summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kex.c4
-rw-r--r--regress/unittests/hostkeys/test_iterate.c25
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_crypto.c8
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c4
-rw-r--r--regress/unittests/sshkey/test_sshkey.c7
5 files changed, 27 insertions, 21 deletions
diff --git a/kex.c b/kex.c
index 2618e225d..8c2b00179 100644
--- a/kex.c
+++ b/kex.c
@@ -432,9 +432,11 @@ kex_free(struct kex *kex)
432#ifdef WITH_OPENSSL 432#ifdef WITH_OPENSSL
433 if (kex->dh) 433 if (kex->dh)
434 DH_free(kex->dh); 434 DH_free(kex->dh);
435#ifdef OPENSSL_HAS_ECC
435 if (kex->ec_client_key) 436 if (kex->ec_client_key)
436 EC_KEY_free(kex->ec_client_key); 437 EC_KEY_free(kex->ec_client_key);
437#endif 438#endif /* OPENSSL_HAS_ECC */
439#endif /* WITH_OPENSSL */
438 for (mode = 0; mode < MODE_MAX; mode++) { 440 for (mode = 0; mode < MODE_MAX; mode++) {
439 kex_free_newkeys(kex->newkeys[mode]); 441 kex_free_newkeys(kex->newkeys[mode]);
440 kex->newkeys[mode] = NULL; 442 kex->newkeys[mode] = NULL;
diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 7e5a13018..d81291b68 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -98,6 +98,15 @@ check(struct hostkey_foreach_line *l, void *_ctx)
98 parse_key = 0; 98 parse_key = 0;
99 } 99 }
100#endif 100#endif
101#ifndef OPENSSL_HAS_ECC
102 if (expected->l.keytype == KEY_ECDSA ||
103 expected->no_parse_keytype == KEY_ECDSA) {
104 expected_status = HKF_STATUS_INVALID;
105 expected_keytype = KEY_UNSPEC;
106 parse_key = 0;
107 }
108#endif
109
101 UPDATE_MATCH_STATUS(match_host_p); 110 UPDATE_MATCH_STATUS(match_host_p);
102 UPDATE_MATCH_STATUS(match_host_s); 111 UPDATE_MATCH_STATUS(match_host_s);
103 UPDATE_MATCH_STATUS(match_ipv4); 112 UPDATE_MATCH_STATUS(match_ipv4);
@@ -145,6 +154,10 @@ prepare_expected(struct expected *expected, size_t n)
145 if (expected[i].l.keytype == KEY_RSA1) 154 if (expected[i].l.keytype == KEY_RSA1)
146 continue; 155 continue;
147#endif 156#endif
157#ifndef OPENSSL_HAS_ECC
158 if (expected[i].l.keytype == KEY_ECDSA)
159 continue;
160#endif
148 ASSERT_INT_EQ(sshkey_load_public( 161 ASSERT_INT_EQ(sshkey_load_public(
149 test_data_file(expected[i].key_file), &expected[i].l.key, 162 test_data_file(expected[i].key_file), &expected[i].l.key,
150 NULL), 0); 163 NULL), 0);
@@ -178,7 +191,6 @@ struct expected expected_full[] = {
178 NULL, /* filled at runtime */ 191 NULL, /* filled at runtime */
179 "DSA #1", 192 "DSA #1",
180 } }, 193 } },
181#ifdef OPENSSL_HAS_ECC
182 { "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, { 194 { "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
183 NULL, 195 NULL,
184 3, 196 3,
@@ -192,7 +204,6 @@ struct expected expected_full[] = {
192 NULL, /* filled at runtime */ 204 NULL, /* filled at runtime */
193 "ECDSA #1", 205 "ECDSA #1",
194 } }, 206 } },
195#endif
196 { "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, { 207 { "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
197 NULL, 208 NULL,
198 4, 209 4,
@@ -271,7 +282,6 @@ struct expected expected_full[] = {
271 NULL, /* filled at runtime */ 282 NULL, /* filled at runtime */
272 "DSA #2", 283 "DSA #2",
273 } }, 284 } },
274#ifdef OPENSSL_HAS_ECC
275 { "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, { 285 { "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
276 NULL, 286 NULL,
277 10, 287 10,
@@ -285,7 +295,6 @@ struct expected expected_full[] = {
285 NULL, /* filled at runtime */ 295 NULL, /* filled at runtime */
286 "ECDSA #2", 296 "ECDSA #2",
287 } }, 297 } },
288#endif
289 { "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, { 298 { "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
290 NULL, 299 NULL,
291 11, 300 11,
@@ -364,7 +373,6 @@ struct expected expected_full[] = {
364 NULL, /* filled at runtime */ 373 NULL, /* filled at runtime */
365 "DSA #3", 374 "DSA #3",
366 } }, 375 } },
367#ifdef OPENSSL_HAS_ECC
368 { "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, { 376 { "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
369 NULL, 377 NULL,
370 17, 378 17,
@@ -378,7 +386,6 @@ struct expected expected_full[] = {
378 NULL, /* filled at runtime */ 386 NULL, /* filled at runtime */
379 "ECDSA #3", 387 "ECDSA #3",
380 } }, 388 } },
381#endif
382 { "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, { 389 { "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
383 NULL, 390 NULL,
384 18, 391 18,
@@ -457,7 +464,6 @@ struct expected expected_full[] = {
457 NULL, /* filled at runtime */ 464 NULL, /* filled at runtime */
458 "DSA #5", 465 "DSA #5",
459 } }, 466 } },
460#ifdef OPENSSL_HAS_ECC
461 { "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, { 467 { "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
462 NULL, 468 NULL,
463 24, 469 24,
@@ -471,7 +477,6 @@ struct expected expected_full[] = {
471 NULL, /* filled at runtime */ 477 NULL, /* filled at runtime */
472 "ECDSA #5", 478 "ECDSA #5",
473 } }, 479 } },
474#endif
475 { "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, { 480 { "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
476 NULL, 481 NULL,
477 25, 482 25,
@@ -568,7 +573,6 @@ struct expected expected_full[] = {
568 NULL, /* filled at runtime */ 573 NULL, /* filled at runtime */
569 "DSA #6", 574 "DSA #6",
570 } }, 575 } },
571#ifdef OPENSSL_HAS_ECC
572 { "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, { 576 { "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
573 NULL, 577 NULL,
574 32, 578 32,
@@ -608,7 +612,6 @@ struct expected expected_full[] = {
608 NULL, /* filled at runtime */ 612 NULL, /* filled at runtime */
609 "ECDSA #6", 613 "ECDSA #6",
610 } }, 614 } },
611#endif
612 { "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, { 615 { "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
613 NULL, 616 NULL,
614 35, 617 35,
@@ -791,7 +794,6 @@ struct expected expected_full[] = {
791 NULL, /* filled at runtime */ 794 NULL, /* filled at runtime */
792 "ED25519 #4", 795 "ED25519 #4",
793 } }, 796 } },
794#ifdef OPENSSL_HAS_ECC
795 { "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, { 797 { "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
796 NULL, 798 NULL,
797 49, 799 49,
@@ -805,7 +807,6 @@ struct expected expected_full[] = {
805 NULL, /* filled at runtime */ 807 NULL, /* filled at runtime */
806 "ECDSA #4", 808 "ECDSA #4",
807 } }, 809 } },
808#endif
809 { "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, { 810 { "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
810 NULL, 811 NULL,
811 50, 812 50,
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
index 0c4c71ecd..a68e1329e 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
@@ -32,8 +32,6 @@ void
32sshbuf_getput_crypto_tests(void) 32sshbuf_getput_crypto_tests(void)
33{ 33{
34 struct sshbuf *p1; 34 struct sshbuf *p1;
35 const u_char *d;
36 size_t s;
37 BIGNUM *bn, *bn2; 35 BIGNUM *bn, *bn2;
38 /* This one has num_bits != num_bytes * 8 to test bignum1 encoding */ 36 /* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
39 const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10"; 37 const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10";
@@ -48,7 +46,9 @@ sshbuf_getput_crypto_tests(void)
48 0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00, 46 0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00,
49 0x7f, 0xff, 0x11 47 0x7f, 0xff, 0x11
50 }; 48 };
51#ifdef OPENSSL_HAS_NISTP256 49#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
50 const u_char *d;
51 size_t s;
52 BIGNUM *bn_x, *bn_y; 52 BIGNUM *bn_x, *bn_y;
53 int ec256_nid = NID_X9_62_prime256v1; 53 int ec256_nid = NID_X9_62_prime256v1;
54 char *ec256_x = "0C828004839D0106AA59575216191357" 54 char *ec256_x = "0C828004839D0106AA59575216191357"
@@ -352,7 +352,7 @@ sshbuf_getput_crypto_tests(void)
352 sshbuf_free(p1); 352 sshbuf_free(p1);
353 TEST_DONE(); 353 TEST_DONE();
354 354
355#ifdef OPENSSL_HAS_NISTP256 355#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
356 TEST_START("sshbuf_put_ec"); 356 TEST_START("sshbuf_put_ec");
357 eck = EC_KEY_new_by_curve_name(ec256_nid); 357 eck = EC_KEY_new_by_curve_name(ec256_nid);
358 ASSERT_PTR_NE(eck, NULL); 358 ASSERT_PTR_NE(eck, NULL);
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
index 8c3269b13..c6b5c29d1 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
@@ -33,7 +33,7 @@ attempt_parse_blob(u_char *blob, size_t len)
33{ 33{
34 struct sshbuf *p1; 34 struct sshbuf *p1;
35 BIGNUM *bn; 35 BIGNUM *bn;
36#ifdef OPENSSL_HAS_NISTP256 36#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
37 EC_KEY *eck; 37 EC_KEY *eck;
38#endif 38#endif
39 u_char *s; 39 u_char *s;
@@ -60,7 +60,7 @@ attempt_parse_blob(u_char *blob, size_t len)
60 bn = BN_new(); 60 bn = BN_new();
61 sshbuf_get_bignum2(p1, bn); 61 sshbuf_get_bignum2(p1, bn);
62 BN_clear_free(bn); 62 BN_clear_free(bn);
63#ifdef OPENSSL_HAS_NISTP256 63#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
64 eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 64 eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
65 ASSERT_PTR_NE(eck, NULL); 65 ASSERT_PTR_NE(eck, NULL);
66 sshbuf_get_eckey(p1, eck); 66 sshbuf_get_eckey(p1, eck);
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index b233a254b..ad10c9be2 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -19,7 +19,7 @@
19#include <openssl/bn.h> 19#include <openssl/bn.h>
20#include <openssl/rsa.h> 20#include <openssl/rsa.h>
21#include <openssl/dsa.h> 21#include <openssl/dsa.h>
22#ifdef OPENSSL_HAS_NISTP256 22#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
23# include <openssl/ec.h> 23# include <openssl/ec.h>
24#endif 24#endif
25 25
@@ -174,7 +174,10 @@ get_private(const char *n)
174void 174void
175sshkey_tests(void) 175sshkey_tests(void)
176{ 176{
177 struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf; 177 struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
178#ifdef OPENSSL_HAS_ECC
179 struct sshkey *ke;
180#endif
178 struct sshbuf *b; 181 struct sshbuf *b;
179 182
180 TEST_START("new invalid"); 183 TEST_START("new invalid");