From ae2562c47d41b68dbb00240fd6dd60bed205367a Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 3 Mar 2016 00:46:53 +0000 Subject: upstream commit Look back 3 lines for possible error messages. Changes to the code mean that "Bad packet length" errors are 3 lines back instead of the previous two, which meant we didn't skip some offsets that we intended to. Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684 --- regress/integrity.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/integrity.sh b/regress/integrity.sh index 1d4976771..6acbe4fc0 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.16 2015/03/24 20:22:17 markus Exp $ +# $OpenBSD: integrity.sh,v 1.17 2016/03/03 00:46:53 dtucker Exp $ # Placed in the Public Domain. tid="integrity" @@ -54,7 +54,7 @@ for m in $macs; do fail "ssh -m $m succeeds with bit-flip at $off" fi ecnt=`expr $ecnt + 1` - out=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ + out=$(tail -3 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ tr -s '\r\n' '.') case "$out" in Bad?packet*) elen=`expr $elen + 1`; skip=3;; -- cgit v1.2.3 From 0892edaa3ce623381d3a7635544cbc69b31cf9cb Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 4 Mar 2016 02:30:36 +0000 Subject: upstream commit add KEX fuzzer harness; ok deraadt@ Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1 --- regress/Makefile | 2 +- regress/misc/Makefile | 3 + regress/misc/kexfuzz/Makefile | 78 ++++++++ regress/misc/kexfuzz/README | 28 +++ regress/misc/kexfuzz/kexfuzz.c | 404 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 514 insertions(+), 1 deletion(-) create mode 100644 regress/misc/Makefile create mode 100644 regress/misc/kexfuzz/Makefile create mode 100644 regress/misc/kexfuzz/README create mode 100644 regress/misc/kexfuzz/kexfuzz.c (limited to 'regress') diff --git a/regress/Makefile b/regress/Makefile index 451909c1a..839fb8eca 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.82 2015/09/24 06:16:53 djm Exp $ +# $OpenBSD: Makefile,v 1.84 2016/03/04 02:30:36 djm Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) diff --git a/regress/misc/Makefile b/regress/misc/Makefile new file mode 100644 index 000000000..14c0c279f --- /dev/null +++ b/regress/misc/Makefile @@ -0,0 +1,3 @@ +SUBDIR= kexfuzz + +.include diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile new file mode 100644 index 000000000..3018b632f --- /dev/null +++ b/regress/misc/kexfuzz/Makefile @@ -0,0 +1,78 @@ +# $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $ + +.include +.include + +# XXX detect from ssh binary? +SSH1?= no +OPENSSL?= yes + +PROG= kexfuzz +SRCS= kexfuzz.c +NOMAN= 1 + +.if (${OPENSSL:L} == "yes") +CFLAGS+= -DWITH_OPENSSL +.else +# SSH v.1 requires OpenSSL. +SSH1= no +.endif + +.if (${SSH1:L} == "yes") +CFLAGS+= -DWITH_SSH1 +.endif + +# enable warnings +WARNINGS=Yes + +DEBUG=-g +CFLAGS+= -fstack-protector-all +CDIAGFLAGS= -Wall +CDIAGFLAGS+= -Wextra +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wchar-subscripts +CDIAGFLAGS+= -Wcomment +CDIAGFLAGS+= -Wformat +CDIAGFLAGS+= -Wformat-security +CDIAGFLAGS+= -Wimplicit +CDIAGFLAGS+= -Winline +CDIAGFLAGS+= -Wmissing-declarations +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wparentheses +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wreturn-type +CDIAGFLAGS+= -Wshadow +CDIAGFLAGS+= -Wsign-compare +CDIAGFLAGS+= -Wstrict-aliasing +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wswitch +CDIAGFLAGS+= -Wtrigraphs +CDIAGFLAGS+= -Wuninitialized +CDIAGFLAGS+= -Wunused +.if ${COMPILER_VERSION} == "gcc4" +CDIAGFLAGS+= -Wpointer-sign +CDIAGFLAGS+= -Wold-style-definition +.endif + +SSHREL=../../../../../usr.bin/ssh + +CFLAGS+=-I${.CURDIR}/${SSHREL} + +.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) +LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh +DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a +.else +LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh +DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a +.endif + +LDADD+= -lutil -lz +DPADD+= ${LIBUTIL} ${LIBZ} + +.if (${OPENSSL:L} == "yes") +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} +.endif + +.include + diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README new file mode 100644 index 000000000..8b215b5bf --- /dev/null +++ b/regress/misc/kexfuzz/README @@ -0,0 +1,28 @@ +This is a harness to help with fuzzing KEX. + +To use it, you first set it to count packets in each direction: + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c +S2C: 29 +C2S: 31 + +Then get it to record a particular packet (in this case the 4th +packet from client->server): + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ + -d -D C2S -i 3 -f packet_3 + +Fuzz the packet somehow: + +dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example + +Then re-run the key exchange substituting the modified packet in +its original sequence: + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ + -r -D C2S -i 3 -f packet_3 + +A comprehensive KEX fuzz run would fuzz every packet in both +directions for each key exchange type and every hostkey type. +This will take some time. + diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c new file mode 100644 index 000000000..d57a117ac --- /dev/null +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -0,0 +1,404 @@ +/* $OpenBSD: kexfuzz.c,v 1.1 2016/03/04 02:30:37 djm Exp $ */ +/* + * Fuzz harness for KEX code + * + * Placed in the public domain + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ssherr.h" +#include "ssh_api.h" +#include "sshbuf.h" +#include "packet.h" +#include "myproposal.h" +#include "authfile.h" + +struct ssh *active_state = NULL; /* XXX - needed for linking */ + +void kex_tests(void); +static int do_debug = 0; + +enum direction { S2C, C2S }; + +static int +do_send_and_receive(struct ssh *from, struct ssh *to, int mydirection, + int *packet_count, int trigger_direction, int packet_index, + const char *dump_path, struct sshbuf *replace_data) +{ + u_char type; + size_t len, olen; + const u_char *buf; + int r; + FILE *dumpfile; + + for (;;) { + if ((r = ssh_packet_next(from, &type)) != 0) { + fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r)); + return r; + } + if (type != 0) + return 0; + buf = ssh_output_ptr(from, &len); + olen = len; + if (do_debug) { + printf("%s packet %d type %u len %zu:\n", + mydirection == S2C ? "s2c" : "c2s", + *packet_count, type, len); + sshbuf_dump_data(buf, len, stdout); + } + if (mydirection == trigger_direction && + packet_index == *packet_count) { + if (replace_data != NULL) { + buf = sshbuf_ptr(replace_data); + len = sshbuf_len(replace_data); + if (do_debug) { + printf("***** replaced packet " + "len %zu\n", len); + sshbuf_dump_data(buf, len, stdout); + } + } else if (dump_path != NULL) { + if ((dumpfile = fopen(dump_path, "w+")) == NULL) + err(1, "fopen %s", dump_path); + if (len != 0 && + fwrite(buf, len, 1, dumpfile) != 1) + err(1, "fwrite %s", dump_path); + if (do_debug) + printf("***** dumped packet " + "len %zu\n", len); + fclose(dumpfile); + exit(0); + } + } + (*packet_count)++; + if (len == 0) + return 0; + if ((r = ssh_input_append(to, buf, len)) != 0 || + (r = ssh_output_consume(from, olen)) != 0) + return r; + } +} + +/* Minimal test_helper.c scaffholding to make this standalone */ +const char *in_test = NULL; +#define TEST_START(a) \ + do { \ + in_test = (a); \ + if (do_debug) \ + fprintf(stderr, "test %s starting\n", in_test); \ + } while (0) +#define TEST_DONE() \ + do { \ + if (do_debug) \ + fprintf(stderr, "test %s done\n", \ + in_test ? in_test : "???"); \ + in_test = NULL; \ + } while(0) +#define ASSERT_INT_EQ(a, b) \ + do { \ + if ((int)(a) != (int)(b)) { \ + fprintf(stderr, "%s %s:%d " \ + "%s (%d) != expected %s (%d)\n", \ + in_test ? in_test : "(none)", \ + __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \ + exit(2); \ + } \ + } while (0) +#define ASSERT_INT_GE(a, b) \ + do { \ + if ((int)(a) < (int)(b)) { \ + fprintf(stderr, "%s %s:%d " \ + "%s (%d) < expected %s (%d)\n", \ + in_test ? in_test : "(none)", \ + __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \ + exit(2); \ + } \ + } while (0) +#define ASSERT_PTR_NE(a, b) \ + do { \ + if ((a) == (b)) { \ + fprintf(stderr, "%s %s:%d " \ + "%s (%p) != expected %s (%p)\n", \ + in_test ? in_test : "(none)", \ + __func__, __LINE__, #a, (a), #b, (b)); \ + exit(2); \ + } \ + } while (0) + + +static void +run_kex(struct ssh *client, struct ssh *server, int *s2c, int *c2s, + int direction, int packet_index, + const char *dump_path, struct sshbuf *replace_data) +{ + int r = 0; + + while (!server->kex->done || !client->kex->done) { + if ((r = do_send_and_receive(server, client, S2C, s2c, + direction, packet_index, dump_path, replace_data))) + break; + if ((r = do_send_and_receive(client, server, C2S, c2s, + direction, packet_index, dump_path, replace_data))) + break; + } + if (do_debug) + printf("done: %s\n", ssh_err(r)); + ASSERT_INT_EQ(r, 0); + ASSERT_INT_EQ(server->kex->done, 1); + ASSERT_INT_EQ(client->kex->done, 1); +} + +static void +do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, + int direction, int packet_index, + const char *dump_path, struct sshbuf *replace_data) +{ + struct ssh *client = NULL, *server = NULL, *server2 = NULL; + struct sshkey *pubkey = NULL; + struct sshbuf *state; + struct kex_params kex_params; + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *keyname = NULL; + + TEST_START("sshkey_from_private"); + ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0); + TEST_DONE(); + + TEST_START("ssh_init"); + memcpy(kex_params.proposal, myproposal, sizeof(myproposal)); + if (kex != NULL) + kex_params.proposal[PROPOSAL_KEX_ALGS] = strdup(kex); + keyname = strdup(sshkey_ssh_name(prvkey)); + ASSERT_PTR_NE(keyname, NULL); + kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; + ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); + ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0); + ASSERT_PTR_NE(client, NULL); + ASSERT_PTR_NE(server, NULL); + TEST_DONE(); + + TEST_START("ssh_add_hostkey"); + ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0); + ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0); + TEST_DONE(); + + TEST_START("kex"); + run_kex(client, server, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("rekeying client"); + ASSERT_INT_EQ(kex_send_kexinit(client), 0); + run_kex(client, server, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("rekeying server"); + ASSERT_INT_EQ(kex_send_kexinit(server), 0); + run_kex(client, server, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("ssh_packet_get_state"); + state = sshbuf_new(); + ASSERT_PTR_NE(state, NULL); + ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0); + ASSERT_INT_GE(sshbuf_len(state), 1); + TEST_DONE(); + + TEST_START("ssh_packet_set_state"); + server2 = NULL; + ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); + ASSERT_PTR_NE(server2, NULL); + ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0); + kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ + ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); + ASSERT_INT_EQ(sshbuf_len(state), 0); + sshbuf_free(state); + ASSERT_PTR_NE(server2->kex, NULL); + /* XXX we need to set the callbacks */ + server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +#ifdef OPENSSL_HAS_ECC + server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif + server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; + server2->kex->load_host_public_key = server->kex->load_host_public_key; + server2->kex->load_host_private_key = server->kex->load_host_private_key; + server2->kex->sign = server->kex->sign; + TEST_DONE(); + + TEST_START("rekeying server2"); + ASSERT_INT_EQ(kex_send_kexinit(server2), 0); + run_kex(client, server2, s2c, c2s, direction, packet_index, + dump_path, replace_data); + ASSERT_INT_EQ(kex_send_kexinit(client), 0); + run_kex(client, server2, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("cleanup"); + sshkey_free(pubkey); + ssh_free(client); + ssh_free(server); + ssh_free(server2); + free(keyname); + TEST_DONE(); +} + +static void +usage(void) +{ + fprintf(stderr, + "Usage: kexfuzz [-hcdrv] [-D direction] [-f data_file]\n" + " [-K kex_alg] [-k private_key] [-i packet_index]\n" + "\n" + "Options:\n" + " -h Display this help\n" + " -c Count packets sent during KEX\n" + " -d Dump mode: record KEX packet to data file\n" + " -r Replace mode: replace packet with data file\n" + " -v Turn on verbose logging\n" + " -D S2C|C2S Packet direction for replacement or dump\n" + " -f data_file Path to data file for replacement or dump\n" + " -K kex_alg Name of KEX algorithm to test (see below)\n" + " -k private_key Path to private key file\n" + " -i packet_index Index of packet to replace or dump (from 0)\n" + "\n" + "Available KEX algorithms: %s\n", kex_alg_list(' ')); +} + +static void +badusage(const char *bad) +{ + fprintf(stderr, "Invalid options\n"); + fprintf(stderr, "%s\n", bad); + usage(); + exit(1); +} + +int +main(int argc, char **argv) +{ + int ch, fd, r; + int count_flag = 0, dump_flag = 0, replace_flag = 0; + int packet_index = -1, direction = -1; + int s2c = 0, c2s = 0; /* packet counts */ + const char *kex = NULL, *kpath = NULL, *data_path = NULL; + struct sshkey *key = NULL; + struct sshbuf *replace_data = NULL; + + setvbuf(stdout, NULL, _IONBF, 0); + while ((ch = getopt(argc, argv, "hcdrvD:f:K:k:i:")) != -1) { + switch (ch) { + case 'h': + usage(); + return 0; + case 'c': + count_flag = 1; + break; + case 'd': + dump_flag = 1; + break; + case 'r': + replace_flag = 1; + break; + case 'v': + do_debug = 1; + break; + + case 'D': + if (strcasecmp(optarg, "s2c") == 0) + direction = S2C; + else if (strcasecmp(optarg, "c2s") == 0) + direction = C2S; + else + badusage("Invalid direction (-D)"); + break; + case 'f': + data_path = optarg; + break; + case 'K': + kex = optarg; + break; + case 'k': + kpath = optarg; + break; + case 'i': + packet_index = atoi(optarg); + if (packet_index < 0) + badusage("Invalid packet index"); + break; + default: + badusage("unsupported flag"); + } + } + argc -= optind; + argv += optind; + + /* Must select a single mode */ + if ((count_flag + dump_flag + replace_flag) != 1) + badusage("Must select one mode: -c, -d or -r"); + /* KEX type is mandatory */ + if (kex == NULL || !kex_names_valid(kex) || strchr(kex, ',') != NULL) + badusage("Missing or invalid kex type (-K flag)"); + /* Valid key is mandatory */ + if (kpath == NULL) + badusage("Missing private key (-k flag)"); + if ((fd = open(kpath, O_RDONLY)) == -1) + err(1, "open %s", kpath); + if ((r = sshkey_load_private_type_fd(fd, KEY_UNSPEC, NULL, + &key, NULL)) != 0) + errx(1, "Unable to load key %s: %s", kpath, ssh_err(r)); + close(fd); + /* XXX check that it is a private key */ + /* XXX support certificates */ + if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1) + badusage("Invalid key file (-k flag)"); + + /* Replace (fuzz) mode */ + if (replace_flag) { + if (packet_index == -1 || direction == -1 || data_path == NULL) + badusage("Replace (-r) mode must specify direction " + "(-D) packet index (-i) and data path (-f)"); + if ((fd = open(data_path, O_RDONLY)) == -1) + err(1, "open %s", data_path); + replace_data = sshbuf_new(); + if ((r = sshkey_load_file(fd, replace_data)) != 0) + errx(1, "read %s: %s", data_path, ssh_err(r)); + close(fd); + } + + /* Dump mode */ + if (dump_flag) { + if (packet_index == -1 || direction == -1 || data_path == NULL) + badusage("Dump (-d) mode must specify direction " + "(-D), packet index (-i) and data path (-f)"); + } + + /* Count mode needs no further flags */ + + do_kex_with_key(kex, key, &c2s, &s2c, + direction, packet_index, + dump_flag ? data_path : NULL, + replace_flag ? replace_data : NULL); + sshkey_free(key); + sshbuf_free(replace_data); + + if (count_flag) { + printf("S2C: %d\n", s2c); + printf("C2S: %d\n", c2s); + } + + return 0; +} -- cgit v1.2.3 From 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 4 Mar 2016 02:48:06 +0000 Subject: upstream commit Filter debug messages out of log before picking the last two lines. Should prevent problems if any more debug output is added late in the connection. Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363 --- regress/integrity.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/integrity.sh b/regress/integrity.sh index 6acbe4fc0..bfadc6b48 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.17 2016/03/03 00:46:53 dtucker Exp $ +# $OpenBSD: integrity.sh,v 1.18 2016/03/04 02:48:06 dtucker Exp $ # Placed in the Public Domain. tid="integrity" @@ -54,7 +54,7 @@ for m in $macs; do fail "ssh -m $m succeeds with bit-flip at $off" fi ecnt=`expr $ecnt + 1` - out=$(tail -3 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ + out=$(egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \ tr -s '\r\n' '.') case "$out" in Bad?packet*) elen=`expr $elen + 1`; skip=3;; -- cgit v1.2.3 From c425494d6b6181beb54a1b3763ef9e944fd3c214 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 8 Mar 2016 14:03:54 -0800 Subject: unbreak kexfuzz for -Werror without __bounded__ --- regress/misc/kexfuzz/kexfuzz.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'regress') diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index d57a117ac..0a4eabc43 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -5,6 +5,8 @@ * Placed in the public domain */ +#include "includes.h" + #include #include #include -- cgit v1.2.3 From e960051f9a264f682c4d2fefbeecffcfc66b0ddf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Mar 2016 13:14:18 +1100 Subject: Wrap stdint.h inside #ifdef HAVE_STDINT_H. --- regress/misc/kexfuzz/kexfuzz.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 0a4eabc43..e6751d31c 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -10,7 +10,9 @@ #include #include #include -#include +#ifdef HAVE_STDINT_H +# include +#endif #include #include #include -- cgit v1.2.3 From 732b463d37221722b1206f43aa59563766a6a968 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 14 Mar 2016 16:04:23 +1100 Subject: Pass supported malloc options to connect-privsep. This allows us to activate only the supported options during the malloc option portion of the connect-privsep test. --- Makefile.in | 1 + regress/connect-privsep.sh | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/Makefile.in b/Makefile.in index 139e20a8c..af758d035 100644 --- a/Makefile.in +++ b/Makefile.in @@ -552,6 +552,7 @@ tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS) OBJ="$${BUILDDIR}/regress/" \ PATH="$${BUILDDIR}:$${PATH}" \ TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ + TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ TEST_SSH_SCP="$${TEST_SSH_SCP}" \ TEST_SSH_SSH="$${TEST_SSH_SSH}" \ TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \ diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index 9a51f5690..ea739f614 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh @@ -26,7 +26,12 @@ done # Because sandbox is sensitive to changes in libc, especially malloc, retest # with every malloc.conf option (and none). -for m in '' A F G H J P R S X '<' '>'; do +if [ -z "TEST_MALLOC_OPTIONS" ]; then + mopts="A F G H J P R S X < >" +else + mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` +fi +for m in '' $mopts ; do for p in ${SSH_PROTOCOLS}; do env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true if [ $? -ne 0 ]; then -- cgit v1.2.3 From 076787702418985a2cc6808212dc28ce7afc01f0 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 14 Apr 2016 23:21:42 +0000 Subject: upstream commit add test knob and warning for StrictModes Upstream-Regress-ID: 8cd10952ce7898655ee58945904f2a0a3bdf7682 --- regress/test-exec.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 114e129f2..d468bcf4d 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: test-exec.sh,v 1.52 2016/04/14 23:21:42 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -411,6 +411,13 @@ cat << EOF > $OBJ/sshd_config Subsystem sftp $SFTPSERVER EOF +# This may be necessary if /usr/src and/or /usr/obj are group-writable, +# but if you aren't careful with permissions then the unit tests could +# be abused to locally escalate privileges. +if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then + echo "StrictModes no" >> $OBJ/sshd_config +fi + if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config -- cgit v1.2.3 From 6b8a1a87005818d4700ce8b42faef746e82c1f51 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 14 Apr 2016 23:57:17 +0000 Subject: upstream commit unbreak test for recent ssh de-duplicated forwarding change Upstream-Regress-ID: 6b2b115d99acd7cff13986e6739ea214cf2a3da3 --- regress/forwarding.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/forwarding.sh b/regress/forwarding.sh index fb4f35aff..2539db9b7 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forwarding.sh,v 1.15 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $ # Placed in the Public Domain. tid="local and remote forwarding" @@ -59,7 +59,7 @@ for d in L R; do -$d ${base}01:127.0.0.1:$PORT \ -$d ${base}02:127.0.0.1:$PORT \ -$d ${base}03:127.0.0.1:$PORT \ - -$d ${base}01:127.0.0.1:$PORT \ + -$d ${base}01:localhost:$PORT \ -$d ${base}04:127.0.0.1:$PORT \ -oExitOnForwardFailure=yes somehost true r=$? -- cgit v1.2.3 From 35f22dad263cce5c61d933ae439998cb965b8748 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 15 Apr 2016 00:31:10 +0000 Subject: upstream commit regression test for ssh_config Include directive Upstream-Regress-ID: 46a38c8101f635461c506d1aac2d96af80f97f1e --- regress/Makefile | 8 +- regress/cfginclude.sh | 290 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 295 insertions(+), 3 deletions(-) create mode 100644 regress/cfginclude.sh (limited to 'regress') diff --git a/regress/Makefile b/regress/Makefile index 839fb8eca..4e32eab8a 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.84 2016/03/04 02:30:36 djm Exp $ +# $OpenBSD: Makefile,v 1.85 2016/04/15 00:31:10 djm Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -75,7 +75,8 @@ LTESTS= connect \ keygen-knownhosts \ hostkey-rotate \ principals-command \ - cert-file + cert-file \ + cfginclude # dhgex \ @@ -106,7 +107,8 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ sftp-server.sh sftp-server.log sftp.log setuid-allowed \ data ed25519-agent ed25519-agent.pub key.ed25519-512 \ key.ed25519-512.pub netcat host_krl_* host_revoked_* \ - kh.* user_*key* agent-key.* known_hosts.* hkr.* + kh.* user_*key* agent-key.* known_hosts.* hkr.* \ + scp-ssh-wrapper.scp ssh_proxy_bak ssh_config.* SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh new file mode 100644 index 000000000..3232fa9f0 --- /dev/null +++ b/regress/cfginclude.sh @@ -0,0 +1,290 @@ +# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $ +# Placed in the Public Domain. + +tid="config include" + +cat > $OBJ/ssh_config.i << _EOF +Match host a + Hostname aa + +Match host b + Hostname bb + Include $OBJ/ssh_config.i.* + +Match host c + Include $OBJ/ssh_config.i.* + Hostname cc + +Match host m + Include $OBJ/ssh_config.i.* + +Host d + Hostname dd + +Host e + Hostname ee + Include $OBJ/ssh_config.i.* + +Host f + Include $OBJ/ssh_config.i.* + Hostname ff + +Host n + Include $OBJ/ssh_config.i.* +_EOF + +cat > $OBJ/ssh_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/ssh_config.i.1 << _EOF +Match host a + Hostname aaa + +Match host b + Hostname bbb + +Match host c + Hostname ccc + +Host d + Hostname ddd + +Host e + Hostname eee + +Host f + Hostname fff +_EOF + +cat > $OBJ/ssh_config.i.2 << _EOF +Match host a + Hostname aaaa + +Match host b + Hostname bbbb + +Match host c + Hostname cccc + +Host d + Hostname dddd + +Host e + Hostname eeee + +Host f + Hostname ffff + +Match all + Hostname xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out || + fatal "ssh config parse failed" + _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "host $_host include fail: expected $_exp got $_got" + fi +} + +trial a aa +trial b bb +trial c ccc +trial d dd +trial e ee +trial f fff +trial m xxxx +trial n xxxx +trial x x + +# Prepare an included config with an error. + +cat > $OBJ/ssh_config.i.3 << _EOF +Hostname xxxx + Junk +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed invalid config" + +${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \ + fail "ssh include allowed invalid config" + +rm -f $OBJ/ssh_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i.* +Hostname aa +_EOF + +trial a aa + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/ssh_config.i.x << _EOF +Match host x +_EOF + +trial a aa + +cat > $OBJ/ssh_config.i.x << _EOF +Host x +_EOF + +trial a aa + +# cleanup +rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out +# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $ +# Placed in the Public Domain. + +tid="config include" + +cat > $OBJ/ssh_config.i << _EOF +Match host a + Hostname aa + +Match host b + Hostname bb + Include $OBJ/ssh_config.i.* + +Match host c + Include $OBJ/ssh_config.i.* + Hostname cc + +Match host m + Include $OBJ/ssh_config.i.* + +Host d + Hostname dd + +Host e + Hostname ee + Include $OBJ/ssh_config.i.* + +Host f + Include $OBJ/ssh_config.i.* + Hostname ff + +Host n + Include $OBJ/ssh_config.i.* +_EOF + +cat > $OBJ/ssh_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/ssh_config.i.1 << _EOF +Match host a + Hostname aaa + +Match host b + Hostname bbb + +Match host c + Hostname ccc + +Host d + Hostname ddd + +Host e + Hostname eee + +Host f + Hostname fff +_EOF + +cat > $OBJ/ssh_config.i.2 << _EOF +Match host a + Hostname aaaa + +Match host b + Hostname bbbb + +Match host c + Hostname cccc + +Host d + Hostname dddd + +Host e + Hostname eeee + +Host f + Hostname ffff + +Match all + Hostname xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out || + fatal "ssh config parse failed" + _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "host $_host include fail: expected $_exp got $_got" + fi +} + +trial a aa +trial b bb +trial c ccc +trial d dd +trial e ee +trial f fff +trial m xxxx +trial n xxxx +trial x x + +# Prepare an included config with an error. + +cat > $OBJ/ssh_config.i.3 << _EOF +Hostname xxxx + Junk +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed invalid config" + +${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \ + fail "ssh include allowed invalid config" + +rm -f $OBJ/ssh_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i.* +Hostname aa +_EOF + +trial a aa + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/ssh_config.i.x << _EOF +Match host x +_EOF + +trial a aa + +cat > $OBJ/ssh_config.i.x << _EOF +Host x +_EOF + +trial a aa + +# Ensure that recursive includes are bounded. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed infinite recursion?" # or hang... + +# cleanup +rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out -- cgit v1.2.3 From b1d05aa653ae560c44baf8e8a9756e33f98ea75c Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 15 Apr 2016 00:48:01 +0000 Subject: upstream commit sync CLEANFILES with portable, sort Upstream-Regress-ID: cb782f4f1ab3e079efbc335c6b64942f790766ed --- regress/Makefile | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) (limited to 'regress') diff --git a/regress/Makefile b/regress/Makefile index 4e32eab8a..23314b808 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.85 2016/04/15 00:31:10 djm Exp $ +# $OpenBSD: Makefile,v 1.86 2016/04/15 00:48:01 djm Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -87,28 +87,28 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #LTESTS= cipher-speed USER!= id -un -CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ - t8.out t8.out.pub t9.out t9.out.pub t10.out t10.out.pub \ - t12.out t12.out.pub \ - authorized_keys_${USER} known_hosts pidfile testdata \ - ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ - rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ - rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ - ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ - sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ - known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \ - putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ - key.rsa-* key.dsa-* key.ecdsa-* \ - authorized_principals_${USER} expect actual ready \ - sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ - ssh.log failed-ssh.log sshd.log failed-sshd.log \ - regress.log failed-regress.log ssh-log-wrapper.sh \ - sftp-server.sh sftp-server.log sftp.log setuid-allowed \ - data ed25519-agent ed25519-agent.pub key.ed25519-512 \ - key.ed25519-512.pub netcat host_krl_* host_revoked_* \ - kh.* user_*key* agent-key.* known_hosts.* hkr.* \ - scp-ssh-wrapper.scp ssh_proxy_bak ssh_config.* +CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ + authorized_keys_${USER}.* authorized_principals_${USER} \ + banner.in banner.out cert_host_key* cert_user_key* \ + copy.1 copy.2 data ed25519-agent ed25519-agent* \ + ed25519-agent.pub empty.in expect failed-regress.log \ + failed-ssh.log failed-sshd.log hkr.* host.rsa host.rsa1 \ + host_* host_ca_key* host_krl_* host_revoked_* key.* \ + key.dsa-* key.ecdsa-* key.ed25519-512 key.ed25519-512.pub \ + key.rsa-* keys-command-args kh.* known_hosts \ + known_hosts-cert known_hosts.* krl-* ls.copy modpipe \ + netcat pidfile putty.rsa2 ready regress.log remote_pid \ + revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa1 \ + rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ + rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ + scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ + sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ + ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ + ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \ + sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \ + t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \ + t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ + t9.out t9.out.pub testdata user_*key* user_ca* user_key* SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} -- cgit v1.2.3 From 12e4ac46aed681da55c2bba3cd11dfcab23591be Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 15 Apr 2016 02:55:53 +0000 Subject: upstream commit remove redundant CLEANFILES section Upstream-Regress-ID: 29ef1b267fa56daa60a1463396635e7d53afb587 --- regress/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/Makefile b/regress/Makefile index 23314b808..03661e1ff 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.86 2016/04/15 00:48:01 djm Exp $ +# $OpenBSD: Makefile,v 1.87 2016/04/15 02:55:53 djm Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) -- cgit v1.2.3 From 0f839e5969efa3bda615991be8a9d9311554c573 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 15 Apr 2016 02:57:10 +0000 Subject: upstream commit missing bit of Include regress Upstream-Regress-ID: 1063595f7f40f8489a1b7a27230b9e8acccea34f --- regress/test-exec.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/test-exec.sh b/regress/test-exec.sh index d468bcf4d..1b6526d0b 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.52 2016/04/14 23:21:42 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -221,6 +221,7 @@ echo "#!/bin/sh" > $SSHLOGWRAP echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP chmod a+rx $OBJ/ssh-log-wrapper.sh +REAL_SSH="$SSH" SSH="$SSHLOGWRAP" # Some test data. We make a copy because some tests will overwrite it. -- cgit v1.2.3 From 67f1459efd2e85bf03d032539283fa8107218936 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 May 2016 09:52:00 +0000 Subject: upstream commit unit and regress tests for SHA256/512; ok markus Upstream-Regress-ID: a0cd1a92dc824067076a5fcef83c18df9b0bf2c6 --- regress/cert-hostkey.sh | 126 ++++++++++++++++++--------------- regress/cert-userkey.sh | 49 ++++++++----- regress/unittests/sshkey/test_sshkey.c | 4 +- 3 files changed, 102 insertions(+), 77 deletions(-) (limited to 'regress') diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 3f53922c8..62261cf8b 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.13 2015/07/10 06:23:25 markus Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.14 2016/05/02 09:52:00 djm Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -30,34 +30,51 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak HOSTS='localhost-with-alias,127.0.0.1,::1' -# Create a CA key and add it to known hosts. Ed25519 chosed for speed. +kh_ca() { + for k in "$@" ; do + printf "@cert-authority $HOSTS " + cat $OBJ/$k || fatal "couldn't cat $k" + done +} +kh_revoke() { + for k in "$@" ; do + printf "@revoked * " + cat $OBJ/$k || fatal "couldn't cat $k" + done +} + +# Create a CA key and add it to known hosts. Ed25519 chosen for speed. +# RSA for testing RSA/SHA2 signatures. ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/host_ca_key ||\ fail "ssh-keygen of host_ca_key failed" -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key2 ||\ + fail "ssh-keygen of host_ca_key failed" + +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert # Plain text revocation files touch $OBJ/host_revoked_empty touch $OBJ/host_revoked_plain touch $OBJ/host_revoked_cert -cp $OBJ/host_ca_key.pub $OBJ/host_revoked_ca +cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` +if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then + PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" +fi + # Prepare certificate, plain key and CA KRLs ${SSHKEYGEN} -kf $OBJ/host_krl_empty || fatal "KRL init failed" ${SSHKEYGEN} -kf $OBJ/host_krl_plain || fatal "KRL init failed" ${SSHKEYGEN} -kf $OBJ/host_krl_cert || fatal "KRL init failed" -${SSHKEYGEN} -kf $OBJ/host_krl_ca $OBJ/host_ca_key.pub \ +${SSHKEYGEN} -kf $OBJ/host_krl_ca $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub \ || fatal "KRL init failed" # Generate and sign host keys serial=1 -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do verbose "$tid: sign host ${ktype} cert" # Generate and sign a host key ${SSHKEYGEN} -q -N '' -t ${ktype} \ @@ -66,7 +83,11 @@ for ktype in $PLAIN_TYPES ; do ${SSHKEYGEN} -ukf $OBJ/host_krl_plain \ $OBJ/cert_host_key_${ktype}.pub || fatal "KRL update failed" cat $OBJ/cert_host_key_${ktype}.pub >> $OBJ/host_revoked_plain - ${SSHKEYGEN} -h -q -s $OBJ/host_ca_key -z $serial \ + case $ktype in + rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; + *) tflag=""; ca="$OBJ/host_ca_key" ;; + esac + ${SSHKEYGEN} -h -q -s $ca -z $serial $tflag \ -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${ktype} || fatal "couldn't sign cert_host_key_${ktype}" @@ -100,7 +121,7 @@ attempt_connect() { # Basic connect and revocation tests. for privsep in yes no ; do - for ktype in $PLAIN_TYPES ; do + for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} cert connect privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -131,18 +152,14 @@ for privsep in yes no ; do done # Revoked certificates with key present -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub - for ktype in $PLAIN_TYPES ; do - test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey" - printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n" - done -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig +for ktype in $PLAIN_TYPES ; do + test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey" + kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig +done cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert for privsep in yes no ; do - for ktype in $PLAIN_TYPES ; do + for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} revoked cert privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -162,16 +179,10 @@ for privsep in yes no ; do done # Revoked CA -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub - printf '@revoked ' - printf "* " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig +kh_revoke host_ca_key.pub host_ca_key2.pub >> $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} revoked cert" ( cat $OBJ/sshd_proxy_bak @@ -188,11 +199,7 @@ for ktype in $PLAIN_TYPES ; do done # Create a CA key and add it to known hosts -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert test_one() { @@ -201,16 +208,19 @@ test_one() { sign_opts=$3 for kt in rsa ed25519 ; do - ${SSHKEYGEN} -q -s $OBJ/host_ca_key \ - -I "regress host key for $USER" \ + case $ktype in + rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; + *) tflag=""; ca="$OBJ/host_ca_key" ;; + esac + ${SSHKEYGEN} -q -s $ca $tflag -I "regress host key for $USER" \ $sign_opts $OBJ/cert_host_key_${kt} || - fail "couldn't sign cert_host_key_${kt}" + fatal "couldn't sign cert_host_key_${kt}" ( cat $OBJ/sshd_proxy_bak echo HostKey $OBJ/cert_host_key_${kt} echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub ) > $OBJ/sshd_proxy - + cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ @@ -237,17 +247,20 @@ test_one "cert valid interval" success "-h -V-1w:+2w" test_one "cert has constraints" failure "-h -Oforce-command=false" # Check downgrade of cert to raw key when no CA found -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* verbose "$tid: host ${ktype} ${v} cert downgrade to raw key" # Generate and sign a host key - ${SSHKEYGEN} -q -N '' -t ${ktype} \ - -f $OBJ/cert_host_key_${ktype} || \ + ${SSHKEYGEN} -q -N '' -t ${ktype} -f $OBJ/cert_host_key_${ktype} || \ fail "ssh-keygen of cert_host_key_${ktype} failed" - ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \ + case $ktype in + rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; + *) tflag=""; ca="$OBJ/host_ca_key" ;; + esac + ${SSHKEYGEN} -h -q $tflag -s $ca $tflag \ -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${ktype} || - fail "couldn't sign cert_host_key_${ktype}" + fatal "couldn't sign cert_host_key_${ktype}" ( printf "$HOSTS " cat $OBJ/cert_host_key_${ktype}.pub @@ -257,7 +270,7 @@ for ktype in $PLAIN_TYPES ; do echo HostKey $OBJ/cert_host_key_${ktype} echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub ) > $OBJ/sshd_proxy - + ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ -F $OBJ/ssh_proxy somehost true @@ -267,23 +280,22 @@ for ktype in $PLAIN_TYPES ; do done # Wrong certificate -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert -for kt in $PLAIN_TYPES ; do +for kt in $PLAIN_TYPES ; do + verbose "$tid: host ${kt} connect wrong cert" rm -f $OBJ/cert_host_key* # Self-sign key - ${SSHKEYGEN} -q -N '' -t ${kt} \ - -f $OBJ/cert_host_key_${kt} || \ + ${SSHKEYGEN} -q -N '' -t ${kt} -f $OBJ/cert_host_key_${kt} || \ fail "ssh-keygen of cert_host_key_${kt} failed" - ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/cert_host_key_${kt} \ + case $kt in + rsa-sha2-*) tflag="-t $kt" ;; + *) tflag="" ;; + esac + ${SSHKEYGEN} $tflag -h -q -s $OBJ/cert_host_key_${kt} \ -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${kt} || - fail "couldn't sign cert_host_key_${kt}" - verbose "$tid: host ${kt} connect wrong cert" + fatal "couldn't sign cert_host_key_${kt}" ( cat $OBJ/sshd_proxy_bak echo HostKey $OBJ/cert_host_key_${kt} diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index c38c00a02..096d9e47a 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.14 2015/07/10 06:23:25 markus Exp $ +# $OpenBSD: cert-userkey.sh,v 1.15 2016/05/02 09:52:00 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -9,9 +9,16 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` +if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then + PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" +fi + kname() { - n=`echo "$1" | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/'` - echo "$n*,ssh-rsa*,ssh-ed25519*" + case $ktype in + rsa-sha2-*) ;; + *) printf $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/' ;; + esac + echo "*,ssh-rsa*,ssh-ed25519*" } # Create a CA key @@ -19,18 +26,24 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\ fail "ssh-keygen of user_ca_key failed" # Generate and sign user keys -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES $EXTRA_TYPES ; do verbose "$tid: sign user ${ktype} cert" ${SSHKEYGEN} -q -N '' -t ${ktype} \ -f $OBJ/cert_user_key_${ktype} || \ - fail "ssh-keygen of cert_user_key_${ktype} failed" - ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ - -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || - fail "couldn't sign cert_user_key_${ktype}" + fatal "ssh-keygen of cert_user_key_${ktype} failed" + # Generate RSA/SHA2 certs for rsa-sha2* keys. + case $ktype in + rsa-sha2-*) tflag="-t $ktype" ;; + *) tflag="" ;; + esac + ${SSHKEYGEN} -q -s $OBJ/user_ca_key -z $$ \ + -I "regress user key for $USER" \ + -n ${USER},mekmitasdigoat $tflag $OBJ/cert_user_key_${ktype} || \ + fatal "couldn't sign cert_user_key_${ktype}" done # Test explicitly-specified principals -for ktype in $PLAIN_TYPES ; do +for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do t=$(kname $ktype) for privsep in yes no ; do _prefix="${ktype} privsep $privsep" @@ -67,7 +80,7 @@ for ktype in $PLAIN_TYPES ; do if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi - + # Wrong authorized_principals verbose "$tid: ${_prefix} wrong authorized_principals" echo gregorsamsa > $OBJ/authorized_principals_$USER @@ -166,8 +179,8 @@ basic_tests() { echo > $OBJ/authorized_keys_$USER extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" fi - - for ktype in $PLAIN_TYPES ; do + + for ktype in $PLAIN_TYPES ; do t=$(kname $ktype) for privsep in yes no ; do _prefix="${ktype} privsep $privsep $auth" @@ -183,7 +196,7 @@ basic_tests() { cat $OBJ/ssh_proxy_bak echo "PubkeyAcceptedKeyTypes ${t}" ) > $OBJ/ssh_proxy - + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ -F $OBJ/ssh_proxy somehost true if [ $? -ne 0 ]; then @@ -223,7 +236,7 @@ basic_tests() { fail "ssh cert connect failed" fi done - + # Revoked CA verbose "$tid: ${ktype} $auth revoked CA key" ( @@ -238,7 +251,7 @@ basic_tests() { fail "ssh cert connect succeeded unexpecedly" fi done - + verbose "$tid: $auth CA does not authenticate" ( cat $OBJ/sshd_proxy_bak @@ -286,7 +299,7 @@ test_one() { echo $auth_opt >> $OBJ/sshd_proxy fi fi - + verbose "$tid: $ident auth $auth expect $result $ktype" ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ -I "regress user key for $USER" \ @@ -342,13 +355,13 @@ test_one "principals key option no principals" failure "" \ # Wrong certificate cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do t=$(kname $ktype) # Self-sign ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \ "regress user key for $USER" \ -n $USER $OBJ/cert_user_key_${ktype} || - fail "couldn't sign cert_user_key_${ktype}" + fatal "couldn't sign cert_user_key_${ktype}" verbose "$tid: user ${ktype} connect wrong cert" ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ somehost true >/dev/null 2>&1 diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 1f160d1a7..1476dc2e3 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.10 2016/05/02 09:52:00 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -455,7 +455,7 @@ sshkey_tests(void) put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL); put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL); ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0); - ASSERT_INT_EQ(sshkey_certify(k1, k2), 0); + ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL), 0); b = sshbuf_new(); ASSERT_PTR_NE(b, NULL); ASSERT_INT_EQ(sshkey_putb(k1, b), 0); -- cgit v1.2.3 From cca3b4395807bfb7aaeb83d2838f5c062ce30566 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 3 May 2016 12:15:49 +0000 Subject: upstream commit Use a subshell for constructing key types to work around different sed behaviours for -portable. Upstream-Regress-ID: 0f6eb673162df229eda9a134a0f10da16151552d --- regress/cert-userkey.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'regress') diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 096d9e47a..319746395 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.15 2016/05/02 09:52:00 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -16,9 +16,10 @@ fi kname() { case $ktype in rsa-sha2-*) ;; - *) printf $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/' ;; + # subshell because some seds will add a newline + *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; esac - echo "*,ssh-rsa*,ssh-ed25519*" + echo "$n*,ssh-rsa*,ssh-ed25519*" } # Create a CA key -- cgit v1.2.3 From 01cabf10adc7676cba5f40536a34d3b246edb73f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 May 2016 13:48:33 +0000 Subject: upstream commit unit tests for sshbuf_dup_string() Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d --- regress/unittests/sshbuf/test_sshbuf_misc.c | 31 ++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/unittests/sshbuf/test_sshbuf_misc.c b/regress/unittests/sshbuf/test_sshbuf_misc.c index f155491a0..762a6c31c 100644 --- a/regress/unittests/sshbuf/test_sshbuf_misc.c +++ b/regress/unittests/sshbuf/test_sshbuf_misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshbuf_misc.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */ +/* $OpenBSD: test_sshbuf_misc.c,v 1.2 2016/05/03 13:48:33 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -134,5 +134,34 @@ sshbuf_misc_tests(void) ASSERT_U32_EQ(PEEK_U32(sshbuf_ptr(p1)), 0xd00fd00f); sshbuf_free(p1); TEST_DONE(); + + TEST_START("sshbuf_dup_string"); + p1 = sshbuf_new(); + ASSERT_PTR_NE(p1, NULL); + /* Check empty buffer */ + p = sshbuf_dup_string(p1); + ASSERT_PTR_NE(p, NULL); + ASSERT_SIZE_T_EQ(strlen(p), 0); + free(p); + /* Check buffer with string */ + ASSERT_INT_EQ(sshbuf_put(p1, "quad1", strlen("quad1")), 0); + p = sshbuf_dup_string(p1); + ASSERT_PTR_NE(p, NULL); + ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1")); + ASSERT_STRING_EQ(p, "quad1"); + free(p); + /* Check buffer with terminating nul */ + ASSERT_INT_EQ(sshbuf_put(p1, "\0", 1), 0); + p = sshbuf_dup_string(p1); + ASSERT_PTR_NE(p, NULL); + ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1")); + ASSERT_STRING_EQ(p, "quad1"); + free(p); + /* Check buffer with data after nul (expect failure) */ + ASSERT_INT_EQ(sshbuf_put(p1, "quad2", strlen("quad2")), 0); + p = sshbuf_dup_string(p1); + ASSERT_PTR_EQ(p, NULL); + sshbuf_free(p1); + TEST_DONE(); } -- cgit v1.2.3 From 07d5608bb237e9b3fe86a2aeaa429392230faebf Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 May 2016 14:41:04 +0000 Subject: upstream commit support doas Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38 --- regress/agent-getpeereid.sh | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'regress') diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index d5ae2d6e2..24b71f458 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -13,10 +13,16 @@ else echo "skipped (not supported on this platform)" exit 0 fi -if [ -z "$SUDO" ]; then - echo "skipped: need SUDO to switch to uid $UNPRIV" - exit 0 -fi +case "x$SUDO" in + xsudo) sudo=1;; + xdoas) ;; + x) + echo "need SUDO to switch to uid $UNPRIV" + exit 0 ;; + *) + echo "unsupported $SUDO - "doas" and "sudo" are allowed" + exit 0 ;; +esac trace "start agent" eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null @@ -31,8 +37,13 @@ else if [ $r -ne 1 ]; then fail "ssh-add failed with $r != 1" fi - - < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null + if test -z "$sudo" ; then + # doas + ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null + else + # sudo + < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null + fi r=$? if [ $r -lt 2 ]; then fail "ssh-add did not fail for ${UNPRIV}: $r < 2" -- cgit v1.2.3 From d4219028bdef448e089376f3afe81ef6079da264 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 3 May 2016 15:30:46 +0000 Subject: upstream commit Set umask to prevent "Bad owner or permissions" errors. Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417 --- regress/cfginclude.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh index 3232fa9f0..2fc39ce45 100644 --- a/regress/cfginclude.sh +++ b/regress/cfginclude.sh @@ -1,8 +1,11 @@ -# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $ +# $OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $ # Placed in the Public Domain. tid="config include" +# to appease StrictModes +umask 022 + cat > $OBJ/ssh_config.i << _EOF Match host a Hostname aa @@ -139,7 +142,7 @@ trial a aa # cleanup rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out -# $OpenBSD: cfginclude.sh,v 1.1 2016/04/15 00:31:10 djm Exp $ +# $OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $ # Placed in the Public Domain. tid="config include" -- cgit v1.2.3 From 016881eb33a7948028848c90f4c7ac42e3af0e87 Mon Sep 17 00:00:00 2001 From: "schwarze@openbsd.org" Date: Thu, 26 May 2016 19:14:25 +0000 Subject: upstream commit test the new utf8 module Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3 --- regress/unittests/Makefile | 4 +-- regress/unittests/utf8/Makefile | 12 ++++++++ regress/unittests/utf8/tests.c | 63 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 regress/unittests/utf8/Makefile create mode 100644 regress/unittests/utf8/tests.c (limited to 'regress') diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile index d3d90823f..0a95d4b20 100644 --- a/regress/unittests/Makefile +++ b/regress/unittests/Makefile @@ -1,5 +1,5 @@ -# $OpenBSD: Makefile,v 1.5 2015/02/16 22:21:03 djm Exp $ +# $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $ REGRESS_FAIL_EARLY= yes -SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys +SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 .include diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile new file mode 100644 index 000000000..b55847c77 --- /dev/null +++ b/regress/unittests/utf8/Makefile @@ -0,0 +1,12 @@ +# $OpenBSD: Makefile,v 1.1 2016/05/26 19:14:25 schwarze Exp $ + +TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" + +PROG=test_utf8 +SRCS=tests.c +REGRESS_TARGETS=run-regress-${PROG} + +run-regress-${PROG}: ${PROG} + env ${TEST_ENV} ./${PROG} + +.include diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c new file mode 100644 index 000000000..d18cadc5d --- /dev/null +++ b/regress/unittests/utf8/tests.c @@ -0,0 +1,63 @@ +/* $OpenBSD: tests.c,v 1.1 2016/05/26 19:14:25 schwarze Exp $ */ +/* + * Regress test for the utf8.h *mprintf() API + * + * Written by Ingo Schwarze in 2016 + * and placed in the public domain. + */ + +#include +#include + +#include "test_helper.h" + +#include "utf8.h" + +void one(const char *, const char *, int, int, int, const char *); + +void +one(const char *name, const char *mbs, int width, + int wantwidth, int wantlen, const char *wants) +{ + char buf[16]; + int *wp; + int len; + + if (wantlen == -2) + wantlen = strlen(wants); + (void)strlcpy(buf, "utf8_", sizeof(buf)); + (void)strlcat(buf, name, sizeof(buf)); + TEST_START(buf); + wp = wantwidth == -2 ? NULL : &width; + len = snmprintf(buf, sizeof(buf), wp, "%s", mbs); + ASSERT_INT_EQ(len, wantlen); + ASSERT_STRING_EQ(buf, wants); + ASSERT_INT_EQ(width, wantwidth); + TEST_DONE(); +} + +void +tests(void) +{ + char *loc; + + TEST_START("utf8_setlocale"); + loc = setlocale(LC_CTYPE, "en_US.UTF-8"); + ASSERT_PTR_NE(loc, NULL); + TEST_DONE(); + + one("ascii", "x", -2, -2, -2, "x"); + one("newline", "a\nb", -2, -2, -2, "a\nb"); + one("cr", "a\rb", -2, -2, -2, "a\rb"); + one("tab", "a\tb", -2, -2, -2, "a\tb"); + one("esc", "\033x", -2, -2, -2, "\\033x"); + one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); + one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); + one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); + one("width_ascii", "123", 2, 2, -1, "12"); + one("width_double", "a\343\201\201", 2, 1, -1, "a"); + one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); + one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); +} -- cgit v1.2.3 From 75f0844b4f29d62ec3a5e166d2ee94b02df819fc Mon Sep 17 00:00:00 2001 From: "schwarze@openbsd.org" Date: Mon, 30 May 2016 12:05:56 +0000 Subject: upstream commit Fix two rare edge cases: 1. If vasprintf() returns < 0, do not access a NULL pointer in snmprintf(), and do not free() the pointer returned from vasprintf() because on some systems other than OpenBSD, it might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and "" rather than -1 and NULL. Besides, free(dst) is pointless after failure (not a bug). One half OK martijn@, the other half OK deraadt@; committing quickly before people get hurt. Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4 --- regress/unittests/utf8/tests.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'regress') diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c index d18cadc5d..fad2ec279 100644 --- a/regress/unittests/utf8/tests.c +++ b/regress/unittests/utf8/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.1 2016/05/26 19:14:25 schwarze Exp $ */ +/* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */ /* * Regress test for the utf8.h *mprintf() API * @@ -13,8 +13,24 @@ #include "utf8.h" +void badarg(void); void one(const char *, const char *, int, int, int, const char *); +void +badarg(void) +{ + char buf[16]; + int len, width; + + width = 1; + TEST_START("utf8_badarg"); + len = snmprintf(buf, sizeof(buf), &width, "\377"); + ASSERT_INT_EQ(len, -1); + ASSERT_STRING_EQ(buf, ""); + ASSERT_INT_EQ(width, 0); + TEST_DONE(); +} + void one(const char *name, const char *mbs, int width, int wantwidth, int wantlen, const char *wants) @@ -46,6 +62,9 @@ tests(void) ASSERT_PTR_NE(loc, NULL); TEST_DONE(); + badarg(); + one("null", NULL, 8, 6, 6, "(null)"); + one("empty", "", 2, 0, 0, ""); one("ascii", "x", -2, -2, -2, "x"); one("newline", "a\nb", -2, -2, -2, "a\nb"); one("cr", "a\rb", -2, -2, -2, "a\rb"); -- cgit v1.2.3 From a5577c1ed3ecdfe4b7b1107c526cae886fc91afb Mon Sep 17 00:00:00 2001 From: "schwarze@openbsd.org" Date: Mon, 30 May 2016 12:14:08 +0000 Subject: upstream commit stricter malloc.conf(5) options for utf8 tests Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6 --- regress/unittests/utf8/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile index b55847c77..150ea2f2e 100644 --- a/regress/unittests/utf8/Makefile +++ b/regress/unittests/utf8/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.1 2016/05/26 19:14:25 schwarze Exp $ +# $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $ -TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" +TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX" PROG=test_utf8 SRCS=tests.c -- cgit v1.2.3 From ab0a536066dfa32def0bd7272c096ebb5eb25b11 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 3 Jun 2016 03:47:59 +0000 Subject: upstream commit Add 'sshd' to the test ID as I'm about to add a similar set for ssh. Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a --- regress/cfgparse.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh index 736f38976..ccf511f6b 100644 --- a/regress/cfgparse.sh +++ b/regress/cfgparse.sh @@ -1,7 +1,7 @@ -# $OpenBSD: cfgparse.sh,v 1.5 2015/05/29 03:05:13 djm Exp $ +# $OpenBSD: cfgparse.sh,v 1.6 2016/06/03 03:47:59 dtucker Exp $ # Placed in the Public Domain. -tid="config parse" +tid="sshd config parse" # This is a reasonable proxy for IPv6 support. if ! config_defined HAVE_STRUCT_IN6_ADDR ; then -- cgit v1.2.3 From e6508898c3cd838324ecfe1abd0eb8cf802e7106 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 3 Jun 2016 04:10:41 +0000 Subject: upstream commit Add a test for ssh(1)'s config file parsing. Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601 --- regress/Makefile | 3 ++- regress/sshcfgparse.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 regress/sshcfgparse.sh (limited to 'regress') diff --git a/regress/Makefile b/regress/Makefile index 03661e1ff..08fd82dbf 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.87 2016/04/15 02:55:53 djm Exp $ +# $OpenBSD: Makefile,v 1.88 2016/06/03 04:10:41 dtucker Exp $ REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) @@ -54,6 +54,7 @@ LTESTS= connect \ multiplex \ reexec \ brokenkeys \ + sshcfgparse \ cfgparse \ cfgmatch \ addrmatch \ diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh new file mode 100644 index 000000000..f8645d6f1 --- /dev/null +++ b/regress/sshcfgparse.sh @@ -0,0 +1,29 @@ +# $OpenBSD: sshcfgparse.sh,v 1.1 2016/06/03 04:10:41 dtucker Exp $ +# Placed in the Public Domain. + +tid="ssh config parse" + +verbose "reparse minimal config" +(${SSH} -G -F $OBJ/ssh_config somehost >$OBJ/ssh_config.1 && + ${SSH} -G -F $OBJ/ssh_config.1 somehost >$OBJ/ssh_config.2 && + diff $OBJ/ssh_config.1 $OBJ/ssh_config.2) || fail "reparse minimal config" + +verbose "ssh -W opts" +f=`${SSH} -GF $OBJ/ssh_config host | awk '/exitonforwardfailure/{print $2}'` +test "$f" == "no" || fail "exitonforwardfailure default" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/exitonforwardfailure/{print $2}'` +test "$f" == "yes" || fail "exitonforwardfailure enable" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o exitonforwardfailure=no h | \ + awk '/exitonforwardfailure/{print $2}'` +test "$f" == "no" || fail "exitonforwardfailure override" + +f=`${SSH} -GF $OBJ/ssh_config host | awk '/clearallforwardings/{print $2}'` +test "$f" == "no" || fail "clearallforwardings default" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/clearallforwardings/{print $2}'` +test "$f" == "yes" || fail "clearallforwardings enable" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o clearallforwardings=no h | \ + awk '/clearallforwardings/{print $2}'` +test "$f" == "no" || fail "clearallforwardings override" + +# cleanup +rm -f $OBJ/ssh_config.[012] -- cgit v1.2.3 From 9f919d1a3219d476d6a662d18df058e1c4f36a6f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 14 Jun 2016 13:51:01 +1000 Subject: Remove now-defunct .cvsignore files. ok djm --- .cvsignore | 28 ---------------------------- openbsd-compat/.cvsignore | 1 - openbsd-compat/regress/.cvsignore | 6 ------ regress/.cvsignore | 31 ------------------------------- scard/.cvsignore | 2 -- 5 files changed, 68 deletions(-) delete mode 100644 .cvsignore delete mode 100644 openbsd-compat/.cvsignore delete mode 100644 openbsd-compat/regress/.cvsignore delete mode 100644 regress/.cvsignore delete mode 100644 scard/.cvsignore (limited to 'regress') diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index 9baaa3b4e..000000000 --- a/.cvsignore +++ /dev/null @@ -1,28 +0,0 @@ -*.0 -*.out -Makefile -autom4te.cache -buildit.sh -buildpkg.sh -config.cache -config.h -config.h.in -config.log -config.status -configure -openssh.xml -opensshd.init -scp -sftp -sftp-server -ssh -ssh-add -ssh-agent -ssh-keygen -ssh-keyscan -ssh-keysign -ssh-pkcs11-helper -sshd -stamp-h.in -survey -survey.sh diff --git a/openbsd-compat/.cvsignore b/openbsd-compat/.cvsignore deleted file mode 100644 index f3c7a7c5d..000000000 --- a/openbsd-compat/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/openbsd-compat/regress/.cvsignore b/openbsd-compat/regress/.cvsignore deleted file mode 100644 index 33074f4a3..000000000 --- a/openbsd-compat/regress/.cvsignore +++ /dev/null @@ -1,6 +0,0 @@ -Makefile -snprintftest -strduptest -strtonumtest -closefromtest -opensslvertest diff --git a/regress/.cvsignore b/regress/.cvsignore deleted file mode 100644 index 3fd25b02e..000000000 --- a/regress/.cvsignore +++ /dev/null @@ -1,31 +0,0 @@ -*-agent -*.copy -*.log -*.prv -*.pub -actual -authorized_keys_* -batch -copy.dd* -data -expect -host.rsa* -key.* -known_hosts -krl-* -modpipe -remote_pid -revoked-* -revoked-ca -revoked-keyid -revoked-serials -rsa -rsa1 -sftp-server.sh -ssh-log-wrapper.sh -ssh_config -ssh_proxy* -sshd_config -sshd_proxy* -t*.out -t*.out[0-9] diff --git a/scard/.cvsignore b/scard/.cvsignore deleted file mode 100644 index 5349d34ae..000000000 --- a/scard/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile -Ssh.bin -- cgit v1.2.3 From 18813a32b6fd964037e0f5e1893cb4468ac6a758 Mon Sep 17 00:00:00 2001 From: "guenther@openbsd.org" Date: Mon, 4 Jul 2016 18:01:44 +0000 Subject: upstream commit DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS contains -g by default anyway problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) ok millert@ kettenis@ deraadt@ Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542 --- regress/unittests/test_helper/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'regress') diff --git a/regress/unittests/test_helper/Makefile b/regress/unittests/test_helper/Makefile index 5b3894cbf..78026e653 100644 --- a/regress/unittests/test_helper/Makefile +++ b/regress/unittests/test_helper/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.2 2015/01/20 22:58:57 djm Exp $ +# $OpenBSD: Makefile,v 1.3 2016/07/04 18:01:44 guenther Exp $ LIB= test_helper SRCS= test_helper.c fuzz.c -DEBUGLIBS= no NOPROFILE= yes NOPIC= yes -- cgit v1.2.3 From 6310ef27a2567cda66d6cf0c1ad290ee1167f243 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 13 Jul 2016 14:42:35 +1000 Subject: Move err.h replacements into compat lib. Move implementations of err.h replacement functions into their own file in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@ --- configure.ac | 4 +++ openbsd-compat/Makefile.in | 2 +- openbsd-compat/bsd-err.c | 71 ++++++++++++++++++++++++++++++++++++++++++ openbsd-compat/bsd-misc.h | 11 +++++++ regress/misc/kexfuzz/kexfuzz.c | 4 ++- regress/netcat.c | 40 ------------------------ 6 files changed, 90 insertions(+), 42 deletions(-) create mode 100644 openbsd-compat/bsd-err.c (limited to 'regress') diff --git a/configure.ac b/configure.ac index 2bb5a63c8..005a9ead5 100644 --- a/configure.ac +++ b/configure.ac @@ -373,6 +373,7 @@ AC_CHECK_HEADERS([ \ dirent.h \ endian.h \ elf.h \ + err.h \ features.h \ fcntl.h \ floatingpoint.h \ @@ -1692,6 +1693,8 @@ AC_CHECK_FUNCS([ \ closefrom \ dirfd \ endgrent \ + err \ + errx \ explicit_bzero \ fchmod \ fchown \ @@ -1783,6 +1786,7 @@ AC_CHECK_FUNCS([ \ vasprintf \ vsnprintf \ waitpid \ + warn \ ]) AC_LINK_IFELSE( diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3c5e3b7f7..aca9eba75 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o diff --git a/openbsd-compat/bsd-err.c b/openbsd-compat/bsd-err.c new file mode 100644 index 000000000..ab10646f0 --- /dev/null +++ b/openbsd-compat/bsd-err.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2015 Tim Rice + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "includes.h" + +#ifndef HAVE_ERR +void +err(int r, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + fprintf(stderr, "%s: ", strerror(errno)); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(r); +} +#endif + +#ifndef HAVE_ERRX +void +errx(int r, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(r); +} +#endif + +#ifndef HAVE_WARN +void +warn(const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + fprintf(stderr, "%s: ", strerror(errno)); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); +} +#endif diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 0d81d1735..27abb2e92 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -126,4 +126,15 @@ pid_t getpgid(pid_t); int pledge(const char *promises, const char *paths[]); #endif +/* bsd-err.h */ +#ifndef HAVE_ERR +void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); +#endif +#ifndef HAVE_ERRX +void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); +#endif +#ifndef HAVE_WARN +void warn(const char *, ...) __attribute__((format(printf, 1, 2))); +#endif + #endif /* _BSD_MISC_H */ diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index e6751d31c..2894d3a1e 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -17,7 +17,9 @@ #include #include #include -#include +#ifdef HAVE_ERR_H +# include +#endif #include "ssherr.h" #include "ssh_api.h" diff --git a/regress/netcat.c b/regress/netcat.c index 6234ba019..7c29e0cf9 100644 --- a/regress/netcat.c +++ b/regress/netcat.c @@ -134,46 +134,6 @@ void usage(int); ssize_t drainbuf(int, unsigned char *, size_t *); ssize_t fillbuf(int, unsigned char *, size_t *); -static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); -static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); -static void warn(const char *, ...) __attribute__((format(printf, 1, 2))); - -static void -err(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - -static void -errx(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - -static void -warn(const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); -} int main(int argc, char *argv[]) -- cgit v1.2.3 From 8aaec7050614494014c47510b7e94daf6e644c62 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 14 Jul 2016 09:48:48 +1000 Subject: fix missing include for systems with err.h --- regress/netcat.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'regress') diff --git a/regress/netcat.c b/regress/netcat.c index 7c29e0cf9..98a08b1ec 100644 --- a/regress/netcat.c +++ b/regress/netcat.c @@ -61,6 +61,9 @@ # include # endif #endif +#ifdef HAVE_ERR_H +# include +#endif /* Telnet options from arpa/telnet.h */ #define IAC 255 -- cgit v1.2.3 From ee67716f61f1042d5e67f91c23707cca5dcdd7d0 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 14 Jul 2016 01:24:21 +0000 Subject: upstream commit Correct equal in test. Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a --- regress/sshcfgparse.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'regress') diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh index f8645d6f1..010e02865 100644 --- a/regress/sshcfgparse.sh +++ b/regress/sshcfgparse.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshcfgparse.sh,v 1.1 2016/06/03 04:10:41 dtucker Exp $ +# $OpenBSD: sshcfgparse.sh,v 1.2 2016/07/14 01:24:21 dtucker Exp $ # Placed in the Public Domain. tid="ssh config parse" @@ -10,20 +10,20 @@ verbose "reparse minimal config" verbose "ssh -W opts" f=`${SSH} -GF $OBJ/ssh_config host | awk '/exitonforwardfailure/{print $2}'` -test "$f" == "no" || fail "exitonforwardfailure default" +test "$f" = "no" || fail "exitonforwardfailure default" f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/exitonforwardfailure/{print $2}'` -test "$f" == "yes" || fail "exitonforwardfailure enable" +test "$f" = "yes" || fail "exitonforwardfailure enable" f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o exitonforwardfailure=no h | \ awk '/exitonforwardfailure/{print $2}'` -test "$f" == "no" || fail "exitonforwardfailure override" +test "$f" = "no" || fail "exitonforwardfailure override" f=`${SSH} -GF $OBJ/ssh_config host | awk '/clearallforwardings/{print $2}'` -test "$f" == "no" || fail "clearallforwardings default" +test "$f" = "no" || fail "clearallforwardings default" f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/clearallforwardings/{print $2}'` -test "$f" == "yes" || fail "clearallforwardings enable" +test "$f" = "yes" || fail "clearallforwardings enable" f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o clearallforwardings=no h | \ awk '/clearallforwardings/{print $2}'` -test "$f" == "no" || fail "clearallforwardings override" +test "$f" = "no" || fail "clearallforwardings override" # cleanup rm -f $OBJ/ssh_config.[012] -- cgit v1.2.3 From 0a454147568746c503f669e1ba861f76a2e7a585 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Jul 2016 16:26:26 +1000 Subject: Remove local implementation of err, errx. We now have a shared implementation in libopenbsd-compat. --- regress/modpipe.c | 28 ---------------------------- 1 file changed, 28 deletions(-) (limited to 'regress') diff --git a/regress/modpipe.c b/regress/modpipe.c index e854f9e07..c43e9cba1 100755 --- a/regress/modpipe.c +++ b/regress/modpipe.c @@ -27,34 +27,6 @@ #include #include "openbsd-compat/getopt_long.c" -static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); -static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); - -static void -err(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - -static void -errx(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - static void usage(void) { -- cgit v1.2.3 From eac1bbd06872c273f16ac0f9976b0aef026b701b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 18 Jul 2016 17:12:22 +1000 Subject: Conditionally include err.h. --- regress/modpipe.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'regress') diff --git a/regress/modpipe.c b/regress/modpipe.c index c43e9cba1..5f4824b51 100755 --- a/regress/modpipe.c +++ b/regress/modpipe.c @@ -25,6 +25,9 @@ #include #include #include +#ifdef HAVE_ERR_H +# include +#endif #include "openbsd-compat/getopt_long.c" static void -- cgit v1.2.3