From 9617816dbe73ec4d65075f4d897443f63a97c87f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 27 Aug 2018 13:08:01 +1000 Subject: document some more regress control env variables Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of environment variables. Based on patch from Jakub Jelen --- regress/README.regress | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'regress') diff --git a/regress/README.regress b/regress/README.regress index 867855017..315fe149a 100644 --- a/regress/README.regress +++ b/regress/README.regress @@ -20,19 +20,26 @@ suite is based on OpenBSD's with modifications. Environment variables. -SUDO: path to sudo command, if desired. Note that some systems (notably - systems using PAM) require sudo to execute some tests. -TEST_SSH_TRACE: set to "yes" for verbose output from tests -TEST_SSH_QUIET: set to "yes" to suppress non-fatal output. -TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD - SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER +SKIP_UNIT: Skip unit tests. +SUDO: path to sudo/doas command, if desired. Note that some systems + (notably systems using PAM) require sudo to execute some tests. +LTESTS: Whitespace separated list of tests (filenames without the .sh + extension) to run. OBJ: used by test scripts to access build dir. TEST_SHELL: shell used for running the test scripts. +TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test + currently in progress. TEST_SSH_PORT: TCP port to be used for the listening tests. -TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to ssh_config - before running each test. +TEST_SSH_QUIET: set to "yes" to suppress non-fatal output. TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config before running each test. +TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to + ssh_config before running each test. +TEST_SSH_TRACE: set to "yes" for verbose output from tests +TEST_SSH_x: path to "ssh" command under test, where x is one of + SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or + SFTPSERVER +USE_VALGRIND: Run the tests under valgrind memory checker. Individual tests. -- cgit v1.2.3 From 2de78bc7da70e1338b32feeefcc6045cf49efcd4 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 12 Sep 2018 01:22:43 +0000 Subject: upstream: s/sshkey_demote/sshkey_from_private/g OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4 --- regress/unittests/sshkey/test_sshkey.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'regress') diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 72367bde7..7e03b7e52 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.14 2018/07/13 02:13:19 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -318,7 +318,7 @@ sshkey_tests(void) TEST_DONE(); TEST_START("demote KEY_RSA"); - ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); + ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(kr, k1); ASSERT_INT_EQ(k1->type, KEY_RSA); @@ -334,7 +334,7 @@ sshkey_tests(void) TEST_DONE(); TEST_START("demote KEY_DSA"); - ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0); + ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(kd, k1); ASSERT_INT_EQ(k1->type, KEY_DSA); @@ -350,7 +350,7 @@ sshkey_tests(void) #ifdef OPENSSL_HAS_ECC TEST_START("demote KEY_ECDSA"); - ASSERT_INT_EQ(sshkey_demote(ke, &k1), 0); + ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(ke, k1); ASSERT_INT_EQ(k1->type, KEY_ECDSA); @@ -367,7 +367,7 @@ sshkey_tests(void) #endif TEST_START("demote KEY_ED25519"); - ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0); + ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(kf, k1); ASSERT_INT_EQ(k1->type, KEY_ED25519); -- cgit v1.2.3 From f803b2682992cfededd40c91818b653b5d923ef5 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 12 Sep 2018 01:23:48 +0000 Subject: upstream: test revocation by explicit hash and by fingerprint OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8 --- regress/krl.sh | 49 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 15 deletions(-) (limited to 'regress') diff --git a/regress/krl.sh b/regress/krl.sh index 1077358ff..a70c79c66 100644 --- a/regress/krl.sh +++ b/regress/krl.sh @@ -1,4 +1,4 @@ -# $OpenBSD: krl.sh,v 1.6 2015/01/30 01:11:39 djm Exp $ +# $OpenBSD: krl.sh,v 1.7 2018/09/12 01:23:48 djm Exp $ # Placed in the Public Domain. tid="key revocation lists" @@ -85,6 +85,15 @@ for n in $UNREVOKED_SERIALS ; do UCERTS="$UCERTS ${f}-cert.pub" done +# Specifications that revoke keys by hash. +touch $OBJ/revoked-sha1 $OBJ/revoked-sha256 $OBJ/revoked-hash +for rkey in $RKEYS; do + (printf "sha1: "; cat $rkey) >> $OBJ/revoked-sha1 + (printf "sha256: "; cat $rkey) >> $OBJ/revoked-sha256 + (printf "hash: "; $SSHKEYGEN -lf $rkey | \ + awk '{ print $2 }') >> $OBJ/revoked-hash +done + genkrls() { OPTS=$1 $SSHKEYGEN $OPTS -kf $OBJ/krl-empty - /dev/null || fatal "$SSHKEYGEN KRL failed" $SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \ >/dev/null || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-sha1 $OBJ/revoked-sha1 \ + >/dev/null 2>&1 || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-sha256 $OBJ/revoked-sha256 \ + >/dev/null 2>&1 || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-hash $OBJ/revoked-hash \ + >/dev/null 2>&1 || fatal "$SSHKEYGEN KRL failed" # This should fail as KRLs from serial/key-id spec need the CA specified. $SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \ >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" @@ -131,9 +146,9 @@ check_krl() { TAG=$4 $SSHKEYGEN -Qf $KRL $KEY >/dev/null result=$? - if test "x$EXPECT_REVOKED" = "xyes" -a $result -eq 0 ; then + if test "x$EXPECT_REVOKED" = "xy" -a $result -eq 0 ; then fatal "key $KEY not revoked by KRL $KRL: $TAG" - elif test "x$EXPECT_REVOKED" = "xno" -a $result -ne 0 ; then + elif test "x$EXPECT_REVOKED" = "xn" -a $result -ne 0 ; then fatal "key $KEY unexpectedly revoked by KRL $KRL: $TAG" fi } @@ -142,17 +157,21 @@ test_rev() { TAG=$2 KEYS_RESULT=$3 ALL_RESULT=$4 - SERIAL_RESULT=$5 - KEYID_RESULT=$6 - CERTS_RESULT=$7 - CA_RESULT=$8 - SERIAL_WRESULT=$9 - KEYID_WRESULT=$10 + HASH_RESULT=$5 + SERIAL_RESULT=$6 + KEYID_RESULT=$7 + CERTS_RESULT=$8 + CA_RESULT=$9 + SERIAL_WRESULT=$10 + KEYID_WRESULT=$11 verbose "$tid: checking revocations for $TAG" for f in $FILES ; do check_krl $f $OBJ/krl-empty no "$TAG" check_krl $f $OBJ/krl-keys $KEYS_RESULT "$TAG" check_krl $f $OBJ/krl-all $ALL_RESULT "$TAG" + check_krl $f $OBJ/krl-sha1 $HASH_RESULT "$TAG" + check_krl $f $OBJ/krl-sha256 $HASH_RESULT "$TAG" + check_krl $f $OBJ/krl-hash $HASH_RESULT "$TAG" check_krl $f $OBJ/krl-serial $SERIAL_RESULT "$TAG" check_krl $f $OBJ/krl-keyid $KEYID_RESULT "$TAG" check_krl $f $OBJ/krl-cert $CERTS_RESULT "$TAG" @@ -163,12 +182,12 @@ test_rev() { } test_all() { - # wildcard - # keys all sr# k.ID cert CA sr.# k.ID - test_rev "$RKEYS" "revoked keys" yes yes no no no no no no - test_rev "$UKEYS" "unrevoked keys" no no no no no no no no - test_rev "$RCERTS" "revoked certs" yes yes yes yes yes yes yes yes - test_rev "$UCERTS" "unrevoked certs" no no no no no yes no no + # wildcard + # keys all hash sr# ID cert CA srl ID + test_rev "$RKEYS" "revoked keys" y y y n n n n n n + test_rev "$UKEYS" "unrevoked keys" n n n n n n n n n + test_rev "$RCERTS" "revoked certs" y y y y y y y y y + test_rev "$UCERTS" "unrevoked certs" n n n n n n y n n } test_all -- cgit v1.2.3 From d70d061828730a56636ab6f1f24fe4a8ccefcfc1 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 12 Sep 2018 01:36:45 +0000 Subject: upstream: Include certs with multiple RSA signature variants in test data Ensure that cert->signature_key is populated correctly OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a --- regress/unittests/sshkey/testdata/rsa_1_sha1 | 15 +++++++++++++++ regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub | 1 + regress/unittests/sshkey/testdata/rsa_1_sha1.pub | 1 + regress/unittests/sshkey/testdata/rsa_1_sha512 | 15 +++++++++++++++ regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub | 1 + regress/unittests/sshkey/testdata/rsa_1_sha512.pub | 1 + 6 files changed, 34 insertions(+) create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha1 create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha1.pub create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha512 create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub create mode 100644 regress/unittests/sshkey/testdata/rsa_1_sha512.pub (limited to 'regress') diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1 b/regress/unittests/sshkey/testdata/rsa_1_sha1 new file mode 100644 index 000000000..5de3f8422 --- /dev/null +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u +d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd +NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB +AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ +GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj +Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv +Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i +PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa +WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj +mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi +C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e +NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/ +h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs= +-----END RSA PRIVATE KEY----- diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub new file mode 100644 index 000000000..ff49d7598 --- /dev/null +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgy5PGFfSaEuSuXsjvKlMZGXYD0xlnqdZftuW9tMkUYz4AAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABDwAAAAdzc2gtcnNhAAABAF5BtPY8FbmIekK/zNq6/Lp5agKT5zEVxqAyZKhp75bLRP+kOMZBVB9ZWrekZk6IAVAOCZGQzTsD4mxIQsxBLl8k5hvEWb90/+w9/BzW9ScOGQe+y0COa0QWWR7L3k1S8WX2oAGvtDWOj7Md85nij4ZSU9/QQQFVDF8VilWPSMxUf/3I1fqyDq7AWcZkGk/bFUN6K6RsCSxIPlGmKt0IauyvSMI2IT0XeRT242RngeeUW8vFrn9TXy9YxJRW+cSeLKCuu8agBYyQMXWQ+q39eZZqVYSoo7nFEEhtaLs8d6jzgGkcE9wGJ9KLgfY/mG2vX3gI4IzncKkVJRoeiDzXFIk= RSA test key #1 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub new file mode 100644 index 000000000..23ef872e0 --- /dev/null +++ b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512 b/regress/unittests/sshkey/testdata/rsa_1_sha512 new file mode 100644 index 000000000..5de3f8422 --- /dev/null +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u +d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd +NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB +AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ +GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj +Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv +Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i +PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa +WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj +mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi +C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e +NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/ +h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs= +-----END RSA PRIVATE KEY----- diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub new file mode 100644 index 000000000..47451968f --- /dev/null +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg/bUEmnMYHxlv1N7iXvnYPYdzDjlTRKoaIGEPkaQQQDwAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABFAAAAAxyc2Etc2hhMi01MTIAAAEA7/GoZsJqrq4xYotsRbpM8arZDjCzT6kohXeD/GVy26s5E/YWXRYCrOMIzSZxjuN5rAaNRW8ffxq14JyI94566Kg2OeoxQ6rK/dTqkk7I1RyypSXunT3I4++RPs1Q+hu9eS/WBzur0/D3dMejhuc3IBg6iB0481I4pGBGcD8/KjQFfhlCuGVXwB1ALk2zfXFT1HYYrs6bYZuQqjgvArnjYJ0do3fTSDC20/ydV4BHnI3fVAY2THVjX45V2ppPadl/rpczaJqW1ZtpnpJkV8Un316stQSD0xLHUDjp89O6d9Yq5S0kDdfwTRJIPm9f2cGNakJwN5qzmmmdDroRKODYcg== RSA test key #1 diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub new file mode 100644 index 000000000..23ef872e0 --- /dev/null +++ b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1 -- cgit v1.2.3 From 86112951d63d48839f035b5795be62635a463f99 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Sep 2018 12:12:42 +1000 Subject: forgot to stage these test files in commit d70d061 --- regress/unittests/sshkey/mktestdata.sh | 14 +++++++++++++- regress/unittests/sshkey/test_file.c | 20 +++++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/unittests/sshkey/mktestdata.sh b/regress/unittests/sshkey/mktestdata.sh index 8047bc62f..93da34c64 100755 --- a/regress/unittests/sshkey/mktestdata.sh +++ b/regress/unittests/sshkey/mktestdata.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: mktestdata.sh,v 1.6 2017/04/30 23:33:48 djm Exp $ +# $OpenBSD: mktestdata.sh,v 1.7 2018/09/12 01:36:45 djm Exp $ PW=mekmitasdigoat @@ -128,6 +128,18 @@ ssh-keygen -s rsa_2 -I hugo -n user1,user2 \ -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \ -V 19990101:20110101 -z 4 ed25519_1.pub +# Make a few RSA variant signature too. +cp rsa_1 rsa_1_sha1 +cp rsa_1 rsa_1_sha512 +cp rsa_1.pub rsa_1_sha1.pub +cp rsa_1.pub rsa_1_sha512.pub +ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t ssh-rsa \ + -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \ + -V 19990101:20110101 -z 1 rsa_1_sha1.pub +ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t rsa-sha2-512 \ + -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \ + -V 19990101:20110101 -z 1 rsa_1_sha512.pub + ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \ -V 19990101:20110101 -z 5 rsa_1.pub ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \ diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index 99b7e21c0..0636e84bb 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_file.c,v 1.6 2017/04/30 23:33:48 djm Exp $ */ +/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -105,6 +105,24 @@ sshkey_file_tests(void) sshkey_free(k2); TEST_DONE(); + TEST_START("load RSA cert with SHA1 signature"); + ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0); + ASSERT_PTR_NE(k2, NULL); + ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); + ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); + ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa"); + sshkey_free(k2); + TEST_DONE(); + + TEST_START("load RSA cert with SHA512 signature"); + ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0); + ASSERT_PTR_NE(k2, NULL); + ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); + ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); + ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512"); + sshkey_free(k2); + TEST_DONE(); + TEST_START("load RSA cert"); ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); ASSERT_PTR_NE(k2, NULL); -- cgit v1.2.3 From 86e0a9f3d249d5580390daf58e015e68b01cef10 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 13 Sep 2018 05:06:51 +0000 Subject: upstream: use only openssl-1.1.x API here too OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f --- regress/unittests/sshkey/test_sshkey.c | 105 +++++++++++++++++++++------------ 1 file changed, 67 insertions(+), 38 deletions(-) (limited to 'regress') diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 7e03b7e52..8e35f4417 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -173,6 +173,61 @@ get_private(const char *n) return ret; } +static const BIGNUM * +rsa_n(struct sshkey *k) +{ + const BIGNUM *n = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_key(k->rsa, &n, NULL, NULL); + return n; +} + +static const BIGNUM * +rsa_e(struct sshkey *k) +{ + const BIGNUM *e = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_key(k->rsa, NULL, &e, NULL); + return e; +} + +static const BIGNUM * +rsa_p(struct sshkey *k) +{ + const BIGNUM *p = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_factors(k->rsa, &p, NULL); + return p; +} + +static const BIGNUM * +dsa_g(struct sshkey *k) +{ + const BIGNUM *g = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->dsa, NULL); + DSA_get0_pqg(k->dsa, NULL, NULL, &g); + return g; +} + +static const BIGNUM * +dsa_priv_key(struct sshkey *k) +{ + const BIGNUM *priv_key = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->dsa, NULL); + DSA_get0_key(k->dsa, NULL, &priv_key); + return priv_key; +} + void sshkey_tests(void) { @@ -197,9 +252,6 @@ sshkey_tests(void) k1 = sshkey_new(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); sshkey_free(k1); TEST_DONE(); @@ -207,8 +259,6 @@ sshkey_tests(void) k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); sshkey_free(k1); TEST_DONE(); @@ -230,27 +280,6 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); - TEST_START("new_private KEY_RSA"); - k1 = sshkey_new_private(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_NE(k1->rsa->p, NULL); - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); - - TEST_START("new_private KEY_DSA"); - k1 = sshkey_new_private(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_NE(k1->dsa->priv_key, NULL); - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); - TEST_START("generate KEY_RSA too small modulus"); ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1), SSH_ERR_KEY_LENGTH); @@ -285,18 +314,18 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); ASSERT_PTR_NE(kr, NULL); ASSERT_PTR_NE(kr->rsa, NULL); - ASSERT_PTR_NE(kr->rsa->n, NULL); - ASSERT_PTR_NE(kr->rsa->e, NULL); - ASSERT_PTR_NE(kr->rsa->p, NULL); - ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); + ASSERT_PTR_NE(rsa_n(kr), NULL); + ASSERT_PTR_NE(rsa_e(kr), NULL); + ASSERT_PTR_NE(rsa_p(kr), NULL); + ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024); TEST_DONE(); TEST_START("generate KEY_DSA"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); ASSERT_PTR_NE(kd, NULL); ASSERT_PTR_NE(kd->dsa, NULL); - ASSERT_PTR_NE(kd->dsa->g, NULL); - ASSERT_PTR_NE(kd->dsa->priv_key, NULL); + ASSERT_PTR_NE(dsa_g(kd), NULL); + ASSERT_PTR_NE(dsa_priv_key(kd), NULL); TEST_DONE(); #ifdef OPENSSL_HAS_ECC @@ -323,9 +352,9 @@ sshkey_tests(void) ASSERT_PTR_NE(kr, k1); ASSERT_INT_EQ(k1->type, KEY_RSA); ASSERT_PTR_NE(k1->rsa, NULL); - ASSERT_PTR_NE(k1->rsa->n, NULL); - ASSERT_PTR_NE(k1->rsa->e, NULL); - ASSERT_PTR_EQ(k1->rsa->p, NULL); + ASSERT_PTR_NE(rsa_n(k1), NULL); + ASSERT_PTR_NE(rsa_e(k1), NULL); + ASSERT_PTR_EQ(rsa_p(k1), NULL); TEST_DONE(); TEST_START("equal KEY_RSA/demoted KEY_RSA"); @@ -339,8 +368,8 @@ sshkey_tests(void) ASSERT_PTR_NE(kd, k1); ASSERT_INT_EQ(k1->type, KEY_DSA); ASSERT_PTR_NE(k1->dsa, NULL); - ASSERT_PTR_NE(k1->dsa->g, NULL); - ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); + ASSERT_PTR_NE(dsa_g(k1), NULL); + ASSERT_PTR_EQ(dsa_priv_key(k1), NULL); TEST_DONE(); TEST_START("equal KEY_DSA/demoted KEY_DSA"); -- cgit v1.2.3 From a3fd8074e2e2f06602e25618721f9556c731312c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 13 Sep 2018 09:03:20 +0000 Subject: upstream: missed a bit of openssl-1.0.x API in this unittest OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9 --- regress/unittests/sshkey/common.c | 79 +++++++++++++++++++++++++++++++++- regress/unittests/sshkey/common.h | 11 ++++- regress/unittests/sshkey/test_file.c | 14 +++--- regress/unittests/sshkey/test_sshkey.c | 57 +----------------------- 4 files changed, 96 insertions(+), 65 deletions(-) (limited to 'regress') diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c index b598f05cb..548da6849 100644 --- a/regress/unittests/sshkey/common.c +++ b/regress/unittests/sshkey/common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: common.c,v 1.2 2015/01/08 13:10:58 djm Exp $ */ +/* $OpenBSD: common.c,v 1.3 2018/09/13 09:03:20 djm Exp $ */ /* * Helpers for key API tests * @@ -82,3 +82,80 @@ load_bignum(const char *name) return ret; } +const BIGNUM * +rsa_n(struct sshkey *k) +{ + const BIGNUM *n = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_key(k->rsa, &n, NULL, NULL); + return n; +} + +const BIGNUM * +rsa_e(struct sshkey *k) +{ + const BIGNUM *e = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_key(k->rsa, NULL, &e, NULL); + return e; +} + +const BIGNUM * +rsa_p(struct sshkey *k) +{ + const BIGNUM *p = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_factors(k->rsa, &p, NULL); + return p; +} + +const BIGNUM * +rsa_q(struct sshkey *k) +{ + const BIGNUM *q = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->rsa, NULL); + RSA_get0_factors(k->rsa, NULL, &q); + return q; +} + +const BIGNUM * +dsa_g(struct sshkey *k) +{ + const BIGNUM *g = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->dsa, NULL); + DSA_get0_pqg(k->dsa, NULL, NULL, &g); + return g; +} + +const BIGNUM * +dsa_pub_key(struct sshkey *k) +{ + const BIGNUM *pub_key = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->dsa, NULL); + DSA_get0_key(k->dsa, &pub_key, NULL); + return pub_key; +} + +const BIGNUM * +dsa_priv_key(struct sshkey *k) +{ + const BIGNUM *priv_key = NULL; + + ASSERT_PTR_NE(k, NULL); + ASSERT_PTR_NE(k->dsa, NULL); + DSA_get0_key(k->dsa, NULL, &priv_key); + return priv_key; +} + diff --git a/regress/unittests/sshkey/common.h b/regress/unittests/sshkey/common.h index bf7d19dce..7a514fdc8 100644 --- a/regress/unittests/sshkey/common.h +++ b/regress/unittests/sshkey/common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: common.h,v 1.1 2014/06/24 01:14:18 djm Exp $ */ +/* $OpenBSD: common.h,v 1.2 2018/09/13 09:03:20 djm Exp $ */ /* * Helpers for key API tests * @@ -14,3 +14,12 @@ struct sshbuf *load_text_file(const char *name); /* Load a bignum from a file */ BIGNUM *load_bignum(const char *name); +/* Accessors for key components */ +const BIGNUM *rsa_n(struct sshkey *k); +const BIGNUM *rsa_e(struct sshkey *k); +const BIGNUM *rsa_p(struct sshkey *k); +const BIGNUM *rsa_q(struct sshkey *k); +const BIGNUM *dsa_g(struct sshkey *k); +const BIGNUM *dsa_pub_key(struct sshkey *k); +const BIGNUM *dsa_priv_key(struct sshkey *k); + diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index 0636e84bb..65610dacc 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */ +/* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -60,9 +60,9 @@ sshkey_file_tests(void) a = load_bignum("rsa_1.param.n"); b = load_bignum("rsa_1.param.p"); c = load_bignum("rsa_1.param.q"); - ASSERT_BIGNUM_EQ(k1->rsa->n, a); - ASSERT_BIGNUM_EQ(k1->rsa->p, b); - ASSERT_BIGNUM_EQ(k1->rsa->q, c); + ASSERT_BIGNUM_EQ(rsa_n(k1), a); + ASSERT_BIGNUM_EQ(rsa_p(k1), b); + ASSERT_BIGNUM_EQ(rsa_q(k1), c); BN_free(a); BN_free(b); BN_free(c); @@ -169,9 +169,9 @@ sshkey_file_tests(void) a = load_bignum("dsa_1.param.g"); b = load_bignum("dsa_1.param.priv"); c = load_bignum("dsa_1.param.pub"); - ASSERT_BIGNUM_EQ(k1->dsa->g, a); - ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); - ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); + ASSERT_BIGNUM_EQ(dsa_g(k1), a); + ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b); + ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c); BN_free(a); BN_free(b); BN_free(c); diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 8e35f4417..47a03fad4 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.17 2018/09/13 09:03:20 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -173,61 +173,6 @@ get_private(const char *n) return ret; } -static const BIGNUM * -rsa_n(struct sshkey *k) -{ - const BIGNUM *n = NULL; - - ASSERT_PTR_NE(k, NULL); - ASSERT_PTR_NE(k->rsa, NULL); - RSA_get0_key(k->rsa, &n, NULL, NULL); - return n; -} - -static const BIGNUM * -rsa_e(struct sshkey *k) -{ - const BIGNUM *e = NULL; - - ASSERT_PTR_NE(k, NULL); - ASSERT_PTR_NE(k->rsa, NULL); - RSA_get0_key(k->rsa, NULL, &e, NULL); - return e; -} - -static const BIGNUM * -rsa_p(struct sshkey *k) -{ - const BIGNUM *p = NULL; - - ASSERT_PTR_NE(k, NULL); - ASSERT_PTR_NE(k->rsa, NULL); - RSA_get0_factors(k->rsa, &p, NULL); - return p; -} - -static const BIGNUM * -dsa_g(struct sshkey *k) -{ - const BIGNUM *g = NULL; - - ASSERT_PTR_NE(k, NULL); - ASSERT_PTR_NE(k->dsa, NULL); - DSA_get0_pqg(k->dsa, NULL, NULL, &g); - return g; -} - -static const BIGNUM * -dsa_priv_key(struct sshkey *k) -{ - const BIGNUM *priv_key = NULL; - - ASSERT_PTR_NE(k, NULL); - ASSERT_PTR_NE(k->dsa, NULL); - DSA_get0_key(k->dsa, NULL, &priv_key); - return priv_key; -} - void sshkey_tests(void) { -- cgit v1.2.3 From d64e78526596f098096113fcf148216798c327ff Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Sep 2018 19:05:48 +1000 Subject: add compat header --- regress/unittests/sshkey/common.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'regress') diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c index 548da6849..e63465c47 100644 --- a/regress/unittests/sshkey/common.c +++ b/regress/unittests/sshkey/common.c @@ -27,6 +27,8 @@ # include #endif +#include "openbsd-compat/openssl-compat.h" + #include "../test_helper/test_helper.h" #include "ssherr.h" -- cgit v1.2.3 From 0aa1f230846ebce698e52051a107f3127024a05a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 14 Sep 2018 10:31:47 +1000 Subject: allow SIGUSR1 as synonym for SIGINFO Lets users on those unfortunate operating systems that lack SIGINFO still be able to obtain progress information from unit tests :) --- regress/unittests/test_helper/fuzz.c | 8 ++++---- regress/unittests/test_helper/test_helper.c | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'regress') diff --git a/regress/unittests/test_helper/fuzz.c b/regress/unittests/test_helper/fuzz.c index 99f1d036c..78b36654d 100644 --- a/regress/unittests/test_helper/fuzz.c +++ b/regress/unittests/test_helper/fuzz.c @@ -196,7 +196,6 @@ fuzz_dump(struct fuzz *fuzz) dump(fuzz_ptr(fuzz), fuzz_len(fuzz)); } -#ifdef SIGINFO static struct fuzz *last_fuzz; static void @@ -211,7 +210,6 @@ siginfo(int unused __attribute__((__unused__))) atomicio(vwrite, STDERR_FILENO, buf, strlen(buf)); } } -#endif struct fuzz * fuzz_begin(u_int strategies, const void *p, size_t l) @@ -233,10 +231,11 @@ fuzz_begin(u_int strategies, const void *p, size_t l) fuzz_next(ret); -#ifdef SIGINFO last_fuzz = ret; +#ifdef SIGINFO signal(SIGINFO, siginfo); #endif + signal(SIGUSR1, siginfo); return ret; } @@ -245,10 +244,11 @@ void fuzz_cleanup(struct fuzz *fuzz) { FUZZ_DBG(("cleanup, fuzz = %p", fuzz)); -#ifdef SIGINFO last_fuzz = NULL; +#ifdef SIGINFO signal(SIGINFO, SIG_DFL); #endif + signal(SIGUSR1, SIG_DFL); assert(fuzz != NULL); assert(fuzz->seed != NULL); assert(fuzz->fuzzed != NULL); diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 866f3495d..4cc70852c 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -203,7 +203,6 @@ test_info(char *s, size_t len) *subtest_info != '\0' ? " - " : "", subtest_info); } -#ifdef SIGINFO static void siginfo(int unused __attribute__((__unused__))) { @@ -212,7 +211,6 @@ siginfo(int unused __attribute__((__unused__))) test_info(buf, sizeof(buf)); atomicio(vwrite, STDERR_FILENO, buf, strlen(buf)); } -#endif void test_start(const char *n) @@ -226,6 +224,7 @@ test_start(const char *n) #ifdef SIGINFO signal(SIGINFO, siginfo); #endif + signal(SIGUSR1, siginfo); } void -- cgit v1.2.3 From 6bc5a24ac867bfdc3ed615589d69ac640f51674b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 14 Sep 2018 15:16:34 +1000 Subject: fuzzer harness for authorized_keys option parsing --- regress/misc/fuzz-harness/Makefile | 7 +++++-- regress/misc/fuzz-harness/authopt_fuzz | Bin 0 -> 2386648 bytes 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100755 regress/misc/fuzz-harness/authopt_fuzz (limited to 'regress') diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 8fbfc20c6..a2aa4441f 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile @@ -7,7 +7,7 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) -all: pubkey_fuzz sig_fuzz +all: pubkey_fuzz sig_fuzz authopt_fuzz .cc.o: $(CXX) $(CXXFLAGS) -c $< -o $@ @@ -18,5 +18,8 @@ pubkey_fuzz: pubkey_fuzz.o sig_fuzz: sig_fuzz.o $(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS) +authopt_fuzz: authopt_fuzz.o + $(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS) + clean: - -rm -f *.o pubkey_fuzz sig_fuzz + -rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz diff --git a/regress/misc/fuzz-harness/authopt_fuzz b/regress/misc/fuzz-harness/authopt_fuzz new file mode 100755 index 000000000..6c04faca1 Binary files /dev/null and b/regress/misc/fuzz-harness/authopt_fuzz differ -- cgit v1.2.3 From 9201784b4a257c8345fbd740bcbdd70054885707 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 15 Sep 2018 19:35:40 +1000 Subject: remove accidentally checked-in authopt_fuzz binary --- regress/misc/fuzz-harness/authopt_fuzz | Bin 2386648 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100755 regress/misc/fuzz-harness/authopt_fuzz (limited to 'regress') diff --git a/regress/misc/fuzz-harness/authopt_fuzz b/regress/misc/fuzz-harness/authopt_fuzz deleted file mode 100755 index 6c04faca1..000000000 Binary files a/regress/misc/fuzz-harness/authopt_fuzz and /dev/null differ -- cgit v1.2.3 From 4488ae1a6940af704c4dbf70f55bf2f756a16536 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 15 Sep 2018 19:36:55 +1000 Subject: really add source for authopt_fuzz this time --- regress/misc/fuzz-harness/authopt_fuzz.cc | 33 +++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 regress/misc/fuzz-harness/authopt_fuzz.cc (limited to 'regress') diff --git a/regress/misc/fuzz-harness/authopt_fuzz.cc b/regress/misc/fuzz-harness/authopt_fuzz.cc new file mode 100644 index 000000000..a76d5a3f1 --- /dev/null +++ b/regress/misc/fuzz-harness/authopt_fuzz.cc @@ -0,0 +1,33 @@ +#include +#include +#include +#include +#include + +extern "C" { + +#include "auth-options.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + char *cp = (char *)malloc(size + 1); + struct sshauthopt *opts = NULL, *merge = NULL, *add = sshauthopt_new(); + + if (cp == NULL || add == NULL) + goto out; + memcpy(cp, data, size); + cp[size] = '\0'; + if ((opts = sshauthopt_parse(cp, NULL)) == NULL) + goto out; + if ((merge = sshauthopt_merge(opts, add, NULL)) == NULL) + goto out; + + out: + free(cp); + sshauthopt_free(add); + sshauthopt_free(opts); + sshauthopt_free(merge); + return 0; +} + +} // extern "C" -- cgit v1.2.3