Attachment 3224 Details for Bug 2954 – proposed patch

[patch] proposed patch

openssh-unit.patch (text/plain), 20.95 KB, created by Jakub Jelen on 2019-01-18 20:18:39 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jakub Jelen

Created: 2019-01-18 20:18:39 AEDT

Size: 20.95 KB

patch

obsolete

>commit e8de968da2b229bd78e131cfee887b8c096403d4
>Author: Jakub Jelen <jjelen@redhat.com>
>Date:   Fri Jan 18 10:06:27 2019 +0100
>
>    Allow building unit tests without OpenSSL
>
>diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c
>index 23025f90..34bfa025 100644
>--- a/regress/unittests/bitmap/tests.c
>+++ b/regress/unittests/bitmap/tests.c
>@@ -16,7 +16,9 @@
> #include <stdlib.h>
> #include <string.h>
> 
>-#include <openssl/bn.h>
>+#ifdef WITH_OPENSSL
>+# include <openssl/bn.h>
>+#endif /* WITH_OPENSSL */
> 
> #include "../test_helper/test_helper.h"
> 
>@@ -27,6 +29,7 @@
> void
> tests(void)
> {
>+#ifdef WITH_OPENSSL
> 	struct bitmap *b;
> 	BIGNUM *bn;
> 	size_t len;
>@@ -131,5 +134,6 @@ tests(void)
> 	bitmap_free(b);
> 	BN_free(bn);
> 	TEST_DONE();
>+#endif /* WITH_OPENSSL */
> }
> 
>diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
>index d6963bd2..40e3fecb 100644
>--- a/regress/unittests/hostkeys/test_iterate.c
>+++ b/regress/unittests/hostkeys/test_iterate.c
>@@ -90,6 +90,16 @@ check(struct hostkey_foreach_line *l, void *_ctx)
> 	expected_keytype = (parse_key || expected->no_parse_keytype < 0) ?
> 	    expected->l.keytype : expected->no_parse_keytype;
> 
>+#ifndef WITH_OPENSSL
>+	if (expected->l.keytype == KEY_RSA ||
>+	    expected->l.keytype == KEY_DSA ||
>+	    expected->no_parse_keytype == KEY_RSA ||
>+	    expected->no_parse_keytype == KEY_DSA ) {
>+		expected_status = HKF_STATUS_INVALID;
>+		expected_keytype = KEY_UNSPEC;
>+		parse_key = 0;
>+	}
>+#endif /* WITH_OPENSSL */
> #ifndef OPENSSL_HAS_ECC
> 	if (expected->l.keytype == KEY_ECDSA ||
> 	    expected->no_parse_keytype == KEY_ECDSA) {
>@@ -142,6 +152,11 @@ prepare_expected(struct expected *expected, size_t n)
> 	for (i = 0; i < n; i++) {
> 		if (expected[i].key_file == NULL)
> 			continue;
>+#ifndef WITH_OPENSSL
>+		if (expected[i].l.keytype == KEY_RSA ||
>+		    expected[i].l.keytype == KEY_DSA)
>+			continue;
>+#endif /* WITH_OPENSSL */
> #ifndef OPENSSL_HAS_ECC
> 		if (expected[i].l.keytype == KEY_ECDSA)
> 			continue;
>diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
>index 90f1ebf4..128b19db 100644
>--- a/regress/unittests/kex/test_kex.c
>+++ b/regress/unittests/kex/test_kex.c
>@@ -144,10 +144,12 @@ do_kex_with_key(char *kex, int keytype, int bits)
> 	sshbuf_free(state);
> 	ASSERT_PTR_NE(server2->kex, NULL);
> 	/* XXX we need to set the callbacks */
>+#ifdef WITH_OPENSSL
> 	server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
> 	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
> 	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
> 	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
>+#endif /* WITH_OPENSSL */
> #ifdef OPENSSL_HAS_ECC
> 	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
> #endif
>@@ -177,11 +179,13 @@ do_kex_with_key(char *kex, int keytype, int bits)
> static void
> do_kex(char *kex)
> {
>+#ifdef WITH_OPENSSL
> 	do_kex_with_key(kex, KEY_RSA, 2048);
> 	do_kex_with_key(kex, KEY_DSA, 1024);
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	do_kex_with_key(kex, KEY_ECDSA, 256);
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 	do_kex_with_key(kex, KEY_ED25519, 256);
> }
> 
>@@ -189,13 +193,15 @@ void
> kex_tests(void)
> {
> 	do_kex("curve25519-sha256@libssh.org");
>-#ifdef OPENSSL_HAS_ECC
>+#ifdef WITH_OPENSSL
>+# ifdef OPENSSL_HAS_ECC
> 	do_kex("ecdh-sha2-nistp256");
> 	do_kex("ecdh-sha2-nistp384");
> 	do_kex("ecdh-sha2-nistp521");
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
> 	do_kex("diffie-hellman-group-exchange-sha256");
> 	do_kex("diffie-hellman-group-exchange-sha1");
> 	do_kex("diffie-hellman-group14-sha1");
> 	do_kex("diffie-hellman-group1-sha1");
>+#endif /* WITH_OPENSSL */
> }
>diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
>index a68e1329..b0e1136a 100644
>--- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
>+++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
>@@ -16,11 +16,13 @@
> #include <stdlib.h>
> #include <string.h>
> 
>-#include <openssl/bn.h>
>-#include <openssl/objects.h>
>-#ifdef OPENSSL_HAS_NISTP256
>-# include <openssl/ec.h>
>-#endif
>+#ifdef WITH_OPENSSL
>+# include <openssl/bn.h>
>+# include <openssl/objects.h>
>+# ifdef OPENSSL_HAS_NISTP256
>+#  include <openssl/ec.h>
>+# endif
>+#endif /* WITH_OPENSSL */
> 
> #include "../test_helper/test_helper.h"
> #include "ssherr.h"
>@@ -31,6 +33,7 @@ void sshbuf_getput_crypto_tests(void);
> void
> sshbuf_getput_crypto_tests(void)
> {
>+#ifdef WITH_OPENSSL
> 	struct sshbuf *p1;
> 	BIGNUM *bn, *bn2;
> 	/* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
>@@ -46,7 +49,7 @@ sshbuf_getput_crypto_tests(void)
> 		0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00,
> 		0x7f, 0xff, 0x11
> 	};
>-#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
>+# if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
> 	const u_char *d;
> 	size_t s;
> 	BIGNUM *bn_x, *bn_y;
>@@ -68,7 +71,7 @@ sshbuf_getput_crypto_tests(void)
> 	};
> 	EC_KEY *eck;
> 	EC_POINT *ecp;
>-#endif
>+# endif
> 	int r;
> 
> #define MKBN(b, bnn) \
>@@ -352,7 +355,7 @@ sshbuf_getput_crypto_tests(void)
> 	sshbuf_free(p1);
> 	TEST_DONE();
> 
>-#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
>+# if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
> 	TEST_START("sshbuf_put_ec");
> 	eck = EC_KEY_new_by_curve_name(ec256_nid);
> 	ASSERT_PTR_NE(eck, NULL);
>@@ -404,6 +407,7 @@ sshbuf_getput_crypto_tests(void)
> 	BN_free(bn);
> 	BN_free(bn2);
> 	TEST_DONE();
>-#endif
>+# endif
>+#endif /* WITH_OPENSSL */
> }
> 
>diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
>index 7c7cb2bf..af3081f6 100644
>--- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
>+++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
>@@ -32,10 +32,12 @@ static void
> attempt_parse_blob(u_char *blob, size_t len)
> {
> 	struct sshbuf *p1;
>+#ifdef WITH_OPENSSL
> 	BIGNUM *bn;
>-#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
>+# if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
> 	EC_KEY *eck;
>-#endif
>+# endif
>+#endif /* WITH_OPENSSL */
> 	u_char *s;
> 	size_t l;
> 	u_int8_t u8;
>@@ -54,18 +56,20 @@ attempt_parse_blob(u_char *blob, size_t len)
> 		bzero(s, l);
> 		free(s);
> 	}
>+#ifdef WITH_OPENSSL
> 	bn = BN_new();
> 	sshbuf_get_bignum1(p1, bn);
> 	BN_clear_free(bn);
> 	bn = BN_new();
> 	sshbuf_get_bignum2(p1, bn);
> 	BN_clear_free(bn);
>-#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
>+# if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
> 	eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
> 	ASSERT_PTR_NE(eck, NULL);
> 	sshbuf_get_eckey(p1, eck);
> 	EC_KEY_free(eck);
>-#endif
>+# endif
>+#endif /* WITH_OPENSSL */
> 	sshbuf_free(p1);
> }
> 
>diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
>index e63465c4..a81066e5 100644
>--- a/regress/unittests/sshkey/common.c
>+++ b/regress/unittests/sshkey/common.c
>@@ -19,13 +19,15 @@
> #include <string.h>
> #include <unistd.h>
> 
>-#include <openssl/bn.h>
>-#include <openssl/rsa.h>
>-#include <openssl/dsa.h>
>-#include <openssl/objects.h>
>-#ifdef OPENSSL_HAS_NISTP256
>-# include <openssl/ec.h>
>-#endif
>+#ifdef WITH_OPENSSL
>+# include <openssl/bn.h>
>+# include <openssl/rsa.h>
>+# include <openssl/dsa.h>
>+# include <openssl/objects.h>
>+# ifdef OPENSSL_HAS_NISTP256
>+#  include <openssl/ec.h>
>+# endif
>+#endif /* WITH_OPENSSL */
> 
> #include "openbsd-compat/openssl-compat.h"
> 
>@@ -72,6 +74,7 @@ load_text_file(const char *name)
> 	return ret;
> }
> 
>+#ifdef WITH_OPENSSL
> BIGNUM *
> load_bignum(const char *name)
> {
>@@ -160,4 +163,4 @@ dsa_priv_key(struct sshkey *k)
> 	DSA_get0_key(k->dsa, NULL, &priv_key);
> 	return priv_key;
> }
>-
>+#endif /* WITH_OPENSSL */
>diff --git a/regress/unittests/sshkey/common.h b/regress/unittests/sshkey/common.h
>index 7a514fdc..1b6254e7 100644
>--- a/regress/unittests/sshkey/common.h
>+++ b/regress/unittests/sshkey/common.h
>@@ -11,6 +11,7 @@ struct sshbuf *load_file(const char *name);
> /* Load a text file into a buffer */
> struct sshbuf *load_text_file(const char *name);
> 
>+#ifdef WITH_OPENSSL
> /* Load a bignum from a file */
> BIGNUM *load_bignum(const char *name);
> 
>@@ -22,4 +23,4 @@ const BIGNUM *rsa_q(struct sshkey *k);
> const BIGNUM *dsa_g(struct sshkey *k);
> const BIGNUM *dsa_pub_key(struct sshkey *k);
> const BIGNUM *dsa_priv_key(struct sshkey *k);
>-
>+#endif /* WITH_OPENSSL */
>diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
>index 65610dac..58330d1f 100644
>--- a/regress/unittests/sshkey/test_file.c
>+++ b/regress/unittests/sshkey/test_file.c
>@@ -19,13 +19,15 @@
> #include <string.h>
> #include <unistd.h>
> 
>-#include <openssl/bn.h>
>-#include <openssl/rsa.h>
>-#include <openssl/dsa.h>
>-#include <openssl/objects.h>
>-#ifdef OPENSSL_HAS_NISTP256
>-# include <openssl/ec.h>
>-#endif
>+#ifdef WITH_OPENSSL
>+# include <openssl/bn.h>
>+# include <openssl/rsa.h>
>+# include <openssl/dsa.h>
>+# include <openssl/objects.h>
>+# ifdef OPENSSL_HAS_NISTP256
>+#  include <openssl/ec.h>
>+# endif
>+#endif /* WITH_OPENSSL */
> 
> #include "../test_helper/test_helper.h"
> 
>@@ -51,7 +53,7 @@ sshkey_file_tests(void)
> 	pw = load_text_file("pw");
> 	TEST_DONE();
> 
>-
>+#ifdef WITH_OPENSSL
> 	TEST_START("parse RSA from private");
> 	buf = load_file("rsa_1");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
>@@ -252,7 +254,7 @@ sshkey_file_tests(void)
> 
> 	sshkey_free(k1);
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("parse ECDSA from private");
> 	buf = load_file("ecdsa_1");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
>@@ -349,7 +351,8 @@ sshkey_file_tests(void)
> 	TEST_DONE();
> 
> 	sshkey_free(k1);
>-#endif /* OPENSSL_HAS_ECC */
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("parse Ed25519 from private");
> 	buf = load_file("ed25519_1");
>@@ -360,6 +363,7 @@ sshkey_file_tests(void)
> 	/* XXX check key contents */
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL /* The OpenSSL is needed for decryption ? */
> 	TEST_START("parse Ed25519 from private w/ passphrase");
> 	buf = load_file("ed25519_1_pw");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
>@@ -369,6 +373,7 @@ sshkey_file_tests(void)
> 	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
> 	sshkey_free(k2);
> 	TEST_DONE();
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("load Ed25519 from public");
> 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
>diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
>index 5953de59..8a80e412 100644
>--- a/regress/unittests/sshkey/test_fuzz.c
>+++ b/regress/unittests/sshkey/test_fuzz.c
>@@ -19,13 +19,15 @@
> #include <string.h>
> #include <unistd.h>
> 
>-#include <openssl/bn.h>
>-#include <openssl/rsa.h>
>-#include <openssl/dsa.h>
>-#include <openssl/objects.h>
>-#ifdef OPENSSL_HAS_NISTP256
>-# include <openssl/ec.h>
>-#endif
>+#ifdef WITH_OPENSSL
>+# include <openssl/bn.h>
>+# include <openssl/rsa.h>
>+# include <openssl/dsa.h>
>+# include <openssl/objects.h>
>+# ifdef OPENSSL_HAS_NISTP256
>+#  include <openssl/ec.h>
>+# endif
>+#endif /* WITH_OPENSSL */
> 
> #include "../test_helper/test_helper.h"
> 
>@@ -113,7 +115,7 @@ sshkey_fuzz_tests(void)
> 	struct fuzz *fuzz;
> 	int r, i;
> 
>-
>+#ifdef WITH_OPENSSL
> 	TEST_START("fuzz RSA private");
> 	buf = load_file("rsa_1");
> 	fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
>@@ -202,7 +204,7 @@ sshkey_fuzz_tests(void)
> 	fuzz_cleanup(fuzz);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("fuzz ECDSA private");
> 	buf = load_file("ecdsa_1");
> 	fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
>@@ -246,7 +248,8 @@ sshkey_fuzz_tests(void)
> 	sshbuf_free(fuzzed);
> 	fuzz_cleanup(fuzz);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("fuzz Ed25519 private");
> 	buf = load_file("ed25519_1");
>@@ -270,6 +273,7 @@ sshkey_fuzz_tests(void)
> 	fuzz_cleanup(fuzz);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("fuzz RSA public");
> 	buf = load_file("rsa_1");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
>@@ -298,7 +302,7 @@ sshkey_fuzz_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("fuzz ECDSA public");
> 	buf = load_file("ecdsa_1");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
>@@ -312,7 +316,8 @@ sshkey_fuzz_tests(void)
> 	public_fuzz(k1);
> 	sshkey_free(k1);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("fuzz Ed25519 public");
> 	buf = load_file("ed25519_1");
>@@ -328,6 +333,7 @@ sshkey_fuzz_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("fuzz RSA sig");
> 	buf = load_file("rsa_1");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
>@@ -360,7 +366,7 @@ sshkey_fuzz_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("fuzz ECDSA sig");
> 	buf = load_file("ecdsa_1");
> 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
>@@ -368,7 +374,8 @@ sshkey_fuzz_tests(void)
> 	sig_fuzz(k1, NULL);
> 	sshkey_free(k1);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("fuzz Ed25519 sig");
> 	buf = load_file("ed25519_1");
>diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
>index 47a03fad..daf6382d 100644
>--- a/regress/unittests/sshkey/test_sshkey.c
>+++ b/regress/unittests/sshkey/test_sshkey.c
>@@ -16,12 +16,14 @@
> #include <stdlib.h>
> #include <string.h>
> 
>-#include <openssl/bn.h>
>-#include <openssl/rsa.h>
>-#include <openssl/dsa.h>
>-#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
>-# include <openssl/ec.h>
>-#endif
>+#ifdef WITH_OPENSSL
>+# include <openssl/bn.h>
>+# include <openssl/rsa.h>
>+# include <openssl/dsa.h>
>+# if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
>+#  include <openssl/ec.h>
>+# endif
>+#endif /* WITH_OPENSSL */
> 
> #include "../test_helper/test_helper.h"
> 
>@@ -193,6 +195,7 @@ sshkey_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("new/free KEY_RSA");
> 	k1 = sshkey_new(KEY_RSA);
> 	ASSERT_PTR_NE(k1, NULL);
>@@ -207,14 +210,15 @@ sshkey_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("new/free KEY_ECDSA");
> 	k1 = sshkey_new(KEY_ECDSA);
> 	ASSERT_PTR_NE(k1, NULL);
> 	ASSERT_PTR_EQ(k1->ecdsa, NULL);  /* Can't allocate without NID */
> 	sshkey_free(k1);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("new/free KEY_ED25519");
> 	k1 = sshkey_new(KEY_ED25519);
>@@ -225,6 +229,7 @@ sshkey_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("generate KEY_RSA too small modulus");
> 	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),
> 	    SSH_ERR_KEY_LENGTH);
>@@ -244,14 +249,14 @@ sshkey_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("generate KEY_ECDSA wrong bits");
> 	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
> 	    SSH_ERR_KEY_LENGTH);
> 	ASSERT_PTR_EQ(k1, NULL);
> 	sshkey_free(k1);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
> 
> 	TEST_START("generate KEY_RSA");
> 	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 767, &kr),
>@@ -273,7 +278,7 @@ sshkey_tests(void)
> 	ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("generate KEY_ECDSA");
> 	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
> 	ASSERT_PTR_NE(ke, NULL);
>@@ -281,7 +286,8 @@ sshkey_tests(void)
> 	ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
> 	ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("generate KEY_ED25519");
> 	ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
>@@ -291,6 +297,7 @@ sshkey_tests(void)
> 	ASSERT_PTR_NE(kf->ed25519_sk, NULL);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("demote KEY_RSA");
> 	ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0);
> 	ASSERT_PTR_NE(k1, NULL);
>@@ -322,7 +329,7 @@ sshkey_tests(void)
> 	sshkey_free(k1);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("demote KEY_ECDSA");
> 	ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
> 	ASSERT_PTR_NE(k1, NULL);
>@@ -338,7 +345,8 @@ sshkey_tests(void)
> 	ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
> 	sshkey_free(k1);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("demote KEY_ED25519");
> 	ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0);
>@@ -365,17 +373,19 @@ sshkey_tests(void)
> 	TEST_DONE();
> 
> 	TEST_START("equal different keys");
>+#ifdef WITH_OPENSSL
> 	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
> 	ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
> 	sshkey_free(k1);
> 	ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0);
> 	ASSERT_INT_EQ(sshkey_equal(kd, k1), 0);
> 	sshkey_free(k1);
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
> 	ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
> 	sshkey_free(k1);
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 	ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &k1), 0);
> 	ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
> 	sshkey_free(k1);
>@@ -434,6 +444,7 @@ sshkey_tests(void)
> 	sshbuf_reset(b);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("sign and verify RSA");
> 	k1 = get_private("rsa_1");
> 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
>@@ -470,7 +481,7 @@ sshkey_tests(void)
> 	sshkey_free(k2);
> 	TEST_DONE();
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> 	TEST_START("sign and verify ECDSA");
> 	k1 = get_private("ecdsa_1");
> 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
>@@ -479,7 +490,8 @@ sshkey_tests(void)
> 	sshkey_free(k1);
> 	sshkey_free(k2);
> 	TEST_DONE();
>-#endif
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> 	TEST_START("sign and verify ED25519");
> 	k1 = get_private("ed25519_1");
>@@ -490,6 +502,7 @@ sshkey_tests(void)
> 	sshkey_free(k2);
> 	TEST_DONE();
> 
>+#ifdef WITH_OPENSSL
> 	TEST_START("nested certificate");
> 	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
> 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
>@@ -504,5 +517,6 @@ sshkey_tests(void)
> 	sshkey_free(k3);
> 	sshbuf_free(b);
> 	TEST_DONE();
>+#endif /* WITH_OPENSSL */
> 
> }
>diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c
>index e7a47b26..bb291921 100644
>--- a/regress/unittests/test_helper/test_helper.c
>+++ b/regress/unittests/test_helper/test_helper.c
>@@ -126,7 +126,9 @@ main(int argc, char **argv)
> 	int ch;
> 
> 	seed_rng();
>+#ifdef WITH_OPENSSL
> 	ERR_load_CRYPTO_strings();
>+#endif /* WITH_OPENSSL */
> 
> 	/* Handle systems without __progname */
> 	if (__progname == NULL) {
>@@ -287,6 +289,7 @@ test_subtest_info(const char *fmt, ...)
> void
> ssl_err_check(const char *file, int line)
> {
>+#ifdef WITH_OPENSSL
> 	long openssl_error = ERR_get_error();
> 
> 	if (openssl_error == 0)
>@@ -294,6 +297,7 @@ ssl_err_check(const char *file, int line)
> 
> 	fprintf(stderr, "\n%s:%d: uncaught OpenSSL error: %s",
> 	    file, line, ERR_error_string(openssl_error, NULL));
>+#endif /* WITH_OPENSSL */
> 	abort();
> }
> 
>@@ -338,6 +342,7 @@ test_header(const char *file, int line, const char *a1, const char *a2,
> 	    a2 != NULL ? ", " : "", a2 != NULL ? a2 : "");
> }
> 
>+#ifdef WITH_OPENSSL
> void
> assert_bignum(const char *file, int line, const char *a1, const char *a2,
>     const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred)
>@@ -350,6 +355,7 @@ assert_bignum(const char *file, int line, const char *a1, const char *a2,
> 	fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2));
> 	test_die();
> }
>+#endif /* WITH_OPENSSL */
> 
> void
> assert_string(const char *file, int line, const char *a1, const char *a2,
>diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c
>index d0d791b5..a36ac7a6 100644
>--- a/sshbuf-getput-crypto.c
>+++ b/sshbuf-getput-crypto.c
>@@ -23,14 +23,17 @@
> #include <stdio.h>
> #include <string.h>
> 
>-#include <openssl/bn.h>
>-#ifdef OPENSSL_HAS_ECC
>-# include <openssl/ec.h>
>-#endif /* OPENSSL_HAS_ECC */
>+#if WITH_OPENSSL
>+# include <openssl/bn.h>
>+# ifdef OPENSSL_HAS_ECC
>+#  include <openssl/ec.h>
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
> 
> #include "ssherr.h"
> #include "sshbuf.h"
> 
>+#if WITH_OPENSSL
> int
> sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
> {
>@@ -71,7 +74,7 @@ sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
> 	return 0;
> }
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> static int
> get_ec(const u_char *d, size_t len, EC_POINT *v, const EC_GROUP *g)
> {
>@@ -141,7 +144,7 @@ sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
> 	}
> 	return 0;	
> }
>-#endif /* OPENSSL_HAS_ECC */
>+# endif /* OPENSSL_HAS_ECC */
> 
> int
> sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v)
>@@ -187,7 +190,7 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
> 	return 0;
> }
> 
>-#ifdef OPENSSL_HAS_ECC
>+# ifdef OPENSSL_HAS_ECC
> int
> sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g)
> {
>@@ -220,5 +223,6 @@ sshbuf_put_eckey(struct sshbuf *buf, const EC_KEY *v)
> 	return sshbuf_put_ec(buf, EC_KEY_get0_public_key(v),
> 	    EC_KEY_get0_group(v));
> }
>-#endif /* OPENSSL_HAS_ECC */
>+# endif /* OPENSSL_HAS_ECC */
>+#endif /* WITH_OPENSSL */
>

Actions: View | Diff

Attachments on bug 2954: 3224