Add an entry for a `pkd_hello_i1` test which runs one iteration
through each of the pkd algorithm combinations.
Testing done: now `make test` will run `pkd_hello -i1` which
completes in ~25 seconds on my local machine.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to include config.h so that the `HAVE_DSA` value is properly set
when building the pkd tests.
Introduced with 778652460f7cceb3e760964a890ffd99ec8230e7,
Testing done: with this change, the `pkd_hello` test is passing on an
OpenSSL 1.1.0 build for me. Previously it would fail pubkey exchange
early on for DSA- and ECDSA-type host keys.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Wrap some function definitions with `HAVE_LIBCRYPTO` ifdefs to
match their usages in `torture_run_tests`.
Fixes this warning I observe when building locally:
torture_pki_ecdsa.c:341:13: warning:
‘torture_pki_ecdsa_write_privkey’ defined but not used
[-Wunused-function]
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This allows operating under environments where the username variables
are not present.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix OSX build error about embedding a directive within macro arguments.
Apparently, snprintf is implemented as a macro on that platform.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
torture_rand and torture_server_x11 call ssh_init without checking
the return value. If mbedTLS is built without threading support
ssh_init fails but the tests continue and then segfault since threading
wasn't correctly initialised.
Add a section that documents requirements for mbedTLS usage in a
multi threaded environment to README.mbedtls.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
We need to specify a cipher when we generate a key with a password.
OpenSSH uses aes_128_cbc, so we should use the same.
Thanks to Julian Lunz for the report.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
