├── .build.mk ├── .gitignore ├── .skipped-commit-ids ├── .travis.yml ├── CREDITS ├── INSTALL ├── LICENCE ├── Makefile.in ├── OVERVIEW ├── PACKAGING.md ├── PROTOCOL ├── PROTOCOL.agent ├── PROTOCOL.certkeys ├── PROTOCOL.chacha20poly1305 ├── PROTOCOL.key ├── PROTOCOL.krl ├── PROTOCOL.mux ├── README ├── README.dns ├── README.md ├── README.platform ├── README.privsep ├── README.tun ├── TODO ├── aclocal.m4 ├── addrmatch.c ├── atomicio.c ├── atomicio.h ├── audit-bsm.c ├── audit-linux.c ├── audit.c ├── audit.h ├── auth-bsdauth.c ├── auth-chall.c ├── auth-krb5.c ├── auth-options.c ├── auth-options.h ├── auth-pam.c ├── auth-pam.h ├── auth-passwd.c ├── auth-rh-rsa.c ├── auth-rhosts.c ├── auth-rsa.c ├── auth-shadow.c ├── auth-sia.c ├── auth-sia.h ├── auth-skey.c ├── auth.c ├── auth.h ├── auth1.c ├── auth2-chall.c ├── auth2-gss.c ├── auth2-hostbased.c ├── auth2-kbdint.c ├── auth2-none.c ├── auth2-passwd.c ├── auth2-pubkey.c ├── auth2.c ├── authfd.c ├── authfd.h ├── authfile.c ├── authfile.h ├── bitmap.c ├── bitmap.h ├── blocks.c ├── bufaux.c ├── bufbn.c ├── bufec.c ├── buffer.c ├── buffer.h ├── buildpkg.sh.in ├── canohost.c ├── canohost.h ├── chacha.c ├── chacha.h ├── channels.c ├── channels.h ├── cipher-3des1.c ├── cipher-aes.c ├── cipher-aesctr.c ├── cipher-aesctr.h ├── cipher-bf1.c ├── cipher-chachapoly.c ├── cipher-chachapoly.h ├── cipher-ctr.c ├── cipher.c ├── cipher.h ├── cleanup.c ├── clientloop.c ├── clientloop.h ├── compat.c ├── compat.h ├── config.guess ├── config.sub ├── configure.ac ├── contrib ├── Makefile ├── README ├── aix │ ├── README │ ├── buildbff.sh │ ├── inventory.sh │ └── pam.conf ├── cygwin │ ├── Makefile │ ├── README │ ├── ssh-host-config │ ├── ssh-user-config │ └── sshd-inetd ├── findssl.sh ├── gnome-ssh-askpass1.c ├── gnome-ssh-askpass2.c ├── hpux │ ├── README │ ├── egd │ ├── egd.rc │ ├── sshd │ └── sshd.rc ├── redhat │ ├── gnome-ssh-askpass.csh │ ├── gnome-ssh-askpass.sh │ ├── openssh.spec │ ├── sshd.init │ ├── sshd.init.old │ ├── sshd.pam │ └── sshd.pam.old ├── solaris │ └── README ├── ssh-copy-id ├── ssh-copy-id.1 ├── sshd.pam.freebsd ├── sshd.pam.generic └── suse │ ├── openssh.spec │ ├── rc.config.sshd │ ├── rc.sshd │ └── sysconfig.ssh ├── crc32.c ├── crc32.h ├── crypto_api.h ├── deattack.c ├── deattack.h ├── debian ├── changelog ├── compat ├── control ├── copyright ├── docs ├── ironssh-docs.docs ├── rules └── source │ ├── format │ └── options ├── defines.h ├── dh.c ├── dh.h ├── digest-libc.c ├── digest-openssl.c ├── digest.h ├── dispatch.c ├── dispatch.h ├── dns.c ├── dns.h ├── ed25519.c ├── entropy.c ├── entropy.h ├── fatal.c ├── fe25519.c ├── fe25519.h ├── fixalgorithms ├── fixpaths ├── fixprogs ├── ge25519.c ├── ge25519.h ├── ge25519_base.data ├── groupaccess.c ├── groupaccess.h ├── gss-genr.c ├── gss-serv-krb5.c ├── gss-serv.c ├── hash.c ├── hmac.c ├── hmac.h ├── hostfile.c ├── hostfile.h ├── includes.h ├── install-sh ├── iron-common.h ├── iron-gpg.h ├── iron ├── gpg-internal.h ├── gpg-key.c ├── gpg-key.h ├── gpg-keyfile.c ├── gpg-keyfile.h ├── gpg-packet.c ├── gpg-packet.h ├── gpg-trustdb.c ├── gpg-trustdb.h ├── gpg.c ├── iron-mock.c ├── iron-prod.c ├── recipient.c ├── recipient.h ├── util.c └── util.h ├── ironsftp.1 ├── kex.c ├── kex.h ├── kexc25519.c ├── kexc25519c.c ├── kexc25519s.c ├── kexdh.c ├── kexdhc.c ├── kexdhs.c ├── kexecdh.c ├── kexecdhc.c ├── kexecdhs.c ├── kexgex.c ├── kexgexc.c ├── kexgexs.c ├── key.c ├── key.h ├── krl.c ├── krl.h ├── log.c ├── log.h ├── loginrec.c ├── loginrec.h ├── logintest.c ├── mac.c ├── mac.h ├── match.c ├── match.h ├── md-sha256.c ├── md5crypt.c ├── md5crypt.h ├── mdoc2man.awk ├── misc.c ├── misc.h ├── mkinstalldirs ├── moduli ├── moduli.5 ├── moduli.c ├── monitor.c ├── monitor.h ├── monitor_fdpass.c ├── monitor_fdpass.h ├── monitor_mm.c ├── monitor_mm.h ├── monitor_wrap.c ├── monitor_wrap.h ├── msg.c ├── msg.h ├── mux.c ├── myproposal.h ├── nchan.c ├── nchan.ms ├── nchan2.ms ├── opacket.c ├── opacket.h ├── openbsd-compat ├── Makefile.in ├── arc4random.c ├── base64.c ├── base64.h ├── basename.c ├── bcrypt_pbkdf.c ├── bindresvport.c ├── blf.h ├── blowfish.c ├── bsd-asprintf.c ├── bsd-closefrom.c ├── bsd-cray.c ├── bsd-cray.h ├── bsd-cygwin_util.c ├── bsd-cygwin_util.h ├── bsd-err.c ├── bsd-getpeereid.c ├── bsd-misc.c ├── bsd-misc.h ├── bsd-nextstep.c ├── bsd-nextstep.h ├── bsd-openpty.c ├── bsd-poll.c ├── bsd-poll.h ├── bsd-setres_id.c ├── bsd-setres_id.h ├── bsd-snprintf.c ├── bsd-statvfs.c ├── bsd-statvfs.h ├── bsd-waitpid.c ├── bsd-waitpid.h ├── chacha_private.h ├── charclass.h ├── daemon.c ├── dirname.c ├── explicit_bzero.c ├── fake-rfc2553.c ├── fake-rfc2553.h ├── fmt_scaled.c ├── getcwd.c ├── getgrouplist.c ├── getopt.h ├── getopt_long.c ├── getrrsetbyname-ldns.c ├── getrrsetbyname.c ├── getrrsetbyname.h ├── glob.c ├── glob.h ├── inet_aton.c ├── inet_ntoa.c ├── inet_ntop.c ├── kludge-fd_set.c ├── md5.c ├── md5.h ├── mktemp.c ├── openbsd-compat.h ├── openssl-compat.c ├── openssl-compat.h ├── port-aix.c ├── port-aix.h ├── port-irix.c ├── port-irix.h ├── port-linux.c ├── port-linux.h ├── port-solaris.c ├── port-solaris.h ├── port-tun.c ├── port-tun.h ├── port-uw.c ├── port-uw.h ├── pwcache.c ├── readpassphrase.c ├── readpassphrase.h ├── reallocarray.c ├── realpath.c ├── regress │ ├── Makefile.in │ ├── closefromtest.c │ ├── opensslvertest.c │ ├── snprintftest.c │ ├── strduptest.c │ └── strtonumtest.c ├── rmd160.c ├── rmd160.h ├── rresvport.c ├── setenv.c ├── setproctitle.c ├── sha1.c ├── sha1.h ├── sha2.c ├── sha2.h ├── sigact.c ├── sigact.h ├── strlcat.c ├── strlcpy.c ├── strmode.c ├── strnlen.c ├── strptime.c ├── strsep.c ├── strtoll.c ├── strtonum.c ├── strtoul.c ├── strtoull.c ├── sys-queue.h ├── sys-tree.h ├── timingsafe_bcmp.c ├── vis.c ├── vis.h ├── xcrypt.c └── xmmap.c ├── openssh.xml.in ├── opensshd.init.in ├── packet.c ├── packet.h ├── pathnames.h ├── pkcs11.h ├── platform-pledge.c ├── platform-tracing.c ├── platform.c ├── platform.h ├── poly1305.c ├── poly1305.h ├── progressmeter.c ├── progressmeter.h ├── readconf.c ├── readconf.h ├── readpass.c ├── regress ├── Makefile ├── README.regress ├── addrmatch.sh ├── agent-getpeereid.sh ├── agent-pkcs11.sh ├── agent-ptrace.sh ├── agent-timeout.sh ├── agent.sh ├── banner.sh ├── broken-pipe.sh ├── brokenkeys.sh ├── cert-file.sh ├── cert-hostkey.sh ├── cert-userkey.sh ├── cfginclude.sh ├── cfgmatch.sh ├── cfgparse.sh ├── check-perm.c ├── cipher-speed.sh ├── conch-ciphers.sh ├── connect-privsep.sh ├── connect.sh ├── dhgex.sh ├── dsa_ssh2.prv ├── dsa_ssh2.pub ├── dynamic-forward.sh ├── enc-dec-file.c ├── enc-dec-file.sh ├── envpass.sh ├── exit-status.sh ├── forcecommand.sh ├── forward-control.sh ├── forwarding.sh ├── host-expand.sh ├── hostkey-agent.sh ├── hostkey-rotate.sh ├── integrity.sh ├── iron-test-exec.sh ├── iron-test-users.tar.gz ├── ironsftp-fast.sh ├── ironsftp-slow.sh ├── ironsftp.sh ├── kextype.sh ├── key-options.sh ├── keygen-change.sh ├── keygen-convert.sh ├── keygen-knownhosts.sh ├── keys-command.sh ├── keyscan.sh ├── keytype.sh ├── krl.sh ├── limit-keytype.sh ├── localcommand.sh ├── login-timeout.sh ├── misc │ ├── Makefile │ └── kexfuzz │ │ ├── Makefile │ │ ├── README │ │ └── kexfuzz.c ├── modpipe.c ├── multiplex.sh ├── multipubkey.sh ├── netcat.c ├── portnum.sh ├── principals-command.sh ├── proto-mismatch.sh ├── proto-version.sh ├── proxy-connect.sh ├── putty-ciphers.sh ├── putty-kex.sh ├── putty-transfer.sh ├── reconfigure.sh ├── reexec.sh ├── rekey.sh ├── rsa_openssh.prv ├── rsa_openssh.pub ├── rsa_ssh2.prv ├── scp-ssh-wrapper.sh ├── scp.sh ├── setuid-allowed.c ├── sftp-badcmds.sh ├── sftp-batch.sh ├── sftp-chroot.sh ├── sftp-cmds.sh ├── sftp-glob.sh ├── sftp-perm.sh ├── sftp.sh ├── ssh-com-client.sh ├── ssh-com-keygen.sh ├── ssh-com-sftp.sh ├── ssh-com.sh ├── ssh2putty.sh ├── sshcfgparse.sh ├── sshd-log-wrapper.sh ├── stderr-after-eof.sh ├── stderr-data.sh ├── t11.ok ├── t4.ok ├── t5.ok ├── test-exec.sh ├── transfer.sh ├── try-ciphers.sh ├── unittests │ ├── Makefile │ ├── Makefile.inc │ ├── bitmap │ │ ├── Makefile │ │ └── tests.c │ ├── hostkeys │ │ ├── Makefile │ │ ├── mktestdata.sh │ │ ├── test_iterate.c │ │ ├── testdata │ │ │ ├── dsa_1.pub │ │ │ ├── dsa_2.pub │ │ │ ├── dsa_3.pub │ │ │ ├── dsa_4.pub │ │ │ ├── dsa_5.pub │ │ │ ├── dsa_6.pub │ │ │ ├── ecdsa_1.pub │ │ │ ├── ecdsa_2.pub │ │ │ ├── ecdsa_3.pub │ │ │ ├── ecdsa_4.pub │ │ │ ├── ecdsa_5.pub │ │ │ ├── ecdsa_6.pub │ │ │ ├── ed25519_1.pub │ │ │ ├── ed25519_2.pub │ │ │ ├── ed25519_3.pub │ │ │ ├── ed25519_4.pub │ │ │ ├── ed25519_5.pub │ │ │ ├── ed25519_6.pub │ │ │ ├── known_hosts │ │ │ ├── rsa1_1.pub │ │ │ ├── rsa1_2.pub │ │ │ ├── rsa1_3.pub │ │ │ ├── rsa1_4.pub │ │ │ ├── rsa1_5.pub │ │ │ ├── rsa1_6.pub │ │ │ ├── rsa_1.pub │ │ │ ├── rsa_2.pub │ │ │ ├── rsa_3.pub │ │ │ ├── rsa_4.pub │ │ │ ├── rsa_5.pub │ │ │ └── rsa_6.pub │ │ └── tests.c │ ├── irongpg │ │ ├── Makefile │ │ ├── test_gpg-key.c │ │ ├── test_gpg-keyfile.c │ │ ├── test_gpg-packet.c │ │ ├── test_gpg-trustdb.c │ │ ├── test_gpg.c │ │ ├── test_recipient.c │ │ ├── test_util.c │ │ └── tests.c │ ├── kex │ │ ├── Makefile │ │ ├── test_kex.c │ │ └── tests.c │ ├── sshbuf │ │ ├── Makefile │ │ ├── test_sshbuf.c │ │ ├── test_sshbuf_fixed.c │ │ ├── test_sshbuf_fuzz.c │ │ ├── test_sshbuf_getput_basic.c │ │ ├── test_sshbuf_getput_crypto.c │ │ ├── test_sshbuf_getput_fuzz.c │ │ ├── test_sshbuf_misc.c │ │ └── tests.c │ ├── sshkey │ │ ├── Makefile │ │ ├── common.c │ │ ├── common.h │ │ ├── mktestdata.sh │ │ ├── test_file.c │ │ ├── test_fuzz.c │ │ ├── test_sshkey.c │ │ ├── testdata │ │ │ ├── dsa_1 │ │ │ ├── dsa_1-cert.fp │ │ │ ├── dsa_1-cert.pub │ │ │ ├── dsa_1.fp │ │ │ ├── dsa_1.fp.bb │ │ │ ├── dsa_1.param.g │ │ │ ├── dsa_1.param.priv │ │ │ ├── dsa_1.param.pub │ │ │ ├── dsa_1.pub │ │ │ ├── dsa_1_pw │ │ │ ├── dsa_2 │ │ │ ├── dsa_2.fp │ │ │ ├── dsa_2.fp.bb │ │ │ ├── dsa_2.pub │ │ │ ├── dsa_n │ │ │ ├── dsa_n_pw │ │ │ ├── ecdsa_1 │ │ │ ├── ecdsa_1-cert.fp │ │ │ ├── ecdsa_1-cert.pub │ │ │ ├── ecdsa_1.fp │ │ │ ├── ecdsa_1.fp.bb │ │ │ ├── ecdsa_1.param.curve │ │ │ ├── ecdsa_1.param.priv │ │ │ ├── ecdsa_1.param.pub │ │ │ ├── ecdsa_1.pub │ │ │ ├── ecdsa_1_pw │ │ │ ├── ecdsa_2 │ │ │ ├── ecdsa_2.fp │ │ │ ├── ecdsa_2.fp.bb │ │ │ ├── ecdsa_2.param.curve │ │ │ ├── ecdsa_2.param.priv │ │ │ ├── ecdsa_2.param.pub │ │ │ ├── ecdsa_2.pub │ │ │ ├── ecdsa_n │ │ │ ├── ecdsa_n_pw │ │ │ ├── ed25519_1 │ │ │ ├── ed25519_1-cert.fp │ │ │ ├── ed25519_1-cert.pub │ │ │ ├── ed25519_1.fp │ │ │ ├── ed25519_1.fp.bb │ │ │ ├── ed25519_1.pub │ │ │ ├── ed25519_1_pw │ │ │ ├── ed25519_2 │ │ │ ├── ed25519_2.fp │ │ │ ├── ed25519_2.fp.bb │ │ │ ├── ed25519_2.pub │ │ │ ├── pw │ │ │ ├── rsa1_1 │ │ │ ├── rsa1_1.fp │ │ │ ├── rsa1_1.fp.bb │ │ │ ├── rsa1_1.param.n │ │ │ ├── rsa1_1.pub │ │ │ ├── rsa1_1_pw │ │ │ ├── rsa1_2 │ │ │ ├── rsa1_2.fp │ │ │ ├── rsa1_2.fp.bb │ │ │ ├── rsa1_2.param.n │ │ │ ├── rsa1_2.pub │ │ │ ├── rsa_1 │ │ │ ├── rsa_1-cert.fp │ │ │ ├── rsa_1-cert.pub │ │ │ ├── rsa_1.fp │ │ │ ├── rsa_1.fp.bb │ │ │ ├── rsa_1.param.n │ │ │ ├── rsa_1.param.p │ │ │ ├── rsa_1.param.q │ │ │ ├── rsa_1.pub │ │ │ ├── rsa_1_pw │ │ │ ├── rsa_2 │ │ │ ├── rsa_2.fp │ │ │ ├── rsa_2.fp.bb │ │ │ ├── rsa_2.param.n │ │ │ ├── rsa_2.param.p │ │ │ ├── rsa_2.param.q │ │ │ ├── rsa_2.pub │ │ │ ├── rsa_n │ │ │ └── rsa_n_pw │ │ └── tests.c │ ├── test_helper │ │ ├── Makefile │ │ ├── fuzz.c │ │ ├── test_helper.c │ │ └── test_helper.h │ └── utf8 │ │ ├── Makefile │ │ └── tests.c ├── valgrind-unit.sh └── yes-head.sh ├── rijndael.c ├── rijndael.h ├── rpm └── ironssh.spec ├── rsa.c ├── rsa.h ├── sandbox-capsicum.c ├── sandbox-darwin.c ├── sandbox-null.c ├── sandbox-pledge.c ├── sandbox-rlimit.c ├── sandbox-seccomp-filter.c ├── sandbox-solaris.c ├── sandbox-systrace.c ├── sc25519.c ├── sc25519.h ├── scp.1 ├── scp.c ├── servconf.c ├── servconf.h ├── serverloop.c ├── serverloop.h ├── session.c ├── session.h ├── sftp-client.c ├── sftp-client.h ├── sftp-common.c ├── sftp-common.h ├── sftp-glob.c ├── sftp-server-main.c ├── sftp-server.8 ├── sftp-server.c ├── sftp.1 ├── sftp.c ├── sftp.h ├── smult_curve25519_ref.c ├── ssh-add.1 ├── ssh-add.c ├── ssh-agent.1 ├── ssh-agent.c ├── ssh-dss.c ├── ssh-ecdsa.c ├── ssh-ed25519.c ├── ssh-gss.h ├── ssh-keygen.1 ├── ssh-keygen.c ├── ssh-keyscan.1 ├── ssh-keyscan.c ├── ssh-keysign.8 ├── ssh-keysign.c ├── ssh-pkcs11-client.c ├── ssh-pkcs11-helper.8 ├── ssh-pkcs11-helper.c ├── ssh-pkcs11.c ├── ssh-pkcs11.h ├── ssh-rsa.c ├── ssh-sandbox.h ├── ssh.1 ├── ssh.c ├── ssh.h ├── ssh1.h ├── ssh2.h ├── ssh_api.c ├── ssh_api.h ├── ssh_config ├── ssh_config.5 ├── sshbuf-getput-basic.c ├── sshbuf-getput-crypto.c ├── sshbuf-misc.c ├── sshbuf.c ├── sshbuf.h ├── sshconnect.c ├── sshconnect.h ├── sshconnect1.c ├── sshconnect2.c ├── sshd.8 ├── sshd.c ├── sshd_config ├── sshd_config.5 ├── ssherr.c ├── ssherr.h ├── sshkey.c ├── sshkey.h ├── sshlogin.c ├── sshlogin.h ├── sshpty.c ├── sshpty.h ├── sshtty.c ├── survey.sh.in ├── ttymodes.c ├── ttymodes.h ├── uidswap.c ├── uidswap.h ├── umac.c ├── umac.h ├── utf8.c ├── utf8.h ├── uuencode.c ├── uuencode.h ├── verify.c ├── version.h ├── xmalloc.c └── xmalloc.h /.build.mk: -------------------------------------------------------------------------------- 1 | SHELL=/bin/bash 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | *.o 3 | *.out 4 | *.out.pub 5 | *.a 6 | /Makefile 7 | autom4te.cache/ 8 | buildpkg.sh 9 | config.h 10 | config.h.in 11 | config.log 12 | config.status 13 | configure 14 | ironscp 15 | ironsftp 16 | openbsd-compat/Makefile 17 | openbsd-compat/regress/Makefile 18 | openssh.xml 19 | opensshd.init 20 | regress/check-perm 21 | regress/enc-dec-file 22 | regress/misc/kexfuzz/kexfuzz 23 | regress/modpipe 24 | regress/netcat 25 | regress/setuid-allowed 26 | regress/unittests/bitmap/test_bitmap 27 | regress/unittests/hostkeys/test_hostkeys 28 | regress/unittests/kex/test_kex 29 | regress/unittests/sshbuf/test_sshbuf 30 | regress/unittests/sshkey/test_sshkey 31 | regress/unittests/irongpg/test_irongpg 32 | scp 33 | sftp 34 | sftp-server 35 | ssh 36 | ssh-add 37 | ssh-agent 38 | ssh-keygen 39 | ssh-keyscan 40 | ssh-keysign 41 | ssh-pkcs11-helper 42 | sshd 43 | survey.sh 44 | *.dSYM 45 | ironsftp 46 | ironscp 47 | build 48 | VERSION 49 | -------------------------------------------------------------------------------- /.skipped-commit-ids: -------------------------------------------------------------------------------- 1 | 321065a95a7ccebdd5fd08482a1e19afbf524e35 Update DH groups 2 | d4f699a421504df35254cf1c6f1a7c304fb907ca Remove 1k bit groups 3 | aafe246655b53b52bc32c8a24002bc262f4230f7 Remove intermediate moduli 4 | 8fa9cd1dee3c3339ae329cf20fb591db6d605120 put back SSH1 for 6.9 5 | f31327a48dd4103333cc53315ec53fe65ed8a17a Generate new moduli 6 | edbfde98c40007b7752a4ac106095e060c25c1ef Regen moduli 7 | 052fd565e3ff2d8cec3bc957d1788f50c827f8e2 Switch to tame-based sandbox 8 | 7cf73737f357492776223da1c09179fa6ba74660 Remove moduli <2k 9 | 180d84674be1344e45a63990d60349988187c1ae Update moduli 10 | f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead. 11 | 96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile 12 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: required 2 | services: 3 | - docker 4 | 5 | language: c 6 | 7 | cache: ccache 8 | 9 | env: 10 | matrix: 11 | - OS=centos DIST=7 PACK=rpm 12 | - OS=fedora DIST=23 PACK=rpm 13 | - OS=fedora DIST=24 PACK=rpm 14 | - OS=ubuntu DIST=wily PACK=deb 15 | - OS=ubuntu DIST=xenial PACK=deb 16 | - OS=ubuntu DIST=yakkety PACK=deb 17 | - OS=debian DIST=stretch PACK=deb 18 | 19 | script: 20 | - git clone https://github.com/zmre/build.git 21 | - ./build/pack/travis.sh 22 | 23 | notifications: 24 | email: true 25 | irc: false 26 | slack: 27 | on_success: change 28 | on_failure: always 29 | secure: Ep0GkNkPcrthphR+DdlDpZORCv6wh6mHOIni79BasJWBDS1VZLuVRrHi9dgFU5bDxqbE31NBED0seOGS9ZNl6Z+m/3FOg/cGZ66IWXpEnnpcjyg98DOyHdY+Zer2KgnZwr9mNlVVOX2mr2ytGBLmTYYGsN34TcKnsTboei8454GV2AeYiocRjwFUim4VuRT0v4z6m4pE4tUATVg605eSLfjU5lAT64DZNtVHtMy8EQ9I4NtXAox59hAhe3hqJFQ+oZwC9uuOLxsYazmgeUHf9Z88PJDZQN9zr7FTSnjB//Wl6W/16HJ1RGD44gqoOZOfPQ/SXZYpNtmOUiwn3qBwre55ewYRRz/mYQ/pzvFPu2NAY0lpVVYN9/OAUIp1SpThGrkebHAm0h/T1FVv3+FLPKvIzybQ9GB+GoWoleKCDQdYj6RMVm9c0Y+1J0yauRltwzRf8RZ2sWxdrduZK3aNVh8ePG0K1KFeLWDlGwBkMJfOEa5xiw7OWb+SsRaTcKl8JnfLFGWW5YBdbmZ1NFmrE8H2ySyf0f4tp3sC26c19bN2XqEJ83XE5dYtKXIVMPitz2kTRcxteNRFHwHy4eepSfZ+oTtkYu5eJJfhTkPrzmiMGn9i1XBXh7ON5OrzhLOTRMNM6xQpn1zjGecRIfjWTu2fvxNPv5QLrOxPl3Db3FQ= 30 | -------------------------------------------------------------------------------- /CREDITS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IronCoreLabs/ironssh/b74f9e03509d0d77313778f5a8ca1451cde861f6/CREDITS -------------------------------------------------------------------------------- /LICENCE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IronCoreLabs/ironssh/b74f9e03509d0d77313778f5a8ca1451cde861f6/LICENCE -------------------------------------------------------------------------------- /PACKAGING.md: -------------------------------------------------------------------------------- 1 | # Instructions for building packages for various distros 2 | 3 | ## Overview 4 | 5 | We're using the [Tarantool Build scripts](https://github.com/tarantool/build) to generate a tar source file and then use docker to build and package the sources for various platforms. 6 | 7 | ## Automatic builds 8 | 9 | Various packages should be automatically built and published to packagecloud.io on successful builds via travis. Merged PR requests should result in new builds. 10 | 11 | ## Local builds 12 | 13 | For local builds, you'll need to have Docker installed. Then follow these steps from inside the ironssh base directory: 14 | 15 | 1. `git clone git@github.com:zmre/build.git` 16 | 2. `git describe --long --always > VERSION` 17 | 3. `./build/build clean` 18 | 4. `./build/build PRODUCT=ironssh centos7 fedora23 fedora24 fedora-rawhide debian-stretch ubuntu-wily ubuntu-xenial ubuntu-yakkety` 19 | 20 | Use other platform identifiers as desired. If all goes well, you'll find your packages under `build/root` 21 | 22 | ## Tagging for release 23 | 24 | To get a new version number started, you need to make an annotated tag and push it to github (unless you're just building locally): 25 | 26 | 1. `git tag -a "x.y.z" -m "tag comment"` 27 | 2. `git push origin "x.y.z" 28 | 29 | ## Building on Macs 30 | 31 | If you get the error, `tar: Option --exclude-vcs is not supported`, then you need to switch to using `gnu-tar`. You can get creative, or just do this in the session where you will run the `build` commands: 32 | 33 | 1. `brew install gnu-tar` 34 | 2. `PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"` 35 | 36 | After that you should be good. 37 | -------------------------------------------------------------------------------- /PROTOCOL.key: -------------------------------------------------------------------------------- 1 | This document describes the private key format for OpenSSH. 2 | 3 | 1. Overall format 4 | 5 | The key consists of a header, a list of public keys, and 6 | an encrypted list of matching private keys. 7 | 8 | #define AUTH_MAGIC "openssh-key-v1" 9 | 10 | byte[] AUTH_MAGIC 11 | string ciphername 12 | string kdfname 13 | string kdfoptions 14 | int number of keys N 15 | string publickey1 16 | string publickey2 17 | ... 18 | string publickeyN 19 | string encrypted, padded list of private keys 20 | 21 | 2. KDF options for kdfname "bcrypt" 22 | 23 | The options: 24 | 25 | string salt 26 | uint32 rounds 27 | 28 | are concatenated and represented as a string. 29 | 30 | 3. Unencrypted list of N private keys 31 | 32 | The list of privatekey/comment pairs is padded with the 33 | bytes 1, 2, 3, ... until the total length is a multiple 34 | of the cipher block size. 35 | 36 | uint32 checkint 37 | uint32 checkint 38 | string privatekey1 39 | string comment1 40 | string privatekey2 41 | string comment2 42 | ... 43 | string privatekeyN 44 | string commentN 45 | char 1 46 | char 2 47 | char 3 48 | ... 49 | char padlen % 255 50 | 51 | Before the key is encrypted, a random integer is assigned 52 | to both checkint fields so successful decryption can be 53 | quickly checked by verifying that both checkint fields 54 | hold the same value. 55 | 56 | 4. Encryption 57 | 58 | The KDF is used to derive a key, IV (and other values required by 59 | the cipher) from the passphrase. These values are then used to 60 | encrypt the unencrypted list of private keys. 61 | 62 | 5. No encryption 63 | 64 | For unencrypted keys the cipher "none" and the KDF "none" 65 | are used with empty passphrases. The options if the KDF "none" 66 | are the empty string. 67 | 68 | $OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ 69 | -------------------------------------------------------------------------------- /README.dns: -------------------------------------------------------------------------------- 1 | How to verify host keys using OpenSSH and DNS 2 | --------------------------------------------- 3 | 4 | OpenSSH contains support for verifying host keys using DNS as described in 5 | draft-ietf-secsh-dns-05.txt. The document contains very brief instructions 6 | on how to use this feature. Configuring DNS is out of the scope of this 7 | document. 8 | 9 | 10 | (1) Server: Generate and publish the DNS RR 11 | 12 | To create a DNS resource record (RR) containing a fingerprint of the 13 | public host key, use the following command: 14 | 15 | ssh-keygen -r hostname -f keyfile -g 16 | 17 | where "hostname" is your fully qualified hostname and "keyfile" is the 18 | file containing the public host key file. If you have multiple keys, 19 | you should generate one RR for each key. 20 | 21 | In the example above, ssh-keygen will print the fingerprint in a 22 | generic DNS RR format parsable by most modern name server 23 | implementations. If your nameserver has support for the SSHFP RR 24 | you can omit the -g flag and ssh-keygen will print a standard SSHFP RR. 25 | 26 | To publish the fingerprint using the DNS you must add the generated RR 27 | to your DNS zone file and sign your zone. 28 | 29 | 30 | (2) Client: Enable ssh to verify host keys using DNS 31 | 32 | To enable the ssh client to verify host keys using DNS, you have to 33 | add the following option to the ssh configuration file 34 | ($HOME/.ssh/config or /etc/ssh/ssh_config): 35 | 36 | VerifyHostKeyDNS yes 37 | 38 | Upon connection the client will try to look up the fingerprint RR 39 | using DNS. If the fingerprint received from the DNS server matches 40 | the remote host key, the user will be notified. 41 | 42 | 43 | Jakob Schlyter 44 | Wesley Griffin 45 | 46 | 47 | $OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $ 48 | -------------------------------------------------------------------------------- /auth-options.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: auth-options.h,v 1.21 2015/01/14 10:30:34 markus Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | #ifndef AUTH_OPTIONS_H 16 | #define AUTH_OPTIONS_H 17 | 18 | /* Linked list of custom environment strings */ 19 | struct envstring { 20 | struct envstring *next; 21 | char *s; 22 | }; 23 | 24 | /* Flags that may be set in authorized_keys options. */ 25 | extern int no_port_forwarding_flag; 26 | extern int no_agent_forwarding_flag; 27 | extern int no_x11_forwarding_flag; 28 | extern int no_pty_flag; 29 | extern int no_user_rc; 30 | extern char *forced_command; 31 | extern struct envstring *custom_environment; 32 | extern int forced_tun_device; 33 | extern int key_is_cert_authority; 34 | extern char *authorized_principals; 35 | 36 | int auth_parse_options(struct passwd *, char *, char *, u_long); 37 | void auth_clear_options(void); 38 | int auth_cert_options(struct sshkey *, struct passwd *); 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /auth-sia.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002 Chris Adams. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "includes.h" 26 | 27 | #ifdef HAVE_OSF_SIA 28 | 29 | void session_setup_sia(struct passwd *, char *); 30 | 31 | #endif /* HAVE_OSF_SIA */ 32 | -------------------------------------------------------------------------------- /canohost.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: canohost.h,v 1.12 2016/03/07 19:02:43 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | #ifndef _CANOHOST_H 16 | #define _CANOHOST_H 17 | 18 | char *get_peer_ipaddr(int); 19 | int get_peer_port(int); 20 | char *get_local_ipaddr(int); 21 | char *get_local_name(int); 22 | int get_local_port(int); 23 | 24 | #endif /* _CANOHOST_H */ 25 | 26 | void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); 27 | -------------------------------------------------------------------------------- /chacha.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: chacha.h,v 1.3 2014/05/02 03:27:54 djm Exp $ */ 2 | 3 | /* 4 | chacha-merged.c version 20080118 5 | D. J. Bernstein 6 | Public domain. 7 | */ 8 | 9 | #ifndef CHACHA_H 10 | #define CHACHA_H 11 | 12 | #include 13 | 14 | struct chacha_ctx { 15 | u_int input[16]; 16 | }; 17 | 18 | #define CHACHA_MINKEYLEN 16 19 | #define CHACHA_NONCELEN 8 20 | #define CHACHA_CTRLEN 8 21 | #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) 22 | #define CHACHA_BLOCKLEN 64 23 | 24 | void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits) 25 | __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); 26 | void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr) 27 | __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) 28 | __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); 29 | void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, 30 | u_char *c, u_int bytes) 31 | __attribute__((__bounded__(__buffer__, 2, 4))) 32 | __attribute__((__bounded__(__buffer__, 3, 4))); 33 | 34 | #endif /* CHACHA_H */ 35 | 36 | -------------------------------------------------------------------------------- /cipher-aesctr.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: cipher-aesctr.h,v 1.1 2014/04/29 15:39:33 markus Exp $ */ 2 | /* 3 | * Copyright (c) 2014 Markus Friedl 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef OPENSSH_AESCTR_H 19 | #define OPENSSH_AESCTR_H 20 | 21 | #include "rijndael.h" 22 | 23 | #define AES_BLOCK_SIZE 16 24 | 25 | typedef struct aesctr_ctx { 26 | int rounds; /* keylen-dependent #rounds */ 27 | u32 ek[4*(AES_MAXROUNDS + 1)]; /* encrypt key schedule */ 28 | u8 ctr[AES_BLOCK_SIZE]; /* counter */ 29 | } aesctr_ctx; 30 | 31 | void aesctr_keysetup(aesctr_ctx *x,const u8 *k,u32 kbits,u32 ivbits); 32 | void aesctr_ivsetup(aesctr_ctx *x,const u8 *iv); 33 | void aesctr_encrypt_bytes(aesctr_ctx *x,const u8 *m,u8 *c,u32 bytes); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /cipher-chachapoly.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) Damien Miller 2013 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | #ifndef CHACHA_POLY_AEAD_H 19 | #define CHACHA_POLY_AEAD_H 20 | 21 | #include 22 | #include "chacha.h" 23 | #include "poly1305.h" 24 | 25 | #define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */ 26 | 27 | struct chachapoly_ctx { 28 | struct chacha_ctx main_ctx, header_ctx; 29 | }; 30 | 31 | int chachapoly_init(struct chachapoly_ctx *cpctx, 32 | const u_char *key, u_int keylen) 33 | __attribute__((__bounded__(__buffer__, 2, 3))); 34 | int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr, 35 | u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, 36 | int do_encrypt); 37 | int chachapoly_get_length(struct chachapoly_ctx *cpctx, 38 | u_int *plenp, u_int seqnr, const u_char *cp, u_int len) 39 | __attribute__((__bounded__(__buffer__, 4, 5))); 40 | 41 | #endif /* CHACHA_POLY_AEAD_H */ 42 | -------------------------------------------------------------------------------- /cleanup.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ 2 | /* 3 | * Copyright (c) 2003 Markus Friedl 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "includes.h" 19 | 20 | #include 21 | 22 | #include 23 | #include 24 | 25 | #include "log.h" 26 | 27 | /* default implementation */ 28 | void 29 | cleanup_exit(int i) 30 | { 31 | _exit(i); 32 | } 33 | -------------------------------------------------------------------------------- /contrib/Makefile: -------------------------------------------------------------------------------- 1 | PKG_CONFIG = pkg-config 2 | 3 | all: 4 | @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" 5 | 6 | gnome-ssh-askpass1: gnome-ssh-askpass1.c 7 | $(CC) $(CFLAGS) `gnome-config --cflags gnome gnomeui` \ 8 | gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ 9 | `gnome-config --libs gnome gnomeui` 10 | 11 | gnome-ssh-askpass2: gnome-ssh-askpass2.c 12 | $(CC) $(CFLAGS) `$(PKG_CONFIG) --cflags gtk+-2.0` \ 13 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ 14 | `$(PKG_CONFIG) --libs gtk+-2.0 x11` 15 | 16 | clean: 17 | rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass 18 | -------------------------------------------------------------------------------- /contrib/aix/README: -------------------------------------------------------------------------------- 1 | Overview: 2 | 3 | This directory contains files to build an AIX native (installp or SMIT 4 | installable) openssh package. 5 | 6 | 7 | Directions: 8 | 9 | (optional) create config.local in your build dir 10 | ./configure [options] 11 | contrib/aix/buildbff.sh 12 | 13 | The file config.local or the environment is read to set the following options 14 | (default first): 15 | PERMIT_ROOT_LOGIN=[no|yes] 16 | X11_FORWARDING=[no|yes] 17 | AIX_SRC=[no|yes] 18 | 19 | Acknowledgements: 20 | 21 | The contents of this directory are based on Ben Lindstrom's Solaris 22 | buildpkg.sh. Ben also supplied inventory.sh. 23 | 24 | Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's 25 | and for comparison with the output from this script, however no code 26 | from lppbuild is included and it is not required for operation. 27 | 28 | SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. 29 | PrivSep account handling fixes contributed by W. Earl Allen. 30 | 31 | 32 | Other notes: 33 | 34 | The script treats all packages as USR packages (not ROOT+USR when 35 | appropriate). It seems to work, though...... 36 | 37 | If there are any patches to this that have not yet been integrated they 38 | may be found at http://www.zip.com.au/~dtucker/openssh/. 39 | 40 | 41 | Disclaimer: 42 | 43 | It is hoped that it is useful but there is no warranty. If it breaks 44 | you get to keep both pieces. 45 | 46 | 47 | - Darren Tucker (dtucker at zip dot com dot au) 48 | 2002/03/01 49 | 50 | $Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ 51 | -------------------------------------------------------------------------------- /contrib/aix/pam.conf: -------------------------------------------------------------------------------- 1 | # 2 | # PAM configuration file /etc/pam.conf 3 | # Example for OpenSSH on AIX 5.2 4 | # 5 | 6 | # Authentication Management 7 | sshd auth required /usr/lib/security/pam_aix 8 | OTHER auth required /usr/lib/security/pam_aix 9 | 10 | # Account Management 11 | sshd account required /usr/lib/security/pam_aix 12 | OTHER account required /usr/lib/security/pam_aix 13 | 14 | # Password Management 15 | sshd password required /usr/lib/security/pam_aix 16 | OTHER password required /usr/lib/security/pam_aix 17 | 18 | # Session Management 19 | sshd session required /usr/lib/security/pam_aix 20 | OTHER session required /usr/lib/security/pam_aix 21 | -------------------------------------------------------------------------------- /contrib/cygwin/sshd-inetd: -------------------------------------------------------------------------------- 1 | # This file can be used to enable sshd as a slave of the inetd service 2 | # To do so, the line below should be uncommented. 3 | @COMMENT@ ssh stream tcp nowait root /usr/sbin/sshd sshd -i 4 | 5 | -------------------------------------------------------------------------------- /contrib/hpux/README: -------------------------------------------------------------------------------- 1 | README for OpenSSH HP-UX contrib files 2 | Kevin Steves 3 | 4 | sshd: configuration file for sshd.rc 5 | sshd.rc: SSH startup script 6 | egd: configuration file for egd.rc 7 | egd.rc: EGD (entropy gathering daemon) startup script 8 | 9 | To install: 10 | 11 | sshd.rc: 12 | 13 | o Verify paths in sshd.rc match your local installation 14 | (WHAT_PATH and WHAT_PID) 15 | o Customize sshd if needed (SSHD_ARGS) 16 | o Install: 17 | 18 | # cp sshd /etc/rc.config.d 19 | # chmod 444 /etc/rc.config.d/sshd 20 | # cp sshd.rc /sbin/init.d 21 | # chmod 555 /sbin/init.d/sshd.rc 22 | # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd 23 | # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd 24 | 25 | egd.rc: 26 | 27 | o Verify egd.pl path in egd.rc matches your local installation 28 | (WHAT_PATH) 29 | o Customize egd if needed (EGD_ARGS and EGD_LOG) 30 | o Add pseudo account: 31 | 32 | # groupadd egd 33 | # useradd -g egd egd 34 | # mkdir -p /etc/opt/egd 35 | # chown egd:egd /etc/opt/egd 36 | # chmod 711 /etc/opt/egd 37 | 38 | o Install: 39 | 40 | # cp egd /etc/rc.config.d 41 | # chmod 444 /etc/rc.config.d/egd 42 | # cp egd.rc /sbin/init.d 43 | # chmod 555 /sbin/init.d/egd.rc 44 | # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd 45 | # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd 46 | -------------------------------------------------------------------------------- /contrib/hpux/egd: -------------------------------------------------------------------------------- 1 | # EGD_START: Set to 1 to start entropy gathering daemon 2 | # EGD_ARGS: Command line arguments to pass to egd 3 | # EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log) 4 | # 5 | # To configure the egd environment: 6 | 7 | # groupadd egd 8 | # useradd -g egd egd 9 | # mkdir -p /etc/opt/egd 10 | # chown egd:egd /etc/opt/egd 11 | # chmod 711 /etc/opt/egd 12 | 13 | EGD_START=1 14 | EGD_ARGS='/etc/opt/egd/entropy' 15 | EGD_LOG= 16 | -------------------------------------------------------------------------------- /contrib/hpux/sshd: -------------------------------------------------------------------------------- 1 | # SSHD_START: Set to 1 to start SSH daemon 2 | # SSHD_ARGS: Command line arguments to pass to sshd 3 | # 4 | SSHD_START=1 5 | SSHD_ARGS= 6 | -------------------------------------------------------------------------------- /contrib/redhat/gnome-ssh-askpass.csh: -------------------------------------------------------------------------------- 1 | setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass 2 | -------------------------------------------------------------------------------- /contrib/redhat/gnome-ssh-askpass.sh: -------------------------------------------------------------------------------- 1 | SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass 2 | export SSH_ASKPASS 3 | -------------------------------------------------------------------------------- /contrib/redhat/sshd.pam: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required pam_stack.so service=system-auth 3 | account required pam_nologin.so 4 | account required pam_stack.so service=system-auth 5 | password required pam_stack.so service=system-auth 6 | session required pam_stack.so service=system-auth 7 | -------------------------------------------------------------------------------- /contrib/redhat/sshd.pam.old: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required /lib/security/pam_pwdb.so shadow nodelay 3 | auth required /lib/security/pam_nologin.so 4 | account required /lib/security/pam_pwdb.so 5 | password required /lib/security/pam_cracklib.so 6 | password required /lib/security/pam_pwdb.so shadow nullok use_authtok 7 | session required /lib/security/pam_pwdb.so 8 | session required /lib/security/pam_limits.so 9 | -------------------------------------------------------------------------------- /contrib/solaris/README: -------------------------------------------------------------------------------- 1 | The following is a new package build script for Solaris. This is being 2 | introduced into OpenSSH 3.0 and above in hopes of simplifying the build 3 | process. As of 3.1p2 the script should work on all platforms that have 4 | SVR4 style package tools. 5 | 6 | The build process is called a 'dummy install'.. Which means the software does 7 | a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should 8 | be handled correctly and key are defered until the first time the sshd 9 | is started. 10 | 11 | Directions: 12 | 13 | 1. make -F Makefile.in distprep (Only if you are getting from the CVS tree) 14 | 2. ./configure --with-pam [..any other options you want..] 15 | 3. look at the top of buildpkg.sh for the configurable options and put 16 | any changes you want in openssh-config.local. Additional customizations 17 | can be done to the build process by creating one or more of the following 18 | scripts that will be sourced by buildpkg.sh. 19 | pkg_post_make_install_fixes.sh pkg-post-prototype-edit.sh 20 | pkg-preinstall.local pkg-postinstall.local pkg-preremove.local 21 | pkg-postremove.local pkg-request.local 22 | 4. Run "make package" 23 | 24 | If all goes well you should have a solaris package ready to be installed. 25 | 26 | If you have any problems with this script please post them to 27 | openssh-unix-dev@mindrot.org and I will try to assist you as best as I can. 28 | 29 | - Ben Lindstrom 30 | 31 | -------------------------------------------------------------------------------- /contrib/sshd.pam.freebsd: -------------------------------------------------------------------------------- 1 | sshd auth required pam_unix.so try_first_pass 2 | sshd account required pam_unix.so 3 | sshd password required pam_permit.so 4 | sshd session required pam_permit.so 5 | 6 | -------------------------------------------------------------------------------- /contrib/sshd.pam.generic: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required /lib/security/pam_unix.so shadow nodelay 3 | account required /lib/security/pam_nologin.so 4 | account required /lib/security/pam_unix.so 5 | password required /lib/security/pam_cracklib.so 6 | password required /lib/security/pam_unix.so shadow nullok use_authtok 7 | session required /lib/security/pam_unix.so 8 | session required /lib/security/pam_limits.so 9 | -------------------------------------------------------------------------------- /contrib/suse/rc.config.sshd: -------------------------------------------------------------------------------- 1 | # 2 | # Start the Secure Shell (SSH) Daemon? 3 | # 4 | START_SSHD="yes" 5 | 6 | -------------------------------------------------------------------------------- /contrib/suse/sysconfig.ssh: -------------------------------------------------------------------------------- 1 | ## Path: Network/Remote access/SSH 2 | ## Description: SSH server settings 3 | ## Type: string 4 | ## Default: "" 5 | ## ServiceRestart: sshd 6 | # 7 | # Options for sshd 8 | # 9 | SSHD_OPTS="" 10 | -------------------------------------------------------------------------------- /crc32.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2003 Markus Friedl. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #ifndef SSH_CRC32_H 28 | #define SSH_CRC32_H 29 | u_int32_t ssh_crc32(const u_char *, u_int32_t); 30 | #endif 31 | -------------------------------------------------------------------------------- /crypto_api.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */ 2 | 3 | /* 4 | * Assembled from generated headers and source files by Markus Friedl. 5 | * Placed in the public domain. 6 | */ 7 | 8 | #ifndef crypto_api_h 9 | #define crypto_api_h 10 | 11 | #ifdef HAVE_STDINT_H 12 | # include 13 | #endif 14 | #include 15 | 16 | typedef int32_t crypto_int32; 17 | typedef uint32_t crypto_uint32; 18 | 19 | #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) 20 | 21 | #define crypto_hashblocks_sha512_STATEBYTES 64U 22 | #define crypto_hashblocks_sha512_BLOCKBYTES 128U 23 | 24 | int crypto_hashblocks_sha512(unsigned char *, const unsigned char *, 25 | unsigned long long); 26 | 27 | #define crypto_hash_sha512_BYTES 64U 28 | 29 | int crypto_hash_sha512(unsigned char *, const unsigned char *, 30 | unsigned long long); 31 | 32 | int crypto_verify_32(const unsigned char *, const unsigned char *); 33 | 34 | #define crypto_sign_ed25519_SECRETKEYBYTES 64U 35 | #define crypto_sign_ed25519_PUBLICKEYBYTES 32U 36 | #define crypto_sign_ed25519_BYTES 64U 37 | 38 | int crypto_sign_ed25519(unsigned char *, unsigned long long *, 39 | const unsigned char *, unsigned long long, const unsigned char *); 40 | int crypto_sign_ed25519_open(unsigned char *, unsigned long long *, 41 | const unsigned char *, unsigned long long, const unsigned char *); 42 | int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *); 43 | 44 | #endif /* crypto_api_h */ 45 | -------------------------------------------------------------------------------- /deattack.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: deattack.h,v 1.11 2015/01/19 19:52:16 markus Exp $ */ 2 | 3 | /* 4 | * Cryptographic attack detector for ssh - Header file 5 | * 6 | * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. 7 | * 8 | * All rights reserved. Redistribution and use in source and binary 9 | * forms, with or without modification, are permitted provided that 10 | * this copyright notice is retained. 11 | * 12 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 13 | * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE 14 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR 15 | * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS 16 | * SOFTWARE. 17 | * 18 | * Ariel Futoransky 19 | * 20 | */ 21 | 22 | #ifndef _DEATTACK_H 23 | #define _DEATTACK_H 24 | 25 | /* Return codes */ 26 | #define DEATTACK_OK 0 27 | #define DEATTACK_DETECTED 1 28 | #define DEATTACK_DOS_DETECTED 2 29 | #define DEATTACK_ERROR 3 30 | 31 | struct deattack_ctx { 32 | u_int16_t *h; 33 | u_int32_t n; 34 | }; 35 | 36 | void deattack_init(struct deattack_ctx *); 37 | int detect_attack(struct deattack_ctx *, const u_char *, u_int32_t); 38 | #endif 39 | -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- 1 | ironssh (0.9.0-1) unstable; urgency=medium 2 | 3 | * Initial release 4 | 5 | -- IronCore Labs Wed, 24 Aug 2016 13:47:45 -0600 6 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 9 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: ironssh 2 | Section: net 3 | Priority: optional 4 | Maintainer: IronCore Labs 5 | Build-Depends: libsodium-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 1.0.2), libedit-dev, debhelper (>= 9~), dh-exec, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4) 6 | Standards-Version: 3.9.6 7 | Homepage: https://ironcorelabs.com/ 8 | Vcs-Git: git://github.com/IronCoreLabs/ironssh.git 9 | Vcs-Browser: https://github.com/ironcorelabs/ironssh 10 | 11 | Package: ironssh 12 | Architecture: any 13 | Depends: ${shlibs:Depends}, ${misc:Depends}, dpkg (>= 1.7.0), openssh-client, libsodium | libsodium18 | libsodium13, libedit | libedit2 14 | Description: The IronCore fork of OpenSSH adding transparent E2E encryption to file transfers 15 | IronSSH is a fork of OpenSSH that brings automatic end-to-end encryption 16 | to sftp and scp as ironsftp and ironscp. When uploading files to remote 17 | servers, they are encrypted in a GPG 2.1 compatible format using Curve25519 18 | crypto. Files may be shared with other users on the server. 19 | 20 | 21 | -------------------------------------------------------------------------------- /debian/docs: -------------------------------------------------------------------------------- 1 | README.md 2 | CREDITS 3 | LICENCE 4 | OVERVIEW 5 | PROTOCOL* 6 | -------------------------------------------------------------------------------- /debian/ironssh-docs.docs: -------------------------------------------------------------------------------- 1 | README 2 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # See debhelper(7) (uncomment to enable) 3 | # output every command that modifies files on the build system. 4 | #export DH_VERBOSE = 1 5 | 6 | 7 | # see FEATURE AREAS in dpkg-buildflags(1) 8 | export DEB_BUILD_MAINT_OPTIONS = hardening=+all 9 | 10 | # see ENVIRONMENT in dpkg-buildflags(1) 11 | # package maintainers to append CFLAGS 12 | #export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic 13 | # package maintainers to append LDFLAGS 14 | #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed 15 | 16 | 17 | %: 18 | dh $@ --with autotools_dev,autoreconf 19 | 20 | 21 | override_dh_auto_configure: 22 | dh_auto_configure -- --with-libedit 23 | 24 | override_dh_auto_test: 25 | make iron-tests 26 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/source/options: -------------------------------------------------------------------------------- 1 | # don't pack some non-free and generated files for Debian 2 | extend-diff-ignore = ".*\.git$" 3 | extend-diff-ignore = ".*\.git/.*" 4 | extend-diff-ignore = "\..*\.swp$" 5 | extend-diff-ignore = "\..*\.swo$" 6 | extend-diff-ignore = "\.swp$" 7 | extend-diff-ignore = "\.swo$" 8 | extend-diff-ignore = "autom4te\.cache/.*" 9 | -------------------------------------------------------------------------------- /entropy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1999-2000 Damien Miller. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | /* $Id: entropy.h,v 1.6 2011/09/09 01:29:41 dtucker Exp $ */ 26 | 27 | #ifndef _RANDOMS_H 28 | #define _RANDOMS_H 29 | 30 | #include "buffer.h" 31 | 32 | void seed_rng(void); 33 | 34 | void rexec_send_rng_seed(Buffer *); 35 | void rexec_recv_rng_seed(Buffer *); 36 | 37 | #endif /* _RANDOMS_H */ 38 | -------------------------------------------------------------------------------- /fixalgorithms: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # fixciphers - remove unsupported ciphers from man pages. 4 | # Usage: fixpaths /path/to/sed cipher1 [cipher2] outfile 5 | # 6 | # Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain. 7 | 8 | die() { 9 | echo $* 10 | exit -1 11 | } 12 | 13 | SED=$1 14 | shift 15 | 16 | for c in $*; do 17 | subs="$subs -e /.Dq.$c.*$/d" 18 | subs="$subs -e s/$c,//g" 19 | done 20 | 21 | # now remove any entirely empty lines 22 | subs="$subs -e /^$/d" 23 | 24 | ${SED} $subs 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /fixpaths: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # fixpaths - substitute makefile variables into text files 4 | # Usage: fixpaths -Dsomething=somethingelse ... 5 | 6 | die() { 7 | echo $* 8 | exit -1 9 | } 10 | 11 | test -n "`echo $1|grep -- -D`" || \ 12 | die $0: nothing to do - no substitutions listed! 13 | 14 | test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \ 15 | die $0: error in command line arguments. 16 | 17 | test -n "`echo $*|grep -- ' [^-]'`" || \ 18 | die Usage: $0 '[-Dstring=replacement] [[infile] ...]' 19 | 20 | sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'` 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /ge25519.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: ge25519.h,v 1.4 2015/02/16 18:26:26 miod Exp $ */ 2 | 3 | /* 4 | * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, 5 | * Peter Schwabe, Bo-Yin Yang. 6 | * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h 7 | */ 8 | 9 | #ifndef GE25519_H 10 | #define GE25519_H 11 | 12 | #include "fe25519.h" 13 | #include "sc25519.h" 14 | 15 | #define ge25519 crypto_sign_ed25519_ref_ge25519 16 | #define ge25519_base crypto_sign_ed25519_ref_ge25519_base 17 | #define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime 18 | #define ge25519_pack crypto_sign_ed25519_ref_pack 19 | #define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime 20 | #define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime 21 | #define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base 22 | 23 | typedef struct 24 | { 25 | fe25519 x; 26 | fe25519 y; 27 | fe25519 z; 28 | fe25519 t; 29 | } ge25519; 30 | 31 | extern const ge25519 ge25519_base; 32 | 33 | int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); 34 | 35 | void ge25519_pack(unsigned char r[32], const ge25519 *p); 36 | 37 | int ge25519_isneutral_vartime(const ge25519 *p); 38 | 39 | void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); 40 | 41 | void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /groupaccess.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: groupaccess.h,v 1.8 2008/07/04 03:44:59 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2001 Kevin Steves. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #ifndef GROUPACCESS_H 28 | #define GROUPACCESS_H 29 | 30 | int ga_init(const char *, gid_t); 31 | int ga_match(char * const *, int); 32 | int ga_match_pattern_list(const char *); 33 | void ga_free(void); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /hmac.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: hmac.h,v 1.9 2014/06/24 01:13:21 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2014 Markus Friedl. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef _HMAC_H 19 | #define _HMAC_H 20 | 21 | /* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ 22 | size_t ssh_hmac_bytes(int alg); 23 | 24 | struct sshbuf; 25 | struct ssh_hmac_ctx; 26 | struct ssh_hmac_ctx *ssh_hmac_start(int alg); 27 | 28 | /* Sets the state of the HMAC or resets the state if key == NULL */ 29 | int ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) 30 | __attribute__((__bounded__(__buffer__, 2, 3))); 31 | int ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) 32 | __attribute__((__bounded__(__buffer__, 2, 3))); 33 | int ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const struct sshbuf *b); 34 | int ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) 35 | __attribute__((__bounded__(__buffer__, 2, 3))); 36 | void ssh_hmac_free(struct ssh_hmac_ctx *ctx); 37 | 38 | #endif /* _HMAC_H */ 39 | -------------------------------------------------------------------------------- /iron/iron-mock.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "xmalloc.h" 7 | 8 | // Alternative to the system getpwuid function that will return a test directory 9 | struct passwd * 10 | iron_get_current_user(uid_t uid) 11 | { 12 | printf("\n***Called local getpwuid***\n\n"); 13 | static struct passwd local_pwd; 14 | static int test_inited = 0; 15 | 16 | if (!test_inited) { 17 | local_pwd.pw_name = xstrdup(getenv("IRON_TEST_USER")); 18 | local_pwd.pw_dir = xstrdup(getenv("IRON_TEST_DIR")); 19 | test_inited = 1; 20 | } 21 | 22 | return &local_pwd; 23 | 24 | } 25 | -------------------------------------------------------------------------------- /iron/iron-prod.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | struct passwd * 5 | iron_get_current_user(uid_t uid) 6 | { 7 | return getpwuid(uid); 8 | } 9 | -------------------------------------------------------------------------------- /match.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: match.h,v 1.16 2015/05/04 06:10:48 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | #ifndef MATCH_H 15 | #define MATCH_H 16 | 17 | int match_pattern(const char *, const char *); 18 | int match_pattern_list(const char *, const char *, int); 19 | int match_hostname(const char *, const char *); 20 | int match_host_and_ip(const char *, const char *, const char *); 21 | int match_user(const char *, const char *, const char *, const char *); 22 | char *match_list(const char *, const char *, u_int *); 23 | 24 | /* addrmatch.c */ 25 | int addr_match_list(const char *, const char *); 26 | int addr_match_cidr_list(const char *, const char *); 27 | #endif 28 | -------------------------------------------------------------------------------- /md5crypt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ---------------------------------------------------------------------------- 3 | * "THE BEER-WARE LICENSE" (Revision 42): 4 | * wrote this file. As long as you retain this notice you 5 | * can do whatever you want with this stuff. If we meet some day, and you think 6 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 | * ---------------------------------------------------------------------------- 8 | */ 9 | 10 | /* $Id: md5crypt.h,v 1.4 2003/05/18 14:46:46 djm Exp $ */ 11 | 12 | #ifndef _MD5CRYPT_H 13 | #define _MD5CRYPT_H 14 | 15 | #include "config.h" 16 | 17 | #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) 18 | 19 | int is_md5_salt(const char *); 20 | char *md5_crypt(const char *, const char *); 21 | 22 | #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ 23 | 24 | #endif /* MD5CRYPT_H */ 25 | -------------------------------------------------------------------------------- /mkinstalldirs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # mkinstalldirs --- make directory hierarchy 3 | # Author: Noah Friedman 4 | # Created: 1993-05-16 5 | # Public domain 6 | 7 | # $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $ 8 | 9 | errstatus=0 10 | 11 | for file 12 | do 13 | set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` 14 | shift 15 | 16 | pathcomp= 17 | for d 18 | do 19 | pathcomp="$pathcomp$d" 20 | case "$pathcomp" in 21 | -* ) pathcomp=./$pathcomp ;; 22 | esac 23 | 24 | if test ! -d "$pathcomp"; then 25 | echo "mkdir $pathcomp" 26 | 27 | mkdir "$pathcomp" || lasterr=$? 28 | 29 | if test ! -d "$pathcomp"; then 30 | errstatus=$lasterr 31 | fi 32 | fi 33 | 34 | pathcomp="$pathcomp/" 35 | done 36 | done 37 | 38 | exit $errstatus 39 | 40 | # mkinstalldirs ends here 41 | -------------------------------------------------------------------------------- /monitor_fdpass.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: monitor_fdpass.h,v 1.4 2007/09/04 03:21:03 djm Exp $ */ 2 | 3 | /* 4 | * Copyright 2002 Niels Provos 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifndef _MM_FDPASS_H_ 29 | #define _MM_FDPASS_H_ 30 | 31 | int mm_send_fd(int, int); 32 | int mm_receive_fd(int); 33 | 34 | #endif /* _MM_FDPASS_H_ */ 35 | -------------------------------------------------------------------------------- /msg.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: msg.h,v 1.5 2015/01/15 09:40:00 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | */ 25 | #ifndef SSH_MSG_H 26 | #define SSH_MSG_H 27 | 28 | struct sshbuf; 29 | int ssh_msg_send(int, u_char, struct sshbuf *); 30 | int ssh_msg_recv(int, struct sshbuf *); 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /openbsd-compat/Makefile.in: -------------------------------------------------------------------------------- 1 | # $Id: Makefile.in,v 1.56 2014/09/30 23:43:08 djm Exp $ 2 | 3 | sysconfdir=@sysconfdir@ 4 | piddir=@piddir@ 5 | srcdir=@srcdir@ 6 | top_srcdir=@top_srcdir@ 7 | 8 | VPATH=@srcdir@ 9 | CC=@CC@ 10 | LD=@LD@ 11 | CFLAGS=@CFLAGS@ 12 | CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ 13 | LIBS=@LIBS@ 14 | AR=@AR@ 15 | RANLIB=@RANLIB@ 16 | INSTALL=@INSTALL@ 17 | LDFLAGS=-L. @LDFLAGS@ 18 | 19 | OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o 20 | 21 | COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o 22 | 23 | PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o 24 | 25 | .c.o: 26 | $(CC) $(CFLAGS) $(CPPFLAGS) -c $< 27 | 28 | all: libopenbsd-compat.a 29 | 30 | $(COMPAT): ../config.h 31 | $(OPENBSD): ../config.h 32 | $(PORTS): ../config.h 33 | 34 | libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) 35 | $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) 36 | $(RANLIB) $@ 37 | 38 | clean: 39 | rm -f *.o *.a core 40 | 41 | distclean: clean 42 | rm -f Makefile *~ 43 | -------------------------------------------------------------------------------- /openbsd-compat/bsd-setres_id.h: -------------------------------------------------------------------------------- 1 | /* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef HAVE_SETRESGID 20 | int setresgid(gid_t, gid_t, gid_t); 21 | #endif 22 | #ifndef HAVE_SETRESUID 23 | int setresuid(uid_t, uid_t, uid_t); 24 | #endif 25 | -------------------------------------------------------------------------------- /openbsd-compat/charclass.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain, 2008, Todd C. Miller 3 | * 4 | * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $ 5 | */ 6 | 7 | /* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */ 8 | 9 | /* 10 | * POSIX character class support for fnmatch() and glob(). 11 | */ 12 | static struct cclass { 13 | const char *name; 14 | int (*isctype)(int); 15 | } cclasses[] = { 16 | { "alnum", isalnum }, 17 | { "alpha", isalpha }, 18 | { "blank", isblank }, 19 | { "cntrl", iscntrl }, 20 | { "digit", isdigit }, 21 | { "graph", isgraph }, 22 | { "lower", islower }, 23 | { "print", isprint }, 24 | { "punct", ispunct }, 25 | { "space", isspace }, 26 | { "upper", isupper }, 27 | { "xdigit", isxdigit }, 28 | { NULL, NULL } 29 | }; 30 | 31 | #define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) 32 | -------------------------------------------------------------------------------- /openbsd-compat/explicit_bzero.c: -------------------------------------------------------------------------------- 1 | /* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */ 2 | /* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ 3 | /* 4 | * Public domain. 5 | * Written by Ted Unangst 6 | */ 7 | 8 | #include "includes.h" 9 | 10 | /* 11 | * explicit_bzero - don't let the compiler optimize away bzero 12 | */ 13 | 14 | #ifndef HAVE_EXPLICIT_BZERO 15 | 16 | #ifdef HAVE_MEMSET_S 17 | 18 | void 19 | explicit_bzero(void *p, size_t n) 20 | { 21 | (void)memset_s(p, n, 0, n); 22 | } 23 | 24 | #else /* HAVE_MEMSET_S */ 25 | 26 | /* 27 | * Indirect bzero through a volatile pointer to hopefully avoid 28 | * dead-store optimisation eliminating the call. 29 | */ 30 | static void (* volatile ssh_bzero)(void *, size_t) = bzero; 31 | 32 | void 33 | explicit_bzero(void *p, size_t n) 34 | { 35 | ssh_bzero(p, n); 36 | } 37 | 38 | #endif /* HAVE_MEMSET_S */ 39 | 40 | #endif /* HAVE_EXPLICIT_BZERO */ 41 | -------------------------------------------------------------------------------- /openbsd-compat/kludge-fd_set.c: -------------------------------------------------------------------------------- 1 | /* Placed in the public domain. */ 2 | 3 | /* 4 | * _FORTIFY_SOURCE includes a misguided check for FD_SET(n)/FD_ISSET(b) 5 | * where n > FD_SETSIZE. This breaks OpenSSH and other programs that 6 | * explicitly allocate fd_sets. To avoid this, we wrap FD_SET in a 7 | * function compiled without _FORTIFY_SOURCE. 8 | */ 9 | 10 | #include "config.h" 11 | 12 | #if defined(HAVE_FEATURES_H) && defined(_FORTIFY_SOURCE) 13 | # include 14 | # if defined(__GNU_LIBRARY__) && defined(__GLIBC_PREREQ) 15 | # if __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) 16 | # undef _FORTIFY_SOURCE 17 | # undef __USE_FORTIFY_LEVEL 18 | # include 19 | void kludge_FD_SET(int n, fd_set *set) { 20 | FD_SET(n, set); 21 | } 22 | int kludge_FD_ISSET(int n, fd_set *set) { 23 | return FD_ISSET(n, set); 24 | } 25 | # endif /* __GLIBC_PREREQ(2, 15) && (_FORTIFY_SOURCE > 0) */ 26 | # endif /* __GNU_LIBRARY__ && __GLIBC_PREREQ */ 27 | #endif /* HAVE_FEATURES_H && _FORTIFY_SOURCE */ 28 | 29 | -------------------------------------------------------------------------------- /openbsd-compat/port-linux.h: -------------------------------------------------------------------------------- 1 | /* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Damien Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef _PORT_LINUX_H 20 | #define _PORT_LINUX_H 21 | 22 | #ifdef WITH_SELINUX 23 | int ssh_selinux_enabled(void); 24 | void ssh_selinux_setup_pty(char *, const char *); 25 | void ssh_selinux_setup_exec_context(char *); 26 | void ssh_selinux_change_context(const char *); 27 | void ssh_selinux_setfscreatecon(const char *); 28 | #endif 29 | 30 | #ifdef LINUX_OOM_ADJUST 31 | void oom_adjust_restore(void); 32 | void oom_adjust_setup(void); 33 | #endif 34 | 35 | #endif /* ! _PORT_LINUX_H */ 36 | -------------------------------------------------------------------------------- /openbsd-compat/port-solaris.h: -------------------------------------------------------------------------------- 1 | /* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Chad Mynhier. 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef _PORT_SOLARIS_H 20 | 21 | #include 22 | 23 | #include 24 | 25 | void solaris_contract_pre_fork(void); 26 | void solaris_contract_post_fork_child(void); 27 | void solaris_contract_post_fork_parent(pid_t pid); 28 | void solaris_set_default_project(struct passwd *); 29 | # ifdef USE_SOLARIS_PRIVS 30 | #include 31 | priv_set_t *solaris_basic_privset(void); 32 | void solaris_drop_privs_pinfo_net_fork_exec(void); 33 | void solaris_drop_privs_root_pinfo_net(void); 34 | void solaris_drop_privs_root_pinfo_net_exec(void); 35 | # endif /* USE_SOLARIS_PRIVS */ 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /openbsd-compat/port-tun.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Reyk Floeter 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #ifndef _PORT_TUN_H 18 | #define _PORT_TUN_H 19 | 20 | struct Channel; 21 | 22 | #if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) 23 | # define CUSTOM_SYS_TUN_OPEN 24 | int sys_tun_open(int, int); 25 | #endif 26 | 27 | #if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) 28 | # define SSH_TUN_FILTER 29 | int sys_tun_infilter(struct Channel *, char *, int); 30 | u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *); 31 | #endif 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /openbsd-compat/port-uw.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Tim Rice. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "includes.h" 26 | 27 | #ifdef USE_LIBIAF 28 | char * get_iaf_password(struct passwd *pw); 29 | #endif 30 | 31 | -------------------------------------------------------------------------------- /openbsd-compat/reallocarray.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $ */ 2 | /* 3 | * Copyright (c) 2008 Otto Moerbeek 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /* OPENBSD ORIGINAL: lib/libc/stdlib/reallocarray.c */ 19 | 20 | #include "includes.h" 21 | #ifndef HAVE_REALLOCARRAY 22 | 23 | #include 24 | #include 25 | #ifdef HAVE_STDINT_H 26 | #include 27 | #endif 28 | #include 29 | 30 | /* 31 | * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX 32 | * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW 33 | */ 34 | #define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) 35 | 36 | void * 37 | reallocarray(void *optr, size_t nmemb, size_t size) 38 | { 39 | if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && 40 | nmemb > 0 && SIZE_MAX / nmemb < size) { 41 | errno = ENOMEM; 42 | return NULL; 43 | } 44 | return realloc(optr, size * nmemb); 45 | } 46 | #endif /* HAVE_REALLOCARRAY */ 47 | -------------------------------------------------------------------------------- /openbsd-compat/regress/Makefile.in: -------------------------------------------------------------------------------- 1 | # $Id: Makefile.in,v 1.5 2014/06/17 13:06:08 dtucker Exp $ 2 | 3 | sysconfdir=@sysconfdir@ 4 | piddir=@piddir@ 5 | srcdir=@srcdir@ 6 | top_srcdir=@top_srcdir@ 7 | 8 | VPATH=@srcdir@ 9 | CC=@CC@ 10 | LD=@LD@ 11 | CFLAGS=@CFLAGS@ 12 | CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ 13 | EXEEXT=@EXEEXT@ 14 | LIBCOMPAT=../libopenbsd-compat.a 15 | LIBS=@LIBS@ 16 | LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) 17 | 18 | TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ 19 | strtonumtest$(EXEEXT) opensslvertest$(EXEEXT) 20 | 21 | all: t-exec ${OTHERTESTS} 22 | 23 | %$(EXEEXT): %.c $(LIBCOMPAT) 24 | $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) 25 | 26 | t-exec: $(TESTPROGS) 27 | @echo running compat regress tests 28 | @for TEST in ""$?; do \ 29 | echo "run test $${TEST}" ... 1>&2; \ 30 | ./$${TEST}$(EXEEXT) || exit $$? ; \ 31 | done 32 | @echo finished compat regress tests 33 | 34 | clean: 35 | rm -f *.o *.a core $(TESTPROGS) valid.out 36 | 37 | distclean: clean 38 | rm -f Makefile *~ 39 | -------------------------------------------------------------------------------- /openbsd-compat/regress/strduptest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Darren Tucker 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | static int fail = 0; 21 | 22 | void 23 | test(const char *a) 24 | { 25 | char *b; 26 | 27 | b = strdup(a); 28 | if (b == 0) { 29 | fail = 1; 30 | return; 31 | } 32 | if (strcmp(a, b) != 0) 33 | fail = 1; 34 | free(b); 35 | } 36 | 37 | int 38 | main(void) 39 | { 40 | test(""); 41 | test("a"); 42 | test("\0"); 43 | test("abcdefghijklmnopqrstuvwxyz"); 44 | return fail; 45 | } 46 | -------------------------------------------------------------------------------- /openbsd-compat/strnlen.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strnlen.c,v 1.3 2010/06/02 12:58:12 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2010 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ 20 | 21 | #include "config.h" 22 | #ifndef HAVE_STRNLEN 23 | #include 24 | 25 | #include 26 | 27 | size_t 28 | strnlen(const char *str, size_t maxlen) 29 | { 30 | const char *cp; 31 | 32 | for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) 33 | ; 34 | 35 | return (size_t)(cp - str); 36 | } 37 | #endif 38 | -------------------------------------------------------------------------------- /openbsd-compat/timingsafe_bcmp.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ 2 | /* 3 | * Copyright (c) 2010 Damien Miller. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */ 19 | 20 | #include "includes.h" 21 | #ifndef HAVE_TIMINGSAFE_BCMP 22 | 23 | int 24 | timingsafe_bcmp(const void *b1, const void *b2, size_t n) 25 | { 26 | const unsigned char *p1 = b1, *p2 = b2; 27 | int ret = 0; 28 | 29 | for (; n > 0; n--) 30 | ret |= *p1++ ^ *p2++; 31 | return (ret != 0); 32 | } 33 | 34 | #endif /* TIMINGSAFE_BCMP */ 35 | -------------------------------------------------------------------------------- /platform-tracing.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016 Darren Tucker. All rights reserved. 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "includes.h" 18 | 19 | #include 20 | #if defined(HAVE_SYS_PRCTL_H) 21 | #include /* For prctl() and PR_SET_DUMPABLE */ 22 | #endif 23 | #ifdef HAVE_PRIV_H 24 | #include /* For setpflags() and __PROC_PROTECT */ 25 | #endif 26 | #include 27 | 28 | #include "log.h" 29 | 30 | void 31 | platform_disable_tracing(int strict) 32 | { 33 | #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) 34 | /* Disable ptrace on Linux without sgid bit */ 35 | if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) 36 | fatal("unable to make the process undumpable"); 37 | #endif 38 | #if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT) 39 | /* On Solaris, we should make this process untraceable */ 40 | if (setpflags(__PROC_PROTECT, 1) != 0 && strict) 41 | fatal("unable to make the process untraceable"); 42 | #endif 43 | } 44 | -------------------------------------------------------------------------------- /platform.h: -------------------------------------------------------------------------------- 1 | /* $Id: platform.h,v 1.9 2013/09/22 09:02:40 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include 20 | 21 | #include 22 | 23 | void platform_pre_listen(void); 24 | void platform_pre_fork(void); 25 | void platform_pre_restart(void); 26 | void platform_post_fork_parent(pid_t child_pid); 27 | void platform_post_fork_child(void); 28 | int platform_privileged_uidswap(void); 29 | void platform_setusercontext(struct passwd *); 30 | void platform_setusercontext_post_groups(struct passwd *); 31 | char *platform_get_krb5_client(const char *); 32 | char *platform_krb5_get_principal_name(const char *); 33 | int platform_sys_dir_uid(uid_t); 34 | void platform_disable_tracing(int); 35 | 36 | /* in platform-pledge.c */ 37 | void platform_pledge_agent(void); 38 | void platform_pledge_sftp_server(void); 39 | void platform_pledge_mux(void); 40 | -------------------------------------------------------------------------------- /poly1305.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: poly1305.h,v 1.4 2014/05/02 03:27:54 djm Exp $ */ 2 | 3 | /* 4 | * Public Domain poly1305 from Andrew Moon 5 | * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna 6 | */ 7 | 8 | #ifndef POLY1305_H 9 | #define POLY1305_H 10 | 11 | #include 12 | 13 | #define POLY1305_KEYLEN 32 14 | #define POLY1305_TAGLEN 16 15 | 16 | void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen, 17 | const u_char key[POLY1305_KEYLEN]) 18 | __attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN))) 19 | __attribute__((__bounded__(__buffer__, 2, 3))) 20 | __attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN))); 21 | 22 | #endif /* POLY1305_H */ 23 | -------------------------------------------------------------------------------- /progressmeter.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2002 Nils Nordman. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | */ 25 | 26 | void start_progress_meter(const char *, off_t, off_t *); 27 | void stop_progress_meter(void); 28 | -------------------------------------------------------------------------------- /regress/agent-getpeereid.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="disallow agent attach from other uid" 5 | 6 | UNPRIV=nobody 7 | ASOCK=${OBJ}/agent 8 | SSH_AUTH_SOCK=/nonexistent 9 | 10 | if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then 11 | : 12 | else 13 | echo "skipped (not supported on this platform)" 14 | exit 0 15 | fi 16 | case "x$SUDO" in 17 | xsudo) sudo=1;; 18 | xdoas) ;; 19 | x) 20 | echo "need SUDO to switch to uid $UNPRIV" 21 | exit 0 ;; 22 | *) 23 | echo "unsupported $SUDO - "doas" and "sudo" are allowed" 24 | exit 0 ;; 25 | esac 26 | 27 | trace "start agent" 28 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null 29 | r=$? 30 | if [ $r -ne 0 ]; then 31 | fail "could not start ssh-agent: exit code $r" 32 | else 33 | chmod 644 ${SSH_AUTH_SOCK} 34 | 35 | ssh-add -l > /dev/null 2>&1 36 | r=$? 37 | if [ $r -ne 1 ]; then 38 | fail "ssh-add failed with $r != 1" 39 | fi 40 | if test -z "$sudo" ; then 41 | # doas 42 | ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null 43 | else 44 | # sudo 45 | < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null 46 | fi 47 | r=$? 48 | if [ $r -lt 2 ]; then 49 | fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 50 | fi 51 | 52 | trace "kill agent" 53 | ${SSHAGENT} -k > /dev/null 54 | fi 55 | 56 | rm -f ${OBJ}/agent 57 | -------------------------------------------------------------------------------- /regress/agent-ptrace.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent-ptrace.sh,v 1.2 2014/02/27 21:21:25 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="disallow agent ptrace attach" 5 | 6 | if have_prog uname ; then 7 | case `uname` in 8 | AIX|CYGWIN*|OSF1) 9 | echo "skipped (not supported on this platform)" 10 | exit 0 11 | ;; 12 | esac 13 | fi 14 | 15 | if [ "x$USER" = "xroot" ]; then 16 | echo "Skipped: running as root" 17 | exit 0 18 | fi 19 | 20 | if have_prog gdb ; then 21 | : ok 22 | else 23 | echo "skipped (gdb not found)" 24 | exit 0 25 | fi 26 | 27 | if $OBJ/setuid-allowed ${SSHAGENT} ; then 28 | : ok 29 | else 30 | echo "skipped (${SSHAGENT} is mounted on a no-setuid filesystem)" 31 | exit 0 32 | fi 33 | 34 | if test -z "$SUDO" ; then 35 | echo "skipped (SUDO not set)" 36 | exit 0 37 | else 38 | $SUDO chown 0 ${SSHAGENT} 39 | $SUDO chgrp 0 ${SSHAGENT} 40 | $SUDO chmod 2755 ${SSHAGENT} 41 | fi 42 | 43 | trace "start agent" 44 | eval `${SSHAGENT} -s` > /dev/null 45 | r=$? 46 | if [ $r -ne 0 ]; then 47 | fail "could not start ssh-agent: exit code $r" 48 | else 49 | # ls -l ${SSH_AUTH_SOCK} 50 | gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF 51 | quit 52 | EOF 53 | r=$? 54 | if [ $r -ne 0 ]; then 55 | fail "gdb failed: exit code $r" 56 | fi 57 | egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null ${OBJ}/gdb.out 58 | r=$? 59 | rm -f ${OBJ}/gdb.out 60 | if [ $r -ne 0 ]; then 61 | fail "ptrace succeeded?: exit code $r" 62 | fi 63 | 64 | trace "kill agent" 65 | ${SSHAGENT} -k > /dev/null 66 | fi 67 | -------------------------------------------------------------------------------- /regress/agent-timeout.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent-timeout.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="agent timeout test" 5 | 6 | SSHAGENT_TIMEOUT=10 7 | 8 | trace "start agent" 9 | eval `${SSHAGENT} -s` > /dev/null 10 | r=$? 11 | if [ $r -ne 0 ]; then 12 | fail "could not start ssh-agent: exit code $r" 13 | else 14 | trace "add keys with timeout" 15 | for t in ${SSH_KEYTYPES}; do 16 | ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1 17 | if [ $? -ne 0 ]; then 18 | fail "ssh-add did succeed exit code 0" 19 | fi 20 | done 21 | n=`${SSHADD} -l 2> /dev/null | wc -l` 22 | trace "agent has $n keys" 23 | if [ $n -ne 2 ]; then 24 | fail "ssh-add -l did not return 2 keys: $n" 25 | fi 26 | trace "sleeping 2*${SSHAGENT_TIMEOUT} seconds" 27 | sleep ${SSHAGENT_TIMEOUT} 28 | sleep ${SSHAGENT_TIMEOUT} 29 | ${SSHADD} -l 2> /dev/null | grep 'The agent has no identities.' >/dev/null 30 | if [ $? -ne 0 ]; then 31 | fail "ssh-add -l still returns keys after timeout" 32 | fi 33 | 34 | trace "kill agent" 35 | ${SSHAGENT} -k > /dev/null 36 | fi 37 | -------------------------------------------------------------------------------- /regress/banner.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: banner.sh,v 1.2 2003/10/11 11:49:49 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="banner" 5 | echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy 6 | 7 | rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in 8 | touch $OBJ/empty.in 9 | 10 | trace "test missing banner file" 11 | verbose "test $tid: missing banner file" 12 | ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ 13 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ 14 | fail "missing banner file" 15 | 16 | for s in 0 10 100 1000 10000 100000 ; do 17 | if [ "$s" = "0" ]; then 18 | # create empty banner 19 | touch $OBJ/banner.in 20 | elif [ "$s" = "10" ]; then 21 | # create 10-byte banner file 22 | echo "abcdefghi" >$OBJ/banner.in 23 | else 24 | # increase size 10x 25 | cp $OBJ/banner.in $OBJ/banner.out 26 | for i in 0 1 2 3 4 5 6 7 8 ; do 27 | cat $OBJ/banner.out >> $OBJ/banner.in 28 | done 29 | fi 30 | 31 | trace "test banner size $s" 32 | verbose "test $tid: size $s" 33 | ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ 34 | cmp $OBJ/banner.in $OBJ/banner.out ) || \ 35 | fail "banner size $s mismatch" 36 | done 37 | 38 | trace "test suppress banner (-q)" 39 | verbose "test $tid: suppress banner (-q)" 40 | ( ${SSH} -q -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ 41 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ 42 | fail "suppress banner (-q)" 43 | 44 | rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in 45 | -------------------------------------------------------------------------------- /regress/broken-pipe.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: broken-pipe.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="broken pipe test" 5 | 6 | for p in ${SSH_PROTOCOLS}; do 7 | trace "protocol $p" 8 | for i in 1 2 3 4; do 9 | ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true 10 | r=$? 11 | if [ $r -ne 0 ]; then 12 | fail "broken pipe returns $r for protocol $p" 13 | fi 14 | done 15 | done 16 | -------------------------------------------------------------------------------- /regress/brokenkeys.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="broken keys" 5 | 6 | KEYS="$OBJ/authorized_keys_${USER}" 7 | 8 | start_sshd 9 | 10 | mv ${KEYS} ${KEYS}.bak 11 | 12 | # Truncated key 13 | echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS 14 | cat ${KEYS}.bak >> ${KEYS} 15 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 16 | 17 | ${SSH} -2 -F $OBJ/ssh_config somehost true 18 | if [ $? -ne 0 ]; then 19 | fail "ssh connect with protocol $p failed" 20 | fi 21 | 22 | mv ${KEYS}.bak ${KEYS} 23 | 24 | -------------------------------------------------------------------------------- /regress/cipher-speed.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: cipher-speed.sh,v 1.13 2015/03/24 20:22:17 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="cipher speed" 5 | 6 | getbytes () 7 | { 8 | sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \ 9 | -e '/copied/s/.*s, \(.* MB.s\).*/\1/p' 10 | } 11 | 12 | tries="1 2" 13 | 14 | for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do 15 | trace "proto 2 cipher $c mac $m" 16 | for x in $tries; do 17 | printf "%-60s" "$c/$m:" 18 | ( ${SSH} -o 'compression no' \ 19 | -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ 20 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ 21 | < ${DATA} ) 2>&1 | getbytes 22 | 23 | if [ $? -ne 0 ]; then 24 | fail "ssh -2 failed with mac $m cipher $c" 25 | fi 26 | done 27 | # No point trying all MACs for AEAD ciphers since they are ignored. 28 | if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then 29 | break 30 | fi 31 | n=`expr $n + 1` 32 | done; done 33 | 34 | if ssh_version 1; then 35 | ciphers="3des blowfish" 36 | else 37 | ciphers="" 38 | fi 39 | for c in $ciphers; do 40 | trace "proto 1 cipher $c" 41 | for x in $tries; do 42 | printf "%-60s" "$c:" 43 | ( ${SSH} -o 'compression no' \ 44 | -F $OBJ/ssh_proxy -1 -c $c somehost \ 45 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ 46 | < ${DATA} ) 2>&1 | getbytes 47 | if [ $? -ne 0 ]; then 48 | fail "ssh -1 failed with cipher $c" 49 | fi 50 | done 51 | done 52 | -------------------------------------------------------------------------------- /regress/conch-ciphers.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="conch ciphers" 5 | 6 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then 7 | echo "conch interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | start_sshd 12 | 13 | for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ 14 | cast128-cbc blowfish 3des-cbc ; do 15 | verbose "$tid: cipher $c" 16 | rm -f ${COPY} 17 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling 18 | # in conch 19 | ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ 20 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ 21 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} 22 | if [ $? -ne 0 ]; then 23 | fail "ssh cat $DATA failed" 24 | fi 25 | cmp ${DATA} ${COPY} || fail "corrupted copy" 26 | done 27 | rm -f ${COPY} 28 | 29 | -------------------------------------------------------------------------------- /regress/connect-privsep.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: connect-privsep.sh,v 1.6 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="proxy connect with privsep" 5 | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy 8 | 9 | for p in ${SSH_PROTOCOLS}; do 10 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 11 | if [ $? -ne 0 ]; then 12 | fail "ssh privsep+proxyconnect protocol $p failed" 13 | fi 14 | done 15 | 16 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 17 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy 18 | 19 | for p in ${SSH_PROTOCOLS}; do 20 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 21 | if [ $? -ne 0 ]; then 22 | # XXX replace this with fail once sandbox has stabilised 23 | warn "ssh privsep/sandbox+proxyconnect protocol $p failed" 24 | fi 25 | done 26 | 27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest 28 | # with every malloc.conf option (and none). 29 | if [ -z "TEST_MALLOC_OPTIONS" ]; then 30 | mopts="A F G H J P R S X < >" 31 | else 32 | mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` 33 | fi 34 | for m in '' $mopts ; do 35 | for p in ${SSH_PROTOCOLS}; do 36 | env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 37 | if [ $? -ne 0 ]; then 38 | fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" 39 | fi 40 | done 41 | done 42 | -------------------------------------------------------------------------------- /regress/connect.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: connect.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="simple connect" 5 | 6 | start_sshd 7 | 8 | for p in ${SSH_PROTOCOLS}; do 9 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true 10 | if [ $? -ne 0 ]; then 11 | fail "ssh connect with protocol $p failed" 12 | fi 13 | done 14 | -------------------------------------------------------------------------------- /regress/dhgex.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: dhgex.sh,v 1.3 2015/10/23 02:22:01 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="dhgex" 5 | 6 | LOG=${TEST_SSH_LOGFILE} 7 | rm -f ${LOG} 8 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 9 | 10 | kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange` 11 | 12 | ssh_test_dhgex() 13 | { 14 | bits="$1"; shift 15 | cipher="$1"; shift 16 | kex="$1"; shift 17 | 18 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 19 | echo "KexAlgorithms=$kex" >> $OBJ/sshd_proxy 20 | echo "Ciphers=$cipher" >> $OBJ/sshd_proxy 21 | rm -f ${LOG} 22 | opts="-oKexAlgorithms=$kex -oCiphers=$cipher" 23 | min=2048 24 | max=8192 25 | groupsz="$min<$bits<$max" 26 | verbose "$tid bits $bits $kex $cipher" 27 | ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true 28 | if [ $? -ne 0 ]; then 29 | fail "ssh failed ($@)" 30 | fi 31 | # check what we request 32 | grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null 33 | if [ $? != 0 ]; then 34 | got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}` 35 | fail "$tid unexpected GEX sizes, expected $groupsz, got $got" 36 | fi 37 | # check what we got (depends on contents of system moduli file) 38 | gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`" 39 | if [ "$gotbits" -lt "$bits" ]; then 40 | fatal "$tid expected $bits bit group, got $gotbits" 41 | fi 42 | } 43 | 44 | check() 45 | { 46 | bits="$1"; shift 47 | 48 | for c in $@; do 49 | for k in $kexs; do 50 | ssh_test_dhgex $bits $c $k 51 | done 52 | done 53 | } 54 | 55 | #check 2048 3des-cbc 56 | check 3072 `${SSH} -Q cipher | grep 128` 57 | check 3072 arcfour blowfish-cbc 58 | check 7680 `${SSH} -Q cipher | grep 192` 59 | check 8192 `${SSH} -Q cipher | grep 256` 60 | check 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com 61 | -------------------------------------------------------------------------------- /regress/dsa_ssh2.prv: -------------------------------------------------------------------------------- 1 | ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- 2 | Subject: ssh-keygen test 3 | Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100" 4 | P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA 5 | AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR 6 | Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg 7 | x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv 8 | MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt 9 | F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1 10 | kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik 11 | ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6 12 | 75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV 13 | zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A== 14 | ---- END SSH2 ENCRYPTED PRIVATE KEY ---- 15 | -------------------------------------------------------------------------------- /regress/dsa_ssh2.pub: -------------------------------------------------------------------------------- 1 | ---- BEGIN SSH2 PUBLIC KEY ---- 2 | Subject: ssh-keygen test 3 | Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100" 4 | AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8 5 | NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l 6 | ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo 7 | 0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE 8 | MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk 9 | JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC 10 | eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv 11 | JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1 12 | ixaVivLt8RgTwGF99uI= 13 | ---- END SSH2 PUBLIC KEY ---- 14 | -------------------------------------------------------------------------------- /regress/dynamic-forward.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: dynamic-forward.sh,v 1.11 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="dynamic forwarding" 5 | 6 | FWDPORT=`expr $PORT + 1` 7 | 8 | if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then 9 | proxycmd="nc -x 127.0.0.1:$FWDPORT -X" 10 | elif have_prog connect; then 11 | proxycmd="connect -S 127.0.0.1:$FWDPORT -" 12 | else 13 | echo "skipped (no suitable ProxyCommand found)" 14 | exit 0 15 | fi 16 | trace "will use ProxyCommand $proxycmd" 17 | 18 | start_sshd 19 | 20 | for p in ${SSH_PROTOCOLS}; do 21 | n=0 22 | error="1" 23 | trace "start dynamic forwarding, fork to background" 24 | while [ "$error" -ne 0 -a "$n" -lt 3 ]; do 25 | n=`expr $n + 1` 26 | ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \ 27 | -oExitOnForwardFailure=yes somehost exec sh -c \ 28 | \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' 29 | error=$? 30 | if [ "$error" -ne 0 ]; then 31 | trace "forward failed proto $p attempt $n err $error" 32 | sleep $n 33 | fi 34 | done 35 | if [ "$error" -ne 0 ]; then 36 | fatal "failed to start dynamic forwarding proto $p" 37 | fi 38 | 39 | for s in 4 5; do 40 | for h in 127.0.0.1 localhost; do 41 | trace "testing ssh protocol $p socks version $s host $h" 42 | ${SSH} -F $OBJ/ssh_config \ 43 | -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ 44 | somehost cat $DATA > $OBJ/ls.copy 45 | test -f $OBJ/ls.copy || fail "failed copy $DATA" 46 | cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA" 47 | done 48 | done 49 | 50 | if [ -f $OBJ/remote_pid ]; then 51 | remote=`cat $OBJ/remote_pid` 52 | trace "terminate remote shell, pid $remote" 53 | if [ $remote -gt 1 ]; then 54 | kill -HUP $remote 55 | fi 56 | else 57 | fail "no pid file: $OBJ/remote_pid" 58 | fi 59 | done 60 | -------------------------------------------------------------------------------- /regress/enc-dec-file.sh: -------------------------------------------------------------------------------- 1 | # Placed in the Public Domain. 2 | 3 | tid="basic irongpg encode/decode" 4 | 5 | fail () 6 | { 7 | RESULT=1 8 | echo "$@" 9 | 10 | } 11 | 12 | encode_decode () 13 | { 14 | ./enc-dec-file -T ${OBJ}/gumby $@ > /dev/null 2> /dev/null 15 | r=$? 16 | if [ $r -ne 0 ]; then 17 | fail "enc-dec-file failed on file $@ with $r" 18 | else 19 | # By not removing file until here, it will be saved out there 20 | # if there is a failure, so it can be analyzed. 21 | rm $@ 22 | fi 23 | } 24 | 25 | touch ${COPY}.0 26 | encode_decode ${COPY}.0 27 | 28 | if [ "x$IRON_SLOW_TESTS" != "x" ]; then 29 | # If we are doing slow tests, generate files using random data 30 | limit=45 31 | byte_ct=1 32 | while [ $byte_ct -le $limit ]; do 33 | head -c $byte_ct /dev/random > ${COPY}.${byte_ct} 34 | encode_decode ${COPY}.${byte_ct} 35 | byte_ct=$(($byte_ct + 1)) 36 | done 37 | 38 | head -c 1048576 /dev/random > ${COPY}.1M 39 | encode_decode ${COPY}.1M 40 | 41 | # head -c 2147482000 /dev/zero > ${COPY}.2G 42 | # encode_decode ${COPY}.2G 43 | 44 | # Now just run through several files of random data. 45 | limit=250 46 | file_ct=1 47 | while [ $file_ct -le $limit ]; do 48 | head -c 8192 /dev/random > ${COPY}.8k.${file_ct} 49 | encode_decode ${COPY}.8k.${file_ct} 50 | file_ct=$(($file_ct + 1)) 51 | done 52 | else 53 | # If doing fast tests, skip all the random stuff. Just grab data 54 | # from an existing file 55 | SOURCE_FILE=${BUILDDIR}/libssh.a 56 | 57 | limit=45 58 | byte_ct=1 59 | while [ $byte_ct -le $limit ]; do 60 | head -c $byte_ct ${SOURCE_FILE} > ${COPY}.${byte_ct} 61 | encode_decode ${COPY}.${byte_ct} 62 | byte_ct=$(($byte_ct + 1)) 63 | done 64 | 65 | head -c 1048576 ${SOURCE_FILE} > ${COPY}.1M 66 | encode_decode ${COPY}.1M 67 | fi 68 | -------------------------------------------------------------------------------- /regress/envpass.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="environment passing" 5 | 6 | # NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) 7 | 8 | # Prepare a custom config to test for a configuration parsing bug fixed in 4.0 9 | cat << EOF > $OBJ/ssh_proxy_envpass 10 | Host test-sendenv-confparse-bug 11 | SendEnv * 12 | EOF 13 | cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass 14 | 15 | trace "pass env, don't accept" 16 | verbose "test $tid: pass env, don't accept" 17 | _TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \ 18 | sh << 'EOF' 19 | test -z "$_TEST_ENV" 20 | EOF 21 | r=$? 22 | if [ $r -ne 0 ]; then 23 | fail "environment found" 24 | fi 25 | 26 | trace "don't pass env, accept" 27 | verbose "test $tid: don't pass env, accept" 28 | _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \ 29 | sh << 'EOF' 30 | test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B" 31 | EOF 32 | r=$? 33 | if [ $r -ne 0 ]; then 34 | fail "environment found" 35 | fi 36 | 37 | trace "pass single env, accept single env" 38 | verbose "test $tid: pass single env, accept single env" 39 | _XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \ 40 | otherhost sh << 'EOF' 41 | test X"$_XXX_TEST" = X"blah" 42 | EOF 43 | r=$? 44 | if [ $r -ne 0 ]; then 45 | fail "environment not found" 46 | fi 47 | 48 | trace "pass multiple env, accept multiple env" 49 | verbose "test $tid: pass multiple env, accept multiple env" 50 | _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ 51 | -F $OBJ/ssh_proxy_envpass otherhost \ 52 | sh << 'EOF' 53 | test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" 54 | EOF 55 | r=$? 56 | if [ $r -ne 0 ]; then 57 | fail "environment not found" 58 | fi 59 | 60 | rm -f $OBJ/ssh_proxy_envpass 61 | -------------------------------------------------------------------------------- /regress/exit-status.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: exit-status.sh,v 1.7 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="remote exit status" 5 | 6 | for p in ${SSH_PROTOCOLS}; do 7 | for s in 0 1 4 5 44; do 8 | trace "proto $p status $s" 9 | verbose "test $tid: proto $p status $s" 10 | ${SSH} -$p -F $OBJ/ssh_proxy otherhost exit $s 11 | r=$? 12 | if [ $r -ne $s ]; then 13 | fail "exit code mismatch for protocol $p: $r != $s" 14 | fi 15 | 16 | # same with early close of stdout/err 17 | ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost \ 18 | exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' 19 | r=$? 20 | if [ $r -ne $s ]; then 21 | fail "exit code (with sleep) mismatch for protocol $p: $r != $s" 22 | fi 23 | done 24 | done 25 | -------------------------------------------------------------------------------- /regress/forcecommand.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: forcecommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="forced command" 5 | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7 | 8 | cp /dev/null $OBJ/authorized_keys_$USER 9 | for t in ${SSH_KEYTYPES}; do 10 | printf 'command="true" ' >>$OBJ/authorized_keys_$USER 11 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 12 | done 13 | 14 | for p in ${SSH_PROTOCOLS}; do 15 | trace "forced command in key option proto $p" 16 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 17 | fail "forced command in key proto $p" 18 | done 19 | 20 | cp /dev/null $OBJ/authorized_keys_$USER 21 | for t in ${SSH_KEYTYPES}; do 22 | printf 'command="false" ' >> $OBJ/authorized_keys_$USER 23 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 24 | done 25 | 26 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 27 | echo "ForceCommand true" >> $OBJ/sshd_proxy 28 | 29 | for p in ${SSH_PROTOCOLS}; do 30 | trace "forced command in sshd_config overrides key option proto $p" 31 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 32 | fail "forced command in key proto $p" 33 | done 34 | 35 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 36 | echo "ForceCommand false" >> $OBJ/sshd_proxy 37 | echo "Match User $USER" >> $OBJ/sshd_proxy 38 | echo " ForceCommand true" >> $OBJ/sshd_proxy 39 | 40 | for p in ${SSH_PROTOCOLS}; do 41 | trace "forced command with match proto $p" 42 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 43 | fail "forced command in key proto $p" 44 | done 45 | -------------------------------------------------------------------------------- /regress/host-expand.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: host-expand.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="expand %h and %n" 5 | 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy 7 | printf 'LocalCommand printf "%%%%s\\n" "%%n" "%%h"\n' >> $OBJ/ssh_proxy 8 | 9 | cat >$OBJ/expect <$OBJ/actual 17 | diff $OBJ/expect $OBJ/actual || fail "$tid proto $p" 18 | done 19 | 20 | -------------------------------------------------------------------------------- /regress/iron-test-users.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IronCoreLabs/ironssh/b74f9e03509d0d77313778f5a8ca1451cde861f6/regress/iron-test-users.tar.gz -------------------------------------------------------------------------------- /regress/ironsftp.sh: -------------------------------------------------------------------------------- 1 | # Placed in the Public Domain. 2 | 3 | if [ "x$IRON_SLOW_TESTS" != "x" ]; then 4 | . ${OBJ}/ironsftp-slow.sh 5 | else 6 | . ${OBJ}/ironsftp-fast.sh 7 | fi 8 | -------------------------------------------------------------------------------- /regress/kextype.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: kextype.sh,v 1.6 2015/03/24 20:19:15 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="login with different key exchange algorithms" 5 | 6 | TIME=/usr/bin/time 7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 8 | cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 9 | 10 | # Make server accept all key exchanges. 11 | ALLKEX=`${SSH} -Q kex` 12 | KEXOPT=`echo $ALLKEX | tr ' ' ,` 13 | echo "KexAlgorithms=$KEXOPT" >> $OBJ/sshd_proxy 14 | 15 | tries="1 2 3 4" 16 | for k in `${SSH} -Q kex`; do 17 | verbose "kex $k" 18 | for i in $tries; do 19 | ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true 20 | if [ $? -ne 0 ]; then 21 | fail "ssh kex $k" 22 | fi 23 | done 24 | done 25 | 26 | -------------------------------------------------------------------------------- /regress/keygen-change.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keygen-change.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="change passphrase for key" 5 | 6 | S1="secret1" 7 | S2="2secret" 8 | 9 | KEYTYPES=`${SSH} -Q key-plain` 10 | if ssh_version 1; then 11 | KEYTYPES="${KEYTYPES} rsa1" 12 | fi 13 | 14 | for t in $KEYTYPES; do 15 | # generate user key for agent 16 | trace "generating $t key" 17 | rm -f $OBJ/$t-key 18 | ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key 19 | if [ $? -eq 0 ]; then 20 | ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null 21 | if [ $? -ne 0 ]; then 22 | fail "ssh-keygen -p failed for $t-key" 23 | fi 24 | else 25 | fail "ssh-keygen for $t-key failed" 26 | fi 27 | rm -f $OBJ/$t-key $OBJ/$t-key.pub 28 | done 29 | -------------------------------------------------------------------------------- /regress/keygen-convert.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keygen-convert.sh,v 1.1 2009/11/09 04:20:04 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="convert keys" 5 | 6 | for t in rsa dsa; do 7 | # generate user key for agent 8 | trace "generating $t key" 9 | rm -f $OBJ/$t-key 10 | ${SSHKEYGEN} -q -N "" -t $t -f $OBJ/$t-key 11 | 12 | trace "export $t private to rfc4716 public" 13 | ${SSHKEYGEN} -q -e -f $OBJ/$t-key >$OBJ/$t-key-rfc || \ 14 | fail "export $t private to rfc4716 public" 15 | 16 | trace "export $t public to rfc4716 public" 17 | ${SSHKEYGEN} -q -e -f $OBJ/$t-key.pub >$OBJ/$t-key-rfc.pub || \ 18 | fail "$t public to rfc4716 public" 19 | 20 | cmp $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \ 21 | fail "$t rfc4716 exports differ between public and private" 22 | 23 | trace "import $t rfc4716 public" 24 | ${SSHKEYGEN} -q -i -f $OBJ/$t-key-rfc >$OBJ/$t-rfc-imported || \ 25 | fail "$t import rfc4716 public" 26 | 27 | cut -f1,2 -d " " $OBJ/$t-key.pub >$OBJ/$t-key-nocomment.pub 28 | cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \ 29 | fail "$t imported differs from original" 30 | 31 | rm -f $OBJ/$t-key $OBJ/$t-key.pub $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub \ 32 | $OBJ/$t-rfc-imported $OBJ/$t-key-nocomment.pub 33 | done 34 | -------------------------------------------------------------------------------- /regress/keyscan.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keyscan.sh,v 1.5 2015/09/11 03:44:21 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="keyscan" 5 | 6 | # remove DSA hostkey 7 | rm -f ${OBJ}/host.dsa 8 | 9 | start_sshd 10 | 11 | KEYTYPES=`${SSH} -Q key-plain` 12 | if ssh_version 1; then 13 | KEYTYPES="${KEYTYPES} rsa1" 14 | fi 15 | 16 | for t in $KEYTYPES; do 17 | trace "keyscan type $t" 18 | ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ 19 | > /dev/null 2>&1 20 | r=$? 21 | if [ $r -ne 0 ]; then 22 | fail "ssh-keyscan -t $t failed with: $r" 23 | fi 24 | done 25 | -------------------------------------------------------------------------------- /regress/localcommand.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: localcommand.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="localcommand" 5 | 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy 7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy 8 | 9 | for p in ${SSH_PROTOCOLS}; do 10 | verbose "test $tid: proto $p localcommand" 11 | a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true` 12 | if [ "$a" != "foo" ] ; then 13 | fail "$tid proto $p" 14 | fi 15 | done 16 | -------------------------------------------------------------------------------- /regress/login-timeout.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: login-timeout.sh,v 1.7 2014/03/13 20:44:49 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="connect after login grace timeout" 5 | 6 | trace "test login grace with privsep" 7 | cp $OBJ/sshd_config $OBJ/sshd_config.orig 8 | grep -vi LoginGraceTime $OBJ/sshd_config.orig > $OBJ/sshd_config 9 | echo "LoginGraceTime 10s" >> $OBJ/sshd_config 10 | echo "MaxStartups 1" >> $OBJ/sshd_config 11 | start_sshd 12 | 13 | (echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & 14 | sleep 15 15 | ${SSH} -F $OBJ/ssh_config somehost true 16 | if [ $? -ne 0 ]; then 17 | fail "ssh connect after login grace timeout failed with privsep" 18 | fi 19 | 20 | $SUDO kill `$SUDO cat $PIDFILE` 21 | 22 | trace "test login grace without privsep" 23 | echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config 24 | start_sshd 25 | sleep 1 26 | 27 | (echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & 28 | sleep 15 29 | ${SSH} -F $OBJ/ssh_config somehost true 30 | if [ $? -ne 0 ]; then 31 | fail "ssh connect after login grace timeout failed without privsep" 32 | fi 33 | -------------------------------------------------------------------------------- /regress/misc/Makefile: -------------------------------------------------------------------------------- 1 | SUBDIR= kexfuzz 2 | 3 | .include 4 | -------------------------------------------------------------------------------- /regress/misc/kexfuzz/README: -------------------------------------------------------------------------------- 1 | This is a harness to help with fuzzing KEX. 2 | 3 | To use it, you first set it to count packets in each direction: 4 | 5 | ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c 6 | S2C: 29 7 | C2S: 31 8 | 9 | Then get it to record a particular packet (in this case the 4th 10 | packet from client->server): 11 | 12 | ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ 13 | -d -D C2S -i 3 -f packet_3 14 | 15 | Fuzz the packet somehow: 16 | 17 | dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example 18 | 19 | Then re-run the key exchange substituting the modified packet in 20 | its original sequence: 21 | 22 | ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ 23 | -r -D C2S -i 3 -f packet_3 24 | 25 | A comprehensive KEX fuzz run would fuzz every packet in both 26 | directions for each key exchange type and every hostkey type. 27 | This will take some time. 28 | 29 | -------------------------------------------------------------------------------- /regress/portnum.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: portnum.sh,v 1.2 2013/05/17 10:34:30 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="port number parsing" 5 | 6 | badport() { 7 | port=$1 8 | verbose "$tid: invalid port $port" 9 | if ${SSH} -F $OBJ/ssh_proxy -p $port somehost true 2>/dev/null ; then 10 | fail "$tid accepted invalid port $port" 11 | fi 12 | } 13 | goodport() { 14 | port=$1 15 | verbose "$tid: valid port $port" 16 | if ${SSH} -F $OBJ/ssh_proxy -p $port somehost true 2>/dev/null ; then 17 | : 18 | else 19 | fail "$tid rejected valid port $port" 20 | fi 21 | } 22 | 23 | badport 0 24 | badport 65536 25 | badport 131073 26 | badport 2000blah 27 | badport blah2000 28 | 29 | goodport 1 30 | goodport 22 31 | goodport 2222 32 | goodport 22222 33 | goodport 65535 34 | 35 | -------------------------------------------------------------------------------- /regress/proto-mismatch.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: proto-mismatch.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="protocol version mismatch" 5 | 6 | mismatch () 7 | { 8 | server=$1 9 | client=$2 10 | banner=`echo ${client} | ${SSHD} -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy` 11 | r=$? 12 | trace "sshd prints ${banner}" 13 | if [ $r -ne 255 ]; then 14 | fail "sshd prints ${banner} and accepts connect with version ${client}" 15 | fi 16 | } 17 | 18 | mismatch 2 SSH-1.5-HALLO 19 | if ssh_version 1; then 20 | mismatch 1 SSH-2.0-HALLO 21 | fi 22 | -------------------------------------------------------------------------------- /regress/proto-version.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: proto-version.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="sshd version with different protocol combinations" 5 | 6 | # we just start sshd in inetd mode and check the banner 7 | check_version () 8 | { 9 | version=$1 10 | expect=$2 11 | banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` 12 | case ${banner} in 13 | SSH-1.99-*) 14 | proto=199 15 | ;; 16 | SSH-2.0-*) 17 | proto=20 18 | ;; 19 | SSH-1.5-*) 20 | proto=15 21 | ;; 22 | *) 23 | proto=0 24 | ;; 25 | esac 26 | if [ ${expect} -ne ${proto} ]; then 27 | fail "wrong protocol version ${banner} for ${version}" 28 | fi 29 | } 30 | 31 | check_version 2 20 32 | if ssh_version 1; then 33 | check_version 2,1 199 34 | check_version 1,2 199 35 | check_version 1 15 36 | fi 37 | -------------------------------------------------------------------------------- /regress/proxy-connect.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: proxy-connect.sh,v 1.9 2016/02/17 02:24:17 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="proxy connect" 5 | 6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 7 | 8 | for ps in no yes; do 9 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 10 | echo "UsePrivilegeSeparation $ps" >> $OBJ/sshd_proxy 11 | 12 | for p in ${SSH_PROTOCOLS}; do 13 | for c in no yes; do 14 | verbose "plain username protocol $p privsep=$ps comp=$c" 15 | opts="-$p -oCompression=$c -F $OBJ/ssh_proxy" 16 | SSH_CONNECTION=`${SSH} $opts 999.999.999.999 'echo $SSH_CONNECTION'` 17 | if [ $? -ne 0 ]; then 18 | fail "ssh proxyconnect protocol $p privsep=$ps comp=$c failed" 19 | fi 20 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then 21 | fail "bad SSH_CONNECTION protocol $p privsep=$ps comp=$c: " \ 22 | "$SSH_CONNECTION" 23 | fi 24 | done 25 | done 26 | done 27 | 28 | for p in ${SSH_PROTOCOLS}; do 29 | verbose "username with style protocol $p" 30 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ 31 | fail "ssh proxyconnect protocol $p failed" 32 | done 33 | -------------------------------------------------------------------------------- /regress/putty-ciphers.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="putty ciphers" 5 | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 7 | echo "putty interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do 12 | verbose "$tid: cipher $c" 13 | cp ${OBJ}/.putty/sessions/localhost_proxy \ 14 | ${OBJ}/.putty/sessions/cipher_$c 15 | echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c 16 | 17 | rm -f ${COPY} 18 | env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ 19 | 127.0.0.1 cat ${DATA} > ${COPY} 20 | if [ $? -ne 0 ]; then 21 | fail "ssh cat $DATA failed" 22 | fi 23 | cmp ${DATA} ${COPY} || fail "corrupted copy" 24 | done 25 | rm -f ${COPY} 26 | 27 | -------------------------------------------------------------------------------- /regress/putty-kex.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="putty KEX" 5 | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 7 | echo "putty interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do 12 | verbose "$tid: kex $k" 13 | cp ${OBJ}/.putty/sessions/localhost_proxy \ 14 | ${OBJ}/.putty/sessions/kex_$k 15 | echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k 16 | 17 | env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ 18 | 127.0.0.1 true 19 | if [ $? -ne 0 ]; then 20 | fail "KEX $k failed" 21 | fi 22 | done 23 | 24 | -------------------------------------------------------------------------------- /regress/putty-transfer.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="putty transfer data" 5 | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 7 | echo "putty interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | # XXX support protocol 1 too 12 | for p in 2; do 13 | for c in 0 1 ; do 14 | verbose "$tid: proto $p compression $c" 15 | rm -f ${COPY} 16 | cp ${OBJ}/.putty/sessions/localhost_proxy \ 17 | ${OBJ}/.putty/sessions/compression_$c 18 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k 19 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ 20 | -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} 21 | if [ $? -ne 0 ]; then 22 | fail "ssh cat $DATA failed" 23 | fi 24 | cmp ${DATA} ${COPY} || fail "corrupted copy" 25 | 26 | for s in 10 100 1k 32k 64k 128k 256k; do 27 | trace "proto $p compression $c dd-size ${s}" 28 | rm -f ${COPY} 29 | dd if=$DATA obs=${s} 2> /dev/null | \ 30 | env HOME=$PWD ${PLINK} -load compression_$c \ 31 | -batch -i putty.rsa$p 127.0.0.1 \ 32 | "cat > ${COPY}" 33 | if [ $? -ne 0 ]; then 34 | fail "ssh cat $DATA failed" 35 | fi 36 | cmp $DATA ${COPY} || fail "corrupted copy" 37 | done 38 | done 39 | done 40 | rm -f ${COPY} 41 | 42 | -------------------------------------------------------------------------------- /regress/reconfigure.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: reconfigure.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="simple connect after reconfigure" 5 | 6 | # we need the full path to sshd for -HUP 7 | if test "x$USE_VALGRIND" = "x" ; then 8 | case $SSHD in 9 | /*) 10 | # full path is OK 11 | ;; 12 | *) 13 | # otherwise make fully qualified 14 | SSHD=$OBJ/$SSHD 15 | esac 16 | fi 17 | 18 | start_sshd 19 | 20 | trace "connect before restart" 21 | for p in ${SSH_PROTOCOLS} ; do 22 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true 23 | if [ $? -ne 0 ]; then 24 | fail "ssh connect with protocol $p failed before reconfigure" 25 | fi 26 | done 27 | 28 | PID=`$SUDO cat $PIDFILE` 29 | rm -f $PIDFILE 30 | $SUDO kill -HUP $PID 31 | 32 | trace "wait for sshd to restart" 33 | i=0; 34 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do 35 | i=`expr $i + 1` 36 | sleep $i 37 | done 38 | 39 | test -f $PIDFILE || fatal "sshd did not restart" 40 | 41 | trace "connect after restart" 42 | for p in ${SSH_PROTOCOLS} ; do 43 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true 44 | if [ $? -ne 0 ]; then 45 | fail "ssh connect with protocol $p failed after reconfigure" 46 | fi 47 | done 48 | -------------------------------------------------------------------------------- /regress/reexec.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: reexec.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="reexec tests" 5 | 6 | SSHD_ORIG=$SSHD 7 | SSHD_COPY=$OBJ/sshd 8 | 9 | # Start a sshd and then delete it 10 | start_sshd_copy () 11 | { 12 | cp $SSHD_ORIG $SSHD_COPY 13 | SSHD=$SSHD_COPY 14 | start_sshd 15 | SSHD=$SSHD_ORIG 16 | } 17 | 18 | # Do basic copy tests 19 | copy_tests () 20 | { 21 | rm -f ${COPY} 22 | for p in ${SSH_PROTOCOLS} ; do 23 | verbose "$tid: proto $p" 24 | ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ 25 | cat ${DATA} > ${COPY} 26 | if [ $? -ne 0 ]; then 27 | fail "ssh cat $DATA failed" 28 | fi 29 | cmp ${DATA} ${COPY} || fail "corrupted copy" 30 | rm -f ${COPY} 31 | done 32 | } 33 | 34 | verbose "test config passing" 35 | 36 | cp $OBJ/sshd_config $OBJ/sshd_config.orig 37 | start_sshd 38 | echo "InvalidXXX=no" >> $OBJ/sshd_config 39 | 40 | copy_tests 41 | 42 | $SUDO kill `$SUDO cat $PIDFILE` 43 | rm -f $PIDFILE 44 | 45 | cp $OBJ/sshd_config.orig $OBJ/sshd_config 46 | 47 | # cygwin can't fork a deleted binary 48 | if [ "$os" != "cygwin" ]; then 49 | 50 | verbose "test reexec fallback" 51 | 52 | start_sshd_copy 53 | rm -f $SSHD_COPY 54 | 55 | copy_tests 56 | 57 | $SUDO kill `$SUDO cat $PIDFILE` 58 | rm -f $PIDFILE 59 | 60 | verbose "test reexec fallback without privsep" 61 | 62 | cp $OBJ/sshd_config.orig $OBJ/sshd_config 63 | echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config 64 | 65 | start_sshd_copy 66 | rm -f $SSHD_COPY 67 | 68 | copy_tests 69 | 70 | $SUDO kill `$SUDO cat $PIDFILE` 71 | rm -f $PIDFILE 72 | 73 | fi 74 | -------------------------------------------------------------------------------- /regress/rsa_openssh.prv: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko 3 | +dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3 4 | xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB 5 | An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7 6 | Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN 7 | wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V 8 | mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj 9 | qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI 10 | 7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ 11 | 9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC 12 | /ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg 13 | PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr 14 | dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /regress/rsa_openssh.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko+dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQ== 2 | -------------------------------------------------------------------------------- /regress/rsa_ssh2.prv: -------------------------------------------------------------------------------- 1 | ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- 2 | Subject: ssh-keygen test 3 | Comment: "1024-bit rsa, Sat Jun 23 2001 12:21:26 -0400" 4 | P2/56wAAAi4AAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS 5 | 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAB3wAAAdsAAAARAQABAAAD9icflXO8eQxtKonp 6 | 45gOxXCiZG9hsfkgRpiXXHpUBMhM28C72RR1Dg2xKm4xz7smP2Apm+Y7XLZgIpzQ/+I76L 7 | 95XQv7JCHVHDXyNBmWX7XZP4tmspFq/Tdg28zHSA3CpZjjwq3qG/b8395tDMpF7v34PS3Z 8 | xOH3aFPvEQ0UsgEAAAQA7IpcCnGijesEjDXdVoEPfh0akBJA9JAk1bba2sxrtDoQVN1JKP 9 | nRQ9SKdAsXV5jduSUFsTmBe4fznLvD948790U1/O8SkdGM5V0y1/ki7Rf8knm0t8Vj65X0 10 | VA4YdN4UeVfvMcb78vcInT2CsP6CLcBkrnjrBKtS03Mwg79nQI0AAAH/VdpOHYCMLPl/GF 11 | +uRLMshY55Q6l+MdJ0jo0AdZrCCnxwa3YeVywwU0wsZyoTCdGMf6KYDr39PVxwRcGkJ7Ue 12 | YgAAAgDWXpLlKafIgS3i0moMORZHD8D86us3xMW4b7GV2/AaP+En5TbOCR18CO0g/WfGiS 13 | 7zOLkP+TO9JW5QzEONIt6NAAACAQEaegYoWMBSQkLA7VWbOlSowelFlU6uo/2FSY+PM0nm 14 | gE8UZ7j6HWGhJEU4DNo25m3yyxuposKTMHxt/OOqFmoB 15 | ---- END SSH2 ENCRYPTED PRIVATE KEY ---- 16 | --- 17 | -------------------------------------------------------------------------------- /regress/scp-ssh-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: scp-ssh-wrapper.sh,v 1.3 2014/01/26 10:49:17 djm Exp $ 3 | # Placed in the Public Domain. 4 | 5 | printname () { 6 | NAME=$1 7 | save_IFS=$IFS 8 | IFS=/ 9 | set -- `echo "$NAME"` 10 | IFS="$save_IFS" 11 | while [ $# -ge 1 ] ; do 12 | if [ "x$1" != "x" ]; then 13 | echo "D0755 0 $1" 14 | fi 15 | shift; 16 | done 17 | } 18 | 19 | # Discard all but last argument. We use arg later. 20 | while test "x$1" != "x"; do 21 | arg="$1" 22 | shift 23 | done 24 | 25 | BAD="../../../../../../../../../../../../../${DIR}/dotpathdir" 26 | 27 | case "$SCPTESTMODE" in 28 | badserver_0) 29 | echo "D0755 0 /${DIR}/rootpathdir" 30 | echo "C755 2 rootpathfile" 31 | echo "X" 32 | ;; 33 | badserver_1) 34 | echo "D0755 0 $BAD" 35 | echo "C755 2 file" 36 | echo "X" 37 | ;; 38 | badserver_2) 39 | echo "D0755 0 $BAD" 40 | echo "C755 2 file" 41 | echo "X" 42 | ;; 43 | badserver_3) 44 | printname $BAD 45 | echo "C755 2 file" 46 | echo "X" 47 | ;; 48 | badserver_4) 49 | printname $BAD 50 | echo "D0755 0 .." 51 | echo "C755 2 file" 52 | echo "X" 53 | ;; 54 | *) 55 | set -- $arg 56 | shift 57 | exec $SCP "$@" 58 | ;; 59 | esac 60 | -------------------------------------------------------------------------------- /regress/setuid-allowed.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013 Damien Miller 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | /* $OpenBSD$ */ 18 | 19 | #include "includes.h" 20 | 21 | #include 22 | #ifdef HAVE_SYS_STATVFS_H 23 | # include 24 | #endif 25 | #include 26 | #include 27 | #include 28 | 29 | static void 30 | usage(void) 31 | { 32 | fprintf(stderr, "check-setuid [path]\n"); 33 | exit(1); 34 | } 35 | 36 | int 37 | main(int argc, char **argv) 38 | { 39 | const char *path = "."; 40 | struct statvfs sb; 41 | 42 | if (argc > 2) 43 | usage(); 44 | else if (argc == 2) 45 | path = argv[1]; 46 | 47 | if (statvfs(path, &sb) != 0) { 48 | /* Don't return an error if the host doesn't support statvfs */ 49 | if (errno == ENOSYS) 50 | return 0; 51 | fprintf(stderr, "statvfs for \"%s\" failed: %s\n", 52 | path, strerror(errno)); 53 | } 54 | return (sb.f_flag & ST_NOSUID) ? 1 : 0; 55 | } 56 | 57 | 58 | -------------------------------------------------------------------------------- /regress/sftp-batch.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sftp-batch.sh,v 1.5 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="sftp batchfile" 5 | 6 | BATCH=${OBJ}/sftp.bb 7 | 8 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* 9 | 10 | cat << EOF > ${BATCH}.pass.1 11 | get $DATA $COPY 12 | put ${COPY} ${COPY}.1 13 | rm ${COPY} 14 | -put ${COPY} ${COPY}.2 15 | EOF 16 | 17 | cat << EOF > ${BATCH}.pass.2 18 | # This is a comment 19 | 20 | # That was a blank line 21 | ls 22 | EOF 23 | 24 | cat << EOF > ${BATCH}.fail.1 25 | get $DATA $COPY 26 | put ${COPY} ${COPY}.3 27 | rm ${COPY}.* 28 | # The next command should fail 29 | put ${COPY}.3 ${COPY}.4 30 | EOF 31 | 32 | cat << EOF > ${BATCH}.fail.2 33 | # The next command should fail 34 | jajajajaja 35 | EOF 36 | 37 | verbose "$tid: good commands" 38 | ${SFTP} -b ${BATCH}.pass.1 -D ${SFTPSERVER} >/dev/null 2>&1 \ 39 | || fail "good commands failed" 40 | 41 | verbose "$tid: bad commands" 42 | ${SFTP} -b ${BATCH}.fail.1 -D ${SFTPSERVER} >/dev/null 2>&1 \ 43 | && fail "bad commands succeeded" 44 | 45 | verbose "$tid: comments and blanks" 46 | ${SFTP} -b ${BATCH}.pass.2 -D ${SFTPSERVER} >/dev/null 2>&1 \ 47 | || fail "comments & blanks failed" 48 | 49 | verbose "$tid: junk command" 50 | ${SFTP} -b ${BATCH}.fail.2 -D ${SFTPSERVER} >/dev/null 2>&1 \ 51 | && fail "junk command succeeded" 52 | 53 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* 54 | 55 | 56 | -------------------------------------------------------------------------------- /regress/sftp-chroot.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="sftp in chroot" 5 | 6 | CHROOT=/var/run 7 | FILENAME=testdata_${USER} 8 | PRIVDATA=${CHROOT}/${FILENAME} 9 | 10 | if [ -z "$SUDO" ]; then 11 | echo "skipped: need SUDO to create file in /var/run, test won't work without" 12 | exit 0 13 | fi 14 | 15 | if ! $OBJ/check-perm -m chroot "$CHROOT" ; then 16 | echo "skipped: $CHROOT is unsuitable as ChrootDirectory" 17 | exit 0 18 | fi 19 | 20 | $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ 21 | fatal "create $PRIVDATA failed" 22 | 23 | start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /" 24 | 25 | verbose "test $tid: get" 26 | ${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \ 27 | >>$TEST_REGRESS_LOGFILE 2>&1 || \ 28 | fatal "Fetch ${FILENAME} failed" 29 | cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ" 30 | 31 | $SUDO rm $PRIVDATA 32 | -------------------------------------------------------------------------------- /regress/sftp.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="basic sftp put/get" 5 | 6 | SFTPCMDFILE=${OBJ}/batch 7 | cat >$SFTPCMDFILE < /dev/null 2>&1 22 | r=$? 23 | if [ $r -ne 0 ]; then 24 | fail "sftp failed with $r" 25 | else 26 | cmp $DATA ${COPY}.1 || fail "corrupted copy after get" 27 | cmp $DATA ${COPY}.2 || fail "corrupted copy after put" 28 | fi 29 | done 30 | done 31 | rm -f ${COPY}.1 ${COPY}.2 32 | rm -f $SFTPCMDFILE 33 | -------------------------------------------------------------------------------- /regress/ssh-com-keygen.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: ssh-com-keygen.sh,v 1.4 2004/02/24 17:06:52 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="ssh.com key import" 5 | 6 | #TEST_COMBASE=/path/to/ssh/com/binaries 7 | if [ "X${TEST_COMBASE}" = "X" ]; then 8 | fatal '$TEST_COMBASE is not set' 9 | fi 10 | 11 | VERSIONS=" 12 | 2.0.10 13 | 2.0.12 14 | 2.0.13 15 | 2.1.0 16 | 2.2.0 17 | 2.3.0 18 | 2.3.1 19 | 2.4.0 20 | 3.0.0 21 | 3.1.0 22 | 3.2.0 23 | 3.2.2 24 | 3.2.3 25 | 3.2.5 26 | 3.2.9 27 | 3.2.9.1 28 | 3.3.0" 29 | 30 | COMPRV=${OBJ}/comkey 31 | COMPUB=${COMPRV}.pub 32 | OPENSSHPRV=${OBJ}/opensshkey 33 | OPENSSHPUB=${OPENSSHPRV}.pub 34 | 35 | # go for it 36 | for v in ${VERSIONS}; do 37 | keygen=${TEST_COMBASE}/${v}/ssh-keygen2 38 | if [ ! -x ${keygen} ]; then 39 | continue 40 | fi 41 | types="dss" 42 | case $v in 43 | 2.3.1|3.*) 44 | types="$types rsa" 45 | ;; 46 | esac 47 | for t in $types; do 48 | verbose "ssh-keygen $v/$t" 49 | rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB 50 | ${keygen} -q -P -t $t ${COMPRV} > /dev/null 2>&1 51 | if [ $? -ne 0 ]; then 52 | fail "${keygen} -t $t failed" 53 | continue 54 | fi 55 | ${SSHKEYGEN} -if ${COMPUB} > ${OPENSSHPUB} 56 | if [ $? -ne 0 ]; then 57 | fail "import public key ($v/$t) failed" 58 | continue 59 | fi 60 | ${SSHKEYGEN} -if ${COMPRV} > ${OPENSSHPRV} 61 | if [ $? -ne 0 ]; then 62 | fail "import private key ($v/$t) failed" 63 | continue 64 | fi 65 | chmod 600 ${OPENSSHPRV} 66 | ${SSHKEYGEN} -yf ${OPENSSHPRV} |\ 67 | diff - ${OPENSSHPUB} 68 | if [ $? -ne 0 ]; then 69 | fail "public keys ($v/$t) differ" 70 | fi 71 | done 72 | done 73 | 74 | rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB 75 | -------------------------------------------------------------------------------- /regress/ssh-com-sftp.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: ssh-com-sftp.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="basic sftp put/get with ssh.com server" 5 | 6 | SFTPCMDFILE=${OBJ}/batch 7 | 8 | cat >$SFTPCMDFILE < /dev/null 2>&1 54 | r=$? 55 | if [ $r -ne 0 ]; then 56 | fail "sftp failed with $r" 57 | else 58 | cmp $DATA ${COPY}.1 || fail "corrupted copy after get" 59 | cmp $DATA ${COPY}.2 || fail "corrupted copy after put" 60 | fi 61 | done 62 | done 63 | done 64 | rm -f ${COPY}.1 ${COPY}.2 65 | rm -f $SFTPCMDFILE 66 | -------------------------------------------------------------------------------- /regress/ssh2putty.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: ssh2putty.sh,v 1.3 2015/05/08 07:26:13 djm Exp $ 3 | 4 | if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then 5 | echo "Usage: ssh2putty hostname port ssh-private-key" 6 | exit 1 7 | fi 8 | 9 | HOST=$1 10 | PORT=$2 11 | KEYFILE=$3 12 | 13 | # XXX - support DSA keys too 14 | if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then 15 | : 16 | else 17 | echo "Unsupported private key format" 18 | exit 1 19 | fi 20 | 21 | public_exponent=` 22 | openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | 23 | sed 's/.*(//;s/).*//' 24 | ` 25 | test $? -ne 0 && exit 1 26 | 27 | modulus=` 28 | openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | 29 | sed 's/^Modulus=/0x/' | tr A-Z a-z 30 | ` 31 | test $? -ne 0 && exit 1 32 | 33 | echo "rsa2@$PORT:$HOST $public_exponent,$modulus" 34 | 35 | -------------------------------------------------------------------------------- /regress/sshcfgparse.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sshcfgparse.sh,v 1.2 2016/07/14 01:24:21 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="ssh config parse" 5 | 6 | verbose "reparse minimal config" 7 | (${SSH} -G -F $OBJ/ssh_config somehost >$OBJ/ssh_config.1 && 8 | ${SSH} -G -F $OBJ/ssh_config.1 somehost >$OBJ/ssh_config.2 && 9 | diff $OBJ/ssh_config.1 $OBJ/ssh_config.2) || fail "reparse minimal config" 10 | 11 | verbose "ssh -W opts" 12 | f=`${SSH} -GF $OBJ/ssh_config host | awk '/exitonforwardfailure/{print $2}'` 13 | test "$f" = "no" || fail "exitonforwardfailure default" 14 | f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/exitonforwardfailure/{print $2}'` 15 | test "$f" = "yes" || fail "exitonforwardfailure enable" 16 | f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o exitonforwardfailure=no h | \ 17 | awk '/exitonforwardfailure/{print $2}'` 18 | test "$f" = "no" || fail "exitonforwardfailure override" 19 | 20 | f=`${SSH} -GF $OBJ/ssh_config host | awk '/clearallforwardings/{print $2}'` 21 | test "$f" = "no" || fail "clearallforwardings default" 22 | f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/clearallforwardings/{print $2}'` 23 | test "$f" = "yes" || fail "clearallforwardings enable" 24 | f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o clearallforwardings=no h | \ 25 | awk '/clearallforwardings/{print $2}'` 26 | test "$f" = "no" || fail "clearallforwardings override" 27 | 28 | # cleanup 29 | rm -f $OBJ/ssh_config.[012] 30 | -------------------------------------------------------------------------------- /regress/sshd-log-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ 3 | # Placed in the Public Domain. 4 | # 5 | # simple wrapper for sshd proxy mode to catch stderr output 6 | # sh sshd-log-wrapper.sh /path/to/logfile /path/to/sshd [args...] 7 | 8 | log=$1 9 | shift 10 | 11 | exec "$@" -E$log 12 | -------------------------------------------------------------------------------- /regress/stderr-after-eof.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="stderr data after eof" 5 | 6 | # setup data 7 | rm -f ${DATA} ${COPY} 8 | cp /dev/null ${DATA} 9 | for i in 1 2 3 4 5 6; do 10 | (date;echo $i) | md5 >> ${DATA} 11 | done 12 | 13 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ 14 | exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \ 15 | 2> ${COPY} 16 | r=$? 17 | if [ $r -ne 0 ]; then 18 | fail "ssh failed with exit code $r" 19 | fi 20 | egrep 'Disconnecting: Received extended_data after EOF' ${COPY} && 21 | fail "ext data received after eof" 22 | cmp ${DATA} ${COPY} || fail "stderr corrupt" 23 | 24 | rm -f ${DATA} ${COPY} 25 | -------------------------------------------------------------------------------- /regress/stderr-data.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: stderr-data.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="stderr data transfer" 5 | 6 | for n in '' -n; do 7 | for p in ${SSH_PROTOCOLS}; do 8 | verbose "test $tid: proto $p ($n)" 9 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ 10 | exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ 11 | 2> ${COPY} 12 | r=$? 13 | if [ $r -ne 0 ]; then 14 | fail "ssh failed with exit code $r" 15 | fi 16 | cmp ${DATA} ${COPY} || fail "stderr corrupt" 17 | rm -f ${COPY} 18 | 19 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ 20 | exec sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ 21 | > /dev/null 2> ${COPY} 22 | r=$? 23 | if [ $r -ne 0 ]; then 24 | fail "ssh failed with exit code $r" 25 | fi 26 | cmp ${DATA} ${COPY} || fail "stderr corrupt" 27 | rm -f ${COPY} 28 | done 29 | done 30 | -------------------------------------------------------------------------------- /regress/t11.ok: -------------------------------------------------------------------------------- 1 | SHA256:4w1rnrek3klTJOTVhwuCIFd5k+pq9Bfo5KTxxb8BqbY 2 | -------------------------------------------------------------------------------- /regress/t4.ok: -------------------------------------------------------------------------------- 1 | MD5:3b:dd:44:e9:49:18:84:95:f1:e7:33:6b:9d:93:b1:36 2 | -------------------------------------------------------------------------------- /regress/t5.ok: -------------------------------------------------------------------------------- 1 | xokes-lylis-byleh-zebib-kalus-bihas-tevah-haroz-suhar-foved-noxex 2 | -------------------------------------------------------------------------------- /regress/transfer.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: transfer.sh,v 1.3 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="transfer data" 5 | 6 | for p in ${SSH_PROTOCOLS}; do 7 | verbose "$tid: proto $p" 8 | rm -f ${COPY} 9 | ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} 10 | if [ $? -ne 0 ]; then 11 | fail "ssh cat $DATA failed" 12 | fi 13 | cmp ${DATA} ${COPY} || fail "corrupted copy" 14 | 15 | for s in 10 100 1k 32k 64k 128k 256k; do 16 | trace "proto $p dd-size ${s}" 17 | rm -f ${COPY} 18 | dd if=$DATA obs=${s} 2> /dev/null | \ 19 | ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" 20 | if [ $? -ne 0 ]; then 21 | fail "ssh cat $DATA failed" 22 | fi 23 | cmp $DATA ${COPY} || fail "corrupted copy" 24 | done 25 | done 26 | rm -f ${COPY} 27 | -------------------------------------------------------------------------------- /regress/try-ciphers.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: try-ciphers.sh,v 1.25 2015/03/24 20:22:17 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="try ciphers" 5 | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7 | 8 | for c in `${SSH} -Q cipher`; do 9 | n=0 10 | for m in `${SSH} -Q mac`; do 11 | trace "proto 2 cipher $c mac $m" 12 | verbose "test $tid: proto 2 cipher $c mac $m" 13 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 14 | echo "Ciphers=$c" >> $OBJ/sshd_proxy 15 | echo "MACs=$m" >> $OBJ/sshd_proxy 16 | ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true 17 | if [ $? -ne 0 ]; then 18 | fail "ssh -2 failed with mac $m cipher $c" 19 | fi 20 | # No point trying all MACs for AEAD ciphers since they 21 | # are ignored. 22 | if ${SSH} -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then 23 | break 24 | fi 25 | n=`expr $n + 1` 26 | done 27 | done 28 | 29 | if ssh_version 1; then 30 | ciphers="3des blowfish" 31 | else 32 | ciphers="" 33 | fi 34 | for c in $ciphers; do 35 | trace "proto 1 cipher $c" 36 | verbose "test $tid: proto 1 cipher $c" 37 | ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true 38 | if [ $? -ne 0 ]; then 39 | fail "ssh -1 failed with cipher $c" 40 | fi 41 | done 42 | 43 | -------------------------------------------------------------------------------- /regress/unittests/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $ 2 | REGRESS_FAIL_EARLY= yes 3 | SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 4 | 5 | .include 6 | -------------------------------------------------------------------------------- /regress/unittests/Makefile.inc: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile.inc,v 1.6 2015/07/01 23:11:18 djm Exp $ 2 | 3 | .include 4 | .include 5 | 6 | # enable warnings 7 | WARNINGS=Yes 8 | 9 | DEBUG=-g 10 | CFLAGS+= -fstack-protector-all 11 | CDIAGFLAGS= -Wall 12 | CDIAGFLAGS+= -Wextra 13 | CDIAGFLAGS+= -Werror 14 | CDIAGFLAGS+= -Wchar-subscripts 15 | CDIAGFLAGS+= -Wcomment 16 | CDIAGFLAGS+= -Wformat 17 | CDIAGFLAGS+= -Wformat-security 18 | CDIAGFLAGS+= -Wimplicit 19 | CDIAGFLAGS+= -Winline 20 | CDIAGFLAGS+= -Wmissing-declarations 21 | CDIAGFLAGS+= -Wmissing-prototypes 22 | CDIAGFLAGS+= -Wparentheses 23 | CDIAGFLAGS+= -Wpointer-arith 24 | CDIAGFLAGS+= -Wreturn-type 25 | CDIAGFLAGS+= -Wshadow 26 | CDIAGFLAGS+= -Wsign-compare 27 | CDIAGFLAGS+= -Wstrict-aliasing 28 | CDIAGFLAGS+= -Wstrict-prototypes 29 | CDIAGFLAGS+= -Wswitch 30 | CDIAGFLAGS+= -Wtrigraphs 31 | CDIAGFLAGS+= -Wuninitialized 32 | CDIAGFLAGS+= -Wunused 33 | .if ${COMPILER_VERSION} == "gcc4" 34 | CDIAGFLAGS+= -Wpointer-sign 35 | CDIAGFLAGS+= -Wold-style-definition 36 | .endif 37 | 38 | SSHREL=../../../../../usr.bin/ssh 39 | 40 | CFLAGS+=-I${.CURDIR}/../test_helper -I${.CURDIR}/${SSHREL} 41 | 42 | .if exists(${.CURDIR}/../test_helper/${__objdir}) 43 | LDADD+=-L${.CURDIR}/../test_helper/${__objdir} -ltest_helper 44 | DPADD+=${.CURDIR}/../test_helper/${__objdir}/libtest_helper.a 45 | .else 46 | LDADD+=-L${.CURDIR}/../test_helper -ltest_helper 47 | DPADD+=${.CURDIR}/../test_helper/libtest_helper.a 48 | .endif 49 | 50 | .if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) 51 | LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh 52 | DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a 53 | .else 54 | LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh 55 | DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a 56 | .endif 57 | 58 | LDADD+= -lcrypto 59 | DPADD+= ${LIBCRYPTO} 60 | -------------------------------------------------------------------------------- /regress/unittests/bitmap/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.1 2015/01/15 07:36:28 djm Exp $ 2 | 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 4 | 5 | PROG=test_bitmap 6 | SRCS=tests.c 7 | REGRESS_TARGETS=run-regress-${PROG} 8 | 9 | run-regress-${PROG}: ${PROG} 10 | env ${TEST_ENV} ./${PROG} 11 | 12 | .include 13 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.1 2015/02/16 22:18:34 djm Exp $ 2 | 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 4 | 5 | PROG=test_hostkeys 6 | SRCS=tests.c test_iterate.c 7 | REGRESS_TARGETS=run-regress-${PROG} 8 | 9 | run-regress-${PROG}: ${PROG} 10 | env ${TEST_ENV} ./${PROG} -d ${.CURDIR}/testdata 11 | 12 | .include 13 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/dsa_1.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/dsa_2.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAI38Hy/61/O5Bp6yUG8J5XQCeNjRS0xvjlCdzKLyXCueMa+L+X2L/u9PWUsy5SVbTjGgpB8sF6UkCNsV+va7S8zCCHas2MZ7GPlxP6GZBkRPTIFR0N/Pu7wfBzDQz0t0iL4VmxBfTBQv/SxkGWZg+yHihIQP9fwdSAwD/7aVh6ItAAAAFQDSyihIUlINlswM0PJ8wXSti3yIMwAAAIB+oqzaB6ozqs8YxpN5oQOBa/9HEBQEsp8RSIlQmVubXRNgktp42n+Ii1waU9UUk8DX5ahhIeR6B7ojWkqmDAji4SKpoHf4kmr6HvYo85ZSTSx0W4YK/gJHSpDJwhlT52tAfb1JCbWSObjl09B4STv7KedCHcR5oXQvvrV+XoKOSAAAAIAue/EXrs2INw1RfaKNHC0oqOMxmRitv0BFMuNVPo1VDj39CE5kA7AHjwvS1TNeaHtK5Hhgeb6vsmLmNPTOc8xCob0ilyQbt9O0GbONeF2Ge7D2UJyULA/hxql+tCYFIC6yUrmo35fF9XiNisXLoaflk9fjp7ROWWVwnki/jstaQw== DSA #2 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/dsa_3.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAI6lz2Ip9bzE7TGuDD4SjO9S4Ac90gq0h6ai1O06eI8t/Ot2uJ5Jk2QyVr2jvIZHDl/5bwBx7+5oyjlwRoUrAPPD814wf5tU2tSnmdu1Wbf0cBswif5q0r4tevzmopp/AtgH11QHo3u0/pfyJd10qBDLV2FaYSKMmZvyPfZJ0s9pAAAAFQD5Eqjl6Rx2qVePodD9OwAPT0bU6wAAAIAfnDm6csZF0sFaJR3NIJvaYgSGr8s7cqlsk2gLltB/1wOOO2yX+NeEC+B0H93hlMfaUsPa08bwgmYxnavSMqEBpmtPceefJiEd68zwYqXd38f88wyWZ9Z5iwaI/6OVZPHzCbDxOa4ewVTevRNYUKP1xUTZNT8/gSMfZLYPk4T2AQAAAIAUKroozRMyV+3V/rxt0gFnNxRXBKk+9cl3vgsQ7ktkI9cYg7V1T2K0XF21AVMK9gODszy6PBJjV6ruXBV6TRiqIbQauivp3bHHKYsG6wiJNqwdbVwIjfvv8nn1qFoZQLXG3sdONr9NwN8KzrX89OV0BlR2dVM5qqp+YxOXymP9yg== DSA #3 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/dsa_4.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAKvjnFHm0VvMr5h2Zu3nURsxQKGoxm+DCzYDxRYcilK07Cm5c4XTrFbA2X86+9sGs++W7QRMcTJUYIg0a+UtIMtAjwORd6ZPXM2K5dBW+gh1oHyvKi767tWX7I2c+1ZPJDY95mUUfZQUEfdy9eGDSBmw/pSsveQ1ur6XNUh/MtP/AAAAFQDHnXk/9jBJAdce1pHtLWnbdPSGdQAAAIEAm2OLy8tZBfiEO3c3X1yyB/GTcDwrQCqRMDkhnsmrliec3dWkOfNTzu+MrdvF8ymTWLEqPpbMheYtvNyZ3TF0HO5W7aVBpdGZbOdOAIfB+6skqGbI8A5Up1d7dak/bSsqL2r5NjwbDOdq+1hBzzvbl/qjh+sQarV2zHrpKoQaV28AAACANtkBVedBbqIAdphCrN/LbUi9WlyuF9UZz+tlpVLYrj8GJVwnplV2tvOmUw6yP5/pzCimTsao8dpL5PWxm7fKxLWVxA+lEsA4WeC885CiZn8xhdaJOCN+NyJ2bqkz+4VPI7oDGBm0aFwUqJn+M1PiSgvI50XdF2dBsFRTRNY0wzA= DSA #4 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/dsa_5.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBALrFy7w5ihlaOG+qR+6fj+vm5EQaO3qwxgACLcgH+VfShuOG4mkx8qFJmf+OZ3fh5iKngjNZfKtfcqI7zHWdk6378TQfQC52/kbZukjNXOLCpyNkogahcjA00onIoTK1RUDuMW28edAHwPFbpttXDTaqis+8JPMY8hZwsZGENCzTAAAAFQD6+It5vozwGgaN9ROYPMlByhi6jwAAAIBz2mcAC694vNzz9b6614gkX9d9E99PzJYfU1MPkXDziKg7MrjBw7Opd5y1jL09S3iL6lSTlHkKwVKvQ3pOwWRwXXRrKVus4I0STveoApm526jmp6mY0YEtqR98vMJ0v97h1ydt8FikKlihefCsnXVicb8887PXs2Y8C6GuFT3tfQAAAIBbmHtV5tPcrMRDkULhaQ/Whap2VKvT2DUhIHA7lx6oy/KpkltOpxDZOIGUHKqffGbiR7Jh01/y090AY5L2eCf0S2Ytx93+eADwVVpJbFJo6zSwfeey2Gm6L2oA+rCz9zTdmtZoekpD3/RAOQjnJIAPwbs7mXwabZTw4xRtiYIRrw== DSA #5 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/dsa_6.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ecdsa_1.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF6yQEtD9yBw9gmDRf477WBBzvWhAa0ioBI3nbA4emKykj0RbuQd5C4XdQAEOZGzE7v//FcCjwB2wi+JH5eKkxCtN6CjohDASZ1huoIV2UVyYIicZJEEOg1IWjjphvaxtw== ECDSA #1 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ecdsa_2.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAB8qVcXwgBM92NCmReQlPrZAoui4Bz/mW0VUBFOpHXXW1n+15b/Y7Pc6UBd/ITTZmaBciXY+PWaSBGdwc5GdqGdLgFyJ/QAGrFMPNpVutm/82gNQzlxpNwjbMcKyiZEXzSgnjS6DzMQ0WuSMdzIBXq8OW/Kafxg4ZkU6YqALUXxlQMZuQ== ECDSA #2 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ecdsa_3.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIb3BhJZk+vUQPg5TQc1koIzuGqloCq7wjr9LjlhG24IBeiFHLsdWw74HDlH4DrOmlxToVYk2lTdnjARleRByjk= ECDSA #3 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ecdsa_4.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZd0OXHIWwK3xnjAdMZ1tojxWycdu38pORO/UX5cqsKMgGCKQVBWWO3TFk1ePkGIE9VMWT1hCGqWRRwYlH+dSE= ECDSA #4 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ecdsa_5.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIudcagzq4QPtP1jkpje34+0POLB0jwT64hqrbCqhTH2T800KDZ0h2vwlJYa3OP3Oqru9AB5pnuHsKw7mAhUGY= ECDSA #5 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ecdsa_6.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ed25519_1.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9ks7jkua5YWIwByRnnnc6UPJQWI75O0e/UJdPYU1JI ED25519 #1 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ed25519_2.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBp6PVW0z2o9C4Ukv/JOgmK7QMFe1pD1s3ADFF7IQob ED25519 #2 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ed25519_3.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlYfExtYZAPqYvYdrlpGlSWhh/XNHcH3v3c2JzsVNbB ED25519 #3 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ed25519_4.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFP8L9REfN/iYy1KIRtFqSCn3V2+vOCpoZYENFGLdOF ED25519 #4 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ed25519_5.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINf63qSV8rD57N+digID8t28WVhd3Yf2K2UhaoG8TsWQ ED25519 #5 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/ed25519_6.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLW0ZwCkRQldpLa4I5BpwGa/om+WE6OgC8jdVqakt0Z ED25519 #6 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa1_1.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 153895431603677073925890314548566704948446776958334195280085080329934839226701954473292358821568047724356487621573742372399387931887004184139835510820577359977148363519970774657801798872789118894962853659233045778161859413980935372685480527355016624825696983269800574755126132814333241868538220824608980319407 RSA1 #1 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa1_2.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 135970715082947442639683969597180728933388298633245835186618852623800675939308729462220235058285909679252157995530180587329132927339620517781785310829060832352381015614725360278571924286986474946772141568893116432268565829418506866604294073334978275702221949783314402806080929601995102334442541344606109853641 RSA1 #2 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa1_3.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 125895605498029643697051635076028105429632810811904702876152645261610759866299221305725069141163240694267669117205342283569102183636228981857946763978553664895308762890072813014496700601576921921752482059207749978374872713540759920335553799711267170948655579130584031555334229966603000896364091459595522912269 RSA1 #3 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa1_4.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 174143366122697048196335388217056770310345753698079464367148030836533360510864881734142526411160017107552815906024399248049666856133771656680462456979369587903909343046704480897527203474513676654933090991684252819423129896444427656841613263783484827101210734799449281639493127615902427443211183258155381810593 RSA1 #4 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa1_5.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 127931411493401587586867047972295564331543694182352197506125410692673654572057908999642645524647232712160516076508316152810117209181150078352725299319149726341058893406440426414316276977768958023952319602422835879783057966985348561111880658922724668687074412548487722084792283453716871417610020757212399252171 RSA1 #5 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa1_6.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 140883028436203600354693376066567741282115117509696517282419557936340193768851493584179972504103033755515036493433917203732876685813283050574208967197963391667532902202382549275760997891673884333346000558018002659506756213191532156293935482587878596032743105911487673274674568768638010598205190227631909167257 RSA1 #6 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa_1.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDg4hB4vAZHJ0PVRiJajOv/GlytFWNpv5/9xgB9+5BIbvp8LOrFZ5D9K0Gsmwpd4G4rfaAz8j896DhMArg0vtkilIPPGt/6VzWMERgvaIQPJ/IE99X3+fjcAG56oAWwy29JX10lQMzBPU6XJIaN/zqpkb6qUBiAHBdLpxrFBBU0/w== RSA #1 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa_2.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDmbUhNabB5AmBDX6GNHZ3lbn7pRxqfpW+f53QqNGlK0sLV+0gkMIrOfUp1kdE2ZLE6tfzdicatj/RlH6/wuo4yyYb+Pyx3G0vxdmAIiA4aANq38XweDucBC0TZkRWVHK+Gs5V/uV0z7N0axJvkkJujMLvST3CRiiWwlficBc6yVQ== RSA #2 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa_3.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDX8F93W3SH4ZSus4XUQ2cw9dqcuyUETTlKEeGv3zlknV3YCoe2Mp04naDhiuwj8sOsytrZSESzLY1ZEyzrjxE6ZFVv8NKgck/AbRjcwlRFOcx9oKUxOrXRa0IoXlTq0kyjKCJfaHBKnGitZThknCPTbVmpATkm5xx6J0WEDozfoQ== RSA #3 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa_4.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDI8AdjBAozcdRnIikVlt69iyDHKyrtxmpdkbRy9bWaL86OH+PTmLUk5e+T/ufiakpeE2pm0hkE3e4Sh/FsY+rsQdRoraWVNFfchcMeVlKvuy5RZN0ElvmaQebOJUeNeBn2LLw8aL8bJ4CP/bQRKrmrSSqjz3+4H9YNVyyk1OGBPQ== RSA #4 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa_5.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC/C15Q4sfnk7BZff1er8bscay+5s51oD4eWArlHWMK/ZfYeeTAccTy+7B7Jv+MS4nKCpflrvJI2RQz4kS8vF0ATdBbi4jeWefStlHNg0HLhnCY7NAfDIlRdaN9lm3Pqm2vmr+CkqwcJaSpycDg8nPN9yNAuD6pv7NDuUnECezojQ== RSA #5 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/testdata/rsa_6.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQClu/3I6GG1Ai89Imnw0vXmWJ2OW0ftQwRrsbIAD0qzLFYpkJ76QWnzpCehvK9u0L5hcw7z2Y6mRLcSBsqONc+HVU73Qi7M4zHRvtjprPs3SOyLpf0J9sL1WiHBDwg2P0miHMCdqHDd5nVXkJB2d4eeecmgezGLa29NOHZjbza5yw== RSA #6 2 | -------------------------------------------------------------------------------- /regress/unittests/hostkeys/tests.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: tests.c,v 1.1 2015/02/16 22:18:34 djm Exp $ */ 2 | /* 3 | * Regress test for known_hosts-related API. 4 | * 5 | * Placed in the public domain 6 | */ 7 | 8 | void tests(void); 9 | void test_iterate(void); /* test_iterate.c */ 10 | 11 | void 12 | tests(void) 13 | { 14 | test_iterate(); 15 | } 16 | 17 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.2 2015/01/24 10:39:21 miod Exp $ 2 | 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 4 | 5 | PROG=test_irongpg 6 | SRCS=tests.c \ 7 | test_gpg-key.c test_gpg-keyfile.c test_gpg-packet.c test_gpg-trustdb.c \ 8 | test_gpg.c test_recipient.c test_util.c 9 | 10 | REGRESS_TARGETS=run-regress-${PROG} 11 | 12 | run-regress-${PROG}: ${PROG} 13 | env ${TEST_ENV} ./${PROG} 14 | 15 | .include 16 | 17 | LDADD+=-lz 18 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/test_gpg-key.c: -------------------------------------------------------------------------------- 1 | #include "regress/unittests/test_helper/test_helper.h" 2 | 3 | #include "iron/gpg-key.c" 4 | 5 | 6 | void 7 | test_s2k(void) 8 | { 9 | TEST_START("s2k"); 10 | 11 | static unsigned char salt[S2K_SALT_BYTES] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; 12 | const char * pphrase = "ImGumbyAndYouAreNot"; 13 | 14 | static unsigned char expected_key1[AES128_KEY_BYTES] = { 15 | 0x0e, 0xa5, 0x00, 0x1c, 0xce, 0xad, 0x7e, 0xa8, 0xa0, 0x81, 0x38, 0xae, 0xaf, 0x4e, 0x28, 0xd5 16 | }; 17 | unsigned char s2k_key1[AES128_KEY_BYTES]; 18 | 19 | compute_gpg_s2k_key(pphrase, sizeof(s2k_key1), salt, S2K_ITER_BYTE_COUNT, s2k_key1); 20 | ASSERT_INT_EQ(memcmp(s2k_key1, expected_key1, sizeof(s2k_key1)), 0); 21 | 22 | // Second test to handle the case where we need to run multiple hashes to generate enough bits 23 | // Note that the first 16 bytes are the same as the previous test - this is to be expected, since the 24 | // salt and passphrase are the same, so the first hash is executed identically. 25 | static unsigned char expected_key2[48] = { 26 | 0x0e, 0xa5, 0x00, 0x1c, 0xce, 0xad, 0x7e, 0xa8, 0xa0, 0x81, 0x38, 0xae, 0xaf, 0x4e, 0x28, 0xd5, 27 | 0x21, 0xf1, 0xee, 0x4b, 0x02, 0xc0, 0x0f, 0x63, 0x6a, 0x17, 0xbf, 0x62, 0x34, 0x10, 0x26, 0x48, 28 | 0x7b, 0xc6, 0x3f, 0x08, 0x9d, 0xb5, 0x6b, 0x34, 0x70, 0x3b, 0x71, 0xdb, 0x67, 0x92, 0x6f, 0x5f 29 | }; 30 | unsigned char s2k_key2[48]; 31 | 32 | compute_gpg_s2k_key(pphrase, sizeof(s2k_key2), salt, S2K_ITER_BYTE_COUNT, s2k_key2); 33 | ASSERT_INT_EQ(memcmp(s2k_key2, expected_key2, sizeof(s2k_key2)), 0); 34 | 35 | TEST_DONE(); 36 | } 37 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/test_gpg-keyfile.c: -------------------------------------------------------------------------------- 1 | #include "regress/unittests/test_helper/test_helper.h" 2 | 3 | #include "iron/gpg-keyfile.c" 4 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/test_gpg-trustdb.c: -------------------------------------------------------------------------------- 1 | #include "regress/unittests/test_helper/test_helper.h" 2 | 3 | #include "iron/gpg-trustdb.c" 4 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/test_gpg.c: -------------------------------------------------------------------------------- 1 | #include "regress/unittests/test_helper/test_helper.h" 2 | 3 | #include "iron/gpg.c" 4 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/test_recipient.c: -------------------------------------------------------------------------------- 1 | #include "regress/unittests/test_helper/test_helper.h" 2 | 3 | #include "iron/recipient.c" 4 | -------------------------------------------------------------------------------- /regress/unittests/irongpg/tests.c: -------------------------------------------------------------------------------- 1 | #include "regress/unittests/test_helper/test_helper.h" 2 | #include "xmalloc.h" 3 | 4 | void test_bignums(void); 5 | void test_int_to_buf(void); 6 | void test_iron_extension_offset(void); 7 | void test_packets(void); 8 | void test_put_num_sexpr(void); 9 | void test_reverse_barray(void); 10 | void test_s2k(void); 11 | void test_sha1(void); 12 | void test_str2hex(void); 13 | void test_tags(void); 14 | 15 | void 16 | tests(void) 17 | { 18 | // Initialization 19 | ssh_malloc_init(); 20 | 21 | test_str2hex(); 22 | test_bignums(); 23 | test_int_to_buf(); 24 | test_put_num_sexpr(); 25 | test_reverse_barray(); 26 | test_sha1(); 27 | test_iron_extension_offset(); 28 | test_tags(); 29 | test_packets(); 30 | test_s2k(); 31 | } 32 | -------------------------------------------------------------------------------- /regress/unittests/kex/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.2 2015/01/24 10:39:21 miod Exp $ 2 | 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 4 | 5 | PROG=test_kex 6 | SRCS=tests.c test_kex.c 7 | REGRESS_TARGETS=run-regress-${PROG} 8 | 9 | run-regress-${PROG}: ${PROG} 10 | env ${TEST_ENV} ./${PROG} 11 | 12 | .include 13 | 14 | LDADD+=-lz 15 | -------------------------------------------------------------------------------- /regress/unittests/kex/tests.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: tests.c,v 1.1 2015/01/15 23:41:29 markus Exp $ */ 2 | /* 3 | * Placed in the public domain 4 | */ 5 | 6 | #include "../test_helper/test_helper.h" 7 | 8 | void kex_tests(void); 9 | 10 | void 11 | tests(void) 12 | { 13 | kex_tests(); 14 | } 15 | -------------------------------------------------------------------------------- /regress/unittests/sshbuf/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.1 2014/04/30 05:32:00 djm Exp $ 2 | 3 | PROG=test_sshbuf 4 | SRCS=tests.c 5 | SRCS+=test_sshbuf.c 6 | SRCS+=test_sshbuf_getput_basic.c 7 | SRCS+=test_sshbuf_getput_crypto.c 8 | SRCS+=test_sshbuf_misc.c 9 | SRCS+=test_sshbuf_fuzz.c 10 | SRCS+=test_sshbuf_getput_fuzz.c 11 | SRCS+=test_sshbuf_fixed.c 12 | 13 | .include 14 | 15 | -------------------------------------------------------------------------------- /regress/unittests/sshbuf/tests.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: tests.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */ 2 | /* 3 | * Regress test for sshbuf.h buffer API 4 | * 5 | * Placed in the public domain 6 | */ 7 | 8 | #include "../test_helper/test_helper.h" 9 | 10 | void sshbuf_tests(void); 11 | void sshbuf_getput_basic_tests(void); 12 | void sshbuf_getput_crypto_tests(void); 13 | void sshbuf_misc_tests(void); 14 | void sshbuf_fuzz_tests(void); 15 | void sshbuf_getput_fuzz_tests(void); 16 | void sshbuf_fixed(void); 17 | 18 | void 19 | tests(void) 20 | { 21 | sshbuf_tests(); 22 | sshbuf_getput_basic_tests(); 23 | sshbuf_getput_crypto_tests(); 24 | sshbuf_misc_tests(); 25 | sshbuf_fuzz_tests(); 26 | sshbuf_getput_fuzz_tests(); 27 | sshbuf_fixed(); 28 | } 29 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.1 2014/06/24 01:14:18 djm Exp $ 2 | 3 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 4 | 5 | PROG=test_sshkey 6 | SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c 7 | REGRESS_TARGETS=run-regress-${PROG} 8 | 9 | run-regress-${PROG}: ${PROG} 10 | env ${TEST_ENV} ./${PROG} -d ${.CURDIR}/testdata 11 | 12 | .include 13 | 14 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/common.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: common.h,v 1.1 2014/06/24 01:14:18 djm Exp $ */ 2 | /* 3 | * Helpers for key API tests 4 | * 5 | * Placed in the public domain 6 | */ 7 | 8 | /* Load a binary file into a buffer */ 9 | struct sshbuf *load_file(const char *name); 10 | 11 | /* Load a text file into a buffer */ 12 | struct sshbuf *load_text_file(const char *name); 13 | 14 | /* Load a bignum from a file */ 15 | BIGNUM *load_bignum(const char *name); 16 | 17 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBvAIBAAKBgQD6kutNFRsHTwEAv6d39Lhsqy1apdHBZ9c2HfyRr7WmypyGIy2m 3 | Ka43vzXI8CNwmRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+MiwfurwrR3CRe61QRYb8Py 4 | mcHOxueHs95IcjrbIPNn86cjnPP5qvv/guUzCjuww4zBdJOXpligrGt2XwIVAKMD 5 | /50qQy7j8JaMk+1+Xtg1pK01AoGBAO7l9QVVbSSoy5lq6cOtvpf8UlwOa6+zBwbl 6 | o4gmFd1RwX1yWkA8kQ7RrhCSg8Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEWtN4P 7 | h8fVUeS74iQbIwFQeKlYHIlNTRoGtAbdi3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgz 8 | LND26HrdAoGBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb 9 | OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joo 10 | t+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAhRYIbQ5 11 | KfXsZuBPuWe5FJz3ldaEgw== 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1-cert.fp: -------------------------------------------------------------------------------- 1 | SHA256:kOLgXSoAT8O5T6r36n5NJUYigbux1d7gdH/rmWiJm6s 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1-cert.pub: -------------------------------------------------------------------------------- 1 | ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgdTlbNU9Hn9Qng3FHxwH971bxCIoq1ern/QWFFDWXgmYAAACBAPqS600VGwdPAQC/p3f0uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw62+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxbOXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAAAAAAAAAAYAAAACAAAABmp1bGl1cwAAABIAAAAFaG9zdDEAAAAFaG9zdDIAAAAANowB8AAAAABNHmBwAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBThupGO0X+FLQhbz8CoKPwc7V3JNsQuGtlsgN+F7SMGQAAAFMAAAALc3NoLWVkMjU1MTkAAABAh/z1LIdNL1b66tQ8t9DY9BTB3BQKpTKmc7ezyFKLwl96yaIniZwD9Ticdbe/8i/Li3uCFE3EAt8NAIv9zff8Bg== DSA test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1.fp: -------------------------------------------------------------------------------- 1 | SHA256:kOLgXSoAT8O5T6r36n5NJUYigbux1d7gdH/rmWiJm6s 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1.fp.bb: -------------------------------------------------------------------------------- 1 | xetag-todiz-mifah-torec-mynyv-cyvit-gopon-pygag-rupic-cenav-bexax 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1.param.g: -------------------------------------------------------------------------------- 1 | 00eee5f505556d24a8cb996ae9c3adbe97fc525c0e6bafb30706e5a3882615dd51c17d725a403c910ed1ae109283c1dcea62069ca460291962ff72e06d27d9d286c525e86446d116b4de0f87c7d551e4bbe2241b23015078a9581c894d4d1a06b406dd8b79c7755f81064110735577ae3a98aa18cea33ff236c8332cd0f6e87add 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1.param.priv: -------------------------------------------------------------------------------- 1 | 5821b43929f5ec66e04fb967b9149cf795d68483 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1.param.pub: -------------------------------------------------------------------------------- 1 | 00e757a727e6a1b10168ea9902ebe08f53f4ba18c6d8fdf551fbabbf6d8558f054dc0f6aae4c5b397c04d0bc2f8c2bebb1057f96b621273fed8b2b38d1579a86e956644e520073171887fde4b88b4a0697323928ee3a28b7e2caf3896d2f29b067840c9d88e765249c95fd54bb240c714b5bdf8f88d2ef58727ca1a7699216c42d 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAPqS600VGwdPAQC/p3f0uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw62+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxbOXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQt DSA test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_1_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: AES-128-CBC,BC8386C373B22EB7F00ADC821D5D8BE9 4 | 5 | +HDV2DQ09sxrIAeXTz9r3YFuPRa2hk1+NGcr3ETkXbC6KiZ14wpTnGTloKwaQjIW 6 | eXTa9mpCOWAoohgvsVb+hOuOlP7AfeHu1IXV4EAS+GDpkiV5UxlCXXwqlD75Buu4 7 | wwDd/p4SWzILH3WGjDk5JIXoxWNY13LHwC7Q6gtGJx4AicUG7YBRTXMIBDa/Kh77 8 | 6o2rFETKmp4VHBvHbakmiETfptdM8bbWxKWeY2vakThyESgeofsLoTOQCIwlEfJC 9 | s2D/KYL65C8VbHYgIoSLTQnooO45DDyxIuhCqP+H23mhv9vB1Od3nc2atgHj/XFs 10 | dcOPFkF/msDRYqxY3V0AS6+jpKwFodZ7g/hyGcyPxOkzlJVuKoKuH6P5PyQ69Gx0 11 | iqri0xEPyABr7kGlXNrjjctojX+B4WwSnjg/2euXXWFXCRalIdA7ErATTiQbGOx7 12 | Vd6Gn8PZbSy1MkqEDrZRip0pfAFJYI/8GXPC75BpnRsrVlfhtrngbW+kBP35LzaN 13 | l2K+RQ3gSB3iFoqNb1Kuu6T5MZlyVl5H2dVlJSeb1euQ2OycXdDoFTyJ4AiyWS7w 14 | Vlh8zeJnso5QRDjMwx99pZilbbuFGSLsahiGEveFc6o= 15 | -----END DSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_2: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBvQIBAAKBgQCbyPXNdHeLsjpobPVCMkfagBkt15Zsltqf/PGNP1y1cuz7rsTX 3 | ZekQwUkSTNm5coqXe+ZOw2O4tjobJDd60I1/VPgaB0NYlQR9Hn87M284WD4f6VY+ 4 | aunHmP134a8ybG5G4NqVNF3ihvxAR2pVITqb7kE46r2uYZNcNlHI8voRCwIVAMcP 5 | bwqFNsQbH5pJyZW30wj4KVZ3AoGBAIK98BVeKQVf8qDFqx9ovMuNgVSxpd+N0Yta 6 | 5ZEy1OI2ziu5RhjueIM2K7Gq2Mnp38ob1AM53BUxqlcBJaHEDa6rj6yvuMgW9oCJ 7 | dImBM8sIFxfBbXNbpJiMaDwa6WyT84OkpDE6uuAepTMnWOUWkUVkAiyokHDUGXkG 8 | GyoQblbXAoGBAIsf7TaZ804sUWwRV0wI8DYx+hxD5QdrfYPYMtL2fHn3lICimGt0 9 | FTtUZ25jKg0E0DMBPdET6ZEHB3ZZkR8hFoUzZhdnyJMu3UjVtgaV88Ue3PrXxchk 10 | 0W2jHPaAgQU3JIWzo8HFIFqvC/HEL+EyW3rBTY2uXM3XGI+YcWSA4ZrZAhUAsY2f 11 | bDFNzgZ4DaZ9wLRzTgOswPU= 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_2.fp: -------------------------------------------------------------------------------- 1 | SHA256:ecwhWcXgpdBxZ2e+OjpRRY7dqXHHCD62BGtoVQQBwCk 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_2.fp.bb: -------------------------------------------------------------------------------- 1 | xeser-megad-pocan-rozit-belup-tapoh-fapif-kyvit-vonav-cehab-naxax 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_2.pub: -------------------------------------------------------------------------------- 1 | ssh-dss AAAAB3NzaC1kc3MAAACBAJvI9c10d4uyOmhs9UIyR9qAGS3XlmyW2p/88Y0/XLVy7PuuxNdl6RDBSRJM2blyipd75k7DY7i2OhskN3rQjX9U+BoHQ1iVBH0efzszbzhYPh/pVj5q6ceY/XfhrzJsbkbg2pU0XeKG/EBHalUhOpvuQTjqva5hk1w2Ucjy+hELAAAAFQDHD28KhTbEGx+aScmVt9MI+ClWdwAAAIEAgr3wFV4pBV/yoMWrH2i8y42BVLGl343Ri1rlkTLU4jbOK7lGGO54gzYrsarYyenfyhvUAzncFTGqVwElocQNrquPrK+4yBb2gIl0iYEzywgXF8Ftc1ukmIxoPBrpbJPzg6SkMTq64B6lMydY5RaRRWQCLKiQcNQZeQYbKhBuVtcAAACBAIsf7TaZ804sUWwRV0wI8DYx+hxD5QdrfYPYMtL2fHn3lICimGt0FTtUZ25jKg0E0DMBPdET6ZEHB3ZZkR8hFoUzZhdnyJMu3UjVtgaV88Ue3PrXxchk0W2jHPaAgQU3JIWzo8HFIFqvC/HEL+EyW3rBTY2uXM3XGI+YcWSA4ZrZ DSA test key #2 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_n: -------------------------------------------------------------------------------- 1 | -----BEGIN DSA PRIVATE KEY----- 2 | MIIBvAIBAAKBgQD6kutNFRsHTwEAv6d39Lhsqy1apdHBZ9c2HfyRr7WmypyGIy2m 3 | Ka43vzXI8CNwmRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+MiwfurwrR3CRe61QRYb8Py 4 | mcHOxueHs95IcjrbIPNn86cjnPP5qvv/guUzCjuww4zBdJOXpligrGt2XwIVAKMD 5 | /50qQy7j8JaMk+1+Xtg1pK01AoGBAO7l9QVVbSSoy5lq6cOtvpf8UlwOa6+zBwbl 6 | o4gmFd1RwX1yWkA8kQ7RrhCSg8Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEWtN4P 7 | h8fVUeS74iQbIwFQeKlYHIlNTRoGtAbdi3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgz 8 | LND26HrdAoGBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb 9 | OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joo 10 | t+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAhRYIbQ5 11 | KfXsZuBPuWe5FJz3ldaEgw== 12 | -----END DSA PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/dsa_n_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCVs+LsMJ 3 | wnB5zM9U9pTXrGAAAAEAAAAAEAAAGzAAAAB3NzaC1kc3MAAACBAPqS600VGwdPAQC/p3f0 4 | uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y 5 | 4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0 6 | k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw6 7 | 2+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl 8 | 6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/ 9 | I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb 10 | OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84 11 | ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAAAB4HiOcRW4w+sIqBL0 12 | TPVbf0glN1hUi0rcE63Pqxmvxb8LkldC4IxAUagPrjhNAEW2AY42+CvPrtGB1z7gDADAIW 13 | xZX6wKwIcXP0Qh+xHE12F4u6mwfasssnAp4t1Ki8uCjMjnimgb3KdWpp0kiUV0oR062TXV 14 | PAdfrWjaq4fw0KOqbHIAG/v36AqzuqjSTfDbqvLZM3y0gp2Q1RxaQVJA5ZIKKyqRyFX7sr 15 | BaEIyCgeE3hM0EB7BycY1oIcS/eNxrACBWVJCENl5N7LtEYXNX7TANFniztfXzwaqGTT6A 16 | fCfbW4gz1UKldLUBzbIrPwMWlirAstbHvOf/2Iay2pNAs/SHhI0aF2jsGfvv5/D6N+r9dG 17 | B2SgDKBg7pywMH1DTvg6YT3P4GjCx0GUHqRCFLvD1rDdk4KSjvaRMpVq1PJ0/Wv6UGtsMS 18 | TR0PaEHDRNZqAX4YxqujnWrGKuRJhuz0eUvp7fZvbWHtiAMKV7368kkeUmkOHanb+TS+zs 19 | KINX8ev8zJZ6WVr8Vl+IQavpv0i2bXwS6QqbEuifpv/+uBb7pqRiU4u8en0eMdX1bZoTPM 20 | R6xHCnGD/Jpb3zS91Ya57T6CiXZ12KCaL6nWGnCkZVpzkfJ2HjFklWSWBQ6uyaosDQ== 21 | -----END OPENSSH PRIVATE KEY----- 22 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIPPNyUAnjvFr+eT/7t/IyjuQQd/aLFiTY92LB9gIjyrMoAoGCCqGSM49 3 | AwEHoUQDQgAEDFlblkOrW9ydKVhtM+9AY3c9saBE7SG3lFx38nBavkADDaI9jh3/ 4 | kvG/Jt9vpm22qwoklTCGDfzCkXkIKaWlBw== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1-cert.fp: -------------------------------------------------------------------------------- 1 | SHA256:8ty77fOpABat1y88aNdclQTfU+lVvWe7jYZGw8VYtfg 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1-cert.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgOtFRnMigkGliaYfPmX5IidVWfV3tRH6lqRXv0l8bvKoAAAAIbmlzdHAyNTYAAABBBAxZW5ZDq1vcnSlYbTPvQGN3PbGgRO0ht5Rcd/JwWr5AAw2iPY4d/5Lxvybfb6ZttqsKJJUwhg38wpF5CCmlpQcAAAAAAAAABwAAAAIAAAAGanVsaXVzAAAAEgAAAAVob3N0MQAAAAVob3N0MgAAAAA2jAHwAAAAAE0eYHAAAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAxZW5ZDq1vcnSlYbTPvQGN3PbGgRO0ht5Rcd/JwWr5AAw2iPY4d/5Lxvybfb6ZttqsKJJUwhg38wpF5CCmlpQcAAABkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABJAAAAIHbxGwTnue7KxhHXGFvRcxBnekhQ3Qx84vV/Vs4oVCrpAAAAIQC7vk2+d14aS7td7kVXLQn392oALjEBzMZoDvT1vT/zOA== ECDSA test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1.fp: -------------------------------------------------------------------------------- 1 | SHA256:8ty77fOpABat1y88aNdclQTfU+lVvWe7jYZGw8VYtfg 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1.fp.bb: -------------------------------------------------------------------------------- 1 | xibah-vocun-sogyn-byhen-rivem-hegyh-luneh-dozyr-vatyf-dufid-myxyx 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1.param.curve: -------------------------------------------------------------------------------- 1 | prime256v1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1.param.priv: -------------------------------------------------------------------------------- 1 | 00f3cdc940278ef16bf9e4ffeedfc8ca3b9041dfda2c589363dd8b07d8088f2acc 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1.param.pub: -------------------------------------------------------------------------------- 1 | 040c595b9643ab5bdc9d29586d33ef4063773db1a044ed21b7945c77f2705abe40030da23d8e1dff92f1bf26df6fa66db6ab0a249530860dfcc291790829a5a507 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAxZW5ZDq1vcnSlYbTPvQGN3PbGgRO0ht5Rcd/JwWr5AAw2iPY4d/5Lxvybfb6ZttqsKJJUwhg38wpF5CCmlpQc= ECDSA test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_1_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: AES-128-CBC,7BA38DE00F67851E4207216809C3BB15 4 | 5 | 8QkFoZHQkj9a2mt032sp+WKaJ1fwteqWDd4RpAW9OzDgqzMx1QO43qJgBDTfhzjt 6 | M2Q8YfiGjfBEYpg4kCbacfcV68DEV4z6Ll7rIzzzO7OfWUNL++brD64vKx4z6f46 7 | +sn4nbZTXilpkzi/nmPDVzrNmTSywA8T7Yf0QcBUxks= 8 | -----END EC PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIHcAgEBBEIBqBtN7e6Essd3dlsgISViPCXXC0atlNkGtoMgSQdBTKVUfeJOi4lc 3 | RZaXJdXnqWUqI/KEsH8h8QN4YcB8ugmAcc+gBwYFK4EEACOhgYkDgYYABAHZ2VNy 4 | oDedBwqsdzY+kkNptc9DrtRCVmO6cULLj+691MhItqVqTMJbTFlI4MnAg9PoGTF/ 5 | 0KmLJfy8vSffXGKqqwGKcFNtd1XCo+7Qu9tXbxron9g6Dmu7y8jaLkixcwZwnwLs 6 | 6GmA9qZGuiAfOGV0Gf9/u98sr+vikOa4Ow5JFDTw5g== 7 | -----END EC PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2.fp: -------------------------------------------------------------------------------- 1 | SHA256:ed8YniRHA6qCrErCRnzrWxPHxYuA62a+CAFYUVxJgaI 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2.fp.bb: -------------------------------------------------------------------------------- 1 | xufag-danul-putub-mokin-pugaz-covid-dofag-nihuz-sysab-genar-zaxyx 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2.param.curve: -------------------------------------------------------------------------------- 1 | secp521r1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2.param.priv: -------------------------------------------------------------------------------- 1 | 01a81b4dedee84b2c777765b202125623c25d70b46ad94d906b683204907414ca5547de24e8b895c45969725d5e7a9652a23f284b07f21f1037861c07cba098071cf 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2.param.pub: -------------------------------------------------------------------------------- 1 | 0401d9d95372a0379d070aac77363e924369b5cf43aed4425663ba7142cb8feebdd4c848b6a56a4cc25b4c5948e0c9c083d3e819317fd0a98b25fcbcbd27df5c62aaab018a70536d7755c2a3eed0bbdb576f1ae89fd83a0e6bbbcbc8da2e48b17306709f02ece86980f6a646ba201f38657419ff7fbbdf2cafebe290e6b83b0e491434f0e6 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_2.pub: -------------------------------------------------------------------------------- 1 | ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHZ2VNyoDedBwqsdzY+kkNptc9DrtRCVmO6cULLj+691MhItqVqTMJbTFlI4MnAg9PoGTF/0KmLJfy8vSffXGKqqwGKcFNtd1XCo+7Qu9tXbxron9g6Dmu7y8jaLkixcwZwnwLs6GmA9qZGuiAfOGV0Gf9/u98sr+vikOa4Ow5JFDTw5g== ECDSA test key #2 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_n: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIPPNyUAnjvFr+eT/7t/IyjuQQd/aLFiTY92LB9gIjyrMoAoGCCqGSM49 3 | AwEHoUQDQgAEDFlblkOrW9ydKVhtM+9AY3c9saBE7SG3lFx38nBavkADDaI9jh3/ 4 | kvG/Jt9vpm22qwoklTCGDfzCkXkIKaWlBw== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ecdsa_n_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABC4UwEov5 3 | z0RrCm7AMCxbuiAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz 4 | dHAyNTYAAABBBAxZW5ZDq1vcnSlYbTPvQGN3PbGgRO0ht5Rcd/JwWr5AAw2iPY4d/5Lxvy 5 | bfb6ZttqsKJJUwhg38wpF5CCmlpQcAAACgbCnAklQTHrf5qiHiMxKYwQJ7k/X9mp4fXD4v 6 | xUbgNZiXSxN26mn8mC2rH+WA6Lk3CexR/hrtLI2ndpBsYu1h6HhVkOwwm3Kd/PMKArCupW 7 | l6sYEabrT0EghXR/3aDEZvj79hgKSdu3RpayLvMdbCR8k1cg0/mDmR9hicWfeJ61n/IH05 8 | tUR268+0BVRW9kDhh/cuv8tVY4L09jCCQ6CpsA== 9 | -----END OPENSSH PRIVATE KEY----- 10 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 3 | QyNTUxOQAAACBThupGO0X+FLQhbz8CoKPwc7V3JNsQuGtlsgN+F7SMGQAAAJjnj4Ao54+A 4 | KAAAAAtzc2gtZWQyNTUxOQAAACBThupGO0X+FLQhbz8CoKPwc7V3JNsQuGtlsgN+F7SMGQ 5 | AAAED3KgoDbjR54V7bdNpfKlQY5m20UK1QaHytkCR+6rZEDFOG6kY7Rf4UtCFvPwKgo/Bz 6 | tXck2xC4a2WyA34XtIwZAAAAE0VEMjU1MTkgdGVzdCBrZXkgIzEBAg== 7 | -----END OPENSSH PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1-cert.fp: -------------------------------------------------------------------------------- 1 | SHA256:L3k/oJubblSY0lB9Ulsl7emDMnRPKm/8udf2ccwk560 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1-cert.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIIxzuxl4z3uwAIslne8Huft+1n1IhHAlNbWZkQyyECCGAAAAIFOG6kY7Rf4UtCFvPwKgo/BztXck2xC4a2WyA34XtIwZAAAAAAAAAAgAAAACAAAABmp1bGl1cwAAABIAAAAFaG9zdDEAAAAFaG9zdDIAAAAANowB8AAAAABNHmBwAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBThupGO0X+FLQhbz8CoKPwc7V3JNsQuGtlsgN+F7SMGQAAAFMAAAALc3NoLWVkMjU1MTkAAABABGTn+Bmz86Ajk+iqKCSdP5NClsYzn4alJd0V5bizhP0Kumc/HbqQfSt684J1WdSzih+EjvnTgBhK9jTBKb90AQ== ED25519 test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1.fp: -------------------------------------------------------------------------------- 1 | SHA256:L3k/oJubblSY0lB9Ulsl7emDMnRPKm/8udf2ccwk560 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1.fp.bb: -------------------------------------------------------------------------------- 1 | xubop-rekyd-bakal-nubuf-pahaf-gicuh-logeb-gocif-petod-galip-fuxux 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFOG6kY7Rf4UtCFvPwKgo/BztXck2xC4a2WyA34XtIwZ ED25519 test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_1_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCus+kaow 3 | AUjHphacvRp98dAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFOG6kY7Rf4UtCFv 4 | PwKgo/BztXck2xC4a2WyA34XtIwZAAAAoJaqqgiYQuElraJAmYOm7Tb4nJ3eI4oj9mQ52M 5 | /Yd+ION2Ur1v8BDewpDX+LHEYgKHo3Mlmcn2UyF+QJ+7xUCW7QCtk/4szrJzw74DlEl6mH 6 | T8PT/f/av7PpECBD/YD3NoDlB9OWm/Q4sHcxfBEKfTGD7s2Onn71HgrdEOPqd4Sj/IQigR 7 | drfjtXEMlD32k9n3dd2eS9x7AHWYaGFEMkOcY= 8 | -----END OPENSSH PRIVATE KEY----- 9 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_2: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 3 | QyNTUxOQAAACDPVKyLnm3eZE0lm0IfM3Uy9AsdGSBtozcoCt21blYBCwAAAJix1mBGsdZg 4 | RgAAAAtzc2gtZWQyNTUxOQAAACDPVKyLnm3eZE0lm0IfM3Uy9AsdGSBtozcoCt21blYBCw 5 | AAAECZEQHXs18o3DKjhUYaTyt+bUbhqfMeqmsKjYyFvzGVgs9UrIuebd5kTSWbQh8zdTL0 6 | Cx0ZIG2jNygK3bVuVgELAAAAE0VEMjU1MTkgdGVzdCBrZXkgIzEBAg== 7 | -----END OPENSSH PRIVATE KEY----- 8 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_2.fp: -------------------------------------------------------------------------------- 1 | SHA256:vMbaARqVciRgXyZPNHDo+P5p5WK5yWG1Oo6VC35Bomw 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_2.fp.bb: -------------------------------------------------------------------------------- 1 | xuces-bapyb-vikob-zesyv-budod-nupip-kebon-tacyc-fofed-lezic-soxax 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/ed25519_2.pub: -------------------------------------------------------------------------------- 1 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9UrIuebd5kTSWbQh8zdTL0Cx0ZIG2jNygK3bVuVgEL ED25519 test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/pw: -------------------------------------------------------------------------------- 1 | mekmitasdigoat 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IronCoreLabs/ironssh/b74f9e03509d0d77313778f5a8ca1451cde861f6/regress/unittests/sshkey/testdata/rsa1_1 -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_1.fp: -------------------------------------------------------------------------------- 1 | SHA256:/kk7K9S9kwYFiFilnZYFwCsQJweI/SGQVR2nIa8VBhE 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_1.fp.bb: -------------------------------------------------------------------------------- 1 | xilil-nabyf-gynih-duheb-gokyp-bofet-nekac-bosod-lozin-kuvyh-poxix 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_1.param.n: -------------------------------------------------------------------------------- 1 | 00ce8ca77a556eba887f9a866c084a6402785354a81c10854d343181fa09351223a65f99915f8433d11a9c41677d307c03c3a39865b83e7172d2c1d878333c980438d6e4462106a0065cd75cfea7ca7f21538bf2f43f2af49cacee51b22e3bdcc5e87b59cc691f7c6942a77ef13bfdfb24300777b727348d0ba7900ba06b886729 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_1.pub: -------------------------------------------------------------------------------- 1 | 1024 65537 145043942670517902781741650890610683756045780348507433188994725700923246927874581962206512480287863636935077725837494808988986557337885675565086448774391442851909709751605441036910145362277967349042489937363543710406342212883803780768870873303921572812138116796733586484633244057911618360651775855949808953129 RSA1 test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_1_pw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IronCoreLabs/ironssh/b74f9e03509d0d77313778f5a8ca1451cde861f6/regress/unittests/sshkey/testdata/rsa1_1_pw -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IronCoreLabs/ironssh/b74f9e03509d0d77313778f5a8ca1451cde861f6/regress/unittests/sshkey/testdata/rsa1_2 -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_2.fp: -------------------------------------------------------------------------------- 1 | SHA256:JaOeRCnLl/TLe7vn1+aQ4ONyKZCUhK5x3k4VHilmbpE 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_2.fp.bb: -------------------------------------------------------------------------------- 1 | xipag-zohut-zepuk-pisyv-kamog-pupus-netud-tudis-melup-cynov-gaxox 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_2.param.n: -------------------------------------------------------------------------------- 1 | 00cab091b57a154740c1bb7020f46a21a19dc40f647db2aab1babd30cabe241f0437391e68376ba35e48c624b8eaf6b59424d4c1a848c9fd1ef5cdc7c1b7f5e5df23b7ad513b79021286d38c52fdfae35656659e8649b2bf8bedf7c99664e45534007bd1c5dc3de1dafdf2d34ad087155951aa0f3d500b36d0d804bbccdef15ab31ca3dd40bdf5196065a97f397ef576caffb606be8232f6e0614aea0e979b9584296673fabb1dbd9f3212495c428842a2ab1f1768dd424fb6fdceeeab9126cacdfc834f0a0d09ba73ad8360d183ba85bb1565555cc6a536eb8d06df1a1e841107c021ae28a2d8b3465f9d8b58ef4045aea1c4ad7f8bf639574d6b142af67b4eb3 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa1_2.pub: -------------------------------------------------------------------------------- 1 | 2048 65537 25587207108642486834576012232250034427766229965612147538722032399009467293691448851087324679403117563681753304072089087252850866332601294130674473984011813227791089686736237645788471744456489819306046398653719249100878753563464696688916667605969658659855996383142110932332560049231682024775766802333675397528993897914717996946881193454997890776063024953924432026083898531677702536941151535135950834711001926404724453460085864892836473957600610133803037286539329764689125111700732309717375455919436557475211197800228646235077584780367991159670572954337165006813357814232200750568307753718414790655085790471723847208627 RSA1 test key #2 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u 3 | d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd 4 | NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB 5 | AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ 6 | GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj 7 | Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv 8 | Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i 9 | PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa 10 | WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj 11 | mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi 12 | C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e 13 | NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/ 14 | h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs= 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1-cert.fp: -------------------------------------------------------------------------------- 1 | SHA256:l6itGumSMcRBBAFteCgmjQBIXqLK/jFGUH3viHX1RmE 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1-cert.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg98LhS2EHxLOWCLopZPwHdg/RJXusnkOqQXSc9R7aITkAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAAFAAAAAgAAAAZqdWxpdXMAAAASAAAABWhvc3QxAAAABWhvc3QyAAAAADaMAfAAAAAATR5gcAAAAAAAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgU4bqRjtF/hS0IW8/AqCj8HO1dyTbELhrZbIDfhe0jBkAAABTAAAAC3NzaC1lZDI1NTE5AAAAQI3QGlUCzC07KorupxpDkkGy6tniaZ8EvBflzvv+itXWNchGvfUeHmVT6aX0sRqehdz/lR+GmXRoZBhofwh0qAM= RSA test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1.fp: -------------------------------------------------------------------------------- 1 | SHA256:l6itGumSMcRBBAFteCgmjQBIXqLK/jFGUH3viHX1RmE 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1.fp.bb: -------------------------------------------------------------------------------- 1 | xosis-fodod-votot-dibum-ryvac-rediz-naruf-votun-kevis-halis-gexux 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1.param.n: -------------------------------------------------------------------------------- 1 | 00cb5799544edec5ac00ec781fc21a1119ce9a288e3116e72f3e78fbcba6998adcc98c235f2e77abf1ce92b76f064b624552c9f2582341e622e1a176eef232b5bac1bf3881babc0b7d57a1ef4439170852e192bc329d3523354a39610eab916e50c507c913a2a5f2c7596aad779c5f297121438bd2313ebb4ad4d7debba43271fb 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1.param.p: -------------------------------------------------------------------------------- 1 | 00f56077ef05be4574906f52175ed8897e8da1626bc9b055534d6a20f6102c57c7a0b31b3e7864b101f4d3d57c35192bc949e14243a9e956361de23c5dd179f583 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1.param.q: -------------------------------------------------------------------------------- 1 | 00d42541cc014be26370a657953f3adfcbaf713f781639adba33133f184eb3c7d8c2ec7810dca3da58a746fc5b87b34f396934436832e619c67c22f32ebbb36029 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_1_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | Proc-Type: 4,ENCRYPTED 3 | DEK-Info: AES-128-CBC,0C3F819F6EEA66A471BAEEDDA8171606 4 | 5 | AhQNxgw7Z2un3dpm6KPHF1u5qVvOczm0yiTyPK4U11B3TTRhXOHdzPLAcKMX71Xq 6 | fmLm2/JIZATUbLTaysLKIQlmAgtpmXoKLv9b90R3AXLophgToZzOLpvlQTCt+y9G 7 | 0E3QQZG/LFy9BLNyw6uD5cy0RHT3FQb5VQDwfBvR/I+K3qWBFLlb7Rw9bCujYczu 8 | D3bimcDj/k6YkrWVsEa81Ch5RF2RClOYufti6bsvc4xIsB0Kd++vokER+kXFuQqf 9 | Tl0Jz+SG0kr9QtjVvkhBtSxzJ6/olAosoUySQ5hqsB8iECufBgp1KelXqsHFJQXy 10 | gCvVmGiivFUinX0rKOuWCHTplsSKQ9BnPSwDAAs8A7ZLcTXcLs/hMQ5r6fmOYfNN 11 | YthhjZyE2ciJO0lydGJUJMb5aJUak0rl+uINRlYCHTRLVwmCOmpfqz9SfcJb1ieU 12 | 4Us8NR+pXJar4U0+C2wVlNJkAdpL6GvYxN6vp7vLa+BiFwIZOQozswacIZk/ScXm 13 | QL9rmWug51RCmDeenX46WTEZeB0o0+xi60sDEDhhe4+iNYcJu5L0BJ5lqRFe3I5n 14 | HRRv1mBEjbF2fDcg/ChYfOXsc4gDivH2nObabeASuMFZyadmXfA8tnXRZf+7Wuy/ 15 | LZGYbM2xLeEyV3ss16WBHuIqexDt04OEZvs0jN90zj6Yv7qKCB975bdOcuKkN2Nn 16 | n9lA11R2pgsCs6COp9rYiWXkXZeDf3sW6kdcEV+/SzkVsv4JlHcsIzgk4WGVF/E/ 17 | ZkU4J9AvSdJPzEQDM+yszp0eeUow4+SAgpuNTqZiUO/2UUVbsr3qvlYMoCixhFAN 18 | -----END RSA PRIVATE KEY----- 19 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEA9NEUXp78SAkmL4+eAj4mBzPOjk+ccCPVzkTR+mZJdyTwkJAB 3 | HUN4cn4a2kTmh7Er+N8CXCsiqxIOV1GfH2fwaCiBlOEXeQJi/cMjxr9kVWO4FhC6 4 | l1UqbvPUdrUCUZjFTA9/Ah9MKgk7qGYq5SjE3p+sn4GLhRKbqmq9LjiHgMmkBuv/ 5 | a1Slit+rXHzO2F8fH5hkjeHivyYVgw45aNvGCe2RRfbpoeW2mRtgIv7y9wSewt6a 6 | mhEDXSo/F6mkqA7xVinzro5NettEXLo91tA9Hb6f6x/Mc/GJDNXTKhpWCGeJ6xeW 7 | nAefDZORWAY7Y9YbuAxhEJVi9QL5NWoFOA0C6wIDAQABAoIBAQDtRGVVfwhKWHOl 8 | zK76xXjdqhwaWJXpKRHiI1jOMawpyKdNtAMgdW+apxUnTXePMurG/HuxEC09VvaH 9 | MhfhvD6G9BsCS1UQdnuyLRnTWVLIXyjeWcA9QtEpTy8vDSb+Je2xVaNmTybl5qTn 10 | BH22Mtj6Wg5XWJn7kplDhMdssGTDLsSCMw/rcxe9iT2qOKyltQal23RHzR7SijGp 11 | QTtBp2SDGhvMZcyGuyMqJ084W8sdJpbyVzdDim2iaZdHlk7uvW2n0HcJ56I6yhIq 12 | 2U8wfgEEwydGVGHgmQNJ/n+SiT/hv6g5ebhDS46X9F9m5CHDwhdr0DrhPBVSsdhl 13 | 1HeJ0+FhAoGBAPuC3uNHToiJis688juKlwc3SQ6ger5ffAg3yaNhEcpHkvOtdZlF 14 | /CfX94xazMov/YqFwkvpSSdKsX+PeXuaqnb1hPKNYX5t45U9RjB/ox7BIQj/2rPx 15 | Bfs99UFW9HKP4HsVmLu1xeJg1Pc9iylTK/xrnwfYiZ+H7IGVccizjnqHAoGBAPkv 16 | n1flAdxBzJH/O0rXoig2EtZsDRMPY51MGDdqVOW14ZOfTVlmu0OSnkSKQm2twfro 17 | TPDVb2TY3wTRutz8H9yOFW1c1Nz4YOyTb8FmJhE2FWAQ9t8QpwUlhn15if72dS/Y 18 | 22+vP+AYu7wfqGL7QVVEXho5hGjXi053iEvfXBl9AoGAeZISpo1LGphRLgkKlVky 19 | E1zXxWgwrGB/FYHRx1UeQkZCc+K+Wy4G6kNr9r3VC04TIafx+Lt0jrd+AIibUfG6 20 | v/GBJ7TLEU+QmAycJskrUaxMiYsSbbPtDjoumDytv8pn2VbhEqqUUg44IqHu6DS5 21 | qDNlFWfHbgNHgIN6EmcoUXUCgYEAi2G57X4pRjx/4wIy9jAbggaNDuctgQXQoIGZ 22 | 4hVWG49a+CnZKDKweKGgaZI0igjxQhmCQAwC3RP520Y9EbLtV38aOSv93QQJowrt 23 | Le6nSGVKG4whqrAz3EsbKUA8kiLldbgFNjl+ryjmidnjZEpKRxmQ0XZuu/4k6+Us 24 | ldQAPjkCgYBwjSm5eDUtK2eEPaBtbJykV05CTv5rn6CKC9L7ZBTkCcdU1hxeqe99 25 | wb22decnNawGRP1a5cGwqKJPOfkgybJVkdr6aqQW8ClzdFSaenjzs+nVW+T9JTXf 26 | 9lFpIZg5kN/geld3B9B4C99riTM0jg9hbe2RQvpLRTrZbnWMA1XoRw== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2.fp: -------------------------------------------------------------------------------- 1 | SHA256:NoQh0XBUuYUSWqnzOzOBnfpgJTRWLMj7BlWAb8IbjeE 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2.fp.bb: -------------------------------------------------------------------------------- 1 | xogit-gupof-mydon-hocep-zuval-feson-rarif-cefar-tobar-ryvap-kuxex 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2.param.n: -------------------------------------------------------------------------------- 1 | 00f4d1145e9efc4809262f8f9e023e260733ce8e4f9c7023d5ce44d1fa66497724f09090011d4378727e1ada44e687b12bf8df025c2b22ab120e57519f1f67f068288194e117790262fdc323c6bf645563b81610ba97552a6ef3d476b5025198c54c0f7f021f4c2a093ba8662ae528c4de9fac9f818b85129baa6abd2e388780c9a406ebff6b54a58adfab5c7cced85f1f1f98648de1e2bf2615830e3968dbc609ed9145f6e9a1e5b6991b6022fef2f7049ec2de9a9a11035d2a3f17a9a4a80ef15629f3ae8e4d7adb445cba3dd6d03d1dbe9feb1fcc73f1890cd5d32a1a56086789eb17969c079f0d939158063b63d61bb80c61109562f502f9356a05380d02eb 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2.param.p: -------------------------------------------------------------------------------- 1 | 00fb82dee3474e88898acebcf23b8a970737490ea07abe5f7c0837c9a36111ca4792f3ad759945fc27d7f78c5accca2ffd8a85c24be949274ab17f8f797b9aaa76f584f28d617e6de3953d46307fa31ec12108ffdab3f105fb3df54156f4728fe07b1598bbb5c5e260d4f73d8b29532bfc6b9f07d8899f87ec819571c8b38e7a87 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2.param.q: -------------------------------------------------------------------------------- 1 | 00f92f9f57e501dc41cc91ff3b4ad7a2283612d66c0d130f639d4c18376a54e5b5e1939f4d5966bb43929e448a426dadc1fae84cf0d56f64d8df04d1badcfc1fdc8e156d5cd4dcf860ec936fc166261136156010f6df10a70525867d7989fef6752fd8db6faf3fe018bbbc1fa862fb4155445e1a398468d78b4e77884bdf5c197d 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_2.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLr RSA test key #2 2 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_n: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u 3 | d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd 4 | NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB 5 | AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ 6 | GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj 7 | Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv 8 | Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i 9 | PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa 10 | WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj 11 | mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi 12 | C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e 13 | NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/ 14 | h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs= 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/testdata/rsa_n_pw: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABAFw/Wg/V 3 | I5SAXWj/HJr9qeAAAAEAAAAAEAAACXAAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7F 4 | rADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu 5 | 7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylx 6 | IUOL0jE+u0rU1967pDJx+wAAAgD1iSGiMlMJt2VH4kx5yr0wCJS+4UOmX0bxKO7UH5Jcul 7 | K5eaSe5ZoKE7hTYBaz0K5dRF/0fqLsvVZlE4quDjFLN6Hyavgn2W/QM7SUqBHgRMal9pgH 8 | LnxX6mFNWJ+4yb7f3bcbVIdgmMm3sT9Xjwaf5xgzNlR2mkUWtFwjyQh6FxUo5apNzqNBwO 9 | l2Q4xfmyZTp1s++pStQ/su6obXpxnE2Nx5G/D84ZL5iWl+njUy/MvJTazHRbiTSyihU+UA 10 | mUr5ZNuP3WUYY+h3KVlHpYHJYB7l3AMTKuPMFLhY9V7BJ+DuKPaqBgX4hvRzY0eVQiFr61 11 | ovjWjvfu1ulx550JqdYCgH2PpP0E89OQne35Cxs9QPThfe8DKojC9YquYh9zmVTvr7kNiE 12 | Soluk/7oKpQIDaC+/SRk7AJ2e3Cbt1lXyGNn37PuqaaC/apaF/DOD6Yig9aClS7jOUrT96 13 | 56trFAYfHEIKbRCUSMCiM1+x6HOLYf5ROrGE9KxT3kUD9XMsMpTva+cPpHUpbGpXcYE10N 14 | MyYDz+V5M2/ZoIdEhscJNQ3UnhaZpeEaqcOyNyo90n3Dnaw/WpMDD/kNMGfm8daTaYInnQ 15 | QnwA2gwlYfpTAqxE71oXgOuGmtA0yqJB4778Xq26Pb+B7/mZZZe6n0FVmiNC+ZG37ZGOw/ 16 | iGL9e2Sxzw== 17 | -----END OPENSSH PRIVATE KEY----- 18 | -------------------------------------------------------------------------------- /regress/unittests/sshkey/tests.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: tests.c,v 1.1 2014/06/24 01:14:18 djm Exp $ */ 2 | /* 3 | * Regress test for sshbuf.h buffer API 4 | * 5 | * Placed in the public domain 6 | */ 7 | 8 | #include "includes.h" 9 | 10 | #include 11 | 12 | #include "../test_helper/test_helper.h" 13 | 14 | void sshkey_tests(void); 15 | void sshkey_file_tests(void); 16 | void sshkey_fuzz_tests(void); 17 | 18 | void 19 | tests(void) 20 | { 21 | OpenSSL_add_all_algorithms(); 22 | ERR_load_CRYPTO_strings(); 23 | 24 | sshkey_tests(); 25 | sshkey_file_tests(); 26 | sshkey_fuzz_tests(); 27 | } 28 | -------------------------------------------------------------------------------- /regress/unittests/test_helper/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.3 2016/07/04 18:01:44 guenther Exp $ 2 | 3 | LIB= test_helper 4 | SRCS= test_helper.c fuzz.c 5 | 6 | NOPROFILE= yes 7 | NOPIC= yes 8 | 9 | # Hack to allow building with SUBDIR in ../../Makefile 10 | regress: all 11 | 12 | install: 13 | @echo -n 14 | 15 | .include 16 | -------------------------------------------------------------------------------- /regress/unittests/utf8/Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $ 2 | 3 | TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX" 4 | 5 | PROG=test_utf8 6 | SRCS=tests.c 7 | REGRESS_TARGETS=run-regress-${PROG} 8 | 9 | run-regress-${PROG}: ${PROG} 10 | env ${TEST_ENV} ./${PROG} 11 | 12 | .include 13 | -------------------------------------------------------------------------------- /regress/valgrind-unit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | UNIT_BINARY="$1" 4 | shift 5 | UNIT_ARGS="$@" 6 | 7 | test "x$OBJ" = "x" && OBJ=$PWD 8 | 9 | # This mostly replicates the logic in test-exec.sh for running the 10 | # regress tests under valgrind. 11 | VG_TEST=`basename $UNIT_BINARY` 12 | VG_LOG="$OBJ/valgrind-out/${VG_TEST}.%p" 13 | VG_OPTS="--track-origins=yes --leak-check=full --log-file=${VG_LOG}" 14 | VG_OPTS="$VG_OPTS --trace-children=yes" 15 | VG_PATH="valgrind" 16 | if [ "x$VALGRIND_PATH" != "x" ]; then 17 | VG_PATH="$VALGRIND_PATH" 18 | fi 19 | 20 | exec $VG_PATH $VG_OPTS $UNIT_BINARY $UNIT_ARGS 21 | -------------------------------------------------------------------------------- /regress/yes-head.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: yes-head.sh,v 1.5 2015/03/03 22:35:19 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="yes pipe head" 5 | 6 | for p in ${SSH_PROTOCOLS}; do 7 | lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` 8 | if [ $? -ne 0 ]; then 9 | fail "yes|head test failed" 10 | lines = 0; 11 | fi 12 | if [ $lines -ne 2000 ]; then 13 | fail "yes|head returns $lines lines instead of 2000" 14 | fi 15 | done 16 | -------------------------------------------------------------------------------- /rsa.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: rsa.h,v 1.17 2014/06/24 01:13:21 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * RSA key generation, encryption and decryption. 8 | * 9 | * As far as I am concerned, the code I have written for this software 10 | * can be used freely for any purpose. Any derived versions of this 11 | * software must be clearly marked as such, and if the derived work is 12 | * incompatible with the protocol description in the RFC file, it must be 13 | * called by a name other than "ssh" or "Secure Shell". 14 | */ 15 | 16 | #ifndef RSA_H 17 | #define RSA_H 18 | 19 | #include 20 | #include 21 | 22 | int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); 23 | int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); 24 | int rsa_generate_additional_parameters(RSA *); 25 | 26 | #endif /* RSA_H */ 27 | -------------------------------------------------------------------------------- /serverloop.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: serverloop.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | /* 15 | * Performs the interactive session. This handles data transmission between 16 | * the client and the program. Note that the notion of stdin, stdout, and 17 | * stderr in this function is sort of reversed: this function writes to stdin 18 | * (of the child program), and reads from stdout and stderr (of the child 19 | * program). 20 | */ 21 | #ifndef SERVERLOOP_H 22 | #define SERVERLOOP_H 23 | 24 | void server_loop(pid_t, int, int, int); 25 | void server_loop2(Authctxt *); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /sftp-server-main.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ 2 | /* 3 | * Copyright (c) 2008 Markus Friedl. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "includes.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #include "log.h" 27 | #include "sftp.h" 28 | #include "misc.h" 29 | #include "xmalloc.h" 30 | 31 | void 32 | cleanup_exit(int i) 33 | { 34 | sftp_server_cleanup_exit(i); 35 | } 36 | 37 | int 38 | main(int argc, char **argv) 39 | { 40 | struct passwd *user_pw; 41 | 42 | ssh_malloc_init(); /* must be called before any mallocs */ 43 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 44 | sanitise_stdfd(); 45 | 46 | if ((user_pw = getpwuid(getuid())) == NULL) { 47 | fprintf(stderr, "No user found for uid %lu\n", 48 | (u_long)getuid()); 49 | return 1; 50 | } 51 | 52 | return (sftp_server_main(argc, argv, user_pw)); 53 | } 54 | -------------------------------------------------------------------------------- /ssh-pkcs11-helper.8: -------------------------------------------------------------------------------- 1 | .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ 2 | .\" 3 | .\" Copyright (c) 2010 Markus Friedl. All rights reserved. 4 | .\" 5 | .\" Permission to use, copy, modify, and distribute this software for any 6 | .\" purpose with or without fee is hereby granted, provided that the above 7 | .\" copyright notice and this permission notice appear in all copies. 8 | .\" 9 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | .\" 17 | .Dd $Mdocdate: July 16 2013 $ 18 | .Dt SSH-PKCS11-HELPER 8 19 | .Os 20 | .Sh NAME 21 | .Nm ssh-pkcs11-helper 22 | .Nd ssh-agent helper program for PKCS#11 support 23 | .Sh SYNOPSIS 24 | .Nm 25 | .Sh DESCRIPTION 26 | .Nm 27 | is used by 28 | .Xr ssh-agent 1 29 | to access keys provided by a PKCS#11 token. 30 | .Pp 31 | .Nm 32 | is not intended to be invoked by the user, but from 33 | .Xr ssh-agent 1 . 34 | .Sh SEE ALSO 35 | .Xr ssh 1 , 36 | .Xr ssh-add 1 , 37 | .Xr ssh-agent 1 38 | .Sh HISTORY 39 | .Nm 40 | first appeared in 41 | .Ox 4.7 . 42 | .Sh AUTHORS 43 | .An Markus Friedl Aq Mt markus@openbsd.org 44 | -------------------------------------------------------------------------------- /ssh-pkcs11.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: ssh-pkcs11.h,v 1.4 2015/01/15 09:40:00 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | int pkcs11_init(int); 18 | void pkcs11_terminate(void); 19 | int pkcs11_add_provider(char *, char *, struct sshkey ***); 20 | int pkcs11_del_provider(char *); 21 | 22 | #if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11) 23 | #undef ENABLE_PKCS11 24 | #endif 25 | -------------------------------------------------------------------------------- /ssh-sandbox.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2011 Damien Miller 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | struct monitor; 19 | struct ssh_sandbox; 20 | 21 | struct ssh_sandbox *ssh_sandbox_init(struct monitor *); 22 | void ssh_sandbox_child(struct ssh_sandbox *); 23 | void ssh_sandbox_parent_finish(struct ssh_sandbox *); 24 | void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); 25 | -------------------------------------------------------------------------------- /sshlogin.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sshlogin.h,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | void record_login(pid_t, const char *, const char *, uid_t, 16 | const char *, struct sockaddr *, socklen_t); 17 | void record_logout(pid_t, const char *, const char *); 18 | time_t get_last_login_time(uid_t, const char *, char *, size_t); 19 | 20 | #ifdef LOGIN_NEEDS_UTMPX 21 | void record_utmp_only(pid_t, const char *, const char *, const char *, 22 | struct sockaddr *, socklen_t); 23 | #endif 24 | -------------------------------------------------------------------------------- /sshpty.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sshpty.h,v 1.12 2010/01/09 05:04:24 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * Functions for allocating a pseudo-terminal and making it the controlling 8 | * tty. 9 | * 10 | * As far as I am concerned, the code I have written for this software 11 | * can be used freely for any purpose. Any derived versions of this 12 | * software must be clearly marked as such, and if the derived work is 13 | * incompatible with the protocol description in the RFC file, it must be 14 | * called by a name other than "ssh" or "Secure Shell". 15 | */ 16 | 17 | #include 18 | 19 | struct termios *get_saved_tio(void); 20 | void leave_raw_mode(int); 21 | void enter_raw_mode(int); 22 | 23 | int pty_allocate(int *, int *, char *, size_t); 24 | void pty_release(const char *); 25 | void pty_make_controlling_tty(int *, const char *); 26 | void pty_change_window_size(int, u_int, u_int, u_int, u_int); 27 | void pty_setowner(struct passwd *, const char *); 28 | -------------------------------------------------------------------------------- /uidswap.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | void temporarily_use_uid(struct passwd *); 16 | void restore_uid(void); 17 | void permanently_set_uid(struct passwd *); 18 | void permanently_drop_suid(uid_t); 19 | -------------------------------------------------------------------------------- /utf8.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: utf8.h,v 1.1 2016/05/25 23:48:45 schwarze Exp $ */ 2 | /* 3 | * Copyright (c) 2016 Ingo Schwarze 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | int mprintf(const char *, ...) 19 | __attribute__((format(printf, 1, 2))); 20 | int fmprintf(FILE *, const char *, ...) 21 | __attribute__((format(printf, 2, 3))); 22 | int vfmprintf(FILE *, const char *, va_list); 23 | int snmprintf(char *, size_t, int *, const char *, ...) 24 | __attribute__((format(printf, 4, 5))); 25 | -------------------------------------------------------------------------------- /uuencode.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | int uuencode(const u_char *, u_int, char *, size_t); 28 | int uudecode(const char *, u_char *, size_t); 29 | void dump_base64(FILE *, const u_char *, u_int); 30 | -------------------------------------------------------------------------------- /verify.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ 2 | 3 | /* 4 | * Public Domain, Author: Daniel J. Bernstein 5 | * Copied from nacl-20110221/crypto_verify/32/ref/verify.c 6 | */ 7 | 8 | #include "includes.h" 9 | 10 | #include "crypto_api.h" 11 | 12 | int crypto_verify_32(const unsigned char *x,const unsigned char *y) 13 | { 14 | unsigned int differentbits = 0; 15 | #define F(i) differentbits |= x[i] ^ y[i]; 16 | F(0) 17 | F(1) 18 | F(2) 19 | F(3) 20 | F(4) 21 | F(5) 22 | F(6) 23 | F(7) 24 | F(8) 25 | F(9) 26 | F(10) 27 | F(11) 28 | F(12) 29 | F(13) 30 | F(14) 31 | F(15) 32 | F(16) 33 | F(17) 34 | F(18) 35 | F(19) 36 | F(20) 37 | F(21) 38 | F(22) 39 | F(23) 40 | F(24) 41 | F(25) 42 | F(26) 43 | F(27) 44 | F(28) 45 | F(29) 46 | F(30) 47 | F(31) 48 | return (1 & ((differentbits - 1) >> 8)) - 1; 49 | } 50 | -------------------------------------------------------------------------------- /version.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: version.h,v 1.77 2016/07/24 11:45:36 djm Exp $ */ 2 | 3 | #define SSH_VERSION "OpenSSH_7.3" 4 | 5 | #define SSH_PORTABLE "p1" 6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE 7 | -------------------------------------------------------------------------------- /xmalloc.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * Created: Mon Mar 20 22:09:17 1995 ylo 8 | * 9 | * Versions of malloc and friends that check their results, and never return 10 | * failure (they call fatal if they encounter an error). 11 | * 12 | * As far as I am concerned, the code I have written for this software 13 | * can be used freely for any purpose. Any derived versions of this 14 | * software must be clearly marked as such, and if the derived work is 15 | * incompatible with the protocol description in the RFC file, it must be 16 | * called by a name other than "ssh" or "Secure Shell". 17 | */ 18 | 19 | void ssh_malloc_init(void); 20 | void *xmalloc(size_t); 21 | void *xcalloc(size_t, size_t); 22 | void *xreallocarray(void *, size_t, size_t); 23 | char *xstrdup(const char *); 24 | int xasprintf(char **, const char *, ...) 25 | __attribute__((__format__ (printf, 2, 3))) 26 | __attribute__((__nonnull__ (2))); 27 | --------------------------------------------------------------------------------