[PATCH 0/4] Fix --without-openssl

Alex Xu alex_y_xu at yahoo.ca
Mon Jun 11 00:05:37 AEST 2018


This patch set fixes various aspects of --without-openssl. It is
primarily intended to allow Gentoo users to install both OpenSSL 1.1 and
OpenSSH at the same time without using LibreSSL.

This patch set was tested with OpenSSL 1.1.0h and with firejail
--blacklist=/usr/include/openssl on Gentoo Linux. It was not tested with
OpenSSL 1.0 or without --without-openssl.

`make tests` passes except for test_hostkeys:

regress/unittests/hostkeys/test_iterate.c:108 test #1 "hostkeys_iterate all with key parse" - entry 2/27, file line 2
ASSERT_LONG LONG_EQ(l->linenum, expected->l.linenum) failed:
  l->linenum = 2 / 0x2
expected->l.linenum = 4 / 0x4

I suspect this also affects compilation with OpenSSL 1.0 without
--without-openssl. If so, I hope someone else will fix it for me.

In case of objections, these patches are sorted in order of increasing
ugliness/invasiveness. Patch 1 can be applied by itself, and patch 2
requires only patch 1, but patches 3 and 4 logically require each other
(patch 3 is useless without patch 4). Patches 1 and 2 should not affect
compilation with OpenSSL 1.0 or LibreSSL, but as stated above, patch 4
probably breaks it.

Alex Xu (4):
  Fix --without-openssl with OpenSSL 1.1
  Fix --without-openssl without OpenSSL installed
  Regenerate testdata to aes-256-ctr
  Fix --without-openssl tests

 auth.h                                        |  3 +-
 authfd.h                                      |  2 -
 buffer.h                                      |  4 ++
 cipher.c                                      |  2 +
 cipher.h                                      |  3 ++
 dh.h                                          |  3 ++
 kex.h                                         |  8 ++-
 kexc25519.c                                   |  2 +
 monitor_wrap.h                                |  2 +
 myproposal.h                                  |  2 +-
 regress/unittests/bitmap/tests.c              | 33 +++++++++++-
 regress/unittests/hostkeys/test_iterate.c     | 22 ++++++++
 regress/unittests/kex/test_kex.c              |  6 +++
 .../sshbuf/test_sshbuf_getput_crypto.c        |  3 +-
 .../sshbuf/test_sshbuf_getput_fuzz.c          |  3 +-
 regress/unittests/sshbuf/tests.c              |  4 ++
 regress/unittests/sshkey/common.c             |  4 ++
 regress/unittests/sshkey/common.h             |  3 +-
 regress/unittests/sshkey/test_file.c          |  7 ++-
 regress/unittests/sshkey/test_fuzz.c          |  6 ++-
 regress/unittests/sshkey/test_sshkey.c        |  8 +++
 regress/unittests/sshkey/testdata/dsa_1       | 20 ++++----
 .../unittests/sshkey/testdata/dsa_1-cert.fp   |  2 +-
 .../unittests/sshkey/testdata/dsa_1-cert.pub  |  2 +-
 regress/unittests/sshkey/testdata/dsa_1.fp    |  2 +-
 regress/unittests/sshkey/testdata/dsa_1.fp.bb |  2 +-
 .../unittests/sshkey/testdata/dsa_1.param.g   |  2 +-
 .../sshkey/testdata/dsa_1.param.priv          |  2 +-
 .../unittests/sshkey/testdata/dsa_1.param.pub |  2 +-
 regress/unittests/sshkey/testdata/dsa_1.pub   |  2 +-
 regress/unittests/sshkey/testdata/dsa_1_pw    | 22 ++++----
 regress/unittests/sshkey/testdata/dsa_2       | 20 ++++----
 regress/unittests/sshkey/testdata/dsa_2.fp    |  2 +-
 regress/unittests/sshkey/testdata/dsa_2.fp.bb |  2 +-
 regress/unittests/sshkey/testdata/dsa_2.pub   |  2 +-
 regress/unittests/sshkey/testdata/dsa_n       | 20 ++++----
 regress/unittests/sshkey/testdata/dsa_n_pw    | 38 +++++++-------
 regress/unittests/sshkey/testdata/ecdsa_1     |  6 +--
 .../unittests/sshkey/testdata/ecdsa_1-cert.fp |  2 +-
 .../sshkey/testdata/ecdsa_1-cert.pub          |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_1.fp  |  2 +-
 .../unittests/sshkey/testdata/ecdsa_1.fp.bb   |  2 +-
 .../sshkey/testdata/ecdsa_1.param.priv        |  2 +-
 .../sshkey/testdata/ecdsa_1.param.pub         |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_1.pub |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_1_pw  |  8 +--
 regress/unittests/sshkey/testdata/ecdsa_2     | 10 ++--
 regress/unittests/sshkey/testdata/ecdsa_2.fp  |  2 +-
 .../unittests/sshkey/testdata/ecdsa_2.fp.bb   |  2 +-
 .../sshkey/testdata/ecdsa_2.param.priv        |  2 +-
 .../sshkey/testdata/ecdsa_2.param.pub         |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_2.pub |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_n     |  6 +--
 regress/unittests/sshkey/testdata/ecdsa_n_pw  | 14 +++---
 regress/unittests/sshkey/testdata/ed25519_1   |  8 +--
 .../sshkey/testdata/ed25519_1-cert.fp         |  2 +-
 .../sshkey/testdata/ed25519_1-cert.pub        |  2 +-
 .../unittests/sshkey/testdata/ed25519_1.fp    |  2 +-
 .../unittests/sshkey/testdata/ed25519_1.fp.bb |  2 +-
 .../unittests/sshkey/testdata/ed25519_1.pub   |  2 +-
 .../unittests/sshkey/testdata/ed25519_1_pw    | 12 ++---
 regress/unittests/sshkey/testdata/ed25519_2   |  8 +--
 .../unittests/sshkey/testdata/ed25519_2.fp    |  2 +-
 .../unittests/sshkey/testdata/ed25519_2.fp.bb |  2 +-
 .../unittests/sshkey/testdata/ed25519_2.pub   |  2 +-
 regress/unittests/sshkey/testdata/rsa1_1.fp   |  1 -
 .../unittests/sshkey/testdata/rsa1_1.fp.bb    |  1 -
 .../unittests/sshkey/testdata/rsa1_1.param.n  |  1 -
 regress/unittests/sshkey/testdata/rsa1_1.pub  |  1 -
 regress/unittests/sshkey/testdata/rsa1_2.fp   |  1 -
 .../unittests/sshkey/testdata/rsa1_2.fp.bb    |  1 -
 .../unittests/sshkey/testdata/rsa1_2.param.n  |  1 -
 regress/unittests/sshkey/testdata/rsa1_2.pub  |  1 -
 regress/unittests/sshkey/testdata/rsa_1       | 26 +++++-----
 .../unittests/sshkey/testdata/rsa_1-cert.fp   |  2 +-
 .../unittests/sshkey/testdata/rsa_1-cert.pub  |  2 +-
 regress/unittests/sshkey/testdata/rsa_1.fp    |  2 +-
 regress/unittests/sshkey/testdata/rsa_1.fp.bb |  2 +-
 .../unittests/sshkey/testdata/rsa_1.param.n   |  2 +-
 .../unittests/sshkey/testdata/rsa_1.param.p   |  2 +-
 .../unittests/sshkey/testdata/rsa_1.param.q   |  2 +-
 regress/unittests/sshkey/testdata/rsa_1.pub   |  2 +-
 regress/unittests/sshkey/testdata/rsa_1_pw    | 28 +++++------
 regress/unittests/sshkey/testdata/rsa_2       | 50 +++++++++----------
 regress/unittests/sshkey/testdata/rsa_2.fp    |  2 +-
 regress/unittests/sshkey/testdata/rsa_2.fp.bb |  2 +-
 .../unittests/sshkey/testdata/rsa_2.param.n   |  2 +-
 .../unittests/sshkey/testdata/rsa_2.param.p   |  2 +-
 .../unittests/sshkey/testdata/rsa_2.param.q   |  2 +-
 regress/unittests/sshkey/testdata/rsa_2.pub   |  2 +-
 regress/unittests/sshkey/testdata/rsa_n       | 26 +++++-----
 regress/unittests/sshkey/testdata/rsa_n_pw    | 30 +++++------
 regress/unittests/sshkey/tests.c              |  4 ++
 regress/unittests/test_helper/test_helper.c   |  6 +++
 regress/unittests/test_helper/test_helper.h   | 12 +++++
 ssh-add.c                                     |  2 +
 ssh-keyscan.c                                 |  2 +
 ssh_api.c                                     |  4 ++
 sshbuf-getput-crypto.c                        |  3 +-
 99 files changed, 372 insertions(+), 241 deletions(-)
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.fp
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.fp.bb
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.param.n
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.pub
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.fp
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.fp.bb
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.param.n
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.pub

-- 
2.17.1



More information about the openssh-unix-dev mailing list