From bb80217080b0e04c6e73e5dcd9f3a9bb11fe23f6 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sun, 21 Jul 2024 11:43:44 +0200 Subject: [PATCH] ssh: don't use dsa keys in integration tests DSA has been disabled by default since OpenSSH 9.8, so tests fail with newer versions of OpenSSH Change-Id: I57b9abde8845cd05116a637a21cbbb8af740b2e0 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/599955 Reviewed-by: Dmitri Shuralyov Auto-Submit: Nicola Murino LUCI-TryBot-Result: Go LUCI Reviewed-by: Roland Shoemaker --- ssh/agent/client_test.go | 10 +++++----- ssh/test/agent_unix_test.go | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ssh/agent/client_test.go b/ssh/agent/client_test.go index ae03df1a63..f0ffd59592 100644 --- a/ssh/agent/client_test.go +++ b/ssh/agent/client_test.go @@ -165,9 +165,9 @@ func testAgentInterface(t *testing.T, agent ExtendedAgent, key interface{}, cert sig, err := agent.Sign(pubKey, data) if err != nil { t.Logf("sign failed with key type %q", pubKey.Type()) - // In integration tests ssh-dss and ssh-rsa (SHA1 signatures) may be - // disabled for security reasons, we check SHA-2 variants later. - if pubKey.Type() != ssh.KeyAlgoDSA && pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 { + // In integration tests ssh-rsa (SHA1 signatures) may be disabled for + // security reasons, we check SHA-2 variants later. + if pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 { t.Fatalf("Sign(%s): %v", pubKey.Type(), err) } } else { @@ -251,7 +251,7 @@ func TestMalformedRequests(t *testing.T) { } func TestAgent(t *testing.T) { - for _, keyType := range []string{"rsa", "dsa", "ecdsa", "ed25519"} { + for _, keyType := range []string{"rsa", "ecdsa", "ed25519"} { testOpenSSHAgent(t, testPrivateKeys[keyType], nil, 0) testKeyringAgent(t, testPrivateKeys[keyType], nil, 0) } @@ -409,7 +409,7 @@ func testLockAgent(agent Agent, t *testing.T) { if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil { t.Errorf("Add: %v", err) } - if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil { + if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["ecdsa"], Comment: "comment ecdsa"}); err != nil { t.Errorf("Add: %v", err) } if keys, err := agent.List(); err != nil { diff --git a/ssh/test/agent_unix_test.go b/ssh/test/agent_unix_test.go index a9c4893f7d..9257bfe1bc 100644 --- a/ssh/test/agent_unix_test.go +++ b/ssh/test/agent_unix_test.go @@ -20,17 +20,17 @@ func TestAgentForward(t *testing.T) { defer conn.Close() keyring := agent.NewKeyring() - if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["dsa"]}); err != nil { + if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["ecdsa"]}); err != nil { t.Fatalf("Error adding key: %s", err) } if err := keyring.Add(agent.AddedKey{ - PrivateKey: testPrivateKeys["dsa"], + PrivateKey: testPrivateKeys["ecdsa"], ConfirmBeforeUse: true, LifetimeSecs: 3600, }); err != nil { t.Fatalf("Error adding key with constraints: %s", err) } - pub := testPublicKeys["dsa"] + pub := testPublicKeys["ecdsa"] sess, err := conn.NewSession() if err != nil {