[openssh-commits] [openssh] 01/01: Restrict ECDSA and ECDH tests.

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Feb 25 15:35:07 AEDT 2015


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 5d5ec165c5b614b03678afdad881f10e25832e46
Author: Darren Tucker <dtucker at zip.com.au>
Date:   Wed Feb 25 15:32:49 2015 +1100

    Restrict ECDSA and ECDH tests.
    
    ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
    that does not have eliptic curve functionality.
---
 regress/unittests/hostkeys/test_iterate.c | 12 ++++++++++++
 regress/unittests/kex/test_kex.c          |  6 ++++++
 regress/unittests/sshkey/test_sshkey.c    |  6 ++++++
 3 files changed, 24 insertions(+)

diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 526e1c0..68a7061 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -165,6 +165,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #1",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		3,
@@ -178,6 +179,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #1",
 	} },
+#endif
 	{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		4,
@@ -256,6 +258,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #2",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		10,
@@ -269,6 +272,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #2",
 	} },
+#endif
 	{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		11,
@@ -347,6 +351,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #3",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		17,
@@ -360,6 +365,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #3",
 	} },
+#endif
 	{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		18,
@@ -438,6 +444,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #5",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
 		24,
@@ -451,6 +458,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #5",
 	} },
+#endif
 	{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
 		25,
@@ -547,6 +555,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #6",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
 		32,
@@ -586,6 +595,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #6",
 	} },
+#endif
 	{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
 		35,
@@ -768,6 +778,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ED25519 #4",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
 		NULL,
 		49,
@@ -781,6 +792,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #4",
 	} },
+#endif
 	{ "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		50,
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index d5edf7e..c61e2bd 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -145,7 +145,9 @@ do_kex_with_key(char *kex, int keytype, int bits)
 	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+#ifdef OPENSSL_HAS_ECC
 	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+#endif
 	server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
@@ -173,7 +175,9 @@ do_kex(char *kex)
 {
 	do_kex_with_key(kex, KEY_RSA, 2048);
 	do_kex_with_key(kex, KEY_DSA, 1024);
+#ifdef OPENSSL_HAS_ECC
 	do_kex_with_key(kex, KEY_ECDSA, 256);
+#endif
 	do_kex_with_key(kex, KEY_ED25519, 256);
 }
 
@@ -181,9 +185,11 @@ void
 kex_tests(void)
 {
 	do_kex("curve25519-sha256 at libssh.org");
+#ifdef OPENSSL_HAS_ECC
 	do_kex("ecdh-sha2-nistp256");
 	do_kex("ecdh-sha2-nistp384");
 	do_kex("ecdh-sha2-nistp521");
+#endif
 	do_kex("diffie-hellman-group-exchange-sha256");
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 3e4e39b..b233a25 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -217,12 +217,14 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef OPENSSL_HAS_ECC
 	TEST_START("new/free KEY_ECDSA");
 	k1 = sshkey_new(KEY_ECDSA);
 	ASSERT_PTR_NE(k1, NULL);
 	ASSERT_PTR_EQ(k1->ecdsa, NULL);  /* Can't allocate without NID */
 	sshkey_free(k1);
 	TEST_DONE();
+#endif
 
 	TEST_START("new/free KEY_ED25519");
 	k1 = sshkey_new(KEY_ED25519);
@@ -273,12 +275,14 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef OPENSSL_HAS_ECC
 	TEST_START("generate KEY_ECDSA wrong bits");
 	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
 	    SSH_ERR_INVALID_ARGUMENT);
 	ASSERT_PTR_EQ(k1, NULL);
 	sshkey_free(k1);
 	TEST_DONE();
+#endif
 
 	TEST_START("generate KEY_RSA");
 	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 768, &kr), 0);
@@ -474,6 +478,7 @@ sshkey_tests(void)
 	sshkey_free(k2);
 	TEST_DONE();
 
+#ifdef OPENSSL_HAS_ECC
 	TEST_START("sign and verify ECDSA");
 	k1 = get_private("ecdsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
@@ -482,6 +487,7 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
+#endif
 
 	TEST_START("sign and verify ED25519");
 	k1 = get_private("ed25519_1");

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list