-# $OpenBSD: Makefile,v 1.131 2023/12/18 14:50:08 djm Exp $
+# $OpenBSD: Makefile,v 1.132 2024/01/11 01:45:58 djm Exp $
OPENSSL?= yes
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
t6:
- ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1
- ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2
- chmod 600 t6.out1
- ssh-keygen -yf t6.out1 | diff - t6.out2
+ set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
+ ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1 ; \
+ ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2 ; \
+ chmod 600 t6.out1 ; \
+ ssh-keygen -yf t6.out1 | diff - t6.out2 ; \
+ fi
t7.out:
- ssh-keygen -q -t rsa -N '' -f $@
+ set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
+ ssh-keygen -q -t rsa -N '' -f $@ ; \
+ fi
t7: t7.out
ssh-keygen -lf t7.out > /dev/null
ssh-keygen -Bf t7.out > /dev/null
t8.out:
- ssh-keygen -q -t dsa -N '' -f $@
+ set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
+ ssh-keygen -q -t dsa -N '' -f $@ ; \
+ fi
t8: t8.out
- ssh-keygen -lf t8.out > /dev/null
- ssh-keygen -Bf t8.out > /dev/null
+ set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
+ ssh-keygen -lf t8.out > /dev/null ; \
+ ssh-keygen -Bf t8.out > /dev/null ; \
+ fi
t9.out:
ssh-keygen -q -t ecdsa -N '' -f $@
-# $OpenBSD: Makefile.inc,v 1.15 2023/09/24 08:14:13 claudio Exp $
+# $OpenBSD: Makefile.inc,v 1.16 2024/01/11 01:45:58 djm Exp $
.include <bsd.own.mk>
.include <bsd.obj.mk>
# XXX detect from ssh binary?
OPENSSL?= yes
+DSAKEY?= yes
+
+.if (${DSAKEY:L} == "yes")
+CFLAGS+= -DWITH_DSA
+.endif
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL
-/* $OpenBSD: test_iterate.c,v 1.8 2021/12/14 21:25:27 deraadt Exp $ */
+/* $OpenBSD: test_iterate.c,v 1.9 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test for hostfile.h hostkeys_foreach()
*
int parse_key = (ctx->flags & HKF_WANT_PARSE_KEY) != 0;
const int matching = (ctx->flags & HKF_WANT_MATCH) != 0;
u_int expected_status, expected_match;
- int expected_keytype;
+ int expected_keytype, skip = 0;
test_subtest_info("entry %zu/%zu, file line %ld",
ctx->i + 1, ctx->nexpected, l->linenum);
expected_keytype = (parse_key || expected->no_parse_keytype < 0) ?
expected->l.keytype : expected->no_parse_keytype;
+#ifndef WITH_DSA
+ if (expected->l.keytype == KEY_DSA ||
+ expected->no_parse_keytype == KEY_DSA)
+ skip = 1;
+#endif
+
+ if (skip) {
+ expected_status = HKF_STATUS_INVALID;
+ expected_keytype = KEY_UNSPEC;
+ parse_key = 0;
+ }
UPDATE_MATCH_STATUS(match_host_p);
UPDATE_MATCH_STATUS(match_host_s);
UPDATE_MATCH_STATUS(match_ipv4);
for (i = 0; i < n; i++) {
if (expected[i].key_file == NULL)
continue;
+#ifndef WITH_DSA
+ if (expected[i].l.keytype == KEY_DSA)
+ continue;
+#endif
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);
-/* $OpenBSD: test_kex.c,v 1.6 2021/12/14 21:25:27 deraadt Exp $ */
+/* $OpenBSD: test_kex.c,v 1.7 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test KEX
*
do_kex(char *kex)
{
do_kex_with_key(kex, KEY_RSA, 2048);
+#ifdef WITH_DSA
do_kex_with_key(kex, KEY_DSA, 1024);
+#endif
do_kex_with_key(kex, KEY_ECDSA, 256);
do_kex_with_key(kex, KEY_ED25519, 256);
}
-/* $OpenBSD: test_file.c,v 1.10 2021/12/14 21:25:27 deraadt Exp $ */
+/* $OpenBSD: test_file.c,v 1.11 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
sshkey_free(k1);
+#ifdef WITH_DSA
TEST_START("parse DSA from private");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
TEST_DONE();
sshkey_free(k1);
+#endif
TEST_START("parse ECDSA from private");
buf = load_file("ecdsa_1");
-/* $OpenBSD: test_fuzz.c,v 1.13 2021/12/14 21:25:27 deraadt Exp $ */
+/* $OpenBSD: test_fuzz.c,v 1.14 2024/01/11 01:45:58 djm Exp $ */
/*
* Fuzz tests for key parsing
*
fuzz_cleanup(fuzz);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("fuzz DSA private");
buf = load_file("dsa_1");
fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
sshbuf_free(fuzzed);
fuzz_cleanup(fuzz);
TEST_DONE();
+#endif
TEST_START("fuzz ECDSA private");
buf = load_file("ecdsa_1");
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("fuzz DSA public");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
public_fuzz(k1);
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("fuzz DSA sig");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
sig_fuzz(k1, NULL);
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("fuzz ECDSA sig");
buf = load_file("ecdsa_1");
-/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */
+/* $OpenBSD: test_sshkey.c,v 1.24 2024/01/11 01:45:58 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
void
sshkey_tests(void)
{
- struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf;
- struct sshbuf *b;
+ struct sshkey *k1 = NULL, *k2 = NULL, *k3 = NULL, *k4 = NULL;
+ struct sshkey *kr = NULL, *kd = NULL, *ke = NULL, *kf = NULL;
+ struct sshbuf *b = NULL;
TEST_START("new invalid");
k1 = sshkey_new(-42);
sshkey_free(k1);
TEST_DONE();
+#ifdef WiTH_DSA
TEST_START("new/free KEY_DSA");
k1 = sshkey_new(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("new/free KEY_ECDSA");
k1 = sshkey_new(KEY_ECDSA);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("generate KEY_DSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
SSH_ERR_KEY_LENGTH);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("generate KEY_DSA");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
ASSERT_PTR_NE(kd, NULL);
ASSERT_PTR_NE(dsa_g(kd), NULL);
ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
TEST_DONE();
+#endif
TEST_START("generate KEY_ECDSA");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
sshkey_free(k1);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("demote KEY_DSA");
ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
sshkey_free(k1);
TEST_DONE();
+#endif
TEST_START("demote KEY_ECDSA");
ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
sshkey_free(k1);
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0);
- ASSERT_INT_EQ(sshkey_equal(kd, k1), 0);
- sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("sign and verify DSA");
k1 = get_private("dsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
+#endif
TEST_START("sign and verify ECDSA");
k1 = get_private("ecdsa_1");
-/* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */
+/* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */
/*
* Regress test for sshbuf.h buffer API
*
check_sig("rsa.pub", "rsa.sig", msg, namespace);
TEST_DONE();
+#ifdef WITH_DSA
TEST_START("check DSA signature");
check_sig("dsa.pub", "dsa.sig", msg, namespace);
TEST_DONE();
+#endif
TEST_START("check ECDSA signature");
check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
projects / openbsd / commitdiff