diff options
author | Damien Miller <djm@mindrot.org> | 2014-05-15 15:07:53 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-05-15 15:07:53 +1000 |
commit | edb1af50441d19fb2dd9ccb4d75bf14473fca584 (patch) | |
tree | c07867fd0c92fdda87b3b5005ce4d14b39f7bc06 /regress/rekey.sh | |
parent | 54343e95c70994695f8842fb22836321350198d3 (diff) |
- djm@cvs.openbsd.org 2014/04/21 22:15:37
[dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
repair regress tests broken by server-side default cipher/kex/mac changes
by ensuring that the option under test is included in the server's
algorithm list
Diffstat (limited to 'regress/rekey.sh')
-rw-r--r-- | regress/rekey.sh | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/regress/rekey.sh b/regress/rekey.sh index cf9401ea0..fd452b034 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.15 2014/04/21 22:15:37 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="rekey" | 4 | tid="rekey" |
@@ -6,14 +6,22 @@ tid="rekey" | |||
6 | LOG=${TEST_SSH_LOGFILE} | 6 | LOG=${TEST_SSH_LOGFILE} |
7 | 7 | ||
8 | rm -f ${LOG} | 8 | rm -f ${LOG} |
9 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | ||
9 | 10 | ||
10 | # Test rekeying based on data volume only. | 11 | # Test rekeying based on data volume only. |
11 | # Arguments will be passed to ssh. | 12 | # Arguments will be passed to ssh. |
12 | ssh_data_rekeying() | 13 | ssh_data_rekeying() |
13 | { | 14 | { |
15 | _kexopt=$1 ; shift | ||
16 | _opts="$@" | ||
17 | if ! test -z "$_kexopts" ; then | ||
18 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | ||
19 | echo "$_kexopt" >> $OBJ/sshd_proxy | ||
20 | _opts="$_opts -o$_kexopt" | ||
21 | fi | ||
14 | rm -f ${COPY} ${LOG} | 22 | rm -f ${COPY} ${LOG} |
15 | ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \ | 23 | _opts="$_opts -oCompression=no" |
16 | "cat > ${COPY}" | 24 | ${SSH} <${DATA} $_opts -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" |
17 | if [ $? -ne 0 ]; then | 25 | if [ $? -ne 0 ]; then |
18 | fail "ssh failed ($@)" | 26 | fail "ssh failed ($@)" |
19 | fi | 27 | fi |
@@ -41,7 +49,7 @@ done | |||
41 | 49 | ||
42 | for opt in $opts; do | 50 | for opt in $opts; do |
43 | verbose "client rekey $opt" | 51 | verbose "client rekey $opt" |
44 | ssh_data_rekeying -oRekeyLimit=256k -o$opt | 52 | ssh_data_rekeying "$opt" -oRekeyLimit=256k |
45 | done | 53 | done |
46 | 54 | ||
47 | # AEAD ciphers are magical so test with all KexAlgorithms | 55 | # AEAD ciphers are magical so test with all KexAlgorithms |
@@ -49,14 +57,14 @@ if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then | |||
49 | for c in `${SSH} -Q cipher-auth`; do | 57 | for c in `${SSH} -Q cipher-auth`; do |
50 | for kex in `${SSH} -Q kex`; do | 58 | for kex in `${SSH} -Q kex`; do |
51 | verbose "client rekey $c $kex" | 59 | verbose "client rekey $c $kex" |
52 | ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex | 60 | ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c |
53 | done | 61 | done |
54 | done | 62 | done |
55 | fi | 63 | fi |
56 | 64 | ||
57 | for s in 16 1k 128k 256k; do | 65 | for s in 16 1k 128k 256k; do |
58 | verbose "client rekeylimit ${s}" | 66 | verbose "client rekeylimit ${s}" |
59 | ssh_data_rekeying -oCompression=no -oRekeyLimit=$s | 67 | ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s |
60 | done | 68 | done |
61 | 69 | ||
62 | for s in 5 10; do | 70 | for s in 5 10; do |