summaryrefslogtreecommitdiff
path: root/regress/krl.sh
diff options
context:
space:
mode:
Diffstat (limited to 'regress/krl.sh')
-rw-r--r--regress/krl.sh31
1 files changed, 19 insertions, 12 deletions
diff --git a/regress/krl.sh b/regress/krl.sh
index a70c79c66..e18d0ec7f 100644
--- a/regress/krl.sh
+++ b/regress/krl.sh
@@ -1,13 +1,18 @@
1# $OpenBSD: krl.sh,v 1.7 2018/09/12 01:23:48 djm Exp $ 1# $OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="key revocation lists" 4tid="key revocation lists"
5 5
6# If we don't support ecdsa keys then this tell will be much slower. 6# Use ed25519 by default since it's fast and it's supported when building
7ECDSA=ecdsa 7# w/out OpenSSL. Populate ktype[2-4] with the other types if supported.
8if test "x$TEST_SSH_ECC" != "xyes"; then 8ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519
9 ECDSA=rsa 9for t in `${SSH} -Q key-plain`; do
10fi 10 case "$t" in
11 ecdsa*) ktype2=ecdsa ;;
12 ssh-rsa) ktype3=rsa ;;
13 ssh-dss) ktype4=dsa ;;
14 esac
15done
11 16
12# Do most testing with ssh-keygen; it uses the same verification code as sshd. 17# Do most testing with ssh-keygen; it uses the same verification code as sshd.
13 18
@@ -15,9 +20,9 @@ fi
15rm -f $OBJ/revoked-* $OBJ/krl-* 20rm -f $OBJ/revoked-* $OBJ/krl-*
16 21
17# Generate a CA key 22# Generate a CA key
18$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null || 23$SSHKEYGEN -t $ktype1 -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
19 fatal "$SSHKEYGEN CA failed" 24 fatal "$SSHKEYGEN CA failed"
20$SSHKEYGEN -t ed25519 -f $OBJ/revoked-ca2 -C "" -N "" > /dev/null || 25$SSHKEYGEN -t $ktype2 -f $OBJ/revoked-ca2 -C "" -N "" > /dev/null ||
21 fatal "$SSHKEYGEN CA2 failed" 26 fatal "$SSHKEYGEN CA2 failed"
22 27
23# A specification that revokes some certificates by serial numbers 28# A specification that revokes some certificates by serial numbers
@@ -55,11 +60,13 @@ done
55keygen() { 60keygen() {
56 N=$1 61 N=$1
57 f=$OBJ/revoked-`printf "%04d" $N` 62 f=$OBJ/revoked-`printf "%04d" $N`
58 # Vary the keytype. We use mostly ECDSA since this is fastest by far. 63 # Vary the keytype. We use mostly ed25519 since this is fast and well
59 keytype=$ECDSA 64 # supported.
65 keytype=$ktype1
60 case $N in 66 case $N in
61 2 | 10 | 510 | 1001) keytype=rsa;; 67 2 | 10 | 510 | 1001) keytype=$ktype2 ;;
62 4 | 30 | 520 | 1002) keytype=ed25519;; 68 4 | 30 | 520 | 1002) keytype=$ktype3 ;;
69 8 | 50 | 530 | 1003) keytype=$ktype4 ;;
63 esac 70 esac
64 $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ 71 $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
65 || fatal "$SSHKEYGEN failed" 72 || fatal "$SSHKEYGEN failed"