[git] GnuPG - branch, master, updated. gnupg-2.1.19-3-g74cb3b2

by Justus Winter cvs at cvs.gnupg.org
Thu Mar 2 10:46:18 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  74cb3b230c1f99afc5fd09bccc24186a63b154b0 (commit)
      from  e064c75b08a523f738108428fe0c417a46e66238 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 74cb3b230c1f99afc5fd09bccc24186a63b154b0
Author: Justus Winter <justus at g10code.com>
Date:   Thu Mar 2 10:41:03 2017 +0100

    tests: Log information about ssh, add comments to test.
    
    * tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and
    log the binary and version used in the test.
    (ssh-supports?): Document how we test what algorithms are supported by
    ssh, and log ssh-keygen's replies.
    --
    We have some trouble with this test on macOS, and adding some more
    information in verbose mode will hopefully make tracking down these
    problems easier in the future.
    
    GnuPG-bug-id: 2980
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/tests/openpgp/ssh-import.scm b/tests/openpgp/ssh-import.scm
index 7a4364c..d210056 100755
--- a/tests/openpgp/ssh-import.scm
+++ b/tests/openpgp/ssh-import.scm
@@ -36,8 +36,13 @@
 (catch (skip "ssh-keygen not found")
        (set! ssh-keygen (path-expand "ssh-keygen" path)))
 
+(define ssh-version-string
+  (:stderr (call-with-io `(,ssh "-V") "")))
+
+(log "Using" ssh "version:" ssh-version-string)
+
 (define ssh-version
-  (let ((tmp (:stderr (call-with-io `(,ssh "-V") "")))
+  (let ((tmp ssh-version-string)
 	(prefix "OpenSSH_"))
     (unless (string-prefix? tmp prefix)
 	    (skip "This doesn't look like OpenSSH:" tmp))
@@ -45,14 +50,22 @@
 			       (+ 3 (string-length prefix))))))
 
 (define (ssh-supports? algorithm)
+  ;; We exploit ssh-keygen as an oracle to test what algorithms ssh
+  ;; supports.
   (cond
    ((equal? algorithm "ed25519")
+    ;; Unfortunately, our oracle does not work for ed25519 because
+    ;; this is a specific curve and not a family, so the key size
+    ;; parameter is ignored.
     (>= ssh-version 6.5))
    (else
-    (not (string-contains? (:stderr (call-with-io `(,ssh-keygen
-						    -t ,algorithm
-						    -b "1009") ""))
-			   "unknown key type")))))
+    ;; We call ssh-keygen with the algorithm to test, specify an
+    ;; invalid key size, and observe the error message.
+    (let ((output (:stderr (call-with-io `(,ssh-keygen
+					   -t ,algorithm
+					   -b "1009") ""))))
+      (log "(ssh-supports?" algorithm "), ssh algorithm oracle replied:" output)
+      (not (string-contains? output "unknown key type"))))))
 
 (define keys
   '(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58")

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/ssh-import.scm | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list