diff options
Diffstat (limited to 'regress/integrity.sh')
-rw-r--r-- | regress/integrity.sh | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh index 1d17fe10a..852d82690 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="integrity" | 4 | tid="integrity" |
@@ -8,18 +8,10 @@ tid="integrity" | |||
8 | # XXX and ssh tries to read... | 8 | # XXX and ssh tries to read... |
9 | tries=10 | 9 | tries=10 |
10 | startoffset=2900 | 10 | startoffset=2900 |
11 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com | 11 | macs=`${SSH} -Q mac` |
12 | hmac-sha1-96 hmac-md5-96 | ||
13 | hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com | ||
14 | umac-64-etm@openssh.com umac-128-etm@openssh.com | ||
15 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com" | ||
16 | config_defined HAVE_EVP_SHA256 && | ||
17 | macs="$macs hmac-sha2-256 hmac-sha2-512 | ||
18 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
19 | # The following are not MACs, but ciphers with integrated integrity. They are | 12 | # The following are not MACs, but ciphers with integrated integrity. They are |
20 | # handled specially below. | 13 | # handled specially below. |
21 | config_defined OPENSSL_HAVE_EVPGCM && \ | 14 | macs="$macs `${SSH} -Q cipher-auth`" |
22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
23 | 15 | ||
24 | # avoid DH group exchange as the extra traffic makes it harder to get the | 16 | # avoid DH group exchange as the extra traffic makes it harder to get the |
25 | # offset into the stream right. | 17 | # offset into the stream right. |
@@ -44,12 +36,14 @@ for m in $macs; do | |||
44 | fi | 36 | fi |
45 | # modify output from sshd at offset $off | 37 | # modify output from sshd at offset $off |
46 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" | 38 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" |
47 | case $m in | 39 | if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then |
48 | aes*gcm*) macopt="-c $m";; | 40 | macopt="-c $m" |
49 | *) macopt="-m $m";; | 41 | else |
50 | esac | 42 | macopt="-m $m -c aes128-ctr" |
43 | fi | ||
51 | verbose "test $tid: $m @$off" | 44 | verbose "test $tid: $m @$off" |
52 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 45 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
46 | -oServerAliveInterval=1 -oServerAliveCountMax=30 \ | ||
53 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | 47 | 999.999.999.999 'printf "%4096s" " "' >/dev/null |
54 | if [ $? -eq 0 ]; then | 48 | if [ $? -eq 0 ]; then |
55 | fail "ssh -m $m succeeds with bit-flip at $off" | 49 | fail "ssh -m $m succeeds with bit-flip at $off" |