index : openssl	OpenSSL-engine-0_9_6-stable OpenSSL-fips-0_9_7-stable OpenSSL-fips-0_9_8-stable OpenSSL-fips-1_2-stable OpenSSL-fips-2_0-dev OpenSSL-fips-2_0-stable OpenSSL-fips2-0_9_7-stable OpenSSL_0_9_6-stable OpenSSL_0_9_7-stable OpenSSL_0_9_8-stable OpenSSL_0_9_8fg-stable OpenSSL_1_0_0-stable OpenSSL_1_0_1-stable OpenSSL_1_0_2-stable OpenSSL_1_1_0-stable OpenSSL_1_1_1-stable SSLeay feature/dtls-1.3 feature/ech feature/quic-server master openssl-3.0 openssl-3.1 openssl-3.2 openssl-3.3 openssl-3.4 tls1.3-draft-18 tls1.3-draft-19
	Mirror of https://github.com/openssl/openssl	matthias

summaryrefslogtreecommitdiffstats

log msg author committer range

path: root/test/evp_test.c

Age	Commit message (Collapse)	Author
2017-01-24	Add support for Poly1305 in EVP_PKEY	Todd Short
	Add Poly1305 as a "signed" digest. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-05	Remove BIO_seek/BIO_tell from evp_test.c	Dr. Stephen Henson
	BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms. Avoid them by using a temporary memory BIO to store key PEM data. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2183)
2016-12-16	evp_test: when function and reason strings aren't available, just skip	Richard Levitte
	Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2093)
2016-12-14	Add function and reason checking to evp_test	Dr. Stephen Henson
	Add options to check the function and reason code matches expected values. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-10	Additional error tests in evp_test.c	Dr. Stephen Henson
	Support checking for errors during test initialisation and parsing. Add errors and tests for key operation initalisation and ctrl errors. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-21	Skipping tests in evp_test leaks memory	Todd Short
	When configured with "no-mdc2 enable-crypto-mdebug" the evp_test will leak memory due to skipped tests, and error out. Also fix a skip condition Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1968)
2016-11-10	Fix the evp_test Ctrl keyword processing	Richard Levitte
	Skip the test if the value after ":" is a disabled algorithm, rather than failing it Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-12	Check for bad filename in evp_test	Rich Salz
	Thanks to Brian Carpter for reporting this. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-17	Copyright consolidation 02/10	Rich Salz
	Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16	test/evp_test.c: exercise in-place encryption.	Andy Polyakov
	Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-06	test/evp_test.c: exercise different combinations of data misalignment.	Andy Polyakov
	Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-18	Make string_to_hex/hex_to_string public	Rich Salz
	Give the API new names, document it. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-07	test/[dane|evp_]test.c: BIO-fy file I/O.	Andy Polyakov
	Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21	Fix no-scrypt	Matt Caswell
	Fix the evp tests when no-scrypt is used. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18	Fix no-des	Matt Caswell
	Numerous fixes for no-des. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18	Fix no-cmac	Matt Caswell
	There were a couple of CMAC references without OPENSSL_NO_CMAC guards. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02	Generalise KDF test in evp_test.c	Dr. Stephen Henson
	Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02	Add Ctrl keyword to KDF test in evp_test	Dr. Stephen Henson
	Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-09	Clean up the tests for auto-init/de-init	Matt Caswell
	Remove the need to explicitly initialise/deinitialise for the tests Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-05	If memory debugging enabled return error on leaks.	Dr. Stephen Henson
	Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-30	handle "Ctrl" in separate function	Dr. Stephen Henson
	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-30	Add support for EVP_PKEY_derive in evp_test	Dr. Stephen Henson
	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-30	fix warning	Dr. Stephen Henson
	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26	Remove /* foo.c */ comments	Rich Salz
	This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-19	Add TLS1-PRF test support to evp_test	Dr. Stephen Henson
	Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-11	Enable/disable crypto-mdebug just like other features	Viktor Dukhovni
	Also always abort() on leak failure. Reviewed-by: Stephen Henson <steve@openssl.org>
2015-12-16	Rename some BUF_xxx to OPENSSL_xxx	Rich Salz
	Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen} Add #define's for the old names. Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-11	Adapt EVP tests to the opaque EVP_ENCODE_CTX	Richard Levitte
	Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-10	test/evp_test.c: allow generic AEAD ciphers to be tested.	Andy Polyakov
	Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-07	Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)	Richard Levitte
	Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07	Adjust all accesses to EVP_MD_CTX to use accessor functions.	Richard Levitte
	Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-23	Remove useless code	Alessandro Ghedini
	RT#4081 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-17	RT3757: base64 encoding bugs	Emilia Kasper
	Rewrite EVP_DecodeUpdate. In particular: reject extra trailing padding, and padding in the middle of the content. Don't limit line length. Add tests. Previously, the behaviour was ill-defined, and depended on the position of the padding within the input. In addition, this appears to fix a possible two-byte oob read. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-09-04	RT3998: Allow scrypt to be disabled	Rich Salz
	This does 64-bit division and multiplication, and on 32-bit platforms pulls in libgcc symbols (and MSVC does similar) which may not be available. Mostly done by David Woodhouse. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-05-26	Add PBE tests.	Dr. Stephen Henson
	Add support for PKCS#12 and PBKDF2 password based encryption tests. Add additional test data. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20	Add scrypt tests.	Dr. Stephen Henson
	Add scrypt test support to evp_test and add test values from from draft-josefsson-scrypt-kdf-03. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06	Use "==0" instead of "!strcmp" etc	Rich Salz
	For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-06	Initialize potentially uninitialized local variables	Gunnar Kudrjavets
	Compiling OpenSSL code with MSVC and /W4 results in a number of warnings. One category of warnings is particularly interesting - C4701 (potentially uninitialized local variable 'name' used). This warning pretty much means that there's a code path which results in uninitialized variables being used or returned. Depending on compiler, its options, OS, values in registers and/or stack, the results can be nondeterministic. Cases like this are very hard to debug so it's rational to fix these issues. This patch contains a set of trivial fixes for all the C4701 warnings (just initializing variables to 0 or NULL or appropriate error code) to make sure that deterministic values will be returned from all the execution paths. RT#3835 Signed-off-by: Matt Caswell <matt@openssl.org> Matt's note: All of these appear to be bogus warnings, i.e. there isn't actually a code path where an unitialised variable could be used - its just that the compiler hasn't been able to figure that out from the logic. So this commit is just about silencing spurious warnings. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-04	Use safer sizeof variant in malloc	Rich Salz
	For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01	free NULL cleanup -- coda	Rich Salz
	After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01	free null cleanup finale	Rich Salz
	Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-31	Stop symlinking, move files to intended directory	Richard Levitte
	Rather than making include/openssl/foo.h a symlink to crypto/foo/foo.h, this change moves the file to include/openssl/foo.h once and for all. Likewise, move crypto/foo/footest.c to test/footest.c, instead of symlinking it there. Originally-by: Geoff Thorpe <geoff@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>

generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 05:43:04 +0000

/*-
 * Copyright (c) 2002 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project by ThinkSec AS and
 * NAI Labs, the Security Research Division of Network Associates, Inc.
 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
 * DARPA CHATS research program.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
RCSID("$Id: auth-pam.c,v 1.83 2003/11/21 12:48:55 djm Exp $");

#ifdef USE_PAM
#include <security/pam_appl.h>

#include "auth.h"
#include "auth-pam.h"
#include "buffer.h"
#include "bufaux.h"
#include "canohost.h"
#include "log.h"
#include "monitor_wrap.h"
#include "msg.h"
#include "packet.h"
#include "readpass.h"
#include "servconf.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "auth-options.h"

extern ServerOptions options;
extern Buffer loginmsg;

#define __unused

#ifdef USE_POSIX_THREADS
#include <pthread.h>
/*
 * Avoid namespace clash when *not* using pthreads for systems *with*
 * pthreads, which unconditionally define pthread_t via sys/types.h
 * (e.g. Linux)
 */
typedef pthread_t sp_pthread_t;
#else
/*
 * Simulate threads with processes.
 */
typedef pid_t sp_pthread_t;

static void
pthread_exit(void *value __unused)
{
	_exit(0);
}

static int
pthread_create(sp_pthread_t *thread, const void *attr __unused,
    void *(*thread_start)(void *), void *arg)
{
	pid_t pid;

	switch ((pid = fork())) {
	case -1:
		error("fork(): %s", strerror(errno));
		return (-1);
	case 0:
		thread_start(arg);
		_exit(1);
	default:
		*thread = pid;
		return (0);
	}
}

static int
pthread_cancel(sp_pthread_t thread)
{
	return (kill(thread, SIGTERM));
}

static int
pthread_join(sp_pthread_t thread, void **value __unused)
{
	int status;

	waitpid(thread, &status, 0);
	return (status);
}
#endif


static pam_handle_t *sshpam_handle = NULL;
static int sshpam_err = 0;
static int sshpam_authenticated = 0;
static int sshpam_new_authtok_reqd = 0;
static int sshpam_session_open = 0;
static int sshpam_cred_established = 0;
static char **sshpam_env = NULL;

struct pam_ctxt {
	sp_pthread_t	 pam_thread;
	int		 pam_psock;
	int		 pam_csock;
	int		 pam_done;
};

static void sshpam_free_ctx(void *);
static struct pam_ctxt *cleanup_ctxt;

/* Some PAM implementations don't implement this */
#ifndef HAVE_PAM_GETENVLIST
static char **
pam_getenvlist(pam_handle_t *pamh)
{
	/*
	 * XXX - If necessary, we can still support envrionment passing
	 * for platforms without pam_getenvlist by searching for known
	 * env vars (e.g. KRB5CCNAME) from the PAM environment.
	 */
	 return NULL;
}
#endif

/* Import regular and PAM environment from subprocess */
static void
import_environments(Buffer *b)
{
	char *env;
	u_int i, num_env;
	int err;

	/* Import environment from subprocess */
	num_env = buffer_get_int(b);
	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
	debug3("PAM: num env strings %d", num_env);
	for(i = 0; i < num_env; i++)
		sshpam_env[i] = buffer_get_string(b, NULL);

	sshpam_env[num_env] = NULL;

	/* Import PAM environment from subprocess */
	num_env = buffer_get_int(b);
	debug("PAM: num PAM env strings %d", num_env);
	for(i = 0; i < num_env; i++) {
		env = buffer_get_string(b, NULL);

#ifdef HAVE_PAM_PUTENV
		/* Errors are not fatal here */
		if ((err = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
			error("PAM: pam_putenv: %s",
			    pam_strerror(sshpam_handle, sshpam_err));
		}
#endif
	}
}

/*
 * Conversation function for authentication thread.
 */
static int
sshpam_thread_conv(int n, const struct pam_message **msg,
    struct pam_response **resp, void *data)
{
	Buffer buffer;
	struct pam_ctxt *ctxt;
	struct pam_response *reply;
	int i;

	*resp = NULL;

	ctxt = data;
	if (n <= 0 || n > PAM_MAX_NUM_MSG)
		return (PAM_CONV_ERR);

	if ((reply = malloc(n * sizeof(*reply))) == NULL)
		return (PAM_CONV_ERR);
	memset(reply, 0, n * sizeof(*reply));

	buffer_init(&buffer);
	for (i = 0; i < n; ++i) {
		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
		case PAM_PROMPT_ECHO_OFF:
			buffer_put_cstring(&buffer,
			    PAM_MSG_MEMBER(msg, i, msg));
			if (ssh_msg_send(ctxt->pam_csock,
			    <