lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-08-05 20:55:46 +03:00
Code Activity

tests: Verify the hostkey ordering for negotiation is correct

Browse Source 
Previously, not all of the host keys algorithms were used for algorithm
negotiation. This verifies the algorithms list is sane and ordered
with the key types from known hosts in the first place.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2018-10-18 16:18:22 +02:00
committed by Andreas Schneider
parent 32e502a79d
commit bdb3bb9ccd
3 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh/kex.h
View File

@@ -45,5 +45,6 @@ char *ssh_find_matching(const char *in_d, const char *what_d);
const char *ssh_kex_get_supported_method(uint32_t algo); const char *ssh_kex_get_supported_method(uint32_t algo);
const char *ssh_kex_get_default_methods(uint32_t algo); const char *ssh_kex_get_default_methods(uint32_t algo);
const char *ssh_kex_get_description(uint32_t algo); const char *ssh_kex_get_description(uint32_t algo);
char *ssh_client_select_hostkeys(ssh_session session);
#endif /* KEX_H_ */ #endif /* KEX_H_ */

2
src/kex.c
View File

@@ -606,7 +606,7 @@ void ssh_list_kex(struct ssh_kex_struct *kex) {
* @returns a cstring containing a comma-separated list of hostkey methods. * @returns a cstring containing a comma-separated list of hostkey methods.
* NULL if no method matches * NULL if no method matches
*/ */
static char *ssh_client_select_hostkeys(ssh_session session) char *ssh_client_select_hostkeys(ssh_session session)
{ {
char methods_buffer[128]={0}; char methods_buffer[128]={0};
char tail_buffer[128]={0}; char tail_buffer[128]={0};

30
tests/unittests/torture_knownhosts_parsing.c
View File

@@ -277,6 +277,33 @@ static void torture_knownhosts_host_exists(void **state)
ssh_free(session); ssh_free(session);
} }
static void
torture_knownhosts_algorithms(void **state)
{
const char *knownhosts_file = *state;
char *algo_list = NULL;
ssh_session session;
const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
"ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
#ifdef HAVE_DSA
",ssh-dss"
#endif
;
session = ssh_new();
assert_non_null(session);
ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file);
algo_list = ssh_client_select_hostkeys(session);
assert_non_null(algo_list);
assert_string_equal(algo_list, expect);
free(algo_list);
ssh_free(session);
}
int torture_run_tests(void) { int torture_run_tests(void) {
int rc; int rc;
struct CMUnitTest tests[] = { struct CMUnitTest tests[] = {
@@ -292,6 +319,9 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_knownhosts_host_exists, cmocka_unit_test_setup_teardown(torture_knownhosts_host_exists,
setup_knownhosts_file, setup_knownhosts_file,
teardown_knownhosts_file), teardown_knownhosts_file),
cmocka_unit_test_setup_teardown(torture_knownhosts_algorithms,
setup_knownhosts_file,
teardown_knownhosts_file),
}; };
ssh_init(); ssh_init();