Age | Commit message (Collapse) | Author |
|
finally enable the KEX tests I wrote some years ago...
|
|
adapt to new error message (SSH_ERR_MAC_INVALID)
|
|
this test was broken in at least two ways, such that it
wasn't checking that a KRL was not excluding valid keys
|
|
switch ssh-keyscan from setjmp to multiple ssh transport
layer instances ok djm@
|
|
add experimental api for packet layer; ok djm@
|
|
store compat flags in struct ssh; ok djm@
|
|
adapt kex to sshbuf and struct ssh; ok djm@
|
|
move dispatch to struct ssh; ok djm@
|
|
update packet.c & isolate, introduce struct ssh a) switch
packet.c to buffer api and isolate per-connection info into struct ssh b)
(de)serialization of the state is moved from monitor to packet.c c) the old
packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and
integrated into packet.c with and ok djm@
|
|
fix format strings in (disabled) debugging
|
|
be a bit more careful in these tests to ensure that
known_hosts is clean
|
|
regression test for known_host file editing using
ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
markus@
|
|
more and better key tests
test signatures and verification
test certificate generation
flesh out nested cert test
removes most of the XXX todo markers
|
|
make the signature fuzzing test much more rigorous:
ensure that the fuzzed input cases do not match the original (using new
fuzz_matches_original() function) and check that the verification fails in
each case
|
|
add a fuzz_matches_original() function to the fuzzer to
detect fuzz cases that are identical to the original data. Hacky
implementation, but very useful when you need the fuzz to be different, e.g.
when verifying signature
|
|
better dumps from the fuzzer (shown on errors) -
include the original data as well as the fuzzed copy.
|
|
enable hostkey-agent.sh test
|
|
unit test for hostkeys in ssh-agent
|
|
add kex unit tests
|
|
djm, your /usr/include tree is old
|
|
some feedback from markus@: comment hostkeys_foreach()
context and avoid a member in it.
|
|
make ssh-keygen use hostkeys_foreach(). Removes some
horrendous code; ok markus@
|
|
convert load_hostkeys() (hostkey ordering and
known_host matching) to use the new hostkey_foreach() iterator; ok markus
|
|
introduce hostkeys_foreach() to allow iteration over a
known_hosts file or controlled subset thereof. This will allow us to pull out
some ugly and duplicated code, and will be used to implement hostkey rotation
later.
feedback and ok markus
|
|
string truncation due to sizeof(size) ok djm markus
|
|
avoid trailing ',' in host key algorithms
|
|
infer key length correctly when user specified a fully-
qualified key name instead of using the -b bits option; ok markus@
|
|
fix hostkeys on ssh agent; found by unit test I'm about
to commit
|
|
garbage collect empty .No macros mandoc warns about
|
|
regression: incorrect error message on
otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@
|
|
when hostname canonicalisation is enabled, try to parse
hostnames as addresses before looking them up for canonicalisation. fixes
bz#2074 and avoids needless DNS lookups in some cases; ok markus
|
|
Replace <sys/param.h> with <limits.h> and other less
dirty headers where possible. Annotate <sys/param.h> lines with their
current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of
MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
These are the files confirmed through binary verification. ok guenther,
millert, doug (helped with the verification protocol)
|
|
remove xmalloc, switch to sshbuf
|
|
switch to sshbuf
|
|
handle UMAC128 initialization like UMAC; ok djm@ markus@
|
|
fix regression reported by brad@ for passworded keys without
agent present
|
|
|
|
unit tests for KRL bitmap
|
|
re-add comment about full path
|
|
don't reset to the installed sshd; connect before
reconfigure, too
|
|
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
|
|
use $SSH instead of installed ssh to allow override;
spotted by markus@
|
|
regress test for PubkeyAcceptedKeyTypes; ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
|
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
|
|
let this test all supporte key types; pointed out/ok
markus@
|
|
sync ssh-keysign, ssh-keygen and some dependencies to the
new buffer/key API; mostly mechanical, ok markus@
|
|
remove commented-out test code now that it has moved to a
proper unit test
|
|
whitespace
|
|
move authfd.c and its tentacles to the new buffer/key
API; ok markus@
|