diff options
60 files changed, 318 insertions, 139 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 30b1025c..b561947b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,7 +7,7 @@ cmake_minimum_required(VERSION 2.8.5) set(APPLICATION_NAME ${PROJECT_NAME}) set(APPLICATION_VERSION_MAJOR "0") -set(APPLICATION_VERSION_MINOR "7") +set(APPLICATION_VERSION_MINOR "8") set(APPLICATION_VERSION_PATCH "0") set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}") @@ -19,7 +19,7 @@ set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINO # Increment AGE. Set REVISION to 0 # If the source code was changed, but there were no interface changes: # Increment REVISION. -set(LIBRARY_VERSION "4.4.0") +set(LIBRARY_VERSION "4.5.0") set(LIBRARY_SOVERSION "4") # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake index f5645807..3e497dcb 100644 --- a/ConfigureChecks.cmake +++ b/ConfigureChecks.cmake @@ -243,6 +243,33 @@ int main(void) { }" HAVE_MSC_THREAD_LOCAL_STORAGE) check_c_source_compiles(" +#define FALL_THROUGH __attribute__((fallthrough)) + +enum direction_e { + UP = 0, + DOWN, +}; + +int main(void) { + enum direction_e key = UP; + int i = 10; + int j = 0; + + switch (key) { + case UP: + i = 5; + FALL_THROUGH; + case DOWN: + j = i * 2; + break; + default: + break; + } + + return 0; +}" HAVE_FALLTHROUGH_ATTRIBUTE) + +check_c_source_compiles(" #include <string.h> int main(void) diff --git a/README.CodingStyle b/README.CodingStyle index badd16f3..11acd8dc 100644 --- a/README.CodingStyle +++ b/README.CodingStyle @@ -287,6 +287,27 @@ Good Examples: return rc; } +Initialize pointers +------------------- + +All pointer variables MUST be initialized to NULL. History has +demonstrated that uninitialized pointer variables have lead to various +bugs and security issues. + +Pointers MUST be initialized even if the assignment directly follows +the declaration, like pointer2 in the example below, because the +instructions sequence may change over time. + +Good Example: + + char *pointer1 = NULL; + char *pointer2 = NULL; + + pointer2 = some_func2(); + + ... + + pointer1 = some_func1(); Typedefs --------- diff --git a/cmake/Modules/FindGCrypt.cmake b/cmake/Modules/FindGCrypt.cmake index 7b44408a..389a0314 100644 --- a/cmake/Modules/FindGCrypt.cmake +++ b/cmake/Modules/FindGCrypt.cmake @@ -52,9 +52,9 @@ find_library(GCRYPT_LIBRARY set(GCRYPT_LIBRARIES ${GCRYPT_LIBRARY}) if (GCRYPT_INCLUDE_DIR) - file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" _gcrypt_version_str REGEX "^#define GCRYPT_VERSION \"[0-9]+.[0-9]+.[0-9]+\"") + file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" _gcrypt_version_str REGEX "^#define GCRYPT_VERSION \"[0-9]+\\.[0-9]+\\.[0-9]") - string(REGEX REPLACE "^.*GCRYPT_VERSION.*([0-9]+.[0-9]+.[0-9]+).*" "\\1" GCRYPT_VERSION "${_gcrypt_version_str}") + string(REGEX REPLACE "^.*GCRYPT_VERSION.*([0-9]+\\.[0-9]+\\.[0-9]+).*" "\\1" GCRYPT_VERSION "${_gcrypt_version_str}") endif (GCRYPT_INCLUDE_DIR) include(FindPackageHandleStandardArgs) diff --git a/config.h.cmake b/config.h.cmake index 3f34f09b..f8869df7 100644 --- a/config.h.cmake +++ b/config.h.cmake @@ -167,6 +167,8 @@ #cmakedefine HAVE_GCC_THREAD_LOCAL_STORAGE 1 #cmakedefine HAVE_MSC_THREAD_LOCAL_STORAGE 1 +#cmakedefine HAVE_FALLTHROUGH_ATTRIBUTE 1 + #cmakedefine HAVE_GCC_VOLATILE_MEMORY_PROTECTION 1 #cmakedefine HAVE_GCC_NARG_MACRO 1 diff --git a/examples/knownhosts.c b/examples/knownhosts.c index cbca7e0c..d06969f7 100644 --- a/examples/knownhosts.c +++ b/examples/knownhosts.c @@ -17,11 +17,14 @@ The goal is to show the API in action. It's not a reference on how terminal clients must be made or how a client should react. */ +#include "config.h" + #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> +#include "libssh/priv.h" #include <libssh/libssh.h> #include "examples_common.h" @@ -73,6 +76,7 @@ int verify_knownhost(ssh_session session){ fprintf(stderr,"Could not find known host file. If you accept the host key here,\n"); fprintf(stderr,"the file will be automatically created.\n"); /* fallback to SSH_SERVER_NOT_KNOWN behavior */ + FALL_THROUGH; case SSH_SERVER_NOT_KNOWN: hexa = ssh_get_hexa(hash, hlen); fprintf(stderr,"The server is unknown. Do you trust the host key ?\n"); diff --git a/include/libssh/priv.h b/include/libssh/priv.h index d31992d4..c2d20b2d 100644 --- a/include/libssh/priv.h +++ b/include/libssh/priv.h @@ -29,7 +29,8 @@ #ifndef _LIBSSH_PRIV_H #define _LIBSSH_PRIV_H -#include "config.h" +#include <stdlib.h> +#include <string.h> #if !defined(HAVE_STRTOULL) # if defined(HAVE___STRTOULL) @@ -383,6 +384,14 @@ int ssh_connector_remove_event(ssh_connector connector); # endif #endif +#ifndef FALL_THROUGH +# ifdef HAVE_FALLTHROUGH_ATTRIBUTE +# define FALL_THROUGH __attribute__ ((fallthrough)) +# else /* HAVE_FALLTHROUGH_ATTRIBUTE */ +# define FALL_THROUGH +# endif /* HAVE_FALLTHROUGH_ATTRIBUTE */ +#endif /* FALL_THROUGH */ + void ssh_agent_state_free(void *data); #endif /* _LIBSSH_PRIV_H */ diff --git a/include/libssh/server.h b/include/libssh/server.h index c2132de1..aeacda00 100644 --- a/include/libssh/server.h +++ b/include/libssh/server.h @@ -188,6 +188,24 @@ LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session); LIBSSH_API int ssh_handle_key_exchange(ssh_session session); /** + * @brief Initialize the set of key exchange, hostkey, ciphers, MACs, and + * compression algorithms for the given ssh_session. + * + * The selection of algorithms and keys used are determined by the + * options that are currently set in the given ssh_session structure. + * May only be called before the initial key exchange has begun. + * + * @param session The session structure to initialize. + * + * @see ssh_handle_key_exchange + * @see ssh_options_set + * + * @return SSH_OK if initialization succeeds. + */ + +LIBSSH_API int ssh_server_init_kex(ssh_session session); + +/** * @brief Free a ssh servers bind. * * @param ssh_bind_o The ssh server bind to free. diff --git a/include/libssh/sftp.h b/include/libssh/sftp.h index 63673ca3..8f385854 100644 --- a/include/libssh/sftp.h +++ b/include/libssh/sftp.h @@ -863,18 +863,18 @@ LIBSSH_API void sftp_client_message_set_filename(sftp_client_message msg, const LIBSSH_API const char *sftp_client_message_get_data(sftp_client_message msg); LIBSSH_API uint32_t sftp_client_message_get_flags(sftp_client_message msg); LIBSSH_API int sftp_send_client_message(sftp_session sftp, sftp_client_message msg); -int sftp_reply_name(sftp_client_message msg, const char *name, +LIBSSH_API int sftp_reply_name(sftp_client_message msg, const char *name, sftp_attributes attr); -int sftp_reply_handle(sftp_client_message msg, ssh_string handle); -ssh_string sftp_handle_alloc(sftp_session sftp, void *info); -int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr); -void *sftp_handle(sftp_session sftp, ssh_string handle); -int sftp_reply_status(sftp_client_message msg, uint32_t status, const char *message); -int sftp_reply_names_add(sftp_client_message msg, const char *file, +LIBSSH_API int sftp_reply_handle(sftp_client_message msg, ssh_string handle); +LIBSSH_API ssh_string sftp_handle_alloc(sftp_session sftp, void *info); +LIBSSH_API int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr); +LIBSSH_API void *sftp_handle(sftp_session sftp, ssh_string handle); +LIBSSH_API int sftp_reply_status(sftp_client_message msg, uint32_t status, const char *message); +LIBSSH_API int sftp_reply_names_add(sftp_client_message msg, const char *file, const char *longname, sftp_attributes attr); -int sftp_reply_names(sftp_client_message msg); -int sftp_reply_data(sftp_client_message msg, const void *data, int len); -void sftp_handle_remove(sftp_session sftp, void *handle); +LIBSSH_API int sftp_reply_names(sftp_client_message msg); +LIBSSH_API int sftp_reply_data(sftp_client_message msg, const void *data, int len); +LIBSSH_API void sftp_handle_remove(sftp_session sftp, void *handle); /* SFTP commands and constants */ #define SSH_FXP_INIT 1 @@ -22,9 +22,9 @@ * MA 02111-1307, USA. */ -#include <stdlib.h> +#include "config.h" + #include <stdio.h> -#include <string.h> #ifndef _WIN32 #include <netinet/in.h> @@ -707,6 +707,7 @@ static int ssh_userauth_agent_publickey(ssh_session session, rc = ssh_buffer_add_ssh_string(session->out_buffer, str); ssh_string_free(str); + str = NULL; if (rc < 0) { goto fail; } diff --git a/src/base64.c b/src/base64.c index 2a162d0b..2bb33ee6 100644 --- a/src/base64.c +++ b/src/base64.c @@ -22,9 +22,9 @@ */ /* just the dirtiest part of code i ever made */ -#include <string.h> +#include "config.h" + #include <stdio.h> -#include <stdlib.h> #include "libssh/priv.h" #include "libssh/buffer.h" diff --git a/src/bignum.c b/src/bignum.c index fd6cf954..346a08a8 100644 --- a/src/bignum.c +++ b/src/bignum.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <stdio.h> #include "libssh/priv.h" diff --git a/src/buffer.c b/src/buffer.c index 2da6758a..96250e90 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -21,9 +21,9 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <limits.h> -#include <stdlib.h> -#include <string.h> #include <stdarg.h> #ifndef _WIN32 diff --git a/src/channels.c b/src/channels.c index d32f0d7a..b74c4f3d 100644 --- a/src/channels.c +++ b/src/channels.c @@ -22,9 +22,9 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <limits.h> -#include <string.h> -#include <stdlib.h> #include <stdio.h> #include <errno.h> #include <time.h> diff --git a/src/client.c b/src/client.c index 11a00229..6343dc6a 100644 --- a/src/client.c +++ b/src/client.c @@ -21,9 +21,9 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <stdio.h> -#include <stdlib.h> -#include <string.h> #ifndef _WIN32 #include <netinet/in.h> diff --git a/src/config.c b/src/config.c index 42148df7..25d64998 100644 --- a/src/config.c +++ b/src/config.c @@ -251,6 +251,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line, opcode = ssh_config_get_opcode(keyword); if (*parsing == 1 && opcode != SOC_HOST && opcode != SOC_UNSUPPORTED && opcode != SOC_INCLUDE) { if (seen[opcode] != 0) { + SAFE_FREE(x); return 0; } seen[opcode] = 1; diff --git a/src/connector.c b/src/connector.c index 54e85241..6f15ee28 100644 --- a/src/connector.c +++ b/src/connector.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include "libssh/priv.h" #include "libssh/poll.h" #include "libssh/callbacks.h" @@ -131,11 +131,18 @@ int ssh_get_random(void *where, int len, int strong){ return 1; #elif defined HAVE_LIBCRYPTO +# if OPENSSL_VERSION_NUMBER > 0x10100000L + /* variable not used in new libcrypto */ + (void) strong; + + return RAND_bytes(where, len); +# else /* OPENSSL_VERSION_NUMBER */ if (strong) { return RAND_bytes(where,len); } else { return RAND_pseudo_bytes(where,len); } +# endif /* OPENSSL_VERSION_NUMBER */ #endif /* never reached */ diff --git a/src/error.c b/src/error.c index bd755c4f..f1ba945b 100644 --- a/src/error.c +++ b/src/error.c @@ -21,6 +21,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <stdio.h> #include <stdarg.h> #include "libssh/priv.h" diff --git a/src/external/bcrypt_pbkdf.c b/src/external/bcrypt_pbkdf.c index 55868819..fdf84d0f 100644 --- a/src/external/bcrypt_pbkdf.c +++ b/src/external/bcrypt_pbkdf.c @@ -19,6 +19,8 @@ #ifndef HAVE_BCRYPT_PBKDF +#include "config.h" + #include "libssh/priv.h" #include "libssh/wrapper.h" #include <stdlib.h> diff --git a/src/external/fe25519.c b/src/external/fe25519.c index db31f651..2b0b673e 100644 --- a/src/external/fe25519.c +++ b/src/external/fe25519.c @@ -4,6 +4,8 @@ * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c */ +#include "config.h" + #define WINDOWSIZE 1 /* Should be 1,2, or 4 */ #define WINDOWMASK ((1<<WINDOWSIZE)-1) diff --git a/src/external/ge25519.c b/src/external/ge25519.c index b098cc5e..ffeb1d58 100644 --- a/src/external/ge25519.c +++ b/src/external/ge25519.c @@ -6,6 +6,8 @@ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c */ +#include "config.h" + #include "libssh/fe25519.h" #include "libssh/sc25519.h" #include "libssh/ge25519.h" diff --git a/src/external/sc25519.c b/src/external/sc25519.c index c7a02ee6..5f198d5b 100644 --- a/src/external/sc25519.c +++ b/src/external/sc25519.c @@ -4,6 +4,8 @@ * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c */ +#include "config.h" + #include "libssh/priv.h" #include "libssh/sc25519.h" diff --git a/src/match.c b/src/match.c index 53620bdd..c613a2e6 100644 --- a/src/match.c +++ b/src/match.c @@ -35,8 +35,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "config.h" + #include <ctype.h> -#include <string.h> #include <sys/types.h> #include "libssh/priv.h" @@ -109,6 +110,7 @@ static int match_pattern(const char *s, const char *pattern) { } /* NOTREACHED */ + return 0; } /* diff --git a/src/packet.c b/src/packet.c index 33943aef..6e84dc80 100644 --- a/src/packet.c +++ b/src/packet.c @@ -220,7 +220,7 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) /* Saves the status of the current operations */ session->in_packet.len = len; session->packet_state = PACKET_STATE_SIZEREAD; - /* FALL TROUGH */ + FALL_THROUGH; case PACKET_STATE_SIZEREAD: len = session->in_packet.len; to_be_read = len - blocksize + sizeof(uint32_t) + current_macsize; diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 70ac6854..19821725 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -25,6 +25,8 @@ #ifndef _PKI_CRYPTO_H #define _PKI_CRYPTO_H +#include "config.h" + #include "libssh/priv.h" #include <openssl/pem.h> @@ -451,11 +453,24 @@ int pki_key_generate_rsa(ssh_key key, int parameter){ int pki_key_generate_dss(ssh_key key, int parameter){ int rc; +#if OPENSSL_VERSION_NUMBER > 0x10100000L + rc = DSA_generate_parameters_ex(key->dsa, + parameter, + NULL, /* seed */ + 0, /* seed_len */ + NULL, /* counter_ret */ + NULL, /* h_ret */ + NULL); /* cb */ + if (rc != 1) { + return SSH_ERROR; + } +#else key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL, NULL, NULL); if(key->dsa == NULL){ return SSH_ERROR; } +#endif rc = DSA_generate_key(key->dsa); if (rc != 1){ DSA_free(key->dsa); diff --git a/src/pki_ed25519.c b/src/pki_ed25519.c index 393948ac..8ff398cb 100644 --- a/src/pki_ed25519.c +++ b/src/pki_ed25519.c @@ -21,6 +21,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include "libssh/pki.h" #include "libssh/pki_priv.h" #include "libssh/ed25519.h" diff --git a/src/server.c b/src/server.c index 25fdd0c5..b2552eaa 100644 --- a/src/server.c +++ b/src/server.c @@ -75,12 +75,12 @@ static int dh_handshake_server(ssh_session session); */ /** @internal - * This functions sets the Key Exchange protocols to be accepted - * by the server. They depend on - * -What the user asked (via options) - * -What is available (keys) - * It should then accept the intersection of what the user asked - * and what is available, and return an error if nothing matches + * + * @brief initialize the set of key exchange, hostkey, ciphers, MACs, and + * compression algorithms for the given ssh_session + * + * The selection of algorithms and keys used are determined by the + * options that are currently set in the given ssh_session structure. */ static int server_set_kex(ssh_session session) { @@ -149,6 +149,21 @@ static int server_set_kex(ssh_session session) { return 0; } +int ssh_server_init_kex(ssh_session session) { + int i; + + if (session->session_state > SSH_SESSION_STATE_BANNER_RECEIVED) { + return SSH_ERROR; + } + + /* free any currently-set methods: server_set_kex will allocate new ones */ + for (i = 0; i < 10 /* SSH_KEX_METHODS */; i++) { + SAFE_FREE(session->next_crypto->server_kex.methods[i]); + } + + return server_set_kex(session); +} + /** @internal * @brief parse an incoming SSH_MSG_KEXDH_INIT packet and complete * key exchange @@ -24,12 +24,12 @@ /* This file contains code written by Nick Zitzmann */ +#include "config.h" + #include <errno.h> #include <ctype.h> #include <fcntl.h> -#include <stdlib.h> #include <stdio.h> -#include <string.h> #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> diff --git a/src/sftpserver.c b/src/sftpserver.c index 659a688a..820e9668 100644 --- a/src/sftpserver.c +++ b/src/sftpserver.c @@ -21,8 +21,8 @@ * MA 02111-1307, USA. */ -#include <stdlib.h> -#include <string.h> +#include "config.h" + #include <stdio.h> #ifndef _WIN32 diff --git a/src/socket.c b/src/socket.c index 76dc55e5..95dedbb2 100644 --- a/src/socket.c +++ b/src/socket.c @@ -21,9 +21,9 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <errno.h> -#include <string.h> -#include <stdlib.h> #include <stdio.h> #ifdef _WIN32 #include <winsock2.h> diff --git a/src/string.c b/src/string.c index ba112716..67bce7dc 100644 --- a/src/string.c +++ b/src/string.c @@ -21,10 +21,10 @@ * MA 02111-1307, USA. */ +#include "config.h" + #include <errno.h> #include <limits.h> -#include <stdlib.h> -#include <string.h> #ifndef _WIN32 #include <netinet/in.h> diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c index 81f3a328..6f49eff3 100644 --- a/tests/client/torture_algorithms.c +++ b/tests/client/torture_algorithms.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" @@ -77,20 +79,30 @@ static int session_teardown(void **state) return 0; } -static void test_algorithm(ssh_session session, const char *algo, const char *hmac) { +static void test_algorithm(ssh_session session, + const char *kex, + const char *cipher, + const char *hmac) { int rc; - rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, algo); - assert_int_equal(rc, SSH_OK); - - rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, algo); - assert_int_equal(rc, SSH_OK); + if (kex != NULL) { + rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, kex); + assert_int_equal(rc, SSH_OK); + } - rc = ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, hmac); - assert_int_equal(rc, SSH_OK); + if (cipher != NULL) { + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, cipher); + assert_int_equal(rc, SSH_OK); + rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, cipher); + assert_int_equal(rc, SSH_OK); + } - rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, hmac); - assert_int_equal(rc, SSH_OK); + if (hmac != NULL) { + rc = ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, hmac); + assert_int_equal(rc, SSH_OK); + rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, hmac); + assert_int_equal(rc, SSH_OK); + } rc = ssh_connect(session); assert_int_equal(rc, SSH_OK); @@ -107,145 +119,145 @@ static void test_algorithm(ssh_session session, const char *algo, const char *hm static void torture_algorithms_aes128_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes128-cbc", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha1"); } static void torture_algorithms_aes128_cbc_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes128-cbc", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-256"); } static void torture_algorithms_aes128_cbc_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes128-cbc", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-cbc", "hmac-sha2-512"); } static void torture_algorithms_aes192_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes192-cbc", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha1"); } static void torture_algorithms_aes192_cbc_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes192-cbc", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-256"); } static void torture_algorithms_aes192_cbc_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes192-cbc", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-cbc", "hmac-sha2-512"); } static void torture_algorithms_aes256_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes256-cbc", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha1"); } static void torture_algorithms_aes256_cbc_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes256-cbc", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-256"); } static void torture_algorithms_aes256_cbc_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes256-cbc", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-cbc", "hmac-sha2-512"); } static void torture_algorithms_aes128_ctr_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes128-ctr", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha1"); } static void torture_algorithms_aes128_ctr_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes128-ctr", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-256"); } static void torture_algorithms_aes128_ctr_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes128-ctr", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes128-ctr", "hmac-sha2-512"); } static void torture_algorithms_aes192_ctr_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes192-ctr", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha1"); } static void torture_algorithms_aes192_ctr_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes192-ctr", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-256"); } static void torture_algorithms_aes192_ctr_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes192-ctr", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes192-ctr", "hmac-sha2-512"); } static void torture_algorithms_aes256_ctr_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes256-ctr", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha1"); } static void torture_algorithms_aes256_ctr_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes256-ctr", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-256"); } static void torture_algorithms_aes256_ctr_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "aes256-ctr", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "aes256-ctr", "hmac-sha2-512"); } static void torture_algorithms_3des_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "3des-cbc", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha1"); } static void torture_algorithms_3des_cbc_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "3des-cbc", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-256"); } static void torture_algorithms_3des_cbc_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "3des-cbc", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-512"); } static void torture_algorithms_blowfish_cbc_hmac_sha1(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "blowfish-cbc", "hmac-sha1"); + test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha1"); } static void torture_algorithms_blowfish_cbc_hmac_sha2_256(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "blowfish-cbc", "hmac-sha2-256"); + test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-256"); } static void torture_algorithms_blowfish_cbc_hmac_sha2_512(void **state) { struct torture_state *s = *state; - test_algorithm(s->ssh.session, "blowfish-cbc", "hmac-sha2-512"); + test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-512"); } static void torture_algorithms_zlib(void **state) { @@ -328,80 +340,29 @@ static void torture_algorithms_zlib_openssh(void **state) { #if defined(HAVE_ECC) static void torture_algorithms_ecdh_sha2_nistp256(void **state) { struct torture_state *s = *state; - ssh_session session = s->ssh.session; - int rc; - rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp256"); - assert_int_equal(rc, SSH_OK); - - rc = ssh_connect(session); - assert_int_equal(rc, SSH_OK); - rc = ssh_userauth_none(session, NULL); - if (rc != SSH_OK) { - rc = ssh_get_error_code(session); - assert_int_equal(rc, SSH_REQUEST_DENIED); - } - - ssh_disconnect(session); + test_algorithm(s->ssh.session, "ecdh-sha2-nistp256", NULL/*cipher*/, NULL/*hmac*/); } static void torture_algorithms_ecdh_sha2_nistp384(void **state) { struct torture_state *s = *state; - ssh_session session = s->ssh.session; - int rc; - - rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp384"); - assert_int_equal(rc, SSH_OK); - - rc = ssh_connect(session); - assert_int_equal(rc, SSH_OK); - rc = ssh_userauth_none(session, NULL); - if (rc != SSH_OK) { - rc = ssh_get_error_code(session); - assert_int_equal(rc, SSH_REQUEST_DENIED); - } - ssh_disconnect(session); + test_algorithm(s->ssh.session, "ecdh-sha2-nistp384", NULL/*cipher*/, NULL/*hmac*/); } static void torture_algorithms_ecdh_sha2_nistp521(void **state) { struct torture_state *s = *state; - ssh_session session = s->ssh.session; - int rc; - - rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp521"); - assert_int_equal(rc, SSH_OK); - - rc = ssh_connect(session); - assert_int_equal(rc, SSH_OK); - rc = ssh_userauth_none(session, NULL); - if (rc != SSH_OK) { - rc = ssh_get_error_code(session); - assert_int_equal(rc, SSH_REQUEST_DENIED); - } - ssh_disconnect(session); + test_algorithm(s->ssh.session, "ecdh-sha2-nistp521", NULL/*cipher*/, NULL/*hmac*/); } #endif static void torture_algorithms_dh_group1(void **state) { struct torture_state *s = *state; - ssh_session session = s->ssh.session; - int rc; - rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group1-sha1"); - assert_int_equal(rc, SSH_OK); - - rc = ssh_connect(session); - assert_int_equal(rc, SSH_OK); - rc = ssh_userauth_none(session, NULL); - if (rc != SSH_OK) { - rc = ssh_get_error_code(session); - assert_int_equal(rc, SSH_REQUEST_DENIED); - } - - ssh_disconnect(session); + test_algorithm(s->ssh.session, "diffie-hellman-group1-sha1", NULL/*cipher*/, NULL/*hmac*/); } + int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c index 673ba467..754c66cc 100644 --- a/tests/client/torture_auth.c +++ b/tests/client/torture_auth.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_connect.c b/tests/client/torture_connect.c index 45e32b4c..0d445974 100644 --- a/tests/client/torture_connect.c +++ b/tests/client/torture_connect.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_forward.c b/tests/client/torture_forward.c index 170fd340..7a0f3d9a 100644 --- a/tests/client/torture_forward.c +++ b/tests/client/torture_forward.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c index 00aa8269..1702b467 100644 --- a/tests/client/torture_knownhosts.c +++ b/tests/client/torture_knownhosts.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c index 025fa8dc..2c9c8b9f 100644 --- a/tests/client/torture_proxycommand.c +++ b/tests/client/torture_proxycommand.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_request_env.c b/tests/client/torture_request_env.c index a5664217..269116d3 100644 --- a/tests/client/torture_request_env.c +++ b/tests/client/torture_request_env.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_session.c b/tests/client/torture_session.c index 2962e464..3940bdc3 100644 --- a/tests/client/torture_session.c +++ b/tests/client/torture_session.c @@ -19,6 +19,8 @@ * MA 02111-1307, USA. */ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_sftp_dir.c b/tests/client/torture_sftp_dir.c index c4de2f60..80ca43a8 100644 --- a/tests/client/torture_sftp_dir.c +++ b/tests/client/torture_sftp_dir.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/client/torture_sftp_ext.c b/tests/client/torture_sftp_ext.c index 53644ce9..53a4a34f 100644 --- a/tests/client/torture_sftp_ext.c +++ b/tests/client/torture_sftp_ext.c @@ -1,5 +1,7 @@ #define LIBSSH_STATIC +#include "config.h" + #include "torture.h" #include "sftp.c" diff --git a/tests/client/torture_sftp_fsync.c b/tests/client/torture_sftp_fsync.c index 02e22e09..677bb90d 100644 --- a/tests/client/torture_sftp_fsync.c +++ b/tests/client/torture_sftp_fsync.c @@ -1,5 +1,7 @@ #define LIBSSH_STATIC +#include "config.h" + #include "torture.h" #include "sftp.c" diff --git a/tests/client/torture_sftp_read.c b/tests/client/torture_sftp_read.c index 51578773..a888a17b 100644 --- a/tests/client/torture_sftp_read.c +++ b/tests/client/torture_sftp_read.c @@ -1,5 +1,7 @@ #define LIBSSH_STATIC +#include "config.h" + #include "torture.h" #include "sftp.c" diff --git a/tests/pkd/pkd_daemon.c b/tests/pkd/pkd_daemon.c index 44cd0ce3..9860ca56 100644 --- a/tests/pkd/pkd_daemon.c +++ b/tests/pkd/pkd_daemon.c @@ -364,8 +364,7 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args) { while ((ctx.keep_going != 0) && (pkd_state.eof_received == 0) && - (pkd_state.close_received == 0) && - (ssh_channel_is_closed(c) == 0)) { + (pkd_state.close_received == 0)) { rc = ssh_event_dopoll(e, 1000 /* milliseconds */); if (rc == SSH_ERROR) { pkderr("ssh_event_dopoll for eof + close: %s\n", ssh_get_error(s)); @@ -374,6 +373,17 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args) { rc = 0; } } + + while ((ctx.keep_going != 0) && + (ssh_is_connected(s))) { + rc = ssh_event_dopoll(e, 1000 /* milliseconds */); + if (rc == SSH_ERROR) { + pkderr("ssh_event_dopoll for session connection: %s\n", ssh_get_error(s)); + break; + } else { + rc = 0; + } + } goto out; outclose: @@ -488,6 +498,7 @@ void pkd_stop(struct pkd_result *out) { int rc = 0; ctx.keep_going = 0; + close(pkd_state.server_fd); rc = pthread_kill(ctx.tid, SIGUSR1); assert_int_equal(rc, 0); diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index 4b0ae0ac..4db8ee5c 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -3,10 +3,10 @@ * * (c) 2014, 2017 Jon Simons <jon@jonsimons.org> */ +#include "config.h" #include <setjmp.h> // for cmocka #include <stdarg.h> // for cmocka -#include <stdlib.h> #include <stdio.h> #include <unistd.h> // for cmocka #include <cmocka.h> @@ -555,6 +555,7 @@ static int pkd_run_tests(void) { int main(int argc, char **argv) { int i = 0; int rc = 0; + int exit_code = -1; unsetenv("SSH_AUTH_SOCK"); @@ -575,9 +576,9 @@ int main(int argc, char **argv) { printf("%s\n", testmap[i++].testname); } } else { - rc = pkd_run_tests(); - if (rc != 0) { - fprintf(stderr, "pkd_run_tests failed: %d\n", rc); + exit_code = pkd_run_tests(); + if (exit_code != 0) { + fprintf(stderr, "pkd_run_tests failed: %d\n", exit_code); } } @@ -586,5 +587,5 @@ int main(int argc, char **argv) { fprintf(stderr, "ssh_finalize: %d\n", rc); } out: - return rc; + return exit_code; } diff --git a/tests/unittests/torture_buffer.c b/tests/unittests/torture_buffer.c index 2a11c81a..4d29a2a5 100644 --- a/tests/unittests/torture_buffer.c +++ b/tests/unittests/torture_buffer.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_callbacks.c b/tests/unittests/torture_callbacks.c index e0b7882e..f5923309 100644 --- a/tests/unittests/torture_callbacks.c +++ b/tests/unittests/torture_callbacks.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_channel.c b/tests/unittests/torture_channel.c index fd98f95d..0762df94 100644 --- a/tests/unittests/torture_channel.c +++ b/tests/unittests/torture_channel.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include <libssh/priv.h> diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c index 8be0334c..0b17a7ab 100644 --- a/tests/unittests/torture_config.c +++ b/tests/unittests/torture_config.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" @@ -6,6 +8,7 @@ #define LIBSSH_TESTCONFIG1 "libssh_testconfig1.tmp" #define LIBSSH_TESTCONFIG2 "libssh_testconfig2.tmp" #define LIBSSH_TESTCONFIG3 "libssh_testconfig3.tmp" +#define LIBSSH_TESTCONFIG4 "libssh_testconfig4.tmp" #define USERNAME "testuser" #define PROXYCMD "ssh -q -W %h:%p gateway.example.com" @@ -18,6 +21,7 @@ static int setup_config_files(void **state) unlink(LIBSSH_TESTCONFIG1); unlink(LIBSSH_TESTCONFIG2); unlink(LIBSSH_TESTCONFIG3); + unlink(LIBSSH_TESTCONFIG4); torture_write_file(LIBSSH_TESTCONFIG1, "User "USERNAME"\nInclude "LIBSSH_TESTCONFIG2"\n\n"); @@ -27,6 +31,10 @@ static int setup_config_files(void **state) torture_write_file(LIBSSH_TESTCONFIG3, "\n\nIdentityFile "ID_FILE"\n"); + /* Multiple Port settings -> parsing returns early. */ + torture_write_file(LIBSSH_TESTCONFIG4, + "Port 123\nPort 456\n"); + session = ssh_new(); *state = session; @@ -38,6 +46,7 @@ static int teardown(void **state) unlink(LIBSSH_TESTCONFIG1); unlink(LIBSSH_TESTCONFIG2); unlink(LIBSSH_TESTCONFIG3); + unlink(LIBSSH_TESTCONFIG4); ssh_free(*state); @@ -46,7 +55,7 @@ static int teardown(void **state) /** - * @brief tests the privatekey_from_file function with passphrase + * @brief tests ssh_config_parse_file with Include directives */ static void torture_config_from_file(void **state) { ssh_session session = *state; @@ -78,12 +87,24 @@ static void torture_config_from_file(void **state) { } +/** + * @brief tests ssh_config_parse_file with multiple Port settings. + */ +static void torture_config_double_ports(void **state) { + ssh_session session = *state; + int ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG4); + assert_true(ret == 0); +} + int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { cmocka_unit_test_setup_teardown(torture_config_from_file, setup_config_files, teardown), + cmocka_unit_test_setup_teardown(torture_config_double_ports, + setup_config_files, + teardown), }; diff --git a/tests/unittests/torture_crypto.c b/tests/unittests/torture_crypto.c index 3bddb371..755e5c0b 100644 --- a/tests/unittests/torture_crypto.c +++ b/tests/unittests/torture_crypto.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_init.c b/tests/unittests/torture_init.c index 4a3cfe55..1713b7b9 100644 --- a/tests/unittests/torture_init.c +++ b/tests/unittests/torture_init.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_isipaddr.c b/tests/unittests/torture_isipaddr.c index a6582a29..d2b4ba33 100644 --- a/tests/unittests/torture_isipaddr.c +++ b/tests/unittests/torture_isipaddr.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_keyfiles.c b/tests/unittests/torture_keyfiles.c index e5f054f9..023396e7 100644 --- a/tests/unittests/torture_keyfiles.c +++ b/tests/unittests/torture_keyfiles.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_list.c b/tests/unittests/torture_list.c index 9786c5b6..0b15fae8 100644 --- a/tests/unittests/torture_list.c +++ b/tests/unittests/torture_list.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c index 1d0e0f5c..de84c4a3 100644 --- a/tests/unittests/torture_misc.c +++ b/tests/unittests/torture_misc.c @@ -1,3 +1,4 @@ +#include "config.h" #include <sys/types.h> #ifndef _WIN32 diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c index 05dadba4..f3197b8f 100644 --- a/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #ifndef _WIN32 diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c index 8e6e2b63..b0e6840c 100644 --- a/tests/unittests/torture_pki.c +++ b/tests/unittests/torture_pki.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_pki_ed25519.c b/tests/unittests/torture_pki_ed25519.c index 4270d169..11a72db3 100644 --- a/tests/unittests/torture_pki_ed25519.c +++ b/tests/unittests/torture_pki_ed25519.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include "torture.h" diff --git a/tests/unittests/torture_rand.c b/tests/unittests/torture_rand.c index 95c61316..46815c48 100644 --- a/tests/unittests/torture_rand.c +++ b/tests/unittests/torture_rand.c @@ -1,3 +1,5 @@ +#include "config.h" + #define LIBSSH_STATIC #include <libssh/priv.h> #include <libssh/callbacks.h> |