diff options
Diffstat (limited to 'regress/integrity.sh')
| -rw-r--r-- | regress/integrity.sh | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh index 4d46926d5..1d17fe10a 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="integrity" | 4 | tid="integrity" |
| @@ -21,12 +21,13 @@ config_defined HAVE_EVP_SHA256 && | |||
| 21 | config_defined OPENSSL_HAVE_EVPGCM && \ | 21 | config_defined OPENSSL_HAVE_EVPGCM && \ |
| 22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" | 22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" |
| 23 | 23 | ||
| 24 | # sshd-command for proxy (see test-exec.sh) | 24 | # avoid DH group exchange as the extra traffic makes it harder to get the |
| 25 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" | 25 | # offset into the stream right. |
| 26 | echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ | ||
| 27 | >> $OBJ/ssh_proxy | ||
| 26 | 28 | ||
| 27 | jot() { | 29 | # sshd-command for proxy (see test-exec.sh) |
| 28 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | 30 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" |
| 29 | } | ||
| 30 | 31 | ||
| 31 | for m in $macs; do | 32 | for m in $macs; do |
| 32 | trace "test $tid: mac $m" | 33 | trace "test $tid: mac $m" |
| @@ -47,14 +48,15 @@ for m in $macs; do | |||
| 47 | aes*gcm*) macopt="-c $m";; | 48 | aes*gcm*) macopt="-c $m";; |
| 48 | *) macopt="-m $m";; | 49 | *) macopt="-m $m";; |
| 49 | esac | 50 | esac |
| 50 | output=`${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 51 | verbose "test $tid: $m @$off" |
| 51 | 999.999.999.999 'printf "%4096s" " "' 2>&1` | 52 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
| 53 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | ||
| 52 | if [ $? -eq 0 ]; then | 54 | if [ $? -eq 0 ]; then |
| 53 | fail "ssh -m $m succeeds with bit-flip at $off" | 55 | fail "ssh -m $m succeeds with bit-flip at $off" |
| 54 | fi | 56 | fi |
| 55 | ecnt=`expr $ecnt + 1` | 57 | ecnt=`expr $ecnt + 1` |
| 56 | output=`echo $output | tr -s '\r\n' '.'` | 58 | output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ |
| 57 | verbose "test $tid: $m @$off $output" | 59 | tr -s '\r\n' '.') |
| 58 | case "$output" in | 60 | case "$output" in |
| 59 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; | 61 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; |
| 60 | Corrupted?MAC* | Decryption?integrity?check?failed*) | 62 | Corrupted?MAC* | Decryption?integrity?check?failed*) |