[openssh-commits] CVS: fuyu.mindrot.org: openssh

Darren Tucker dtucker at zip.com.au
Sun Jan 16 16:47:34 EST 2011 

On Thu, Jan 13, 2011 at 10:05:15PM +1100, Damien Miller wrote:
> Log message:
>  - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
>    should not depend on ECC support

... but it should depend on actually having SHA256.  Fixed regrest test
failures on old (<=0.9.6, I think) openssls.

Longer term (ie after release) I think we should cook up a function in
test-exec.sh that looks in config.h and use that in the tests.

Index: Makefile.in
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/Makefile.in,v
retrieving revision 1.318
diff -u -p -r1.318 Makefile.in
--- Makefile.in	14 Jan 2011 03:47:40 -0000	1.318
+++ Makefile.in	16 Jan 2011 05:29:19 -0000
@@ -416,6 +416,7 @@ tests interop-tests:	$(TARGETS)
 	TEST_SSH_CONCH="conch"; \
 	TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
 	TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
+	TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
 	cd $(srcdir)/regress || exit $$?; \
 	$(MAKE) \
 		.OBJDIR="$${BUILDDIR}/regress" \
@@ -438,6 +439,7 @@ tests interop-tests:	$(TARGETS)
 		TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
 		TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
 		TEST_SSH_ECC="$${TEST_SSH_ECC}" \
+		TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
 		EXEEXT="$(EXEEXT)" \
 		$@ && echo all tests passed
 
Index: configure.ac
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.464
diff -u -p -r1.464 configure.ac
--- configure.ac	13 Jan 2011 06:35:46 -0000	1.464
+++ configure.ac	16 Jan 2011 05:28:26 -0000
@@ -2239,7 +2239,9 @@ if test "x$check_for_libcrypt_later" = "
 fi
 
 # Search for SHA256 support in libc and/or OpenSSL
-AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
+AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes],
+    [TEST_SSH_SHA256=no])
+AC_SUBST(TEST_SSH_SHA256)
 
 # Check complete ECC support in OpenSSL
 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
Index: regress/kextype.sh
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/regress/kextype.sh,v
retrieving revision 1.5
diff -u -p -r1.5 kextype.sh
--- regress/kextype.sh	13 Jan 2011 11:05:15 -0000	1.5
+++ regress/kextype.sh	16 Jan 2011 05:19:27 -0000
@@ -10,7 +10,9 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
 if test "$TEST_SSH_ECC" = "yes"; then
 	kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521"
 fi
-kextypes="$kextypes diffie-hellman-group-exchange-sha256"
+if test "$TEST_SSH_SHA256" = "yes"; then
+	kextypes="$kextypes diffie-hellman-group-exchange-sha256"
+fi
 kextypes="$kextypes diffie-hellman-group-exchange-sha1"
 kextypes="$kextypes diffie-hellman-group14-sha1"
 kextypes="$kextypes diffie-hellman-group1-sha1"

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list