Call for testing: OpenSSH 6.9
Damien Miller
djm at mindrot.org
Wed Jun 24 00:57:29 AEST 2015
On Tue, 23 Jun 2015, Jakub Jelen wrote:
>
> On 05/29/2015 09:12 AM, Damien Miller wrote:
> > Hi,
> >
> > OpenSSH 6.9 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This release contains
> > some substantial new features and a number of bugfixes.
> Tested basic configuration on Fedora 22. With default configuration I ran in
> few problems:
> ~ root login
> ~ can be there some test if you are running as root and if you are, add
> this configuration option? Or
> ~ warnings about missing moduli
> ~ WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
> ~ the path is compiled in so no way to expect it somewhere else than it is
> configured
>
> Maybe it would be useful to update README.regress with such know issues. At
> least these two issues seems to be pretty common recently.
>
>
> With normal user, sudo and our configuration all tests went well.
>
> Experimental build without openssl (regardless other config options) fails
> early during linking of test suite:
We've not really tried to make the unit/regress tests work without OpenSSL.
Here's a first attempt at the unit tests:
diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c
index 23025f9..2271e94 100644
--- a/regress/unittests/bitmap/tests.c
+++ b/regress/unittests/bitmap/tests.c
@@ -27,6 +27,7 @@
void
tests(void)
{
+#ifdef WITH_OPENSSL
struct bitmap *b;
BIGNUM *bn;
size_t len;
@@ -131,5 +132,6 @@ tests(void)
bitmap_free(b);
BN_free(bn);
TEST_DONE();
+#endif /* WITH_OPENSSL */
}
diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 2eaaf06..da0e353 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx)
#ifndef WITH_SSH1
if (parse_key && (expected->l.keytype == KEY_RSA1 ||
- expected->no_parse_keytype == KEY_RSA1)) {
+ expected->no_parse_keytype == KEY_RSA1)) {
expected_status = HKF_STATUS_INVALID;
expected_keytype = KEY_UNSPEC;
parse_key = 0;
}
#endif
+#ifndef WITH_OPENSSL
+ if (expected->l.keytype == KEY_RSA ||
+ expected->no_parse_keytype == KEY_RSA ||
+ expected->l.keytype == KEY_DSA ||
+ expected->no_parse_keytype == KEY_DSA) {
+ expected_status = HKF_STATUS_INVALID;
+ expected_keytype = KEY_UNSPEC;
+ parse_key = 0;
+ }
+#endif /* WITH_OPENSSL */
#ifndef OPENSSL_HAS_ECC
if (expected->l.keytype == KEY_ECDSA ||
expected->no_parse_keytype == KEY_ECDSA) {
@@ -105,7 +115,7 @@ check(struct hostkey_foreach_line *l, void *_ctx)
expected_keytype = KEY_UNSPEC;
parse_key = 0;
}
-#endif
+#endif /* OPENSSL_HAS_ECC */
UPDATE_MATCH_STATUS(match_host_p);
UPDATE_MATCH_STATUS(match_host_s);
@@ -154,10 +164,15 @@ prepare_expected(struct expected *expected, size_t n)
if (expected[i].l.keytype == KEY_RSA1)
continue;
#endif
+#ifndef WITH_OPENSSL
+ if (expected[i].l.keytype == KEY_RSA ||
+ expected[i].l.keytype == KEY_DSA)
+ continue;
#ifndef OPENSSL_HAS_ECC
if (expected[i].l.keytype == KEY_ECDSA)
continue;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index c61e2bd..cf35f09 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits)
sshbuf_free(state);
ASSERT_PTR_NE(server2->kex, NULL);
/* XXX we need to set the callbacks */
+#ifdef WITH_OPENSSL
server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
#ifdef OPENSSL_HAS_ECC
server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
+
server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
server2->kex->load_host_public_key = server->kex->load_host_public_key;
server2->kex->load_host_private_key = server->kex->load_host_private_key;
@@ -173,11 +176,13 @@ do_kex_with_key(char *kex, int keytype, int bits)
static void
do_kex(char *kex)
{
+#ifdef WITH_OPENSSL
do_kex_with_key(kex, KEY_RSA, 2048);
do_kex_with_key(kex, KEY_DSA, 1024);
#ifdef OPENSSL_HAS_ECC
do_kex_with_key(kex, KEY_ECDSA, 256);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
do_kex_with_key(kex, KEY_ED25519, 256);
}
@@ -185,13 +190,15 @@ void
kex_tests(void)
{
do_kex("curve25519-sha256 at libssh.org");
+#ifdef WITH_OPENSSL
#ifdef OPENSSL_HAS_ECC
do_kex("ecdh-sha2-nistp256");
do_kex("ecdh-sha2-nistp384");
do_kex("ecdh-sha2-nistp521");
-#endif
+#endif /* OPENSSL_HAS_ECC */
do_kex("diffie-hellman-group-exchange-sha256");
do_kex("diffie-hellman-group-exchange-sha1");
do_kex("diffie-hellman-group14-sha1");
do_kex("diffie-hellman-group1-sha1");
+#endif /* WITH_OPENSSL */
}
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
index a68e132..0b50bd3 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
@@ -31,6 +31,7 @@ void sshbuf_getput_crypto_tests(void);
void
sshbuf_getput_crypto_tests(void)
{
+#ifdef WITH_OPENSSL
struct sshbuf *p1;
BIGNUM *bn, *bn2;
/* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
@@ -404,6 +405,7 @@ sshbuf_getput_crypto_tests(void)
BN_free(bn);
BN_free(bn2);
TEST_DONE();
-#endif
+#endif /* defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) */
+#endif /* WITH_OPENSSL */
}
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
index c6b5c29..ed605ce 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
@@ -32,7 +32,9 @@ static void
attempt_parse_blob(u_char *blob, size_t len)
{
struct sshbuf *p1;
+#ifdef WITH_OPENSSL
BIGNUM *bn;
+#endif
#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
EC_KEY *eck;
#endif
@@ -54,12 +56,14 @@ attempt_parse_blob(u_char *blob, size_t len)
bzero(s, l);
free(s);
}
+#ifdef WITH_OPENSSL
bn = BN_new();
sshbuf_get_bignum1(p1, bn);
BN_clear_free(bn);
bn = BN_new();
sshbuf_get_bignum2(p1, bn);
BN_clear_free(bn);
+#endif
#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ASSERT_PTR_NE(eck, NULL);
diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
index b598f05..7deacf9 100644
--- a/regress/unittests/sshkey/common.c
+++ b/regress/unittests/sshkey/common.c
@@ -70,6 +70,7 @@ load_text_file(const char *name)
return ret;
}
+#ifdef WITH_OPENSSL
BIGNUM *
load_bignum(const char *name)
{
@@ -81,4 +82,5 @@ load_bignum(const char *name)
sshbuf_free(buf);
return ret;
}
+#endif /* WITH_OPENSSL */
diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
index fa95212..452ab6e 100644
--- a/regress/unittests/sshkey/test_file.c
+++ b/regress/unittests/sshkey/test_file.c
@@ -44,8 +44,10 @@ sshkey_file_tests(void)
{
struct sshkey *k1, *k2;
struct sshbuf *buf, *pw;
- BIGNUM *a, *b, *c;
char *cp;
+#ifdef WITH_OPENSSL
+ BIGNUM *a, *b, *c;
+#endif
TEST_START("load passphrase");
pw = load_text_file("pw");
@@ -102,6 +104,7 @@ sshkey_file_tests(void)
sshkey_free(k1);
#endif
+#ifdef WITH_OPENSSL
TEST_START("parse RSA from private");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",
@@ -388,6 +391,7 @@ sshkey_file_tests(void)
sshkey_free(k1);
#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("parse Ed25519 from private");
buf = load_file("ed25519_1");
@@ -399,6 +403,7 @@ sshkey_file_tests(void)
/* XXX check key contents */
TEST_DONE();
+#ifdef WITH_OPENSSL /* XXX ed25519_1_pw is encrypted with aes256-cbc */
TEST_START("parse Ed25519 from private w/ passphrase");
buf = load_file("ed25519_1_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
@@ -408,6 +413,7 @@ sshkey_file_tests(void)
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
+#endif
TEST_START("load Ed25519 from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index 1f08a2e..4fc6584 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -150,6 +150,7 @@ sshkey_fuzz_tests(void)
TEST_DONE();
#endif
+#ifdef WITH_OPENSSL
TEST_START("fuzz RSA private");
buf = load_file("rsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
@@ -282,7 +283,8 @@ sshkey_fuzz_tests(void)
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("fuzz Ed25519 private");
buf = load_file("ed25519_1");
@@ -306,6 +308,7 @@ sshkey_fuzz_tests(void)
fuzz_cleanup(fuzz);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("fuzz RSA public");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
@@ -351,7 +354,8 @@ sshkey_fuzz_tests(void)
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("fuzz Ed25519 public");
buf = load_file("ed25519_1");
@@ -368,6 +372,7 @@ sshkey_fuzz_tests(void)
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("fuzz RSA sig");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
@@ -395,7 +400,8 @@ sshkey_fuzz_tests(void)
sig_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("fuzz Ed25519 sig");
buf = load_file("ed25519_1");
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 4453a85..d4a3dee 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -50,6 +50,7 @@ put_opt(struct sshbuf *b, const char *name, const char *value)
sshbuf_free(sect);
}
+#ifdef WITH_OPENSSL
static void
build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
const struct sshkey *sign_key, const struct sshkey *ca_key)
@@ -109,6 +110,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
sshbuf_free(principals);
sshbuf_free(pk);
}
+#endif /* WITH_OPENSSL */
static void
signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l)
@@ -174,7 +176,10 @@ get_private(const char *n)
void
sshkey_tests(void)
{
- struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
+ struct sshkey *k1, *k2, *k3, *kf;
+#ifdef WITH_OPENSSL
+ struct sshkey *k4, *kr, *kd;
+#endif
#ifdef OPENSSL_HAS_ECC
struct sshkey *ke;
#endif
@@ -191,6 +196,7 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("new/free KEY_RSA1");
k1 = sshkey_new(KEY_RSA1);
ASSERT_PTR_NE(k1, NULL);
@@ -227,7 +233,8 @@ sshkey_tests(void)
ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */
sshkey_free(k1);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("new/free KEY_ED25519");
k1 = sshkey_new(KEY_ED25519);
@@ -238,6 +245,7 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("new_private KEY_RSA");
k1 = sshkey_new_private(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
@@ -313,7 +321,8 @@ sshkey_tests(void)
ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("generate KEY_ED25519");
ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
@@ -323,6 +332,7 @@ sshkey_tests(void)
ASSERT_PTR_NE(kf->ed25519_sk, NULL);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("demote KEY_RSA");
ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
@@ -370,7 +380,8 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
sshkey_free(k1);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("demote KEY_ED25519");
ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0);
@@ -386,6 +397,7 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("equal mismatched key types");
ASSERT_INT_EQ(sshkey_equal(kd, kr), 0);
#ifdef OPENSSL_HAS_ECC
@@ -412,13 +424,16 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
sshkey_free(k1);
TEST_DONE();
+#endif /* WITH_OPENSSL */
+#ifdef WITH_OPENSSL
sshkey_free(kr);
sshkey_free(kd);
#ifdef OPENSSL_HAS_ECC
sshkey_free(ke);
#endif
sshkey_free(kf);
+#endif /* WITH_OPENSSL */
TEST_START("certify key");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"),
@@ -463,6 +478,7 @@ sshkey_tests(void)
sshbuf_reset(b);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("sign and verify RSA");
k1 = get_private("rsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
@@ -490,7 +506,8 @@ sshkey_tests(void)
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
TEST_START("sign and verify ED25519");
k1 = get_private("ed25519_1");
@@ -501,6 +518,7 @@ sshkey_tests(void)
sshkey_free(k2);
TEST_DONE();
+#ifdef WITH_OPENSSL
TEST_START("nested certificate");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
@@ -515,5 +533,5 @@ sshkey_tests(void)
sshkey_free(k3);
sshbuf_free(b);
TEST_DONE();
-
+#endif /* WITH_OPENSSL */
}
diff --git a/regress/unittests/sshkey/tests.c b/regress/unittests/sshkey/tests.c
index 13f265c..b1baf12 100644
--- a/regress/unittests/sshkey/tests.c
+++ b/regress/unittests/sshkey/tests.c
@@ -18,8 +18,10 @@ void sshkey_fuzz_tests(void);
void
tests(void)
{
+#ifdef WITH_OPENSSL
OpenSSL_add_all_algorithms();
ERR_load_CRYPTO_strings();
+#endif
sshkey_tests();
sshkey_file_tests();
diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
index 26ca26b..8bd9e0f 100644
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@@ -248,6 +248,7 @@ test_subtest_info(const char *fmt, ...)
va_end(ap);
}
+#ifdef WITH_OPENSSL
void
ssl_err_check(const char *file, int line)
{
@@ -260,6 +261,7 @@ ssl_err_check(const char *file, int line)
file, line, ERR_error_string(openssl_error, NULL));
abort();
}
+#endif
static const char *
pred_name(enum test_predicate p)
@@ -302,6 +304,7 @@ test_header(const char *file, int line, const char *a1, const char *a2,
a2 != NULL ? ", " : "", a2 != NULL ? a2 : "");
}
+#ifdef WITH_OPENSSL
void
assert_bignum(const char *file, int line, const char *a1, const char *a2,
const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred)
@@ -314,6 +317,7 @@ assert_bignum(const char *file, int line, const char *a1, const char *a2,
fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2));
test_die();
}
+#endif
void
assert_string(const char *file, int line, const char *a1, const char *a2,
More information about the openssh-unix-dev
mailing list