make unit tests work for !OPENSSH_HAS_ECC

kex.c

@@ -432,9 +432,11 @@ kex_free(struct kex *kex)
 #ifdef WITH_OPENSSL
 	if (kex->dh)
 		DH_free(kex->dh);
+#ifdef OPENSSL_HAS_ECC
 	if (kex->ec_client_key)
 		EC_KEY_free(kex->ec_client_key);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 	for (mode = 0; mode < MODE_MAX; mode++) {
 		kex_free_newkeys(kex->newkeys[mode]);
 		kex->newkeys[mode] = NULL;

regress/unittests/hostkeys/test_iterate.c

@@ -98,6 +98,15 @@ check(struct hostkey_foreach_line *l, void *_ctx)
 		parse_key = 0;
 	}
 #endif
+#ifndef OPENSSL_HAS_ECC
+	if (expected->l.keytype == KEY_ECDSA ||
+	    expected->no_parse_keytype == KEY_ECDSA) {
+		expected_status = HKF_STATUS_INVALID;
+		expected_keytype = KEY_UNSPEC;
+		parse_key = 0;
+	}
+#endif
+
 	UPDATE_MATCH_STATUS(match_host_p);
 	UPDATE_MATCH_STATUS(match_host_s);
 	UPDATE_MATCH_STATUS(match_ipv4);
@@ -144,6 +153,10 @@ prepare_expected(struct expected *expected, size_t n)
 #ifndef WITH_SSH1
 		if (expected[i].l.keytype == KEY_RSA1)
 			continue;
+#endif
+#ifndef OPENSSL_HAS_ECC
+		if (expected[i].l.keytype == KEY_ECDSA)
+			continue;
 #endif
 		ASSERT_INT_EQ(sshkey_load_public(
 		    test_data_file(expected[i].key_file), &expected[i].l.key,
@@ -178,7 +191,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #1",
 	} },
-#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		3,
@@ -192,7 +204,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #1",
 	} },
-#endif
 	{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		4,
@@ -271,7 +282,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #2",
 	} },
-#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		10,
@@ -285,7 +295,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #2",
 	} },
-#endif
 	{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		11,
@@ -364,7 +373,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #3",
 	} },
-#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		17,
@@ -378,7 +386,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #3",
 	} },
-#endif
 	{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
 		18,
@@ -457,7 +464,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #5",
 	} },
-#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
 		24,
@@ -471,7 +477,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #5",
 	} },
-#endif
 	{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
 		25,
@@ -568,7 +573,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"DSA #6",
 	} },
-#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
 		32,
@@ -608,7 +612,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #6",
 	} },
-#endif
 	{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
 		35,
@@ -791,7 +794,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ED25519 #4",
 	} },
-#ifdef OPENSSL_HAS_ECC
 	{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
 		NULL,
 		49,
@@ -805,7 +807,6 @@ struct expected expected_full[] = {
 		NULL,	/* filled at runtime */
 		"ECDSA #4",
 	} },
-#endif
 	{ "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
 		50,

regress/unittests/sshbuf/test_sshbuf_getput_crypto.c

@@ -32,8 +32,6 @@ void
 sshbuf_getput_crypto_tests(void)
 {
 	struct sshbuf *p1;
-	const u_char *d;
-	size_t s;
 	BIGNUM *bn, *bn2;
 	/* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
 	const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10";
@@ -48,7 +46,9 @@ sshbuf_getput_crypto_tests(void)
 		0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00,
 		0x7f, 0xff, 0x11
 	};
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
+	const u_char *d;
+	size_t s;
 	BIGNUM *bn_x, *bn_y;
 	int ec256_nid = NID_X9_62_prime256v1;
 	char *ec256_x = "0C828004839D0106AA59575216191357"
@@ -352,7 +352,7 @@ sshbuf_getput_crypto_tests(void)
 	sshbuf_free(p1);
 	TEST_DONE();
 
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	TEST_START("sshbuf_put_ec");
 	eck = EC_KEY_new_by_curve_name(ec256_nid);
 	ASSERT_PTR_NE(eck, NULL);

regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c

@@ -33,7 +33,7 @@ attempt_parse_blob(u_char *blob, size_t len)
 {
 	struct sshbuf *p1;
 	BIGNUM *bn;
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	EC_KEY *eck;
 #endif
 	u_char *s;
@@ -60,7 +60,7 @@ attempt_parse_blob(u_char *blob, size_t len)
 	bn = BN_new();
 	sshbuf_get_bignum2(p1, bn);
 	BN_clear_free(bn);
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 	ASSERT_PTR_NE(eck, NULL);
 	sshbuf_get_eckey(p1, eck);

regress/unittests/sshkey/test_sshkey.c

@@ -19,7 +19,7 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
-#ifdef OPENSSL_HAS_NISTP256
+#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 # include <openssl/ec.h>
 #endif
 
@@ -174,7 +174,10 @@ get_private(const char *n)
 void
 sshkey_tests(void)
 {
-	struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf;
+	struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
+#ifdef OPENSSL_HAS_ECC
+	struct sshkey *ke;
+#endif
 	struct sshbuf *b;
 
 	TEST_START("new invalid");