tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: make DSA testing optional, defaulting to on 

ok markus

OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a
This commit is contained in:
djm@openbsd.org 2024-01-11 01:45:58 +00:00 committed by Damien Miller
parent f9311e8921
commit 415c94ce17
No known key found for this signature in database
8 changed files with 61 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
regress/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.131 2023/12/18 14:50:08 djm Exp $ # $OpenBSD: Makefile,v 1.132 2024/01/11 01:45:58 djm Exp $
tests: prep file-tests t-exec unit tests: prep file-tests t-exec unit
@ -180,10 +180,12 @@ t5:
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
t6: t6:
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q ^ssh-dss ; then \
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \
chmod 600 $(OBJ)/t6.out1 ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \
${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 chmod 600 $(OBJ)/t6.out1 ; \
${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 ; \
fi
$(OBJ)/t7.out: $(OBJ)/t7.out:
${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@
@ -193,11 +195,15 @@ t7: $(OBJ)/t7.out
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null
$(OBJ)/t8.out: $(OBJ)/t8.out:
${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \
fi
t8: $(OBJ)/t8.out t8: $(OBJ)/t8.out
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \
fi
$(OBJ)/t9.out: $(OBJ)/t9.out:
! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \ ! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \

7
regress/unittests/Makefile.inc
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.inc,v 1.15 2023/09/24 08:14:13 claudio Exp $ # $OpenBSD: Makefile.inc,v 1.16 2024/01/11 01:45:58 djm Exp $
.include <bsd.own.mk> .include <bsd.own.mk>
.include <bsd.obj.mk> .include <bsd.obj.mk>
@ -13,6 +13,11 @@ TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTIONS}
# XXX detect from ssh binary? # XXX detect from ssh binary?
OPENSSL?= yes OPENSSL?= yes
DSAKEY?= yes
.if (${DSAKEY:L} == "yes")
CFLAGS+= -DWITH_DSA
.endif
.if (${OPENSSL:L} == "yes") .if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL CFLAGS+= -DWITH_OPENSSL

11
regress/unittests/hostkeys/test_iterate.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_iterate.c,v 1.8 2021/12/14 21:25:27 deraadt Exp $ */ /* $OpenBSD: test_iterate.c,v 1.9 2024/01/11 01:45:58 djm Exp $ */
/* /*
* Regress test for hostfile.h hostkeys_foreach() * Regress test for hostfile.h hostkeys_foreach()
* *
@ -94,6 +94,11 @@ check(struct hostkey_foreach_line *l, void *_ctx)
expected->no_parse_keytype == KEY_ECDSA) expected->no_parse_keytype == KEY_ECDSA)
skip = 1; skip = 1;
#endif /* OPENSSL_HAS_ECC */ #endif /* OPENSSL_HAS_ECC */
#ifndef WITH_DSA
if (expected->l.keytype == KEY_DSA ||
expected->no_parse_keytype == KEY_DSA)
skip = 1;
#endif
#ifndef WITH_OPENSSL #ifndef WITH_OPENSSL
if (expected->l.keytype == KEY_DSA || if (expected->l.keytype == KEY_DSA ||
expected->no_parse_keytype == KEY_DSA || expected->no_parse_keytype == KEY_DSA ||
@ -155,6 +160,10 @@ prepare_expected(struct expected *expected, size_t n)
if (expected[i].l.keytype == KEY_ECDSA) if (expected[i].l.keytype == KEY_ECDSA)
continue; continue;
#endif /* OPENSSL_HAS_ECC */ #endif /* OPENSSL_HAS_ECC */
#ifndef WITH_DSA
if (expected[i].l.keytype == KEY_DSA)
continue;
#endif
#ifndef WITH_OPENSSL #ifndef WITH_OPENSSL
switch (expected[i].l.keytype) { switch (expected[i].l.keytype) {
case KEY_RSA: case KEY_RSA:

4
regress/unittests/kex/test_kex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_kex.c,v 1.6 2021/12/14 21:25:27 deraadt Exp $ */ /* $OpenBSD: test_kex.c,v 1.7 2024/01/11 01:45:58 djm Exp $ */
/* /*
* Regress test KEX * Regress test KEX
* *
@ -179,7 +179,9 @@ do_kex(char *kex)
{ {
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
do_kex_with_key(kex, KEY_RSA, 2048); do_kex_with_key(kex, KEY_RSA, 2048);
#ifdef WITH_DSA
do_kex_with_key(kex, KEY_DSA, 1024); do_kex_with_key(kex, KEY_DSA, 1024);
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
do_kex_with_key(kex, KEY_ECDSA, 256); do_kex_with_key(kex, KEY_ECDSA, 256);
#endif /* OPENSSL_HAS_ECC */ #endif /* OPENSSL_HAS_ECC */

4
regress/unittests/sshkey/test_file.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_file.c,v 1.10 2021/12/14 21:25:27 deraadt Exp $ */ /* $OpenBSD: test_file.c,v 1.11 2024/01/11 01:45:58 djm Exp $ */
/* /*
* Regress test for sshkey.h key management API * Regress test for sshkey.h key management API
* *
@ -165,6 +165,7 @@ sshkey_file_tests(void)
sshkey_free(k1); sshkey_free(k1);
#ifdef WITH_DSA
TEST_START("parse DSA from private"); TEST_START("parse DSA from private");
buf = load_file("dsa_1"); buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@ -255,6 +256,7 @@ sshkey_file_tests(void)
TEST_DONE(); TEST_DONE();
sshkey_free(k1); sshkey_free(k1);
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("parse ECDSA from private"); TEST_START("parse ECDSA from private");

8
regress/unittests/sshkey/test_fuzz.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_fuzz.c,v 1.13 2021/12/14 21:25:27 deraadt Exp $ */ /* $OpenBSD: test_fuzz.c,v 1.14 2024/01/11 01:45:58 djm Exp $ */
/* /*
* Fuzz tests for key parsing * Fuzz tests for key parsing
* *
@ -160,6 +160,7 @@ sshkey_fuzz_tests(void)
fuzz_cleanup(fuzz); fuzz_cleanup(fuzz);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("fuzz DSA private"); TEST_START("fuzz DSA private");
buf = load_file("dsa_1"); buf = load_file("dsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
@ -203,6 +204,7 @@ sshkey_fuzz_tests(void)
sshbuf_free(fuzzed); sshbuf_free(fuzzed);
fuzz_cleanup(fuzz); fuzz_cleanup(fuzz);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA private"); TEST_START("fuzz ECDSA private");
@ -288,6 +290,7 @@ sshkey_fuzz_tests(void)
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("fuzz DSA public"); TEST_START("fuzz DSA public");
buf = load_file("dsa_1"); buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@ -301,6 +304,7 @@ sshkey_fuzz_tests(void)
public_fuzz(k1); public_fuzz(k1);
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA public"); TEST_START("fuzz ECDSA public");
@ -358,6 +362,7 @@ sshkey_fuzz_tests(void)
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("fuzz DSA sig"); TEST_START("fuzz DSA sig");
buf = load_file("dsa_1"); buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@ -365,6 +370,7 @@ sshkey_fuzz_tests(void)
sig_fuzz(k1, NULL); sig_fuzz(k1, NULL);
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA sig"); TEST_START("fuzz ECDSA sig");

23
regress/unittests/sshkey/test_sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */ /* $OpenBSD: test_sshkey.c,v 1.24 2024/01/11 01:45:58 djm Exp $ */
/* /*
* Regress test for sshkey.h key management API * Regress test for sshkey.h key management API
* *
@ -180,14 +180,14 @@ get_private(const char *n)
void void
sshkey_tests(void) sshkey_tests(void)
{ {
struct sshkey *k1, *k2, *k3, *kf; struct sshkey *k1 = NULL, *k2 = NULL, *k3 = NULL, *kf = NULL;
#ifdef WITH_OPENSSL #ifdef WITH_OPENSSL
struct sshkey *k4, *kr, *kd; struct sshkey *k4 = NULL, *kr = NULL, *kd = NULL;
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
struct sshkey *ke; struct sshkey *ke = NULL;
#endif /* OPENSSL_HAS_ECC */ #endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */ #endif /* WITH_OPENSSL */
struct sshbuf *b; struct sshbuf *b = NULL;
TEST_START("new invalid"); TEST_START("new invalid");
k1 = sshkey_new(-42); k1 = sshkey_new(-42);
@ -208,12 +208,14 @@ sshkey_tests(void)
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("new/free KEY_DSA"); TEST_START("new/free KEY_DSA");
k1 = sshkey_new(KEY_DSA); k1 = sshkey_new(KEY_DSA);
ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL); ASSERT_PTR_NE(k1->dsa, NULL);
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("new/free KEY_ECDSA"); TEST_START("new/free KEY_ECDSA");
@ -245,12 +247,14 @@ sshkey_tests(void)
ASSERT_PTR_EQ(k1, NULL); ASSERT_PTR_EQ(k1, NULL);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("generate KEY_DSA wrong bits"); TEST_START("generate KEY_DSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1), ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
SSH_ERR_KEY_LENGTH); SSH_ERR_KEY_LENGTH);
ASSERT_PTR_EQ(k1, NULL); ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA wrong bits"); TEST_START("generate KEY_ECDSA wrong bits");
@ -273,6 +277,7 @@ sshkey_tests(void)
ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024); ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("generate KEY_DSA"); TEST_START("generate KEY_DSA");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
ASSERT_PTR_NE(kd, NULL); ASSERT_PTR_NE(kd, NULL);
@ -280,6 +285,7 @@ sshkey_tests(void)
ASSERT_PTR_NE(dsa_g(kd), NULL); ASSERT_PTR_NE(dsa_g(kd), NULL);
ASSERT_PTR_NE(dsa_priv_key(kd), NULL); ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA"); TEST_START("generate KEY_ECDSA");
@ -317,6 +323,7 @@ sshkey_tests(void)
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("demote KEY_DSA"); TEST_START("demote KEY_DSA");
ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0); ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1, NULL);
@ -331,6 +338,7 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_equal(kd, k1), 1); ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
sshkey_free(k1); sshkey_free(k1);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("demote KEY_ECDSA"); TEST_START("demote KEY_ECDSA");
@ -382,9 +390,6 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0); ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kr, k1), 0); ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
sshkey_free(k1); sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kd, k1), 0);
sshkey_free(k1);
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0); ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(ke, k1), 0); ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
@ -479,6 +484,7 @@ sshkey_tests(void)
sshkey_free(k2); sshkey_free(k2);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("sign and verify DSA"); TEST_START("sign and verify DSA");
k1 = get_private("dsa_1"); k1 = get_private("dsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
@ -487,6 +493,7 @@ sshkey_tests(void)
sshkey_free(k1); sshkey_free(k1);
sshkey_free(k2); sshkey_free(k2);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("sign and verify ECDSA"); TEST_START("sign and verify ECDSA");

4
regress/unittests/sshsig/tests.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */ /* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */
/* /*
* Regress test for sshbuf.h buffer API * Regress test for sshbuf.h buffer API
* *
@ -103,9 +103,11 @@ tests(void)
check_sig("rsa.pub", "rsa.sig", msg, namespace); check_sig("rsa.pub", "rsa.sig", msg, namespace);
TEST_DONE(); TEST_DONE();
#ifdef WITH_DSA
TEST_START("check DSA signature"); TEST_START("check DSA signature");
check_sig("dsa.pub", "dsa.sig", msg, namespace); check_sig("dsa.pub", "dsa.sig", msg, namespace);
TEST_DONE(); TEST_DONE();
#endif
#ifdef OPENSSL_HAS_ECC #ifdef OPENSSL_HAS_ECC
TEST_START("check ECDSA signature"); TEST_START("check ECDSA signature");