Damien Miller
1ca3e2155a
fix kex test
2015-01-20 10:11:31 +11:00
markus@openbsd.org
c78a578107
upstream commit
...
finally enable the KEX tests I wrote some years ago...
2015-01-20 09:50:34 +11:00
markus@openbsd.org
31821d7217
upstream commit
...
adapt to new error message (SSH_ERR_MAC_INVALID)
2015-01-20 09:46:48 +11:00
djm@openbsd.org
d3716ca19e
upstream commit
...
this test was broken in at least two ways, such that it
wasn't checking that a KRL was not excluding valid keys
2015-01-20 09:45:56 +11:00
djm@openbsd.org
d85e062459
upstream commit
...
be a bit more careful in these tests to ensure that
known_hosts is clean
2015-01-20 00:26:13 +11:00
djm@openbsd.org
7947810eab
upstream commit
...
regression test for known_host file editing using
ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
markus@
2015-01-20 00:26:13 +11:00
djm@openbsd.org
3a2b09d147
upstream commit
...
more and better key tests
test signatures and verification
test certificate generation
flesh out nested cert test
removes most of the XXX todo markers
2015-01-20 00:25:12 +11:00
djm@openbsd.org
589e69fd82
upstream commit
...
make the signature fuzzing test much more rigorous:
ensure that the fuzzed input cases do not match the original (using new
fuzz_matches_original() function) and check that the verification fails in
each case
2015-01-20 00:24:40 +11:00
djm@openbsd.org
80603c0daa
upstream commit
...
add a fuzz_matches_original() function to the fuzzer to
detect fuzz cases that are identical to the original data. Hacky
implementation, but very useful when you need the fuzz to be different, e.g.
when verifying signature
2015-01-20 00:24:39 +11:00
djm@openbsd.org
87d5495bd3
upstream commit
...
better dumps from the fuzzer (shown on errors) -
include the original data as well as the fuzzed copy.
2015-01-20 00:24:39 +11:00
djm@openbsd.org
d59ec478c4
upstream commit
...
enable hostkey-agent.sh test
2015-01-20 00:24:17 +11:00
djm@openbsd.org
26b3425170
upstream commit
...
unit test for hostkeys in ssh-agent
2015-01-20 00:23:43 +11:00
markus@openbsd.org
9e06a0fb23
upstream commit
...
add kex unit tests
2015-01-20 00:22:50 +11:00
Damien Miller
45c0fd70bb
make bitmap test compile
2015-01-15 22:08:23 +11:00
djm@openbsd.org
d333f89abf
upstream commit
...
unit tests for KRL bitmap
2015-01-15 21:39:18 +11:00
markus@openbsd.org
7613f828f4
upstream commit
...
re-add comment about full path
2015-01-15 21:39:17 +11:00
markus@openbsd.org
6c43b48b30
upstream commit
...
don't reset to the installed sshd; connect before
reconfigure, too
2015-01-15 21:39:17 +11:00
djm@openbsd.org
771bb47a1d
upstream commit
...
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
2015-01-15 21:39:16 +11:00
djm@openbsd.org
cfaa57962f
upstream commit
...
use $SSH instead of installed ssh to allow override;
spotted by markus@
2015-01-15 21:39:16 +11:00
djm@openbsd.org
0920553d0a
upstream commit
...
regress test for PubkeyAcceptedKeyTypes; ok markus@
2015-01-15 21:39:15 +11:00
markus@openbsd.org
27ca1a5c00
upstream commit
...
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
2015-01-15 21:39:15 +11:00
djm@openbsd.org
55358f0b4e
upstream commit
...
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
2015-01-15 21:39:15 +11:00
djm@openbsd.org
c3554cdd2a
upstream commit
...
let this test all supporte key types; pointed out/ok
markus@
2015-01-15 21:39:14 +11:00
Damien Miller
c332110291
some systems lack SO_REUSEPORT
2015-01-15 02:59:51 +11:00
djm@openbsd.org
c4bfafcc2a
upstream commit
...
adjust for sshkey_load_file() API change
2015-01-09 00:46:04 +11:00
Damien Miller
293cac52dc
include and use OpenBSD netcat in regress/
2014-12-23 08:38:12 +11:00
djm@openbsd.org
4bea0ab329
upstream commit
...
regression test for multiple required pubkey authentication;
ok markus@
2014-12-22 19:13:38 +11:00
djm@openbsd.org
0d1b241a26
upstream commit
...
make this slightly easier to diff against portable
2014-12-22 17:21:51 +11:00
Damien Miller
0715bcdddb
add missing regress output file
2014-12-22 13:47:07 +11:00
djm@openbsd.org
1e30483c8a
upstream commit
...
adjust for new SHA256 key fingerprints and
slightly-different MD5 hex fingerprint format
2014-12-22 13:21:07 +11:00
djm@openbsd.org
6b40567ed7
upstream commit
...
poll changes to netcat (usr.bin/netcat.c r1.125) broke
this test; fix it by ensuring more stdio fds are sent to devnull
2014-12-22 13:18:41 +11:00
djm@openbsd.org
3dfd8d93df
upstream commit
...
add tests for new client RevokedHostKeys option; refactor
to make it a bit more readable
2014-12-05 09:31:08 +11:00
krw@openbsd.org
a31046cad1
upstream commit
...
Nuke yet more obvious #include duplications.
ok deraadt@
2014-12-05 09:31:07 +11:00
djm@openbsd.org
51b64e4412
upstream commit
...
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
2014-11-19 09:20:14 +11:00
Damien Miller
1b215c098b
- (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
...
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
[regress/unittests/sshkey/common.c]
[regress/unittests/sshkey/test_file.c]
[regress/unittests/sshkey/test_fuzz.c]
[regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
on !ECC OpenSSL systems
2014-08-27 04:04:40 +10:00
Damien Miller
4f1ff1ed78
- (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
...
don't set __progname. Diagnosed by Tom Christensen.
2014-08-21 15:54:50 +10:00
Damien Miller
f8988fbef0
- (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate
...
nc from stdin, it's more portable
2014-08-01 13:31:52 +10:00
Damien Miller
5b3879fd4b
- (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin
...
is closed; avoid regress failures when stdin is /dev/null
2014-08-01 12:28:31 +10:00
Damien Miller
a9c46746d2
- (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
...
a better solution, but this will have to do for now.
2014-08-01 12:26:49 +10:00
Damien Miller
56b840f2b8
- (djm) [regress/multiplex.sh] restore incorrectly deleted line;
...
pointed out by Christian Hesse
2014-07-25 08:11:30 +10:00
Darren Tucker
dd417b60d5
- dtucker@cvs.openbsd.org 2014/07/22 23:35:38
...
[regress/unittests/sshkey/testdata/*]
Regenerate test keys with certs signed with ed25519 instead of ecdsa.
These can be used in -portable on platforms that don't support ECDSA.
2014-07-23 10:41:21 +10:00
Darren Tucker
40e5021189
- dtucker@cvs.openbsd.org 2014/07/22 23:57:40
...
[regress/unittests/sshkey/mktestdata.sh]
Add $OpenBSD tag to make syncs easier
2014-07-23 10:35:45 +10:00
Darren Tucker
07e644251e
- dtucker@cvs.openbsd.org 2014/07/22 23:23:22
...
[regress/unittests/sshkey/mktestdata.sh]
Sign test certs with ed25519 instead of ecdsa so that they'll work in
-portable on platforms that don't have ECDSA in their OpenSSL. ok djm
2014-07-23 10:34:26 +10:00
Darren Tucker
cea099a7c4
- djm@cvs.openbsd.org 2014/07/22 01:32:12
...
[regress/multiplex.sh]
change the test for still-open Unix domain sockets to be robust against
nc implementations that produce error messages. from -portable
(Id sync only)
2014-07-23 10:04:02 +10:00
Darren Tucker
c4ee219a66
- (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
...
specific tests inside OPENSSL_HAS_ECC.
2014-07-23 04:27:50 +10:00
Damien Miller
04f4824940
- (djm) [regress/multiplex.sh] change the test for still-open Unix
...
domain sockets to be robust against nc implementations that produce
error messages.
2014-07-22 11:31:47 +10:00
Damien Miller
5ea4fe00d5
- (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;
...
put it back
2014-07-22 09:39:19 +10:00
Damien Miller
c8f610f6cc
- (djm) [regress/multiplex.sh] Not all netcat accept the -N option.
2014-07-21 10:23:27 +10:00
Damien Miller
0e4e95566c
- millert@cvs.openbsd.org 2014/07/15 15:54:15
...
[forwarding.sh multiplex.sh]
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
2014-07-21 09:52:54 +10:00
Darren Tucker
93a87ab27e
- (dtucker) [regress/unittests/sshkey/
...
{common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
ifdefs.
2014-07-21 06:30:25 +10:00