diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | regress/Makefile | 3 | ||||
| -rw-r--r-- | regress/dhgex.sh | 54 |
3 files changed, 60 insertions, 2 deletions
| @@ -19,8 +19,11 @@ | |||
| 19 | Don't use -q on sftp as it suppresses logging, instead redirect the | 19 | Don't use -q on sftp as it suppresses logging, instead redirect the |
| 20 | output to the regress logfile. | 20 | output to the regress logfile. |
| 21 | - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 | 21 | - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 |
| 22 | [sftp-chroot.sh] | 22 | [sregress/ftp-chroot.sh] |
| 23 | append to rather than truncating the log file | 23 | append to rather than truncating the log file |
| 24 | - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 | ||
| 25 | [regress/Makefile regress/dhgex.sh] | ||
| 26 | Add a test for DH GEX sizes | ||
| 24 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 27 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| 25 | [contrib/suse/openssh.spec] Crank version numbers | 28 | [contrib/suse/openssh.spec] Crank version numbers |
| 26 | 29 | ||
diff --git a/regress/Makefile b/regress/Makefile index 0c66b1774..5405ca39b 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.67 2013/12/06 13:52:46 markus Exp $ | 1 | # $OpenBSD: Makefile,v 1.68 2014/01/25 04:35:32 dtucker Exp $ |
| 2 | 2 | ||
| 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t-exec |
| 4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
| @@ -23,6 +23,7 @@ LTESTS= connect \ | |||
| 23 | transfer \ | 23 | transfer \ |
| 24 | banner \ | 24 | banner \ |
| 25 | rekey \ | 25 | rekey \ |
| 26 | dhgex \ | ||
| 26 | stderr-data \ | 27 | stderr-data \ |
| 27 | stderr-after-eof \ | 28 | stderr-after-eof \ |
| 28 | broken-pipe \ | 29 | broken-pipe \ |
diff --git a/regress/dhgex.sh b/regress/dhgex.sh new file mode 100644 index 000000000..4c1a3d83c --- /dev/null +++ b/regress/dhgex.sh | |||
| @@ -0,0 +1,54 @@ | |||
| 1 | # $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $ | ||
| 2 | # Placed in the Public Domain. | ||
| 3 | |||
| 4 | tid="dhgex" | ||
| 5 | |||
| 6 | LOG=${TEST_SSH_LOGFILE} | ||
| 7 | rm -f ${LOG} | ||
| 8 | |||
| 9 | kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange` | ||
| 10 | |||
| 11 | ssh_test_dhgex() | ||
| 12 | { | ||
| 13 | bits="$1"; shift | ||
| 14 | cipher="$1"; shift | ||
| 15 | kex="$1"; shift | ||
| 16 | |||
| 17 | rm -f ${LOG} | ||
| 18 | opts="-oKexAlgorithms=$kex -oCiphers=$cipher" | ||
| 19 | groupsz="1024<$bits<8192" | ||
| 20 | verbose "$tid bits $bits $kex $cipher" | ||
| 21 | ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true | ||
| 22 | if [ $? -ne 0 ]; then | ||
| 23 | fail "ssh failed ($@)" | ||
| 24 | fi | ||
| 25 | # check what we request | ||
| 26 | grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null | ||
| 27 | if [ $? != 0 ]; then | ||
| 28 | got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}` | ||
| 29 | fail "$tid unexpected GEX sizes, expected $groupsz, got $got" | ||
| 30 | fi | ||
| 31 | # check what we got (depends on contents of system moduli file) | ||
| 32 | gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`" | ||
| 33 | if [ "$gotbits" -lt "$bits" ]; then | ||
| 34 | fatal "$tid expected $bits bit group, got $gotbits" | ||
| 35 | fi | ||
| 36 | } | ||
| 37 | |||
| 38 | check() | ||
| 39 | { | ||
| 40 | bits="$1"; shift | ||
| 41 | |||
| 42 | for c in $@; do | ||
| 43 | for k in $kexs; do | ||
| 44 | ssh_test_dhgex $bits $c $k | ||
| 45 | done | ||
| 46 | done | ||
| 47 | } | ||
| 48 | |||
| 49 | #check 2048 3des-cbc | ||
| 50 | check 3072 `${SSH} -Q cipher | grep 128` | ||
| 51 | check 3072 arcfour blowfish-cbc | ||
| 52 | check 7680 `${SSH} -Q cipher | grep 192` | ||
| 53 | check 8192 `${SSH} -Q cipher | grep 256` | ||
| 54 | check 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com | ||