This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This also replaces some occurrences of assert_true() with assert_null()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This also replaces some occurrences of assert_true with assert_null.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* This makes the array constant in the session structure, avoiding
allocations and frees while parsing the file
* It also drops passing the seen array to all the functions,
because it is already part of the passed session
* The test cases are adjusted to match these changes
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This tests verifies that the only the first seen option is applied
throughout all the configuration files processed. It also verifies
that the configuration files are parsed automatically and that this
behavior can be overridden by configuration option.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This will allow to use the same configuration in client applications
including the users aliases or system wide cryptographic configuration.
As the configuration parsing is the last thing before doing the
actual connection, it might overwrite previously set options.
If this is not intended, the client application can
ask the configuration files to be parsed before setting some other
options that should not ve overwritten. The code ensures that
the configuration is not parsed again.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This changes add_cmocka_test() to receive compiler options, the
libraries to be linked to the test, and the linker options. The way the
tests are declared in tests/unittests and tests/client were updated.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES configuration option can limit
what keys can or can not be used for public key authentication.
This is useful for disabling obsolete algorithms while not completely
removing the support for them or allows to configure what public key
algorithms will be used with the SHA2 RSA extension.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This verifies that all the supported host keys can be used and
verified by the client, including the SHA2 extension in RFC 8332.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
