RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-19 00:24:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,342 Commits 69 Branches 157 Tags 27 MiB
c616e64688
Commit Graph

83 Commits

Author SHA1 Message Date
Darren Tucker
0fa803a1dd
Prefer OpenSSL's SHA256 in sk-dummy.so 
Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be
built without OpenSSL.  In many cases, however, including both libc's
and OpenSSL's headers together caused conflicting definitions.

We tried working around this (on OpenSSL <1.1 you could define
OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with
varying levels of success.  Since OpenSSL >=1.1 removed OPENSSL_NO_SHA
and including most OpenSSL headers would bring sha.h in, even if it
wasn't used directly this was a constant hassle.

Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at
all.  ok djm@
 2023-07-27 10:30:12 +10:00
Damien Miller
f3f56df8ec
agent_fuzz doesn't want stdint.h conditionalised 2023-07-19 12:07:18 +10:00
Damien Miller
750911fd31
conditionalise stdint.h inclusion on HAVE_STDINT_H 
fixes build on AIX5 at least
 2023-07-18 15:41:12 +10:00
dtucker@openbsd.org
b500afcf00
upstream: Remove compat code for OpenSSL 1.0.* 
versions now that -portable has dropped support for those versions.

OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7
 2023-03-28 19:03:10 +11:00
Darren Tucker
727560e601
Prevent conflicts between Solaris SHA2 and OpenSSL. 
We used to prevent conflicts between native SHA2 headers and OpenSSL's
by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0
 2023-03-28 19:03:03 +11:00
Darren Tucker
46db8e14b7
Remove HEADER_SHA_H from previous... 
since it causes more problems than it solves.
 2023-03-28 12:44:03 +11:00
Darren Tucker
72bd68d373
Replace OPENSSL_NO_SHA with HEADER_SHA_H. 
Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we
don't want to include it, but OPENSSL_NO_SHA was removed beginning in
OpenSSL's 1.1 series.
 2023-03-28 10:35:18 +11:00
djm@openbsd.org
8ec2e31238
upstream: adapt to ed25519 changes in src/usr.bin/ssh 
OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5
 2023-01-16 10:57:42 +11:00
Damien Miller
c46f6fed41 crank SSH_SK_VERSION_MAJOR in sk-dummy.so 2022-07-20 13:39:14 +10:00
Damien Miller
dc7bc52372 fix some bugs in the fuzzer 2022-05-30 09:29:20 +10:00
Damien Miller
9b3ad432ad fuzzer for authorized_keys parsing 
mostly redundant to authopt_fuzz, but it's sensitive code so IMO it
makes sense to test this layer too
 2022-05-27 17:00:43 +10:00
Damien Miller
253de42753 portable-specific string array constification 
from Mike Frysinger
 2022-02-02 16:52:07 +11:00
Damien Miller
715c892f0a remove sys/param.h in -portable, after upstream 2021-12-22 09:02:50 +11:00
djm@openbsd.org
ed45a01686 upstream: crank SSH_SK_VERSION_MAJOR to match recent change in 
usr/bin/ssh

OpenBSD-Regress-ID: 113d181c7e3305e138db9b688cdb8b0a0019e552
 2021-11-03 10:10:09 +11:00
djm@openbsd.org
ccd358e1e2 upstream: avoid signedness warning; spotted in -portable 
OpenBSD-Regress-ID: 4cacc126086487c0ea7f3d86b42dec458cf0d0c6
 2021-10-29 14:25:32 +11:00
Damien Miller
a1217d363b unbreak fuzz harness for recent changes 2021-10-29 13:48:59 +11:00
djm@openbsd.org
c5de1fffa6 upstream: increment SSH_SK_VERSION_MAJOR to match last change 
OpenBSD-Regress-ID: 17873814d1cbda97f49c8528d7b5ac9cadf6ddc0
 2021-10-28 13:57:52 +11:00
Darren Tucker
7cd062c3a2 Add USE_LIBC_SHA2 for (at least) NetBSD 9. 2021-10-06 17:45:28 +11:00
Darren Tucker
639c440f6c Define OPENSSL_NO_SHA including OpenSSL from test. 
We don't use SHA256 from OpenSSL in the sk-dummy module and the
definitions can conflict with system sha2.h (eg on NetBSD) so define
OPENSSL_NO_SHA so we don't attempt to redefine them.
 2021-10-06 17:09:31 +11:00
djm@openbsd.org
e3e62deb54 upstream: use libc SHA256 functions; make this work when compiled 
!WITH_OPENSSL

OpenBSD-Regress-ID: fda0764c1097cd42f979ace29b07eb3481259890
 2021-10-06 14:40:26 +11:00
Damien Miller
5a37cc118f fix broken OPENSSL_HAS_ECC test 
spotted by dtucker
 2021-10-06 13:16:21 +11:00
Damien Miller
16a25414f3 make sk-dummy.so work without libcrypto installed 2021-10-01 22:40:06 +10:00
djm@openbsd.org
1fe4d70df9 upstream: remove this KEX fuzzer; it's awkward to use and doesn't play 
nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
but me.

OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
 2021-02-26 15:23:42 +11:00
Damien Miller
a5dfc5bae8 allow a fuzz case to contain more than one request 
loop until input buffer empty, no message consumed or 256 messages
processed
 2021-01-30 16:32:29 +11:00
Damien Miller
0ef24ad602 expect fuzz cases to have length prefix 
might make life a little easier for the fuzzer, e.g. it can now
produce valid (multi-request) messages by smashing two cases together.
 2021-01-30 16:28:23 +11:00
Damien Miller
de613f2713 ssh-agent fuzzer 2021-01-30 13:18:30 +11:00
Damien Miller
7e96c877bc move keys out of kex_fuzz.cc into separate header 
add certificates and missing key types
 2021-01-30 12:02:46 +11:00
Damien Miller
76f46d7566 some fixed test data (mostly keys) for fuzzing 2021-01-30 12:02:10 +11:00
djm@openbsd.org
7c2e3d6de1 upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy 
security key middleware to be directly linked; useful for writing fuzzers,
etc.

OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544
 2021-01-30 11:58:38 +11:00
Damien Miller
1e660115f0 fuzz diffie-hellman-group-exchange-sha1 kex too 2021-01-29 11:09:14 +11:00
Damien Miller
be5f0048ea support for running kex fuzzer with null cipher 2021-01-29 11:03:35 +11:00
Damien Miller
1134a48cdc correct kex name in disabled code 2021-01-28 08:57:31 +11:00
anatasluo
1050109b4b Remove duplicated declaration in fatal.c . 2021-01-12 07:08:26 +11:00
dtucker@openbsd.org
ba328bd7a6 upstream: Adjust kexfuzz to addr.c/addrmatch.c split. 
OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb
 2021-01-11 15:24:31 +11:00
Damien Miller
5c1953bf98 adapt KEX fuzzer to PQ kex change 2020-12-29 12:40:54 +11:00
djm@openbsd.org
659864fe81 upstream: Adapt to replacement of 
sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.

Also test sntrup761x25519-sha512@openssh.com in unittests/kex

OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
 2020-12-29 12:39:40 +11:00
Damien Miller
a5ab499bd2 basic KEX fuzzer; adapted from Markus' unittest 2020-12-04 14:01:27 +11:00
Damien Miller
021ff33e38 use options that work with recent clang 2020-12-04 13:57:43 +11:00
djm@openbsd.org
816036f142 upstream: use the new variant log macros instead of prepending 
__func__ and appending ssh_err(r) manually; ok markus@

OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
 2020-10-18 23:46:29 +11:00
Damien Miller
d55dfed34e missing header 2020-10-17 22:55:24 +11:00
Damien Miller
999d7cb79a sync regress/misc/sk-dummy/fatal.c 2020-10-17 22:47:52 +11:00
Damien Miller
0f938f9986 adapt sk-dummy's fatal implementation to changes 2020-10-17 11:42:26 +11:00
djm@openbsd.org
bbf20ac806 upstream: adapt to SSH_SK_VERSION_MAJOR crank 
OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8
 2020-09-09 13:12:29 +10:00
djm@openbsd.org
9cbbdc12cb upstream: dummy firmware needs to match API version numner crank (for 
verify-required resident keys) even though it doesn't implement this feature

OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657
 2020-08-27 12:16:23 +10:00
djm@openbsd.org
a01817a9f6 upstream: adapt dummy FIDO middleware to API change; ok markus@ 
OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f
 2020-05-01 13:13:36 +10:00
djm@openbsd.org
9f8a42340b upstream: this needs utf8.c too 
OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451
 2020-04-03 15:46:13 +11:00
djm@openbsd.org
f73ab8a811 upstream: unbreak unittests for recent API / source file changes 
OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0
 2020-01-26 14:19:43 +11:00
Damien Miller
47160e1de8 unbreak fuzzer support for recent ssh-sk.h changes 2020-01-22 10:30:13 +11:00
Darren Tucker
1af3354aea Wrap stdint.h in ifdef HAVE_STDINT_H. 2020-01-15 16:22:36 +11:00
djm@openbsd.org
dd2acc8b86 upstream: adapt sk-dummy to SK API changes 
also, make it pull prototypes directly from sk-api.c and #error
if the expected version changes. This will make any future regress
test breakage because of SK API changes much more apparent

OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d
 2020-01-06 13:12:46 +11:00