Skip to content

Commit

Permalink
ssh: don't use dsa keys in integration tests
Browse files Browse the repository at this point in the history
DSA has been disabled by default since OpenSSH 9.8, so tests
fail with newer versions of OpenSSH

Change-Id: I57b9abde8845cd05116a637a21cbbb8af740b2e0
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/599955
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
  • Loading branch information
drakkan authored and gopherbot committed Jul 22, 2024
1 parent 6879722 commit bb80217
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 8 deletions.
10 changes: 5 additions & 5 deletions ssh/agent/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -165,9 +165,9 @@ func testAgentInterface(t *testing.T, agent ExtendedAgent, key interface{}, cert
sig, err := agent.Sign(pubKey, data)
if err != nil {
t.Logf("sign failed with key type %q", pubKey.Type())
// In integration tests ssh-dss and ssh-rsa (SHA1 signatures) may be
// disabled for security reasons, we check SHA-2 variants later.
if pubKey.Type() != ssh.KeyAlgoDSA && pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {
// In integration tests ssh-rsa (SHA1 signatures) may be disabled for
// security reasons, we check SHA-2 variants later.
if pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {
t.Fatalf("Sign(%s): %v", pubKey.Type(), err)
}
} else {
Expand Down Expand Up @@ -251,7 +251,7 @@ func TestMalformedRequests(t *testing.T) {
}

func TestAgent(t *testing.T) {
for _, keyType := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {
for _, keyType := range []string{"rsa", "ecdsa", "ed25519"} {
testOpenSSHAgent(t, testPrivateKeys[keyType], nil, 0)
testKeyringAgent(t, testPrivateKeys[keyType], nil, 0)
}
Expand Down Expand Up @@ -409,7 +409,7 @@ func testLockAgent(agent Agent, t *testing.T) {
if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil {
t.Errorf("Add: %v", err)
}
if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil {
if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["ecdsa"], Comment: "comment ecdsa"}); err != nil {
t.Errorf("Add: %v", err)
}
if keys, err := agent.List(); err != nil {
Expand Down
6 changes: 3 additions & 3 deletions ssh/test/agent_unix_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,17 @@ func TestAgentForward(t *testing.T) {
defer conn.Close()

keyring := agent.NewKeyring()
if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["dsa"]}); err != nil {
if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["ecdsa"]}); err != nil {
t.Fatalf("Error adding key: %s", err)
}
if err := keyring.Add(agent.AddedKey{
PrivateKey: testPrivateKeys["dsa"],
PrivateKey: testPrivateKeys["ecdsa"],
ConfirmBeforeUse: true,
LifetimeSecs: 3600,
}); err != nil {
t.Fatalf("Error adding key with constraints: %s", err)
}
pub := testPublicKeys["dsa"]
pub := testPublicKeys["ecdsa"]

sess, err := conn.NewSession()
if err != nil {
Expand Down

0 comments on commit bb80217

Please sign in to comment.