diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-06-05 15:28:03 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-13 16:29:32 +0200 |
commit | 39c69893c7b147c8efcb43b5b6cc196c965b997c (patch) | |
tree | bc84e223b123ca6fb52ecb3399fe9e443d972ae9 /tests | |
parent | ce888fd4c0c3f8e36efac4712ecf37c0313f0fc9 (diff) | |
download | libssh-39c69893c7b147c8efcb43b5b6cc196c965b997c.tar.gz libssh-39c69893c7b147c8efcb43b5b6cc196c965b997c.tar.xz libssh-39c69893c7b147c8efcb43b5b6cc196c965b997c.zip |
tests/torture_options: Use only allowed algorithms if in FIPS mode
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unittests/torture_options.c | 240 |
1 files changed, 170 insertions, 70 deletions
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c index 6a26768f..a4278623 100644 --- a/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c @@ -56,11 +56,14 @@ static void torture_options_set_host(void **state) { rc = ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); assert_true(rc == 0); + assert_non_null(session->opts.host); assert_string_equal(session->opts.host, "localhost"); rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation"); assert_true(rc == 0); + assert_non_null(session->opts.host); assert_string_equal(session->opts.host, "meditation"); + assert_non_null(session->opts.username); assert_string_equal(session->opts.username, "guru"); } @@ -69,17 +72,29 @@ static void torture_options_set_ciphers(void **state) { int rc; /* Test known ciphers */ - rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, "aes128-ctr,aes192-ctr,aes256-ctr"); + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, + "aes128-ctr,aes192-ctr,aes256-ctr"); assert_true(rc == 0); - assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], "aes128-ctr,aes192-ctr,aes256-ctr"); + assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]); + if (ssh_fips_mode()) { + assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], + "aes128-ctr,aes256-ctr"); + } else { + assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], + "aes128-ctr,aes192-ctr,aes256-ctr"); + } /* Test one unknown cipher */ - rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, "aes128-ctr,unknown-crap@example.com,aes192-ctr,aes256-ctr"); + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, + "aes128-ctr,unknown-crap@example.com,aes256-ctr"); assert_true(rc == 0); - assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], "aes128-ctr,aes192-ctr,aes256-ctr"); + assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]); + assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], + "aes128-ctr,aes256-ctr"); /* Test all unknown ciphers */ - rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, "unknown-crap@example.com,more-crap@example.com"); + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, + "unknown-crap@example.com,more-crap@example.com"); assert_false(rc == 0); } @@ -91,18 +106,35 @@ static void torture_options_set_key_exchange(void **state) /* Test known kexes */ rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, - "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + "curve25519-sha256,curve25519-sha256@libssh.org," + "ecdh-sha2-nistp256,diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512," + "diffie-hellman-group14-sha1"); assert_true(rc == 0); - assert_string_equal(session->opts.wanted_methods[SSH_KEX], - "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + assert_non_null(session->opts.wanted_methods[SSH_KEX]); + if (ssh_fips_mode()) { + assert_string_equal(session->opts.wanted_methods[SSH_KEX], + "ecdh-sha2-nistp256,diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512"); + } else { + assert_string_equal(session->opts.wanted_methods[SSH_KEX], + "curve25519-sha256,curve25519-sha256@libssh.org," + "ecdh-sha2-nistp256,diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512," + "diffie-hellman-group14-sha1"); + } /* Test one unknown kex */ rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, - "curve25519-sha256,curve25519-sha256@libssh.org,unknown-crap@example.com,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + "diffie-hellman-group16-sha512," + "unknown-crap@example.com," + "diffie-hellman-group18-sha512"); assert_true(rc == 0); + assert_non_null(session->opts.wanted_methods[SSH_KEX]); assert_string_equal(session->opts.wanted_methods[SSH_KEX], - "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + "diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512"); /* Test all unknown kexes */ rc = ssh_options_set(session, @@ -120,16 +152,26 @@ static void torture_options_set_hostkey(void **state) { SSH_OPTIONS_HOSTKEYS, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); assert_true(rc == 0); - assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]); + if (ssh_fips_mode()) { + assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], + "ecdsa-sha2-nistp384"); + } else { + assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], + "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + } /* Test one unknown host key */ rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, - "ssh-ed25519,unknown-crap@example.com,ssh-rsa"); + "ecdsa-sha2-nistp521," + "unknown-crap@example.com," + "rsa-sha2-256"); assert_true(rc == 0); + assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]); assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], - "ssh-ed25519,ssh-rsa"); + "ecdsa-sha2-nistp521," + "rsa-sha2-256"); /* Test all unknown host keys */ rc = ssh_options_set(session, @@ -148,40 +190,60 @@ static void torture_options_set_pubkey_accepted_types(void **state) { SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); assert_true(rc == 0); - assert_string_equal(session->opts.pubkey_accepted_types, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + assert_non_null(session->opts.pubkey_accepted_types); + if (ssh_fips_mode()) { + assert_string_equal(session->opts.pubkey_accepted_types, + "ecdsa-sha2-nistp384"); + } else { + assert_string_equal(session->opts.pubkey_accepted_types, + "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + } - /* Test one unknown public key algorithms */ - rc = ssh_options_set(session, - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, - "ssh-ed25519,unknown-crap@example.com,ssh-rsa"); - assert_true(rc == 0); - assert_string_equal(session->opts.pubkey_accepted_types, - "ssh-ed25519,ssh-rsa"); + if (!ssh_fips_mode()) { + /* Test one unknown public key algorithms */ + rc = ssh_options_set(session, + SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, + "ssh-ed25519,unknown-crap@example.com,ssh-rsa"); + assert_true(rc == 0); + assert_non_null(session->opts.pubkey_accepted_types); + assert_string_equal(session->opts.pubkey_accepted_types, + "ssh-ed25519,ssh-rsa"); + + /* Test all unknown public key algorithms */ + rc = ssh_options_set(session, + SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, + "unknown-crap@example.com,more-crap@example.com"); + assert_false(rc == 0); + + /* Test that the option affects the algorithm selection for RSA keys */ + /* simulate the SHA2 extension was negotiated */ + session->extensions = SSH_EXT_SIG_RSA_SHA256; + + /* previous configuration did not list the SHA2 extension algoritms, so + * it should not be used */ + type = ssh_key_type_to_hash(session, SSH_KEYTYPE_RSA); + assert_int_equal(type, SSH_DIGEST_SHA1); + } - /* Test all unknown public key algorithms */ + /* now, lets allow the signature from SHA2 extension and expect + * it to be used */ rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, - "unknown-crap@example.com,more-crap@example.com"); - assert_false(rc == 0); + "rsa-sha2-256,ssh-rsa"); + assert_true(rc == 0); + assert_non_null(session->opts.pubkey_accepted_types); + if (ssh_fips_mode()) { + assert_string_equal(session->opts.pubkey_accepted_types, + "rsa-sha2-256"); + } else { + assert_string_equal(session->opts.pubkey_accepted_types, + "rsa-sha2-256,ssh-rsa"); + } /* Test that the option affects the algorithm selection for RSA keys */ /* simulate the SHA2 extension was negotiated */ session->extensions = SSH_EXT_SIG_RSA_SHA256; - /* previous configuration did not list the SHA2 extension algoritms, so - * it should not be used */ - type = ssh_key_type_to_hash(session, SSH_KEYTYPE_RSA); - assert_int_equal(type, SSH_DIGEST_SHA1); - - /* now, lets allow the signature from SHA2 extension and expect - * it to be used */ - rc = ssh_options_set(session, - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, - "rsa-sha2-256,ssh-rsa"); - assert_true(rc == 0); - assert_string_equal(session->opts.pubkey_accepted_types, - "rsa-sha2-256,ssh-rsa"); type = ssh_key_type_to_hash(session, SSH_KEYTYPE_RSA); assert_int_equal(type, SSH_DIGEST_SHA256); } @@ -193,6 +255,7 @@ static void torture_options_set_macs(void **state) { /* Test known MACs */ rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1"); assert_true(rc == 0); + assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]); assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1"); /* Test multiple known MACs */ @@ -200,12 +263,14 @@ static void torture_options_set_macs(void **state) { SSH_OPTIONS_HMAC_S_C, "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256"); assert_true(rc == 0); + assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]); assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256"); /* Test unknown MACs */ rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1-etm@openssh.com,unknown@example.com"); assert_true(rc == 0); + assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]); assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com"); /* Test all unknown MACs */ @@ -664,12 +729,12 @@ static void torture_options_copy(void **state) "BindAddress 127.0.0.2\n" "GlobalKnownHostsFile /etc/ssh/known_hosts2\n" "UserKnownHostsFile ~/.ssh/known_hosts2\n" - "KexAlgorithms curve25519-sha256\n" + "KexAlgorithms curve25519-sha256,ecdh-sha2-nistp521\n" "Ciphers aes256-ctr\n" "MACs hmac-sha2-256\n" - "HostKeyAlgorithms ssh-ed25519\n" + "HostKeyAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n" "Compression yes\n" - "PubkeyAcceptedTypes ssh-ed25519\n" + "PubkeyAcceptedTypes ssh-ed25519,ecdsa-sha2-nistp521\n" "ProxyCommand nc 127.0.0.10 22\n" /* ops.custombanner */ "ConnectTimeout 42\n" @@ -1155,16 +1220,21 @@ static void torture_bind_options_set_ciphers(void **state) "aes128-ctr,aes192-ctr,aes256-ctr"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); - assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], - "aes128-ctr,aes192-ctr,aes256-ctr"); + if (ssh_fips_mode()) { + assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], + "aes128-ctr,aes256-ctr"); + } else { + assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], + "aes128-ctr,aes192-ctr,aes256-ctr"); + } /* Test one unknown cipher */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, - "aes128-ctr,unknown-crap@example.com,aes192-ctr,aes256-ctr"); + "aes128-ctr,unknown-crap@example.com,aes256-ctr"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]); assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], - "aes128-ctr,aes192-ctr,aes256-ctr"); + "aes128-ctr,aes256-ctr"); /* Test all unknown ciphers */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, @@ -1176,16 +1246,21 @@ static void torture_bind_options_set_ciphers(void **state) "aes128-ctr,aes192-ctr,aes256-ctr"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); - assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], - "aes128-ctr,aes192-ctr,aes256-ctr"); + if (ssh_fips_mode()) { + assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], + "aes128-ctr,aes256-ctr"); + } else { + assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], + "aes128-ctr,aes192-ctr,aes256-ctr"); + } /* Test one unknown cipher */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, - "aes128-ctr,unknown-crap@example.com,aes192-ctr,aes256-ctr"); + "aes128-ctr,unknown-crap@example.com,aes256-ctr"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]); assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], - "aes128-ctr,aes192-ctr,aes256-ctr"); + "aes128-ctr,aes256-ctr"); /* Test all unknown ciphers */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, @@ -1209,20 +1284,35 @@ static void torture_bind_options_set_key_exchange(void **state) /* Test known kexes */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, - "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + "curve25519-sha256,curve25519-sha256@libssh.org," + "ecdh-sha2-nistp256,diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512," + "diffie-hellman-group14-sha1"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_KEX]); - assert_string_equal(bind->wanted_methods[SSH_KEX], - "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + if (ssh_fips_mode()) { + assert_string_equal(bind->wanted_methods[SSH_KEX], + "ecdh-sha2-nistp256,diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512"); + } else { + assert_string_equal(bind->wanted_methods[SSH_KEX], + "curve25519-sha256,curve25519-sha256@libssh.org," + "ecdh-sha2-nistp256,diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512," + "diffie-hellman-group14-sha1"); + } /* Test one unknown kex */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, - "curve25519-sha256,curve25519-sha256@libssh.org,unknown-crap@example.com,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + "diffie-hellman-group16-sha512," + "unknown-crap@example.com," + "diffie-hellman-group18-sha512"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_KEX]); assert_string_equal(bind->wanted_methods[SSH_KEX], - "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1"); + "diffie-hellman-group16-sha512," + "diffie-hellman-group18-sha512"); /* Test all unknown kexes */ rc = ssh_bind_options_set(bind, @@ -1375,18 +1465,23 @@ static void torture_bind_options_set_pubkey_accepted_key_types(void **state) "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); - assert_string_equal(bind->pubkey_accepted_key_types, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + if (ssh_fips_mode()) { + assert_string_equal(bind->pubkey_accepted_key_types, + "ecdsa-sha2-nistp384"); + } else { + assert_string_equal(bind->pubkey_accepted_key_types, + "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + } SAFE_FREE(bind->pubkey_accepted_key_types); /* Test with some unknown type */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, - "ssh-ed25519,ecdsa-sha2-nistp384,unknown-type,ssh-rsa"); + "ecdsa-sha2-nistp384,unknown-type,rsa-sha2-256"); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); assert_string_equal(bind->pubkey_accepted_key_types, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384,rsa-sha2-256"); SAFE_FREE(bind->pubkey_accepted_key_types); @@ -1398,11 +1493,11 @@ static void torture_bind_options_set_pubkey_accepted_key_types(void **state) /* Test with something set and then try unknown type */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); assert_int_equal(rc, 0); assert_non_null(bind->pubkey_accepted_key_types); assert_string_equal(bind->pubkey_accepted_key_types, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, "unknown-type"); assert_int_equal(rc, -1); @@ -1410,7 +1505,7 @@ static void torture_bind_options_set_pubkey_accepted_key_types(void **state) /* Check that nothing changed */ assert_non_null(bind->pubkey_accepted_key_types); assert_string_equal(bind->pubkey_accepted_key_types, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); } static void torture_bind_options_set_hostkey_algorithms(void **state) @@ -1427,21 +1522,26 @@ static void torture_bind_options_set_hostkey_algorithms(void **state) /* Test known Pubkey Types */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); - assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + if (ssh_fips_mode()) { + assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], + "ecdsa-sha2-nistp384"); + } else { + assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], + "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + } SAFE_FREE(bind->wanted_methods[SSH_HOSTKEYS]); /* Test with some unknown type */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, - "ssh-ed25519,ecdsa-sha2-nistp384,unknown-type,ssh-rsa"); + "ecdsa-sha2-nistp384,unknown-type"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); SAFE_FREE(bind->wanted_methods[SSH_HOSTKEYS]); @@ -1453,11 +1553,11 @@ static void torture_bind_options_set_hostkey_algorithms(void **state) /* Test with something set and then try unknown type */ rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); assert_int_equal(rc, 0); assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "unknown-type"); assert_int_equal(rc, -1); @@ -1465,7 +1565,7 @@ static void torture_bind_options_set_hostkey_algorithms(void **state) /* Check that nothing changed */ assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]); assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], - "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa"); + "ecdsa-sha2-nistp384"); } #endif /* WITH_SERVER */ |