diff options
Diffstat (limited to 'regress/try-ciphers.sh')
-rw-r--r-- | regress/try-ciphers.sh | 31 |
1 files changed, 8 insertions, 23 deletions
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index e17c9f5e9..ac34cedbf 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
@@ -1,37 +1,22 @@ | |||
1 | # $OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="try ciphers" | 4 | tid="try ciphers" |
5 | 5 | ||
6 | ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc | 6 | for c in `${SSH} -Q cipher`; do |
7 | arcfour128 arcfour256 arcfour | ||
8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se | ||
9 | aes128-ctr aes192-ctr aes256-ctr" | ||
10 | config_defined OPENSSL_HAVE_EVPGCM && \ | ||
11 | ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
12 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com | ||
13 | hmac-sha1-96 hmac-md5-96 | ||
14 | hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com | ||
15 | umac-64-etm@openssh.com umac-128-etm@openssh.com | ||
16 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com | ||
17 | hmac-ripemd160-etm@openssh.com" | ||
18 | config_defined HAVE_EVP_SHA256 && | ||
19 | macs="$macs hmac-sha2-256 hmac-sha2-512 | ||
20 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
21 | |||
22 | for c in $ciphers; do | ||
23 | n=0 | 7 | n=0 |
24 | for m in $macs; do | 8 | for m in `${SSH} -Q mac`; do |
25 | trace "proto 2 cipher $c mac $m" | 9 | trace "proto 2 cipher $c mac $m" |
26 | verbose "test $tid: proto 2 cipher $c mac $m" | 10 | verbose "test $tid: proto 2 cipher $c mac $m" |
27 | ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true | 11 | ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true |
28 | if [ $? -ne 0 ]; then | 12 | if [ $? -ne 0 ]; then |
29 | fail "ssh -2 failed with mac $m cipher $c" | 13 | fail "ssh -2 failed with mac $m cipher $c" |
30 | fi | 14 | fi |
31 | # No point trying all MACs for GCM since they are ignored. | 15 | # No point trying all MACs for AEAD ciphers since they |
32 | case $c in | 16 | # are ignored. |
33 | aes*-gcm@openssh.com) test $n -gt 0 && break;; | 17 | if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then |
34 | esac | 18 | break |
19 | fi | ||
35 | n=`expr $n + 1` | 20 | n=`expr $n + 1` |
36 | done | 21 | done |
37 | done | 22 | done |