Hi,
OpenSSH 6.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via anonymous CVS using the
instructions at http://www.openssh.com/portable.html#cvs or
via Git at https://anongit.mindrot.org/openssh.git/
Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:
$ ./configure && make tests
Live testing on suitable non-production systems is also
appreciated. Please send reports of success or failure to
openssh-unix-dev at mindrot.org.
Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.
Thanks to the many people who contributed to this release.
Note, we are going to ship OpenSSH 6.9 with SSH protocol 1 still
compiled in by default. OpenSSH 7.0 will deprecate it along with other
protocol features (more details about what is planned will be in the
final release notes).
New Features
------------
* ssh(1), sshd(8): promote chacha20-poly1305 at openssh.com to be the
default cipher
* sshd(8): support admin-specified arguments to AuthorizedKeysCommand;
bz#2081
* sshd(8): add AuthorizedPrincipalsCommand that allows retrieving
authorized principals information from a subprocess rather than
a file.
* ssh(1), ssh-add(1): support PKCS#11 devices with external PIN
entry devices bz#2240
* sshd(8): allow GSSAPI host credential check to be relaxed for
multihomed hosts via GSSAPIStrictAcceptorCheck option; bz#928
* ssh-keygen(1): support "ssh-keygen -lF hostname" to search
known_hosts and print key hashes rather than full keys.
* ssh-agent(1): add -D flag to leave ssh-agent in foreground without
enabling debug mode; bz#2381
Bugfixes
--------
* ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
message and do not try to use it against some 3rd-party SSH
implementations that use it (older PuTTY, WinSCP).
* Many fixes for problems caused by compile-time deactivation of
SSH1 support (including bz#2369)
* ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
implementations as some would fail when attempting to use group
sizes >4K; bz#2209
* ssh(1): fix out-of-bound read in EscapeChar configuration option
parsing; bz#2396
* sshd(8): fix application of PermitTunnel, LoginGraceTime,
AuthenticationMethods and StreamLocalBindMask options in Match
blocks
* ssh(1), sshd(8): improve disconnection message on TCP reset;
bz#2257
* ssh(1): remove failed remote forwards established by muliplexing
from the list of active forwards; bz#2363
* sshd(8): make parsing of authorized_keys "environment=" options
independent of PermitUserEnv being enabled; bz#2329
* sshd(8): fix post-auth crash with permitopen=none; bz#2355
* ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private keys
to be encrypted with AEAD ciphers; bz#2366
* ssh(1): allow ListenAddress, Port and AddressFamily configuration
options to appear in any order; bz#68
* sshd(8): check for and reject missing arguments for VersionAddendum
and ForceCommand; bz#2281
* ssh(1), sshd(8): don't treat unknown certificate extensions as
fatal; bz#2387
* ssh-keygen(1): make stdout and stderr output consistent; bz#2325
* ssh(1): mention missing DISPLAY environment in debug log when X11
forwarding requested; bz#1682
* sshd(8): correctly record login when UseLogin is set; bz#378
* sshd(8): Add some missing options to sshd -T output and fix output
of VersionAddendum and HostCertificate. bz#2346
* Document and improve consistency of options that accept a "none"
argument" TrustedUserCAKeys, RevokedKeys (bz#2382),
AuthorizedPrincipalsFile (bz#2288)
* ssh(1): include remote username in debug output; bz#2368
* sshd(8): avoid compatibility problem with some versions of Tera
Term, which would crash when they received the hostkeys notification
message (hostkeys-00 at openssh.com)
* sshd(8): mention ssh-keygen -E as useful when comparing legacy MD5
host key fingerprints; bz#2332
* ssh(1): clarify pseudo-terminal request behaviour and use make
manual language consistent; bz#1716
* ssh(1): document that the TERM environment variable is not subject
to SendEnv and AcceptEnv; bz#2386
Portable OpenSSH
----------------
* sshd(8): Format UsePAM setting when using sshd -T, part of bz#2346
* Look for '${host}-ar' before 'ar', making cross-compilation
easier;
bz#2352.
* Several portable compilation fixes: bz#2402, bz#2337, bz#2370
* moduli(5): update DH-GEX moduli
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
Starting building/testing for the lab systems I have Monday. Any chance a fix for Bug 2404 <https://bugzilla.mindrot.org/show_bug.cgi?id=2404> could get wedged in before release? -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott at gmail.com> */
On May 29, 2015, at 12:12 AM, Damien Miller <djm at mindrot.org> wrote:> OpenSSH 6.9 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains > some substantial new features and a number of bug fixes.I just compiled and ran the tests for openssl-snap-20150531 on Linux (Ubuntu 14.04.2 LTS) and MacOS (10.10.3). On Linux, the code compiled cleanly. However, during ?make tests? I got the following error a number of times: WARNING: /usr/local/etc/moduli does not exist, using fixed modulus Later in the test sequence I got the error: run test connect.sh ... Missing privilege separation directory: /var/empty FATAL: sshd_proxy broken make[1]: *** [t-exec] Error 1 make[1]: Leaving directory `/tmp/openssh/regress' make: *** [tests] Error 2 make tests 153.92s user 4.68s system 98% cpu 2:41.52 total I was not running as root at the time, as I wasn?t intending to install this version. It looks like it assumes that /var/empty will already exist, though, which it doesn?t on my system. The currently installed sshd does have UsePrivilegeSeparation enabled, and it looks like the sshd user is set up with have /var/run/sshd as its home directory on this system, but the test script didn?t pick that up. On MacOS, the code compiled, but there were a large number of warnings about constructs that were deprecated back in OS X 10.7. The output is quite large, but I?d be happy to provide it to anyone who wants it. Here?s an example of the first warning: gcc -g -O2 -Qunused-arguments -Wunknown-warning-option -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh_api.c -o ssh_api.o ssh_api.c:85:3: warning: 'OPENSSL_add_all_algorithms_noconf' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations] OpenSSL_add_all_algorithms(); ^ /usr/include/openssl/evp.h:829:3: note: expanded from macro 'OpenSSL_add_all_algorithms' OPENSSL_add_all_algorithms_noconf() ^ /usr/include/openssl/evp.h:821:6: note: 'OPENSSL_add_all_algorithms_noconf' has been explicitly marked deprecated here void OPENSSL_add_all_algorithms_noconf(void) DEPRECATED_IN_MAC_OS_X_VERS... ^ 1 warning generated. Other than these warnings, the code did compile on MacOS and successfully passed all the tests. I can also confirm that this version fixes bz#2366, as noted in the change log. -- Ron Frederick ronf at timeheart.net
Debian GNU/Linux 8.0 (jessie) OpenSSL 1.0.1k gcc (Debian 4.9.2-10) 4.9.2 "make tests" fails here: /usr/src/INET/openssh/ssh-keygen -lf /usr/src/INET/openssh/regress//t12.out.pub | grep test-comment-1234>/dev/nullrun test connect.sh ... ssh connect with protocol 1 failed ssh connect with protocol 2 failed failed simple connect Makefile:192: recipe for target 't-exec' failed make[1]: *** [t-exec] Error 1 make[1]: Leaving directory '/usr/src/INET/openssh/regress' Makefile:544: recipe for target 'tests' failed make: *** [tests] Error 2 ?failed-ssh.log ends with: debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /usr/src/INET/openssh/regress/rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug3: sign_and_send_pubkey: RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). FAIL: ssh connect with protocol 2 failed ? ?failed-sshd.log ends with: debug2: input_userauth_request: try method publickey [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x7f0b6f1499d0 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /usr/src/INET/openssh/regress/authorized_keys_root debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /usr/src/INET/openssh/regress/authorized_keys_root, line 1 RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: key 0x7f0b6f1499d0 is allowed debug3: mm_request_send entering: type 23 debug3: mm_key_verify entering [preauth] debug3: mm_request_send entering: type 24 [preauth] debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth] debug3: mm_request_receive_expect entering: type 25 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 24 debug3: mm_answer_keyverify: key 0x7f0b6f149c30 signature verified debug3: mm_request_send entering: type 25 ROOT LOGIN REFUSED FROM 127.0.0.1 Failed publickey for root from 127.0.0.1 port 36951 ssh2: RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth] ROOT LOGIN REFUSED FROM 127.0.0.1 [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] FAIL: ssh connect with protocol 2 failed Connection closed by 127.0.0.1 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: Killing privsep child 25262 On Sat, May 30, 2015 at 9:30 AM, Kevin Brott <kevin.brott at gmail.com> wrote:> > Starting building/testing for the lab systems I have Monday. > > Any chance a fix for Bug 2404 < > https://bugzilla.mindrot.org/show_bug.cgi?id=2404> could get wedged in > before release? > > -- > # include <stddisclaimer.h> > /* Kevin Brott <Kevin.Brott at gmail.com> */ > >-- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott at gmail.com> */
Hi,
Testing the portable build,
On bitrig-current I get:
(cd openbsd-compat && make)
cc -g -O2 -Qunused-arguments -Wunknown-warning-option -Wall
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset
-fstack-protector-strong -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c
arc4random.c
In file included from arc4random.c:27:
In file included from ../includes.h:180:
In file included from ../entropy.h:30:
In file included from ../buffer.h:24:
In file included from ../sshbuf.h:23:
/usr/include/stdio.h:222:44: error: too many arguments provided to
function-like macro invocation
__attribute__((__bounded__ (__size__,1,3,2)));
^
../defines.h:509:10: note: macro '__bounded__' defined here
# define __bounded__(x, y, z)
^
In file included from arc4random.c:27:
In file included from ../includes.h:180:
In file included from ../entropy.h:30:
In file included from ../buffer.h:24:
In file included from ../sshbuf.h:23:
/usr/include/stdio.h:231:44: error: too many arguments provided to
function-like macro invocation
__attribute__((__bounded__ (__size__,1,3,2)));
^
../defines.h:509:10: note: macro '__bounded__' defined here
# define __bounded__(x, y, z)
^
2 errors generated.
*** Error 1 in openbsd-compat (Makefile:26 'arc4random.o')
*** Error 1 in /home/sme/openssh (Makefile:156
'openbsd-compat/libopenbsd-compat.a')
On NetBSD-stable I get (even with --sysconfdir=/etc being set on configure)
test_kex:
....................................................................................................................................................................................WARNING:
/usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
......WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
.WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
...WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
..........................................................................................
352 tests ok
test_hostkeys: .................. 18 tests ok
/home/sme/openssh/ssh-keygen -if
/home/sme/openssh/regress/rsa_ssh2.prv | diff -
/home/sme/openssh/regress/rsa_openssh.prv
tr '\n' '\r' </home/sme/openssh/regress/rsa_ssh2.prv >
/home/sme/openssh/regress/rsa_ssh2_cr.prv
/home/sme/openssh/ssh-keygen -if
/home/sme/openssh/regress/rsa_ssh2_cr.prv | diff -
/home/sme/openssh/regress/rsa_openssh.prv
awk '{print $0 "\r"}' /home/sme/openssh/regress/rsa_ssh2.prv
>
/home/sme/openssh/regress/rsa_ssh2_crnl.prv
/home/sme/openssh/ssh-keygen -if
/home/sme/openssh/regress/rsa_ssh2_crnl.prv | diff -
/home/sme/openssh/regress/rsa_openssh.prv
cat /home/sme/openssh/regress/rsa_openssh.prv >
/home/sme/openssh/regress//t2.out
chmod 600 /home/sme/openssh/regress//t2.out
/home/sme/openssh/ssh-keygen -yf /home/sme/openssh/regress//t2.out |
diff - /home/sme/openssh/regress/rsa_openssh.pub
/home/sme/openssh/ssh-keygen -ef
/home/sme/openssh/regress/rsa_openssh.pub>/home/sme/openssh/regress//t3.out
/home/sme/openssh/ssh-keygen -if /home/sme/openssh/regress//t3.out |
diff - /home/sme/openssh/regress/rsa_openssh.pub
/home/sme/openssh/ssh-keygen -E md5 -lf
/home/sme/openssh/regress/rsa_openssh.pub | awk '{print $2}' | diff -
/home/sme/openssh/regress/t4.ok
/home/sme/openssh/ssh-keygen -Bf
/home/sme/openssh/regress/rsa_openssh.pub | awk '{print $2}' | diff -
/home/sme/openssh/regress/t5.ok
/home/sme/openssh/ssh-keygen -if
/home/sme/openssh/regress/dsa_ssh2.prv >
/home/sme/openssh/regress//t6.out1
/home/sme/openssh/ssh-keygen -if
/home/sme/openssh/regress/dsa_ssh2.pub >
/home/sme/openssh/regress//t6.out2
chmod 600 /home/sme/openssh/regress//t6.out1
/home/sme/openssh/ssh-keygen -yf /home/sme/openssh/regress//t6.out1 |
diff - /home/sme/openssh/regress//t6.out2
/home/sme/openssh/ssh-keygen -q -t rsa -N '' -f
/home/sme/openssh/regress//t7.out
/home/sme/openssh/ssh-keygen -lf /home/sme/openssh/regress//t7.out >
/dev/null
/home/sme/openssh/ssh-keygen -Bf /home/sme/openssh/regress//t7.out >
/dev/null
/home/sme/openssh/ssh-keygen -q -t dsa -N '' -f
/home/sme/openssh/regress//t8.out
/home/sme/openssh/ssh-keygen -lf /home/sme/openssh/regress//t8.out >
/dev/null
/home/sme/openssh/ssh-keygen -Bf /home/sme/openssh/regress//t8.out >
/dev/null
test "yes" != yes || /home/sme/openssh/ssh-keygen -q -t ecdsa -N
''
-f /home/sme/openssh/regress//t9.out
test "yes" != yes || /home/sme/openssh/ssh-keygen -lf
/home/sme/openssh/regress//t9.out > /dev/null
test "yes" != yes || /home/sme/openssh/ssh-keygen -Bf
/home/sme/openssh/regress//t9.out > /dev/null
/home/sme/openssh/ssh-keygen -q -t ed25519 -N '' -f
/home/sme/openssh/regress//t10.out
/home/sme/openssh/ssh-keygen -lf /home/sme/openssh/regress//t10.out >
/dev/null
/home/sme/openssh/ssh-keygen -Bf /home/sme/openssh/regress//t10.out >
/dev/null
/home/sme/openssh/ssh-keygen -E sha256 -lf
/home/sme/openssh/regress/rsa_openssh.pub | awk '{print $2}' | diff -
/home/sme/openssh/regress/t11.ok
/home/sme/openssh/ssh-keygen -q -t ed25519 -N '' -C
'test-comment-1234' -f /home/sme/openssh/regress//t12.out
/home/sme/openssh/ssh-keygen -lf
/home/sme/openssh/regress//t12.out.pub | grep
test-comment-1234>/dev/null
run test connect.sh ...
Missing privilege separation directory: /var/empty
FATAL: sshd_proxy broken
*** Error code 1
FreeBSD 10.1-RELEASE
passes tests
DragonflyBSD snapshot
passes tests
Debian 8
run test connect.sh ...
Missing privilege separation directory: /var/empty
FATAL: sshd_proxy broken
Makefile:192: recipe for target 't-exec' failed
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory '/home/sme/openssh/regress'
Makefile:544: recipe for target 'tests' failed
make: *** [tests] Error 2
OmniOS
test_sshbuf:
.....................................................................................
regress/unittests/sshbuf/test_sshbuf_misc.c:35 test #86 "sshbuf_dump"
ASSERT_PTR_NE(out, NULL) failed:
out = 0
NULL = 0
/bin/sh: line 4: 6981: Abort(coredump)
make[1]: *** [unit] Abort (core dumped)
make[1]: Leaving directory `/export/home/sme/openssh/regress'
make: *** [tests] Error 2
Solaris 11.2 SPARC with Solaris Studio 12.4
run test connect.sh ...
Missing privilege separation directory: /var/empty
FATAL: sshd_proxy broken
*** Error code 1
The following command caused the error:
if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh
proto-mismatch.sh exit-status.sh envpass.sh transfer.sh banner.sh
rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
agent-getpeereid.sh agent
-timeout.sh agent-ptrace.sh keyscan.sh keygen-change.sh
keygen-convert.sh key-options.sh scp.sh sftp.sh sftp-chroot.sh
sftp-cmds.sh sftp-
badcmds.sh sftp-batch.sh sftp-glob.sh sftp-perm.sh reconfigure.sh
dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh brokenkeys.sh
c
fgparse.sh cfgmatch.sh addrmatch.sh localcommand.sh forcecommand.sh
portnum.sh keytype.sh kextype.sh cert-hostkey.sh cert-userkey.sh host
-expand.sh keys-command.sh forward-control.sh integrity.sh krl.sh
multipubkey.sh limit-keytype.sh hostkey-agent.sh keygen-knownhosts.sh
h
ostkey-rotate.sh principals-command.sh" = "x" ]; then exit 0; fi;
\
for TEST in ""connect.sh proxy-connect.sh connect-privsep.sh
proto-version.sh proto-mismatch.sh exit-status.sh envpass.sh
transfer.sh ban
ner.sh rekey.sh stderr-data.sh stderr-after-eof.sh broken-pipe.sh
try-ciphers.sh yes-head.sh login-timeout.sh agent.sh
agent-getpeereid.s
h agent-timeout.sh agent-ptrace.sh keyscan.sh keygen-change.sh
keygen-convert.sh key-options.sh scp.sh sftp.sh sftp-chroot.sh
sftp-cmds.s
h sftp-badcmds.sh sftp-batch.sh sftp-glob.sh sftp-perm.sh
reconfigure.sh dynamic-forward.sh forwarding.sh multiplex.sh reexec.sh
brokenke
ys.sh cfgparse.sh cfgmatch.sh addrmatch.sh localcommand.sh
forcecommand.sh portnum.sh keytype.sh kextype.sh cert-hostkey.sh
cert-userkey.
sh host-expand.sh keys-command.sh forward-control.sh integrity.sh
krl.sh multipubkey.sh limit-keytype.sh hostkey-agent.sh
keygen-knownhos
ts.sh hostkey-rotate.sh principals-command.sh; do \
echo "run test ${TEST}" ... 1>&2; \
(env SUDO="" TEST_ENV=MALLOC_OPTIONS= /bin/sh
/home/sme/openssh/regress/test-exec.sh /home/sme/openssh/regress
/home/sme/op
enssh/regress/${TEST}) || exit $?; \
done
make: Fatal error: Command failed for target `t-exec'
Current working directory /home/sme/openssh/regress
*** Error code 1
make: Fatal error: Command failed for target `tests'
In NetBSD it says: skipped (SUDO not set) need SUDO to create file in /var/run, test won't work without all tests passed As root then it says: run test connect.sh ... ssh connect with protocol 1 failed ssh connect with protocol 2 failed failed simple connect I'm probably missing a readme somewhere. -- Hisashi T Fujinaka - htodd at twofifty.com BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
On Sun, May 31, 2015 at 3:37 AM, Ron Frederick <ronf at timeheart.net> wrote:> On May 29, 2015, at 12:12 AM, Damien Miller <djm at mindrot.org> wrote: > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bug fixes. > > I just compiled and ran the tests for openssl-snap-20150531 on Linux > (Ubuntu 14.04.2 LTS) and MacOS (10.10.3). > > On Linux, the code compiled cleanly. However, during ?make tests? I got > the following error a number of times: > > WARNING: /usr/local/etc/moduli does not exist, using fixed modulus >Most of the tests will still work with that file missing, but there's one test that specifically checks that the DH group sizes are right, and that'll fail (because the server doesn't have groups of the sizes it wants, but it'll fall back to the couple that are compiled in). You can just copy the file into place if you like (as long as it's world readable), or you can use configure --sysconfdir to point it at wherever the file actually is.> Later in the test sequence I got the error: > > run test connect.sh ... > Missing privilege separation directory: /var/empty > FATAL: sshd_proxy broken > make[1]: *** [t-exec] Error 1 > make[1]: Leaving directory `/tmp/openssh/regress' > make: *** [tests] Error 2 > make tests 153.92s user 4.68s system 98% cpu 2:41.52 total > > I was not running as root at the time, as I wasn?t intending to install > this version. It looks like it assumes that /var/empty will already exist, > though, which it doesn?t on my system.The privsep chroot path is specified at build time (./configure --with-privsep-path if you want to change it).> The currently installed sshd does have UsePrivilegeSeparation enabled, and > it looks like the sshd user is set up with have /var/run/sshd as its home > directory on this system, but the test script didn?t pick that up.Having the chroot dir as the user's home dir is not a great idea. If someone discovers a way to write inside the chroot (eg via a permission misconfiguration) then they can trivially escalate to full access that by creating authorized_keys or similar.> On MacOS, the code compiled, but there were a large number of warnings > about constructs that were deprecated back in OS X 10.7. The output is > quite large, but I?d be happy to provide it to anyone who wants it.[...] I would be interested in seeing it, although it's not something that we would be looking at working on at this time. Could you please either send it to me off-list or file a bug at bugzilla.mindrot.org and attach the log? Thanks. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Hi, On May 29 17:12, Damien Miller wrote:> Hi, > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains > some substantial new features and a number of bugfixes.I tested git master HEAD on Cygwin 2.0.2 x86_64. Builds and runs OOTB, all tests pass. Thanks, Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150601/fc2419b0/attachment-0001.bin>
On 29/05/15 09:12, Damien Miller wrote:> OpenSSH 6.9 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. >I've tested 51a1c21 from git. sparc-sun-solaris2.9: all tests passed sparc-sun-solaris2.8: all tests passed On sparc-sun-solaris2.6 and sparc-sun-solaris2.7 the testsuite fails: run test cfgparse.sh ... reparse minimal config reparse regress config listenaddress order bad addr or host: ::1 (no address associated with name) listenaddress order 1 bad addr or host: ::1 (no address associated with name) listenaddress order 2 failed config parse gmake[1]: *** [t-exec] Error 1 Solaris < 8 does not support ipv6. -tgc
On Mon, Jun 01, 2015 at 03:30:38PM +0200, Corinna Vinschen wrote:> Hi, > > On May 29 17:12, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > > I tested git master HEAD on Cygwin 2.0.2 x86_64.Thanks! I'd like to add this small Cygwin change, could you please sanity-check? diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index a2d8212..8672ccf 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -68,7 +68,7 @@ cygwin_ssh_privsep_user() if (cygwin_internal (CW_CYGNAME_FROM_WINNAME, "sshd", cyg_privsep_user, sizeof cyg_privsep_user) != 0) #endif - strcpy (cyg_privsep_user, "sshd"); + strlcpy(cyg_privsep_user, "sshd", sizeof(cyg_privsep_user)); } return cyg_privsep_user; } -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
openssh-SNAP-20150603 all tests passed for: SUSE Linux Enterprise Server 11 SP3, OpenSSL 0.9.8j-fips 07 Jan 2009 Scientific Linux release 6.6 (Carbon), OpenSSL 1.0.1e-fips 11 Feb 2013 Ubuntu 14.04.2 LTS, OpenSSL 1.0.1f 6 Jan 2014 The openssl versions are those shipped (and patched) by the distributions. I did not run the tests as root, and the tests which require sudo were skipped.
On 29/05/15 09:12, Damien Miller wrote:> Hi, > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible.$ ./configure --help | grep -F '\$' --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY --with-default-path= Specify default \$PATH environment for server The following patch solves it: diff --git a/configure.ac b/configure.ac index 68ce7d6..b6f9302 100644 --- a/configure.ac +++ b/configure.ac @@ -4356,7 +4356,7 @@ if test ! -z "$IPADDR_IN_DISPLAY" ; then else DISPLAY_HACK_MSG="no" AC_ARG_WITH([ipaddr-display], - [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], + [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], [ if test "x$withval" != "xno" ; then AC_DEFINE([IPADDR_IN_DISPLAY]) @@ -4402,7 +4402,7 @@ fi # Whether to mess with the default path SERVER_PATH_MSG="(default)" AC_ARG_WITH([default-path], - [ --with-default-path= Specify default \$PATH environment for server], + [ --with-default-path= Specify default $PATH environment for server], [ if test "x$external_path_file" = "x/etc/login.conf" ; then AC_MSG_WARN([
On Thu, 4 Jun 2015, ?ngel Gonz?lez wrote:> On 29/05/15 09:12, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. > > $ ./configure --help | grep -F '\$' > --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY > --with-default-path= Specify default \$PATH environment for serverThanks for the report. Fix commited. -- Tim Rice Multitalents tim at multitalents.net
On 05/29/2015 09:12 AM, Damien Miller wrote:> Hi, > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This release contains > some substantial new features and a number of bugfixes.Tested basic configuration on Fedora 22. With default configuration I ran in few problems: ~ root login ~ can be there some test if you are running as root and if you are, add this configuration option? Or ~ warnings about missing moduli ~ WARNING: /usr/local/etc/moduli does not exist, using fixed modulus ~ the path is compiled in so no way to expect it somewhere else than it is configured Maybe it would be useful to update README.regress with such know issues. At least these two issues seems to be pretty common recently. With normal user, sudo and our configuration all tests went well. Experimental build without openssl (regardless other config options) fails early during linking of test suite: /home/jjelen/openssh/build/../regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:81: undefined reference to `BN_hex2bn' /home/jjelen/openssh/build/../regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:86: undefined reference to `BN_num_bits' /home/jjelen/openssh/build/../regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:88: undefined reference to `BN_free' [...] /home/jjelen/openssh/build/../regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c:57: undefined reference to `BN_new' /home/jjelen/openssh/build/../regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c:59: undefined reference to `BN_clear_free' [...] /home/jjelen/openssh/build/../regress/unittests/test_helper/test_helper.c:254: undefined reference to `ERR_get_error' /home/jjelen/openssh/build/../regress/unittests/test_helper/test_helper.c:259: undefined reference to `ERR_error_string' [...] /home/jjelen/openssh/build/../sshbuf-getput-crypto.c:43: undefined reference to `BN_bin2bn' I didn't progress any further. I will try to run more regression tests later this week. -- Jakub Jelen Red Hat
On Tue, 23 Jun 2015, Jakub Jelen wrote:> > On 05/29/2015 09:12 AM, Damien Miller wrote: > > Hi, > > > > OpenSSH 6.9 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > Tested basic configuration on Fedora 22. With default configuration I ran in > few problems: > ~ root login > ~ can be there some test if you are running as root and if you are, add > this configuration option? Or > ~ warnings about missing moduli > ~ WARNING: /usr/local/etc/moduli does not exist, using fixed modulus > ~ the path is compiled in so no way to expect it somewhere else than it is > configured > > Maybe it would be useful to update README.regress with such know issues. At > least these two issues seems to be pretty common recently. > > > With normal user, sudo and our configuration all tests went well. > > Experimental build without openssl (regardless other config options) fails > early during linking of test suite:We've not really tried to make the unit/regress tests work without OpenSSL. Here's a first attempt at the unit tests: diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c index 23025f9..2271e94 100644 --- a/regress/unittests/bitmap/tests.c +++ b/regress/unittests/bitmap/tests.c @@ -27,6 +27,7 @@ void tests(void) { +#ifdef WITH_OPENSSL struct bitmap *b; BIGNUM *bn; size_t len; @@ -131,5 +132,6 @@ tests(void) bitmap_free(b); BN_free(bn); TEST_DONE(); +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 2eaaf06..da0e353 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -92,12 +92,22 @@ check(struct hostkey_foreach_line *l, void *_ctx) #ifndef WITH_SSH1 if (parse_key && (expected->l.keytype == KEY_RSA1 || - expected->no_parse_keytype == KEY_RSA1)) { + expected->no_parse_keytype == KEY_RSA1)) { expected_status = HKF_STATUS_INVALID; expected_keytype = KEY_UNSPEC; parse_key = 0; } #endif +#ifndef WITH_OPENSSL + if (expected->l.keytype == KEY_RSA || + expected->no_parse_keytype == KEY_RSA || + expected->l.keytype == KEY_DSA || + expected->no_parse_keytype == KEY_DSA) { + expected_status = HKF_STATUS_INVALID; + expected_keytype = KEY_UNSPEC; + parse_key = 0; + } +#endif /* WITH_OPENSSL */ #ifndef OPENSSL_HAS_ECC if (expected->l.keytype == KEY_ECDSA || expected->no_parse_keytype == KEY_ECDSA) { @@ -105,7 +115,7 @@ check(struct hostkey_foreach_line *l, void *_ctx) expected_keytype = KEY_UNSPEC; parse_key = 0; } -#endif +#endif /* OPENSSL_HAS_ECC */ UPDATE_MATCH_STATUS(match_host_p); UPDATE_MATCH_STATUS(match_host_s); @@ -154,10 +164,15 @@ prepare_expected(struct expected *expected, size_t n) if (expected[i].l.keytype == KEY_RSA1) continue; #endif +#ifndef WITH_OPENSSL + if (expected[i].l.keytype == KEY_RSA || + expected[i].l.keytype == KEY_DSA) + continue; #ifndef OPENSSL_HAS_ECC if (expected[i].l.keytype == KEY_ECDSA) continue; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ ASSERT_INT_EQ(sshkey_load_public( test_data_file(expected[i].key_file), &expected[i].l.key, NULL), 0); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c61e2bd..cf35f09 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -141,13 +141,16 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; #ifdef OPENSSL_HAS_ECC server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ + server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; server2->kex->load_host_public_key = server->kex->load_host_public_key; server2->kex->load_host_private_key = server->kex->load_host_private_key; @@ -173,11 +176,13 @@ do_kex_with_key(char *kex, int keytype, int bits) static void do_kex(char *kex) { +#ifdef WITH_OPENSSL do_kex_with_key(kex, KEY_RSA, 2048); do_kex_with_key(kex, KEY_DSA, 1024); #ifdef OPENSSL_HAS_ECC do_kex_with_key(kex, KEY_ECDSA, 256); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ do_kex_with_key(kex, KEY_ED25519, 256); } @@ -185,13 +190,15 @@ void kex_tests(void) { do_kex("curve25519-sha256 at libssh.org"); +#ifdef WITH_OPENSSL #ifdef OPENSSL_HAS_ECC do_kex("ecdh-sha2-nistp256"); do_kex("ecdh-sha2-nistp384"); do_kex("ecdh-sha2-nistp521"); -#endif +#endif /* OPENSSL_HAS_ECC */ do_kex("diffie-hellman-group-exchange-sha256"); do_kex("diffie-hellman-group-exchange-sha1"); do_kex("diffie-hellman-group14-sha1"); do_kex("diffie-hellman-group1-sha1"); +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c index a68e132..0b50bd3 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c @@ -31,6 +31,7 @@ void sshbuf_getput_crypto_tests(void); void sshbuf_getput_crypto_tests(void) { +#ifdef WITH_OPENSSL struct sshbuf *p1; BIGNUM *bn, *bn2; /* This one has num_bits != num_bytes * 8 to test bignum1 encoding */ @@ -404,6 +405,7 @@ sshbuf_getput_crypto_tests(void) BN_free(bn); BN_free(bn2); TEST_DONE(); -#endif +#endif /* defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) */ +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c index c6b5c29..ed605ce 100644 --- a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c +++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c @@ -32,7 +32,9 @@ static void attempt_parse_blob(u_char *blob, size_t len) { struct sshbuf *p1; +#ifdef WITH_OPENSSL BIGNUM *bn; +#endif #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) EC_KEY *eck; #endif @@ -54,12 +56,14 @@ attempt_parse_blob(u_char *blob, size_t len) bzero(s, l); free(s); } +#ifdef WITH_OPENSSL bn = BN_new(); sshbuf_get_bignum1(p1, bn); BN_clear_free(bn); bn = BN_new(); sshbuf_get_bignum2(p1, bn); BN_clear_free(bn); +#endif #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ASSERT_PTR_NE(eck, NULL); diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c index b598f05..7deacf9 100644 --- a/regress/unittests/sshkey/common.c +++ b/regress/unittests/sshkey/common.c @@ -70,6 +70,7 @@ load_text_file(const char *name) return ret; } +#ifdef WITH_OPENSSL BIGNUM * load_bignum(const char *name) { @@ -81,4 +82,5 @@ load_bignum(const char *name) sshbuf_free(buf); return ret; } +#endif /* WITH_OPENSSL */ diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index fa95212..452ab6e 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -44,8 +44,10 @@ sshkey_file_tests(void) { struct sshkey *k1, *k2; struct sshbuf *buf, *pw; - BIGNUM *a, *b, *c; char *cp; +#ifdef WITH_OPENSSL + BIGNUM *a, *b, *c; +#endif TEST_START("load passphrase"); pw = load_text_file("pw"); @@ -102,6 +104,7 @@ sshkey_file_tests(void) sshkey_free(k1); #endif +#ifdef WITH_OPENSSL TEST_START("parse RSA from private"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", @@ -388,6 +391,7 @@ sshkey_file_tests(void) sshkey_free(k1); #endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("parse Ed25519 from private"); buf = load_file("ed25519_1"); @@ -399,6 +403,7 @@ sshkey_file_tests(void) /* XXX check key contents */ TEST_DONE(); +#ifdef WITH_OPENSSL /* XXX ed25519_1_pw is encrypted with aes256-cbc */ TEST_START("parse Ed25519 from private w/ passphrase"); buf = load_file("ed25519_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, @@ -408,6 +413,7 @@ sshkey_file_tests(void) ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); +#endif TEST_START("load Ed25519 from public"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 1f08a2e..4fc6584 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -150,6 +150,7 @@ sshkey_fuzz_tests(void) TEST_DONE(); #endif +#ifdef WITH_OPENSSL TEST_START("fuzz RSA private"); buf = load_file("rsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), @@ -282,7 +283,8 @@ sshkey_fuzz_tests(void) sshbuf_free(fuzzed); fuzz_cleanup(fuzz); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("fuzz Ed25519 private"); buf = load_file("ed25519_1"); @@ -306,6 +308,7 @@ sshkey_fuzz_tests(void) fuzz_cleanup(fuzz); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("fuzz RSA public"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", @@ -351,7 +354,8 @@ sshkey_fuzz_tests(void) public_fuzz(k1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("fuzz Ed25519 public"); buf = load_file("ed25519_1"); @@ -368,6 +372,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("fuzz RSA sig"); buf = load_file("rsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", @@ -395,7 +400,8 @@ sshkey_fuzz_tests(void) sig_fuzz(k1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("fuzz Ed25519 sig"); buf = load_file("ed25519_1"); diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 4453a85..d4a3dee 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -50,6 +50,7 @@ put_opt(struct sshbuf *b, const char *name, const char *value) sshbuf_free(sect); } +#ifdef WITH_OPENSSL static void build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, const struct sshkey *sign_key, const struct sshkey *ca_key) @@ -109,6 +110,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, sshbuf_free(principals); sshbuf_free(pk); } +#endif /* WITH_OPENSSL */ static void signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) @@ -174,7 +176,10 @@ get_private(const char *n) void sshkey_tests(void) { - struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf; + struct sshkey *k1, *k2, *k3, *kf; +#ifdef WITH_OPENSSL + struct sshkey *k4, *kr, *kd; +#endif #ifdef OPENSSL_HAS_ECC struct sshkey *ke; #endif @@ -191,6 +196,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("new/free KEY_RSA1"); k1 = sshkey_new(KEY_RSA1); ASSERT_PTR_NE(k1, NULL); @@ -227,7 +233,8 @@ sshkey_tests(void) ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */ sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("new/free KEY_ED25519"); k1 = sshkey_new(KEY_ED25519); @@ -238,6 +245,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("new_private KEY_RSA"); k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); @@ -313,7 +321,8 @@ sshkey_tests(void) ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL); ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("generate KEY_ED25519"); ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0); @@ -323,6 +332,7 @@ sshkey_tests(void) ASSERT_PTR_NE(kf->ed25519_sk, NULL); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("demote KEY_RSA"); ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); ASSERT_PTR_NE(k1, NULL); @@ -370,7 +380,8 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(ke, k1), 1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("demote KEY_ED25519"); ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0); @@ -386,6 +397,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("equal mismatched key types"); ASSERT_INT_EQ(sshkey_equal(kd, kr), 0); #ifdef OPENSSL_HAS_ECC @@ -412,13 +424,16 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(kf, k1), 0); sshkey_free(k1); TEST_DONE(); +#endif /* WITH_OPENSSL */ +#ifdef WITH_OPENSSL sshkey_free(kr); sshkey_free(kd); #ifdef OPENSSL_HAS_ECC sshkey_free(ke); #endif sshkey_free(kf); +#endif /* WITH_OPENSSL */ TEST_START("certify key"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), @@ -463,6 +478,7 @@ sshkey_tests(void) sshbuf_reset(b); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("sign and verify RSA"); k1 = get_private("rsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, @@ -490,7 +506,8 @@ sshkey_tests(void) sshkey_free(k1); sshkey_free(k2); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("sign and verify ED25519"); k1 = get_private("ed25519_1"); @@ -501,6 +518,7 @@ sshkey_tests(void) sshkey_free(k2); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("nested certificate"); ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0); ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, @@ -515,5 +533,5 @@ sshkey_tests(void) sshkey_free(k3); sshbuf_free(b); TEST_DONE(); - +#endif /* WITH_OPENSSL */ } diff --git a/regress/unittests/sshkey/tests.c b/regress/unittests/sshkey/tests.c index 13f265c..b1baf12 100644 --- a/regress/unittests/sshkey/tests.c +++ b/regress/unittests/sshkey/tests.c @@ -18,8 +18,10 @@ void sshkey_fuzz_tests(void); void tests(void) { +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); ERR_load_CRYPTO_strings(); +#endif sshkey_tests(); sshkey_file_tests(); diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 26ca26b..8bd9e0f 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -248,6 +248,7 @@ test_subtest_info(const char *fmt, ...) va_end(ap); } +#ifdef WITH_OPENSSL void ssl_err_check(const char *file, int line) { @@ -260,6 +261,7 @@ ssl_err_check(const char *file, int line) file, line, ERR_error_string(openssl_error, NULL)); abort(); } +#endif static const char * pred_name(enum test_predicate p) @@ -302,6 +304,7 @@ test_header(const char *file, int line, const char *a1, const char *a2, a2 != NULL ? ", " : "", a2 != NULL ? a2 : ""); } +#ifdef WITH_OPENSSL void assert_bignum(const char *file, int line, const char *a1, const char *a2, const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred) @@ -314,6 +317,7 @@ assert_bignum(const char *file, int line, const char *a1, const char *a2, fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2)); test_die(); } +#endif void assert_string(const char *file, int line, const char *a1, const char *a2,
On 01/06/15 22:17, Tom G. Christensen wrote:> On sparc-sun-solaris2.6 and sparc-sun-solaris2.7 the testsuite fails: > run test cfgparse.sh ... > reparse minimal config > reparse regress config > listenaddress order > bad addr or host: ::1 (no address associated with name) > listenaddress order 1 > bad addr or host: ::1 (no address associated with name) > listenaddress order 2 > failed config parse > gmake[1]: *** [t-exec] Error 1 >I just re-tested on Solaris 2.6 with 9488538a from git and this is still an issue. Removing the ipv6 addresses from cfgparse.sh allows the testsuite to run to completion. -tgc
Apparently Analagous Threads
- Call for testing: OpenSSH 6.9
- [Bug 2370] New: make fails with "rmd160.c", line 35.10: 1506-296 (S) #include file <endian.h> not found. when using --without-openssl on AIX
- Call for testing: OpenSSH 6.9
- Call for testing: OpenSSH 6.9
- AIX compilation issues - openssh V 3.8.1p1 and 3.9p1