This adds a test to check if the internal implementation is not used
when it is not supposed to be used.
To be able to override functions using LD_PRELOAD, a shared version of
the torture library was added, as well as a shared library for each
of the algorithms implemented internally (ChaCha20, Poly1305,
curve25519, and ed25519).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
determines if public keys must be loaded in pkcs #11 tokens or not.
tests: Adds the load_public parameter in all files where torture_setup_tokens() was used.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This option is unknown to older OpenSSH versions (for example CentOS 7
with OpenSSH 7.4) so we can not add it everywhere.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
fail_msg() is not expected to return. Mark the points after calling it
as unreachable to clarify this to the compiler.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The added function runs the test server under timeout program to kill it
if it elapses the default timeout of 5 minutes.
An auxiliary function to create a libssh server configuration file was
also added.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Verify the error code returned by kill() in torture_terminate_process().
The error code is raised when killing the process failed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The temporary directory created in torture_sftp_session() wouldn't be
removed. This removes such directory in torture_sftp_close().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In torture_reload_sshd_server(), instead of trying to use SIGHUP to
reload the configuration file, kill the original process and create a
new one with the new configuration. With this change, both
torture_setup_sshd_server() and torture_reload_sshd_server() need to
start sshd, with the only difference in the configuration setup. The
shared code to start the sshd server was moved to a new introduced
internal function torture_start_sshd_server().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The static sshd directory wasn't matching the detected sshd and prevented the testcases to be run against local OpenSSH builts
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Do not parse global config file in sessions created by
torture_ssh_session().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Use a different OpenSSH configuration if running in FIPS mode, which
contains only allowed algorithms.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
* This makes the array constant in the session structure, avoiding
allocations and frees while parsing the file
* It also drops passing the seen array to all the functions,
because it is already part of the passed session
* The test cases are adjusted to match these changes
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
clang was reporting a possible memory leak after mkdtemp() call, which
was a false positive, since mkdtemp() returns the same pointer provided
as the parameter, in case of success. This changes the code so that the
static analyser don't get confused.
Found by csbuild runner.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This introduces torture_get_current_working_dir() and
torture_change_dir() to allow changing directories in tests.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Introduced torture_create_temp_file() and torture_close_fp() to allow
creating temprary files transparently in Unix and Windows environment.
This also adds a unit test for the added functions.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Introduces a function to create temporary dir for testing purposes.
Also adds a minimal test for the temporary directory creation.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This completely removes the tests filter code from torture.c and calls
cmocka_set_test_filter() instead, if available. The checks for required
libraries, headers, and the availability of cmocka_set_test_filter()
were added to the cmake configuration.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In Windows environment, there are available low level I/O operations in
io.h, such as _read(), _write(), _open(), and _close().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The previous timeout of 500 ms was not enough on slower machines or
while running the tests under valgrind. On much faster machines the
sleep() was bringing unnecessary overhead.
This method opens simple connection to the server verifying it is ready
to accept the connection from the test for 5 seconds. It the server
does not start until then, it fails the tests during initialization,
rather than leaving the cases to run against missing server.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This extends the torture API to provide a way to request
keys in different formats. This extends the keys with
private keys in the new OpenSSH format (default since
OpenSSH 7.8).
This also needs modifications to the ed25519 tests, which
do not support PEM format and expected the new format out of the
box.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Additionally, we can already work around the privilege separation.
http://www.openssh.com/txt/release-7.5
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If you want modelines use my vim plugin:
https://github.com/cryptomilk/git-modeline.vim
git config --add vim.modeline "ts=4 sw=4 et"
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
