ssh: don't use dsa keys in integration tests

DSA has been disabled by default since OpenSSH 9.8, so tests fail with newer versions of OpenSSH Change-Id: I57b9abde8845cd05116a637a21cbbb8af740b2e0 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/599955 Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Nicola Murino <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]>
golang · Jul 22, 2024 · bb80217 · bb80217
1 parent 6879722
commit bb80217
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/ssh/agent/client_test.go b/ssh/agent/client_test.go
@@ -165,9 +165,9 @@ func testAgentInterface(t *testing.T, agent ExtendedAgent, key interface{}, cert
 	sig, err := agent.Sign(pubKey, data)
 	if err != nil {
 		t.Logf("sign failed with key type %q", pubKey.Type())
-		// In integration tests ssh-dss and ssh-rsa (SHA1 signatures) may be
-		// disabled for security reasons, we check SHA-2 variants later.
-		if pubKey.Type() != ssh.KeyAlgoDSA && pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {
+		// In integration tests ssh-rsa (SHA1 signatures) may be disabled for
+		// security reasons, we check SHA-2 variants later.
+		if pubKey.Type() != ssh.KeyAlgoRSA && pubKey.Type() != ssh.CertAlgoRSAv01 {
 			t.Fatalf("Sign(%s): %v", pubKey.Type(), err)
 		}
 	} else {
@@ -251,7 +251,7 @@ func TestMalformedRequests(t *testing.T) {
 }
 
 func TestAgent(t *testing.T) {
-	for _, keyType := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {
+	for _, keyType := range []string{"rsa", "ecdsa", "ed25519"} {
 		testOpenSSHAgent(t, testPrivateKeys[keyType], nil, 0)
 		testKeyringAgent(t, testPrivateKeys[keyType], nil, 0)
 	}
@@ -409,7 +409,7 @@ func testLockAgent(agent Agent, t *testing.T) {
 	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil {
 		t.Errorf("Add: %v", err)
 	}
-	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil {
+	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["ecdsa"], Comment: "comment ecdsa"}); err != nil {
 		t.Errorf("Add: %v", err)
 	}
 	if keys, err := agent.List(); err != nil {

diff --git a/ssh/test/agent_unix_test.go b/ssh/test/agent_unix_test.go
@@ -20,17 +20,17 @@ func TestAgentForward(t *testing.T) {
 	defer conn.Close()
 
 	keyring := agent.NewKeyring()
-	if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["dsa"]}); err != nil {
+	if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["ecdsa"]}); err != nil {
 		t.Fatalf("Error adding key: %s", err)
 	}
 	if err := keyring.Add(agent.AddedKey{
-		PrivateKey:       testPrivateKeys["dsa"],
+		PrivateKey:       testPrivateKeys["ecdsa"],
 		ConfirmBeforeUse: true,
 		LifetimeSecs:     3600,
 	}); err != nil {
 		t.Fatalf("Error adding key with constraints: %s", err)
 	}
-	pub := testPublicKeys["dsa"]
+	pub := testPublicKeys["ecdsa"]
 
 	sess, err := conn.NewSession()
 	if err != nil {