summaryrefslogtreecommitdiff
path: root/regress/unittests
diff options
context:
space:
mode:
Diffstat (limited to 'regress/unittests')
-rw-r--r--regress/unittests/Makefile3
-rw-r--r--regress/unittests/Makefile.inc16
-rw-r--r--regress/unittests/authopt/testdata/all_permit.cert1
-rw-r--r--regress/unittests/authopt/testdata/bad_sourceaddr.cert1
-rw-r--r--regress/unittests/authopt/testdata/force_command.cert1
-rw-r--r--regress/unittests/authopt/testdata/host.cert1
-rw-r--r--regress/unittests/authopt/testdata/mktestdata.sh48
-rw-r--r--regress/unittests/authopt/testdata/no_agentfwd.cert1
-rw-r--r--regress/unittests/authopt/testdata/no_permit.cert1
-rw-r--r--regress/unittests/authopt/testdata/no_portfwd.cert1
-rw-r--r--regress/unittests/authopt/testdata/no_pty.cert1
-rw-r--r--regress/unittests/authopt/testdata/no_user_rc.cert1
-rw-r--r--regress/unittests/authopt/testdata/no_x11fwd.cert1
-rw-r--r--regress/unittests/authopt/testdata/only_agentfwd.cert1
-rw-r--r--regress/unittests/authopt/testdata/only_portfwd.cert1
-rw-r--r--regress/unittests/authopt/testdata/only_pty.cert1
-rw-r--r--regress/unittests/authopt/testdata/only_user_rc.cert1
-rw-r--r--regress/unittests/authopt/testdata/only_x11fwd.cert1
-rw-r--r--regress/unittests/authopt/testdata/sourceaddr.cert1
-rw-r--r--regress/unittests/authopt/testdata/unknown_critical.cert1
-rw-r--r--regress/unittests/authopt/tests.c573
-rw-r--r--regress/unittests/bitmap/Makefile6
-rw-r--r--regress/unittests/conversion/Makefile7
-rw-r--r--regress/unittests/hostkeys/Makefile15
-rw-r--r--regress/unittests/kex/Makefile19
-rw-r--r--regress/unittests/match/Makefile8
-rw-r--r--regress/unittests/sshbuf/Makefile12
-rw-r--r--regress/unittests/sshkey/Makefile15
-rw-r--r--regress/unittests/sshkey/test_fuzz.c6
-rw-r--r--regress/unittests/sshkey/test_sshkey.c8
-rw-r--r--regress/unittests/test_helper/test_helper.c14
-rw-r--r--regress/unittests/test_helper/test_helper.h4
-rw-r--r--regress/unittests/utf8/Makefile6
33 files changed, 745 insertions, 32 deletions
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index e975f6ca4..e464b085a 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,6 +1,7 @@
1# $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $ 1# $OpenBSD: Makefile,v 1.10 2018/03/03 03:16:17 djm Exp $
2 2
3REGRESS_FAIL_EARLY?= yes 3REGRESS_FAIL_EARLY?= yes
4SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion 4SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
5SUBDIR+=authopt
5 6
6.include <bsd.subdir.mk> 7.include <bsd.subdir.mk>
diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc
index 36d1ff42c..b509f4452 100644
--- a/regress/unittests/Makefile.inc
+++ b/regress/unittests/Makefile.inc
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile.inc,v 1.11 2017/04/30 23:33:48 djm Exp $ 1# $OpenBSD: Makefile.inc,v 1.12 2017/12/21 00:41:22 djm Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4.include <bsd.obj.mk> 4.include <bsd.obj.mk>
@@ -30,8 +30,8 @@ CDIAGFLAGS+= -Wswitch
30CDIAGFLAGS+= -Wtrigraphs 30CDIAGFLAGS+= -Wtrigraphs
31CDIAGFLAGS+= -Wuninitialized 31CDIAGFLAGS+= -Wuninitialized
32CDIAGFLAGS+= -Wunused 32CDIAGFLAGS+= -Wunused
33CDIAGFLAGS+= -Wno-unused-parameter
33.if ${COMPILER_VERSION:L} != "gcc3" 34.if ${COMPILER_VERSION:L} != "gcc3"
34CDIAGFLAGS+= -Wpointer-sign
35CDIAGFLAGS+= -Wold-style-definition 35CDIAGFLAGS+= -Wold-style-definition
36.endif 36.endif
37 37
@@ -47,17 +47,7 @@ LDADD+=-L${.CURDIR}/../test_helper -ltest_helper
47DPADD+=${.CURDIR}/../test_helper/libtest_helper.a 47DPADD+=${.CURDIR}/../test_helper/libtest_helper.a
48.endif 48.endif
49 49
50.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) 50.PATH: ${.CURDIR}/${SSHREL}
51LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh
52LIBSSH=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a
53.else
54LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh
55LIBSSH=${.CURDIR}/${SSHREL}/lib/libssh.a
56.endif
57DPADD+=${LIBSSH}
58${PROG}: ${LIBSSH}
59${LIBSSH}:
60 cd ${.CURDIR}/${SSHREL} && ${MAKE} lib
61 51
62LDADD+= -lcrypto 52LDADD+= -lcrypto
63DPADD+= ${LIBCRYPTO} 53DPADD+= ${LIBCRYPTO}
diff --git a/regress/unittests/authopt/testdata/all_permit.cert b/regress/unittests/authopt/testdata/all_permit.cert
new file mode 100644
index 000000000..38ac57318
--- /dev/null
+++ b/regress/unittests/authopt/testdata/all_permit.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOv/h7mJS1WkRHukSvqPwKDiNVrcib/VqBLpbHW6xjWCAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQNe1XDN+J4Eb82TH5J5sYypcabocufjTFRfpU57K+csRP41Yo1FCSEWx95ilUuNvK9Iv3yFDOeVPzdqRqzWoHwE= user key
diff --git a/regress/unittests/authopt/testdata/bad_sourceaddr.cert b/regress/unittests/authopt/testdata/bad_sourceaddr.cert
new file mode 100644
index 000000000..9732745ac
--- /dev/null
+++ b/regress/unittests/authopt/testdata/bad_sourceaddr.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILFEJyunlz9scYU3mwbOEJoSSkeO1z20uNBw13tEn+lJAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAHwAAAA5zb3VyY2UtYWRkcmVzcwAAAAkAAAAFeHh4eHgAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEA5xY/OEAJ3tgg8/KJqaBR5KMdYYRDiMJ6u4VKS9lQOV1HJQvDDvjj3F5k53BIqTJRVQx242YWs+B3C4db/uLgB user key
diff --git a/regress/unittests/authopt/testdata/force_command.cert b/regress/unittests/authopt/testdata/force_command.cert
new file mode 100644
index 000000000..f7af27e43
--- /dev/null
+++ b/regress/unittests/authopt/testdata/force_command.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJkpCeqaVl6qnp7qa90KehAmHFecx3HW8HZQ22KEqeKBAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAHAAAAA1mb3JjZS1jb21tYW5kAAAABwAAAANmb28AAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEAxbhjgbXvfEumRP1E7VH8nUfuJyVlDChhCxiPg9Nvb9PFK8cHdDUEybDCzKCsIDieRc3mtLTyEu7Kb52va/B4C user key
diff --git a/regress/unittests/authopt/testdata/host.cert b/regress/unittests/authopt/testdata/host.cert
new file mode 100644
index 000000000..6326d0453
--- /dev/null
+++ b/regress/unittests/authopt/testdata/host.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFWMw3ftP29RSefnxQwdvK1KiE2G9Y7rPRrJ7ZsrDiOeAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAACAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAKTMqwPkaBg23RS7/aj347dc2kY4bWt/sHwzREYSrKRqZ5RNBnSvZOQ8m5euMCEuf92bZ8VJEdF653jRiW6VoBA== user key
diff --git a/regress/unittests/authopt/testdata/mktestdata.sh b/regress/unittests/authopt/testdata/mktestdata.sh
new file mode 100644
index 000000000..06a24e390
--- /dev/null
+++ b/regress/unittests/authopt/testdata/mktestdata.sh
@@ -0,0 +1,48 @@
1#/bin/sh
2
3set -xe
4
5rm -f ca_key ca_key.pub
6rm -f user_key user_key.pub
7rm -f *.cert
8
9ssh-keygen -q -f ca_key -t ed25519 -C CA -N ''
10ssh-keygen -q -f user_key -t ed25519 -C "user key" -N ''
11
12sign() {
13 output=$1
14 shift
15 set -xe
16 ssh-keygen -q -s ca_key -I user -n user \
17 -V 19990101:19991231 -z 1 "$@" user_key.pub
18 mv user_key-cert.pub "$output"
19}
20
21sign all_permit.cert -Opermit-agent-forwarding -Opermit-port-forwarding \
22 -Opermit-pty -Opermit-user-rc -Opermit-X11-forwarding
23sign no_permit.cert -Oclear
24
25sign no_agentfwd.cert -Ono-agent-forwarding
26sign no_portfwd.cert -Ono-port-forwarding
27sign no_pty.cert -Ono-pty
28sign no_user_rc.cert -Ono-user-rc
29sign no_x11fwd.cert -Ono-X11-forwarding
30
31sign only_agentfwd.cert -Oclear -Opermit-agent-forwarding
32sign only_portfwd.cert -Oclear -Opermit-port-forwarding
33sign only_pty.cert -Oclear -Opermit-pty
34sign only_user_rc.cert -Oclear -Opermit-user-rc
35sign only_x11fwd.cert -Oclear -Opermit-X11-forwarding
36
37sign force_command.cert -Oforce-command="foo"
38sign sourceaddr.cert -Osource-address="127.0.0.1/32,::1/128"
39
40# ssh-keygen won't permit generation of certs with invalid source-address
41# values, so we do it as a custom extension.
42sign bad_sourceaddr.cert -Ocritical:source-address=xxxxx
43
44sign unknown_critical.cert -Ocritical:blah=foo
45
46sign host.cert -h
47
48rm -f user_key ca_key user_key.pub ca_key.pub
diff --git a/regress/unittests/authopt/testdata/no_agentfwd.cert b/regress/unittests/authopt/testdata/no_agentfwd.cert
new file mode 100644
index 000000000..bfa5c2e65
--- /dev/null
+++ b/regress/unittests/authopt/testdata/no_agentfwd.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIL2qEsLCVtKaBkbCrZicxbPUorcHHrQ8yw5h/26krTOlAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGMAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAdRhISpol01OwV30g39PM/JD1t35muskX4lyCcGpFQ08GQtBuHE/hABOp6apbGBJIC7CZYYF+uHkD7PfGU3NPAQ== user key
diff --git a/regress/unittests/authopt/testdata/no_permit.cert b/regress/unittests/authopt/testdata/no_permit.cert
new file mode 100644
index 000000000..351e138ae
--- /dev/null
+++ b/regress/unittests/authopt/testdata/no_permit.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGVQtVgp9sD4sc8esIhVWbZaM8d0NxpX3UbEVzTHm9feAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAIKlI0TqqraKjYTjIuKhwoxAV/XnzWRJHq8lNs4aj5yDb84un2xXDF/0vXoLjPgVcLgEbksBKKn0i4whp+xn9Ag== user key
diff --git a/regress/unittests/authopt/testdata/no_portfwd.cert b/regress/unittests/authopt/testdata/no_portfwd.cert
new file mode 100644
index 000000000..9457dc34e
--- /dev/null
+++ b/regress/unittests/authopt/testdata/no_portfwd.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIE6gC/QjjuzGWVDkr8ZyaHhja80V+lKLC/MvmEFa+CEBAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGQAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQEzpgckYlfc1BK1ir0reDSXo9OIDx4UoDMrNXrFO6I44NXoJJ4TlUUJH07WcKp/Xp5ESCdyVZtqwgHQxZr0+PwI= user key
diff --git a/regress/unittests/authopt/testdata/no_pty.cert b/regress/unittests/authopt/testdata/no_pty.cert
new file mode 100644
index 000000000..e8154ec7f
--- /dev/null
+++ b/regress/unittests/authopt/testdata/no_pty.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFFjhISpSDR3blDejuCf2T9Fe4aHW53jG7KOH2PV/E7jAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAHAAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQF5c4BdxVYgqbMGAep414IGFK4deCFBCeNUTOLpKodrfb1M0gS4d2qoeMxZvMv5yMf/viKl/gallHzEmcrEcIQY= user key
diff --git a/regress/unittests/authopt/testdata/no_user_rc.cert b/regress/unittests/authopt/testdata/no_user_rc.cert
new file mode 100644
index 000000000..6676a0cbd
--- /dev/null
+++ b/regress/unittests/authopt/testdata/no_user_rc.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIFUM0VLATkYh05QeS5uuhB1X50NMom3jTWeQUmrPQ1FwAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGwAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAcmJ3c2FCKJL9BCLv1Ij+uN1N+NWZmMXYionsSkv42Go4pMZiH3g8UfTd+OKq9Q7GAcCzGXa///6Dr/wqFssoDA== user key
diff --git a/regress/unittests/authopt/testdata/no_x11fwd.cert b/regress/unittests/authopt/testdata/no_x11fwd.cert
new file mode 100644
index 000000000..0aff9e6cf
--- /dev/null
+++ b/regress/unittests/authopt/testdata/no_x11fwd.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIPRKPAP+b5S+4zihdgoJrYNcMovFBgKZaJupIhN1kUvkAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAGUAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECMzj6VDfT+BJmIEo1qUKdr8VDLExF92K7KkbNxTH77n7uip7TL24HDfXjYBCvqxSSn9KAGBhnWsIC/GPx6A+cP user key
diff --git a/regress/unittests/authopt/testdata/only_agentfwd.cert b/regress/unittests/authopt/testdata/only_agentfwd.cert
new file mode 100644
index 000000000..3cf64b05c
--- /dev/null
+++ b/regress/unittests/authopt/testdata/only_agentfwd.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOvJ28yW5uvA7yxE3ySuyFvPjcRYKAr03CYr4okGTNIFAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB8AAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQEG2uTgmOSk9dJ0s/Ol1EIERXFP9PF6AauF9t5jBMSthNyvSANSrC/1EIaf4TV5kMYfhZxJXoS0XHQjGndcq2AE= user key
diff --git a/regress/unittests/authopt/testdata/only_portfwd.cert b/regress/unittests/authopt/testdata/only_portfwd.cert
new file mode 100644
index 000000000..bb09c3a63
--- /dev/null
+++ b/regress/unittests/authopt/testdata/only_portfwd.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGPoYoExiSyHMyDEvOFgoNZXk5z91u7xq/7357X23TotAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB4AAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABAHN3YnwipcbDKVn+PObGSoaT9rwlau+yrPYZ50oetvCKng3RMjGaV+roqlv0vjjLcxE9J4Y0ti+9MXtQ0D7beBA== user key
diff --git a/regress/unittests/authopt/testdata/only_pty.cert b/regress/unittests/authopt/testdata/only_pty.cert
new file mode 100644
index 000000000..520c89f3b
--- /dev/null
+++ b/regress/unittests/authopt/testdata/only_pty.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILvocWYto5Lg7P46YLbe7U4/b2h9Lr5rWqMZ4Cj4ra7RAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAABIAAAAKcGVybWl0LXB0eQAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAoVYLMLNBOH1SSgemFuDBprzpDXop6ufRSOo6vtD4mTwAAAFMAAAALc3NoLWVkMjU1MTkAAABASv2xQvp+Y6E8dCf5pzg3MZaan5bl1ToYXNcmQ3ysGrk9Djkcu8m3TytDpF471KmUejxy/iF4xjs9CDpk7h+SBQ== user key
diff --git a/regress/unittests/authopt/testdata/only_user_rc.cert b/regress/unittests/authopt/testdata/only_user_rc.cert
new file mode 100644
index 000000000..fb49c35f3
--- /dev/null
+++ b/regress/unittests/authopt/testdata/only_user_rc.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJwsRZQ7kx4A8AQ0q/G/3i6sHM48kr4TxJtTcyy3lZAPAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAABYAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgKFWCzCzQTh9UkoHphbgwaa86Q16Kern0UjqOr7Q+Jk8AAABTAAAAC3NzaC1lZDI1NTE5AAAAQDhgEXsvoHr21XrxmiZq/sIjWeYapp11XvEVkkTBPVhBnPwtrrUeJbPmGs3gmJkQdv8BYajYpT7TXEX8GvEeLwU= user key
diff --git a/regress/unittests/authopt/testdata/only_x11fwd.cert b/regress/unittests/authopt/testdata/only_x11fwd.cert
new file mode 100644
index 000000000..6715585a0
--- /dev/null
+++ b/regress/unittests/authopt/testdata/only_x11fwd.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIDAhZFZBl3eu8Qa8I5BaHCz/mpH8xCjaPusBwo1eJ9OGAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAAAAAAB0AAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDysfgbhniX/zdA8576rrDJpaO2D7QtQse2KWIM9XmREPkLKeP6FKiXKKFcPQiMyV28rptfvK8bBXAiOvITSUgL user key
diff --git a/regress/unittests/authopt/testdata/sourceaddr.cert b/regress/unittests/authopt/testdata/sourceaddr.cert
new file mode 100644
index 000000000..0fcf7b182
--- /dev/null
+++ b/regress/unittests/authopt/testdata/sourceaddr.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJ54qqoPs87gtjN1aJoLUn7ZTYUtcaGxkzLyJvRkYG7nAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAALgAAAA5zb3VyY2UtYWRkcmVzcwAAABgAAAAUMTI3LjAuMC4xLzMyLDo6MS8xMjgAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEAppSUKQ/a9tw/HgIazWceCO3d48GU7mkV4iQMpWWs2nB1dFryY1GDtZrBggAjMviwmBXyM3jIk5vxJDINZXGQJ user key
diff --git a/regress/unittests/authopt/testdata/unknown_critical.cert b/regress/unittests/authopt/testdata/unknown_critical.cert
new file mode 100644
index 000000000..216960ab3
--- /dev/null
+++ b/regress/unittests/authopt/testdata/unknown_critical.cert
@@ -0,0 +1 @@
ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIIjs/wRAB/p5QShSfqoU9cWnCLT3lSveUirk61A27KxVAAAAICeF4LbtRqwIRhewXifa5PKpbSU9P/K8CzeVYj8J/iBoAAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANouDYAAAAAA4a2VgAAAAEwAAAARibGFoAAAABwAAAANmb28AAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIChVgsws0E4fVJKB6YW4MGmvOkNeinq59FI6jq+0PiZPAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEDix3FV7JIBuHNAwtZOVIqGBq8lqhnEwP51DqPA43qt+Tzynm56EWxuFzgGehBPF3L8gl+fVqxIJmiQ9iHB0LUD user key
diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c
new file mode 100644
index 000000000..0e8aacb91
--- /dev/null
+++ b/regress/unittests/authopt/tests.c
@@ -0,0 +1,573 @@
1/* $OpenBSD: tests.c,v 1.1 2018/03/03 03:16:17 djm Exp $ */
2
3/*
4 * Regress test for keys options functions.
5 *
6 * Placed in the public domain
7 */
8
9#include <sys/types.h>
10#include <sys/param.h>
11#include <stdio.h>
12#include <stdint.h>
13#include <stdlib.h>
14#include <string.h>
15
16#include "test_helper.h"
17
18#include "sshkey.h"
19#include "authfile.h"
20#include "auth-options.h"
21#include "misc.h"
22#include "log.h"
23
24static struct sshkey *
25load_key(const char *name)
26{
27 struct sshkey *ret;
28 int r;
29
30 r = sshkey_load_public(test_data_file(name), &ret, NULL);
31 ASSERT_INT_EQ(r, 0);
32 ASSERT_PTR_NE(ret, NULL);
33 return ret;
34}
35
36static struct sshauthopt *
37default_authkey_opts(void)
38{
39 struct sshauthopt *ret = sshauthopt_new();
40
41 ASSERT_PTR_NE(ret, NULL);
42 ret->permit_port_forwarding_flag = 1;
43 ret->permit_agent_forwarding_flag = 1;
44 ret->permit_x11_forwarding_flag = 1;
45 ret->permit_pty_flag = 1;
46 ret->permit_user_rc = 1;
47 return ret;
48}
49
50static struct sshauthopt *
51default_authkey_restrict_opts(void)
52{
53 struct sshauthopt *ret = sshauthopt_new();
54
55 ASSERT_PTR_NE(ret, NULL);
56 ret->permit_port_forwarding_flag = 0;
57 ret->permit_agent_forwarding_flag = 0;
58 ret->permit_x11_forwarding_flag = 0;
59 ret->permit_pty_flag = 0;
60 ret->permit_user_rc = 0;
61 ret->restricted = 1;
62 return ret;
63}
64
65static char **
66commasplit(const char *s, size_t *np)
67{
68 char *ocp, *cp, *cp2, **ret = NULL;
69 size_t n;
70
71 ocp = cp = strdup(s);
72 ASSERT_PTR_NE(cp, NULL);
73 for (n = 0; (cp2 = strsep(&cp, ",")) != NULL;) {
74 ret = recallocarray(ret, n, n + 1, sizeof(*ret));
75 ASSERT_PTR_NE(ret, NULL);
76 cp2 = strdup(cp2);
77 ASSERT_PTR_NE(cp2, NULL);
78 ret[n++] = cp2;
79 }
80 free(ocp);
81 *np = n;
82 return ret;
83}
84
85static void
86compare_opts(const struct sshauthopt *opts,
87 const struct sshauthopt *expected)
88{
89 size_t i;
90
91 ASSERT_PTR_NE(opts, NULL);
92 ASSERT_PTR_NE(expected, NULL);
93 ASSERT_PTR_NE(expected, opts); /* bozo :) */
94
95#define FLAG_EQ(x) ASSERT_INT_EQ(opts->x, expected->x)
96 FLAG_EQ(permit_port_forwarding_flag);
97 FLAG_EQ(permit_agent_forwarding_flag);
98 FLAG_EQ(permit_x11_forwarding_flag);
99 FLAG_EQ(permit_pty_flag);
100 FLAG_EQ(permit_user_rc);
101 FLAG_EQ(restricted);
102 FLAG_EQ(cert_authority);
103#undef FLAG_EQ
104
105#define STR_EQ(x) \
106 do { \
107 if (expected->x == NULL) \
108 ASSERT_PTR_EQ(opts->x, expected->x); \
109 else \
110 ASSERT_STRING_EQ(opts->x, expected->x); \
111 } while (0)
112 STR_EQ(cert_principals);
113 STR_EQ(force_command);
114 STR_EQ(required_from_host_cert);
115 STR_EQ(required_from_host_keys);
116#undef STR_EQ
117
118#define ARRAY_EQ(nx, x) \
119 do { \
120 ASSERT_SIZE_T_EQ(opts->nx, expected->nx); \
121 if (expected->nx == 0) \
122 break; \
123 for (i = 0; i < expected->nx; i++) \
124 ASSERT_STRING_EQ(opts->x[i], expected->x[i]); \
125 } while (0)
126 ARRAY_EQ(nenv, env);
127 ARRAY_EQ(npermitopen, permitopen);
128#undef ARRAY_EQ
129}
130
131static void
132test_authkeys_parse(void)
133{
134 struct sshauthopt *opts, *expected;
135 const char *errstr;
136
137#define FAIL_TEST(label, keywords) \
138 do { \
139 TEST_START("sshauthopt_parse invalid " label); \
140 opts = sshauthopt_parse(keywords, &errstr); \
141 ASSERT_PTR_EQ(opts, NULL); \
142 ASSERT_PTR_NE(errstr, NULL); \
143 TEST_DONE(); \
144 } while (0)
145#define CHECK_SUCCESS_AND_CLEANUP() \
146 do { \
147 if (errstr != NULL) \
148 ASSERT_STRING_EQ(errstr, ""); \
149 compare_opts(opts, expected); \
150 sshauthopt_free(expected); \
151 sshauthopt_free(opts); \
152 } while (0)
153
154 /* Basic tests */
155 TEST_START("sshauthopt_parse empty");
156 expected = default_authkey_opts();
157 opts = sshauthopt_parse("", &errstr);
158 CHECK_SUCCESS_AND_CLEANUP();
159 TEST_DONE();
160
161 TEST_START("sshauthopt_parse trailing whitespace");
162 expected = default_authkey_opts();
163 opts = sshauthopt_parse(" ", &errstr);
164 CHECK_SUCCESS_AND_CLEANUP();
165 TEST_DONE();
166
167 TEST_START("sshauthopt_parse restrict");
168 expected = default_authkey_restrict_opts();
169 opts = sshauthopt_parse("restrict", &errstr);
170 CHECK_SUCCESS_AND_CLEANUP();
171 TEST_DONE();
172
173 /* Invalid syntax */
174 FAIL_TEST("trailing comma", "restrict,");
175 FAIL_TEST("bare comma", ",");
176 FAIL_TEST("unknown option", "BLAH");
177 FAIL_TEST("unknown option with trailing comma", "BLAH,");
178 FAIL_TEST("unknown option with trailing whitespace", "BLAH ");
179
180 /* force_tun_device */
181 TEST_START("sshauthopt_parse tunnel explicit");
182 expected = default_authkey_opts();
183 expected->force_tun_device = 1;
184 opts = sshauthopt_parse("tunnel=\"1\"", &errstr);
185 CHECK_SUCCESS_AND_CLEANUP();
186 TEST_DONE();
187
188 TEST_START("sshauthopt_parse tunnel any");
189 expected = default_authkey_opts();
190 expected->force_tun_device = SSH_TUNID_ANY;
191 opts = sshauthopt_parse("tunnel=\"any\"", &errstr);
192 CHECK_SUCCESS_AND_CLEANUP();
193 TEST_DONE();
194
195 FAIL_TEST("tunnel", "tunnel=\"blah\"");
196
197 /* Flag options */
198#define FLAG_TEST(keyword, var, val) \
199 do { \
200 TEST_START("sshauthopt_parse " keyword); \
201 expected = default_authkey_opts(); \
202 expected->var = val; \
203 opts = sshauthopt_parse(keyword, &errstr); \
204 CHECK_SUCCESS_AND_CLEANUP(); \
205 expected = default_authkey_restrict_opts(); \
206 expected->var = val; \
207 opts = sshauthopt_parse("restrict,"keyword, &errstr); \
208 CHECK_SUCCESS_AND_CLEANUP(); \
209 TEST_DONE(); \
210 } while (0)
211 /* Positive flags */
212 FLAG_TEST("cert-authority", cert_authority, 1);
213 FLAG_TEST("port-forwarding", permit_port_forwarding_flag, 1);
214 FLAG_TEST("agent-forwarding", permit_agent_forwarding_flag, 1);
215 FLAG_TEST("x11-forwarding", permit_x11_forwarding_flag, 1);
216 FLAG_TEST("pty", permit_pty_flag, 1);
217 FLAG_TEST("user-rc", permit_user_rc, 1);
218 /* Negative flags */
219 FLAG_TEST("no-port-forwarding", permit_port_forwarding_flag, 0);
220 FLAG_TEST("no-agent-forwarding", permit_agent_forwarding_flag, 0);
221 FLAG_TEST("no-x11-forwarding", permit_x11_forwarding_flag, 0);
222 FLAG_TEST("no-pty", permit_pty_flag, 0);
223 FLAG_TEST("no-user-rc", permit_user_rc, 0);
224#undef FLAG_TEST
225 FAIL_TEST("no-cert-authority", "no-cert-authority");
226
227 /* String options */
228#define STRING_TEST(keyword, var, val) \
229 do { \
230 TEST_START("sshauthopt_parse " keyword); \
231 expected = default_authkey_opts(); \
232 expected->var = strdup(val); \
233 ASSERT_PTR_NE(expected->var, NULL); \
234 opts = sshauthopt_parse(keyword "=" #val, &errstr); \
235 CHECK_SUCCESS_AND_CLEANUP(); \
236 expected = default_authkey_restrict_opts(); \
237 expected->var = strdup(val); \
238 ASSERT_PTR_NE(expected->var, NULL); \
239 opts = sshauthopt_parse( \
240 "restrict," keyword "=" #val ",restrict", &errstr); \
241 CHECK_SUCCESS_AND_CLEANUP(); \
242 TEST_DONE(); \
243 } while (0)
244 STRING_TEST("command", force_command, "/bin/true");
245 STRING_TEST("principals", cert_principals, "gregor,josef,K");
246 STRING_TEST("from", required_from_host_keys, "127.0.0.0/8");
247#undef STRING_TEST
248 FAIL_TEST("unquoted command", "command=oops");
249 FAIL_TEST("unquoted principals", "principals=estragon");
250 FAIL_TEST("unquoted from", "from=127.0.0.1");
251
252 /* String array option tests */
253#define ARRAY_TEST(label, keywords, var, nvar, val) \
254 do { \
255 TEST_START("sshauthopt_parse " label); \
256 expected = default_authkey_opts(); \
257 expected->var = commasplit(val, &expected->nvar); \
258 ASSERT_PTR_NE(expected->var, NULL); \
259 opts = sshauthopt_parse(keywords, &errstr); \
260 CHECK_SUCCESS_AND_CLEANUP(); \
261 expected = default_authkey_restrict_opts(); \
262 expected->var = commasplit(val, &expected->nvar); \
263 ASSERT_PTR_NE(expected->var, NULL); \
264 opts = sshauthopt_parse( \
265 "restrict," keywords ",restrict", &errstr); \
266 CHECK_SUCCESS_AND_CLEANUP(); \
267 TEST_DONE(); \
268 } while (0)
269 ARRAY_TEST("environment", "environment=\"foo=1\",environment=\"bar=2\"",
270 env, nenv, "foo=1,bar=2");
271 ARRAY_TEST("permitopen", "permitopen=\"foo:123\",permitopen=\"bar:*\"",
272 permitopen, npermitopen, "foo:123,bar:*");
273#undef ARRAY_TEST
274 FAIL_TEST("environment", "environment=\",=bah\"");
275 FAIL_TEST("permitopen port", "foo:bar");
276 FAIL_TEST("permitopen missing port", "foo:");
277 FAIL_TEST("permitopen missing port specification", "foo");
278 FAIL_TEST("permitopen invalid host", "[:");
279
280#undef CHECK_SUCCESS_AND_CLEANUP
281#undef FAIL_TEST
282}
283
284static void
285test_cert_parse(void)
286{
287 struct sshkey *cert;
288 struct sshauthopt *opts, *expected;
289
290#define CHECK_SUCCESS_AND_CLEANUP() \
291 do { \
292 compare_opts(opts, expected); \
293 sshauthopt_free(expected); \
294 sshauthopt_free(opts); \
295 sshkey_free(cert); \
296 } while (0)
297#define FLAG_TEST(keybase, var) \
298 do { \
299 TEST_START("sshauthopt_from_cert no_" keybase); \
300 cert = load_key("no_" keybase ".cert"); \
301 expected = default_authkey_opts(); \
302 expected->var = 0; \
303 opts = sshauthopt_from_cert(cert); \
304 CHECK_SUCCESS_AND_CLEANUP(); \
305 TEST_DONE(); \
306 TEST_START("sshauthopt_from_cert only_" keybase); \
307 cert = load_key("only_" keybase ".cert"); \
308 expected = sshauthopt_new(); \
309 ASSERT_PTR_NE(expected, NULL); \
310 expected->var = 1; \
311 opts = sshauthopt_from_cert(cert); \
312 CHECK_SUCCESS_AND_CLEANUP(); \
313 TEST_DONE(); \
314 } while (0)
315 FLAG_TEST("agentfwd", permit_agent_forwarding_flag);
316 FLAG_TEST("portfwd", permit_port_forwarding_flag);
317 FLAG_TEST("pty", permit_pty_flag);
318 FLAG_TEST("user_rc", permit_user_rc);
319 FLAG_TEST("x11fwd", permit_x11_forwarding_flag);
320#undef FLAG_TEST
321
322 TEST_START("sshauthopt_from_cert all permitted");
323 cert = load_key("all_permit.cert");
324 expected = default_authkey_opts();
325 opts = sshauthopt_from_cert(cert);
326 CHECK_SUCCESS_AND_CLEANUP();
327 TEST_DONE();
328
329 TEST_START("sshauthopt_from_cert nothing permitted");
330 cert = load_key("no_permit.cert");
331 expected = sshauthopt_new();
332 ASSERT_PTR_NE(expected, NULL);
333 opts = sshauthopt_from_cert(cert);
334 CHECK_SUCCESS_AND_CLEANUP();
335 TEST_DONE();
336
337 TEST_START("sshauthopt_from_cert force-command");
338 cert = load_key("force_command.cert");
339 expected = default_authkey_opts();
340 expected->force_command = strdup("foo");
341 ASSERT_PTR_NE(expected->force_command, NULL);
342 opts = sshauthopt_from_cert(cert);
343 CHECK_SUCCESS_AND_CLEANUP();
344 TEST_DONE();
345
346 TEST_START("sshauthopt_from_cert source-address");
347 cert = load_key("sourceaddr.cert");
348 expected = default_authkey_opts();
349 expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
350 ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
351 opts = sshauthopt_from_cert(cert);
352 CHECK_SUCCESS_AND_CLEANUP();
353 TEST_DONE();
354#undef CHECK_SUCCESS_AND_CLEANUP
355
356#define FAIL_TEST(keybase) \
357 do { \
358 TEST_START("sshauthopt_from_cert " keybase); \
359 cert = load_key(keybase ".cert"); \
360 opts = sshauthopt_from_cert(cert); \
361 ASSERT_PTR_EQ(opts, NULL); \
362 sshkey_free(cert); \
363 TEST_DONE(); \
364 } while (0)
365 FAIL_TEST("host");
366 FAIL_TEST("bad_sourceaddr");
367 FAIL_TEST("unknown_critical");
368#undef FAIL_TEST
369}
370
371static void
372test_merge(void)
373{
374 struct sshkey *cert;
375 struct sshauthopt *key_opts, *cert_opts, *merge_opts, *expected;
376 const char *errstr;
377
378 /*
379 * Prepare for a test by making some key and cert options and
380 * attempting to merge them.
381 */
382#define PREPARE(label, keyname, keywords) \
383 do { \
384 expected = NULL; \
385 TEST_START("sshauthopt_merge " label); \
386 cert = load_key(keyname ".cert"); \
387 cert_opts = sshauthopt_from_cert(cert); \
388 ASSERT_PTR_NE(cert_opts, NULL); \
389 key_opts = sshauthopt_parse(keywords, &errstr); \
390 if (errstr != NULL) \
391 ASSERT_STRING_EQ(errstr, ""); \
392 ASSERT_PTR_NE(key_opts, NULL); \
393 merge_opts = sshauthopt_merge(key_opts, \
394 cert_opts, &errstr); \
395 } while (0)
396
397 /* Cleanup stuff allocated by PREPARE() */
398#define CLEANUP() \
399 do { \
400 sshauthopt_free(expected); \
401 sshauthopt_free(merge_opts); \
402 sshauthopt_free(key_opts); \
403 sshauthopt_free(cert_opts); \
404 sshkey_free(cert); \
405 } while (0)
406
407 /* Check the results of PREPARE() against expectation; calls CLEANUP */
408#define CHECK_SUCCESS_AND_CLEANUP() \
409 do { \
410 if (errstr != NULL) \
411 ASSERT_STRING_EQ(errstr, ""); \
412 compare_opts(merge_opts, expected); \
413 CLEANUP(); \
414 } while (0)
415
416 /* Check a single case of merging of flag options */
417#define FLAG_CASE(keybase, label, keyname, keywords, mostly_off, var, val) \
418 do { \
419 PREPARE(keybase " " label, keyname, keywords); \
420 expected = mostly_off ? \
421 sshauthopt_new() : default_authkey_opts(); \
422 expected->var = val; \
423 ASSERT_PTR_NE(expected, NULL); \
424 CHECK_SUCCESS_AND_CLEANUP(); \
425 TEST_DONE(); \
426 } while (0)
427
428 /*
429 * Fairly exhaustive exercise of a flag option. Tests
430 * option both set and clear in certificate, set and clear in
431 * authorized_keys and set and cleared via restrict keyword.
432 */
433#define FLAG_TEST(keybase, keyword, var) \
434 do { \
435 FLAG_CASE(keybase, "keys:default,yes cert:default,no", \
436 "no_" keybase, keyword, 0, var, 0); \
437 FLAG_CASE(keybase,"keys:-*,yes cert:default,no", \
438 "no_" keybase, "restrict," keyword, 1, var, 0); \
439 FLAG_CASE(keybase, "keys:default,no cert:default,no", \
440 "no_" keybase, "no-" keyword, 0, var, 0); \
441 FLAG_CASE(keybase, "keys:-*,no cert:default,no", \
442 "no_" keybase, "restrict,no-" keyword, 1, var, 0); \
443 \
444 FLAG_CASE(keybase, "keys:default,yes cert:-*,yes", \
445 "only_" keybase, keyword, 1, var, 1); \
446 FLAG_CASE(keybase,"keys:-*,yes cert:-*,yes", \
447 "only_" keybase, "restrict," keyword, 1, var, 1); \
448 FLAG_CASE(keybase, "keys:default,no cert:-*,yes", \
449 "only_" keybase, "no-" keyword, 1, var, 0); \
450 FLAG_CASE(keybase, "keys:-*,no cert:-*,yes", \
451 "only_" keybase, "restrict,no-" keyword, 1, var, 0); \
452 \
453 FLAG_CASE(keybase, "keys:default,yes cert:-*", \
454 "no_permit", keyword, 1, var, 0); \
455 FLAG_CASE(keybase,"keys:-*,yes cert:-*", \
456 "no_permit", "restrict," keyword, 1, var, 0); \
457 FLAG_CASE(keybase, "keys:default,no cert:-*", \
458 "no_permit", "no-" keyword, 1, var, 0); \
459 FLAG_CASE(keybase, "keys:-*,no cert:-*", \
460 "no_permit", "restrict,no-" keyword, 1, var, 0); \
461 \
462 FLAG_CASE(keybase, "keys:default,yes cert:*", \
463 "all_permit", keyword, 0, var, 1); \
464 FLAG_CASE(keybase,"keys:-*,yes cert:*", \
465 "all_permit", "restrict," keyword, 1, var, 1); \
466 FLAG_CASE(keybase, "keys:default,no cert:*", \
467 "all_permit", "no-" keyword, 0, var, 0); \
468 FLAG_CASE(keybase, "keys:-*,no cert:*", \
469 "all_permit", "restrict,no-" keyword, 1, var, 0); \
470 \
471 } while (0)
472 FLAG_TEST("portfwd", "port-forwarding", permit_port_forwarding_flag);
473 FLAG_TEST("agentfwd", "agent-forwarding", permit_agent_forwarding_flag);
474 FLAG_TEST("pty", "pty", permit_pty_flag);
475 FLAG_TEST("user_rc", "user-rc", permit_user_rc);
476 FLAG_TEST("x11fwd", "x11-forwarding", permit_x11_forwarding_flag);
477#undef FLAG_TEST
478
479 PREPARE("source-address both", "sourceaddr", "from=\"127.0.0.1\"");
480 expected = default_authkey_opts();
481 expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
482 ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
483 expected->required_from_host_keys = strdup("127.0.0.1");
484 ASSERT_PTR_NE(expected->required_from_host_keys, NULL);
485 CHECK_SUCCESS_AND_CLEANUP();
486 TEST_DONE();
487
488 PREPARE("source-address none", "all_permit", "");
489 expected = default_authkey_opts();
490 CHECK_SUCCESS_AND_CLEANUP();
491 TEST_DONE();
492
493 PREPARE("source-address keys", "all_permit", "from=\"127.0.0.1\"");
494 expected = default_authkey_opts();
495 expected->required_from_host_keys = strdup("127.0.0.1");
496 ASSERT_PTR_NE(expected->required_from_host_keys, NULL);
497 CHECK_SUCCESS_AND_CLEANUP();
498 TEST_DONE();
499
500 PREPARE("source-address cert", "sourceaddr", "");
501 expected = default_authkey_opts();
502 expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
503 ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
504 CHECK_SUCCESS_AND_CLEANUP();
505 TEST_DONE();
506
507 PREPARE("force-command both", "force_command", "command=\"foo\"");
508 expected = default_authkey_opts();
509 expected->force_command = strdup("foo");
510 ASSERT_PTR_NE(expected->force_command, NULL);
511 CHECK_SUCCESS_AND_CLEANUP();
512 TEST_DONE();
513
514 PREPARE("force-command none", "all_permit", "");
515 expected = default_authkey_opts();
516 CHECK_SUCCESS_AND_CLEANUP();
517 TEST_DONE();
518
519 PREPARE("force-command keys", "all_permit", "command=\"bar\"");
520 expected = default_authkey_opts();
521 expected->force_command = strdup("bar");
522 ASSERT_PTR_NE(expected->force_command, NULL);
523 CHECK_SUCCESS_AND_CLEANUP();
524 TEST_DONE();
525
526 PREPARE("force-command cert", "force_command", "");
527 expected = default_authkey_opts();
528 expected->force_command = strdup("foo");
529 ASSERT_PTR_NE(expected->force_command, NULL);
530 CHECK_SUCCESS_AND_CLEANUP();
531 TEST_DONE();
532
533 PREPARE("force-command mismatch", "force_command", "command=\"bar\"");
534 ASSERT_PTR_EQ(merge_opts, NULL);
535 CLEANUP();
536 TEST_DONE();
537
538 PREPARE("tunnel", "all_permit", "tunnel=\"6\"");
539 expected = default_authkey_opts();
540 expected->force_tun_device = 6;
541 CHECK_SUCCESS_AND_CLEANUP();
542 TEST_DONE();
543
544 PREPARE("permitopen", "all_permit",
545 "permitopen=\"127.0.0.1:*\",permitopen=\"127.0.0.1:123\"");
546 expected = default_authkey_opts();
547 expected->permitopen = commasplit("127.0.0.1:*,127.0.0.1:123",
548 &expected->npermitopen);
549 CHECK_SUCCESS_AND_CLEANUP();
550 TEST_DONE();
551
552 PREPARE("environment", "all_permit",
553 "environment=\"foo=a\",environment=\"bar=b\"");
554 expected = default_authkey_opts();
555 expected->env = commasplit("foo=a,bar=b", &expected->nenv);
556 CHECK_SUCCESS_AND_CLEANUP();
557 TEST_DONE();
558}
559
560void
561tests(void)
562{
563 extern char *__progname;
564 LogLevel ll = test_is_verbose() ?
565 SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_QUIET;
566
567 /* test_cert_parse() are a bit spammy to error() by default... */
568 log_init(__progname, ll, SYSLOG_FACILITY_USER, 1);
569
570 test_authkeys_parse();
571 test_cert_parse();
572 test_merge();
573}
diff --git a/regress/unittests/bitmap/Makefile b/regress/unittests/bitmap/Makefile
index bd21949f8..fe30acc77 100644
--- a/regress/unittests/bitmap/Makefile
+++ b/regress/unittests/bitmap/Makefile
@@ -1,7 +1,11 @@
1# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.4 2017/12/21 00:41:22 djm Exp $
2 2
3PROG=test_bitmap 3PROG=test_bitmap
4SRCS=tests.c 4SRCS=tests.c
5
6# From usr.sbin/ssh
7SRCS+=bitmap.c atomicio.c
8
5REGRESS_TARGETS=run-regress-${PROG} 9REGRESS_TARGETS=run-regress-${PROG}
6 10
7run-regress-${PROG}: ${PROG} 11run-regress-${PROG}: ${PROG}
diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile
index cde97dc28..8b2a09cc3 100644
--- a/regress/unittests/conversion/Makefile
+++ b/regress/unittests/conversion/Makefile
@@ -1,7 +1,12 @@
1# $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $ 1# $OpenBSD: Makefile,v 1.2 2017/12/21 00:41:22 djm Exp $
2 2
3PROG=test_conversion 3PROG=test_conversion
4SRCS=tests.c 4SRCS=tests.c
5
6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c misc.c xmalloc.c log.c uidswap.c cleanup.c fatal.c ssherr.c
9
5REGRESS_TARGETS=run-regress-${PROG} 10REGRESS_TARGETS=run-regress-${PROG}
6 11
7run-regress-${PROG}: ${PROG} 12run-regress-${PROG}: ${PROG}
diff --git a/regress/unittests/hostkeys/Makefile b/regress/unittests/hostkeys/Makefile
index ae3c342bd..336885122 100644
--- a/regress/unittests/hostkeys/Makefile
+++ b/regress/unittests/hostkeys/Makefile
@@ -1,7 +1,20 @@
1# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.4 2017/12/21 00:41:22 djm Exp $
2 2
3PROG=test_hostkeys 3PROG=test_hostkeys
4SRCS=tests.c test_iterate.c 4SRCS=tests.c test_iterate.c
5
6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c
9SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
11SRCS+=addrmatch.c bitmap.c hostfile.c
12SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
13SRCS+=cipher-chachapoly.c chacha.c poly1305.c
14
15SRCS+=digest-openssl.c
16#SRCS+=digest-libc.c
17
5REGRESS_TARGETS=run-regress-${PROG} 18REGRESS_TARGETS=run-regress-${PROG}
6 19
7run-regress-${PROG}: ${PROG} 20run-regress-${PROG}: ${PROG}
diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile
index 7ed312675..5c61307a3 100644
--- a/regress/unittests/kex/Makefile
+++ b/regress/unittests/kex/Makefile
@@ -1,7 +1,24 @@
1# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $
2 2
3PROG=test_kex 3PROG=test_kex
4SRCS=tests.c test_kex.c 4SRCS=tests.c test_kex.c
5
6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c
9SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
11SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
12SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c
13SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c
14SRCS+=dh.c compat.c
15SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
16SRCS+=cipher-chachapoly.c chacha.c poly1305.c
17SRCS+=smult_curve25519_ref.c
18
19SRCS+=digest-openssl.c
20#SRCS+=digest-libc.c
21
5REGRESS_TARGETS=run-regress-${PROG} 22REGRESS_TARGETS=run-regress-${PROG}
6 23
7run-regress-${PROG}: ${PROG} 24run-regress-${PROG}: ${PROG}
diff --git a/regress/unittests/match/Makefile b/regress/unittests/match/Makefile
index bd4aed844..87e75826a 100644
--- a/regress/unittests/match/Makefile
+++ b/regress/unittests/match/Makefile
@@ -1,7 +1,13 @@
1# $OpenBSD: Makefile,v 1.3 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.4 2017/12/21 03:01:49 djm Exp $
2 2
3PROG=test_match 3PROG=test_match
4SRCS=tests.c 4SRCS=tests.c
5
6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=match.c misc.c log.c uidswap.c fatal.c ssherr.c addrmatch.c xmalloc.c
9SRCS+=cleanup.c atomicio.c
10
5REGRESS_TARGETS=run-regress-${PROG} 11REGRESS_TARGETS=run-regress-${PROG}
6 12
7run-regress-${PROG}: ${PROG} 13run-regress-${PROG}: ${PROG}
diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile
index 69b27566b..81d4f27a6 100644
--- a/regress/unittests/sshbuf/Makefile
+++ b/regress/unittests/sshbuf/Makefile
@@ -1,4 +1,6 @@
1# $OpenBSD: Makefile,v 1.5 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.6 2017/12/21 00:41:22 djm Exp $
2
3.include <bsd.regress.mk>
2 4
3PROG=test_sshbuf 5PROG=test_sshbuf
4SRCS=tests.c 6SRCS=tests.c
@@ -10,5 +12,11 @@ SRCS+=test_sshbuf_fuzz.c
10SRCS+=test_sshbuf_getput_fuzz.c 12SRCS+=test_sshbuf_getput_fuzz.c
11SRCS+=test_sshbuf_fixed.c 13SRCS+=test_sshbuf_fixed.c
12 14
13.include <bsd.regress.mk> 15# From usr.bin/ssh
16SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
17SRCS+=atomicio.c
18
19run-regress-${PROG}: ${PROG}
20 env ${TEST_ENV} ./${PROG}
21
14 22
diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile
index cfbfcf8f1..1c940bec6 100644
--- a/regress/unittests/sshkey/Makefile
+++ b/regress/unittests/sshkey/Makefile
@@ -1,7 +1,20 @@
1# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $
2 2
3PROG=test_sshkey 3PROG=test_sshkey
4SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c 4SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c
5
6# From usr.bin/ssh
7SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
8SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c
9SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
10SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
11SRCS+=addrmatch.c bitmap.c
12SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
13SRCS+=cipher-chachapoly.c chacha.c poly1305.c
14
15SRCS+=digest-openssl.c
16#SRCS+=digest-libc.c
17
5REGRESS_TARGETS=run-regress-${PROG} 18REGRESS_TARGETS=run-regress-${PROG}
6 19
7run-regress-${PROG}: ${PROG} 20run-regress-${PROG}: ${PROG}
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index 6706045d5..d3b0c92b4 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_fuzz.c,v 1.7 2017/04/30 23:33:48 djm Exp $ */ 1/* $OpenBSD: test_fuzz.c,v 1.8 2017/12/21 00:41:22 djm Exp $ */
2/* 2/*
3 * Fuzz tests for key parsing 3 * Fuzz tests for key parsing
4 * 4 *
@@ -83,7 +83,7 @@ sig_fuzz(struct sshkey *k, const char *sig_alg)
83 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ 83 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */
84 FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | 84 FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
85 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l); 85 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l);
86 ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), 0), 0); 86 ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0);
87 free(sig); 87 free(sig);
88 TEST_ONERROR(onerror, fuzz); 88 TEST_ONERROR(onerror, fuzz);
89 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { 89 for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
@@ -91,7 +91,7 @@ sig_fuzz(struct sshkey *k, const char *sig_alg)
91 if (fuzz_matches_original(fuzz)) 91 if (fuzz_matches_original(fuzz))
92 continue; 92 continue;
93 ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz), 93 ASSERT_INT_NE(sshkey_verify(k, fuzz_ptr(fuzz), fuzz_len(fuzz),
94 c, sizeof(c), 0), 0); 94 c, sizeof(c), NULL, 0), 0);
95 } 95 }
96 fuzz_cleanup(fuzz); 96 fuzz_cleanup(fuzz);
97} 97}
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 0a73322a3..1aa608f92 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_sshkey.c,v 1.12 2017/05/08 06:08:42 djm Exp $ */ 1/* $OpenBSD: test_sshkey.c,v 1.13 2017/12/21 00:41:22 djm Exp $ */
2/* 2/*
3 * Regress test for sshkey.h key management API 3 * Regress test for sshkey.h key management API
4 * 4 *
@@ -121,11 +121,11 @@ signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg,
121 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); 121 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0);
122 ASSERT_SIZE_T_GT(len, 8); 122 ASSERT_SIZE_T_GT(len, 8);
123 ASSERT_PTR_NE(sig, NULL); 123 ASSERT_PTR_NE(sig, NULL);
124 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); 124 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0), 0);
125 ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, 0), 0); 125 ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0), 0);
126 /* Fuzz test is more comprehensive, this is just a smoke test */ 126 /* Fuzz test is more comprehensive, this is just a smoke test */
127 sig[len - 5] ^= 0x10; 127 sig[len - 5] ^= 0x10;
128 ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, 0), 0); 128 ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0), 0);
129 free(sig); 129 free(sig);
130} 130}
131 131
diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
index f855137fb..866f3495d 100644
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ 1/* $OpenBSD: test_helper.c,v 1.8 2018/02/08 08:46:20 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -166,6 +166,18 @@ main(int argc, char **argv)
166 return 0; 166 return 0;
167} 167}
168 168
169int
170test_is_verbose()
171{
172 return verbose_mode;
173}
174
175int
176test_is_quiet()
177{
178 return quiet_mode;
179}
180
169const char * 181const char *
170test_data_file(const char *name) 182test_data_file(const char *name)
171{ 183{
diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h
index 615b7832b..6da0066e9 100644
--- a/regress/unittests/test_helper/test_helper.h
+++ b/regress/unittests/test_helper/test_helper.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */ 1/* $OpenBSD: test_helper.h,v 1.8 2018/02/08 08:46:20 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -43,6 +43,8 @@ void test_start(const char *n);
43void test_info(char *s, size_t len); 43void test_info(char *s, size_t len);
44void set_onerror_func(test_onerror_func_t *f, void *ctx); 44void set_onerror_func(test_onerror_func_t *f, void *ctx);
45void test_done(void); 45void test_done(void);
46int test_is_verbose(void);
47int test_is_quiet(void);
46void test_subtest_info(const char *fmt, ...) 48void test_subtest_info(const char *fmt, ...)
47 __attribute__((format(printf, 1, 2))); 49 __attribute__((format(printf, 1, 2)));
48void ssl_err_check(const char *file, int line); 50void ssl_err_check(const char *file, int line);
diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile
index a975264fc..f8eec0484 100644
--- a/regress/unittests/utf8/Makefile
+++ b/regress/unittests/utf8/Makefile
@@ -1,7 +1,11 @@
1# $OpenBSD: Makefile,v 1.4 2016/11/01 13:43:27 tb Exp $ 1# $OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $
2 2
3PROG=test_utf8 3PROG=test_utf8
4SRCS=tests.c 4SRCS=tests.c
5
6# From usr.bin/ssh
7SRCS+=utf8.c atomicio.c
8
5REGRESS_TARGETS=run-regress-${PROG} 9REGRESS_TARGETS=run-regress-${PROG}
6 10
7run-regress-${PROG}: ${PROG} 11run-regress-${PROG}: ${PROG}