diff options
Diffstat (limited to 'regress/try-ciphers.sh')
| -rw-r--r-- | regress/try-ciphers.sh | 37 |
1 files changed, 17 insertions, 20 deletions
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 925863504..084a1457a 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: try-ciphers.sh,v 1.13 2012/06/28 05:07:45 dtucker Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.19 2013/02/11 23:58:51 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="try ciphers" | 4 | tid="try ciphers" |
| @@ -7,11 +7,20 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc | |||
| 7 | arcfour128 arcfour256 arcfour | 7 | arcfour128 arcfour256 arcfour |
| 8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se | 8 | aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se |
| 9 | aes128-ctr aes192-ctr aes256-ctr" | 9 | aes128-ctr aes192-ctr aes256-ctr" |
| 10 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" | 10 | config_defined OPENSSL_HAVE_EVPGCM && \ |
| 11 | ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
| 12 | macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com | ||
| 13 | hmac-sha1-96 hmac-md5-96 | ||
| 14 | hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com | ||
| 15 | umac-64-etm@openssh.com umac-128-etm@openssh.com | ||
| 16 | hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com | ||
| 17 | hmac-ripemd160-etm@openssh.com" | ||
| 11 | config_defined HAVE_EVP_SHA256 && | 18 | config_defined HAVE_EVP_SHA256 && |
| 12 | macs="$macs hmac-sha2-256 hmac-sha2-512" | 19 | macs="$macs hmac-sha2-256 hmac-sha2-512 |
| 20 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
| 13 | 21 | ||
| 14 | for c in $ciphers; do | 22 | for c in $ciphers; do |
| 23 | n=0 | ||
| 15 | for m in $macs; do | 24 | for m in $macs; do |
| 16 | trace "proto 2 cipher $c mac $m" | 25 | trace "proto 2 cipher $c mac $m" |
| 17 | verbose "test $tid: proto 2 cipher $c mac $m" | 26 | verbose "test $tid: proto 2 cipher $c mac $m" |
| @@ -19,6 +28,11 @@ for c in $ciphers; do | |||
| 19 | if [ $? -ne 0 ]; then | 28 | if [ $? -ne 0 ]; then |
| 20 | fail "ssh -2 failed with mac $m cipher $c" | 29 | fail "ssh -2 failed with mac $m cipher $c" |
| 21 | fi | 30 | fi |
| 31 | # No point trying all MACs for GCM since they are ignored. | ||
| 32 | case $c in | ||
| 33 | aes*-gcm@openssh.com) test $n -gt 0 && break;; | ||
| 34 | esac | ||
| 35 | n=`expr $n + 1` | ||
| 22 | done | 36 | done |
| 23 | done | 37 | done |
| 24 | 38 | ||
| @@ -32,20 +46,3 @@ for c in $ciphers; do | |||
| 32 | fi | 46 | fi |
| 33 | done | 47 | done |
| 34 | 48 | ||
| 35 | if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null | ||
| 36 | then | ||
| 37 | : | ||
| 38 | else | ||
| 39 | |||
| 40 | echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy | ||
| 41 | c=acss@openssh.org | ||
| 42 | for m in $macs; do | ||
| 43 | trace "proto 2 $c mac $m" | ||
| 44 | verbose "test $tid: proto 2 cipher $c mac $m" | ||
| 45 | ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true | ||
| 46 | if [ $? -ne 0 ]; then | ||
| 47 | fail "ssh -2 failed with mac $m cipher $c" | ||
| 48 | fi | ||
| 49 | done | ||
| 50 | |||
| 51 | fi | ||