[openssh-commits] [openssh] 01/01: Restrict ECDSA and ECDH tests.
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Feb 25 15:35:07 AEDT 2015
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 5d5ec165c5b614b03678afdad881f10e25832e46
Author: Darren Tucker <dtucker at zip.com.au>
Date: Wed Feb 25 15:32:49 2015 +1100
Restrict ECDSA and ECDH tests.
ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
that does not have eliptic curve functionality.
---
regress/unittests/hostkeys/test_iterate.c | 12 ++++++++++++
regress/unittests/kex/test_kex.c | 6 ++++++
regress/unittests/sshkey/test_sshkey.c | 6 ++++++
3 files changed, 24 insertions(+)
diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 526e1c0..68a7061 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -165,6 +165,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #1",
} },
+#ifdef OPENSSL_HAS_ECC
{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
3,
@@ -178,6 +179,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #1",
} },
+#endif
{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
4,
@@ -256,6 +258,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #2",
} },
+#ifdef OPENSSL_HAS_ECC
{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
10,
@@ -269,6 +272,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #2",
} },
+#endif
{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
11,
@@ -347,6 +351,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #3",
} },
+#ifdef OPENSSL_HAS_ECC
{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
17,
@@ -360,6 +365,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #3",
} },
+#endif
{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
18,
@@ -438,6 +444,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #5",
} },
+#ifdef OPENSSL_HAS_ECC
{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
24,
@@ -451,6 +458,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #5",
} },
+#endif
{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
25,
@@ -547,6 +555,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #6",
} },
+#ifdef OPENSSL_HAS_ECC
{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
32,
@@ -586,6 +595,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #6",
} },
+#endif
{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
35,
@@ -768,6 +778,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ED25519 #4",
} },
+#ifdef OPENSSL_HAS_ECC
{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
49,
@@ -781,6 +792,7 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #4",
} },
+#endif
{ "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
50,
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index d5edf7e..c61e2bd 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -145,7 +145,9 @@ do_kex_with_key(char *kex, int keytype, int bits)
server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+#ifdef OPENSSL_HAS_ECC
server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+#endif
server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
server2->kex->load_host_public_key = server->kex->load_host_public_key;
server2->kex->load_host_private_key = server->kex->load_host_private_key;
@@ -173,7 +175,9 @@ do_kex(char *kex)
{
do_kex_with_key(kex, KEY_RSA, 2048);
do_kex_with_key(kex, KEY_DSA, 1024);
+#ifdef OPENSSL_HAS_ECC
do_kex_with_key(kex, KEY_ECDSA, 256);
+#endif
do_kex_with_key(kex, KEY_ED25519, 256);
}
@@ -181,9 +185,11 @@ void
kex_tests(void)
{
do_kex("curve25519-sha256 at libssh.org");
+#ifdef OPENSSL_HAS_ECC
do_kex("ecdh-sha2-nistp256");
do_kex("ecdh-sha2-nistp384");
do_kex("ecdh-sha2-nistp521");
+#endif
do_kex("diffie-hellman-group-exchange-sha256");
do_kex("diffie-hellman-group-exchange-sha1");
do_kex("diffie-hellman-group14-sha1");
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 3e4e39b..b233a25 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -217,12 +217,14 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
+#ifdef OPENSSL_HAS_ECC
TEST_START("new/free KEY_ECDSA");
k1 = sshkey_new(KEY_ECDSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("new/free KEY_ED25519");
k1 = sshkey_new(KEY_ED25519);
@@ -273,12 +275,14 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
+#ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("generate KEY_RSA");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 768, &kr), 0);
@@ -474,6 +478,7 @@ sshkey_tests(void)
sshkey_free(k2);
TEST_DONE();
+#ifdef OPENSSL_HAS_ECC
TEST_START("sign and verify ECDSA");
k1 = get_private("ecdsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
@@ -482,6 +487,7 @@ sshkey_tests(void)
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
+#endif
TEST_START("sign and verify ED25519");
k1 = get_private("ed25519_1");
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list