14 files changed, 231 insertions, 70 deletions
diff --git a/regress/Makefile b/regress/Makefile
index c2dba4fdf..b23496b98 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -222,6 +222,7 @@ unit:
                $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
                        -d ${.CURDIR}/unittests/sshkey/testdata ; \
                $$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \
+                $$V ${.OBJDIR}/unittests/conversion/test_conversion ; \
                $$V ${.OBJDIR}/unittests/kex/test_kex ; \
                $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
                        -d ${.CURDIR}/unittests/hostkeys/testdata ; \
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 91621a59c..34bced154 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: agent-getpeereid.sh,v 1.7 2016/09/26 21:34:38 bluhm Exp $
+#       $OpenBSD: agent-getpeereid.sh,v 1.8 2017/01/06 02:51:16 djm Exp $
 #       Placed in the Public Domain.
 tid="disallow agent attach from other uid"
@@ -32,17 +32,17 @@ if [ $r -ne 0 ]; then
 else
        chmod 644 ${SSH_AUTH_SOCK}
-        ssh-add -l > /dev/null 2>&1
+        ${SSHADD} -l > /dev/null 2>&1
        r=$?
        if [ $r -ne 1 ]; then
                fail "ssh-add failed with $r != 1"
        fi
        if test -z "$sudo" ; then
                # doas
-                ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null
+                ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
        else
                # sudo
-                < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null
+                < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
        fi
        r=$?
        if [ $r -lt 2 ]; then
diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh
index 32a269afa..86805e193 100644
--- a/regress/allow-deny-users.sh
+++ b/regress/allow-deny-users.sh
@@ -4,7 +4,7 @@
 tid="AllowUsers/DenyUsers"
 me="$LOGNAME"
-if [ "x$me" == "x" ]; then
+if [ "x$me" = "x" ]; then
        me=`whoami`
 fi
 other="nobody"
diff --git a/regress/cert-file.sh b/regress/cert-file.sh
index b184e7fea..43b8e0201 100644
--- a/regress/cert-file.sh
+++ b/regress/cert-file.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: cert-file.sh,v 1.4 2016/12/16 02:48:55 djm Exp $
+#       $OpenBSD: cert-file.sh,v 1.5 2017/03/11 23:44:16 djm Exp $
 #       Placed in the Public Domain.
 tid="ssh with certificates"
@@ -17,24 +17,59 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \
        fatal "ssh-keygen failed"
 ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \
        fatal "ssh-keygen failed"
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key3 || \
+        fatal "ssh-keygen failed"
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key4 || \
+        fatal "ssh-keygen failed"
+${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key5 || \
+        fatal "ssh-keygen failed"
 # Move the certificate to a different address to better control
 # when it is offered.
 ${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
        -z $$ -n ${USER} $OBJ/user_key1 ||
-                fail "couldn't sign user_key1 with user_ca_key1"
+                fatal "couldn't sign user_key1 with user_ca_key1"
 mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub
 ${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \
        -z $$ -n ${USER} $OBJ/user_key1 ||
-                fail "couldn't sign user_key1 with user_ca_key2"
+                fatal "couldn't sign user_key1 with user_ca_key2"
 mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub
+${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
+        -z $$ -n ${USER} $OBJ/user_key3 ||
+                fatal "couldn't sign user_key3 with user_ca_key1"
+rm $OBJ/user_key3.pub # to test use of private key w/o public half.
+${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \
+        -z $$ -n ${USER} $OBJ/user_key4 ||
+                fatal "couldn't sign user_key4 with user_ca_key1"
+rm $OBJ/user_key4 $OBJ/user_key4.pub # to test no matching pub/private key case.
 trace 'try with identity files'
 opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
 opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2"
 echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER
+# Make a clean config that doesn't have any pre-added identities.
+cat $OBJ/ssh_proxy | grep -v IdentityFile > $OBJ/no_identity_config
+# XXX: verify that certificate used was what we expect. Needs exposure of
+# keys via enviornment variable or similar.
 for p in ${SSH_PROTOCOLS}; do
+        # Key with no .pub should work - finding the equivalent *-cert.pub.
+        verbose "protocol $p: identity cert with no plain public file"
+        ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
+            -i $OBJ/user_key3 somehost exit 5$p
+        [ $? -ne 5$p ] && fail "ssh failed"
+        # CertificateFile matching private key with no .pub file should work.
+        verbose "protocol $p: CertificateFile with no plain public file"
+        ${SSH} -F $OBJ/no_identity_config -oIdentitiesOnly=yes \
+            -oCertificateFile=$OBJ/user_key3-cert.pub \
+            -i $OBJ/user_key3 somehost exit 5$p
+        [ $? -ne 5$p ] && fail "ssh failed"
        # Just keys should fail
+        verbose "protocol $p: plain keys"
        ${SSH} $opts2 somehost exit 5$p
        r=$?
        if [ $r -eq 5$p ]; then
@@ -42,6 +77,7 @@ for p in ${SSH_PROTOCOLS}; do
        fi
        # Keys with untrusted cert should fail.
+        verbose "protocol $p: untrusted cert"
        opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
        ${SSH} $opts3 somehost exit 5$p
        r=$?
@@ -50,6 +86,7 @@ for p in ${SSH_PROTOCOLS}; do
        fi
        # Good cert with bad key should fail.
+        verbose "protocol $p: good cert, bad key"
        opts3="$opts -i $OBJ/user_key2"
        opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
        ${SSH} $opts3 somehost exit 5$p
@@ -59,6 +96,7 @@ for p in ${SSH_PROTOCOLS}; do
        fi
        # Keys with one trusted cert, should succeed.
+        verbose "protocol $p: single trusted"
        opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
        ${SSH} $opts3 somehost exit 5$p
        r=$?
@@ -67,6 +105,7 @@ for p in ${SSH_PROTOCOLS}; do
        fi
        # Multiple certs and keys, with one trusted cert, should succeed.
+        verbose "protocol $p: multiple trusted"
        opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub"
        opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
        ${SSH} $opts3 somehost exit 5$p
@@ -74,14 +113,6 @@ for p in ${SSH_PROTOCOLS}; do
        if [ $r -ne 5$p ]; then
                fail "ssh failed with multiple certs in protocol $p"
        fi
-        #Keys with trusted certificate specified in config options, should succeed.
-        opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub"
-        ${SSH} $opts3 somehost exit 5$p
-        r=$?
-        if [ $r -ne 5$p ]; then
-                fail "ssh failed with trusted cert in config in protocol $p"
-        fi
 done
 #next, using an agent in combination with the keys
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index 2539db9b7..45c596d7d 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $
+#       $OpenBSD: forwarding.sh,v 1.19 2017/01/30 05:22:14 djm Exp $
 #       Placed in the Public Domain.
 tid="local and remote forwarding"
@@ -10,8 +10,7 @@ start_sshd
 base=33
 last=$PORT
 fwd=""
-CTL=$OBJ/ctl-sock
+CTL=/tmp/openssh.regress.ctl-sock.$$
-rm -f $CTL
 for j in 0 1 2; do
        for i in 0 1 2; do
@@ -29,7 +28,8 @@ for p in ${SSH_PROTOCOLS}; do
                q=$p
        fi
        trace "start forwarding, fork to background"
-        ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
+        rm -f $CTL
+        ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
        trace "transfer over forwarded channels and check result"
        ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
@@ -37,7 +37,7 @@ for p in ${SSH_PROTOCOLS}; do
        test -s ${COPY}         || fail "failed copy of ${DATA}"
        cmp ${DATA} ${COPY}     || fail "corrupted copy of ${DATA}"
-        sleep 10
+        ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
 done
 for p in ${SSH_PROTOCOLS}; do
@@ -52,7 +52,7 @@ for d in L R; do
            -$d ${base}04:127.0.0.1:$PORT \
            -oExitOnForwardFailure=yes somehost true
        if [ $? != 0 ]; then
-                fail "connection failed, should not"
+                fatal "connection failed, should not"
        else
                # this one should fail
                ${SSH} -q -$p -F $OBJ/ssh_config \
@@ -75,30 +75,32 @@ for p in ${SSH_PROTOCOLS}; do
        ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
        trace "clear local forward proto $p"
-        ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
+        rm -f $CTL
+        ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
            -oClearAllForwardings=yes somehost sleep 10
        if [ $? != 0 ]; then
                fail "connection failed with cleared local forwarding"
        else
                # this one should fail
-                ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+                ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
                     >>$TEST_REGRESS_LOGFILE 2>&1 && \
                        fail "local forwarding not cleared"
        fi
-        sleep 10
+        ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
        
        trace "clear remote forward proto $p"
-        ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
+        rm -f $CTL
+        ${SSH} -S $CTL -M -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
            -oClearAllForwardings=yes somehost sleep 10
        if [ $? != 0 ]; then
                fail "connection failed with cleared remote forwarding"
        else
                # this one should fail
-                ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+                ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 somehost true \
                     >>$TEST_REGRESS_LOGFILE 2>&1 && \
                        fail "remote forwarding not cleared"
        fi
-        sleep 10
+        ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
 done
 for p in 2; do
@@ -115,6 +117,7 @@ echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
 echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
 for p in ${SSH_PROTOCOLS}; do
        trace "config file: start forwarding, fork to background"
+        rm -f $CTL
        ${SSH} -S $CTL -M -$p -F $OBJ/ssh_config -f somehost sleep 10
        trace "config file: transfer over forwarded channels and check result"
@@ -123,21 +126,24 @@ for p in ${SSH_PROTOCOLS}; do
        test -s ${COPY}         || fail "failed copy of ${DATA}"
        cmp ${DATA} ${COPY}     || fail "corrupted copy of ${DATA}"
-        ${SSH} -S $CTL -O exit somehost
+        ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
 done
 for p in 2; do
        trace "transfer over chained unix domain socket forwards and check result"
        rm -f $OBJ/unix-[123].fwd
-        ${SSH} -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
+        rm -f $CTL $CTL.[123]
-        ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
+        ${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
-        ${SSH} -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
+        ${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
-        ${SSH} -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
+        ${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
+        ${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
        ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
                somehost cat ${DATA} > ${COPY}
        test -s ${COPY}                 || fail "failed copy ${DATA}"
        cmp ${DATA} ${COPY}             || fail "corrupted copy of ${DATA}"
-        #wait
+        ${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
-        sleep 10
+        ${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost
+        ${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost
+        ${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost
 done
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 39d310deb..1df2924f5 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,12 +1,10 @@
-#       $OpenBSD: integrity.sh,v 1.19 2016/11/25 02:56:49 dtucker Exp $
+#       $OpenBSD: integrity.sh,v 1.20 2017/01/06 02:26:10 dtucker Exp $
 #       Placed in the Public Domain.
 tid="integrity"
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 # start at byte 2900 (i.e. after kex) and corrupt at different offsets
-# XXX the test hangs if we modify the low bytes of the packet length
-# XXX and ssh tries to read...
 tries=10
 startoffset=2900
 macs=`${SSH} -Q mac`
@@ -27,6 +25,7 @@ for m in $macs; do
        elen=0
        epad=0
        emac=0
+        etmo=0
        ecnt=0
        skip=0
        for off in `jot $tries $startoffset`; do
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index bfa48803b..dc033cd96 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $
+#       $OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $
 #       Placed in the Public Domain.
 #SUDO=sudo
@@ -444,12 +444,10 @@ Host *
        User                    $USER
        GlobalKnownHostsFile    $OBJ/known_hosts
        UserKnownHostsFile      $OBJ/known_hosts
-        RSAAuthentication       yes
        PubkeyAuthentication    yes
        ChallengeResponseAuthentication no
        HostbasedAuthentication no
        PasswordAuthentication  no
-        RhostsRSAAuthentication no
        BatchMode               yes
        StrictHostKeyChecking   yes
        LogLevel                DEBUG3
diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index e70b16644..e975f6ca4 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,5 +1,6 @@
-#       $OpenBSD: Makefile,v 1.7 2016/08/19 06:44:13 djm Exp $
+#       $OpenBSD: Makefile,v 1.9 2017/03/14 01:20:29 dtucker Exp $
-REGRESS_FAIL_EARLY= yes
-SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match
+REGRESS_FAIL_EARLY?=    yes
+SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
 .include <bsd.subdir.mk>
diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile
new file mode 100644
index 000000000..cde97dc28
--- /dev/null
+++ b/regress/unittests/conversion/Makefile
@@ -0,0 +1,10 @@
+#       $OpenBSD: Makefile,v 1.1 2017/03/14 01:20:29 dtucker Exp $
+PROG=test_conversion
+SRCS=tests.c
+REGRESS_TARGETS=run-regress-${PROG}
+run-regress-${PROG}: ${PROG}
+        env ${TEST_ENV} ./${PROG}
+.include <bsd.regress.mk>
diff --git a/regress/unittests/conversion/tests.c b/regress/unittests/conversion/tests.c
new file mode 100644
index 000000000..6dd77ef42
--- /dev/null
+++ b/regress/unittests/conversion/tests.c
@@ -0,0 +1,51 @@
+/*      $OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */
+/*
+ * Regress test for conversions
+ *
+ * Placed in the public domain
+ */
+#include "includes.h"
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include "../test_helper/test_helper.h"
+#include "misc.h"
+void
+tests(void)
+{
+        char buf[1024];
+        TEST_START("conversion_convtime");
+        ASSERT_LONG_EQ(convtime("0"), 0);
+        ASSERT_LONG_EQ(convtime("1"), 1);
+        ASSERT_LONG_EQ(convtime("1S"), 1);
+        /* from the examples in the comment above the function */
+        ASSERT_LONG_EQ(convtime("90m"), 5400);
+        ASSERT_LONG_EQ(convtime("1h30m"), 5400);
+        ASSERT_LONG_EQ(convtime("2d"), 172800);
+        ASSERT_LONG_EQ(convtime("1w"), 604800);
+        /* negative time is not allowed */
+        ASSERT_LONG_EQ(convtime("-7"), -1);
+        ASSERT_LONG_EQ(convtime("-9d"), -1);
+        
+        /* overflow */
+        snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1);
+        ASSERT_LONG_EQ(convtime(buf), -1);
+        /* overflow with multiplier */
+        snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1);
+        ASSERT_LONG_EQ(convtime(buf), -1);
+        ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1);
+        TEST_DONE();
+}
diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c
index 7ff319c16..e1593367b 100644
--- a/regress/unittests/match/tests.c
+++ b/regress/unittests/match/tests.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tests.c,v 1.3 2016/09/21 17:03:54 djm Exp $ */
+/*      $OpenBSD: tests.c,v 1.4 2017/02/03 23:01:42 djm Exp $ */
 /*
 * Regress test for matching functions
 *
@@ -103,6 +103,25 @@ tests(void)
        /* XXX negated ASSERT_INT_EQ(addr_match_list("127.0.0.1", "!127.0.0.2,10.0.0.1"), 1); */
        TEST_DONE();
+#define CHECK_FILTER(string,filter,expected) \
+        do { \
+                char *result = match_filter_list((string), (filter)); \
+                ASSERT_STRING_EQ(result, expected); \
+                free(result); \
+        } while (0)
+        TEST_START("match_filter_list");
+        CHECK_FILTER("a,b,c", "", "a,b,c");
+        CHECK_FILTER("a,b,c", "a", "b,c");
+        CHECK_FILTER("a,b,c", "b", "a,c");
+        CHECK_FILTER("a,b,c", "c", "a,b");
+        CHECK_FILTER("a,b,c", "a,b", "c");
+        CHECK_FILTER("a,b,c", "a,c", "b");
+        CHECK_FILTER("a,b,c", "b,c", "a");
+        CHECK_FILTER("a,b,c", "a,b,c", "");
+        CHECK_FILTER("a,b,c", "b,c", "a");
+        CHECK_FILTER("", "a,b,c", "");
+        TEST_DONE();
 /*
 * XXX TODO
 * int      match_host_and_ip(const char *, const char *, const char *);
diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
index 26ca26b5e..f855137fb 100644
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: test_helper.c,v 1.6 2015/03/03 20:42:49 djm Exp $     */
+/*      $OpenBSD: test_helper.c,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
 /*
 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
 *
@@ -442,6 +442,17 @@ assert_u_int(const char *file, int line, const char *a1, const char *a2,
 }
 void
+assert_long(const char *file, int line, const char *a1, const char *a2,
+    long aa1, long aa2, enum test_predicate pred)
+{
+        TEST_CHECK(aa1, aa2, pred);
+        test_header(file, line, a1, a2, "LONG", pred);
+        fprintf(stderr, "%12s = %ld / 0x%lx\n", a1, aa1, aa1);
+        fprintf(stderr, "%12s = %ld / 0x%lx\n", a2, aa2, aa2);
+        test_die();
+}
+void
 assert_long_long(const char *file, int line, const char *a1, const char *a2,
    long long aa1, long long aa2, enum test_predicate pred)
 {
diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h
index 1d9c66986..615b7832b 100644
--- a/regress/unittests/test_helper/test_helper.h
+++ b/regress/unittests/test_helper/test_helper.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $     */
+/*      $OpenBSD: test_helper.h,v 1.7 2017/03/14 01:10:07 dtucker Exp $ */
 /*
 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
 *
@@ -67,6 +67,9 @@ void assert_size_t(const char *file, int line,
 void assert_u_int(const char *file, int line,
    const char *a1, const char *a2,
    u_int aa1, u_int aa2, enum test_predicate pred);
+void assert_long(const char *file, int line,
+    const char *a1, const char *a2,
+    long aa1, long aa2, enum test_predicate pred);
 void assert_long_long(const char *file, int line,
    const char *a1, const char *a2,
    long long aa1, long long aa2, enum test_predicate pred);
@@ -110,6 +113,8 @@ void assert_u64(const char *file, int line,
        assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
 #define ASSERT_U_INT_EQ(a1, a2) \
        assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
+#define ASSERT_LONG_EQ(a1, a2) \
+        assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
 #define ASSERT_LONG_LONG_EQ(a1, a2) \
        assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_EQ)
 #define ASSERT_CHAR_EQ(a1, a2) \
@@ -139,6 +144,8 @@ void assert_u64(const char *file, int line,
        assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
 #define ASSERT_U_INT_NE(a1, a2) \
        assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
+#define ASSERT_LONG_NE(a1, a2) \
+        assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
 #define ASSERT_LONG_LONG_NE(a1, a2) \
        assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_NE)
 #define ASSERT_CHAR_NE(a1, a2) \
@@ -166,6 +173,8 @@ void assert_u64(const char *file, int line,
        assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
 #define ASSERT_U_INT_LT(a1, a2) \
        assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
+#define ASSERT_LONG_LT(a1, a2) \
+        assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
 #define ASSERT_LONG_LONG_LT(a1, a2) \
        assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LT)
 #define ASSERT_CHAR_LT(a1, a2) \
@@ -193,6 +202,8 @@ void assert_u64(const char *file, int line,
        assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
 #define ASSERT_U_INT_LE(a1, a2) \
        assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
+#define ASSERT_LONG_LE(a1, a2) \
+        assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
 #define ASSERT_LONG_LONG_LE(a1, a2) \
        assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_LE)
 #define ASSERT_CHAR_LE(a1, a2) \
@@ -220,6 +231,8 @@ void assert_u64(const char *file, int line,
        assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
 #define ASSERT_U_INT_GT(a1, a2) \
        assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
+#define ASSERT_LONG_GT(a1, a2) \
+        assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
 #define ASSERT_LONG_LONG_GT(a1, a2) \
        assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GT)
 #define ASSERT_CHAR_GT(a1, a2) \
@@ -247,6 +260,8 @@ void assert_u64(const char *file, int line,
        assert_size_t(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
 #define ASSERT_U_INT_GE(a1, a2) \
        assert_u_int(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
+#define ASSERT_LONG_GE(a1, a2) \
+        assert_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
 #define ASSERT_LONG_LONG_GE(a1, a2) \
        assert_long_long(__FILE__, __LINE__, #a1, #a2, a1, a2, TEST_GE)
 #define ASSERT_CHAR_GE(a1, a2) \
diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c
index 31f9fe9c3..f0bbca509 100644
--- a/regress/unittests/utf8/tests.c
+++ b/regress/unittests/utf8/tests.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */
+/*      $OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */
 /*
 * Regress test for the utf8.h *mprintf() API
 *
@@ -15,10 +15,7 @@
 #include "utf8.h"
-void     badarg(void);
+static void
-void     one(const char *, const char *, int, int, int, const char *);
-void
 badarg(void)
 {
        char     buf[16];
@@ -33,8 +30,8 @@ badarg(void)
        TEST_DONE();
 }
-void
+static void
-one(const char *name, const char *mbs, int width,
+one(int utf8, const char *name, const char *mbs, int width,
    int wantwidth, int wantlen, const char *wants)
 {
        char     buf[16];
@@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width,
        if (wantlen == -2)
                wantlen = strlen(wants);
-        (void)strlcpy(buf, "utf8_", sizeof(buf));
+        (void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf));
        (void)strlcat(buf, name, sizeof(buf));
        TEST_START(buf);
        wp = wantwidth == -2 ? NULL : &width;
@@ -65,19 +62,41 @@ tests(void)
        TEST_DONE();
        badarg();
-        one("empty", "", 2, 0, 0, "");
+        one(1, "empty", "", 2, 0, 0, "");
-        one("ascii", "x", -2, -2, -2, "x");
+        one(1, "ascii", "x", -2, -2, -2, "x");
-        one("newline", "a\nb", -2, -2, -2, "a\nb");
+        one(1, "newline", "a\nb", -2, -2, -2, "a\nb");
-        one("cr", "a\rb", -2, -2, -2, "a\rb");
+        one(1, "cr", "a\rb", -2, -2, -2, "a\rb");
-        one("tab", "a\tb", -2, -2, -2, "a\tb");
+        one(1, "tab", "a\tb", -2, -2, -2, "a\tb");
-        one("esc", "\033x", -2, -2, -2, "\\033x");
+        one(1, "esc", "\033x", -2, -2, -2, "\\033x");
-        one("inv_badbyte", "\377x", -2, -2, -2, "\\377x");
+        one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
-        one("inv_nocont", "\341x", -2, -2, -2, "\\341x");
+        one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
-        one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
+        one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
-        one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
+        one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
-        one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
+        one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
-        one("width_ascii", "123", 2, 2, -1, "12");
+        one(1, "width_ascii", "123", 2, 2, -1, "12");
-        one("width_double", "a\343\201\201", 2, 1, -1, "a");
+        one(1, "width_double", "a\343\201\201", 2, 1, -1, "a");
-        one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
+        one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
-        one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
+        one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
+        TEST_START("C_setlocale");
+        loc = setlocale(LC_CTYPE, "C");
+        ASSERT_PTR_NE(loc, NULL);
+        TEST_DONE();
+        badarg();
+        one(0, "empty", "", 2, 0, 0, "");
+        one(0, "ascii", "x", -2, -2, -2, "x");
+        one(0, "newline", "a\nb", -2, -2, -2, "a\nb");
+        one(0, "cr", "a\rb", -2, -2, -2, "a\rb");
+        one(0, "tab", "a\tb", -2, -2, -2, "a\tb");
+        one(0, "esc", "\033x", -2, -2, -2, "\\033x");
+        one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
+        one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
+        one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
+        one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
+        one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
+        one(0, "width_ascii", "123", 2, 2, -1, "12");
+        one(0, "width_double", "a\343\201\201", 2, 1, -1, "a");
+        one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343");
+        one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201");
 }