libssh

Автор	SHA1	Сообщение	Дата
Dirkjan Bussink	4a67c19118	Add tests and implementation for Encrypt-then-MAC mode This adds the OpenSSH HMACs that do encrypt then mac. This is a more secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and AES-GCM are already encrypt-then-mac, but this also adds it for older legacy clients that don't support those ciphers yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2019-02-22 15:31:08 +01:00
Jakub Jelen	fffa66698f	Allow building without Group Exchange support Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-02-07 10:30:05 +01:00
Anderson Toshiyuki Sasaki	27caaa000b	tests: Prefer assert_non_null() over assert_false() This also replaces some occurrences of assert_true() with assert_null() Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki	603b6d7222	tests: Prefer assert_non_null over assert_true This also replaces some occurrences of assert_true with assert_null. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-26 13:56:22 +01:00
Aris Adamantiadis	31da8025b2	tests: Add dh-group-exchange algorithm tests Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-24 11:56:23 +01:00
Jakub Jelen	c7aba3a716	tests: Refactor the sftp initilization to avoid invalid memory access on sftp failures Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-11 15:06:56 +01:00
Jakub Jelen	40b63f7c39	tests: Verify rekeying initialized by the server works Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 13:15:44 +01:00
Jakub Jelen	347af845ab	tests: Verify that rekey limits are effective from the client side Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com>	2019-01-09 10:31:49 +01:00
Jakub Jelen	b3ae5e06ee	tests: Allow to generate unencrypted PCAP files from testsuite Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 10:14:56 +01:00
Jakub Jelen	d4e5644e21	tests: Reproducer for T122 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 10:14:56 +01:00
Jakub Jelen	42c92074b9	tests: Do not run SSHD with PAM when not needed Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2019-01-09 10:14:56 +01:00
Andreas Schneider	dea6fe3d89	crypto: Disable blowfish support by default Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>	2018-12-19 14:57:29 +01:00
Jakub Jelen	9b1852f728	tests: Verify ProxyCommand works with ssh Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-12-10 17:52:56 +01:00
Jakub Jelen	055bf830db	tests: Use torture_server_address() in proxycommand test Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-12-10 17:52:56 +01:00
Jakub Jelen	21e2522360	config: Get rid of the dynamic seen array * This makes the array constant in the session structure, avoiding allocations and frees while parsing the file * It also drops passing the seen array to all the functions, because it is already part of the passed session * The test cases are adjusted to match these changes Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-12-07 14:08:27 +01:00
Jakub Jelen	968fdf4e18	tests: Do not require base RSA type for SHA2 extension whitelist Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-30 16:22:13 +01:00
Jakub Jelen	05417665b9	tests: Drop duplicate log level setup Already done in the setup phase. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-23 17:30:16 +01:00
Aris Adamantiadis	8e002b9415	tests: Add tests for dh-group14, group16 and group18 Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-21 16:54:24 +01:00
Sanne Raymaekers	67f418218b	knownhosts: Take StrictHostKeyChecking option into account Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-08 16:19:18 +01:00
Sanne Raymaekers	03c30e9c8a	tests: Ensure the ssh session fd is read-/writeable in torture_proxycommand Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-08 16:18:16 +01:00
Andreas Schneider	c88fb4c55b	tests: Use correct assert function in torture_client_config CID 1396565 CID 1396564 CID 1396563 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-05 07:57:13 +01:00
Andreas Schneider	a8ed5e31dc	tests: Check for NULL in torture_client_config CID 1396566 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-05 07:54:30 +01:00
Jakub Jelen	6eb43fcbf3	tests: Verify the configuration reparsing with real client This tests verifies that the only the first seen option is applied throughout all the configuration files processed. It also verifies that the configuration files are parsed automatically and that this behavior can be overridden by configuration option. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-02 11:16:38 +01:00
Jakub Jelen	4a95a35bc6	tests: Properly set the bob's UID also in other tests than pubkey Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-02 11:16:38 +01:00
Jakub Jelen	f6b390084e	tests: Make sure that no other configuration options will get pulled to the auth test from system Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-02 11:16:38 +01:00
Jakub Jelen	89a8a6fcf0	Process OpenSSH configuration files by default. This will allow to use the same configuration in client applications including the users aliases or system wide cryptographic configuration. As the configuration parsing is the last thing before doing the actual connection, it might overwrite previously set options. If this is not intended, the client application can ask the configuration files to be parsed before setting some other options that should not ve overwritten. The code ensures that the configuration is not parsed again. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-02 11:15:30 +01:00
Jakub Jelen	7e44ce1556	tests: Improve error reporting in auth test Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-11-02 10:08:20 +01:00
Jakub Jelen	0386e088eb	tests: Verify we can authenticate using ed25519 key Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-19 17:43:20 +02:00
Jakub Jelen	6ec5a08639	tests: Verify the ecdsa key types are handled correctly Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-19 17:43:20 +02:00
Andreas Schneider	a80caec19b	cmake: Disable deprecation warnings for old known_hosts API Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-16 08:56:46 +02:00
Jakub Jelen	42bd7cdf6c	tests: Add aes-gcm ciphers tests Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-10-09 13:05:38 +02:00
Anderson Toshiyuki Sasaki	2eaa23a20e	tests: Replace ssh_key_free() with SSH_KEY_FREE() Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-27 15:21:30 +02:00
Anderson Toshiyuki Sasaki	667fb5f9a9	cmake: Rewritten AddCMockaTest.cmake This changes add_cmocka_test() to receive compiler options, the libraries to be linked to the test, and the linker options. The way the tests are declared in tests/unittests and tests/client were updated. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-26 16:27:22 +02:00
Jakub Jelen	6efbf7a30e	tests: Verify the pubkey authentication works with ECDSA keys Signed-off-by: Jakub Jelen <jjelen@redhat.com>	2018-09-17 16:39:38 +02:00
Andreas Schneider	30df04a8a5	tests: Do not call sftp_canonicalize_path() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-17 14:35:39 +02:00
Andreas Schneider	aaca395bd3	tests: Add a sftp benchmark test for write/read The tests writes and reads a file of 128M. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-17 10:48:49 +02:00
Andreas Schneider	7867126aa6	tests: Add a test for sftp_canonicalize_path() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-09-04 18:13:37 +02:00
Jakub Jelen	5fe81e89fb	tests: Verify the public key algorithms can be limited by configuration option SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES configuration option can limit what keys can or can not be used for public key authentication. This is useful for disabling obsolete algorithms while not completely removing the support for them or allows to configure what public key algorithms will be used with the SHA2 RSA extension. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-31 14:18:34 +02:00
Andreas Schneider	15473426c8	tests: Temporarily increase log verbosity for torture_forward Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-22 08:55:21 +02:00
Andreas Schneider	6867a35004	tests: Check return code of setuid() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-22 08:35:19 +02:00
Andreas Schneider	a9a99fb31f	cmake: Improve compiler flag detection Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-20 18:42:03 +02:00
Andreas Schneider	ec6df9896a	tests: Add missing check for valid fd CID 1032753 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-06 09:52:14 +02:00
Andreas Schneider	5871d604cd	tests: Use fstat instead of lstat CID 1393878 Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-06 09:38:59 +02:00
Andreas Schneider	c7525c056c	tests: Improve torture_connect_socket() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-08-06 08:58:27 +02:00
Jakub Jelen	8e211c0689	tests: Verify various host keys can be successfully negotiated and verified This verifies that all the supported host keys can be used and verified by the client, including the SHA2 extension in RFC 8332. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2018-07-04 07:52:50 +02:00
Andreas Schneider	3141dec632	known_hosts: Remove deprecated ssh_knownhosts_algorithms() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-07-03 15:08:40 +02:00
Andreas Schneider	539d7ba249	kex: Use ssh_known_hosts_get_algorithms() Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-07-03 15:08:40 +02:00
Andreas Schneider	83a46c7756	tests: Add knownhosts test for detecting conflics Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-07-03 15:08:40 +02:00
Andreas Schneider	de44fdfd35	tests: Add knownhosts test for SSH_KNOWN_HOSTS_UNKNOWN Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-07-03 15:08:40 +02:00
Andreas Schneider	65a5154eff	tests: Add knownhosts test for SSH_KNOWN_HOSTS_OTHER Signed-off-by: Andreas Schneider <asn@cryptomilk.org>	2018-07-03 15:08:40 +02:00

1 2 3 4

171 Коммитов