aboutsummaryrefslogtreecommitdiff
path: root/tests/pkd
diff options
context:
space:
mode:
authorJon Simons <jon@jonsimons.org>2019-04-24 10:41:19 -0700
committerAndreas Schneider <asn@cryptomilk.org>2019-04-29 14:00:39 +0200
commitc0f3a96089613ada8cb97de84ce071aac1efe9d6 (patch)
tree5319d76f90dfb6124dd557bd36d9abad8e428d52 /tests/pkd
parent7ef2fe7f7b21e295c296fa384df9f40a19ab0b18 (diff)
downloadlibssh-c0f3a96089613ada8cb97de84ce071aac1efe9d6.tar.gz
libssh-c0f3a96089613ada8cb97de84ce071aac1efe9d6.tar.xz
libssh-c0f3a96089613ada8cb97de84ce071aac1efe9d6.zip
server: fix queued USERAUTH_SUCCESS rekey bug
Fix a bug with server-side rekeying where the session state at hand has been toggled to SSH_SESSION_STATE_AUTHENTICATED before performing the packet send of the SSH2_MSG_USERAUTH_SUCCESS message. Before this change, what can happen is that during the packet send, the SSH2_MSG_USERAUTH_SUCCESS message can end up being queued due to a small rekey data limit value. libssh server will then proceed to attempt to send KEX-related rekeying messages to the client before the client has received USERAUTH_SUCCESS. OpenSSH clients do not expect to undergo rekeying before having been authenticated, and so will exit with error when this happens. The behavior before and after can be observed with the pkd test making use of its new --rekey flag: ./pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v A new CMake test entry is added for the above variation and can be run with: ARGS="-R pkd_hello_rekey" make test Before the fix, the test will fail; after, the test succeeds while performing rekeying once every 16 bytes. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/pkd')
-rw-r--r--tests/pkd/CMakeLists.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/pkd/CMakeLists.txt b/tests/pkd/CMakeLists.txt
index 259d83ab..71355b08 100644
--- a/tests/pkd/CMakeLists.txt
+++ b/tests/pkd/CMakeLists.txt
@@ -39,6 +39,11 @@ target_link_libraries(pkd_hello ${pkd_libs})
add_test(pkd_hello_i1 ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -e -o -i1 -w /tmp/pkd_socket_wrapper_XXXXXX)
#
+# pkd_hello_rekey is used to test server-side implementation of rekeying.
+#
+add_test(pkd_hello_rekey ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v -w /tmp/pkd_socket_wrapper_XXXXXX)
+
+#
# Configure environment for cwrap socket wrapper.
#
find_package(socket_wrapper 1.1.5 REQUIRED)