diff options
| author | Damien Miller <djm@mindrot.org> | 2014-05-15 15:07:53 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-05-15 15:07:53 +1000 |
| commit | edb1af50441d19fb2dd9ccb4d75bf14473fca584 (patch) | |
| tree | c07867fd0c92fdda87b3b5005ce4d14b39f7bc06 /regress/rekey.sh | |
| parent | 54343e95c70994695f8842fb22836321350198d3 (diff) | |
- djm@cvs.openbsd.org 2014/04/21 22:15:37
[dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
repair regress tests broken by server-side default cipher/kex/mac changes
by ensuring that the option under test is included in the server's
algorithm list
Diffstat (limited to 'regress/rekey.sh')
| -rw-r--r-- | regress/rekey.sh | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/regress/rekey.sh b/regress/rekey.sh index cf9401ea0..fd452b034 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.15 2014/04/21 22:15:37 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="rekey" | 4 | tid="rekey" |
| @@ -6,14 +6,22 @@ tid="rekey" | |||
| 6 | LOG=${TEST_SSH_LOGFILE} | 6 | LOG=${TEST_SSH_LOGFILE} |
| 7 | 7 | ||
| 8 | rm -f ${LOG} | 8 | rm -f ${LOG} |
| 9 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | ||
| 9 | 10 | ||
| 10 | # Test rekeying based on data volume only. | 11 | # Test rekeying based on data volume only. |
| 11 | # Arguments will be passed to ssh. | 12 | # Arguments will be passed to ssh. |
| 12 | ssh_data_rekeying() | 13 | ssh_data_rekeying() |
| 13 | { | 14 | { |
| 15 | _kexopt=$1 ; shift | ||
| 16 | _opts="$@" | ||
| 17 | if ! test -z "$_kexopts" ; then | ||
| 18 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | ||
| 19 | echo "$_kexopt" >> $OBJ/sshd_proxy | ||
| 20 | _opts="$_opts -o$_kexopt" | ||
| 21 | fi | ||
| 14 | rm -f ${COPY} ${LOG} | 22 | rm -f ${COPY} ${LOG} |
| 15 | ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \ | 23 | _opts="$_opts -oCompression=no" |
| 16 | "cat > ${COPY}" | 24 | ${SSH} <${DATA} $_opts -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" |
| 17 | if [ $? -ne 0 ]; then | 25 | if [ $? -ne 0 ]; then |
| 18 | fail "ssh failed ($@)" | 26 | fail "ssh failed ($@)" |
| 19 | fi | 27 | fi |
| @@ -41,7 +49,7 @@ done | |||
| 41 | 49 | ||
| 42 | for opt in $opts; do | 50 | for opt in $opts; do |
| 43 | verbose "client rekey $opt" | 51 | verbose "client rekey $opt" |
| 44 | ssh_data_rekeying -oRekeyLimit=256k -o$opt | 52 | ssh_data_rekeying "$opt" -oRekeyLimit=256k |
| 45 | done | 53 | done |
| 46 | 54 | ||
| 47 | # AEAD ciphers are magical so test with all KexAlgorithms | 55 | # AEAD ciphers are magical so test with all KexAlgorithms |
| @@ -49,14 +57,14 @@ if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then | |||
| 49 | for c in `${SSH} -Q cipher-auth`; do | 57 | for c in `${SSH} -Q cipher-auth`; do |
| 50 | for kex in `${SSH} -Q kex`; do | 58 | for kex in `${SSH} -Q kex`; do |
| 51 | verbose "client rekey $c $kex" | 59 | verbose "client rekey $c $kex" |
| 52 | ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex | 60 | ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c |
| 53 | done | 61 | done |
| 54 | done | 62 | done |
| 55 | fi | 63 | fi |
| 56 | 64 | ||
| 57 | for s in 16 1k 128k 256k; do | 65 | for s in 16 1k 128k 256k; do |
| 58 | verbose "client rekeylimit ${s}" | 66 | verbose "client rekeylimit ${s}" |
| 59 | ssh_data_rekeying -oCompression=no -oRekeyLimit=$s | 67 | ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s |
| 60 | done | 68 | done |
| 61 | 69 | ||
| 62 | for s in 5 10; do | 70 | for s in 5 10; do |