Re: Call for testing: OpenSSH 6.9

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 23 Jun 2015, Jakub Jelen wrote:

> 
> On 05/29/2015 09:12 AM, Damien Miller wrote:
> > Hi,
> > 
> > OpenSSH 6.9 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This release contains
> > some substantial new features and a number of bugfixes.
> Tested basic configuration on Fedora 22. With default configuration I ran in
> few problems:
>  ~ root login
>     ~ can be there some test if you are running as root and if you are, add
> this configuration option? Or
>  ~ warnings about missing moduli
>     ~ WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
>     ~ the path is compiled in so no way to expect it somewhere else than it is
> configured
> 
> Maybe it would be useful to update README.regress with such know issues. At
> least these two issues seems to be pretty common recently.
> 
> 
> With normal user, sudo and our configuration all tests went well.
> 
> Experimental build without openssl (regardless other config options) fails
> early during linking of test suite:

We've not really tried to make the unit/regress tests work without OpenSSL.
Here's a first attempt at the unit tests:


diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c
index 23025f9..2271e94 100644
--- a/regress/unittests/bitmap/tests.c
+++ b/regress/unittests/bitmap/tests.c
@@ -27,6 +27,7 @@
 void
 tests(void)
 {
+#ifdef WITH_OPENSSL
 	struct bitmap *b;
 	BIGNUM *bn;
 	size_t len;
@@ -131,5 +132,6 @@ tests(void)
 	bitmap_free(b);
 	BN_free(bn);
 	TEST_DONE();
+#endif /* WITH_OPENSSL */
 }
 
diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 2eaaf06..da0e353 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx)
 
 #ifndef WITH_SSH1
 	if (parse_key && (expected->l.keytype == KEY_RSA1 ||
-	    expected->no_parse_keytype == KEY_RSA1)) {
+	    expected->no_parse_keytype == KEY_RSA1))  {
 		expected_status = HKF_STATUS_INVALID;
 		expected_keytype = KEY_UNSPEC;
 		parse_key = 0;
 	}
 #endif
+#ifndef WITH_OPENSSL
+	if (expected->l.keytype == KEY_RSA ||
+	    expected->no_parse_keytype == KEY_RSA ||
+	    expected->l.keytype == KEY_DSA ||
+	    expected->no_parse_keytype == KEY_DSA)  {
+		expected_status = HKF_STATUS_INVALID;
+		expected_keytype = KEY_UNSPEC;
+		parse_key = 0;
+	}
+#endif /* WITH_OPENSSL */
 #ifndef OPENSSL_HAS_ECC
 	if (expected->l.keytype == KEY_ECDSA ||
 	    expected->no_parse_keytype == KEY_ECDSA) {
@@ -105,7 +115,7 @@ check(struct hostkey_foreach_line *l, void *_ctx)
 		expected_keytype = KEY_UNSPEC;
 		parse_key = 0;
 	}
-#endif
+#endif /* OPENSSL_HAS_ECC */
 
 	UPDATE_MATCH_STATUS(match_host_p);
 	UPDATE_MATCH_STATUS(match_host_s);
@@ -154,10 +164,15 @@ prepare_expected(struct expected *expected, size_t n)
 		if (expected[i].l.keytype == KEY_RSA1)
 			continue;
 #endif
+#ifndef WITH_OPENSSL
+		if (expected[i].l.keytype == KEY_RSA ||
+		    expected[i].l.keytype == KEY_DSA)
+			continue;
 #ifndef OPENSSL_HAS_ECC
 		if (expected[i].l.keytype == KEY_ECDSA)
 			continue;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 		ASSERT_INT_EQ(sshkey_load_public(
 		    test_data_file(expected[i].key_file), &expected[i].l.key,
 		    NULL), 0);
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index c61e2bd..cf35f09 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits)
 	sshbuf_free(state);
 	ASSERT_PTR_NE(server2->kex, NULL);
 	/* XXX we need to set the callbacks */
+#ifdef WITH_OPENSSL
 	server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
 	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 #ifdef OPENSSL_HAS_ECC
 	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
+
 	server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
@@ -173,11 +176,13 @@ do_kex_with_key(char *kex, int keytype, int bits)
 static void
 do_kex(char *kex)
 {
+#ifdef WITH_OPENSSL
 	do_kex_with_key(kex, KEY_RSA, 2048);
 	do_kex_with_key(kex, KEY_DSA, 1024);
 #ifdef OPENSSL_HAS_ECC
 	do_kex_with_key(kex, KEY_ECDSA, 256);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 	do_kex_with_key(kex, KEY_ED25519, 256);
 }
 
@@ -185,13 +190,15 @@ void
 kex_tests(void)
 {
 	do_kex("curve25519-sha256@xxxxxxxxxx");
+#ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	do_kex("ecdh-sha2-nistp256");
 	do_kex("ecdh-sha2-nistp384");
 	do_kex("ecdh-sha2-nistp521");
-#endif
+#endif /* OPENSSL_HAS_ECC */
 	do_kex("diffie-hellman-group-exchange-sha256");
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
 	do_kex("diffie-hellman-group1-sha1");
+#endif /* WITH_OPENSSL */
 }
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
index a68e132..0b50bd3 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
@@ -31,6 +31,7 @@ void sshbuf_getput_crypto_tests(void);
 void
 sshbuf_getput_crypto_tests(void)
 {
+#ifdef WITH_OPENSSL
 	struct sshbuf *p1;
 	BIGNUM *bn, *bn2;
 	/* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
@@ -404,6 +405,7 @@ sshbuf_getput_crypto_tests(void)
 	BN_free(bn);
 	BN_free(bn2);
 	TEST_DONE();
-#endif
+#endif /* defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) */
+#endif /* WITH_OPENSSL */
 }
 
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
index c6b5c29..ed605ce 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
@@ -32,7 +32,9 @@ static void
 attempt_parse_blob(u_char *blob, size_t len)
 {
 	struct sshbuf *p1;
+#ifdef WITH_OPENSSL
 	BIGNUM *bn;
+#endif
 #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	EC_KEY *eck;
 #endif
@@ -54,12 +56,14 @@ attempt_parse_blob(u_char *blob, size_t len)
 		bzero(s, l);
 		free(s);
 	}
+#ifdef WITH_OPENSSL
 	bn = BN_new();
 	sshbuf_get_bignum1(p1, bn);
 	BN_clear_free(bn);
 	bn = BN_new();
 	sshbuf_get_bignum2(p1, bn);
 	BN_clear_free(bn);
+#endif
 #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 	ASSERT_PTR_NE(eck, NULL);
diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
index b598f05..7deacf9 100644
--- a/regress/unittests/sshkey/common.c
+++ b/regress/unittests/sshkey/common.c
@@ -70,6 +70,7 @@ load_text_file(const char *name)
 	return ret;
 }
 
+#ifdef WITH_OPENSSL
 BIGNUM *
 load_bignum(const char *name)
 {
@@ -81,4 +82,5 @@ load_bignum(const char *name)
 	sshbuf_free(buf);
 	return ret;
 }
+#endif /* WITH_OPENSSL */
 
diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
index fa95212..452ab6e 100644
--- a/regress/unittests/sshkey/test_file.c
+++ b/regress/unittests/sshkey/test_file.c
@@ -44,8 +44,10 @@ sshkey_file_tests(void)
 {
 	struct sshkey *k1, *k2;
 	struct sshbuf *buf, *pw;
-	BIGNUM *a, *b, *c;
 	char *cp;
+#ifdef WITH_OPENSSL
+	BIGNUM *a, *b, *c;
+#endif
 
 	TEST_START("load passphrase");
 	pw = load_text_file("pw");
@@ -102,6 +104,7 @@ sshkey_file_tests(void)
 	sshkey_free(k1);
 #endif
 
+#ifdef WITH_OPENSSL
 	TEST_START("parse RSA from private");
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",
@@ -388,6 +391,7 @@ sshkey_file_tests(void)
 
 	sshkey_free(k1);
 #endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("parse Ed25519 from private");
 	buf = load_file("ed25519_1");
@@ -399,6 +403,7 @@ sshkey_file_tests(void)
 	/* XXX check key contents */
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL /* XXX ed25519_1_pw is encrypted with aes256-cbc */
 	TEST_START("parse Ed25519 from private w/ passphrase");
 	buf = load_file("ed25519_1_pw");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
@@ -408,6 +413,7 @@ sshkey_file_tests(void)
 	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
 	sshkey_free(k2);
 	TEST_DONE();
+#endif
 
 	TEST_START("load Ed25519 from public");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index 1f08a2e..4fc6584 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -150,6 +150,7 @@ sshkey_fuzz_tests(void)
 	TEST_DONE();
 #endif
 
+#ifdef WITH_OPENSSL
 	TEST_START("fuzz RSA private");
 	buf = load_file("rsa_1");
 	fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
@@ -282,7 +283,8 @@ sshkey_fuzz_tests(void)
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("fuzz Ed25519 private");
 	buf = load_file("ed25519_1");
@@ -306,6 +308,7 @@ sshkey_fuzz_tests(void)
 	fuzz_cleanup(fuzz);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("fuzz RSA public");
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
@@ -351,7 +354,8 @@ sshkey_fuzz_tests(void)
 	public_fuzz(k1);
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("fuzz Ed25519 public");
 	buf = load_file("ed25519_1");
@@ -368,6 +372,7 @@ sshkey_fuzz_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("fuzz RSA sig");
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key",
@@ -395,7 +400,8 @@ sshkey_fuzz_tests(void)
 	sig_fuzz(k1);
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("fuzz Ed25519 sig");
 	buf = load_file("ed25519_1");
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 4453a85..d4a3dee 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -50,6 +50,7 @@ put_opt(struct sshbuf *b, const char *name, const char *value)
 	sshbuf_free(sect);
 }
 
+#ifdef WITH_OPENSSL
 static void
 build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
     const struct sshkey *sign_key, const struct sshkey *ca_key)
@@ -109,6 +110,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
 	sshbuf_free(principals);
 	sshbuf_free(pk);
 }
+#endif /* WITH_OPENSSL */
 
 static void
 signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l)
@@ -174,7 +176,10 @@ get_private(const char *n)
 void
 sshkey_tests(void)
 {
-	struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
+	struct sshkey *k1, *k2, *k3, *kf;
+#ifdef WITH_OPENSSL
+	struct sshkey *k4, *kr, *kd;
+#endif
 #ifdef OPENSSL_HAS_ECC
 	struct sshkey *ke;
 #endif
@@ -191,6 +196,7 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("new/free KEY_RSA1");
 	k1 = sshkey_new(KEY_RSA1);
 	ASSERT_PTR_NE(k1, NULL);
@@ -227,7 +233,8 @@ sshkey_tests(void)
 	ASSERT_PTR_EQ(k1->ecdsa, NULL);  /* Can't allocate without NID */
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("new/free KEY_ED25519");
 	k1 = sshkey_new(KEY_ED25519);
@@ -238,6 +245,7 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("new_private KEY_RSA");
 	k1 = sshkey_new_private(KEY_RSA);
 	ASSERT_PTR_NE(k1, NULL);
@@ -313,7 +321,8 @@ sshkey_tests(void)
 	ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
 	ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("generate KEY_ED25519");
 	ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
@@ -323,6 +332,7 @@ sshkey_tests(void)
 	ASSERT_PTR_NE(kf->ed25519_sk, NULL);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("demote KEY_RSA");
 	ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0);
 	ASSERT_PTR_NE(k1, NULL);
@@ -370,7 +380,8 @@ sshkey_tests(void)
 	ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("demote KEY_ED25519");
 	ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0);
@@ -386,6 +397,7 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("equal mismatched key types");
 	ASSERT_INT_EQ(sshkey_equal(kd, kr), 0);
 #ifdef OPENSSL_HAS_ECC
@@ -412,13 +424,16 @@ sshkey_tests(void)
 	ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
 	sshkey_free(k1);
 	TEST_DONE();
+#endif /* WITH_OPENSSL */
 
+#ifdef WITH_OPENSSL
 	sshkey_free(kr);
 	sshkey_free(kd);
 #ifdef OPENSSL_HAS_ECC
 	sshkey_free(ke);
 #endif
 	sshkey_free(kf);
+#endif /* WITH_OPENSSL */
 
 	TEST_START("certify key");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"),
@@ -463,6 +478,7 @@ sshkey_tests(void)
 	sshbuf_reset(b);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("sign and verify RSA");
 	k1 = get_private("rsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
@@ -490,7 +506,8 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("sign and verify ED25519");
 	k1 = get_private("ed25519_1");
@@ -501,6 +518,7 @@ sshkey_tests(void)
 	sshkey_free(k2);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("nested certificate");
 	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
@@ -515,5 +533,5 @@ sshkey_tests(void)
 	sshkey_free(k3);
 	sshbuf_free(b);
 	TEST_DONE();
-
+#endif /* WITH_OPENSSL */
 }
diff --git a/regress/unittests/sshkey/tests.c b/regress/unittests/sshkey/tests.c
index 13f265c..b1baf12 100644
--- a/regress/unittests/sshkey/tests.c
+++ b/regress/unittests/sshkey/tests.c
@@ -18,8 +18,10 @@ void sshkey_fuzz_tests(void);
 void
 tests(void)
 {
+#ifdef WITH_OPENSSL
 	OpenSSL_add_all_algorithms();
 	ERR_load_CRYPTO_strings();
+#endif
 
 	sshkey_tests();
 	sshkey_file_tests();
diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
index 26ca26b..8bd9e0f 100644
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@@ -248,6 +248,7 @@ test_subtest_info(const char *fmt, ...)
 	va_end(ap);
 }
 
+#ifdef WITH_OPENSSL
 void
 ssl_err_check(const char *file, int line)
 {
@@ -260,6 +261,7 @@ ssl_err_check(const char *file, int line)
 	    file, line, ERR_error_string(openssl_error, NULL));
 	abort();
 }
+#endif
 
 static const char *
 pred_name(enum test_predicate p)
@@ -302,6 +304,7 @@ test_header(const char *file, int line, const char *a1, const char *a2,
 	    a2 != NULL ? ", " : "", a2 != NULL ? a2 : "");
 }
 
+#ifdef WITH_OPENSSL
 void
 assert_bignum(const char *file, int line, const char *a1, const char *a2,
     const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred)
@@ -314,6 +317,7 @@ assert_bignum(const char *file, int line, const char *a1, const char *a2,
 	fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2));
 	test_die();
 }
+#endif
 
 void
 assert_string(const char *file, int line, const char *a1, const char *a2,
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux