Restrict ECDSA and ECDH tests.

ifdef out some more ECDSA and ECDH tests when built against an OpenSSL that does not have eliptic curve functionality.
2024-12-26 03:42:07 +00:00 · 2015-02-25 15:32:49 +11:00 · 2015-02-25 15:32:49 +11:00 · 5d5ec165c5
commit 5d5ec165c5
parent 1734e276d9
3 changed files with 24 additions and 0 deletions
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@ -165,6 +165,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #1",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		3,
@ -178,6 +179,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #1",
 	} },
+#endif
 	{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		4,
@ -256,6 +258,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #2",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		10,
@ -269,6 +272,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #2",
 	} },
+#endif
 	{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		11,
@ -347,6 +351,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #3",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		17,
@ -360,6 +365,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #3",
 	} },
+#endif
 	{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		18,
@ -438,6 +444,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #5",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
 		24,
@ -451,6 +458,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #5",
 	} },
+#endif
 	{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
 		25,
@ -547,6 +555,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #6",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
 		32,
@ -586,6 +595,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #6",
 	} },
+#endif
 	{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
 		35,
@ -768,6 +778,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ED25519 #4",
 	} },
+#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
 		NULL,
 		49,
@ -781,6 +792,7 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #4",
 	} },
+#endif
 	{ "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		50,
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@ -145,7 +145,9 @@ do_kex_with_key(char *kex, int keytype, int bits)
 	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
 	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+#ifdef OPENSSL_HAS_ECC
 	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+#endif
 	server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
@ -173,7 +175,9 @@ do_kex(char *kex)
 {
 	do_kex_with_key(kex, KEY_RSA, 2048);
 	do_kex_with_key(kex, KEY_DSA, 1024);
+#ifdef OPENSSL_HAS_ECC
 	do_kex_with_key(kex, KEY_ECDSA, 256);
+#endif
 	do_kex_with_key(kex, KEY_ED25519, 256);
 }

@ -181,9 +185,11 @@ void
 kex_tests(void)
 {
 	do_kex("curve25519-sha256@libssh.org");
+#ifdef OPENSSL_HAS_ECC
 	do_kex("ecdh-sha2-nistp256");
 	do_kex("ecdh-sha2-nistp384");
 	do_kex("ecdh-sha2-nistp521");
+#endif
 	do_kex("diffie-hellman-group-exchange-sha256");
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@ -217,12 +217,14 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();

+#ifdef OPENSSL_HAS_ECC
 	TEST_START("new/free KEY_ECDSA");
 	k1 = sshkey_new(KEY_ECDSA);
 	ASSERT_PTR_NE(k1, NULL);
 	ASSERT_PTR_EQ(k1->ecdsa, NULL);  /* Can't allocate without NID */
 	sshkey_free(k1);
 	TEST_DONE();
+#endif

 	TEST_START("new/free KEY_ED25519");
 	k1 = sshkey_new(KEY_ED25519);
@ -273,12 +275,14 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	TEST_DONE();

+#ifdef OPENSSL_HAS_ECC
 	TEST_START("generate KEY_ECDSA wrong bits");
 	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
 	    SSH_ERR_INVALID_ARGUMENT);
 	ASSERT_PTR_EQ(k1, NULL);
 	sshkey_free(k1);
 	TEST_DONE();
+#endif

 	TEST_START("generate KEY_RSA");
 	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 768, &kr), 0);
@ -474,6 +478,7 @@ sshkey_tests(void)
 	sshkey_free(k2);
 	TEST_DONE();

+#ifdef OPENSSL_HAS_ECC
 	TEST_START("sign and verify ECDSA");
 	k1 = get_private("ecdsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
@ -482,6 +487,7 @@ sshkey_tests(void)
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
+#endif

 	TEST_START("sign and verify ED25519");
 	k1 = get_private("ed25519_1");