summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--kex.c4
-rw-r--r--regress/unittests/hostkeys/test_iterate.c25
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_crypto.c8
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c4
-rw-r--r--regress/unittests/sshkey/test_sshkey.c7
5 files changed, 27 insertions, 21 deletions
diff --git a/kex.c b/kex.c
index 2618e225d..8c2b00179 100644
--- a/kex.c
+++ b/kex.c
@@ -432,9 +432,11 @@ kex_free(struct kex *kex)
#ifdef WITH_OPENSSL
if (kex->dh)
DH_free(kex->dh);
+#ifdef OPENSSL_HAS_ECC
if (kex->ec_client_key)
EC_KEY_free(kex->ec_client_key);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
for (mode = 0; mode < MODE_MAX; mode++) {
kex_free_newkeys(kex->newkeys[mode]);
kex->newkeys[mode] = NULL;
diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 7e5a13018..d81291b68 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -98,6 +98,15 @@ check(struct hostkey_foreach_line *l, void *_ctx)
parse_key = 0;
}
#endif
+#ifndef OPENSSL_HAS_ECC
+ if (expected->l.keytype == KEY_ECDSA ||
+ expected->no_parse_keytype == KEY_ECDSA) {
+ expected_status = HKF_STATUS_INVALID;
+ expected_keytype = KEY_UNSPEC;
+ parse_key = 0;
+ }
+#endif
+
UPDATE_MATCH_STATUS(match_host_p);
UPDATE_MATCH_STATUS(match_host_s);
UPDATE_MATCH_STATUS(match_ipv4);
@@ -145,6 +154,10 @@ prepare_expected(struct expected *expected, size_t n)
if (expected[i].l.keytype == KEY_RSA1)
continue;
#endif
+#ifndef OPENSSL_HAS_ECC
+ if (expected[i].l.keytype == KEY_ECDSA)
+ continue;
+#endif
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);
@@ -178,7 +191,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #1",
} },
-#ifdef OPENSSL_HAS_ECC
{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
3,
@@ -192,7 +204,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #1",
} },
-#endif
{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
4,
@@ -271,7 +282,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #2",
} },
-#ifdef OPENSSL_HAS_ECC
{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
10,
@@ -285,7 +295,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #2",
} },
-#endif
{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
11,
@@ -364,7 +373,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #3",
} },
-#ifdef OPENSSL_HAS_ECC
{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
17,
@@ -378,7 +386,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #3",
} },
-#endif
{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
18,
@@ -457,7 +464,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #5",
} },
-#ifdef OPENSSL_HAS_ECC
{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
24,
@@ -471,7 +477,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #5",
} },
-#endif
{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
25,
@@ -568,7 +573,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"DSA #6",
} },
-#ifdef OPENSSL_HAS_ECC
{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
32,
@@ -608,7 +612,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #6",
} },
-#endif
{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
35,
@@ -791,7 +794,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ED25519 #4",
} },
-#ifdef OPENSSL_HAS_ECC
{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
49,
@@ -805,7 +807,6 @@ struct expected expected_full[] = {
NULL, /* filled at runtime */
"ECDSA #4",
} },
-#endif
{ "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
50,
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
index 0c4c71ecd..a68e1329e 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
@@ -32,8 +32,6 @@ void
sshbuf_getput_crypto_tests(void)
{
struct sshbuf *p1;
- const u_char *d;
- size_t s;
BIGNUM *bn, *bn2;
/* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10";
@@ -48,7 +46,9 @@ sshbuf_getput_crypto_tests(void)
0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00,
0x7f, 0xff, 0x11
};
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
+ const u_char *d;
+ size_t s;
BIGNUM *bn_x, *bn_y;
int ec256_nid = NID_X9_62_prime256v1;
char *ec256_x = "0C828004839D0106AA59575216191357"
@@ -352,7 +352,7 @@ sshbuf_getput_crypto_tests(void)
sshbuf_free(p1);
TEST_DONE();
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
TEST_START("sshbuf_put_ec");
eck = EC_KEY_new_by_curve_name(ec256_nid);
ASSERT_PTR_NE(eck, NULL);
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
index 8c3269b13..c6b5c29d1 100644
--- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
@@ -33,7 +33,7 @@ attempt_parse_blob(u_char *blob, size_t len)
{
struct sshbuf *p1;
BIGNUM *bn;
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
EC_KEY *eck;
#endif
u_char *s;
@@ -60,7 +60,7 @@ attempt_parse_blob(u_char *blob, size_t len)
bn = BN_new();
sshbuf_get_bignum2(p1, bn);
BN_clear_free(bn);
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ASSERT_PTR_NE(eck, NULL);
sshbuf_get_eckey(p1, eck);
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index b233a254b..ad10c9be2 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -19,7 +19,7 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
# include <openssl/ec.h>
#endif
@@ -174,7 +174,10 @@ get_private(const char *n)
void
sshkey_tests(void)
{
- struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf;
+ struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
+#ifdef OPENSSL_HAS_ECC
+ struct sshkey *ke;
+#endif
struct sshbuf *b;
TEST_START("new invalid");