diff options
Diffstat (limited to '')
-rw-r--r-- | kex.c | 4 | ||||
-rw-r--r-- | regress/unittests/hostkeys/test_iterate.c | 25 | ||||
-rw-r--r-- | regress/unittests/sshbuf/test_sshbuf_getput_crypto.c | 8 | ||||
-rw-r--r-- | regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c | 4 | ||||
-rw-r--r-- | regress/unittests/sshkey/test_sshkey.c | 7 |
5 files changed, 27 insertions, 21 deletions
@@ -432,9 +432,11 @@ kex_free(struct kex *kex) #ifdef WITH_OPENSSL if (kex->dh) DH_free(kex->dh); +#ifdef OPENSSL_HAS_ECC if (kex->ec_client_key) EC_KEY_free(kex->ec_client_key); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ for (mode = 0; mode < MODE_MAX; mode++) { kex_free_newkeys(kex->newkeys[mode]); kex->newkeys[mode] = NULL; diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 7e5a13018..d81291b68 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -98,6 +98,15 @@ check(struct hostkey_foreach_line *l, void *_ctx) parse_key = 0; } #endif +#ifndef OPENSSL_HAS_ECC + if (expected->l.keytype == KEY_ECDSA || + expected->no_parse_keytype == KEY_ECDSA) { + expected_status = HKF_STATUS_INVALID; + expected_keytype = KEY_UNSPEC; + parse_key = 0; + } +#endif + UPDATE_MATCH_STATUS(match_host_p); UPDATE_MATCH_STATUS(match_host_s); UPDATE_MATCH_STATUS(match_ipv4); @@ -145,6 +154,10 @@ prepare_expected(struct expected *expected, size_t n) if (expected[i].l.keytype == KEY_RSA1) continue; #endif +#ifndef OPENSSL_HAS_ECC + if (expected[i].l.keytype == KEY_ECDSA) + continue; +#endif ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, NULL), 0); @@ -178,7 +191,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "DSA #1", } }, -#ifdef OPENSSL_HAS_ECC { "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, { NULL, 3, @@ -192,7 +204,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ECDSA #1", } }, -#endif { "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, { NULL, 4, @@ -271,7 +282,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "DSA #2", } }, -#ifdef OPENSSL_HAS_ECC { "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, { NULL, 10, @@ -285,7 +295,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ECDSA #2", } }, -#endif { "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, { NULL, 11, @@ -364,7 +373,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "DSA #3", } }, -#ifdef OPENSSL_HAS_ECC { "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, { NULL, 17, @@ -378,7 +386,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ECDSA #3", } }, -#endif { "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, { NULL, 18, @@ -457,7 +464,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "DSA #5", } }, -#ifdef OPENSSL_HAS_ECC { "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, { NULL, 24, @@ -471,7 +477,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ECDSA #5", } }, -#endif { "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, { NULL, 25, @@ -568,7 +573,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "DSA #6", } }, -#ifdef OPENSSL_HAS_ECC { "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, { NULL, 32, @@ -608,7 +612,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ECDSA #6", } }, -#endif { "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, { NULL, 35, @@ -791,7 +794,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ED25519 #4", } }, -#ifdef OPENSSL_HAS_ECC { "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, { NULL, 49, @@ -805,7 +807,6 @@ struct expected expected_full[] = { NULL, /* filled at runtime */ "ECDSA #4", } }, -#endif { "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, { NULL, 50, diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c index 0c4c71ecd..a68e1329e 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c @@ -32,8 +32,6 @@ void sshbuf_getput_crypto_tests(void) { struct sshbuf *p1; - const u_char *d; - size_t s; BIGNUM *bn, *bn2; /* This one has num_bits != num_bytes * 8 to test bignum1 encoding */ const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10"; @@ -48,7 +46,9 @@ sshbuf_getput_crypto_tests(void) 0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00, 0x7f, 0xff, 0x11 }; -#ifdef OPENSSL_HAS_NISTP256 +#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) + const u_char *d; + size_t s; BIGNUM *bn_x, *bn_y; int ec256_nid = NID_X9_62_prime256v1; char *ec256_x = "0C828004839D0106AA59575216191357" @@ -352,7 +352,7 @@ sshbuf_getput_crypto_tests(void) sshbuf_free(p1); TEST_DONE(); -#ifdef OPENSSL_HAS_NISTP256 +#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) TEST_START("sshbuf_put_ec"); eck = EC_KEY_new_by_curve_name(ec256_nid); ASSERT_PTR_NE(eck, NULL); diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c index 8c3269b13..c6b5c29d1 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c @@ -33,7 +33,7 @@ attempt_parse_blob(u_char *blob, size_t len) { struct sshbuf *p1; BIGNUM *bn; -#ifdef OPENSSL_HAS_NISTP256 +#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) EC_KEY *eck; #endif u_char *s; @@ -60,7 +60,7 @@ attempt_parse_blob(u_char *blob, size_t len) bn = BN_new(); sshbuf_get_bignum2(p1, bn); BN_clear_free(bn); -#ifdef OPENSSL_HAS_NISTP256 +#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ASSERT_PTR_NE(eck, NULL); sshbuf_get_eckey(p1, eck); diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index b233a254b..ad10c9be2 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -19,7 +19,7 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/dsa.h> -#ifdef OPENSSL_HAS_NISTP256 +#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) # include <openssl/ec.h> #endif @@ -174,7 +174,10 @@ get_private(const char *n) void sshkey_tests(void) { - struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf; + struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf; +#ifdef OPENSSL_HAS_ECC + struct sshkey *ke; +#endif struct sshbuf *b; TEST_START("new invalid"); |