exception message and add default case for invalid seek origin * Use named params when throwing ArgumentException * Add tests for seeking from end of file * Add back copyright to license. (#1060) Fixes #1059. * Removing old target frameworks (#1109) Remove support for legacy / deprecated target frameworks while adding support for .NET 6.0 (and higher). The supported target frameworks are now: * .NETFramework 4.6.2 (and higher) * .NET Standard 2.0 * .NET 6.0 (and higher) * Remove old features [Part 1] (#1117) Remove obsolete feature switches (now that we've remove support for legacy target frameworks) and remove corresponding conditional code. * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES (#1119) * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES * Add exception documentation * Fix some (lots of) issues reported by analyzers. (#1125) Fix some (lots of) issues reported by analyzers. * Round 2 of analyzer fixes and general cleanup. (#1132) * Analyzer fixes round 3. (#1135) * Replace Array<T>.Empty with Array.Empty<T>() (#1137) * Replace IsNullOrWhiteSpace extension (#1142) * Use License Expression for NuGet Package licenseUrl is deprecated, see NuGet/Announcements#32 * Integration tests * Remove todos * Update CODEOWNERS * Use correct SSH.NET * ListDirectoryAsync return IAsyncEnumerable (#1126) * ListDirectoryAsync return IAsyncEnumerable * Fix documentation * Update README.md * Fix * Add Sftp ListDirectoryAsync test * Revert * Integration tests for ListDirectoryAsync with IAsyncEnumerable * Fix the assembly resolution build warning (#1165) * Delete performance/longrunning tests (#1143) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Move Integration tests (#1173) * Renci.SshNet.IntegrationTests * Renci.SshNet.TestTools.OpenSSH * Move integration tests to main repo * Move old tests to new integration tests * Move old integration tests to new integration tests * Move more tests * Move authentication tests * Move SshClientTests * Fix some tests * Remove duplicated test * Poc of ProcessDisruptor * Rename * Some fixes * Remove performance tests * Small improvements * Add a benchmarks project (#1151) * Add a benchmarks project * Small improvements --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() (#936) * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() * merge * Update src/Renci.SshNet/Session.cs Co-authored-by: Rob Hague <rob.hague00@gmail.com> --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> * Support SHA256 fingerprints for host key validation (#1098) * Add tests for HostKeyEventArgs * Add SHA256 fingerprint support * Add support for RSA SHA-2 public key algorithms (#1177) * Abstract out the hash algorithm from RsaDigitalSignature * Add integration tests * Add DigitalSignature property to KeyHostAlgorithm * Add IHostAlgorithmsProvider interface * Verify the host signature * Fix HostKeyEventArgsTest after merge * Remove PubkeyAcceptedAlgorithms ssh-rsa * Add test coverage for RSA keys in PrivateKeyFile * Obsolete IPrivateKeySource --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Improvements after #1177 (#1180) * Use ExceptionDispatchInfo in more places (#1182) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Try to "fix" the flaky test (#1185) * Enable DSA tests (#1181) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * FingerPrints (#1186) * Use OS-agnostic socket error codes to allow tests run on different OSes (#1179) SocketErrorCode is OS agnostic, ErrorCode is OS specific. On Windows ErrorCode = (int) SocketErrorCode, but on Mac and Unix it is not. For example ExitCode for HostNotFound (11001) on Windows is 11001, on Mac & Unix is -131073. So testing for ExitCode == 11001 fails on Mac & Unix. Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Fix for channel session semaphore from thread blocking (#1071) * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Update Channel to fix AppVeyor failure (field should be readonly) * Update ISftpClient for #120 (#1193) * Implement set last write and access time (#1194) * Add/migrate hmac+cipher integration tests (#1189) * Add/migrate hmac+cipher integration tests * fix integration tests --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Update tests for SetLastAccessTime(Utc) to also verify the time component and the Kind of the DateTime value returned by GetLastAccessTime(Utc). (#1198) --------- Co-authored-by: Filippo Gualandi <filippo.gualandi@gmail.com> Co-authored-by: 103filgualan <f.gualandi@crif.com> Co-authored-by: Stefan Rinkes <darinkes@users.noreply.github.com> Co-authored-by: wxtsxt <wojciech.swieboda@gmail.com> Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> Co-authored-by: Igor Milavec <igor.milavec@gmail.com> Co-authored-by: drieseng <gert.driesen@telenet.be> Co-authored-by: Pedro Fonseca <pbfonseca@gmail.com> Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> Co-authored-by: Maximiliano Jabase <maxijabase@gmail.com> Co-authored-by: Owen Krueger <37021716+Owen-Krueger@users.noreply.github.com> Co-authored-by: Masuri <psh0258@gmail.com> Co-authored-by: LemonPi314 <49930425+LemonPi314@users.noreply.github.com> Co-authored-by: Gert Driesen <gertdriesen@msn.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> Co-authored-by: Rob Hague <rh@johnstreetcapital.com> Co-authored-by: Marius Thesing <marius.thesing@gmail.com> Co-authored-by: Dāvis Mošenkovs <davikovs@gmail.com> Co-authored-by: Dmitry Tsarevich <dimhotepus@users.noreply.github.com> Co-authored-by: Patrick Yates <114094360+patrick-yates-redgate@users.noreply.github.com>
WojciechNagorski
added a commit
that referenced
this pull request
Dec 29, 2023
* Release 2023.0.0 (#1201) * Assets/logos (#782) * Added logo assets * Added PNG 1260x640 with white border Co-authored-by: 103filgualan <f.gualandi@crif.com> * OPENSSH KeyReader for more keys (#614) * OPENSSH KeyReader for more keys Add support to parse OpenSSH Keys with ECDSA 256/384/521 and RSA. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key Change-Id: Iaa9cce0f2522e5fee377a82cb252f81f0b7cc563 * Fix ED25519Key KeyLength * Fix ED25519 PubKey-auth LeadingZeros of BigInteger-Conversion have to be removed before sending the Key. * Add interface to SftpFile #120 (#812) * Create ISftpFile interface. SftpFile sealed. Return ISftpFile from SftpClient instead of SftpFile. Make ISftpClient interface disposable. Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> * Start MessageListener with ThreadAbstraction.ExecuteThreadLongRunning (#902) * Fix Thread pool exhaustion due to MessageListener running on ThreadPool * Mark long running thread as background * Add async support to SftpClient and SftpFileStream (#819) * Add FEATURE_TAP and net472 target * Add TAP async support to SftpClient and SftpFileStream * Add async support to DnsAbstraction and SocketAbstraction * Add async support to *Connector and refactor the hierarchy * Add ConnectAsync to BaseClient * Add CODEOWNERS file. * Fix virus false-positive by Defender on Renci.SSHNet.Tests.dll (#867) Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> * Add unit tests for task-based asynchronous API (#906) * Fix runtime and culture dependant tests. * Set C# 7.3 in Tests.csproj to limit intellisense's suggestions under different targets * Add SftpClientTest.*Async * Add SftpFileStreamTest_OpenAsync_* * Add SftpFileStreamTest_WriteAsync_* * Add SftpFileStreamTest_ReadAsync_* * Align AppVeyor script with Test project target frameworks * correct 'Documenation' to 'Documentation' (#838) in the documentation's window title * Agent auth and Keygen (#794) * Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile. * Use cryptographically secure random number generator. Fixes CVE-2022-29245. * Remove unused import. * Add IBaseClient for BaseClient and ISftpClient to inherit from (#975) Add IBaseClient for BaseClient and ISftpClient to inherit from * fix typo (#999) * Fix Seek Operations in SftpFileStream (#910) * Fix offset operations in SftpFileStream.Seek * Fix seek exception message and add default case for invalid seek origin * Use named params when throwing ArgumentException * Add tests for seeking from end of file * Add back copyright to license. (#1060) Fixes #1059. * Removing old target frameworks (#1109) Remove support for legacy / deprecated target frameworks while adding support for .NET 6.0 (and higher). The supported target frameworks are now: * .NETFramework 4.6.2 (and higher) * .NET Standard 2.0 * .NET 6.0 (and higher) * Remove old features [Part 1] (#1117) Remove obsolete feature switches (now that we've remove support for legacy target frameworks) and remove corresponding conditional code. * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES (#1119) * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES * Add exception documentation * Fix some (lots of) issues reported by analyzers. (#1125) Fix some (lots of) issues reported by analyzers. * Round 2 of analyzer fixes and general cleanup. (#1132) * Analyzer fixes round 3. (#1135) * Replace Array<T>.Empty with Array.Empty<T>() (#1137) * Replace IsNullOrWhiteSpace extension (#1142) * Use License Expression for NuGet Package licenseUrl is deprecated, see NuGet/Announcements#32 * Integration tests * Remove todos * Update CODEOWNERS * Use correct SSH.NET * ListDirectoryAsync return IAsyncEnumerable (#1126) * ListDirectoryAsync return IAsyncEnumerable * Fix documentation * Update README.md * Fix * Add Sftp ListDirectoryAsync test * Revert * Integration tests for ListDirectoryAsync with IAsyncEnumerable * Fix the assembly resolution build warning (#1165) * Delete performance/longrunning tests (#1143) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Move Integration tests (#1173) * Renci.SshNet.IntegrationTests * Renci.SshNet.TestTools.OpenSSH * Move integration tests to main repo * Move old tests to new integration tests * Move old integration tests to new integration tests * Move more tests * Move authentication tests * Move SshClientTests * Fix some tests * Remove duplicated test * Poc of ProcessDisruptor * Rename * Some fixes * Remove performance tests * Small improvements * Add a benchmarks project (#1151) * Add a benchmarks project * Small improvements --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() (#936) * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() * merge * Update src/Renci.SshNet/Session.cs Co-authored-by: Rob Hague <rob.hague00@gmail.com> --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> * Support SHA256 fingerprints for host key validation (#1098) * Add tests for HostKeyEventArgs * Add SHA256 fingerprint support * Add support for RSA SHA-2 public key algorithms (#1177) * Abstract out the hash algorithm from RsaDigitalSignature * Add integration tests * Add DigitalSignature property to KeyHostAlgorithm * Add IHostAlgorithmsProvider interface * Verify the host signature * Fix HostKeyEventArgsTest after merge * Remove PubkeyAcceptedAlgorithms ssh-rsa * Add test coverage for RSA keys in PrivateKeyFile * Obsolete IPrivateKeySource --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Improvements after #1177 (#1180) * Use ExceptionDispatchInfo in more places (#1182) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Try to "fix" the flaky test (#1185) * Enable DSA tests (#1181) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * FingerPrints (#1186) * Use OS-agnostic socket error codes to allow tests run on different OSes (#1179) SocketErrorCode is OS agnostic, ErrorCode is OS specific. On Windows ErrorCode = (int) SocketErrorCode, but on Mac and Unix it is not. For example ExitCode for HostNotFound (11001) on Windows is 11001, on Mac & Unix is -131073. So testing for ExitCode == 11001 fails on Mac & Unix. Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Fix for channel session semaphore from thread blocking (#1071) * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Update Channel to fix AppVeyor failure (field should be readonly) * Update ISftpClient for #120 (#1193) * Implement set last write and access time (#1194) * Add/migrate hmac+cipher integration tests (#1189) * Add/migrate hmac+cipher integration tests * fix integration tests --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Update tests for SetLastAccessTime(Utc) to also verify the time component and the Kind of the DateTime value returned by GetLastAccessTime(Utc). (#1198) --------- Co-authored-by: Filippo Gualandi <filippo.gualandi@gmail.com> Co-authored-by: 103filgualan <f.gualandi@crif.com> Co-authored-by: Stefan Rinkes <darinkes@users.noreply.github.com> Co-authored-by: wxtsxt <wojciech.swieboda@gmail.com> Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> Co-authored-by: Igor Milavec <igor.milavec@gmail.com> Co-authored-by: drieseng <gert.driesen@telenet.be> Co-authored-by: Pedro Fonseca <pbfonseca@gmail.com> Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> Co-authored-by: Maximiliano Jabase <maxijabase@gmail.com> Co-authored-by: Owen Krueger <37021716+Owen-Krueger@users.noreply.github.com> Co-authored-by: Masuri <psh0258@gmail.com> Co-authored-by: LemonPi314 <49930425+LemonPi314@users.noreply.github.com> Co-authored-by: Gert Driesen <gertdriesen@msn.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> Co-authored-by: Rob Hague <rh@johnstreetcapital.com> Co-authored-by: Marius Thesing <marius.thesing@gmail.com> Co-authored-by: Dāvis Mošenkovs <davikovs@gmail.com> Co-authored-by: Dmitry Tsarevich <dimhotepus@users.noreply.github.com> Co-authored-by: Patrick Yates <114094360+patrick-yates-redgate@users.noreply.github.com> * Remove code examples --------- Co-authored-by: Filippo Gualandi <filippo.gualandi@gmail.com> Co-authored-by: 103filgualan <f.gualandi@crif.com> Co-authored-by: Stefan Rinkes <darinkes@users.noreply.github.com> Co-authored-by: wxtsxt <wojciech.swieboda@gmail.com> Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> Co-authored-by: Igor Milavec <igor.milavec@gmail.com> Co-authored-by: drieseng <gert.driesen@telenet.be> Co-authored-by: Pedro Fonseca <pbfonseca@gmail.com> Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> Co-authored-by: Maximiliano Jabase <maxijabase@gmail.com> Co-authored-by: Owen Krueger <37021716+Owen-Krueger@users.noreply.github.com> Co-authored-by: Masuri <psh0258@gmail.com> Co-authored-by: LemonPi314 <49930425+LemonPi314@users.noreply.github.com> Co-authored-by: Gert Driesen <gertdriesen@msn.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> Co-authored-by: Rob Hague <rh@johnstreetcapital.com> Co-authored-by: Marius Thesing <marius.thesing@gmail.com> Co-authored-by: Dāvis Mošenkovs <davikovs@gmail.com> Co-authored-by: Dmitry Tsarevich <dimhotepus@users.noreply.github.com> Co-authored-by: Patrick Yates <114094360+patrick-yates-redgate@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #1174 and RFC 8332 for details.
closes #1174
closes #1145
closes #1116
closes #1105
closes #956
closes #825
It may also close the following:
#1141
#1025
#1003
#858
#845