increase test coverage

Author: arif-pragmasys

.gitignore

@@ -232,3 +232,5 @@ survey.sh
 buildpkg.sh
 config.h.in
 
+
+config.h

INSTALL

@@ -1,22 +1,26 @@
 1. Prerequisites
 ----------------
 
-You will need working installations of Zlib and OpenSSL.
+You will need working installations of Zlib and libcrypto (LibreSSL /
+OpenSSL)
 
 Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
 http://www.gzip.org/zlib/
 
-OpenSSL 0.9.6 or greater:
-http://www.openssl.org/
+libcrypto (LibreSSL or OpenSSL >= 0.9.8f)
+LibreSSL http://www.libressl.org/ ; or
+OpenSSL http://www.openssl.org/
 
-(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
-Blowfish) do not work correctly.)
+LibreSSL/OpenSSL should be compiled as a position-independent library
+(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
+If you must use a non-position-independent libcrypto, then you may need
+to configure OpenSSH --without-pie.
 
 The remaining items are optional.
 
 NB. If you operating system supports /dev/random, you should configure
-OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
-/dev/random, or failing that, either prngd or egd
+libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
+direct support of /dev/random, or failing that, either prngd or egd
 
 PRNGD:
 
@@ -27,10 +31,10 @@ http://prngd.sourceforge.net/
 
 EGD:
 
-The Entropy Gathering Daemon (EGD) is supported if you have a system which
-lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
+If the kernel lacks /dev/random the Entropy Gathering Daemon (EGD) is
+supported only if libcrypto supports it.
 
-http://www.lothar.com/tech/crypto/
+http://egd.sourceforge.net/
 
 PAM:
 
@@ -55,15 +59,6 @@ passphrase requester. This is maintained separately at:
 
 http://www.jmknoble.net/software/x11-ssh-askpass/
 
-TCP Wrappers:
-
-If you wish to use the TCP wrappers functionality you will need at least
-tcpd.h and libwrap.a, either in the standard include and library paths,
-or in the directory specified by --with-tcp-wrappers.  Version 7.6 is
-known to work.
-
-http://ftp.porcupine.org/pub/security/index.html
-
 S/Key Libraries:
 
 If you wish to use --with-skey then you will need the library below
@@ -80,10 +75,16 @@ these multi-platform ports:
 http://www.thrysoee.dk/editline/
 http://sourceforge.net/projects/libedit/
 
+LDNS:
+
+LDNS is a DNS BSD-licensed resolver library which supports DNSSEC.
+
+http://nlnetlabs.nl/projects/ldns/
+
 Autoconf:
 
 If you modify configure.ac or configure doesn't exist (eg if you checked
-the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
+the code out of CVS yourself) then you will need autoconf-2.68 to rebuild
 the automatically generated files by running "autoreconf".  Earlier
 versions may also work but this is not guaranteed.
 
@@ -174,9 +175,6 @@ Integration Architecture.  The default for OSF1 machines is enable.
 --with-skey=PATH will enable S/Key one time password support. You will
 need the S/Key libraries and header files installed for this to work.
 
---with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
-support.
-
 --with-md5-passwords will enable the use of MD5 passwords. Enable this
 if your operating system uses MD5 passwords and the system crypt() does
 not support them directly (see the crypt(3/3c) man page). If enabled, the
@@ -198,10 +196,11 @@ created.
 
 --with-xauth=PATH specifies the location of the xauth binary
 
---with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
+--with-ssl-dir=DIR allows you to specify where your Libre/OpenSSL
+libraries
 are installed.
 
---with-ssl-engine enables OpenSSL's (hardware) ENGINE support
+--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
 
 --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
 real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
@@ -260,4 +259,4 @@ Please refer to the "reporting bugs" section of the webpage at
 http://www.openssh.com/
 
 
-$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $
+$Id: INSTALL,v 1.91 2014/09/09 02:23:11 dtucker Exp $

LICENCE

@@ -207,6 +207,7 @@ OpenSSH contains no GPL code.
 	The SCO Group
 	Daniel Walsh
 	Red Hat, Inc
+	Simon Vallet / Genoscope
 
      * Redistribution and use in source and binary forms, with or without
      * modification, are permitted provided that the following conditions

Makefile.in

@@ -151,7 +151,7 @@ $(SSHOBJS): Makefile.in config.h
 $(SSHDOBJS): Makefile.in config.h
 
 .c.o:
-	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
 
 LIBWIN32COMPAT=contrib/win32/win32compat/@LIBWIN32COMPAT@
 $(LIBWIN32COMPAT): always
@@ -207,9 +207,10 @@ $(MANPAGES): $(MANPAGES_IN)
 		manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
 	fi; \
 	if test "$(MANTYPE)" = "man"; then \
-		$(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
+		$(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \
+		    $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
 	else \
-		$(FIXPATHSCMD) $${manpage} > $@; \
+		$(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \
 	fi
 
 $(CONFIGFILES): $(CONFIGFILES_IN)
@@ -230,6 +231,18 @@ umac128.o:	umac.c
 clean:	regressclean
 	rm -f *.o *.a $(TARGETS) logintest config.cache config.log
 	rm -f *.out core survey
+	rm -f regress/unittests/test_helper/*.a
+	rm -f regress/unittests/test_helper/*.o
+	rm -f regress/unittests/sshbuf/*.o
+	rm -f regress/unittests/sshbuf/test_sshbuf
+	rm -f regress/unittests/sshkey/*.o
+	rm -f regress/unittests/sshkey/test_sshkey
+	rm -f regress/unittests/bitmap/*.o
+	rm -f regress/unittests/bitmap/test_bitmap
+	rm -f regress/unittests/hostkeys/*.o
+	rm -f regress/unittests/hostkeys/test_hostkeys
+	rm -f regress/unittests/kex/*.o
+	rm -f regress/unittests/kex/test_kex
 	(cd openbsd-compat && $(MAKE) clean)
 	if test -f contrib/win32/win32compat/Makefile ; then \
 		(cd contrib/win32/win32compat && $(MAKE) clean) \
@@ -239,8 +252,20 @@ distclean:	regressclean
 	rm -f *.o *.a $(TARGETS) logintest config.cache config.log
 	rm -f *.out core opensshd.init openssh.xml
 	rm -f Makefile buildpkg.sh config.h config.status
-	rm -f survey.sh openbsd-compat/regress/Makefile *~
+	rm -f survey.sh openbsd-compat/regress/Makefile *~ 
 	rm -rf autom4te.cache
+	rm -f regress/unittests/test_helper/*.a
+	rm -f regress/unittests/test_helper/*.o
+	rm -f regress/unittests/sshbuf/*.o
+	rm -f regress/unittests/sshbuf/test_sshbuf
+	rm -f regress/unittests/sshkey/*.o
+	rm -f regress/unittests/sshkey/test_sshkey
+	rm -f regress/unittests/bitmap/*.o
+	rm -f regress/unittests/bitmap/test_bitmap
+	rm -f regress/unittests/hostkeys/*.o
+	rm -f regress/unittests/hostkeys/test_hostkeys
+	rm -f regress/unittests/kex/*.o
+	rm -f regress/unittests/kex/test_kex
 	(cd openbsd-compat && $(MAKE) distclean)
 	if test -f contrib/win32/win32compat/Makefile ; then \
 		(cd contrib/win32/win32compat && $(MAKE) distclean) \
@@ -416,12 +441,117 @@ uninstall:
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
 
-tests interop-tests:	$(TARGETS)
+regress-prep:
+	[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+	[ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests
+	[ -d `pwd`/regress/unittests/test_helper ] || \
+		mkdir -p `pwd`/regress/unittests/test_helper
+	[ -d `pwd`/regress/unittests/sshbuf ] || \
+		mkdir -p `pwd`/regress/unittests/sshbuf
+	[ -d `pwd`/regress/unittests/sshkey ] || \
+		mkdir -p `pwd`/regress/unittests/sshkey
+	[ -d `pwd`/regress/unittests/bitmap ] || \
+		mkdir -p `pwd`/regress/unittests/bitmap
+	[ -d `pwd`/regress/unittests/hostkeys ] || \
+		mkdir -p `pwd`/regress/unittests/hostkeys
+	[ -d `pwd`/regress/unittests/kex ] || \
+		mkdir -p `pwd`/regress/unittests/kex
+	[ -f `pwd`/regress/Makefile ] || \
+	    ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+
+regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+	$(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS)
+
+regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+	$(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS)
+
+regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+	$(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS)
+
+UNITTESTS_TEST_HELPER_OBJS=\
+	regress/unittests/test_helper/test_helper.o \
+	regress/unittests/test_helper/fuzz.o
+
+regress/unittests/test_helper/libtest_helper.a: ${UNITTESTS_TEST_HELPER_OBJS}
+	$(AR) rv $@ $(UNITTESTS_TEST_HELPER_OBJS)
+	$(RANLIB) $@
+
+UNITTESTS_TEST_SSHBUF_OBJS=\
+	regress/unittests/sshbuf/tests.o \
+	regress/unittests/sshbuf/test_sshbuf.o \
+	regress/unittests/sshbuf/test_sshbuf_getput_basic.o \
+	regress/unittests/sshbuf/test_sshbuf_getput_crypto.o \
+	regress/unittests/sshbuf/test_sshbuf_misc.o \
+	regress/unittests/sshbuf/test_sshbuf_fuzz.o \
+	regress/unittests/sshbuf/test_sshbuf_getput_fuzz.o \
+	regress/unittests/sshbuf/test_sshbuf_fixed.o
+
+regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+		./libssh.a -lopenbsd-compat -lwin32compat $(LIBS)
+
+UNITTESTS_TEST_SSHKEY_OBJS=\
+	regress/unittests/sshkey/test_fuzz.o \
+	regress/unittests/sshkey/tests.o \
+	regress/unittests/sshkey/common.o \
+	regress/unittests/sshkey/test_file.o \
+	regress/unittests/sshkey/test_sshkey.o
+
+regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHKEY_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS)
+
+UNITTESTS_TEST_BITMAP_OBJS=\
+	regress/unittests/bitmap/tests.o
+
+regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_BITMAP_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS)
+
+UNITTESTS_TEST_KEX_OBJS=\
+	regress/unittests/kex/tests.o \
+	regress/unittests/kex/test_kex.o \
+	roaming_dummy.o
+
+regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_KEX_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS)
+
+UNITTESTS_TEST_HOSTKEYS_OBJS=\
+	regress/unittests/hostkeys/tests.o \
+	regress/unittests/hostkeys/test_iterate.o
+
+regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
+    ${UNITTESTS_TEST_HOSTKEYS_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_HOSTKEYS_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS)
+
+REGRESS_BINARIES=\
+	regress/modpipe$(EXEEXT) \
+	regress/setuid-allowed$(EXEEXT) \
+	regress/netcat$(EXEEXT) \
+	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
+	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
+	regress/unittests/bitmap/test_bitmap$(EXEEXT) \
+	regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
+	regress/unittests/kex/test_kex$(EXEEXT)
+
+tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES)
 	BUILDDIR=`pwd`; \
-	[ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress; \
-	[ -f `pwd`/regress/Makefile ]  || \
-	    ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \
-	TEST_SHELL="@TEST_SHELL@"; \
+	TEST_SSH_SCP="$${BUILDDIR}/scp"; \
 	TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
 	TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
 	TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
@@ -436,15 +566,15 @@ tests interop-tests:	$(TARGETS)
 	TEST_SSH_CONCH="conch"; \
 	TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
 	TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
-	TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
 	cd $(srcdir)/regress || exit $$?; \
 	$(MAKE) \
 		.OBJDIR="$${BUILDDIR}/regress" \
 		.CURDIR="`pwd`" \
 		BUILDDIR="$${BUILDDIR}" \
 		OBJ="$${BUILDDIR}/regress/" \
 		PATH="$${BUILDDIR}:$${PATH}" \
-		TEST_SHELL="$${TEST_SHELL}" \
+		TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
+		TEST_SSH_SCP="$${TEST_SSH_SCP}" \
 		TEST_SSH_SSH="$${TEST_SSH_SSH}" \
 		TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
 		TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
@@ -459,7 +589,7 @@ tests interop-tests:	$(TARGETS)
 		TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
 		TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
 		TEST_SSH_ECC="$${TEST_SSH_ECC}" \
-		TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
+		TEST_SHELL="${TEST_SHELL}" \
 		EXEEXT="$(EXEEXT)" \
 		$@ && echo all tests passed
 

OVERVIEW

@@ -65,8 +65,8 @@ these programs.
       packets.  CRC code comes from crc32.c.
 
     - The code in packet.c calls the buffer manipulation routines
-      (buffer.c, bufaux.c), compression routines (compress.c, zlib),
-      and the encryption routines.
+      (buffer.c, bufaux.c), compression routines (zlib), and the
+      encryption routines.
 
   X11, TCP/IP, and Agent forwarding
 
@@ -165,4 +165,4 @@ these programs.
 	uidswap.c    uid-swapping
 	xmalloc.c    "safe" malloc routines
 
-$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
+$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $