summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--regress/dhgex.sh6
-rw-r--r--regress/integrity.sh7
-rw-r--r--regress/kextype.sh7
-rw-r--r--regress/rekey.sh20
-rw-r--r--regress/try-ciphers.sh7
6 files changed, 42 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 00104524a..0c5d8701e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -97,6 +97,11 @@
97 this test is a sorry mess of race conditions; add another sleep 97 this test is a sorry mess of race conditions; add another sleep
98 to avoid a failure on slow machines (at least until I find a 98 to avoid a failure on slow machines (at least until I find a
99 better way) 99 better way)
100 - djm@cvs.openbsd.org 2014/04/21 22:15:37
101 [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
102 repair regress tests broken by server-side default cipher/kex/mac changes
103 by ensuring that the option under test is included in the server's
104 algorithm list
100 105
10120140430 10620140430
102 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already 107 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
diff --git a/regress/dhgex.sh b/regress/dhgex.sh
index 4c1a3d83c..57fca4a32 100644
--- a/regress/dhgex.sh
+++ b/regress/dhgex.sh
@@ -1,10 +1,11 @@
1# $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $ 1# $OpenBSD: dhgex.sh,v 1.2 2014/04/21 22:15:37 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="dhgex" 4tid="dhgex"
5 5
6LOG=${TEST_SSH_LOGFILE} 6LOG=${TEST_SSH_LOGFILE}
7rm -f ${LOG} 7rm -f ${LOG}
8cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8 9
9kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange` 10kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
10 11
@@ -14,6 +15,9 @@ ssh_test_dhgex()
14 cipher="$1"; shift 15 cipher="$1"; shift
15 kex="$1"; shift 16 kex="$1"; shift
16 17
18 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
19 echo "KexAlgorithms=$kex" >> $OBJ/sshd_proxy
20 echo "Ciphers=$cipher" >> $OBJ/sshd_proxy
17 rm -f ${LOG} 21 rm -f ${LOG}
18 opts="-oKexAlgorithms=$kex -oCiphers=$cipher" 22 opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
19 groupsz="1024<$bits<8192" 23 groupsz="1024<$bits<8192"
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 852d82690..03d80618c 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,7 +1,8 @@
1# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ 1# $OpenBSD: integrity.sh,v 1.13 2014/04/21 22:15:37 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="integrity" 4tid="integrity"
5cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
5 6
6# start at byte 2900 (i.e. after kex) and corrupt at different offsets 7# start at byte 2900 (i.e. after kex) and corrupt at different offsets
7# XXX the test hangs if we modify the low bytes of the packet length 8# XXX the test hangs if we modify the low bytes of the packet length
@@ -34,11 +35,15 @@ for m in $macs; do
34 # avoid modifying the high bytes of the length 35 # avoid modifying the high bytes of the length
35 continue 36 continue
36 fi 37 fi
38 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
37 # modify output from sshd at offset $off 39 # modify output from sshd at offset $off
38 pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" 40 pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
39 if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then 41 if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
42 echo "Ciphers=$m" >> $OBJ/sshd_proxy
40 macopt="-c $m" 43 macopt="-c $m"
41 else 44 else
45 echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
46 echo "MACs=$m" >> $OBJ/sshd_proxy
42 macopt="-m $m -c aes128-ctr" 47 macopt="-m $m -c aes128-ctr"
43 fi 48 fi
44 verbose "test $tid: $m @$off" 49 verbose "test $tid: $m @$off"
diff --git a/regress/kextype.sh b/regress/kextype.sh
index 8c2ac09d6..6f952f4e4 100644
--- a/regress/kextype.sh
+++ b/regress/kextype.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: kextype.sh,v 1.4 2013/11/07 04:26:56 dtucker Exp $ 1# $OpenBSD: kextype.sh,v 1.5 2014/04/21 22:15:37 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="login with different key exchange algorithms" 4tid="login with different key exchange algorithms"
@@ -7,6 +7,11 @@ TIME=/usr/bin/time
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 8cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
9 9
10# Make server accept all key exchanges.
11ALLKEX=`ssh -Q kex`
12KEXOPT=`echo $ALLKEX | tr ' ' ,`
13echo "KexAlgorithms=$KEXOPT" >> $OBJ/sshd_proxy
14
10tries="1 2 3 4" 15tries="1 2 3 4"
11for k in `${SSH} -Q kex`; do 16for k in `${SSH} -Q kex`; do
12 verbose "kex $k" 17 verbose "kex $k"
diff --git a/regress/rekey.sh b/regress/rekey.sh
index cf9401ea0..fd452b034 100644
--- a/regress/rekey.sh
+++ b/regress/rekey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $ 1# $OpenBSD: rekey.sh,v 1.15 2014/04/21 22:15:37 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="rekey" 4tid="rekey"
@@ -6,14 +6,22 @@ tid="rekey"
6LOG=${TEST_SSH_LOGFILE} 6LOG=${TEST_SSH_LOGFILE}
7 7
8rm -f ${LOG} 8rm -f ${LOG}
9cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
9 10
10# Test rekeying based on data volume only. 11# Test rekeying based on data volume only.
11# Arguments will be passed to ssh. 12# Arguments will be passed to ssh.
12ssh_data_rekeying() 13ssh_data_rekeying()
13{ 14{
15 _kexopt=$1 ; shift
16 _opts="$@"
17 if ! test -z "$_kexopts" ; then
18 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
19 echo "$_kexopt" >> $OBJ/sshd_proxy
20 _opts="$_opts -o$_kexopt"
21 fi
14 rm -f ${COPY} ${LOG} 22 rm -f ${COPY} ${LOG}
15 ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \ 23 _opts="$_opts -oCompression=no"
16 "cat > ${COPY}" 24 ${SSH} <${DATA} $_opts -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
17 if [ $? -ne 0 ]; then 25 if [ $? -ne 0 ]; then
18 fail "ssh failed ($@)" 26 fail "ssh failed ($@)"
19 fi 27 fi
@@ -41,7 +49,7 @@ done
41 49
42for opt in $opts; do 50for opt in $opts; do
43 verbose "client rekey $opt" 51 verbose "client rekey $opt"
44 ssh_data_rekeying -oRekeyLimit=256k -o$opt 52 ssh_data_rekeying "$opt" -oRekeyLimit=256k
45done 53done
46 54
47# AEAD ciphers are magical so test with all KexAlgorithms 55# AEAD ciphers are magical so test with all KexAlgorithms
@@ -49,14 +57,14 @@ if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then
49 for c in `${SSH} -Q cipher-auth`; do 57 for c in `${SSH} -Q cipher-auth`; do
50 for kex in `${SSH} -Q kex`; do 58 for kex in `${SSH} -Q kex`; do
51 verbose "client rekey $c $kex" 59 verbose "client rekey $c $kex"
52 ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex 60 ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c
53 done 61 done
54 done 62 done
55fi 63fi
56 64
57for s in 16 1k 128k 256k; do 65for s in 16 1k 128k 256k; do
58 verbose "client rekeylimit ${s}" 66 verbose "client rekeylimit ${s}"
59 ssh_data_rekeying -oCompression=no -oRekeyLimit=$s 67 ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s
60done 68done
61 69
62for s in 5 10; do 70for s in 5 10; do
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
index ac34cedbf..2881ce16c 100644
--- a/regress/try-ciphers.sh
+++ b/regress/try-ciphers.sh
@@ -1,13 +1,18 @@
1# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $ 1# $OpenBSD: try-ciphers.sh,v 1.23 2014/04/21 22:15:37 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="try ciphers" 4tid="try ciphers"
5 5
6cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
7
6for c in `${SSH} -Q cipher`; do 8for c in `${SSH} -Q cipher`; do
7 n=0 9 n=0
8 for m in `${SSH} -Q mac`; do 10 for m in `${SSH} -Q mac`; do
9 trace "proto 2 cipher $c mac $m" 11 trace "proto 2 cipher $c mac $m"
10 verbose "test $tid: proto 2 cipher $c mac $m" 12 verbose "test $tid: proto 2 cipher $c mac $m"
13 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
14 echo "Ciphers=$c" >> $OBJ/sshd_proxy
15 echo "MACs=$m" >> $OBJ/sshd_proxy
11 ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true 16 ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
12 if [ $? -ne 0 ]; then 17 if [ $? -ne 0 ]; then
13 fail "ssh -2 failed with mac $m cipher $c" 18 fail "ssh -2 failed with mac $m cipher $c"