[PATCH 0/4] Fix --without-openssl

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

This patch set fixes various aspects of --without-openssl. It is
primarily intended to allow Gentoo users to install both OpenSSL 1.1 and
OpenSSH at the same time without using LibreSSL.

This patch set was tested with OpenSSL 1.1.0h and with firejail
--blacklist=/usr/include/openssl on Gentoo Linux. It was not tested with
OpenSSL 1.0 or without --without-openssl.

`make tests` passes except for test_hostkeys:

regress/unittests/hostkeys/test_iterate.c:108 test #1 "hostkeys_iterate all with key parse" - entry 2/27, file line 2
ASSERT_LONG LONG_EQ(l->linenum, expected->l.linenum) failed:
  l->linenum = 2 / 0x2
expected->l.linenum = 4 / 0x4

I suspect this also affects compilation with OpenSSL 1.0 without
--without-openssl. If so, I hope someone else will fix it for me.

In case of objections, these patches are sorted in order of increasing
ugliness/invasiveness. Patch 1 can be applied by itself, and patch 2
requires only patch 1, but patches 3 and 4 logically require each other
(patch 3 is useless without patch 4). Patches 1 and 2 should not affect
compilation with OpenSSL 1.0 or LibreSSL, but as stated above, patch 4
probably breaks it.

Alex Xu (4):
  Fix --without-openssl with OpenSSL 1.1
  Fix --without-openssl without OpenSSL installed
  Regenerate testdata to aes-256-ctr
  Fix --without-openssl tests

 auth.h                                        |  3 +-
 authfd.h                                      |  2 -
 buffer.h                                      |  4 ++
 cipher.c                                      |  2 +
 cipher.h                                      |  3 ++
 dh.h                                          |  3 ++
 kex.h                                         |  8 ++-
 kexc25519.c                                   |  2 +
 monitor_wrap.h                                |  2 +
 myproposal.h                                  |  2 +-
 regress/unittests/bitmap/tests.c              | 33 +++++++++++-
 regress/unittests/hostkeys/test_iterate.c     | 22 ++++++++
 regress/unittests/kex/test_kex.c              |  6 +++
 .../sshbuf/test_sshbuf_getput_crypto.c        |  3 +-
 .../sshbuf/test_sshbuf_getput_fuzz.c          |  3 +-
 regress/unittests/sshbuf/tests.c              |  4 ++
 regress/unittests/sshkey/common.c             |  4 ++
 regress/unittests/sshkey/common.h             |  3 +-
 regress/unittests/sshkey/test_file.c          |  7 ++-
 regress/unittests/sshkey/test_fuzz.c          |  6 ++-
 regress/unittests/sshkey/test_sshkey.c        |  8 +++
 regress/unittests/sshkey/testdata/dsa_1       | 20 ++++----
 .../unittests/sshkey/testdata/dsa_1-cert.fp   |  2 +-
 .../unittests/sshkey/testdata/dsa_1-cert.pub  |  2 +-
 regress/unittests/sshkey/testdata/dsa_1.fp    |  2 +-
 regress/unittests/sshkey/testdata/dsa_1.fp.bb |  2 +-
 .../unittests/sshkey/testdata/dsa_1.param.g   |  2 +-
 .../sshkey/testdata/dsa_1.param.priv          |  2 +-
 .../unittests/sshkey/testdata/dsa_1.param.pub |  2 +-
 regress/unittests/sshkey/testdata/dsa_1.pub   |  2 +-
 regress/unittests/sshkey/testdata/dsa_1_pw    | 22 ++++----
 regress/unittests/sshkey/testdata/dsa_2       | 20 ++++----
 regress/unittests/sshkey/testdata/dsa_2.fp    |  2 +-
 regress/unittests/sshkey/testdata/dsa_2.fp.bb |  2 +-
 regress/unittests/sshkey/testdata/dsa_2.pub   |  2 +-
 regress/unittests/sshkey/testdata/dsa_n       | 20 ++++----
 regress/unittests/sshkey/testdata/dsa_n_pw    | 38 +++++++-------
 regress/unittests/sshkey/testdata/ecdsa_1     |  6 +--
 .../unittests/sshkey/testdata/ecdsa_1-cert.fp |  2 +-
 .../sshkey/testdata/ecdsa_1-cert.pub          |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_1.fp  |  2 +-
 .../unittests/sshkey/testdata/ecdsa_1.fp.bb   |  2 +-
 .../sshkey/testdata/ecdsa_1.param.priv        |  2 +-
 .../sshkey/testdata/ecdsa_1.param.pub         |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_1.pub |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_1_pw  |  8 +--
 regress/unittests/sshkey/testdata/ecdsa_2     | 10 ++--
 regress/unittests/sshkey/testdata/ecdsa_2.fp  |  2 +-
 .../unittests/sshkey/testdata/ecdsa_2.fp.bb   |  2 +-
 .../sshkey/testdata/ecdsa_2.param.priv        |  2 +-
 .../sshkey/testdata/ecdsa_2.param.pub         |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_2.pub |  2 +-
 regress/unittests/sshkey/testdata/ecdsa_n     |  6 +--
 regress/unittests/sshkey/testdata/ecdsa_n_pw  | 14 +++---
 regress/unittests/sshkey/testdata/ed25519_1   |  8 +--
 .../sshkey/testdata/ed25519_1-cert.fp         |  2 +-
 .../sshkey/testdata/ed25519_1-cert.pub        |  2 +-
 .../unittests/sshkey/testdata/ed25519_1.fp    |  2 +-
 .../unittests/sshkey/testdata/ed25519_1.fp.bb |  2 +-
 .../unittests/sshkey/testdata/ed25519_1.pub   |  2 +-
 .../unittests/sshkey/testdata/ed25519_1_pw    | 12 ++---
 regress/unittests/sshkey/testdata/ed25519_2   |  8 +--
 .../unittests/sshkey/testdata/ed25519_2.fp    |  2 +-
 .../unittests/sshkey/testdata/ed25519_2.fp.bb |  2 +-
 .../unittests/sshkey/testdata/ed25519_2.pub   |  2 +-
 regress/unittests/sshkey/testdata/rsa1_1.fp   |  1 -
 .../unittests/sshkey/testdata/rsa1_1.fp.bb    |  1 -
 .../unittests/sshkey/testdata/rsa1_1.param.n  |  1 -
 regress/unittests/sshkey/testdata/rsa1_1.pub  |  1 -
 regress/unittests/sshkey/testdata/rsa1_2.fp   |  1 -
 .../unittests/sshkey/testdata/rsa1_2.fp.bb    |  1 -
 .../unittests/sshkey/testdata/rsa1_2.param.n  |  1 -
 regress/unittests/sshkey/testdata/rsa1_2.pub  |  1 -
 regress/unittests/sshkey/testdata/rsa_1       | 26 +++++-----
 .../unittests/sshkey/testdata/rsa_1-cert.fp   |  2 +-
 .../unittests/sshkey/testdata/rsa_1-cert.pub  |  2 +-
 regress/unittests/sshkey/testdata/rsa_1.fp    |  2 +-
 regress/unittests/sshkey/testdata/rsa_1.fp.bb |  2 +-
 .../unittests/sshkey/testdata/rsa_1.param.n   |  2 +-
 .../unittests/sshkey/testdata/rsa_1.param.p   |  2 +-
 .../unittests/sshkey/testdata/rsa_1.param.q   |  2 +-
 regress/unittests/sshkey/testdata/rsa_1.pub   |  2 +-
 regress/unittests/sshkey/testdata/rsa_1_pw    | 28 +++++------
 regress/unittests/sshkey/testdata/rsa_2       | 50 +++++++++----------
 regress/unittests/sshkey/testdata/rsa_2.fp    |  2 +-
 regress/unittests/sshkey/testdata/rsa_2.fp.bb |  2 +-
 .../unittests/sshkey/testdata/rsa_2.param.n   |  2 +-
 .../unittests/sshkey/testdata/rsa_2.param.p   |  2 +-
 .../unittests/sshkey/testdata/rsa_2.param.q   |  2 +-
 regress/unittests/sshkey/testdata/rsa_2.pub   |  2 +-
 regress/unittests/sshkey/testdata/rsa_n       | 26 +++++-----
 regress/unittests/sshkey/testdata/rsa_n_pw    | 30 +++++------
 regress/unittests/sshkey/tests.c              |  4 ++
 regress/unittests/test_helper/test_helper.c   |  6 +++
 regress/unittests/test_helper/test_helper.h   | 12 +++++
 ssh-add.c                                     |  2 +
 ssh-keyscan.c                                 |  2 +
 ssh_api.c                                     |  4 ++
 sshbuf-getput-crypto.c                        |  3 +-
 99 files changed, 372 insertions(+), 241 deletions(-)
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.fp
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.fp.bb
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.param.n
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_1.pub
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.fp
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.fp.bb
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.param.n
 delete mode 100644 regress/unittests/sshkey/testdata/rsa1_2.pub

-- 
2.17.1

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux