1
1
Граф коммитов

1044 Коммитов

Автор SHA1 Сообщение Дата
Andreas Schneider
4ab0fb2b48 cmake: Do not use cached LIBSSH_PUBLIC_INCLUDE_DIRS
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-11-07 14:01:01 +01:00
Andreas Schneider
8c36a865f2 cmake: Rename static library
This is only compiled for tests and fuzzers!

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-11-07 14:01:01 +01:00
Andreas Schneider
82c57c1f36 cmake: Create ssh library directly as libssh
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-11-07 14:01:00 +01:00
Andreas Schneider
39f7ddaa06 cmake:pkd: Don't use LIBSSH_LINK_LIBRARIES
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-11-07 14:00:15 +01:00
Anderson Toshiyuki Sasaki
8a50dbc6ba tests: Do not parse global config in torture_ssh_session()
Do not parse global config file in sessions created by
torture_ssh_session().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25 15:15:20 +02:00
Anderson Toshiyuki Sasaki
85239c8ea0 tests: Do not parse global configuration when testing server
This removes the tests which uses external configuration files.  This
makes the tests no not change behaviour depending on the environment
they are being executed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25 15:15:20 +02:00
Anderson Toshiyuki Sasaki
040aa0edfe tests: Do not process server config during tests
In pkd tests, avoid processing the global server configuration file.
This is to allow testing with algorithms not allowed in the global
server configuration.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25 15:15:20 +02:00
Anderson Toshiyuki Sasaki
f97a8b4e3f tests: Do not process config when reinitializing session
Do not process system-wide configuration when reinitializing a session
during testing.  This could lead to different settings set from the
expected one (which was initialized during test setup).

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25 15:15:20 +02:00
Anderson Toshiyuki Sasaki
d4fe8e1f62 tests: Use temporary file for known_hosts
Previously, the tests were sharing the same file path to create the
known_hosts file, which can create a race condition if the tests run in
parallel.  Such file was deleted between tests.

By using different different files for each test, the risk of race
conditions is eliminated. Moreover, it makes unnecessary to destroy the
file between tests.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-10-25 15:15:20 +02:00
Jakub Jelen
17952c4953 tests: Let shell resolve the absolute path to binaries in Exec tests
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-25 13:23:14 +02:00
Jakub Jelen
a22367fbe1 tests: Verify multiple match conditions can be present on a line
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01 10:24:01 +02:00
Jakub Jelen
46c3563da9 tests: Verify match exec keyword works on itself
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01 10:24:01 +02:00
Jakub Jelen
c7da113f1d tests: Verify functionality of low-level config parser functions
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-10-01 10:24:01 +02:00
Anderson Toshiyuki Sasaki
a3a0529b41 pki_crypto: Support Ed25519 keys in PEM files
This adds support for Ed25519 keys from files in PEM format when using
OpenSSL with Ed25519 support.  The default encoding for the PEM file is
expected to be PKCS#8.  Encrypted files are supported.

For the lack of an API, it is not possible to export keys in PEM format,
only in OpenSSH format.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24 16:49:35 +02:00
Anderson Toshiyuki Sasaki
55cd04fbee pki: Remove unused function pki_signature_verify()
This removes unused function pki_signature_verify()
from pki_{crypto, mbedcrypto, gcrypt}.  The function was also removed
from include/libssh/pki_priv.h.  The function ssh_pki_signature_verify()
was changed to receive a const unsigned char *input.

All tests calling pki_signature_verify() were changed to call
ssh_pki_signature_verify() instead.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24 16:49:35 +02:00
Anderson Toshiyuki Sasaki
2a2c1c98bf pki_crypto: Use OpenSSL for Ed25519 signatures
Use OpenSSL to generate and verify Ed25519 signatures, if supported.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24 16:49:35 +02:00
Anderson Toshiyuki Sasaki
7452f0ded8 torture_pki_ed25519: Use public key to verify signatures
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-09-24 16:49:35 +02:00
Jakub Jelen
61b1e0e7e9 tests: Verify the localuser match works
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-18 15:18:33 +02:00
Jakub Jelen
4900ab6ca9 Skip the proxycommand test in case the netcat is not avaliable
Fixes: T142

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-09-16 09:39:58 +02:00
Anderson Toshiyuki Sasaki
3a61cd34a9 tests: Skip testing 1024 bits key generation in FIPS mode
In torture_threads_pki_rsa, skip the test which generates 1024 bits RSA
key pair when in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06 16:57:19 +02:00
Anderson Toshiyuki Sasaki
5b18bcb0ac knownhosts: Use ssh_mkdirs() instead of ssh_mkdir()
Previously, if the path to known_hosts file set through
SSH_OPTIONS_KNOWNHOSTS included missing directories,
ssh_session_update_known_hosts() would fail.  The added test case checks
that this is not the case anymore.

The logic of checking if the directory is accessible before creating it
was replaced by creating the directory if opening the file failed.  This
is to minimize the risk of TOCTOU race conditions.

Fixes: T166

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06 16:53:22 +02:00
Anderson Toshiyuki Sasaki
742918cb1c misc: Introduce internal function ssh_mkdirs()
If the given path includes missing directories, ssh_mkdirs() tries to
create them recursively.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06 16:53:22 +02:00
Anderson Toshiyuki Sasaki
7857cd1aa5 misc: Introduce internal function ssh_dir_writeable()
The introduced internal function checks if the provided path is for an
existing directory which is accessible for writing.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-08-06 16:52:24 +02:00
Richard W.M. Jones
3737e5f0e7 misc: Allow %% to escape a single % in paths.
For example "%d/config%%1" is expanded to "~/.ssh/config%1".

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-30 16:23:31 +02:00
Anderson Toshiyuki Sasaki
c03c9b88d1 tests: Try PEM files with leading white spaces
This adds a reproducer for T123.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-29 19:14:24 +02:00
Anderson Toshiyuki Sasaki
88d777e678 pki: Search OpenSSH header not only at the beginning
Try to find the OpenSSH private key header not only at the beginning of
the file.  This makes the parser to skip comments and white spaces.

Fixes: T76
Fixes: T123

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-07-29 19:14:24 +02:00
Andreas Schneider
a5cad4e700 tests: Do not use internal macros in the fuzzer
It should be buildable without internal headers.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-09 09:31:12 +02:00
Andreas Schneider
8ce6a889aa tests: Use the correct assert function in test server
CID 1398983

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-08 17:26:29 +02:00
Andreas Schneider
6e4e6f8da6 tests: Fix #ifdef in torture_server_config
This should stop detecting it as dead code.

CID 1402934

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-08 17:26:29 +02:00
Andreas Schneider
85951a156b tests: Add ssh_client_fuzzer
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08 14:58:59 +02:00
Andreas Schneider
343c90ccf4 ctest: Run the ssh_server_fuzzer to check it works
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08 12:02:19 +02:00
Andreas Schneider
7cd66d49f8 tests: Fix memory leak in ssh_server_fuzzer
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08 12:02:19 +02:00
Andreas Schneider
b2c7e0dd69 cmake: We don't have to define the ssh link libraries
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-08 12:02:19 +02:00
Andreas Schneider
fed31c1ca3 tests: Use C99 initilizer in test_server.c
This fixes a clang build warning.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04 16:32:14 +02:00
Andreas Schneider
519074f13e tests: Improve fuzzer test
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04 11:56:04 +02:00
Andreas Schneider
5a50fc6b0d cmake: Fix building the ssh_server_fuzzer
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-04 11:56:04 +02:00
Anderson Toshiyuki Sasaki
f18a7cc17e kex: Do not ignore keys in known_hosts files
Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean,
including the client configuration file, the keys in known_hosts files
wouldn't be considered before advertising the list of wanted host keys.

This could result in the client requesting the server to provide a
signature using a key not present in the known_hosts files (e.g. when
the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the
known_hosts files), causing a host key mismatch and possible key
rejection.

Now, the keys present in the known_hosts files are prioritized over the
other wanted keys.  This do not change the fact that only keys of types
present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and
prioritized following the order defined by such list.

The new wanted list of hostkeys is given by:
 - The keys present in known_hosts files, ordered by preference defined
   in SSH_OPTIONS_HOSTKEYS.  If the option is not set, a default order
   of preference is used.
 - The other keys present in the same option are appended without adding
   duplicates.  If the option is not set, the default list of keys is
   used.

Fixes: T156

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04 10:29:20 +02:00
Anderson Toshiyuki Sasaki
65a38759ca knownhosts: Introduced ssh_known_hosts_get_algorithms_names()
The added internal function obtain a newly allocated string containing a
list of the signature types that can be generated by the keys present in
the known_hosts files, separated by commas.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04 10:29:20 +02:00
Anderson Toshiyuki Sasaki
548753b338 token: Added function to remove duplicates
Added a function to remove duplicates from lists.  This function is used
in a new provided function to append lists removing duplicates.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04 10:29:20 +02:00
Anderson Toshiyuki Sasaki
ad68de7271 tests: Check if known_hosts works with single unaccessible file
Make sure known hosts check works when local known_hosts file is
unaccessible, but the host is present in global known_hosts file.

Remove double return value check in previous existing test.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-07-04 10:29:20 +02:00
Anderson Toshiyuki Sasaki
8e42ed8220 tests: Added a check for unaccessible global known_hosts
Verify that the check process will not fail if the global known_hosts
file is not accessible and the local known_hosts file contain the host.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-28 08:03:29 +02:00
Anderson Toshiyuki Sasaki
c8f49becfd tests/pkd: Fix elif without expression
This was introduced during fixes to run pkd tests in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-26 17:36:46 +02:00
Anderson Toshiyuki Sasaki
f64814b7be tests: Add a server test case for unknown global request
The test checks if the server handles unknown global requests properly.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-26 17:36:46 +02:00
Anderson Toshiyuki Sasaki
abf5712160 tests: Introduce torture_client_global_requests
Added a test case where invalid global requests are sent to the server
which should reject them, but not stop working.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-26 17:36:46 +02:00
Jakub Jelen
17a531d2af tests: Skip 1k RSA key generation in FIPS
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-21 08:58:21 +02:00
Jakub Jelen
a4fa514549 tests: Filter out bogus output from openssh in FIPS Mode
The OpenSSH in RHEL 8 in FIPS Mode outputs information about this on start
and it needs to be skipped for the version detection (and build) to pass:

$ ssh -V
FIPS mode initialized
OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS  28 May 2019

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-20 17:45:52 +02:00
Jakub Jelen
d5095a55b9 tests: Add reproducer for T76
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-19 18:01:36 +02:00
Jakub Jelen
bd69ac63ca tests: Reproducer for proxy command with stderr output (T130)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-19 18:01:30 +02:00
Anderson Toshiyuki Sasaki
c4463ba5e7 tests/torture_config: Replace long long with uint64_t
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14 15:22:45 +02:00
Anderson Toshiyuki Sasaki
fba384ac58 tests/torture_rekey: Replace long long with uint64_t
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14 15:22:45 +02:00
Anderson Toshiyuki Sasaki
dc4d4cc8d4 tests/torture_rekey: Do not mix integer types
In torture_rekey_time(), "long long" was used instead of uint32_t.  This
makes the test to fail in some architectures where the sizes don't match.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14 07:48:01 +02:00
Jakub Jelen
4fc37bb6fe tests: Add more reproducers for valid and invalid Match exec blocks
Fixes: T152

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-14 07:48:01 +02:00
Andreas Schneider
1f43b52117 tests: Fix the glob test on musl libc
Fixes 

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:43:44 +02:00
Anderson Toshiyuki Sasaki
5568e5e520 tests/pkd: Fix OpenSSH version check
When running in FIPS mode, the OpenSSH version is not the first string
printed by "ssh -V".  This makes the parser to find the first occurrence
of the version ignoring anything printed before it.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
905b027f0f tests/pkd: Check OpenSSH version only once
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
57cf0cf230 tests/torture_server_config: Use only allowed algorithms
Use ssh_kex_get_fips_methods() instead of ssh_get_default_methods() if
in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
4416a0dae6 tests/pkd: Add tests using certificates with SHA2 in signatures
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
73b94abea4 tests/pkd: Accept certificates with SHA2 in signatures
Previously the server in pkd tests would not accept certificates using
SHA2 in signatures.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
bd32fb020b tests/pkd: Use only allowed algorithms if in FIPS mode
Use only allowed algorithms in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
bb36cc30ee tests/torture_pki_rsa: Avoid using SHA1 in FIPS mode
Do not use SHA1 in signatures in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
b6aef1fdd5 tests: Update negative test cases to use EC instead of ED keys
Also systematically use assert_ssh_return_code() instead of various
checks for return codes.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
c7c3c16fc8 tests: There is no 8B block cipher in FIPS Mode
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
bfafdab035 tests: Use more widely supported RSA key as a hostkey
Intially introduced for the FIPS support

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
426c6c1321 tests: Avoid mixing stderr with stdout
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
a006c3c451 tests: Use consistent checking for ssh return code
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
20e58be7d8 tests: Adjust for FIPS and simplify initialization
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
8c59f7f236 tests/torture_pki_dsa: Skip completely if in FIPS mode
DSA is not allowed in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
9ef0b0b029 tests/torture_pki: Skip some tests if in FIPS mode
Skip tests requiring algorithms not allowed in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
39c69893c7 tests/torture_options: Use only allowed algorithms if in FIPS mode
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Anderson Toshiyuki Sasaki
ce888fd4c0 tests/torture_config: Use only allowed algorithms in FIPS mode
Use only allowed algorithms if running in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:30 +02:00
Anderson Toshiyuki Sasaki
af031d8df6 tests/torture_bind_config: Use allowed algorithms in FIPS mode
Use only allowed algorithms if in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:28:25 +02:00
Anderson Toshiyuki Sasaki
92a0d23eac tests/torture_hostkey: Skip some tests in FIPS mode
Skip tests using non allowed algorithms.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:28:25 +02:00
Anderson Toshiyuki Sasaki
1a6ac291a7 tests/torture_client_config: Adjust lists in FIPS mode
Use only allowed algorithms if in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:28:25 +02:00
Anderson Toshiyuki Sasaki
bdb2ef4dcc tests/torture_algorithms: Skip some tests in FIPS mode
When running in FIPS mode, skip the tests using algorithms not allowed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:28:25 +02:00
Anderson Toshiyuki Sasaki
41834f228b tests: Use different config if in FIPS mode
Use a different OpenSSH configuration if running in FIPS mode, which
contains only allowed algorithms.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:28:25 +02:00
Jakub Jelen
03ca994cc0 tests: Use the SHA2 extension by default to avoid issues in FIPS mode 2019-06-13 16:28:25 +02:00
Jakub Jelen
f91a5fce6e tests: Use ed25519 keys explicitly
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Jakub Jelen
63f477181a tests: The DSA is not available in mbedtls
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Anderson Toshiyuki Sasaki
2c385c0e13 tests/client/torture_auth: Skip some tests if in FIPS mode
If in FIPS mode, skip tests which require algorithms not allowed.  Also
use allowed algorithms when possible to avoid skipping the test.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Jakub Jelen
66755c478c tests: Do not free pcap context while it is in use by the server session
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Jakub Jelen
9f178be1fa tests: Cover comparison of public keys, which was missing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Anderson Toshiyuki Sasaki
f64c3dec74 tests: Add PKCS#8 PEM encrypted private keys
Copies of the DSA, RSA, and ECDSA keys were added encoded in PKCS#8
format.  For now, these keys are only used when testing with OpenSSL.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Anderson Toshiyuki Sasaki
0cfe4c7ab8 tests/torture_auth: Workaround OpenSSH agent bug
OpenSSH agent has a bug which makes it to not use SHA2 in signatures
when using certificates. It always uses SHA1.

See https://gitlab.com/libssh/libssh-mirror/merge_requests/34

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Jakub Jelen
9f7f5dee18 tests: Verify duplicate items are removed from knownhosts entries list
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12 11:15:20 +02:00
Jakub Jelen
5f01ed0278 tests: Verify duplicate items are removed from knownhosts algorithms
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12 11:15:20 +02:00
Jakub Jelen
56041dc784 torture_hashes: Skip the MD5 tests in FIPS mode
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12 10:41:24 +02:00
Anderson Toshiyuki Sasaki
ee456104f1 session: Do not use MD5 in FIPS mode
Do not use MD5 when generating fingerprints in FIPS mode.  The call will
fail in such case.  The test suite was updated with a negative test for
this case.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-12 10:27:40 +02:00
Anderson Toshiyuki Sasaki
0fb7d9831a tests: Make sure unknown options are ignored in server config
Added a test to make sure unknown options in the configuration file are
ignored and don't make ssh_bind_options_parse_config() to fail.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
dc35bbbeb1 server: Use default methods instead of all
Previously, when no methods were set, the server would enable all
supported methods.  This changes this behaviour by setting only the
default methods.

The server in pkd_daemon.c was changed to set explicitly all the
supported methods to keep the previous behaviour.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
a8064cb0ca tests: Added tests for server config file
The added tests run the server with different combinations of algorithms
and try to connect using a client.

Note that few combinations are tested.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
e7ef40c8f0 tests: Allow setting configuration file for test server
This allows testing the server with a configuration file.  This also
adds an option for the stand-alone test server to skip parsing the
system-wide configuration file.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
07faf95a10 bind_config: Add support for HostKeyAlgorithms
Add support for setting the allowed HostKey algorithms through
configuration file.

Note that this does NOT add support for adding or removing values using
'+' or '-'. Only replacing the whole list is supported.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
250a0be0f9 options: Added an option to set server HostKey algorithms
The added option SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS allows restricting
the signature algorithms to offer to the client for host authentication.
The list set is used as a filter of allowed algorithms.

First a list of possible signature algorithms to offer is created from
the keys set and then such list is filtered against the allowed
algorithms.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
8f6e6f774e bind_config: Add support for PubkeyAcceptedKeyTypes
Add support for setting the accepted public key types through
configuration file.

Note that this does NOT add support for adding or removing values using
'+' or '-'. Only replacing the whole list is supported.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
f4363f5655 options: Add option to set server accepted pubkey types
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
2c4850cbbd token, kex: Add functions to handle tokens lists
The added functions allow splitting chains of tokens separated by a
given character (usually ','), and extracting matching parts between two
chains of tokens.

The previously existing functions in kex.c were replaced by the
introduced ones.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Anderson Toshiyuki Sasaki
b0ff64bf1b pki: Check if the key is allowed against right list
Previously when generating the signature in server side the key was
checked against the wrong list, potentially making the server to select
the wrong algorithm to sign (e.g. rsa-sha2-512 instead of rsa-sha2-256).

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-06-12 10:17:54 +02:00
Andreas Schneider
77ada9e4dc tests: Fix null termination in torture_read_one_line()
CID 1393902

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-28 09:18:53 +02:00
Andreas Schneider
d9f9bee13f tests: Fix assert_return_code in server test
CID 1398983
CID 1398982

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-28 09:18:52 +02:00
Anderson Toshiyuki Sasaki
38f9802eec config: Add support for PubkeyAcceptedKeyTypes
The added option is an alias for the previously existing option
PubkeyAcceptedTypes.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-14 17:32:25 +02:00
Jakub Jelen
eae971c002 tests: Update knownhost tests with reproducer from T110
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-14 17:26:30 +02:00
Anderson Toshiyuki Sasaki
7cc159d720 cmake,options: Allow to set global client config file
This allows the global client (ssh_session) configuration file path to
be set in configuration time by defining GLOBAL_CLIENT_CONFIG when
calling cmake.  If it is not defined, the default path is set as
"/etc/ssh/ssh_config".

usage example:

$ cmake -DGLOBAL_CLIENT_CONFIG=/etc/my/custom/path ..

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-14 17:20:39 +02:00
Anderson Toshiyuki Sasaki
248e5acd5c pki: Fail to sign when using wrong hash algorithm
Do not allow using SSH_DIGEST_AUTO for any algorithm other than
ed25519.

Do not allow using incompatible hash algorithms when signing or
verifying signatures.

Added negative tests for all combinations of signature and hash
algorithms.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
d923dc39c1 tests: Use public key to verify signatures
Previously in the tests the private key structure would be used for
signature verification.  Use the corresponding public key instead.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
88a8b1f57c pki_gcrypt: Added pki_sign_data() and pki_verify_data_signature()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
7bc53f3957 pki_mbedcrypto: Added pki_sign_data() and pki_verify_data_signature()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
fd9446553b pki_crypto: Added pki_sign_data() and pki_verify_data_signature()
pki_sign_data() uses the given private key and hash algorithm to sign
the data using the OpenSSL EVP interface.  The corresponding function
pki_verify_data_signature() receives the signature, the signed data, and
the public key to verify the signature.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
76f9808eb2 auth, pki: Calculate hash internally when signing/verifying
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash.  The hash is then
calculated internally.

The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.

Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().

The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
848f59c37e wrapper.h: Add SSH_DIGEST_SHA384 to ssh_digest_e enum
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Andreas Schneider
3fccb24464 tests:pkd: Fix size comparison (payload.len is size_t)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 16:52:23 +02:00
Jon Simons
c0f3a96089 server: fix queued USERAUTH_SUCCESS rekey bug
Fix a bug with server-side rekeying where the session state at hand
has been toggled to SSH_SESSION_STATE_AUTHENTICATED before performing
the packet send of the SSH2_MSG_USERAUTH_SUCCESS message.

Before this change, what can happen is that during the packet send,
the SSH2_MSG_USERAUTH_SUCCESS message can end up being queued due
to a small rekey data limit value.  libssh server will then proceed
to attempt to send KEX-related rekeying messages to the client before
the client has received USERAUTH_SUCCESS.  OpenSSH clients do not
expect to undergo rekeying before having been authenticated, and so
will exit with error when this happens.

The behavior before and after can be observed with the pkd test making
use of its new --rekey flag:

    ./pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v

A new CMake test entry is added for the above variation and can be run
with:

    ARGS="-R pkd_hello_rekey" make test

Before the fix, the test will fail; after, the test succeeds while
performing rekeying once every 16 bytes.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 14:00:39 +02:00
Jon Simons
175375bc09 tests/pkd: support --rekey to set rekey data limit
Support an optional --rekey input to set the SSH session rekey data
limit using SSH_OPTIONS_REKEY_DATA.  This flag can be used together
with --buffer to test out server rekeying.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 14:00:39 +02:00
Jon Simons
03a1f1dd0c tests/pkd: support optional --buffer for test payload
Support an optional --buffer input for the pkd tests to enable testing
with a larger payload than the default "hello\n".

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 14:00:34 +02:00
Jon Simons
410f100968 tests/pkd: input test payload buffer
Move the pkd test payload buffer into the arguments struct, to make
way for parameterizing the payload using command-line options.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 14:00:28 +02:00
Jakub Jelen
bb7920efbc tests: Avoid reading user configuration when running algorithm tests
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 13:18:09 +02:00
Andreas Schneider
3e8bdb122f knownhosts: Check if the hosts file exists
Fixes T135

Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-29 13:17:27 +02:00
Ben Toews
08b3301e4f tests/pkd: connect to openssh using certificates
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
4a01496810 tests/unittests: test that signatures can be verified with certs
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
04b284dae0 tests/unittests: test ECDSA/ED25519 support
These tests are copied from the existing RSA/DSA certificate tests. They cover
importing certificates.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
19cd909c8d pki: support ECDSA/ED25519 certificates
As with RSA/DSS, support is still quite limited. This is mostly about adding
new ssh_keytypes_e values and updating sites that check keys' types.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
b1f3cfec34 libssh: deprecate SSH_KEYTYPE_ECDSA
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
78f764b7c9 torture_pki: store test case attributes in struct instead of multiple arrays
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
e036c426f8 tests: add OpenSSL includes dir for torture tests
Tests were failing to build on macOS with OpenSS installed using homebrew.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:35 +02:00
Simo Sorce
2f38af1559 dh: Rename variables for DH key exchange
Rename and refactor how some variables are held in ssh_crypto_struct.
Refactor allocation of dh exchange public keys.

This is in preparation for switching the code to use openssl native DH
handling and allowed to better reason about the code and the overall API.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-04 08:00:15 +02:00
Anderson Toshiyuki Sasaki
fd30cf0676 tests: Add test cases for Match keyword in bind config
Adds test cases for the Match keyword for the bind options configuration
using a file.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01 08:41:56 +02:00
Anderson Toshiyuki Sasaki
68385a2e98 options: Add a bind option to set the config directory
This adds the SSH_BIND_OPTIONS_CONFIG_DIR which allows to set the
directory used to expand the escape character "%d" when passing a path
to ssh_bind_options_parse_file().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01 08:38:17 +02:00
Anderson Toshiyuki Sasaki
fd25beff68 options: Introduce ssh_bind_options_parse_config()
The added API allows setting the options of a given bind context through
a configuration file.  The default global configuration file
"/etc/ssh/libssh_server_config" is parsed before the provided
configuration file, if it hasn't been parsed yet.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01 08:38:17 +02:00
Anderson Toshiyuki Sasaki
bab4d2b77b tests: Add tests for server side configuration
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01 08:38:17 +02:00
Anderson Toshiyuki Sasaki
0bde6b142c tests: Add missing unit tests for bind options
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-01 08:25:05 +02:00
Simo Sorce
104c9dca3f Use a common KDF function
Cleanup the KDF function to use only one function per crypto backend.
Improve the KDF function to properly handle requested lenght and to
avoid unnecessarily reallocating buffers.

In OpenSSL use the new EVP_KDF API if available.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07 12:03:32 +01:00
Simo Sorce
c235841436 Add unit test for fn that generates session keys
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07 12:03:24 +01:00
Dirkjan Bussink
4a67c19118 Add tests and implementation for Encrypt-then-MAC mode
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22 15:31:08 +01:00
Dirkjan Bussink
f055319efe Select ciphers for MAC tests that need a MAC
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22 15:30:56 +01:00
Tilo Eckert
7caf6d2ab6 buffer: Fix regression introduced by 6c7eaa and c306a6
Buffer (un)packing was broken on compilers that are not
gcc-compatible since the checks for an argument count of
-1 have been removed from ssh_buffer_(un)pack(). This
fix no longer uses GCC extensions for the __VA_NARG__
macro, but only plain C99.
Note: The macro can no longer count empty argument lists
(results in compile error) which was not needed anyway.

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21 10:51:17 +01:00
Aris Adamantiadis
f890b09edb cmake: fix build problem on ubuntu 18.04
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
2019-02-07 19:16:03 +01:00
Jon Simons
c2077ab775 tests/pkd: repro rsa-sha2-{256,512} negotiation bug
Add four passes to the pkd tests to exercise codepaths where an
OpenSSH client requests these HostKeyAlgorithms combinations:

 * rsa-sha2-256
 * rsa-sha2-512
 * rsa-sha2-256,rsa-sha2-512
 * rsa-sha2-512,rsa-sha2-256

The tests demonstrate that the third combination currently fails:
libssh ends up choosing `rsa-sha2-512` instead of `rsa-sha2-256`,
and the initial exchange fails on the client side citing a signature
failure.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07 13:54:12 +01:00
Jakub Jelen
fffa66698f Allow building without Group Exchange support
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07 10:30:05 +01:00
Jakub Jelen
a170580147 kex: Disable diffie-hellman-group-exchange-sha1 by default
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07 10:30:05 +01:00
Jakub Jelen
fd95b68c0f tests: Fix error message
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07 10:30:05 +01:00
Jakub Jelen
c110122fb5 tests: Don't talk to ssh-agent in server authentication tests
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07 10:30:05 +01:00
Andreas Schneider
303bdc5a4f tests: Initialize ssh_cipher_struct in torture_crypto_aes256_cbc()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 15:47:49 +01:00
Anderson Toshiyuki Sasaki
9c5a1967c3 tests: Add NULL checks in pki tests
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
27caaa000b tests: Prefer assert_non_null() over assert_false()
This also replaces some occurrences of assert_true() with assert_null()

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
bdf968c178 tests: Added NULL checks in torture_list.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
603b6d7222 tests: Prefer assert_non_null over assert_true
This also replaces some occurrences of assert_true with assert_null.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 13:56:22 +01:00
Jakub Jelen
be9943132e tests: Extend negative test cases for config Match keyword
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24 15:15:39 +01:00
Jakub Jelen
893510db35 tests: Use assert_ssh_return_code() in config test
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24 15:15:35 +01:00
Aris Adamantiadis
3b5f9ef8d6 pkd: dh-group-exchange testcases 2019-01-24 13:06:33 +01:00
Aris Adamantiadis
9407065879 tests: Added moduli file parsing tests
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24 12:56:09 +01:00
Aris Adamantiadis
31da8025b2 tests: Add dh-group-exchange algorithm tests
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24 11:56:23 +01:00
Anderson Toshiyuki Sasaki
fd5770973f tests: Add test for server interactive authentication
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-01-22 13:12:26 +01:00
Anderson Toshiyuki Sasaki
416d03b19e tests: Add test for server auth method none
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22 13:12:26 +01:00
Anderson Toshiyuki Sasaki
db1a999852 tests: Test server pubkey authentication
The default pubkey authentication callback is not checking
anything.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22 13:12:25 +01:00
Anderson Toshiyuki Sasaki
29445e4ff1 tests: Added functions to get the default callbacks
This makes easier to create test cases using callbacks based on the
default callbacks (e.g. using the default callbacks but replacing one
specific callback)

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22 13:12:25 +01:00
Anderson Toshiyuki Sasaki
13aa791e7b tests: Provide the server state to callbacks
This aims to make it easier to implement custom callbacks.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22 13:12:25 +01:00
Jakub Jelen
7f18a27504 tests: Reproducer for cockpit issue, where server provides an invalid signature
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22 13:12:25 +01:00
Jakub Jelen
2113dc9d23 tests: Check return values
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2019-01-22 13:12:25 +01:00
Jakub Jelen
1f7a15ffb1 tests: Initialize allocated memory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2019-01-22 13:12:25 +01:00
Anderson Toshiyuki Sasaki
37262b98ef tests: Added test server
The server can be configured through command line options or by
providing a state structure with the desired values set.

Currently supports only password based authentication.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-01-22 13:12:25 +01:00
Andreas Schneider
98a8bf771d tests: Fix uninitialized warning in torture_threads_pki_rsa
Error: CLANG_WARNING: tests/unittests/torture_threads_pki_rsa.c:520:5:
warning: 1st function call argument is an uninitialized value

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22 13:12:25 +01:00
Tilo Eckert
f118ea010b tests: Refactor test so that all RSA + hash combinations are tested
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11 15:56:02 +01:00
Tilo Eckert
481d749559 tests: Fix incorrect hash type parameter on signature import
RSA with SHA-256/512 signatures have been interpreted as RSA with SHA-1

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11 15:56:02 +01:00
Jakub Jelen
c7aba3a716 tests: Refactor the sftp initilization to avoid invalid memory access on sftp failures
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11 15:06:56 +01:00
Jakub Jelen
531b80a60b kex: List also the SHA2 extension when ordering hostkey algorithms
By default, the list of already stored known host types is preferred,
but this selection so far ignored the SHA2 extension and excluded these
keys in the KEXINIT list leading to not using this extension if not
explicitly enabled from configuration.

This commit extends the default list with the SHA2 signatures algoritms
and compares only base types so they can be listed in the KEXINIT list.

This adjust the tests to expect the full list of algorithms to pass.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 13:18:05 +01:00
Jakub Jelen
40b63f7c39 tests: Verify rekeying initialized by the server works
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 13:15:44 +01:00
Jakub Jelen
8012afd5e4 tests: Allow to modify sshd config from the test
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 13:15:44 +01:00
Jakub Jelen
347af845ab tests: Verify that rekey limits are effective from the client side
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
2019-01-09 10:31:49 +01:00
Jakub Jelen
c86a00d06b packet: Provide a function to switch crypto in separate directions
This also fixes the test using the crypto directly

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 10:31:45 +01:00
Jakub Jelen
92e978f2f3 tests: Verify we can parse RekeyLimit configuration option
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 10:14:56 +01:00
Jakub Jelen
b3ae5e06ee tests: Allow to generate unencrypted PCAP files from testsuite
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 10:14:56 +01:00
Jakub Jelen
d4e5644e21 tests: Reproducer for T122
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 10:14:56 +01:00
Jakub Jelen
42c92074b9 tests: Do not run SSHD with PAM when not needed
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09 10:14:56 +01:00
Andreas Schneider
dea6fe3d89 crypto: Disable blowfish support by default
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-12-19 14:57:29 +01:00
Jakub Jelen
c9bdb9a01e tests: Do not segfault when built without ZLIB
Signed-off-by: Jakub Jelen <jakuje@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10 20:28:01 +01:00
Jakub Jelen
973da84a47 tests: Verify we can parse the ProxyJump configuration option
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10 17:56:07 +01:00
Jakub Jelen
9b1852f728 tests: Verify ProxyCommand works with ssh
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10 17:52:56 +01:00
Jakub Jelen
055bf830db tests: Use torture_server_address() in proxycommand test
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10 17:52:56 +01:00
Jakub Jelen
8c812dbfa3 tests: Verify all the options are copied over
The ssh_options_copy() function was missing several options that were added
in recent years.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10 17:52:56 +01:00
Anderson Toshiyuki Sasaki
fe309ba43f packet: Allow SSH2_MSG_EXT_INFO when authenticated
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO.  This
message was being filtered out by the packet filtering.  This includes a
test to enforce the filtering rules for this packet type.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10 16:42:26 +01:00
Jakub Jelen
21e2522360 config: Get rid of the dynamic seen array
* This makes the array constant in the session structure, avoiding
   allocations and frees while parsing the file
 * It also drops passing the seen array to all the functions,
   because it is already part of the passed session
 * The test cases are adjusted to match these changes

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07 14:08:27 +01:00
Jakub Jelen
cf6f1e7a64 tests: Cover also compression with unit tests
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07 14:07:31 +01:00
Jakub Jelen
31bc83f366 tests: Do not recreate unnecessary files for every test case
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07 13:57:03 +01:00
Jakub Jelen
42ce989488 tests: Cover missing parts of the config parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-07 13:28:11 +01:00
Anderson Toshiyuki Sasaki
f427a975b8 tests: Fix a clang possible memory leak warning
clang was reporting a possible memory leak after mkdtemp() call, which
was a false positive, since mkdtemp() returns the same pointer provided
as the parameter, in case of success.  This changes the code so that the
static analyser don't get confused.

Found by csbuild runner.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 18:28:40 +01:00
Anderson Toshiyuki Sasaki
c413834764 tests: Test calling ssh_init() after ssh_finalize()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 18:26:55 +01:00
Andreas Schneider
a08a97f9c7 tests: Use UNUSED macros in torture_threads_init
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 18:25:12 +01:00
Tilo Eckert
95f83c2391 src: Fix multiple typos
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 16:29:17 +01:00
Jakub Jelen
130256c348 tests: Verify that signatures are sane and can not be verified by non-matching key
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 16:26:48 +01:00
Jakub Jelen
968fdf4e18 tests: Do not require base RSA type for SHA2 extension whitelist
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 16:22:13 +01:00
Jakub Jelen
46d8840f7e The largest ECDSA key has 521 bits
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 16:20:04 +01:00
Anderson Toshiyuki Sasaki
312084731e tests: Use temporary directories in torture_pki_ed25519.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
500bf54a34 tests: Use temporary directories in torture_pki_ecdsa.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
a56fa14fda tests: Use temporary directories in torture_pki_dsa.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
ac1377148f tests: Use temporary directories in torture_threads_pki_rsa.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
f38c6fcc6e tests: Use temporary directories in torture_pki_rsa.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
0dd2b375c7 tests: Introduce functions to change directories
This introduces torture_get_current_working_dir() and
torture_change_dir() to allow changing directories in tests.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
77be4ce905 tests: use torture_create_temp_file() in torture_knownhosts_parsing
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
78b1f0ead3 tests: Introduce torture_create_temp_file()
Introduced torture_create_temp_file() and torture_close_fp() to allow
creating temprary files transparently in Unix and Windows environment.
This also adds a unit test for the added functions.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
31527d4105 tests: Use torture_make_temp_dir() in torture_setup_socket_dir()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Anderson Toshiyuki Sasaki
65e16b8d9e tests: Introduce torture_make_temp_dir()
Introduces a function to create temporary dir for testing purposes.
Also adds a minimal test for the temporary directory creation.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00