Commit Graph

1027 Commits

Author SHA1 Message Date
djm@openbsd.org ed45a01686 upstream: crank SSH_SK_VERSION_MAJOR to match recent change in
usr/bin/ssh

OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552
2021-11-03 10:10:09 +11:00
djm@openbsd.org 0328a081f3 upstream: sshsig: add tests for signing key validity and
find-principals

- adds generic find-principals tests (this command had none before)
- tests certs with a timeboxed validity both with and without a
 restriced lifetime for the CA
- test for a revoked CA cert

by Fabian Stelzer

OpenBSD-Regress-ID: 9704b2c6df5b8ccfbdf2c06c5431f5f8cad280c9
2021-10-29 14:25:32 +11:00
djm@openbsd.org ccd358e1e2 upstream: avoid signedness warning; spotted in -portable
OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6
2021-10-29 14:25:32 +11:00
Damien Miller a1217d363b unbreak fuzz harness for recent changes 2021-10-29 13:48:59 +11:00
djm@openbsd.org c5de1fffa6 upstream: increment SSH_SK_VERSION_MAJOR to match last change
OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0
2021-10-28 13:57:52 +11:00
Darren Tucker 40bd3709dd Skip SK unit tests when built without security-key 2021-10-07 15:55:49 +11:00
Darren Tucker 7cd062c3a2 Add USE_LIBC_SHA2 for (at least) NetBSD 9. 2021-10-06 17:45:28 +11:00
Darren Tucker 639c440f6c Define OPENSSL_NO_SHA including OpenSSL from test.
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
2021-10-06 17:09:31 +11:00
djm@openbsd.org e3e62deb54 upstream: use libc SHA256 functions; make this work when compiled
!WITH_OPENSSL

OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
2021-10-06 14:40:26 +11:00
dtucker@openbsd.org 12937d8670 upstream: Add test for ssh hashed known_hosts handling.
OpenBSD-Regress-ID: bcef3b3cd5a1ad9899327b4b2183de2541aaf9cf
2021-10-06 14:39:32 +11:00
Damien Miller 5a37cc118f fix broken OPENSSL_HAS_ECC test
spotted by dtucker
2021-10-06 13:16:21 +11:00
Damien Miller 16a25414f3 make sk-dummy.so work without libcrypto installed 2021-10-01 22:40:06 +10:00
dtucker@openbsd.org 76a398edfb upstream: Fix up whitespace left by previous
change removing privsep.  No other changes.

OpenBSD-Regress-ID: 87adec225d8afaee4d6a91b2b71203f52bf14b15
2021-10-01 14:55:12 +10:00
dtucker@openbsd.org ddcb53b7a7 upstream: Remove references to privsep.
This removes several do..while loops but does not change the
indentation of the now-shallower loops, which will be done in a separate
whitespace-only commit to keep changes of style and substance separate.

OpenBSD-Regress-ID: 4bed1a0249df7b4a87c965066ce689e79472a8f7
2021-10-01 14:55:12 +10:00
dtucker@openbsd.org ece2fbe486 upstream: Use "skip" instead of "fatal"
if SUDO isn't set for the *-command tests. This means running "make tests"
without SUDO set will perform all of the tests that it can instead of
failing on the ones it cannot run.

OpenBSD-Regress-ID: bd4dbbb02f34b2e8c890558ad4a696248def763a
2021-10-01 14:55:12 +10:00
Darren Tucker c9172193ea Remove TEST_SSH_ECC.
Convert the only remaining user of it to runtime detection using ssh -Q.
2021-09-29 18:33:38 +10:00
djm@openbsd.org 4fb49899d7 upstream: Test certificate hostkeys held in ssh-agent too. Would have
caught regression fixed in sshd r1.575

ok markus@

OpenBSD-Regress-ID: 1f164d7bd89f83762db823eec4ddf2d2556145ed
2021-09-29 11:35:18 +10:00
Darren Tucker 9b2ee74e3a Move the fgrep replacement to hostkey-rotate.sh.
The fgrep replacement for buggy greps doesn't work in the sftp-glob test
so move it to just where we know it's needed.
2021-09-24 11:08:03 +10:00
Darren Tucker f703954157 Replacement function for buggy fgrep.
GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will
occasionally fail to find ssh host keys in the hostkey-rotate test.
If we have those versions, use awk instead.
2021-09-24 08:06:48 +10:00
dtucker@openbsd.org 7cc3fe2889 upstream: Add test for client termination status on signal.
Based on patch from Alexxz via github PR#235 with some tweaks, to
match patch in bz#3281.

OpenBSD-Regress-ID: d87c7446fb8b5f8b45894fbbd6875df326e729e2
2021-09-03 14:35:07 +10:00
dtucker@openbsd.org cb37e2f0c0 upstream: Fix ssh-rsa fallback for old PuTTY interop tests.
OpenBSD-Regress-ID: a19ac929da604843a5b5f0f48d2c0eb6e0773d37
2021-09-01 13:32:45 +10:00
dtucker@openbsd.org 8b02ef0f28 upstream: Add a function to skip remaining tests.
Many tests skip tests for various reasons but not in a consistent way and
don't always clean up, so add that and switch the tests that do that over.

OpenBSD-Regress-ID: 72d2ec90a3ee8849486956a808811734281af735
2021-09-01 11:40:43 +10:00
dtucker@openbsd.org d486845c07 upstream: Specify path to PuTTY keys.
Portable needs this and it makes no difference on OpenBSD, so resync
them.  (Id sync only, Portable already had this.)

OpenBSD-Regress-ID: 33f6f66744455886d148527af8368811e4264162
2021-09-01 11:40:17 +10:00
dtucker@openbsd.org d22b299115 upstream: Better compat tests with old PuTTY.
When running PuTTY interop tests and using a PuTTY version older than
0.76, re-enable the ssh-rsa host key algorithm (the 256 and 512 variants
of RSA were added some time between 0.73 and 0.76).

OpenBSD-Regress-ID: e6138d6987aa705fa1e4f216db0bb386e1ff38e1
2021-08-31 17:08:38 +10:00
Darren Tucker 87ad70d605 Resync PuTTY interop tests.
Resync behaviour when REGRESS_INTEROP_PUTTY is not set with OpenBSD.
2021-08-31 17:04:50 +10:00
dtucker@openbsd.org e47b82a7bf upstream: Specify hostkeyalgorithms in SSHFP test.
Specify host key algorithms in sshd's default set for the SSHFP test,
from djm@.  Make the reason for when the test is skipped a bit clearer.

OpenBSD-Regress-ID: 4f923dfc761480d5411de17ea6f0b30de3e32cea
2021-08-31 12:02:12 +10:00
djm@openbsd.org 7db3e0a9e8 upstream: adapt to RSA/SHA1 deprectation
OpenBSD-Regress-ID: 952397c39a22722880e4de9d1c50bb1a14f907bb
2021-08-30 11:26:02 +10:00
Darren Tucker b71b2508f1 Put stdint.h inside HAVE_STDINT_H.
From Tom G. Christensen.
2021-08-17 07:59:27 +10:00
djm@openbsd.org 2a2cd00783 upstream: test -Oprint-pubkey
OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0
2021-08-11 18:56:35 +10:00
djm@openbsd.org 931f592f26 upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too
OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0
2021-08-10 13:37:27 +10:00
dtucker@openbsd.org 86b4cb3a88 upstream: Although it's POSIX, not all shells used in Portable support
the implicit 'in "$@"' after 'for i'.

OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc
2021-08-08 18:43:41 +10:00
Darren Tucker f2ccf6c9f3 Move portable specific settings down.
This brings the top hunk of the file back in sync with OpenBSD
so patches to the CVS Id should apply instead of always being
rejected.
2021-08-08 17:39:56 +10:00
dtucker@openbsd.org 71b0eb997e upstream: Move setting of USER further down the startup In portable
we have to change this and having it in the same hunk as the CVS Id string
means applying changes fails every. single. time.

OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b
2021-08-08 17:35:45 +10:00
dtucker@openbsd.org f0aca2706c upstream: Drop -q in ssh-log-wrapper.sh to preserve logs.
scp and sftp like to add -q to the command line passed to ssh which
overrides the LogLevel we set in the config files and suppresses output
to the debug logs so drop any "-q" from the invoked ssh.  In the one
case where we actually want to use -q in the banner test, call the ssh
binary directly bypassing the logging wrapper.

OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75
2021-08-08 17:19:56 +10:00
dtucker@openbsd.org 395d8fbdb0 upstream: Make diff invocation more portable.
POSIX does not require diff to have -N, so compare in both directions
with just -r, which should catch missing files in either directory.

OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7
2021-08-06 19:33:31 +10:00
djm@openbsd.org d247a73ce2 upstream: regression test for scp -3
OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d
2021-08-06 16:57:37 +10:00
djm@openbsd.org af5d8094d8 upstream: regression tests for scp SFTP protocol support; mostly by
Jakub Jelen in GHPR#194 ok markus

OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715
2021-08-03 11:15:06 +10:00
anton@openbsd.org e4673b7f67 upstream: Treat doas with arguments as a valid SUDO variable.
Allows one to specify SUDO="doas -n" which I do while running make regress.

ok dtucker@

OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005
2021-08-03 11:08:46 +10:00
dtucker@openbsd.org b398f499c6 upstream: Skip unit and makefile-based key conversion tests when
we're building with OPENSSL=no.

OpenBSD-Regress-ID: 20455ed9a977c93f846059d1fcb48e29e2c8d732
2021-07-25 22:37:19 +10:00
dtucker@openbsd.org 727ce36c8c upstream: Replace OPENSSL as the variable that points to the
openssl binary with OPENSSL_BIN.  This will allow us to use the OPENSSL
variable from mk.conf or the make(1) command line indicating if we're
building with our without OpenSSL, and ultimately get the regress tests
working in the OPENSSL=no configuration.

OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e
2021-07-25 22:35:24 +10:00
dtucker@openbsd.org 55e17101a9 upstream: Skip RFC4716 format import and export tests when built
without OpenSSL.

OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4
2021-07-24 14:22:45 +10:00
djm@openbsd.org 9d38074b54 upstream: test for first-match-wins in authorized_keys environment=
options

OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8
2021-07-24 12:31:05 +10:00
dtucker@openbsd.org 2b76f1dd19 upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly.
OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108
2021-07-24 12:31:05 +10:00
dtucker@openbsd.org 1653ece683 upstream: Test conversion of ed25519 and ecdsa keys too.
OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb
2021-07-23 15:25:34 +10:00
dtucker@openbsd.org 8b7af02dcf upstream: Add test for exporting pubkey from a passphrase-protected
private key.

OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac
2021-07-23 15:25:34 +10:00
djm@openbsd.org 441095d4a3 upstream: regression test for time-limited signature keys
OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc
2021-07-23 15:25:34 +10:00
dtucker@openbsd.org 44142068dc upstream: Use SUDO when setting up hostkey.
OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7
2021-07-19 19:20:33 +10:00
dtucker@openbsd.org 6b67f3f1d1 upstream: Increase time margin for rekey tests. Should help
reliability on very heavily loaded hosts.

OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533
2021-07-19 17:08:56 +10:00
Darren Tucker 7953e1bfce Add sshfp-connect.sh file missed in previous. 2021-07-19 13:47:51 +10:00
dtucker@openbsd.org 33abbe2f41 upstream: Add test for host key verification via SSHFP records. This
requires some external setup to operate so is disabled by default (see
comments in sshfp-connect.sh).

OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
2021-07-19 13:02:55 +10:00