Fixes T135
Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
By default, the list of already stored known host types is preferred,
but this selection so far ignored the SHA2 extension and excluded these
keys in the KEXINIT list leading to not using this extension if not
explicitly enabled from configuration.
This commit extends the default list with the SHA2 signatures algoritms
and compares only base types so they can be listed in the KEXINIT list.
This adjust the tests to expect the full list of algorithms to pass.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Define flags S_IRWXO and S_IRWXG in torture_knownhosts_parsing.c when
building for Windows. These flags don't exist in Windows and are not
used.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, not all of the host keys algorithms were used for algorithm
negotiation. This verifies the algorithms list is sane and ordered
with the key types from known hosts in the first place.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Previously, the file contained the known_hosts strings separated
by NULL bytes which somehow magically worked.
The test was also expecting all the keys from the file will have
the same key type, which was not indeed true.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
