Add support for more options in ssh_options_get()

Signed-off-by: Adam Kerrison <adam_kerrison@bmc.com> Squashed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2025-12-14 04:18:54 +03:00 · 2023-07-04 12:27:28 +01:00
parent d2a8a464a7
commit 74a8d271ad
3 changed files with 472 additions and 30 deletions
--- a/include/libssh/options.h
+++ b/include/libssh/options.h
@@ -33,6 +33,8 @@ int ssh_options_set_algo(ssh_session session,
                         char **place);
 int ssh_options_apply(ssh_session session);
 char *ssh_options_get_algo(ssh_session session, enum ssh_kex_types_e algo);
 #ifdef __cplusplus
 }
 #endif
--- a/src/options.c
+++ b/src/options.c
@@ -1290,6 +1290,46 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
    return 0;
 }
 /**
 * @brief This function returns the current algorithms used for algorithm
 * negotiation. It is either libssh default, option manually set or option
 * read from configuration file.
 *
 * This function will return NULL on error
 *
 * @param session An allocated SSH session structure.
 * @param algo One of the ssh_kex_types_e values.
 */
 char *ssh_options_get_algo(ssh_session session,
                           enum ssh_kex_types_e algo)
 {
    char *value = NULL;
    /* Check session and algo values are valid */
    if (session == NULL) {
        return NULL;
    }
    if (algo >= SSH_LANG_C_S) {
        ssh_set_error_invalid(session);
        return NULL;
    }
    /* Get the option the user has set, if there is one */
    value = session->opts.wanted_methods[algo];
    if (value == NULL) {
        /* The user has not set a value, return the appropriate default */
        if (ssh_fips_mode())
            value = (char *)ssh_kex_get_fips_methods(algo);
        else
            value = (char *)ssh_kex_get_default_methods(algo);
    }
    return value;
 }
 /**
 * @brief This function can get ssh the ssh port. It must only be used on
 *        a valid ssh session. This function is useful when the session
@@ -1356,7 +1396,44 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
 *                Get the path to the known_hosts file being used.
 *
 *              - SSH_OPTIONS_CONTROL_PATH:
- *                Get the path to the control socket being used for connection multiplexing.
+ *                Get the path to the control socket being used for connection
 *                multiplexing.
 *
 *              - SSH_OPTIONS_KEY_EXCHANGE:
 *                Get the key exchange methods to be used. If the option has
 *                not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_HOSTKEYS:
 *                Get the preferred server host key types. If the option has
 *                not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
 *                Get the preferred public key algorithms to be used for
 *                authentication.
 *
 *              - SSH_OPTIONS_CIPHERS_C_S:
 *                Get the symmetric cipher client to server. If the option has
 *                not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_CIPHERS_S_C:
 *                Get the symmetric cipher server to client. If the option has
 *                not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_HMAC_C_S:
 *                Get the Message Authentication Code algorithm client to server
 *                If the option has not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_HMAC_S_C:
 *                Get the Message Authentication Code algorithm server to client
 *                If the option has not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_COMPRESSION_C_S:
 *                Get the compression to use for client to server communication
 *                If the option has not been set, returns the defaults.
 *
 *              - SSH_OPTIONS_COMPRESSION_S_C:
 *                Get the compression to use for server to client communication
 *                If the option has not been set, returns the defaults.
 *
 * @param  value The value to get into. As a char**, space will be
 *               allocated by the function for the value, it is
@@ -1380,14 +1457,14 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
    switch(type)
    {
-        case SSH_OPTIONS_HOST: {
+        case SSH_OPTIONS_HOST:
            src = session->opts.host;
            break;
-        }
+
-        case SSH_OPTIONS_USER: {
+        case SSH_OPTIONS_USER:
            src = session->opts.username;
            break;
-        }
+
        case SSH_OPTIONS_IDENTITY: {
            struct ssh_iterator *it;
            it = ssh_list_get_iterator(session->opts.identity);
@@ -1400,22 +1477,58 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
            src = ssh_iterator_value(char *, it);
            break;
        }
-        case SSH_OPTIONS_PROXYCOMMAND: {
+
        case SSH_OPTIONS_PROXYCOMMAND:
            src = session->opts.ProxyCommand;
            break;
-        }
+
-        case SSH_OPTIONS_KNOWNHOSTS: {
+        case SSH_OPTIONS_KNOWNHOSTS:
            src = session->opts.knownhosts;
            break;
-        }
+
-        case SSH_OPTIONS_GLOBAL_KNOWNHOSTS: {
+        case SSH_OPTIONS_GLOBAL_KNOWNHOSTS:
            src = session->opts.global_knownhosts;
            break;
-        }
+        case SSH_OPTIONS_CONTROL_PATH:
        case SSH_OPTIONS_CONTROL_PATH: {
            src = session->opts.control_path;
            break;
-        }
+
        case SSH_OPTIONS_CIPHERS_C_S:
            src = ssh_options_get_algo(session, SSH_CRYPT_C_S);
            break;
        case SSH_OPTIONS_CIPHERS_S_C:
            src = ssh_options_get_algo(session, SSH_CRYPT_S_C);
            break;
        case SSH_OPTIONS_KEY_EXCHANGE:
            src = ssh_options_get_algo(session, SSH_KEX);
            break;
        case SSH_OPTIONS_HOSTKEYS:
            src = ssh_options_get_algo(session, SSH_HOSTKEYS);
            break;
        case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
            src = session->opts.pubkey_accepted_types;
            break;
        case SSH_OPTIONS_HMAC_C_S:
            src = ssh_options_get_algo(session, SSH_MAC_C_S);
            break;
        case SSH_OPTIONS_HMAC_S_C:
            src = ssh_options_get_algo(session, SSH_MAC_S_C);
            break;
        case SSH_OPTIONS_COMPRESSION_C_S:
            src = ssh_options_get_algo(session, SSH_COMP_C_S);
            break;
        case SSH_OPTIONS_COMPRESSION_S_C:
            src = ssh_options_get_algo(session, SSH_COMP_S_C);
            break;
        default:
            ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
            return SSH_ERROR;
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -98,7 +98,7 @@ static void torture_options_set_ciphers(void **state) {
    /* Test known ciphers */
    rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S,
                         "aes128-ctr,aes192-ctr,aes256-ctr");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]);
    if (ssh_fips_mode()) {
        assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
@@ -111,7 +111,7 @@ static void torture_options_set_ciphers(void **state) {
    /* Test one unknown cipher */
    rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S,
                         "aes128-ctr,unknown-crap@example.com,aes256-ctr");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]);
    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
                        "aes128-ctr,aes256-ctr");
@@ -122,6 +122,53 @@ static void torture_options_set_ciphers(void **state) {
    assert_false(rc == 0);
 }
 static void torture_options_get_ciphers(void **state)
 {
    ssh_session session = *state;
    int rc;
    char *value = NULL;
    /* Test defaults returned */
    rc = ssh_options_get(session, SSH_OPTIONS_CIPHERS_C_S, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value,
                            "aes256-gcm@openssh.com,"
                            "aes256-ctr,"
                            "aes256-cbc,"
                            "aes128-gcm@openssh.com,"
                            "aes128-ctr,"
                            "aes128-cbc");
    } else {
        assert_string_equal(value,
                            "chacha20-poly1305@openssh.com,"
                            "aes256-gcm@openssh.com,"
                            "aes128-gcm@openssh.com,"
                            "aes256-ctr,"
                            "aes192-ctr,"
                            "aes128-ctr");
    }
    ssh_string_free_char(value);
    /* Test explicit ciphers */
    rc = ssh_options_set(session,
                         SSH_OPTIONS_CIPHERS_C_S,
                         "aes128-ctr,aes192-ctr,aes256-ctr");
    assert_ssh_return_code(session, rc);
    value = NULL;
    rc = ssh_options_get(session, SSH_OPTIONS_CIPHERS_C_S, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value, "aes128-ctr,aes256-ctr");
    } else {
        assert_string_equal(value, "aes128-ctr,aes192-ctr,aes256-ctr");
    }
    ssh_string_free_char(value);
 }
 static void torture_options_set_key_exchange(void **state)
 {
    ssh_session session = *state;
@@ -135,7 +182,7 @@ static void torture_options_set_key_exchange(void **state)
                         "diffie-hellman-group18-sha512,"
                         "diffie-hellman-group14-sha256,"
                         "diffie-hellman-group14-sha1");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_KEX]);
    if (ssh_fips_mode()) {
        assert_string_equal(session->opts.wanted_methods[SSH_KEX],
@@ -157,7 +204,7 @@ static void torture_options_set_key_exchange(void **state)
                         "diffie-hellman-group16-sha512,"
                         "unknown-crap@example.com,"
                         "diffie-hellman-group18-sha512");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_KEX]);
    assert_string_equal(session->opts.wanted_methods[SSH_KEX],
                        "diffie-hellman-group16-sha512,"
@@ -170,6 +217,66 @@ static void torture_options_set_key_exchange(void **state)
    assert_false(rc == 0);
 }
 static void torture_options_get_key_exchange(void **state)
 {
    ssh_session session = *state;
    int rc;
    char *value = NULL;
    /* Test defaults returned */
    rc = ssh_options_get(session, SSH_OPTIONS_KEY_EXCHANGE, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value,
                            "ecdh-sha2-nistp256,"
                            "ecdh-sha2-nistp384,"
                            "ecdh-sha2-nistp521,"
                            "diffie-hellman-group-exchange-sha256,"
                            "diffie-hellman-group14-sha256,"
                            "diffie-hellman-group16-sha512,"
                            "diffie-hellman-group18-sha512");
    } else {
        assert_string_equal(value,
                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                            "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
                            "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
                            "diffie-hellman-group16-sha512,"
                            "diffie-hellman-group-exchange-sha256,"
                            "diffie-hellman-group14-sha256");
    }
    ssh_string_free_char(value);
    /* Test explicit kexes */
    rc = ssh_options_set(session,
                         SSH_OPTIONS_KEY_EXCHANGE,
                         "curve25519-sha256,curve25519-sha256@libssh.org,"
                         "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                         "diffie-hellman-group18-sha512,"
                         "diffie-hellman-group14-sha256,"
                         "diffie-hellman-group14-sha1");
    assert_ssh_return_code(session, rc);
    value = NULL;
    rc = ssh_options_get(session, SSH_OPTIONS_KEY_EXCHANGE, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value,
                            "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                            "diffie-hellman-group18-sha512,"
                            "diffie-hellman-group14-sha256");
    } else {
        assert_string_equal(value,
                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                            "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
                            "diffie-hellman-group18-sha512,"
                            "diffie-hellman-group14-sha256,"
                            "diffie-hellman-group14-sha1");
    }
    ssh_string_free_char(value);
 }
 static void torture_options_set_hostkey(void **state) {
    ssh_session session = *state;
    int rc;
@@ -178,7 +285,7 @@ static void torture_options_set_hostkey(void **state) {
    rc = ssh_options_set(session,
                         SSH_OPTIONS_HOSTKEYS,
                         "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
    if (ssh_fips_mode()) {
        assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
@@ -194,7 +301,7 @@ static void torture_options_set_hostkey(void **state) {
                         "ecdsa-sha2-nistp521,"
                         "unknown-crap@example.com,"
                         "rsa-sha2-256");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
                        "ecdsa-sha2-nistp521,"
@@ -207,6 +314,61 @@ static void torture_options_set_hostkey(void **state) {
    assert_false(rc == 0);
 }
 static void torture_options_get_hostkey(void **state)
 {
    ssh_session session = *state;
    int rc;
    char *value = NULL;
    rc = ssh_options_get(session, SSH_OPTIONS_HOSTKEYS, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value,
                            "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
                            "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
                            "ecdsa-sha2-nistp256-cert-v01@openssh.com,"
                            "rsa-sha2-512-cert-v01@openssh.com,"
                            "rsa-sha2-256-cert-v01@openssh.com,"
                            "ecdsa-sha2-nistp521,"
                            "ecdsa-sha2-nistp384,"
                            "ecdsa-sha2-nistp256,"
                            "rsa-sha2-512,"
                            "rsa-sha2-256");
    } else {
        assert_string_equal(value,
                            "ssh-ed25519-cert-v01@openssh.com,"
                            "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
                            "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
                            "ecdsa-sha2-nistp256-cert-v01@openssh.com,"
                            "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,"
                            "rsa-sha2-512-cert-v01@openssh.com,"
                            "rsa-sha2-256-cert-v01@openssh.com,"
                            "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
                            "ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,"
                            "sk-ecdsa-sha2-nistp256@openssh.com,"
                            "rsa-sha2-512,rsa-sha2-256");
    }
    ssh_string_free_char(value);
    /* Test explicit host keys */
    rc = ssh_options_set(session,
                         SSH_OPTIONS_HOSTKEYS,
                         "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
    assert_ssh_return_code(session, rc);
    value = NULL;
    rc = ssh_options_get(session, SSH_OPTIONS_HOSTKEYS, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value, "ecdsa-sha2-nistp384");
    } else {
        assert_string_equal(value, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
    }
    ssh_string_free_char(value);
 }
 static void torture_options_set_pubkey_accepted_types(void **state) {
    ssh_session session = *state;
    int rc;
@@ -216,7 +378,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
    rc = ssh_options_set(session,
                         SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                         "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.pubkey_accepted_types);
    if (ssh_fips_mode()) {
        assert_string_equal(session->opts.pubkey_accepted_types,
@@ -231,7 +393,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
        rc = ssh_options_set(session,
                             SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                             "ssh-ed25519,unknown-crap@example.com,ssh-rsa");
-        assert_true(rc == 0);
+        assert_ssh_return_code(session, rc);
        assert_non_null(session->opts.pubkey_accepted_types);
        assert_string_equal(session->opts.pubkey_accepted_types,
                            "ssh-ed25519,ssh-rsa");
@@ -257,7 +419,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
    rc = ssh_options_set(session,
                         SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                         "rsa-sha2-256,ssh-rsa");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.pubkey_accepted_types);
    if (ssh_fips_mode()) {
        assert_string_equal(session->opts.pubkey_accepted_types,
@@ -275,13 +437,37 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
    assert_int_equal(type, SSH_DIGEST_SHA256);
 }
 static void torture_options_get_pubkey_accepted_types(void **state)
 {
    ssh_session session = *state;
    int rc;
    char *value = NULL;
    /* Test known public key algorithms */
    rc = ssh_options_set(session,
                         SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                         "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
    assert_ssh_return_code(session, rc);
    rc = ssh_options_get(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value, "ecdsa-sha2-nistp384");
    } else {
        assert_string_equal(value, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
    }
    ssh_string_free_char(value);
 }
 static void torture_options_set_macs(void **state) {
    ssh_session session = *state;
    int rc;
    /* Test known MACs */
    rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1");
@@ -289,14 +475,14 @@ static void torture_options_set_macs(void **state) {
    rc = ssh_options_set(session,
                         SSH_OPTIONS_HMAC_S_C,
                         "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
                        "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
    /* Test unknown MACs */
    rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1-etm@openssh.com,unknown@example.com");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com");
@@ -305,7 +491,141 @@ static void torture_options_set_macs(void **state) {
    assert_false(rc == 0);
 }
-static void torture_options_get_host(void **state) {
+static void torture_options_get_macs(void **state)
 {
    ssh_session session = *state;
    int rc;
    char *value = NULL;
    /* test defaults returned */
    rc = ssh_options_get(session, SSH_OPTIONS_HMAC_S_C, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    if (ssh_fips_mode()) {
        assert_string_equal(value,
                            "hmac-sha2-256-etm@openssh.com,"
                            "hmac-sha1-etm@openssh.com,"
                            "hmac-sha2-512-etm@openssh.com,"
                            "hmac-sha2-256,"
                            "hmac-sha1,"
                            "hmac-sha2-512");
    } else {
        assert_string_equal(value,
                            "hmac-sha2-256-etm@openssh.com,"
                            "hmac-sha2-512-etm@openssh.com,"
                            "hmac-sha2-256,"
                            "hmac-sha2-512");
    }
    ssh_string_free_char(value);
    /* Test known MACs */
    rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1");
    assert_ssh_return_code(session, rc);
    value = NULL;
    rc = ssh_options_get(session, SSH_OPTIONS_HMAC_S_C, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    assert_string_equal(value, "hmac-sha1");
    ssh_string_free_char(value);
 }
 static void torture_options_set_compression(void **state)
 {
    ssh_session session = *state;
    int rc;
    const char *known_value;
    const char *multiple;
 #ifdef WITH_ZLIB
    if (ssh_fips_mode()) {
        known_value = "none";
        multiple = "none,squeeze";
    } else {
        known_value = "zlib";
        multiple = "zlib,squeeze";
    }
 #else
    known_value = "none";
    multiple = "none,squeeze";
 #endif
    /* Test known compression */
    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, known_value);
    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
                        known_value);
    /* Test multiple known compression */
    if (!ssh_fips_mode()) {
        rc = ssh_options_set(session,
                             SSH_OPTIONS_COMPRESSION_S_C,
                             "none,zlib@openssh.com");
        assert_ssh_return_code(session, rc);
        assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
 #ifdef WITH_ZLIB
        assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
                            "none,zlib@openssh.com");
 #else
        assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], "none");
 #endif
    }
    /* Test unknown compression */
    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, multiple);
    assert_ssh_return_code(session, rc);
    assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
                        known_value);
    /* Test all unknown compression */
    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "squeeze");
    assert_false(rc == 0);
 }
 static void torture_options_get_compression(void **state)
 {
    ssh_session session = *state;
    int rc;
    char *value = NULL;
    const char *test_value = NULL;
 #ifdef WITH_ZLIB
    if (ssh_fips_mode()) {
        test_value = "none";
    } else {
        test_value = "zlib@openssh.com";
    }
 #else
    test_value = "none";
 #endif
    /* test defaults returned */
    rc = ssh_options_get(session, SSH_OPTIONS_COMPRESSION_S_C, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
 #ifdef WITH_ZLIB
    assert_string_equal(value, "none,zlib@openssh.com");
 #else
    assert_string_equal(value, "none");
 #endif
    ssh_string_free_char(value);
    /* Test known compression */
    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, test_value);
    assert_ssh_return_code(session, rc);
    value = NULL;
    rc = ssh_options_get(session, SSH_OPTIONS_COMPRESSION_S_C, &value);
    assert_ssh_return_code(session, rc);
    assert_non_null(value);
    assert_string_equal(value, test_value);
    ssh_string_free_char(value);
 }
 static void torture_options_get_host(void **state)
 {
    ssh_session session = *state;
    int rc;
    char* host = NULL;
@@ -317,7 +637,7 @@ static void torture_options_get_host(void **state) {
    assert_false(ssh_options_get(session, SSH_OPTIONS_HOST, &host));
    assert_string_equal(host, "localhost");
-    free(host);
+    ssh_string_free_char(host);
 }
 static void torture_options_set_port(void **state) {
@@ -363,7 +683,7 @@ static void torture_options_get_user(void **state) {
  assert_int_equal(rc, SSH_OK);
  assert_non_null(user);
  assert_string_equal(user, "magicaltrevor");
-  free(user);
+  ssh_string_free_char(user);
 }
 static void torture_options_set_fd(void **state) {
@@ -454,7 +774,7 @@ static void torture_options_get_identity(void **state) {
    assert_int_equal(rc, SSH_OK);
    assert_non_null(identity);
    assert_string_equal(identity, "identity2");
-    free(identity);
+    ssh_string_free_char(identity);
 }
 static void torture_options_set_global_knownhosts(void **state)
@@ -773,7 +1093,7 @@ static void torture_options_config_match(void **state)
    localuser = ssh_get_local_username();
    assert_non_null(localuser);
    fputs(localuser, config);
-    free(localuser);
+    ssh_string_free_char(localuser);
    fputs("\n"
          "\tPort 33\n"
          "Match all\n"
@@ -2354,10 +2674,17 @@ int torture_run_tests(void) {
        cmocka_unit_test_setup_teardown(torture_options_control_master, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_control_path, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_set_ciphers, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_get_ciphers, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_set_key_exchange, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_get_key_exchange, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_set_hostkey, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_get_hostkey, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_set_pubkey_accepted_types, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_get_pubkey_accepted_types, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_set_macs, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_get_macs, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_set_compression, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_get_compression, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_copy, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_config_host, setup, teardown),
        cmocka_unit_test_setup_teardown(torture_options_config_match,