ssh: don't use dsa keys in integration tests

drakkan · gopherbot · commit bb80217080b0 · 2024-07-22T17:35:33.000Z
DSA has been disabled by default since OpenSSH 9.8, so tests fail with newer versions of OpenSSH Change-Id: I57b9abde8845cd05116a637a21cbbb8af740b2e0 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/599955 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Nicola Murino <nicola.murino@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/ssh/agent/client_test.go b/ssh/agent/client_test.go
@@ -165,9 +165,9 @@ func testAgentInterface(t *testing.T, agent ExtendedAgent, key interface{}, cert
 	sig, err := agent.Sign(pubKey, data)
 	if err != nil {
 		t.Logf("sign failed with key type %q", pubKey.Type())
-		// In integration tests ssh-dss and ssh-rsa (SHA1 signatures) may be
-		// disabled for security reasons, we check SHA-2 variants later.
-		if pubKey.Type() != ssh.KeyAlgoDSA && pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {
+		// In integration tests ssh-rsa (SHA1 signatures) may be disabled for
+		// security reasons, we check SHA-2 variants later.
+		if pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {
 			t.Fatalf("Sign(%s): %v", pubKey.Type(), err)
 		}
 	} else {
@@ -251,7 +251,7 @@ func TestMalformedRequests(t *testing.T) {
 }
 
 func TestAgent(t *testing.T) {
-	for _, keyType := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {
+	for _, keyType := range []string{"rsa", "ecdsa", "ed25519"} {
 		testOpenSSHAgent(t, testPrivateKeys[keyType], nil, 0)
 		testKeyringAgent(t, testPrivateKeys[keyType], nil, 0)
 	}
@@ -409,7 +409,7 @@ func testLockAgent(agent Agent, t *testing.T) {
 	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil {
 		t.Errorf("Add: %v", err)
 	}
-	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil {
+	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["ecdsa"], Comment: "comment ecdsa"}); err != nil {
 		t.Errorf("Add: %v", err)
 	}
 	if keys, err := agent.List(); err != nil {
diff --git a/ssh/test/agent_unix_test.go b/ssh/test/agent_unix_test.go
@@ -20,17 +20,17 @@ func TestAgentForward(t *testing.T) {
 	defer conn.Close()
 
 	keyring := agent.NewKeyring()
-	if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["dsa"]}); err != nil {
+	if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["ecdsa"]}); err != nil {
 		t.Fatalf("Error adding key: %s", err)
 	}
 	if err := keyring.Add(agent.AddedKey{
-		PrivateKey:       testPrivateKeys["dsa"],
+		PrivateKey:       testPrivateKeys["ecdsa"],
 		ConfirmBeforeUse: true,
 		LifetimeSecs:     3600,
 	}); err != nil {
 		t.Fatalf("Error adding key with constraints: %s", err)
 	}
-	pub := testPublicKeys["dsa"]
+	pub := testPublicKeys["ecdsa"]
 
 	sess, err := conn.NewSession()
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -165,9 +165,9 @@ func testAgentInterface(t *testing.T, agent ExtendedAgent, key interface{}, cert`
`165`	`165`	`sig, err := agent.Sign(pubKey, data)`
`166`	`166`	`if err != nil {`
`167`	`167`	`t.Logf("sign failed with key type %q", pubKey.Type())`
`168`		`- // In integration tests ssh-dss and ssh-rsa (SHA1 signatures) may be`
`169`		`- // disabled for security reasons, we check SHA-2 variants later.`
`170`		`- if pubKey.Type() != ssh.KeyAlgoDSA && pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {`
	`168`	`+ // In integration tests ssh-rsa (SHA1 signatures) may be disabled for`
	`169`	`+ // security reasons, we check SHA-2 variants later.`
	`170`	`+ if pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {`
`171`	`171`	`t.Fatalf("Sign(%s): %v", pubKey.Type(), err)`
`172`	`172`	`}`
`173`	`173`	`} else {`
`@@ -251,7 +251,7 @@ func TestMalformedRequests(t *testing.T) {`
`251`	`251`	`}`
`252`	`252`
`253`	`253`	`func TestAgent(t *testing.T) {`
`254`		`- for _, keyType := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {`
	`254`	`+ for _, keyType := range []string{"rsa", "ecdsa", "ed25519"} {`
`255`	`255`	`testOpenSSHAgent(t, testPrivateKeys[keyType], nil, 0)`
`256`	`256`	`testKeyringAgent(t, testPrivateKeys[keyType], nil, 0)`
`257`	`257`	`}`
`@@ -409,7 +409,7 @@ func testLockAgent(agent Agent, t *testing.T) {`
`409`	`409`	`if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil {`
`410`	`410`	`t.Errorf("Add: %v", err)`
`411`	`411`	`}`
`412`		`- if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil {`
	`412`	`+ if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["ecdsa"], Comment: "comment ecdsa"}); err != nil {`
`413`	`413`	`t.Errorf("Add: %v", err)`
`414`	`414`	`}`
`415`	`415`	`if keys, err := agent.List(); err != nil {`