On Thu, Jan 13, 2011 at 10:05:15PM +1100, Damien Miller
wrote:> Log message:
> - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
> should not depend on ECC support
... but it should depend on actually having SHA256. Fixed regrest test
failures on old (<=0.9.6, I think) openssls.
Longer term (ie after release) I think we should cook up a function in
test-exec.sh that looks in config.h and use that in the tests.
Index: Makefile.in
==================================================================RCS file:
/home/dtucker/openssh/cvs/openssh/Makefile.in,v
retrieving revision 1.318
diff -u -p -r1.318 Makefile.in
--- Makefile.in 14 Jan 2011 03:47:40 -0000 1.318
+++ Makefile.in 16 Jan 2011 05:29:19 -0000
@@ -416,6 +416,7 @@ tests interop-tests: $(TARGETS)
TEST_SSH_CONCH="conch"; \
TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
+ TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
cd $(srcdir)/regress || exit $$?; \
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
@@ -438,6 +439,7 @@ tests interop-tests: $(TARGETS)
TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
TEST_SSH_ECC="$${TEST_SSH_ECC}" \
+ TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
EXEEXT="$(EXEEXT)" \
$@ && echo all tests passed
Index: configure.ac
==================================================================RCS file:
/home/dtucker/openssh/cvs/openssh/configure.ac,v
retrieving revision 1.464
diff -u -p -r1.464 configure.ac
--- configure.ac 13 Jan 2011 06:35:46 -0000 1.464
+++ configure.ac 16 Jan 2011 05:28:26 -0000
@@ -2239,7 +2239,9 @@ if test "x$check_for_libcrypt_later" = "
fi
# Search for SHA256 support in libc and/or OpenSSL
-AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
+AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes],
+ [TEST_SSH_SHA256=no])
+AC_SUBST(TEST_SSH_SHA256)
# Check complete ECC support in OpenSSL
AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
Index: regress/kextype.sh
==================================================================RCS file:
/home/dtucker/openssh/cvs/openssh/regress/kextype.sh,v
retrieving revision 1.5
diff -u -p -r1.5 kextype.sh
--- regress/kextype.sh 13 Jan 2011 11:05:15 -0000 1.5
+++ regress/kextype.sh 16 Jan 2011 05:19:27 -0000
@@ -10,7 +10,9 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
if test "$TEST_SSH_ECC" = "yes"; then
kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521"
fi
-kextypes="$kextypes diffie-hellman-group-exchange-sha256"
+if test "$TEST_SSH_SHA256" = "yes"; then
+ kextypes="$kextypes diffie-hellman-group-exchange-sha256"
+fi
kextypes="$kextypes diffie-hellman-group-exchange-sha1"
kextypes="$kextypes diffie-hellman-group14-sha1"
kextypes="$kextypes diffie-hellman-group1-sha1"
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.