Commit Graph

831 Commits

Author SHA1 Message Date
Damien Miller
47160e1de8 unbreak fuzzer support for recent ssh-sk.h changes 2020-01-22 10:30:13 +11:00
djm@openbsd.org
f8c11461aa upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting
cleared; with dtucker@

OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
2020-01-21 19:08:37 +11:00
Darren Tucker
1af3354aea Wrap stdint.h in ifdef HAVE_STDINT_H. 2020-01-15 16:22:36 +11:00
djm@openbsd.org
dd2acc8b86 upstream: adapt sk-dummy to SK API changes
also, make it pull prototypes directly from sk-api.c and #error
if the expected version changes. This will make any future regress
test breakage because of SK API changes much more apparent

OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d
2020-01-06 13:12:46 +11:00
djm@openbsd.org
ff31f15773 upstream: what bozo decided to use 2020 as a future date in a regress
test?

OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
2020-01-04 10:14:21 +11:00
djm@openbsd.org
680eb7749a upstream: implement recent SK API change to support resident keys
and PIN prompting in the dummy middleware that we use for the tests. Should
fix breakage spotted by dtucker@

OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484
2020-01-03 13:47:32 +11:00
dtucker@openbsd.org
86834fe6b5 upstream: Update keygen moduli screen test to match recent command
line option change to ssh-keygen(1).

OpenBSD-Regress-ID: 744a72755004377e9669b662c13c6aa9ead8a0c3
2020-01-03 13:47:32 +11:00
Damien Miller
0248ec7c76 ssh-sk-null.cc needs extern "C" {} 2020-01-02 13:41:31 +11:00
Damien Miller
5ca4b414ef add dummy ssh-sk API for linking with fuzzers 2020-01-02 11:15:49 +11:00
djm@openbsd.org
fbd9729d4e upstream: unit tests for ForwardAgent=/path; from Eric Chiang
OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da
2019-12-21 13:36:53 +11:00
djm@openbsd.org
e5b7cf8edc upstream: test security key host keys in addition to user keys
OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1
2019-12-21 13:35:42 +11:00
djm@openbsd.org
1a7217ac06 upstream: adapt to ssh-sk-client change
OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea
2019-12-16 14:20:35 +11:00
djm@openbsd.org
a7fc1df246 upstream: it's no longer possible to disable privilege separation
in sshd, so don't double the tests' work by trying both off/on

OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68
2019-12-16 14:20:35 +11:00
Darren Tucker
fa7924008e Wrap ECC specific bits in ifdef.
Fixes tests when built against an OpenSSL configured with no-ec.
2019-12-06 14:17:26 +11:00
Damien Miller
37f5b5346e includes.h for sk-dummy.c, dummy 2019-11-29 14:48:46 +11:00
Damien Miller
ef3853bb94 another attempt at sk-dummy.so working x-platform
include a fatal() implementation to satisfy libopenbsd-compat

clean up .lo and .so files

.gitignore .lo and .so files
2019-11-29 11:52:23 +11:00
djm@openbsd.org
d46ac56f1c upstream: lots of dependencies go away here with ed25519 no longer
needing the ssh_digest API.

OpenBSD-Regress-ID: 785847ec78cb580d141e29abce351a436d6b5d49
2019-11-29 11:19:48 +11:00
djm@openbsd.org
ad44ca81be upstream: test FIDO2/U2F key types; ok markus@
OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474
2019-11-27 11:02:49 +11:00
djm@openbsd.org
c6efa8a91a upstream: add dummy security key middleware based on work by
markus@

This will allow us to test U2F/FIDO2 support in OpenSSH without
requiring real hardware.

ok markus@

OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae
2019-11-27 10:47:28 +11:00
Damien Miller
9281d4311b unbreak fuzzers for recent security key changes 2019-11-25 21:47:49 +11:00
djm@openbsd.org
c5f1cc9935 upstream: unbreak tests for recent security key changes
OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95
2019-11-25 21:34:20 +11:00
djm@openbsd.org
6498826682 upstream: unbreak after security key support landed
OpenBSD-Regress-ID: 3ab578b0dbeb2aa6d9969b54a9c1bad329c0dcba
2019-11-25 21:34:20 +11:00
tb@openbsd.org
e65e25c81e upstream: Remove workaround for broken 'openssl rsa -text' output
that was fixed in libcrypto/rsa/rsa_ameth.c r1.24.

ok dtucker inoguchi

OpenBSD-Regress-ID: c260edfac177daa8fcce90141587cf04a95c4f5f
2019-11-25 21:34:20 +11:00
dtucker@openbsd.org
64f56f1d1a upstream: LibreSSL change the format for openssl rsa -text output from
"publicExponent" to "Exponent" so accept either.  with djm.

OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6
2019-11-18 20:54:05 +11:00
Darren Tucker
d500b59a82 Check if IP_TOS is defined before using. 2019-11-01 13:42:52 +11:00
djm@openbsd.org
db8d13f792 upstream: more additional source files
OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f
2019-11-01 13:10:52 +11:00
djm@openbsd.org
f89c5df65d upstream: additional source files here too
OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd
2019-11-01 13:10:09 +11:00
djm@openbsd.org
02275afa1e upstream: additional source files here too
OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce
2019-11-01 13:10:09 +11:00
djm@openbsd.org
dfc8f01b98 upstream: adapt to extra sshkey_sign() argument and additional
dependencies

OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e
2019-11-01 13:10:09 +11:00
djm@openbsd.org
afa59e26ee upstream: skip security-key key types for tests until we have a
dummy U2F middleware to use.

OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95
2019-11-01 13:10:09 +11:00
Damien Miller
f4fdcd2b7a Missing unit test files 2019-11-01 08:36:16 +11:00
Damien Miller
1ba130ac8f add a fuzzer for private key parsing 2019-10-09 13:49:35 +11:00
dtucker@openbsd.org
b1e79ea8fa upstream: Instead of running sed over the whole log to remove CRs,
remove them only where it's needed (and confuses test(1) on at least OS X in
portable).

OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
2019-10-07 13:08:57 +11:00
djm@openbsd.org
643ab68c79 upstream: more sshsig regress tests: check key revocation, the
check-novalidate signature test mode and signing keys in ssh-agent.

From Sebastian Kinne (slightly tweaked)

OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
2019-10-04 13:41:03 +10:00
Darren Tucker
0a403bfde7 Add SKIP_LTESTS for skipping specific tests. 2019-09-30 14:11:42 +10:00
dtucker@openbsd.org
4d59f7a516 upstream: Test for empty result in expected bits. Remove CRs from log
as they confuse tools on some platforms.  Re-enable the 3des-cbc test.

OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
2019-09-27 15:36:22 +10:00
Darren Tucker
7c817d129e Re-enable dhgex test.
Since we've added larger fallback groups to dh.c this test will pass
even if there is no moduli file installed on the system.
2019-09-27 15:26:22 +10:00
Damien Miller
f61f29afda make unittests pass for no-openssl case 2019-09-08 10:37:17 +10:00
dtucker@openbsd.org
1268f0bcd8 upstream: Check for RSA support before using it for the user key,
otherwise use ed25519 which is supported when built without OpenSSL.

OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
2019-09-06 14:37:23 +10:00
Damien Miller
8b57337c1c update fuzzing makefile to more recent clang 2019-09-05 15:46:39 +10:00
Damien Miller
ae631ad77d fuzzer for sshsig allowed_signers option parsing 2019-09-05 15:46:11 +10:00
Damien Miller
f4846dfc6a Fuzzer harness for sshsig 2019-09-05 14:26:39 +10:00
Damien Miller
b08a6bc1cc oops; missed including the actual file 2019-09-03 18:45:42 +10:00
djm@openbsd.org
6d6427d013 upstream: regress test for sshsig; feedback and ok markus@
OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b
2019-09-03 18:42:22 +10:00
djm@openbsd.org
59650f0eaf upstream: only add plain keys to prevent any certs laying around
from confusing the test.

OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f
2019-09-03 18:42:14 +10:00
dtucker@openbsd.org
e50f808712 upstream: Use ed25519 for most hostkey rotation tests since it's
supported even when built without OpenSSL.  Use RSA for the secondary type
test if supported, otherwise skip it.  Fixes this test for !OpenSSL builds.

OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
2019-08-30 15:56:42 +10:00
djm@openbsd.org
c4ffb72593 upstream: fix some memleaks in test_helper code
bz#3037 from Jitendra Sharma

OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
2019-08-02 11:42:26 +10:00
dtucker@openbsd.org
d31e7c937b upstream: Restrict limit-keytype to types supported by build. This
means we have to skip a couple tests when only one key type is supported.

OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
2019-07-26 14:51:25 +10:00
Darren Tucker
0967a233b8 Remove override disabling DH-GEX.
The DH-GEX override doesn't work when build without OpenSSL, and
we'll prefer curve25519 these days, removing the need for it.
2019-07-25 20:11:45 +10:00
dtucker@openbsd.org
061407efc1 upstream: Only use supported key types during KRL test, preferring
ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.

OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
2019-07-25 20:09:06 +10:00