ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
-for each of the types you wish to generate (rsa, dsa or ecdsa) or
+for each of the types you wish to generate (rsa, ed25519 or ecdsa) or
ssh-keygen -A
-e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
-e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
-e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \
- -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
-e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
fi
host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT)
- ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N ""
if ./ssh -Q key | grep ecdsa >/dev/null ; then \
touch /var/run/sshd.restart
fi
-%triggerun server -- openssh-server < 2.5.0p1
-# Count the number of HostKey and HostDsaKey statements we have.
-gawk 'BEGIN {IGNORECASE=1}
- /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
- END {exit sawhostkey}' /etc/ssh/sshd_config
-# And if we only found one, we know the client was relying on the old default
-# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
-# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
-# one nullifies the default, which would have loaded both.
-if [ $? -eq 1 ] ; then
- echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
- echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
-fi
-
%triggerpostun server -- ssh-server
if [ "$1" != 0 ] ; then
/sbin/chkconfig --add sshd
/usr/bin/ssh-keygen -A
if [ -x /sbin/restorecon ]; then
/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
- /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_ed25519_key.pub
/sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
fi
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#ifdef OPENSSL_HAS_ECC
#include <openssl/ecdsa.h>
#endif
tests: prep file-tests t-exec unit
-REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
+REGRESS_TARGETS= t1 t2 t3 t4 t5 t7 t9 t10 t11 t12
# File based tests
file-tests: $(REGRESS_TARGETS)
ed25519-agent.pub ed25519 ed25519.pub empty.in \
expect failed-regress.log failed-ssh.log failed-sshd.log \
hkr.* host.ecdsa-sha2-nistp256 host.ecdsa-sha2-nistp384 \
- host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 \
+ host.ecdsa-sha2-nistp521 host.ssh-ed25519 \
host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \
- key.dsa-* key.ecdsa-* key.ed25519-512 \
+ key.ecdsa-* key.ed25519-512 \
key.ed25519-512.pub key.rsa-* keys-command-args kh.* askpass \
known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
modpipe netcat no_identity_config \
${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \
fi
-t6:
- set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
- ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \
- ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \
- chmod 600 $(OBJ)/t6.out1 ; \
- ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 ; \
- fi
$(OBJ)/t7.out:
- set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
+ set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \
fi
t7: $(OBJ)/t7.out
- set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
+ set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \
fi
-$(OBJ)/t8.out:
- set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \
- ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \
- fi
-
-t8: $(OBJ)/t8.out
- set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \
- ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \
- ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \
- fi
-
$(OBJ)/t9.out:
! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \
${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@
${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null
t11:
- set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \
+ set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \
${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\
awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \
fi
-# $OpenBSD: agent.sh,v 1.22 2024/10/24 03:28:34 djm Exp $
+# $OpenBSD: agent.sh,v 1.23 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="simple agent test"
for t in ${SSH_KEYTYPES}; do
trace "connect via agent using $t key"
- if [ "$t" = "ssh-dss" ]; then
- echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy
- echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy
- fi
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
somehost exit 52
r=$?
(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
> $OBJ/authorized_keys_$USER
for t in ${SSH_KEYTYPES}; do
- if [ "$t" != "ssh-dss" ]; then
trace "connect via agent using $t key"
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
-oCertificateFile=$OBJ/$t-agent-cert.pub \
if [ $r -ne 52 ]; then
fail "ssh connect with failed (exit code $r)"
fi
- fi
done
## Deletion tests.
-# $OpenBSD: cert-hostkey.sh,v 1.27 2021/09/30 05:26:26 dtucker Exp $
+# $OpenBSD: cert-hostkey.sh,v 1.28 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="certified host keys"
touch $OBJ/host_revoked_cert
cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
-PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-//'`
if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
-# $OpenBSD: cert-userkey.sh,v 1.29 2024/12/06 16:25:58 djm Exp $
+# $OpenBSD: cert-userkey.sh,v 1.30 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="certified user keys"
grep -v AuthorizedKeysFile $OBJ/sshd_proxy > $OBJ/sshd_proxy_bak
echo "AuthorizedKeysFile $OBJ/authorized_keys_%u_*" >> $OBJ/sshd_proxy_bak
-PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-//'`
EXTRA_TYPES=""
rsa=""
sk-ecdsa-*) n="sk-ecdsa" ;;
sk-ssh-ed25519*) n="sk-ssh-ed25519" ;;
# subshell because some seds will add a newline
- *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
+ *) n=$(echo $1 | sed 's/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
esac
if [ -z "$rsa" ]; then
echo "$n*,ssh-ed25519*"
+++ /dev/null
----- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
-Subject: ssh-keygen test
-Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
-P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
-AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR
-Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg
-x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv
-MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt
-F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1
-kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik
-ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6
-75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV
-zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A==
----- END SSH2 ENCRYPTED PRIVATE KEY ----
+++ /dev/null
----- BEGIN SSH2 PUBLIC KEY ----
-Subject: ssh-keygen test
-Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
-AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8
-NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l
-ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo
-0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE
-MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk
-JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC
-eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv
-JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1
-ixaVivLt8RgTwGF99uI=
----- END SSH2 PUBLIC KEY ----
-# $OpenBSD: hostbased.sh,v 1.4 2022/12/07 11:45:43 dtucker Exp $
+# $OpenBSD: hostbased.sh,v 1.5 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
# This test requires external setup and thus is skipped unless
521*ECDSA*) algos="$algos ecdsa-sha2-nistp521" ;;
*RSA*) algos="$algos ssh-rsa rsa-sha2-256 rsa-sha2-512" ;;
*ED25519*) algos="$algos ssh-ed25519" ;;
- *DSA*) algos="$algos ssh-dss" ;;
*) verbose "unknown host key type $key" ;;
esac
done
-# $OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $
+# $OpenBSD: keytype.sh,v 1.12 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="login with different key types"
ktypes=""
for i in ${SSH_KEYTYPES}; do
case "$i" in
- ssh-dss) ktypes="$ktypes dsa-1024" ;;
ssh-rsa) ktypes="$ktypes rsa-2048 rsa-3072" ;;
ssh-ed25519) ktypes="$ktypes ed25519-512" ;;
ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;;
kname_to_ktype() {
case $1 in
- dsa-1024) echo ssh-dss;;
ecdsa-256) echo ecdsa-sha2-nistp256;;
ecdsa-384) echo ecdsa-sha2-nistp384;;
ecdsa-521) echo ecdsa-sha2-nistp521;;
-# $OpenBSD: knownhosts-command.sh,v 1.3 2021/08/30 01:15:45 djm Exp $
+# $OpenBSD: knownhosts-command.sh,v 1.4 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="known hosts command "
for keytype in ${SSH_HOSTKEY_TYPES} ; do
algs=$keytype
- test "x$keytype" = "xssh-dss" && continue
test "x$keytype" = "xssh-rsa" && algs=ssh-rsa,rsa-sha2-256,rsa-sha2-512
verbose "keytype $keytype"
cat > $OBJ/knownhosts_command << _EOF
-# $OpenBSD: krl.sh,v 1.12 2023/01/16 04:11:29 djm Exp $
+# $OpenBSD: krl.sh,v 1.13 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="key revocation lists"
case "$t" in
ecdsa*) ktype2=ecdsa ;;
ssh-rsa) ktype3=rsa ;;
- ssh-dss) ktype4=dsa ;;
sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
esac
-# $OpenBSD: limit-keytype.sh,v 1.10 2021/02/25 03:27:34 djm Exp $
+# $OpenBSD: limit-keytype.sh,v 1.11 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="restrict pubkey type"
case "$t" in
ssh-rsa) ktype2=rsa ;;
ecdsa*) ktype3=ecdsa ;; # unused
- ssh-dss) ktype4=dsa ;;
sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
esac
case "$1" in
ecdsa) printf "ecdsa-sha2-*" ;;
ed25519) printf "ssh-ed25519" ;;
- dsa) printf "ssh-dss" ;;
rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;;
sk-ecdsa) printf "sk-ecdsa-*" ;;
sk-ssh-ed25519) printf "sk-ssh-ed25519-*" ;;
fi
${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
-# Allow only DSA in main config, Ed25519 for user.
+# Allow only Ed25519 in main config, Ed25519 for user.
verbose "match w/ matching"
prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype4`" \
"Match user $USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdT"
#define CERT_RSA \
"ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg89JX6OBMYDSxER8fnU5y8xxeMCHR/hI0uVqdEhNyCpcAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdTAAAAAAAAA+0AAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGCDA6PWw4x9bHQl0w7NqifHepumqD3dmyMx+hZGuPRon+TsyCjfytu7hWmV7l9XUF0fPQNFQ7FGat5e+7YUNgE= id_rsa.pub"
-#define PRIV_DSA \
-"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
-"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsgAAAAdzc2gtZH\n"\
-"NzAAAAgQCsGTfjpQ465EOkfQXJM9BOvfRQE0fqlykAls+ncz+T7hrbeScRu8xpwzsznJNm\n"\
-"xlW8o6cUDiHmBJ5OHgamUC9N7YJeU/6fnOAZifgN8mqK6k8pKHuje8ANOiYgHLl0yiASQA\n"\
-"3//qMyzZ+W/hemoLSmLAbEqlfWVeyYx+wta1Vm+QAAABUAvWyehvUvdHvQxavYgS5p0t5Q\n"\
-"d7UAAACBAIRA9Yy+f4Kzqpv/qICPO3zk42UuP7WAhSW2nCbQdLlCiSTxcjKgcvXNRckwJP\n"\
-"44JjSHOtJy/AMtJrPIbLYG6KuWTdBlEHFiG6DafvLG+qPMSL2bPjXTOhuOMbCHIZ+5WBkW\n"\
-"THeG/Nv11iI01Of9V6tXkig23K370flkRkXFi9MdAAAAgCt6YUcQkNwG7B/e5M1FZsLP9O\n"\
-"kVB3BwLAOjmWdHpyhu3HpwSJa3XLEvhXN0i6IVI2KgPo/2GtYA6rHt14L+6u1pmhh8sAvQ\n"\
-"ksp3qZB+xh/NP+hBqf0sbHX0yYbzKOvI5SCc/kKK6yagcBZOsubM/KC8TxyVgmD5c6WzYs\n"\
-"h5TEpvAAAB2PHjRbbx40W2AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FAT\n"\
-"R+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4B\n"\
-"mJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1r\n"\
-"VWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS\n"\
-"4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIb\n"\
-"oNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRc\n"\
-"WL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SL\n"\
-"ohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJ\n"\
-"z+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAUUA+OGldMi76ClO/sstpdbBUE\n"\
-"lq8AAAAAAQI=\n"\
-"-----END OPENSSH PRIVATE KEY-----\n"
-#define PUB_DSA \
-"ssh-dss AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8="
-#define CERT_DSA \
-"ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAguF716Yub+vVKNlONKLsfxGYWkRe/PyjfYdGRTsFaDvAAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAAAAAD6AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAjMQEZcbdUYJBjIC4GxByFDOb8tv71vDZdx7irHwaqIjx5rzpJUuOV1r8ZO4kY+Yaiun1yrWj2QYkfJrHBvD1DA== id_dsa.pub"
-#define PRIV_ECDSA \
-"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
-"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n"\
-"1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTDJ0VlMv+0rguNzaJ1DF2KueHaxRSQ\n"\
-"6LpIxGbulrg1a8RPbnMXwag5GcDiDllD2lDUJUuBEWyjXA0rZoZX35ELAAAAoE/Bbr5PwW\n"\
-"6+AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43N\n"\
-"onUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQ\n"\
-"sAAAAhAIhE6hCID5oOm1TDktc++KFKyScjLifcZ6Cgv5xSSyLOAAAAAAECAwQFBgc=\n"\
-"-----END OPENSSH PRIVATE KEY-----\n"
#define PUB_ECDSA \
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43NonUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQs="
#define CERT_ECDSA \
AGENT_PID=$!
trap "kill $AGENT_PID" EXIT
-PRIV="id_dsa id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_rsa"
+PRIV="id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_rsa"
# add keys
ssh-add $PRIV
+++ /dev/null
-ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAguF716Yub+vVKNlONKLsfxGYWkRe/PyjfYdGRTsFaDvAAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAAAAAD6AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAjMQEZcbdUYJBjIC4GxByFDOb8tv71vDZdx7irHwaqIjx5rzpJUuOV1r8ZO4kY+Yaiun1yrWj2QYkfJrHBvD1DA== id_dsa.pub
-# $OpenBSD: Makefile,v 1.1 2024/12/04 16:42:49 djm Exp $
+# $OpenBSD: Makefile,v 1.2 2025/05/06 06:05:48 djm Exp $
.include <bsd.own.mk>
.include <bsd.obj.mk>
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c
SRCS+=ed25519.c hash.c
-# $OpenBSD: ssh-com-client.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $
+# $OpenBSD: ssh-com-client.sh,v 1.8 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="connect with ssh.com client"
# setup authorized keys
SRC=`dirname ${SCRIPT}`
-cp ${SRC}/dsa_ssh2.prv ${OBJ}/id.com
+cp ${SRC}/rsa_ssh2.prv ${OBJ}/id.com
chmod 600 ${OBJ}/id.com
${SSHKEYGEN} -i -f ${OBJ}/id.com > $OBJ/id.openssh
chmod 600 ${OBJ}/id.openssh
${SSHKEYGEN} -e -f ${OBJ}/id.openssh > $OBJ/id.com.pub
echo IdKey ${OBJ}/id.com > ${OBJ}/id.list
-# we need a DSA host key
-t=dsa
+# we need a RSA host key
+t=rsa
rm -f ${OBJ}/$t ${OBJ}/$t.pub
${SSHKEYGEN} -q -N '' -t $t -f ${OBJ}/$t
$SUDO cp $OBJ/$t $OBJ/host.$t
mkdir -p ${OBJ}/${USER}/hostkeys
HK=${OBJ}/${USER}/hostkeys/key_${PORT}_127.0.0.1
${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${HK}.ssh-rsa.pub
-${SSHKEYGEN} -e -f ${OBJ}/dsa.pub > ${HK}.ssh-dss.pub
cat > ${OBJ}/ssh2_config << EOF
*:
continue
fi
verbose "ssh2 ${v}"
- key=ssh-dss
+ key=ssh-rsa
skipcat=0
case $v in
2.1.*|2.3.0)
done
rm -rf ${OBJ}/${USER}
-for i in ssh2_config random_seed dsa.pub dsa host.dsa \
- id.list id.com id.com.pub id.openssh; do
+for i in ssh2_config random_seed id.list id.com id.com.pub id.openssh; do
rm -f ${OBJ}/$i
done
-# $OpenBSD: ssh-com.sh,v 1.10 2017/05/08 01:52:49 djm Exp $
+# $OpenBSD: ssh-com.sh,v 1.11 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="connect to ssh.com server"
PubKeyAuthentication yes
#AllowedAuthentications publickey
AuthorizationFile authorization
- HostKeyFile ${SRC}/dsa_ssh2.prv
- PublicHostKeyFile ${SRC}/dsa_ssh2.pub
+ HostKeyFile ${SRC}/rsa_ssh2.prv
+ PublicHostKeyFile ${SRC}/rsa_ssh2.pub
RandomSeedFile ${OBJ}/random_seed
MaxConnections 0
PermitRootLogin yes
sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
< $OBJ/ssh_config > $OBJ/ssh_config_com
-# we need a DSA key for
-rm -f ${OBJ}/dsa ${OBJ}/dsa.pub
-${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa
+# we need a RSA key for
+rm -f ${OBJ}/rsa ${OBJ}/rsa.pub
+${SSHKEYGEN} -q -N '' -t rsa -f ${OBJ}/rsa
# setup userdir, try rsa first
mkdir -p ${OBJ}/${USER}
cp /dev/null ${OBJ}/${USER}/authorization
-for t in rsa dsa; do
- ${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com
- echo Key $t.com >> ${OBJ}/${USER}/authorization
- echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com
-done
+${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${OBJ}/${USER}/rsa.com
+echo Key rsa.com >> ${OBJ}/${USER}/authorization
+echo IdentityFile ${OBJ}/rsa >> ${OBJ}/ssh_config_com
-# convert and append DSA hostkey
+# convert and append RSA hostkey
(
printf 'ssh2-localhost-with-alias,127.0.0.1,::1 '
- ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
+ ${SSHKEYGEN} -if ${SRC}/rsa_ssh2.pub
) >> $OBJ/known_hosts
# go for it
rm -rf ${OBJ}/${USER}
for i in sshd_config_proxy ssh_config_proxy random_seed \
- sshd2_config dsa.pub dsa ssh_config_com; do
+ sshd2_config rsa.pub rsa ssh_config_com; do
rm -f ${OBJ}/$i
done
#!/bin/sh
-# $OpenBSD: ssh2putty.sh,v 1.9 2021/07/25 12:13:03 dtucker Exp $
+# $OpenBSD: ssh2putty.sh,v 1.10 2025/05/06 06:05:48 djm Exp $
if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
echo "Usage: ssh2putty hostname port ssh-private-key"
OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
-# XXX - support DSA keys too
if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then
:
else
-# $OpenBSD: sshcfgparse.sh,v 1.9 2021/06/08 07:05:27 dtucker Exp $
+# $OpenBSD: sshcfgparse.sh,v 1.10 2025/05/06 06:05:48 djm Exp $
# Placed in the Public Domain.
tid="ssh config parse"
-dsa=0
-for t in $SSH_KEYTYPES; do
- case "$t" in
- ssh-dss) dsa=1 ;;
- esac
-done
-
expect_result_present() {
_str="$1" ; shift
for _expect in "$@" ; do
# Default set
f=`${SSH} -GF none host | awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*"
-expect_result_absent "$f" "ssh-dss"
# Explicit override
f=`${SSH} -GF none -opubkeyacceptedalgorithms=ssh-ed25519 host | \
awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519"
-expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss"
+expect_result_absent "$f" "ssh-ed25519-cert-v01.*"
# Removal from default set
f=`${SSH} -GF none -opubkeyacceptedalgorithms=-ssh-ed25519-cert* host | \
awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519"
-expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss"
+expect_result_absent "$f" "ssh-ed25519-cert-v01.*"
f=`${SSH} -GF none -opubkeyacceptedalgorithms=-ssh-ed25519 host | \
awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519-cert-v01.*"
-expect_result_absent "$f" "ssh-ed25519" "ssh-dss"
+expect_result_absent "$f" "ssh-ed25519"
# Append to default set.
# This is not tested when built !WITH_OPENSSL
-if [ "$dsa" = "1" ]; then
- f=`${SSH} -GF none -opubkeyacceptedalgorithms=+ssh-dss-cert* host | \
- awk '/^pubkeyacceptedalgorithms /{print $2}'`
- expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*"
- expect_result_absent "$f" "ssh-dss"
- f=`${SSH} -GF none -opubkeyacceptedalgorithms=+ssh-dss host | \
- awk '/^pubkeyacceptedalgorithms /{print $2}'`
- expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss"
- expect_result_absent "$f" "ssh-dss-cert-v01.*"
-fi
+# XXX need a test for this
verbose "agentforwarding"
f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'`
-# $OpenBSD: Makefile.inc,v 1.17 2025/04/15 04:00:42 djm Exp $
+# $OpenBSD: Makefile.inc,v 1.18 2025/05/06 06:05:48 djm Exp $
.include <bsd.own.mk>
.include <bsd.obj.mk>
OPENSSL?= yes
DSAKEY?= yes
-.if (${DSAKEY:L} == "yes")
-CFLAGS+= -DWITH_DSA
-.endif
-
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL
.endif
-# $OpenBSD: Makefile,v 1.8 2025/04/15 04:00:42 djm Exp $
+# $OpenBSD: Makefile,v 1.9 2025/05/06 06:05:48 djm Exp $
PROG=test_authopt
SRCS=tests.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c
SRCS+=ed25519.c hash.c
-# $OpenBSD: Makefile,v 1.11 2025/04/15 04:00:42 djm Exp $
+# $OpenBSD: Makefile,v 1.12 2025/05/06 06:05:48 djm Exp $
PROG=test_hostkeys
SRCS=tests.c test_iterate.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c hostfile.c
SRCS+=ed25519.c hash.c
#!/bin/sh
-# $OpenBSD: mktestdata.sh,v 1.2 2017/04/30 23:33:48 djm Exp $
+# $OpenBSD: mktestdata.sh,v 1.3 2025/05/06 06:05:48 djm Exp $
set -ex
cd testdata
-rm -f rsa* dsa* ecdsa* ed25519*
+rm -f rsa* ecdsa* ed25519*
rm -f known_hosts*
gen_all() {
test "x$_n" = "x1" && _ecdsa_bits=384
test "x$_n" = "x2" && _ecdsa_bits=521
ssh-keygen -qt rsa -b 1024 -C "RSA #$_n" -N "" -f rsa_$_n
- ssh-keygen -qt dsa -b 1024 -C "DSA #$_n" -N "" -f dsa_$_n
ssh-keygen -qt ecdsa -b $_ecdsa_bits -C "ECDSA #$_n" -N "" -f ecdsa_$_n
ssh-keygen -qt ed25519 -C "ED25519 #$_n" -N "" -f ed25519_$_n
# Don't need private keys
- rm -f rsa_$_n dsa_$_n ecdsa_$_n ed25519_$_n
+ rm -f rsa_$_n ecdsa_$_n ed25519_$_n
}
hentries() {
echo "# Revoked and CA keys"
printf "@revoked sisyphus.example.com " ; cat ed25519_4.pub
printf "@cert-authority prometheus.example.com " ; cat ecdsa_4.pub
- printf "@cert-authority *.example.com " ; cat dsa_4.pub
+ printf "@cert-authority *.example.com " ; cat rsa_4.pub
printf "\n"
echo "# Some invalid lines"
# Invalid marker
- printf "@what sisyphus.example.com " ; cat dsa_1.pub
+ printf "@what sisyphus.example.com " ; cat rsa_1.pub
# Key missing
echo "sisyphus.example.com "
# Key blob missing
echo "prometheus.example.com ssh-ed25519 "
# Key blob truncated
- echo "sisyphus.example.com ssh-dsa AAAATgAAAAdz"
+ echo "sisyphus.example.com ssh-rsa AAAATgAAAAdz"
# Invalid type
echo "sisyphus.example.com ssh-XXX AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg=="
# Type mismatch with blob
-/* $OpenBSD: test_iterate.c,v 1.9 2024/01/11 01:45:58 djm Exp $ */
+/* $OpenBSD: test_iterate.c,v 1.10 2025/05/06 06:05:48 djm Exp $ */
/*
* Regress test for hostfile.h hostkeys_foreach()
*
expected->no_parse_keytype == KEY_ECDSA)
skip = 1;
#endif /* OPENSSL_HAS_ECC */
-#ifndef WITH_DSA
- if (expected->l.keytype == KEY_DSA ||
- expected->no_parse_keytype == KEY_DSA)
- skip = 1;
-#endif
#ifndef WITH_OPENSSL
- if (expected->l.keytype == KEY_DSA ||
- expected->no_parse_keytype == KEY_DSA ||
- expected->l.keytype == KEY_RSA ||
+ if (expected->l.keytype == KEY_RSA ||
expected->no_parse_keytype == KEY_RSA ||
expected->l.keytype == KEY_ECDSA ||
expected->no_parse_keytype == KEY_ECDSA)
if (expected[i].l.keytype == KEY_ECDSA)
continue;
#endif /* OPENSSL_HAS_ECC */
-#ifndef WITH_DSA
- if (expected[i].l.keytype == KEY_DSA)
- continue;
-#endif
#ifndef WITH_OPENSSL
switch (expected[i].l.keytype) {
case KEY_RSA:
- case KEY_DSA:
case KEY_ECDSA:
continue;
}
NULL, /* comment */
0, /* note */
} },
- { "dsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
- NULL,
- 2,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- "sisyphus.example.com",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #1",
- 0,
- } },
{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 3,
+ 2,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 4,
+ 3,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 5,
+ 4,
HKF_STATUS_OK,
0,
NULL,
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 6,
+ 5,
HKF_STATUS_COMMENT,
0,
"",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 7,
+ 6,
HKF_STATUS_COMMENT,
0,
"# Plain host keys, hostnames + addresses",
NULL,
0,
} },
- { "dsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
- NULL,
- 8,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- "prometheus.example.com,192.0.2.1,2001:db8::1",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #2",
- 0,
- } },
{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 9,
+ 7,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 10,
+ 8,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 11,
+ 9,
HKF_STATUS_OK,
0,
NULL,
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 12,
+ 10,
HKF_STATUS_COMMENT,
0,
"",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 13,
+ 11,
HKF_STATUS_COMMENT,
0,
"# Some hosts with wildcard names / IPs",
NULL,
0,
} },
- { "dsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
- NULL,
- 14,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- "*.example.com,192.0.2.*,2001:*",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #3",
- 0,
- } },
{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 15,
+ 12,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 16,
+ 13,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 17,
+ 14,
HKF_STATUS_OK,
0,
NULL,
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 18,
+ 15,
HKF_STATUS_COMMENT,
0,
"",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 19,
+ 16,
HKF_STATUS_COMMENT,
0,
"# Hashed hostname and address entries",
NULL,
0,
} },
- { "dsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
- NULL,
- 20,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #5",
- 0,
- } },
{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
- 21,
+ 17,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
- 22,
+ 18,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
- 23,
+ 19,
HKF_STATUS_OK,
0,
NULL,
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 24,
+ 20,
HKF_STATUS_COMMENT,
0,
"",
* hostname and addresses in the pre-hashed known_hosts are split
* to separate lines.
*/
- { "dsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
- NULL,
- 25,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #6",
- 0,
- } },
- { "dsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
- NULL,
- 26,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #6",
- 0,
- } },
- { "dsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
- NULL,
- 27,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #6",
- 0,
- } },
{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
- 28,
+ 21,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ecdsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
NULL,
- 29,
+ 22,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ecdsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
NULL,
- 30,
+ 23,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
- 31,
+ 24,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
NULL,
- 32,
+ 25,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ed25519_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
NULL,
- 33,
+ 26,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
- 34,
+ 27,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
NULL,
- 35,
+ 28,
HKF_STATUS_OK,
0,
NULL,
} },
{ "rsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
NULL,
- 36,
+ 29,
HKF_STATUS_OK,
0,
NULL,
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 37,
+ 30,
HKF_STATUS_COMMENT,
0,
"",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 38,
+ 31,
HKF_STATUS_COMMENT,
0,
"",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 39,
+ 32,
HKF_STATUS_COMMENT,
0,
"# Revoked and CA keys",
} },
{ "ed25519_4.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 40,
+ 33,
HKF_STATUS_OK,
0,
NULL,
} },
{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
- 41,
+ 34,
HKF_STATUS_OK,
0,
NULL,
"ECDSA #4",
0,
} },
- { "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
- NULL,
- 42,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_CA,
- "*.example.com",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #4",
- 0,
- } },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 43,
+ 35,
HKF_STATUS_COMMENT,
0,
"",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 44,
+ 36,
HKF_STATUS_COMMENT,
0,
"# Some invalid lines",
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 45,
+ 37,
HKF_STATUS_INVALID,
0,
NULL,
} },
{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 46,
+ 38,
HKF_STATUS_INVALID,
0,
NULL,
} },
{ NULL, -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
- 47,
+ 39,
HKF_STATUS_INVALID,
0,
NULL,
NULL,
0,
} },
- { NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
+ { NULL, HKF_STATUS_OK, KEY_ED25519, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 48,
+ 40,
HKF_STATUS_INVALID, /* Would be ok if key not parsed */
0,
NULL,
} },
{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 49,
+ 41,
HKF_STATUS_INVALID,
0,
NULL,
} },
{ NULL, HKF_STATUS_OK, KEY_RSA, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
- 50,
+ 42,
HKF_STATUS_INVALID, /* Would be ok if key not parsed */
0,
NULL,
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAI38Hy/61/O5Bp6yUG8J5XQCeNjRS0xvjlCdzKLyXCueMa+L+X2L/u9PWUsy5SVbTjGgpB8sF6UkCNsV+va7S8zCCHas2MZ7GPlxP6GZBkRPTIFR0N/Pu7wfBzDQz0t0iL4VmxBfTBQv/SxkGWZg+yHihIQP9fwdSAwD/7aVh6ItAAAAFQDSyihIUlINlswM0PJ8wXSti3yIMwAAAIB+oqzaB6ozqs8YxpN5oQOBa/9HEBQEsp8RSIlQmVubXRNgktp42n+Ii1waU9UUk8DX5ahhIeR6B7ojWkqmDAji4SKpoHf4kmr6HvYo85ZSTSx0W4YK/gJHSpDJwhlT52tAfb1JCbWSObjl09B4STv7KedCHcR5oXQvvrV+XoKOSAAAAIAue/EXrs2INw1RfaKNHC0oqOMxmRitv0BFMuNVPo1VDj39CE5kA7AHjwvS1TNeaHtK5Hhgeb6vsmLmNPTOc8xCob0ilyQbt9O0GbONeF2Ge7D2UJyULA/hxql+tCYFIC6yUrmo35fF9XiNisXLoaflk9fjp7ROWWVwnki/jstaQw== DSA #2
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAI6lz2Ip9bzE7TGuDD4SjO9S4Ac90gq0h6ai1O06eI8t/Ot2uJ5Jk2QyVr2jvIZHDl/5bwBx7+5oyjlwRoUrAPPD814wf5tU2tSnmdu1Wbf0cBswif5q0r4tevzmopp/AtgH11QHo3u0/pfyJd10qBDLV2FaYSKMmZvyPfZJ0s9pAAAAFQD5Eqjl6Rx2qVePodD9OwAPT0bU6wAAAIAfnDm6csZF0sFaJR3NIJvaYgSGr8s7cqlsk2gLltB/1wOOO2yX+NeEC+B0H93hlMfaUsPa08bwgmYxnavSMqEBpmtPceefJiEd68zwYqXd38f88wyWZ9Z5iwaI/6OVZPHzCbDxOa4ewVTevRNYUKP1xUTZNT8/gSMfZLYPk4T2AQAAAIAUKroozRMyV+3V/rxt0gFnNxRXBKk+9cl3vgsQ7ktkI9cYg7V1T2K0XF21AVMK9gODszy6PBJjV6ruXBV6TRiqIbQauivp3bHHKYsG6wiJNqwdbVwIjfvv8nn1qFoZQLXG3sdONr9NwN8KzrX89OV0BlR2dVM5qqp+YxOXymP9yg== DSA #3
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAKvjnFHm0VvMr5h2Zu3nURsxQKGoxm+DCzYDxRYcilK07Cm5c4XTrFbA2X86+9sGs++W7QRMcTJUYIg0a+UtIMtAjwORd6ZPXM2K5dBW+gh1oHyvKi767tWX7I2c+1ZPJDY95mUUfZQUEfdy9eGDSBmw/pSsveQ1ur6XNUh/MtP/AAAAFQDHnXk/9jBJAdce1pHtLWnbdPSGdQAAAIEAm2OLy8tZBfiEO3c3X1yyB/GTcDwrQCqRMDkhnsmrliec3dWkOfNTzu+MrdvF8ymTWLEqPpbMheYtvNyZ3TF0HO5W7aVBpdGZbOdOAIfB+6skqGbI8A5Up1d7dak/bSsqL2r5NjwbDOdq+1hBzzvbl/qjh+sQarV2zHrpKoQaV28AAACANtkBVedBbqIAdphCrN/LbUi9WlyuF9UZz+tlpVLYrj8GJVwnplV2tvOmUw6yP5/pzCimTsao8dpL5PWxm7fKxLWVxA+lEsA4WeC885CiZn8xhdaJOCN+NyJ2bqkz+4VPI7oDGBm0aFwUqJn+M1PiSgvI50XdF2dBsFRTRNY0wzA= DSA #4
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBALrFy7w5ihlaOG+qR+6fj+vm5EQaO3qwxgACLcgH+VfShuOG4mkx8qFJmf+OZ3fh5iKngjNZfKtfcqI7zHWdk6378TQfQC52/kbZukjNXOLCpyNkogahcjA00onIoTK1RUDuMW28edAHwPFbpttXDTaqis+8JPMY8hZwsZGENCzTAAAAFQD6+It5vozwGgaN9ROYPMlByhi6jwAAAIBz2mcAC694vNzz9b6614gkX9d9E99PzJYfU1MPkXDziKg7MrjBw7Opd5y1jL09S3iL6lSTlHkKwVKvQ3pOwWRwXXRrKVus4I0STveoApm526jmp6mY0YEtqR98vMJ0v97h1ydt8FikKlihefCsnXVicb8887PXs2Y8C6GuFT3tfQAAAIBbmHtV5tPcrMRDkULhaQ/Whap2VKvT2DUhIHA7lx6oy/KpkltOpxDZOIGUHKqffGbiR7Jh01/y090AY5L2eCf0S2Ytx93+eADwVVpJbFJo6zSwfeey2Gm6L2oA+rCz9zTdmtZoekpD3/RAOQjnJIAPwbs7mXwabZTw4xRtiYIRrw== DSA #5
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
# Plain host keys, plain host names
-sisyphus.example.com ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1
sisyphus.example.com ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF6yQEtD9yBw9gmDRf477WBBzvWhAa0ioBI3nbA4emKykj0RbuQd5C4XdQAEOZGzE7v//FcCjwB2wi+JH5eKkxCtN6CjohDASZ1huoIV2UVyYIicZJEEOg1IWjjphvaxtw== ECDSA #1
sisyphus.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9ks7jkua5YWIwByRnnnc6UPJQWI75O0e/UJdPYU1JI ED25519 #1
sisyphus.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDg4hB4vAZHJ0PVRiJajOv/GlytFWNpv5/9xgB9+5BIbvp8LOrFZ5D9K0Gsmwpd4G4rfaAz8j896DhMArg0vtkilIPPGt/6VzWMERgvaIQPJ/IE99X3+fjcAG56oAWwy29JX10lQMzBPU6XJIaN/zqpkb6qUBiAHBdLpxrFBBU0/w== RSA #1
# Plain host keys, hostnames + addresses
-prometheus.example.com,192.0.2.1,2001:db8::1 ssh-dss AAAAB3NzaC1kc3MAAACBAI38Hy/61/O5Bp6yUG8J5XQCeNjRS0xvjlCdzKLyXCueMa+L+X2L/u9PWUsy5SVbTjGgpB8sF6UkCNsV+va7S8zCCHas2MZ7GPlxP6GZBkRPTIFR0N/Pu7wfBzDQz0t0iL4VmxBfTBQv/SxkGWZg+yHihIQP9fwdSAwD/7aVh6ItAAAAFQDSyihIUlINlswM0PJ8wXSti3yIMwAAAIB+oqzaB6ozqs8YxpN5oQOBa/9HEBQEsp8RSIlQmVubXRNgktp42n+Ii1waU9UUk8DX5ahhIeR6B7ojWkqmDAji4SKpoHf4kmr6HvYo85ZSTSx0W4YK/gJHSpDJwhlT52tAfb1JCbWSObjl09B4STv7KedCHcR5oXQvvrV+XoKOSAAAAIAue/EXrs2INw1RfaKNHC0oqOMxmRitv0BFMuNVPo1VDj39CE5kA7AHjwvS1TNeaHtK5Hhgeb6vsmLmNPTOc8xCob0ilyQbt9O0GbONeF2Ge7D2UJyULA/hxql+tCYFIC6yUrmo35fF9XiNisXLoaflk9fjp7ROWWVwnki/jstaQw== DSA #2
prometheus.example.com,192.0.2.1,2001:db8::1 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAB8qVcXwgBM92NCmReQlPrZAoui4Bz/mW0VUBFOpHXXW1n+15b/Y7Pc6UBd/ITTZmaBciXY+PWaSBGdwc5GdqGdLgFyJ/QAGrFMPNpVutm/82gNQzlxpNwjbMcKyiZEXzSgnjS6DzMQ0WuSMdzIBXq8OW/Kafxg4ZkU6YqALUXxlQMZuQ== ECDSA #2
prometheus.example.com,192.0.2.1,2001:db8::1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBp6PVW0z2o9C4Ukv/JOgmK7QMFe1pD1s3ADFF7IQob ED25519 #2
prometheus.example.com,192.0.2.1,2001:db8::1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDmbUhNabB5AmBDX6GNHZ3lbn7pRxqfpW+f53QqNGlK0sLV+0gkMIrOfUp1kdE2ZLE6tfzdicatj/RlH6/wuo4yyYb+Pyx3G0vxdmAIiA4aANq38XweDucBC0TZkRWVHK+Gs5V/uV0z7N0axJvkkJujMLvST3CRiiWwlficBc6yVQ== RSA #2
# Some hosts with wildcard names / IPs
-*.example.com,192.0.2.*,2001:* ssh-dss AAAAB3NzaC1kc3MAAACBAI6lz2Ip9bzE7TGuDD4SjO9S4Ac90gq0h6ai1O06eI8t/Ot2uJ5Jk2QyVr2jvIZHDl/5bwBx7+5oyjlwRoUrAPPD814wf5tU2tSnmdu1Wbf0cBswif5q0r4tevzmopp/AtgH11QHo3u0/pfyJd10qBDLV2FaYSKMmZvyPfZJ0s9pAAAAFQD5Eqjl6Rx2qVePodD9OwAPT0bU6wAAAIAfnDm6csZF0sFaJR3NIJvaYgSGr8s7cqlsk2gLltB/1wOOO2yX+NeEC+B0H93hlMfaUsPa08bwgmYxnavSMqEBpmtPceefJiEd68zwYqXd38f88wyWZ9Z5iwaI/6OVZPHzCbDxOa4ewVTevRNYUKP1xUTZNT8/gSMfZLYPk4T2AQAAAIAUKroozRMyV+3V/rxt0gFnNxRXBKk+9cl3vgsQ7ktkI9cYg7V1T2K0XF21AVMK9gODszy6PBJjV6ruXBV6TRiqIbQauivp3bHHKYsG6wiJNqwdbVwIjfvv8nn1qFoZQLXG3sdONr9NwN8KzrX89OV0BlR2dVM5qqp+YxOXymP9yg== DSA #3
*.example.com,192.0.2.*,2001:* ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIb3BhJZk+vUQPg5TQc1koIzuGqloCq7wjr9LjlhG24IBeiFHLsdWw74HDlH4DrOmlxToVYk2lTdnjARleRByjk= ECDSA #3
*.example.com,192.0.2.*,2001:* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlYfExtYZAPqYvYdrlpGlSWhh/XNHcH3v3c2JzsVNbB ED25519 #3
*.example.com,192.0.2.*,2001:* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDX8F93W3SH4ZSus4XUQ2cw9dqcuyUETTlKEeGv3zlknV3YCoe2Mp04naDhiuwj8sOsytrZSESzLY1ZEyzrjxE6ZFVv8NKgck/AbRjcwlRFOcx9oKUxOrXRa0IoXlTq0kyjKCJfaHBKnGitZThknCPTbVmpATkm5xx6J0WEDozfoQ== RSA #3
# Hashed hostname and address entries
-|1|z3xOIdT5ue3Vuf3MzT67kaioqjw=|GZhhe5uwDOBQrC9N4cCjpbLpSn4= ssh-dss AAAAB3NzaC1kc3MAAACBALrFy7w5ihlaOG+qR+6fj+vm5EQaO3qwxgACLcgH+VfShuOG4mkx8qFJmf+OZ3fh5iKngjNZfKtfcqI7zHWdk6378TQfQC52/kbZukjNXOLCpyNkogahcjA00onIoTK1RUDuMW28edAHwPFbpttXDTaqis+8JPMY8hZwsZGENCzTAAAAFQD6+It5vozwGgaN9ROYPMlByhi6jwAAAIBz2mcAC694vNzz9b6614gkX9d9E99PzJYfU1MPkXDziKg7MrjBw7Opd5y1jL09S3iL6lSTlHkKwVKvQ3pOwWRwXXRrKVus4I0STveoApm526jmp6mY0YEtqR98vMJ0v97h1ydt8FikKlihefCsnXVicb8887PXs2Y8C6GuFT3tfQAAAIBbmHtV5tPcrMRDkULhaQ/Whap2VKvT2DUhIHA7lx6oy/KpkltOpxDZOIGUHKqffGbiR7Jh01/y090AY5L2eCf0S2Ytx93+eADwVVpJbFJo6zSwfeey2Gm6L2oA+rCz9zTdmtZoekpD3/RAOQjnJIAPwbs7mXwabZTw4xRtiYIRrw== DSA #5
|1|B7t/AYabn8zgwU47Cb4A/Nqt3eI=|arQPZyRphkzisr7w6wwikvhaOyE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIudcagzq4QPtP1jkpje34+0POLB0jwT64hqrbCqhTH2T800KDZ0h2vwlJYa3OP3Oqru9AB5pnuHsKw7mAhUGY= ECDSA #5
|1|JR81WxEocTP5d7goIRkl8fHBbno=|l6sj6FOsoXxgEZMzn/BnOfPKN68= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINf63qSV8rD57N+digID8t28WVhd3Yf2K2UhaoG8TsWQ ED25519 #5
|1|W7x4zY6KtTZJgsopyOusJqvVPag=|QauLt7hKezBZFZi2i4Xopho7Nsk= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC/C15Q4sfnk7BZff1er8bscay+5s51oD4eWArlHWMK/ZfYeeTAccTy+7B7Jv+MS4nKCpflrvJI2RQz4kS8vF0ATdBbi4jeWefStlHNg0HLhnCY7NAfDIlRdaN9lm3Pqm2vmr+CkqwcJaSpycDg8nPN9yNAuD6pv7NDuUnECezojQ== RSA #5
-|1|mxnU8luzqWLvfVi5qBm5xVIyCRM=|9Epopft7LBd80Bf6RmWPIpwa8yU= ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
-|1|klvLmvh2vCpkNMDEjVvrE8SJWTg=|e/dqEEBLnbgqmwEesl4cDRu/7TM= ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
-|1|wsk3ddB3UjuxEsoeNCeZjZ6NvZs=|O3O/q2Z/u7DrxoTiIq6kzCevQT0= ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
|1|B8epmkLSni+vGZDijr/EwxeR2k4=|7ct8yzNOVJhKm3ZD2w0XIT7df8E= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6
|1|JojD885UhYhbCu571rgyM/5PpYU=|BJaU2aE1FebQZy3B5tzTDRWFRG0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6
|1|5t7UDHDybVrDZVQPCpwdnr6nk4k=|EqJ73W/veIL3H2x+YWHcJxI5ETA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6
# Revoked and CA keys
@revoked sisyphus.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFP8L9REfN/iYy1KIRtFqSCn3V2+vOCpoZYENFGLdOF ED25519 #4
@cert-authority prometheus.example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZd0OXHIWwK3xnjAdMZ1tojxWycdu38pORO/UX5cqsKMgGCKQVBWWO3TFk1ePkGIE9VMWT1hCGqWRRwYlH+dSE= ECDSA #4
-@cert-authority *.example.com ssh-dss AAAAB3NzaC1kc3MAAACBAKvjnFHm0VvMr5h2Zu3nURsxQKGoxm+DCzYDxRYcilK07Cm5c4XTrFbA2X86+9sGs++W7QRMcTJUYIg0a+UtIMtAjwORd6ZPXM2K5dBW+gh1oHyvKi767tWX7I2c+1ZPJDY95mUUfZQUEfdy9eGDSBmw/pSsveQ1ur6XNUh/MtP/AAAAFQDHnXk/9jBJAdce1pHtLWnbdPSGdQAAAIEAm2OLy8tZBfiEO3c3X1yyB/GTcDwrQCqRMDkhnsmrliec3dWkOfNTzu+MrdvF8ymTWLEqPpbMheYtvNyZ3TF0HO5W7aVBpdGZbOdOAIfB+6skqGbI8A5Up1d7dak/bSsqL2r5NjwbDOdq+1hBzzvbl/qjh+sQarV2zHrpKoQaV28AAACANtkBVedBbqIAdphCrN/LbUi9WlyuF9UZz+tlpVLYrj8GJVwnplV2tvOmUw6yP5/pzCimTsao8dpL5PWxm7fKxLWVxA+lEsA4WeC885CiZn8xhdaJOCN+NyJ2bqkz+4VPI7oDGBm0aFwUqJn+M1PiSgvI50XdF2dBsFRTRNY0wzA= DSA #4
# Some invalid lines
-@what sisyphus.example.com ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1
+@what ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDg4hB4vAZHJ0PVRiJajOv/GlytFWNpv5/9xgB9+5BIbvp8LOrFZ5D9K0Gsmwpd4G4rfaAz8j896DhMArg0vtkilIPPGt/6VzWMERgvaIQPJ/IE99X3+fjcAG56oAWwy29JX10lQMzBPU6XJIaN/zqpkb6qUBiAHBdLpxrFBBU0/w== RSA #1
sisyphus.example.com
prometheus.example.com ssh-ed25519
-sisyphus.example.com ssh-dsa AAAATgAAAAdz
+sisyphus.example.com ssh-ed25519 AAAATgAAAAdz
sisyphus.example.com ssh-XXX AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg==
prometheus.example.com ssh-rsa AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg==
-# $OpenBSD: Makefile,v 1.17 2025/04/15 04:00:42 djm Exp $
+# $OpenBSD: Makefile,v 1.18 2025/05/06 06:05:48 djm Exp $
PROG=test_kex
SRCS=tests.c test_kex.c test_proposal.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
SRCS+=compat.c ed25519.c hash.c
-/* $OpenBSD: test_kex.c,v 1.10 2025/04/15 04:00:42 djm Exp $ */
+/* $OpenBSD: test_kex.c,v 1.11 2025/05/06 06:05:48 djm Exp $ */
/*
* Regress test KEX
*
#ifdef WITH_OPENSSL
do_kex_with_key(kex, NULL, NULL, NULL, KEY_RSA, 2048);
-# ifdef WITH_DSA
- do_kex_with_key(kex, NULL, NULL, NULL, KEY_DSA, 1024);
-# endif /* WITH_DSA */
# ifdef OPENSSL_HAS_ECC
do_kex_with_key(kex, NULL, NULL, NULL, KEY_ECDSA, 256);
# endif /* OPENSSL_HAS_ECC */
-# $OpenBSD: Makefile,v 1.12 2023/01/15 23:35:10 djm Exp $
+# $OpenBSD: Makefile,v 1.13 2025/05/06 06:05:48 djm Exp $
PROG=test_sshkey
SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c
SRCS+=ed25519.c hash.c
-/* $OpenBSD: common.c,v 1.6 2024/08/15 00:52:23 djm Exp $ */
+/* $OpenBSD: common.c,v 1.7 2025/05/06 06:05:48 djm Exp $ */
/*
* Helpers for key API tests
*
#ifdef WITH_OPENSSL
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/objects.h>
#ifdef OPENSSL_HAS_NISTP256
# include <openssl/ec.h>
RSA_get0_factors(EVP_PKEY_get0_RSA(k->pkey), NULL, &q);
return q;
}
-
-const BIGNUM *
-dsa_g(struct sshkey *k)
-{
- const BIGNUM *g = NULL;
-
- ASSERT_PTR_NE(k, NULL);
- ASSERT_PTR_NE(k->dsa, NULL);
- DSA_get0_pqg(k->dsa, NULL, NULL, &g);
- return g;
-}
-
-const BIGNUM *
-dsa_pub_key(struct sshkey *k)
-{
- const BIGNUM *pub_key = NULL;
-
- ASSERT_PTR_NE(k, NULL);
- ASSERT_PTR_NE(k->dsa, NULL);
- DSA_get0_key(k->dsa, &pub_key, NULL);
- return pub_key;
-}
-
-const BIGNUM *
-dsa_priv_key(struct sshkey *k)
-{
- const BIGNUM *priv_key = NULL;
-
- ASSERT_PTR_NE(k, NULL);
- ASSERT_PTR_NE(k->dsa, NULL);
- DSA_get0_key(k->dsa, NULL, &priv_key);
- return priv_key;
-}
#endif /* WITH_OPENSSL */
-
-/* $OpenBSD: common.h,v 1.2 2018/09/13 09:03:20 djm Exp $ */
+/* $OpenBSD: common.h,v 1.3 2025/05/06 06:05:48 djm Exp $ */
/*
* Helpers for key API tests
*
const BIGNUM *rsa_e(struct sshkey *k);
const BIGNUM *rsa_p(struct sshkey *k);
const BIGNUM *rsa_q(struct sshkey *k);
-const BIGNUM *dsa_g(struct sshkey *k);
-const BIGNUM *dsa_pub_key(struct sshkey *k);
-const BIGNUM *dsa_priv_key(struct sshkey *k);
#!/bin/sh
-# $OpenBSD: mktestdata.sh,v 1.11 2020/06/19 03:48:49 djm Exp $
+# $OpenBSD: mktestdata.sh,v 1.12 2025/05/06 06:05:48 djm Exp $
PW=mekmitasdigoat
done
}
-dsa_params() {
- _in="$1"
- _outbase="$2"
- set -e
- openssl dsa -noout -text -in $_in | \
- awk '/^priv:$/,/^pub:/' | \
- grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.priv
- openssl dsa -noout -text -in $_in | \
- awk '/^pub:/,/^P:/' | #\
- grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.pub
- openssl dsa -noout -text -in $_in | \
- awk '/^G:/,0' | \
- grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.g
- for x in priv pub g ; do
- echo "" >> ${_outbase}.$x
- echo ============ ${_outbase}.$x
- cat ${_outbase}.$x
- echo ============
- done
-}
-
ecdsa_params() {
_in="$1"
_outbase="$2"
exit 1
fi
-rm -f rsa_1 dsa_1 ecdsa_1 ed25519_1
-rm -f rsa_2 dsa_2 ecdsa_2 ed25519_2
-rm -f rsa_n dsa_n ecdsa_n # new-format keys
-rm -f rsa_1_pw dsa_1_pw ecdsa_1_pw ed25519_1_pw
-rm -f rsa_n_pw dsa_n_pw ecdsa_n_pw
+rm -f rsa_1 ecdsa_1 ed25519_1
+rm -f rsa_2 ecdsa_2 ed25519_2
+rm -f rsa_n ecdsa_n # new-format keys
+rm -f rsa_1_pw ecdsa_1_pw ed25519_1_pw
+rm -f rsa_n_pw ecdsa_n_pw
rm -f pw *.pub *.bn.* *.param.* *.fp *.fp.bb
ssh-keygen -t rsa -b 1024 -C "RSA test key #1" -N "" -f rsa_1 -m PEM
-ssh-keygen -t dsa -b 1024 -C "DSA test key #1" -N "" -f dsa_1 -m PEM
ssh-keygen -t ecdsa -b 256 -C "ECDSA test key #1" -N "" -f ecdsa_1 -m PEM
ssh-keygen -t ed25519 -C "ED25519 test key #1" -N "" -f ed25519_1
ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key #1" \
ssh-keygen -t rsa -b 2048 -C "RSA test key #2" -N "" -f rsa_2 -m PEM
-ssh-keygen -t dsa -b 1024 -C "DSA test key #2" -N "" -f dsa_2 -m PEM
ssh-keygen -t ecdsa -b 521 -C "ECDSA test key #2" -N "" -f ecdsa_2 -m PEM
ssh-keygen -t ed25519 -C "ED25519 test key #2" -N "" -f ed25519_2
ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key #2" \
-N "" -f ed25519_sk2
cp rsa_1 rsa_n
-cp dsa_1 dsa_n
cp ecdsa_1 ecdsa_n
ssh-keygen -pf rsa_n -N ""
-ssh-keygen -pf dsa_n -N ""
ssh-keygen -pf ecdsa_n -N ""
cp rsa_1 rsa_1_pw
-cp dsa_1 dsa_1_pw
cp ecdsa_1 ecdsa_1_pw
cp ed25519_1 ed25519_1_pw
cp ecdsa_sk1 ecdsa_sk1_pw
cp ed25519_sk1 ed25519_sk1_pw
cp rsa_1 rsa_n_pw
-cp dsa_1 dsa_n_pw
cp ecdsa_1 ecdsa_n_pw
ssh-keygen -pf rsa_1_pw -m PEM -N "$PW"
-ssh-keygen -pf dsa_1_pw -m PEM -N "$PW"
ssh-keygen -pf ecdsa_1_pw -m PEM -N "$PW"
ssh-keygen -pf ed25519_1_pw -N "$PW"
ssh-keygen -pf ecdsa_sk1_pw -m PEM -N "$PW"
ssh-keygen -pf ed25519_sk1_pw -N "$PW"
ssh-keygen -pf rsa_n_pw -N "$PW"
-ssh-keygen -pf dsa_n_pw -N "$PW"
ssh-keygen -pf ecdsa_n_pw -N "$PW"
rsa_params rsa_1 rsa_1.param
rsa_params rsa_2 rsa_2.param
-dsa_params dsa_1 dsa_1.param
-dsa_params dsa_1 dsa_1.param
ecdsa_params ecdsa_1 ecdsa_1.param
ecdsa_params ecdsa_2 ecdsa_2.param
# XXX ed25519, *sk params
ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
-Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
-V 19990101:20110101 -z 1 rsa_1.pub
-ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
- -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
- -V 19990101:20110101 -z 2 dsa_1.pub
ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
-Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
-V 19990101:20110101 -z 3 ecdsa_1.pub
ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
-V 19990101:20110101 -z 5 rsa_1.pub
-ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
- -V 19990101:20110101 -z 6 dsa_1.pub
ssh-keygen -s ecdsa_1 -I julius -n host1,host2 -h \
-V 19990101:20110101 -z 7 ecdsa_1.pub
ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
-V 19990101:20110101 -z 8 ed25519_sk1.pub
ssh-keygen -lf rsa_1 | awk '{print $2}' > rsa_1.fp
-ssh-keygen -lf dsa_1 | awk '{print $2}' > dsa_1.fp
ssh-keygen -lf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp
ssh-keygen -lf ed25519_1 | awk '{print $2}' > ed25519_1.fp
ssh-keygen -lf ecdsa_sk1 | awk '{print $2}' > ecdsa_sk1.fp
ssh-keygen -lf ed25519_sk1 | awk '{print $2}' > ed25519_sk1.fp
ssh-keygen -lf rsa_2 | awk '{print $2}' > rsa_2.fp
-ssh-keygen -lf dsa_2 | awk '{print $2}' > dsa_2.fp
ssh-keygen -lf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp
ssh-keygen -lf ed25519_2 | awk '{print $2}' > ed25519_2.fp
ssh-keygen -lf ecdsa_sk2 | awk '{print $2}' > ecdsa_sk2.fp
ssh-keygen -lf ed25519_sk2 | awk '{print $2}' > ed25519_sk2.fp
ssh-keygen -lf rsa_1-cert.pub | awk '{print $2}' > rsa_1-cert.fp
-ssh-keygen -lf dsa_1-cert.pub | awk '{print $2}' > dsa_1-cert.fp
ssh-keygen -lf ecdsa_1-cert.pub | awk '{print $2}' > ecdsa_1-cert.fp
ssh-keygen -lf ed25519_1-cert.pub | awk '{print $2}' > ed25519_1-cert.fp
ssh-keygen -lf ecdsa_sk1-cert.pub | awk '{print $2}' > ecdsa_sk1-cert.fp
ssh-keygen -lf ed25519_sk1-cert.pub | awk '{print $2}' > ed25519_sk1-cert.fp
ssh-keygen -Bf rsa_1 | awk '{print $2}' > rsa_1.fp.bb
-ssh-keygen -Bf dsa_1 | awk '{print $2}' > dsa_1.fp.bb
ssh-keygen -Bf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp.bb
ssh-keygen -Bf ed25519_1 | awk '{print $2}' > ed25519_1.fp.bb
ssh-keygen -Bf ecdsa_sk1 | awk '{print $2}' > ecdsa_sk1.fp.bb
ssh-keygen -Bf ed25519_sk1 | awk '{print $2}' > ed25519_sk1.fp.bb
ssh-keygen -Bf rsa_2 | awk '{print $2}' > rsa_2.fp.bb
-ssh-keygen -Bf dsa_2 | awk '{print $2}' > dsa_2.fp.bb
ssh-keygen -Bf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp.bb
ssh-keygen -Bf ed25519_2 | awk '{print $2}' > ed25519_2.fp.bb
ssh-keygen -Bf ecdsa_sk2 | awk '{print $2}' > ecdsa_sk2.fp.bb
-/* $OpenBSD: test_file.c,v 1.12 2024/08/15 00:52:23 djm Exp $ */
+/* $OpenBSD: test_file.c,v 1.13 2025/05/06 06:05:48 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
#ifdef WITH_OPENSSL
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/objects.h>
#ifdef OPENSSL_HAS_NISTP256
# include <openssl/ec.h>
sshkey_free(k1);
-#ifdef WITH_DSA
- TEST_START("parse DSA from private");
- buf = load_file("dsa_1");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k1, NULL);
- a = load_bignum("dsa_1.param.g");
- b = load_bignum("dsa_1.param.priv");
- c = load_bignum("dsa_1.param.pub");
- ASSERT_BIGNUM_EQ(dsa_g(k1), a);
- ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b);
- ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c);
- BN_free(a);
- BN_free(b);
- BN_free(c);
- TEST_DONE();
-
- TEST_START("parse DSA from private w/ passphrase");
- buf = load_file("dsa_1_pw");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
- (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("parse DSA from new-format");
- buf = load_file("dsa_n");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("parse DSA from new-format w/ passphrase");
- buf = load_file("dsa_n_pw");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
- (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("load DSA from public");
- ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
- NULL), 0);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("load DSA cert");
- ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
- ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
- TEST_DONE();
-
- TEST_START("DSA key hex fingerprint");
- buf = load_text_file("dsa_1.fp");
- cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
- ASSERT_PTR_NE(cp, NULL);
- ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
- sshbuf_free(buf);
- free(cp);
- TEST_DONE();
-
- TEST_START("DSA cert hex fingerprint");
- buf = load_text_file("dsa_1-cert.fp");
- cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
- ASSERT_PTR_NE(cp, NULL);
- ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
- sshbuf_free(buf);
- free(cp);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("DSA key bubblebabble fingerprint");
- buf = load_text_file("dsa_1.fp.bb");
- cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
- ASSERT_PTR_NE(cp, NULL);
- ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
- sshbuf_free(buf);
- free(cp);
- TEST_DONE();
-
- sshkey_free(k1);
-#endif
-
#ifdef OPENSSL_HAS_ECC
TEST_START("parse ECDSA from private");
buf = load_file("ecdsa_1");
-/* $OpenBSD: test_fuzz.c,v 1.14 2024/01/11 01:45:58 djm Exp $ */
+/* $OpenBSD: test_fuzz.c,v 1.15 2025/05/06 06:05:48 djm Exp $ */
/*
* Fuzz tests for key parsing
*
#ifdef WITH_OPENSSL
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/objects.h>
#ifdef OPENSSL_HAS_NISTP256
# include <openssl/ec.h>
fuzz_cleanup(fuzz);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("fuzz DSA private");
- buf = load_file("dsa_1");
- fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
- sshbuf_len(buf));
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshkey_free(k1);
- sshbuf_free(buf);
- ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
- TEST_ONERROR(onerror, fuzz);
- for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
- r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
- ASSERT_INT_EQ(r, 0);
- if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
- sshkey_free(k1);
- sshbuf_reset(fuzzed);
- if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
- break;
- }
- sshbuf_free(fuzzed);
- fuzz_cleanup(fuzz);
- TEST_DONE();
-
- TEST_START("fuzz DSA new-format private");
- buf = load_file("dsa_n");
- fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
- sshbuf_len(buf));
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshkey_free(k1);
- sshbuf_free(buf);
- ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
- TEST_ONERROR(onerror, fuzz);
- for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
- r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
- ASSERT_INT_EQ(r, 0);
- if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
- sshkey_free(k1);
- sshbuf_reset(fuzzed);
- if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
- break;
- }
- sshbuf_free(fuzzed);
- fuzz_cleanup(fuzz);
- TEST_DONE();
-#endif
-
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA private");
buf = load_file("ecdsa_1");
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("fuzz DSA public");
- buf = load_file("dsa_1");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshbuf_free(buf);
- public_fuzz(k1);
- sshkey_free(k1);
- TEST_DONE();
-
- TEST_START("fuzz DSA cert");
- ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k1), 0);
- public_fuzz(k1);
- sshkey_free(k1);
- TEST_DONE();
-#endif
-
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("fuzz DSA sig");
- buf = load_file("dsa_1");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshbuf_free(buf);
- sig_fuzz(k1, NULL);
- sshkey_free(k1);
- TEST_DONE();
-#endif
-
#ifdef OPENSSL_HAS_ECC
TEST_START("fuzz ECDSA sig");
buf = load_file("ecdsa_1");
-/* $OpenBSD: test_sshkey.c,v 1.28 2025/04/15 05:31:24 djm Exp $ */
+/* $OpenBSD: test_sshkey.c,v 1.29 2025/05/06 06:05:48 djm Exp $ */
/*
* Regress test for sshkey.h key management API
*
#ifdef WITH_OPENSSL
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
# include <openssl/ec.h>
#endif
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("new/free KEY_DSA");
- k1 = sshkey_new(KEY_DSA);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(k1->dsa, NULL);
- sshkey_free(k1);
- TEST_DONE();
-#endif
#ifdef OPENSSL_HAS_ECC
TEST_START("new/free KEY_ECDSA");
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("generate KEY_DSA wrong bits");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
- SSH_ERR_KEY_LENGTH);
- ASSERT_PTR_EQ(k1, NULL);
- sshkey_free(k1);
- TEST_DONE();
-#endif
#ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("generate KEY_DSA");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
- ASSERT_PTR_NE(kd, NULL);
- ASSERT_PTR_NE(kd->dsa, NULL);
- ASSERT_PTR_NE(dsa_g(kd), NULL);
- ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
- TEST_DONE();
-#endif
#ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA");
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("demote KEY_DSA");
- ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(kd, k1);
- ASSERT_INT_EQ(k1->type, KEY_DSA);
- ASSERT_PTR_NE(k1->dsa, NULL);
- ASSERT_PTR_NE(dsa_g(k1), NULL);
- ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);
- TEST_DONE();
-
- TEST_START("equal KEY_DSA/demoted KEY_DSA");
- ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
- sshkey_free(k1);
- TEST_DONE();
-#endif
#ifdef OPENSSL_HAS_ECC
TEST_START("demote KEY_ECDSA");
sshkey_free(k2);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("sign and verify DSA");
- k1 = get_private("dsa_1");
- ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
- NULL), 0);
- signature_tests(k1, k2, NULL);
- sshkey_free(k1);
- sshkey_free(k2);
- TEST_DONE();
-#endif
#ifdef OPENSSL_HAS_ECC
TEST_START("sign and verify ECDSA");
TEST_DONE();
BENCH_FINISH("keys");
-#ifdef WITH_DSA
- BENCH_START("generate DSA-1024");
- TEST_START("generate KEY_DSA");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k), 0);
- ASSERT_PTR_NE(k, NULL);
- sshkey_free(k);
- TEST_DONE();
- BENCH_FINISH("keys");
-#endif
BENCH_START("generate ECDSA-256");
TEST_START("generate KEY_ECDSA");
signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 0);
signature_benchmark("RSA-2048/SHA256", KEY_RSA, 2048, "rsa-sha2-256", 0);
signature_benchmark("RSA-2048/SHA512", KEY_RSA, 2048, "rsa-sha2-512", 0);
-#ifdef WITH_DSA
- signature_benchmark("DSA-1024", KEY_DSA, 1024, NULL, 0);
-#endif
signature_benchmark("ECDSA-256", KEY_ECDSA, 256, NULL, 0);
signature_benchmark("ECDSA-384", KEY_ECDSA, 384, NULL, 0);
signature_benchmark("ECDSA-521", KEY_ECDSA, 521, NULL, 0);
signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 1);
signature_benchmark("RSA-2048/SHA256", KEY_RSA, 2048, "rsa-sha2-256", 1);
signature_benchmark("RSA-2048/SHA512", KEY_RSA, 2048, "rsa-sha2-512", 1);
-#ifdef WITH_DSA
- signature_benchmark("DSA-1024", KEY_DSA, 1024, NULL, 1);
-#endif
signature_benchmark("ECDSA-256", KEY_ECDSA, 256, NULL, 1);
signature_benchmark("ECDSA-384", KEY_ECDSA, 384, NULL, 1);
signature_benchmark("ECDSA-521", KEY_ECDSA, 521, NULL, 1);
+++ /dev/null
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQD6kutNFRsHTwEAv6d39Lhsqy1apdHBZ9c2HfyRr7WmypyGIy2m
-Ka43vzXI8CNwmRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+MiwfurwrR3CRe61QRYb8Py
-mcHOxueHs95IcjrbIPNn86cjnPP5qvv/guUzCjuww4zBdJOXpligrGt2XwIVAKMD
-/50qQy7j8JaMk+1+Xtg1pK01AoGBAO7l9QVVbSSoy5lq6cOtvpf8UlwOa6+zBwbl
-o4gmFd1RwX1yWkA8kQ7RrhCSg8Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEWtN4P
-h8fVUeS74iQbIwFQeKlYHIlNTRoGtAbdi3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgz
-LND26HrdAoGBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb
-OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joo
-t+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAhRYIbQ5
-KfXsZuBPuWe5FJz3ldaEgw==
------END DSA PRIVATE KEY-----
+++ /dev/null
-SHA256:kOLgXSoAT8O5T6r36n5NJUYigbux1d7gdH/rmWiJm6s
+++ /dev/null
-ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgdTlbNU9Hn9Qng3FHxwH971bxCIoq1ern/QWFFDWXgmYAAACBAPqS600VGwdPAQC/p3f0uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw62+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxbOXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAAAAAAAAAAYAAAACAAAABmp1bGl1cwAAABIAAAAFaG9zdDEAAAAFaG9zdDIAAAAANowB8AAAAABNHmBwAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBThupGO0X+FLQhbz8CoKPwc7V3JNsQuGtlsgN+F7SMGQAAAFMAAAALc3NoLWVkMjU1MTkAAABAh/z1LIdNL1b66tQ8t9DY9BTB3BQKpTKmc7ezyFKLwl96yaIniZwD9Ticdbe/8i/Li3uCFE3EAt8NAIv9zff8Bg== DSA test key #1
+++ /dev/null
-SHA256:kOLgXSoAT8O5T6r36n5NJUYigbux1d7gdH/rmWiJm6s
+++ /dev/null
-xetag-todiz-mifah-torec-mynyv-cyvit-gopon-pygag-rupic-cenav-bexax
+++ /dev/null
-00eee5f505556d24a8cb996ae9c3adbe97fc525c0e6bafb30706e5a3882615dd51c17d725a403c910ed1ae109283c1dcea62069ca460291962ff72e06d27d9d286c525e86446d116b4de0f87c7d551e4bbe2241b23015078a9581c894d4d1a06b406dd8b79c7755f81064110735577ae3a98aa18cea33ff236c8332cd0f6e87add
+++ /dev/null
-5821b43929f5ec66e04fb967b9149cf795d68483
+++ /dev/null
-00e757a727e6a1b10168ea9902ebe08f53f4ba18c6d8fdf551fbabbf6d8558f054dc0f6aae4c5b397c04d0bc2f8c2bebb1057f96b621273fed8b2b38d1579a86e956644e520073171887fde4b88b4a0697323928ee3a28b7e2caf3896d2f29b067840c9d88e765249c95fd54bb240c714b5bdf8f88d2ef58727ca1a7699216c42d
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAPqS600VGwdPAQC/p3f0uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw62+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxbOXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQt DSA test key #1
+++ /dev/null
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,BC8386C373B22EB7F00ADC821D5D8BE9
-
-+HDV2DQ09sxrIAeXTz9r3YFuPRa2hk1+NGcr3ETkXbC6KiZ14wpTnGTloKwaQjIW
-eXTa9mpCOWAoohgvsVb+hOuOlP7AfeHu1IXV4EAS+GDpkiV5UxlCXXwqlD75Buu4
-wwDd/p4SWzILH3WGjDk5JIXoxWNY13LHwC7Q6gtGJx4AicUG7YBRTXMIBDa/Kh77
-6o2rFETKmp4VHBvHbakmiETfptdM8bbWxKWeY2vakThyESgeofsLoTOQCIwlEfJC
-s2D/KYL65C8VbHYgIoSLTQnooO45DDyxIuhCqP+H23mhv9vB1Od3nc2atgHj/XFs
-dcOPFkF/msDRYqxY3V0AS6+jpKwFodZ7g/hyGcyPxOkzlJVuKoKuH6P5PyQ69Gx0
-iqri0xEPyABr7kGlXNrjjctojX+B4WwSnjg/2euXXWFXCRalIdA7ErATTiQbGOx7
-Vd6Gn8PZbSy1MkqEDrZRip0pfAFJYI/8GXPC75BpnRsrVlfhtrngbW+kBP35LzaN
-l2K+RQ3gSB3iFoqNb1Kuu6T5MZlyVl5H2dVlJSeb1euQ2OycXdDoFTyJ4AiyWS7w
-Vlh8zeJnso5QRDjMwx99pZilbbuFGSLsahiGEveFc6o=
------END DSA PRIVATE KEY-----
+++ /dev/null
------BEGIN DSA PRIVATE KEY-----
-MIIBvQIBAAKBgQCbyPXNdHeLsjpobPVCMkfagBkt15Zsltqf/PGNP1y1cuz7rsTX
-ZekQwUkSTNm5coqXe+ZOw2O4tjobJDd60I1/VPgaB0NYlQR9Hn87M284WD4f6VY+
-aunHmP134a8ybG5G4NqVNF3ihvxAR2pVITqb7kE46r2uYZNcNlHI8voRCwIVAMcP
-bwqFNsQbH5pJyZW30wj4KVZ3AoGBAIK98BVeKQVf8qDFqx9ovMuNgVSxpd+N0Yta
-5ZEy1OI2ziu5RhjueIM2K7Gq2Mnp38ob1AM53BUxqlcBJaHEDa6rj6yvuMgW9oCJ
-dImBM8sIFxfBbXNbpJiMaDwa6WyT84OkpDE6uuAepTMnWOUWkUVkAiyokHDUGXkG
-GyoQblbXAoGBAIsf7TaZ804sUWwRV0wI8DYx+hxD5QdrfYPYMtL2fHn3lICimGt0
-FTtUZ25jKg0E0DMBPdET6ZEHB3ZZkR8hFoUzZhdnyJMu3UjVtgaV88Ue3PrXxchk
-0W2jHPaAgQU3JIWzo8HFIFqvC/HEL+EyW3rBTY2uXM3XGI+YcWSA4ZrZAhUAsY2f
-bDFNzgZ4DaZ9wLRzTgOswPU=
------END DSA PRIVATE KEY-----
+++ /dev/null
-SHA256:ecwhWcXgpdBxZ2e+OjpRRY7dqXHHCD62BGtoVQQBwCk
+++ /dev/null
-xeser-megad-pocan-rozit-belup-tapoh-fapif-kyvit-vonav-cehab-naxax
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAJvI9c10d4uyOmhs9UIyR9qAGS3XlmyW2p/88Y0/XLVy7PuuxNdl6RDBSRJM2blyipd75k7DY7i2OhskN3rQjX9U+BoHQ1iVBH0efzszbzhYPh/pVj5q6ceY/XfhrzJsbkbg2pU0XeKG/EBHalUhOpvuQTjqva5hk1w2Ucjy+hELAAAAFQDHD28KhTbEGx+aScmVt9MI+ClWdwAAAIEAgr3wFV4pBV/yoMWrH2i8y42BVLGl343Ri1rlkTLU4jbOK7lGGO54gzYrsarYyenfyhvUAzncFTGqVwElocQNrquPrK+4yBb2gIl0iYEzywgXF8Ftc1ukmIxoPBrpbJPzg6SkMTq64B6lMydY5RaRRWQCLKiQcNQZeQYbKhBuVtcAAACBAIsf7TaZ804sUWwRV0wI8DYx+hxD5QdrfYPYMtL2fHn3lICimGt0FTtUZ25jKg0E0DMBPdET6ZEHB3ZZkR8hFoUzZhdnyJMu3UjVtgaV88Ue3PrXxchk0W2jHPaAgQU3JIWzo8HFIFqvC/HEL+EyW3rBTY2uXM3XGI+YcWSA4ZrZ DSA test key #2
+++ /dev/null
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABswAAAAdzc2gtZH
-NzAAAAgQD6kutNFRsHTwEAv6d39Lhsqy1apdHBZ9c2HfyRr7WmypyGIy2mKa43vzXI8CNw
-mRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+MiwfurwrR3CRe61QRYb8PymcHOxueHs95IcjrbIP
-Nn86cjnPP5qvv/guUzCjuww4zBdJOXpligrGt2XwAAABUAowP/nSpDLuPwloyT7X5e2DWk
-rTUAAACBAO7l9QVVbSSoy5lq6cOtvpf8UlwOa6+zBwblo4gmFd1RwX1yWkA8kQ7RrhCSg8
-Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEWtN4Ph8fVUeS74iQbIwFQeKlYHIlNTRoGtAbd
-i3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgzLND26HrdAAAAgQDnV6cn5qGxAWjqmQLr4I9T9L
-oYxtj99VH7q79thVjwVNwPaq5MWzl8BNC8L4wr67EFf5a2ISc/7YsrONFXmobpVmROUgBz
-FxiH/eS4i0oGlzI5KO46KLfiyvOJbS8psGeEDJ2I52UknJX9VLskDHFLW9+PiNLvWHJ8oa
-dpkhbELQAAAdhWTOFbVkzhWwAAAAdzc2gtZHNzAAAAgQD6kutNFRsHTwEAv6d39Lhsqy1a
-pdHBZ9c2HfyRr7WmypyGIy2mKa43vzXI8CNwmRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+Miwf
-urwrR3CRe61QRYb8PymcHOxueHs95IcjrbIPNn86cjnPP5qvv/guUzCjuww4zBdJOXplig
-rGt2XwAAABUAowP/nSpDLuPwloyT7X5e2DWkrTUAAACBAO7l9QVVbSSoy5lq6cOtvpf8Ul
-wOa6+zBwblo4gmFd1RwX1yWkA8kQ7RrhCSg8Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEW
-tN4Ph8fVUeS74iQbIwFQeKlYHIlNTRoGtAbdi3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgzLN
-D26HrdAAAAgQDnV6cn5qGxAWjqmQLr4I9T9LoYxtj99VH7q79thVjwVNwPaq5MWzl8BNC8
-L4wr67EFf5a2ISc/7YsrONFXmobpVmROUgBzFxiH/eS4i0oGlzI5KO46KLfiyvOJbS8psG
-eEDJ2I52UknJX9VLskDHFLW9+PiNLvWHJ8oadpkhbELQAAABRYIbQ5KfXsZuBPuWe5FJz3
-ldaEgwAAAAAB
------END OPENSSH PRIVATE KEY-----
+++ /dev/null
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCVs+LsMJ
-wnB5zM9U9pTXrGAAAAEAAAAAEAAAGzAAAAB3NzaC1kc3MAAACBAPqS600VGwdPAQC/p3f0
-uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y
-4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0
-k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw6
-2+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl
-6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/
-I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb
-OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84
-ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAAAB4HiOcRW4w+sIqBL0
-TPVbf0glN1hUi0rcE63Pqxmvxb8LkldC4IxAUagPrjhNAEW2AY42+CvPrtGB1z7gDADAIW
-xZX6wKwIcXP0Qh+xHE12F4u6mwfasssnAp4t1Ki8uCjMjnimgb3KdWpp0kiUV0oR062TXV
-PAdfrWjaq4fw0KOqbHIAG/v36AqzuqjSTfDbqvLZM3y0gp2Q1RxaQVJA5ZIKKyqRyFX7sr
-BaEIyCgeE3hM0EB7BycY1oIcS/eNxrACBWVJCENl5N7LtEYXNX7TANFniztfXzwaqGTT6A
-fCfbW4gz1UKldLUBzbIrPwMWlirAstbHvOf/2Iay2pNAs/SHhI0aF2jsGfvv5/D6N+r9dG
-B2SgDKBg7pywMH1DTvg6YT3P4GjCx0GUHqRCFLvD1rDdk4KSjvaRMpVq1PJ0/Wv6UGtsMS
-TR0PaEHDRNZqAX4YxqujnWrGKuRJhuz0eUvp7fZvbWHtiAMKV7368kkeUmkOHanb+TS+zs
-KINX8ev8zJZ6WVr8Vl+IQavpv0i2bXwS6QqbEuifpv/+uBb7pqRiU4u8en0eMdX1bZoTPM
-R6xHCnGD/Jpb3zS91Ya57T6CiXZ12KCaL6nWGnCkZVpzkfJ2HjFklWSWBQ6uyaosDQ==
------END OPENSSH PRIVATE KEY-----
-# $OpenBSD: Makefile,v 1.3 2023/01/15 23:35:10 djm Exp $
+# $OpenBSD: Makefile,v 1.4 2025/05/06 06:05:48 djm Exp $
PROG=test_sshsig
SRCS=tests.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c sshsig.c
SRCS+=ed25519.c hash.c
#!/bin/sh
-# $OpenBSD: mktestdata.sh,v 1.1 2020/06/19 04:32:09 djm Exp $
+# $OpenBSD: mktestdata.sh,v 1.2 2025/05/06 06:05:48 djm Exp $
NAMESPACE=unittest
fi
rm -f signed-data namespace
-rm -f rsa dsa ecdsa ed25519 ecdsa_sk ed25519_sk
-rm -f rsa.sig dsa.sig ecdsa.sig ed25519.sig ecdsa_sk.sig ed25519_sk.sig
+rm -f rsa ecdsa ed25519 ecdsa_sk ed25519_sk
+rm -f rsa.sig ecdsa.sig ed25519.sig ecdsa_sk.sig ed25519_sk.sig
printf "This is a test, this is only a test" > signed-data
printf "$NAMESPACE" > namespace
ssh-keygen -t rsa -C "RSA test" -N "" -f rsa -m PEM
-ssh-keygen -t dsa -C "DSA test" -N "" -f dsa -m PEM
ssh-keygen -t ecdsa -C "ECDSA test" -N "" -f ecdsa -m PEM
ssh-keygen -t ed25519 -C "ED25519 test key" -N "" -f ed25519
ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key" \
-N "" -f ed25519_sk
ssh-keygen -Y sign -f rsa -n $NAMESPACE - < signed-data > rsa.sig
-ssh-keygen -Y sign -f dsa -n $NAMESPACE - < signed-data > dsa.sig
ssh-keygen -Y sign -f ecdsa -n $NAMESPACE - < signed-data > ecdsa.sig
ssh-keygen -Y sign -f ed25519 -n $NAMESPACE - < signed-data > ed25519.sig
ssh-keygen -w "$SK_DUMMY" \
+++ /dev/null
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQCXpndQdz2mQVnk+lYOF3nxDT+h6SiJmUvBFhnFWBv8tG4pTOkb
-EwGufLEzGpzjTj+3bjVau7LFt37AFrqs4Num272BWNsYNIjOlGPgq7Xjv32FN00x
-JYh1DoRs1cGGnvohlsWEamGGhTHD1a9ipctPEBV+NrxtZMrl+pO/ZZg8vQIVAKJB
-P3iNYSpSuW74+q4WxLCuK8O3AoGAQldE+BIuxlvoG1IFiWesx0CU+H2KO0SEZc9A
-SX/qjOabh0Fb78ofTlEf9gWHFfat8SvSJQIOPMVlb76Lio8AAMT8Eaa/qQKKYmQL
-dNq4MLhhjxx5KLGt6J2JyFPExCv+qnHYHD59ngtLwKyqGjpSC8LPLktdXn8W/Aad
-Ly1K7+MCgYBsMHBczhSeUh8w7i20CVg4OlNTmfJRVU2tO6OpMxZ/quitRm3hLKSN
-u4xRkvHJwi4LhQtv1SXvLI5gs5P3gCG8tsIAiyCqLinHha63iBdJpqhnV/x/j7dB
-yJr3xJbnmLdWLkkCtNk1Ir1/CuEz+ufAyLGdKWksEAu1UUlb501BkwIVAILIa3Rg
-0h7J9lQpHJphvF3K0M1T
------END DSA PRIVATE KEY-----
+++ /dev/null
-ssh-dss AAAAB3NzaC1kc3MAAACBAJemd1B3PaZBWeT6Vg4XefENP6HpKImZS8EWGcVYG/y0bilM6RsTAa58sTManONOP7duNVq7ssW3fsAWuqzg26bbvYFY2xg0iM6UY+CrteO/fYU3TTEliHUOhGzVwYae+iGWxYRqYYaFMcPVr2Kly08QFX42vG1kyuX6k79lmDy9AAAAFQCiQT94jWEqUrlu+PquFsSwrivDtwAAAIBCV0T4Ei7GW+gbUgWJZ6zHQJT4fYo7RIRlz0BJf+qM5puHQVvvyh9OUR/2BYcV9q3xK9IlAg48xWVvvouKjwAAxPwRpr+pAopiZAt02rgwuGGPHHkosa3onYnIU8TEK/6qcdgcPn2eC0vArKoaOlILws8uS11efxb8Bp0vLUrv4wAAAIBsMHBczhSeUh8w7i20CVg4OlNTmfJRVU2tO6OpMxZ/quitRm3hLKSNu4xRkvHJwi4LhQtv1SXvLI5gs5P3gCG8tsIAiyCqLinHha63iBdJpqhnV/x/j7dByJr3xJbnmLdWLkkCtNk1Ir1/CuEz+ufAyLGdKWksEAu1UUlb501Bkw== DSA test
+++ /dev/null
------BEGIN SSH SIGNATURE-----
-U1NIU0lHAAAAAQAAAbEAAAAHc3NoLWRzcwAAAIEAl6Z3UHc9pkFZ5PpWDhd58Q0/oekoiZ
-lLwRYZxVgb/LRuKUzpGxMBrnyxMxqc404/t241Wruyxbd+wBa6rODbptu9gVjbGDSIzpRj
-4Ku14799hTdNMSWIdQ6EbNXBhp76IZbFhGphhoUxw9WvYqXLTxAVfja8bWTK5fqTv2WYPL
-0AAAAVAKJBP3iNYSpSuW74+q4WxLCuK8O3AAAAgEJXRPgSLsZb6BtSBYlnrMdAlPh9ijtE
-hGXPQEl/6ozmm4dBW+/KH05RH/YFhxX2rfEr0iUCDjzFZW++i4qPAADE/BGmv6kCimJkC3
-TauDC4YY8ceSixreidichTxMQr/qpx2Bw+fZ4LS8Csqho6UgvCzy5LXV5/FvwGnS8tSu/j
-AAAAgGwwcFzOFJ5SHzDuLbQJWDg6U1OZ8lFVTa07o6kzFn+q6K1GbeEspI27jFGS8cnCLg
-uFC2/VJe8sjmCzk/eAIby2wgCLIKouKceFrreIF0mmqGdX/H+Pt0HImvfElueYt1YuSQK0
-2TUivX8K4TP658DIsZ0paSwQC7VRSVvnTUGTAAAACHVuaXR0ZXN0AAAAAAAAAAZzaGE1MT
-IAAAA3AAAAB3NzaC1kc3MAAAAodi5lr0pqBpO76OY4N1CtfR85BCgZ95qfVjP/e9lToj0q
-lwjSJJXUjw==
------END SSH SIGNATURE-----
-/* $OpenBSD: tests.c,v 1.5 2025/04/15 04:00:42 djm Exp $ */
+/* $OpenBSD: tests.c,v 1.6 2025/05/06 06:05:48 djm Exp $ */
/*
* Regress test for sshbuf.h buffer API
*
check_sig("rsa.pub", "rsa.sig", msg, namespace);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("check DSA signature");
- check_sig("dsa.pub", "dsa.sig", msg, namespace);
- TEST_DONE();
-#endif
#ifdef OPENSSL_HAS_ECC
TEST_START("check ECDSA signature");
projects / thirdparty / openssh-portable.git / commitdiff
