On Tue, 23 Jun 2015, Jakub Jelen wrote: > > On 05/29/2015 09:12 AM, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > Tested basic configuration on Fedora 22. With default configuration I ran in > few problems: > ~ root login > ~ can be there some test if you are running as root and if you are, add > this configuration option? Or > ~ warnings about missing moduli > ~ WARNING: /usr/local/etc/moduli does not exist, using fixed modulus > ~ the path is compiled in so no way to expect it somewhere else than it is > configured > > Maybe it would be useful to update README.regress with such know issues. At > least these two issues seems to be pretty common recently. > > > With normal user, sudo and our configuration all tests went well. > > Experimental build without openssl (regardless other config options) fails > early during linking of test suite: We've not really tried to make the unit/regress tests work without OpenSSL. Here's a first attempt at the unit tests: diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c index 23025f9..2271e94 100644 --- a/regress/unittests/bitmap/tests.c +++ b/regress/unittests/bitmap/tests.c @@ -27,6 +27,7 @@ void tests(void) { +#ifdef WITH_OPENSSL struct bitmap *b; BIGNUM *bn; size_t len; @@ -131,5 +132,6 @@ tests(void) bitmap_free(b); BN_free(bn); TEST_DONE(); +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 2eaaf06..da0e353 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx) #ifndef WITH_SSH1 if (parse_key && (expected->l.keytype == KEY_RSA1 || - expected->no_parse_keytype == KEY_RSA1)) { + expected->no_parse_keytype == KEY_RSA1)) { expected_status = HKF_STATUS_INVALID; expected_keytype = KEY_UNSPEC; parse_key = 0; } #endif +#ifndef WITH_OPENSSL + if (expected->l.keytype == KEY_RSA || + expected->no_parse_keytype == KEY_RSA || + expected->l.keytype == KEY_DSA || + expected->no_parse_keytype == KEY_DSA) { + expected_status = HKF_STATUS_INVALID; + expected_keytype = KEY_UNSPEC; + parse_key = 0; + } +#endif /* WITH_OPENSSL */ #ifndef OPENSSL_HAS_ECC if (expected->l.keytype == KEY_ECDSA || expected->no_parse_keytype == KEY_ECDSA) { @@ -105,7 +115,7 @@ check(struct hostkey_foreach_line *l, void *_ctx) expected_keytype = KEY_UNSPEC; parse_key = 0; } -#endif +#endif /* OPENSSL_HAS_ECC */ UPDATE_MATCH_STATUS(match_host_p); UPDATE_MATCH_STATUS(match_host_s); @@ -154,10 +164,15 @@ prepare_expected(struct expected *expected, size_t n) if (expected[i].l.keytype == KEY_RSA1) continue; #endif +#ifndef WITH_OPENSSL + if (expected[i].l.keytype == KEY_RSA || + expected[i].l.keytype == KEY_DSA) + continue; #ifndef OPENSSL_HAS_ECC if (expected[i].l.keytype == KEY_ECDSA) continue; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; #ifdef OPENSSL_HAS_ECC server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; server2->kex->load_host_public_key = server->kex->load_host_public_key; server2->kex->load_host_private_key = server->kex->load_host_private_key; @@ -173,11 +176,13 @@ do_kex_with_key(char *kex, int keytype, int bits) static void do_kex(char *kex) { +#ifdef WITH_OPENSSL do_kex_with_key(kex, KEY_RSA, 2048); do_kex_with_key(kex, KEY_DSA, 1024); #ifdef OPENSSL_HAS_ECC do_kex_with_key(kex, KEY_ECDSA, 256); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ do_kex_with_key(kex, KEY_ED25519, 256); } @@ -185,13 +190,15 @@ void kex_tests(void) { do_kex("curve25519-sha256@xxxxxxxxxx"); +#ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC do_kex("ecdh-sha2-nistp256"); do_kex("ecdh-sha2-nistp384"); do_kex("ecdh-sha2-nistp521"); -#endif +#endif /* OPENSSL_HAS_ECC */ do_kex("diffie-hellman-group-exchange-sha256"); do_kex("diffie-hellman-group-exchange-sha1"); do_kex("diffie-hellman-group14-sha1"); do_kex("diffie-hellman-group1-sha1"); +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c index a68e132..0b50bd3 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c @@ -31,6 +31,7 @@ void sshbuf_getput_crypto_tests(void); void sshbuf_getput_crypto_tests(void) { +#ifdef WITH_OPENSSL struct sshbuf *p1; BIGNUM *bn, *bn2; /* This one has num_bits != num_bytes * 8 to test bignum1 encoding */ @@ -404,6 +405,7 @@ sshbuf_getput_crypto_tests(void) BN_free(bn); BN_free(bn2); TEST_DONE(); -#endif +#endif /* defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) */ +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c index c6b5c29..ed605ce 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c @@ -32,7 +32,9 @@ static void attempt_parse_blob(u_char *blob, size_t len) { struct sshbuf *p1; +#ifdef WITH_OPENSSL BIGNUM *bn; +#endif #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) EC_KEY *eck; #endif @@ -54,12 +56,14 @@ attempt_parse_blob(u_char *blob, size_t len) bzero(s, l); free(s); } +#ifdef WITH_OPENSSL bn = BN_new(); sshbuf_get_bignum1(p1, bn); BN_clear_free(bn); bn = BN_new(); sshbuf_get_bignum2(p1, bn); BN_clear_free(bn); +#endif #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ASSERT_PTR_NE(eck, NULL); diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c index b598f05..7deacf9 100644 --- a/regress/unittests/sshkey/common.c +++ b/regress/unittests/sshkey/common.c @@ -70,6 +70,7 @@ load_text_file(const char *name) return ret; } +#ifdef WITH_OPENSSL BIGNUM * load_bignum(const char *name) { @@ -81,4 +82,5 @@ load_bignum(const char *name) sshbuf_free(buf); return ret; } +#endif /* WITH_OPENSSL */ diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index fa95212..452ab6e 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -44,8 +44,10 @@ sshkey_file_tests(void) { struct sshkey *k1, *k2; struct sshbuf *buf, *pw; - BIGNUM *a, *b, *c; char *cp; +#ifdef WITH_OPENSSL + BIGNUM *a, *b, *c; +#endif TEST_START("load passphrase"); pw = load_text_file("pw"); @@ -102,6 +104,7 @@ sshkey_file_tests(void) sshkey_free(k1); #endif +#ifdef WITH_OPENSSL TEST_START("parse RSA from private"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", @@ -388,6 +391,7 @@ sshkey_file_tests(void) sshkey_free(k1); #endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("parse Ed25519 from private"); buf = load_file("ed25519_1"); @@ -399,6 +403,7 @@ sshkey_file_tests(void) /* XXX check key contents */ TEST_DONE(); +#ifdef WITH_OPENSSL /* XXX ed25519_1_pw is encrypted with aes256-cbc */ TEST_START("parse Ed25519 from private w/ passphrase"); buf = load_file("ed25519_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, @@ -408,6 +413,7 @@ sshkey_file_tests(void) ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); +#endif TEST_START("load Ed25519 from public"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 1f08a2e..4fc6584 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -150,6 +150,7 @@ sshkey_fuzz_tests(void) TEST_DONE(); #endif +#ifdef WITH_OPENSSL TEST_START("fuzz RSA private"); buf = load_file("rsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), @@ -282,7 +283,8 @@ sshkey_fuzz_tests(void) sshbuf_free(fuzzed); fuzz_cleanup(fuzz); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("fuzz Ed25519 private"); buf = load_file("ed25519_1"); @@ -306,6 +308,7 @@ sshkey_fuzz_tests(void) fuzz_cleanup(fuzz); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("fuzz RSA public"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", @@ -351,7 +354,8 @@ sshkey_fuzz_tests(void) public_fuzz(k1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("fuzz Ed25519 public"); buf = load_file("ed25519_1"); @@ -368,6 +372,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("fuzz RSA sig"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", @@ -395,7 +400,8 @@ sshkey_fuzz_tests(void) sig_fuzz(k1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("fuzz Ed25519 sig"); buf = load_file("ed25519_1"); diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 4453a85..d4a3dee 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -50,6 +50,7 @@ put_opt(struct sshbuf *b, const char *name, const char *value) sshbuf_free(sect); } +#ifdef WITH_OPENSSL static void build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, const struct sshkey *sign_key, const struct sshkey *ca_key) @@ -109,6 +110,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, sshbuf_free(principals); sshbuf_free(pk); } +#endif /* WITH_OPENSSL */ static void signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) @@ -174,7 +176,10 @@ get_private(const char *n) void sshkey_tests(void) { - struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf; + struct sshkey *k1, *k2, *k3, *kf; +#ifdef WITH_OPENSSL + struct sshkey *k4, *kr, *kd; +#endif #ifdef OPENSSL_HAS_ECC struct sshkey *ke; #endif @@ -191,6 +196,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("new/free KEY_RSA1"); k1 = sshkey_new(KEY_RSA1); ASSERT_PTR_NE(k1, NULL); @@ -227,7 +233,8 @@ sshkey_tests(void) ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */ sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("new/free KEY_ED25519"); k1 = sshkey_new(KEY_ED25519); @@ -238,6 +245,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("new_private KEY_RSA"); k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); @@ -313,7 +321,8 @@ sshkey_tests(void) ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL); ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("generate KEY_ED25519"); ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0); @@ -323,6 +332,7 @@ sshkey_tests(void) ASSERT_PTR_NE(kf->ed25519_sk, NULL); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("demote KEY_RSA"); ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); ASSERT_PTR_NE(k1, NULL); @@ -370,7 +380,8 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(ke, k1), 1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("demote KEY_ED25519"); ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0); @@ -386,6 +397,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("equal mismatched key types"); ASSERT_INT_EQ(sshkey_equal(kd, kr), 0); #ifdef OPENSSL_HAS_ECC @@ -412,13 +424,16 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(kf, k1), 0); sshkey_free(k1); TEST_DONE(); +#endif /* WITH_OPENSSL */ +#ifdef WITH_OPENSSL sshkey_free(kr); sshkey_free(kd); #ifdef OPENSSL_HAS_ECC sshkey_free(ke); #endif sshkey_free(kf); +#endif /* WITH_OPENSSL */ TEST_START("certify key"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), @@ -463,6 +478,7 @@ sshkey_tests(void) sshbuf_reset(b); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("sign and verify RSA"); k1 = get_private("rsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, @@ -490,7 +506,8 @@ sshkey_tests(void) sshkey_free(k1); sshkey_free(k2); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("sign and verify ED25519"); k1 = get_private("ed25519_1"); @@ -501,6 +518,7 @@ sshkey_tests(void) sshkey_free(k2); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("nested certificate"); ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0); ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, @@ -515,5 +533,5 @@ sshkey_tests(void) sshkey_free(k3); sshbuf_free(b); TEST_DONE(); - +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/sshkey/tests.c b/regress/unittests/sshkey/tests.c index 13f265c..b1baf12 100644 --- a/regress/unittests/sshkey/tests.c +++ b/regress/unittests/sshkey/tests.c @@ -18,8 +18,10 @@ void sshkey_fuzz_tests(void); void tests(void) { +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); ERR_load_CRYPTO_strings(); +#endif sshkey_tests(); sshkey_file_tests(); diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 26ca26b..8bd9e0f 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -248,6 +248,7 @@ test_subtest_info(const char *fmt, ...) va_end(ap); } +#ifdef WITH_OPENSSL void ssl_err_check(const char *file, int line) { @@ -260,6 +261,7 @@ ssl_err_check(const char *file, int line) file, line, ERR_error_string(openssl_error, NULL)); abort(); } +#endif static const char * pred_name(enum test_predicate p) @@ -302,6 +304,7 @@ test_header(const char *file, int line, const char *a1, const char *a2, a2 != NULL ? ", " : "", a2 != NULL ? a2 : ""); } +#ifdef WITH_OPENSSL void assert_bignum(const char *file, int line, const char *a1, const char *a2, const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred) @@ -314,6 +317,7 @@ assert_bignum(const char *file, int line, const char *a1, const char *a2, fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2)); test_die(); } +#endif void assert_string(const char *file, int line, const char *a1, const char *a2, _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev