aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2021-01-28tests: Verify the configuration can set more identity files from one ↵Jakub Jelen1-0/+29
configuration file Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-01-12tests/external_override: Add override test for internal implementationsAnderson Toshiyuki Sasaki13-0/+931
This adds a test to check if the internal implementation is not used when it is not supposed to be used. To be able to override functions using LD_PRELOAD, a shared version of the torture library was added, as well as a shared library for each of the algorithms implemented internally (ChaCha20, Poly1305, curve25519, and ed25519). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2021-01-11torture_session: Test delayed closeAnderson Toshiyuki Sasaki1-0/+43
The test for delayed close asks for the execution of a command that generates big output (larger than the default window) to make data to remain in buffers while the close message arrives, triggering the delayed channel closure. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-12-11Always check return value of ssh_list_new()Dirkjan Bussink1-0/+5
Another item identified during code review was cases where the return value of ssh_list_new() was not properly checked and handled. This updates all cases that were missing this to handle failure to allocate a new list. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-11Add safety checks for all ssh_string_fill callsDirkjan Bussink2-3/+7
These calls can fail and the return code should always be checked. These issues were identified when code review called it out on new code. The updates here are to existing code with no behavior changes to make review simpler. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-11Ignore request success and failure message if they are not expectedDirkjan Bussink1-0/+96
In https://gitlab.com/libssh/libssh-mirror/-/merge_requests/145#note_463232084 behavior in libssh was identified where it diverges from how for example OpenSSH behaves. In OpenSSH if a request success of failure message is received, apart from it being treated as a keepalive message, it is ignored otherwise. Libssh does handle the unexpected message and triggers an error condition internally. This means that with the Dropbear behavior where it replies to a hostkeys-00@openssh.com message even with a want_reply = 0 (arguably a bug), libssh enters an error state. This change makes the libssh behavior match OpenSSH to ignore these messages. The spec is a bit unclear on whether Dropbear is buggy here or not, but let's be liberal with the input accepted here in libssh. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-10auth: Add ssh_userauth_publickey_auto_get_current_identity()Marius Vollmer4-0/+125
Signed-off-by: Marius Vollmer <mvollmer@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-12-08fuzz: Extend readme for reproducing and debugging tipsJakub Jelen1-0/+64
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-11-03tests for parsing configuration string; rework and many fixesStanislav Zidek1-423/+815
Signed-off-by: Stanislav Zidek <szidek@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-11-02tests: Disable *cbc ciphers in Dropbear testsJakub Jelen1-23/+42
These are disabled in latest since Dropbear 2020.79, while older do not support anything better than aes-ctr ciphers. We should implement some dynamic algorithm detection for dropbear too to increase test coverage. https://bugs.libssh.org/T252 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-14Add initial server algorithm test for no HMAC overlapDirkjan Bussink2-0/+365
This adds an initial test with all AEAD modes to verify that they work if there is no overlap in HMAC ciphers. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-10-14tests: Test MAC algorithm mismatch when AEAD cipher is selectedJakub Jelen1-0/+57
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-10-14torture: Place additional configuration options before defaults so they can ↵Jakub Jelen1-10/+10
override them Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-09-29src/kex.c: removes DES and SHA1 from mac and kex algorithms by default.Sahana Prasad1-13/+20
Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-09-02Add a new location of sftp-server on TumbleweedJakub Jelen1-0/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-07-16tests: Add test case for T191Anderson Toshiyuki Sasaki1-0/+99
Add a test case to verify that the server returns the correct signature when it negotiated an RSA signature algorithm for the host key different from the one it prefers (e.g. when the client prefers ssh-rsa over rsa-sha2-256 and rsa-sha2-512). Fixes T240 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-07-16tests: Add a test case for T75Anderson Toshiyuki Sasaki1-0/+56
The test checks if the client can handle the error returned by the server when the maximum number of channel sessions is exceeded. Fixes T239 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-06-24tests: Do not parse configuration file in torture_knownhostsAnderson Toshiyuki Sasaki1-0/+8
The test might fail if there is a local configuration file that changes the location of the known_hosts file. The test should not be affected by configuration files present in the testing environment. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-06-22tests: Add test for CVE-2019-14889Anderson Toshiyuki Sasaki1-0/+84
The test checks if a command appended to the file path is not executed. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-21Removed old, 10 years unused test filesJakub Jelen8-622/+0
They do not build anymore and I believe most of their functionality is already covered by new testst. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-20unittests: updates torture_pki_ecdsa_uri test by adding negative test cases ↵Sahana Prasad1-1/+58
to ensure there is no crash when ssh_pki_export_pubkey_blob() is incorrectly used to export ecdsa pubkeys from privkeys when pubkeys are not imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20tests/torture.c: update the definition of torture_setup_tokens() to take ↵Sahana Prasad5-11/+16
load_public as an option that determines if public keys must be loaded in pkcs #11 tokens or not. tests: Adds the load_public parameter in all files where torture_setup_tokens() was used. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-20tests/pkcs11/setup-softhsm-tokens.sh: updates the script to handle ↵Sahana Prasad1-9/+13
LOADPUBLIC parameter. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-06cmake: Add autogenerated libssh_version.hHeiko Thiery4-0/+4
Set the cmake project verision to the autogenerated file to have a single point to set the version. This will be included in the libssh.h file. Pair-Programmed-With: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05fuzz: Avoid warnings from csbuild in fuzzersJakub Jelen2-3/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Add instructions for corpus creation and first corpus filesJakub Jelen3-0/+69
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Allow to increase log level from server fuzzerJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Do not parse configuration filesJakub Jelen2-0/+6
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Use none cipher and MACJakub Jelen2-1/+18
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Cover ssh_options_getopt with unit testsJakub Jelen1-0/+148
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Verify functionality of none cipher and macJakub Jelen1-8/+46
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Simplify definition of fuzzing targets and build them also with gccJakub Jelen2-21/+57
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05fuzz: Correctly sort members initialization to prevent GCC warningsJakub Jelen1-1/+1
tests/fuzz/ssh_client_fuzzer.cpp:45:1: error: designator order for field ‘ssh_callbacks_struct::userdata’ does not match declaration order in ‘ssh_callbacks_struct’ Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-05-05tests: Enable all CASignatureAlgorithms as SHA1 certificates are now ↵Jakub Jelen1-0/+3
disabled in OpenSSH 8.2p1 This option is unknown to older OpenSSH versions (for example CentOS 7 with OpenSSH 7.4) so we can not add it everywhere. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-24tests: add testcases for ssh_channel_poll_timeout()Heiko Thiery1-0/+54
This adds testcases for the regression introduced in 3bad0607. Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-20tests: Enable RSA SHA1 certs for testing against older OpenSSHJakub Jelen1-0/+6
The OpenSSH 7.4 or 7.6 in Ubuntu and CentOS 7 does not support SHA2 RSA certificates and libssh automatically falls back to SHA1, which is not allowed by default. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20tests: Update coverage of config_parserJakub Jelen1-7/+113
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20Disable RSA and DSA keys with sha1 by defaultJakub Jelen1-12/+4
Fixes: T218 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20pkd: Enable all hostkeysJakub Jelen1-0/+10
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20tests: Enable all host key algorithms in testing clientJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-20Make the testing ping use all supported algorithmsJakub Jelen2-1/+15
Previously, it would use only the default set, which makes some tests failing including the DSA ones and disabled RSA with SHA1. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2020-04-15Fix FTBFS on hurd-i386Laurent Bigonville1-0/+4
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933015 Signed-off-by: Laurent Bigonville <bigon@bigon.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-04-09client: Check if the library is initialized in ssh_connect()Anderson Toshiyuki Sasaki1-0/+33
If the library is not initialized, SSH_ERROR is returned and the error message is set properly. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-09init: Introduce internal is_ssh_initialized()Anderson Toshiyuki Sasaki1-0/+23
The introduced function returns whether the library is initialized or not. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-04-06kex: Add support for diffie-hellman-group14-sha256Anderson Toshiyuki Sasaki3-2/+29
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-03-29tests: Mark unreachable points after fail_msg()Anderson Toshiyuki Sasaki1-2/+18
fail_msg() is not expected to return. Mark the points after calling it as unreachable to clarify this to the compiler. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-03-29torture_server_config: Run the server under timeoutAnderson Toshiyuki Sasaki1-79/+10
Timeout will kill the server if it hangs. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-03-29torture_server: Run the server under timeoutAnderson Toshiyuki Sasaki1-172/+16
Use the function which starts the test server under timeout. This way timeout will kill the server if it hangs. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-03-29torture: Added a function to setup a libssh based serverAnderson Toshiyuki Sasaki4-1/+249
The added function runs the test server under timeout program to kill it if it elapses the default timeout of 5 minutes. An auxiliary function to create a libssh server configuration file was also added. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-03-29test_server: Added an option to write PID to fileAnderson Toshiyuki Sasaki1-0/+31
Using the added option it is possible to set a path to a file in which the server will write its PID. This can be used later to kill the server. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>