diff options
Diffstat (limited to 'regress/integrity.sh')
| -rw-r--r-- | regress/integrity.sh | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/regress/integrity.sh b/regress/integrity.sh index 1d17fe10a..852d82690 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="integrity" | 4 | tid="integrity" |
| @@ -8,18 +8,10 @@ tid="integrity" | |||
| 8 | # XXX and ssh tries to read... | 8 | # XXX and ssh tries to read... |
| 9 | tries=10 | 9 | tries=10 |
| 10 | startoffset=2900 | 10 | startoffset=2900 |
| 11 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com | 11 | macs=`${SSH} -Q mac` |
| 12 | hmac-sha1-96 hmac-md5-96 | ||
| 13 | hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com | ||
| 14 | umac-64-etm@openssh.com umac-128-etm@openssh.com | ||
| 15 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com" | ||
| 16 | config_defined HAVE_EVP_SHA256 && | ||
| 17 | macs="$macs hmac-sha2-256 hmac-sha2-512 | ||
| 18 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
| 19 | # The following are not MACs, but ciphers with integrated integrity. They are | 12 | # The following are not MACs, but ciphers with integrated integrity. They are |
| 20 | # handled specially below. | 13 | # handled specially below. |
| 21 | config_defined OPENSSL_HAVE_EVPGCM && \ | 14 | macs="$macs `${SSH} -Q cipher-auth`" |
| 22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
| 23 | 15 | ||
| 24 | # avoid DH group exchange as the extra traffic makes it harder to get the | 16 | # avoid DH group exchange as the extra traffic makes it harder to get the |
| 25 | # offset into the stream right. | 17 | # offset into the stream right. |
| @@ -44,12 +36,14 @@ for m in $macs; do | |||
| 44 | fi | 36 | fi |
| 45 | # modify output from sshd at offset $off | 37 | # modify output from sshd at offset $off |
| 46 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" | 38 | pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" |
| 47 | case $m in | 39 | if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then |
| 48 | aes*gcm*) macopt="-c $m";; | 40 | macopt="-c $m" |
| 49 | *) macopt="-m $m";; | 41 | else |
| 50 | esac | 42 | macopt="-m $m -c aes128-ctr" |
| 43 | fi | ||
| 51 | verbose "test $tid: $m @$off" | 44 | verbose "test $tid: $m @$off" |
| 52 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 45 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
| 46 | -oServerAliveInterval=1 -oServerAliveCountMax=30 \ | ||
| 53 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | 47 | 999.999.999.999 'printf "%4096s" " "' >/dev/null |
| 54 | if [ $? -eq 0 ]; then | 48 | if [ $? -eq 0 ]; then |
| 55 | fail "ssh -m $m succeeds with bit-flip at $off" | 49 | fail "ssh -m $m succeeds with bit-flip at $off" |