summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
Diffstat (limited to 'regress')
-rw-r--r--regress/Makefile18
-rw-r--r--regress/cert-userkey.sh27
-rw-r--r--regress/cipher-speed.sh25
-rw-r--r--regress/forward-control.sh168
-rw-r--r--regress/integrity.sh74
-rw-r--r--regress/keys-command.sh39
-rw-r--r--regress/krl.sh161
-rwxr-xr-xregress/modpipe.c175
-rw-r--r--regress/multiplex.sh50
-rw-r--r--regress/test-exec.sh4
-rw-r--r--regress/try-ciphers.sh37
11 files changed, 729 insertions, 49 deletions
diff --git a/regress/Makefile b/regress/Makefile
index f114c27e9..6ef5d9cce 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.58 2011/01/06 22:46:21 djm Exp $ 1# $OpenBSD: Makefile,v 1.62 2013/01/18 00:45:29 djm Exp $
2 2
3REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec 3REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec
4tests: $(REGRESS_TARGETS) 4tests: $(REGRESS_TARGETS)
@@ -57,7 +57,11 @@ LTESTS= connect \
57 kextype \ 57 kextype \
58 cert-hostkey \ 58 cert-hostkey \
59 cert-userkey \ 59 cert-userkey \
60 host-expand 60 host-expand \
61 keys-command \
62 forward-control \
63 integrity \
64 krl
61 65
62INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers 66INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
63#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp 67#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
@@ -67,23 +71,27 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
67USER!= id -un 71USER!= id -un
68CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ 72CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
69 t8.out t8.out.pub t9.out t9.out.pub \ 73 t8.out t8.out.pub t9.out t9.out.pub \
70 authorized_keys_${USER} known_hosts pidfile \ 74 authorized_keys_${USER} known_hosts pidfile testdata \
71 ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ 75 ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \
72 rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ 76 rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
73 rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ 77 rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
74 ls.copy banner.in banner.out empty.in \ 78 ls.copy banner.in banner.out empty.in \
75 scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ 79 scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
76 sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ 80 sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \
77 known_hosts-cert host_ca_key* cert_host_key* \ 81 known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \
78 putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ 82 putty.rsa2 sshd_proxy_orig ssh_proxy_bak \
79 key.rsa-* key.dsa-* key.ecdsa-* \ 83 key.rsa-* key.dsa-* key.ecdsa-* \
80 authorized_principals_${USER} expect actual 84 authorized_principals_${USER} expect actual ready \
85 sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-*
86
81 87
82# Enable all malloc(3) randomisations and checks 88# Enable all malloc(3) randomisations and checks
83TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" 89TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
84 90
85TEST_SSH_SSHKEYGEN?=ssh-keygen 91TEST_SSH_SSHKEYGEN?=ssh-keygen
86 92
93CPPFLAGS=-I..
94
87t1: 95t1:
88 ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv 96 ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
89 tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv 97 tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 6700db274..3bba9f8f2 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: cert-userkey.sh,v 1.8 2011/05/17 07:13:31 djm Exp $ 1# $OpenBSD: cert-userkey.sh,v 1.10 2013/01/18 00:45:29 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="certified user keys" 4tid="certified user keys"
@@ -22,9 +22,8 @@ for ktype in rsa dsa $ecdsa ; do
22 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 22 ${SSHKEYGEN} -q -N '' -t ${ktype} \
23 -f $OBJ/cert_user_key_${ktype} || \ 23 -f $OBJ/cert_user_key_${ktype} || \
24 fail "ssh-keygen of cert_user_key_${ktype} failed" 24 fail "ssh-keygen of cert_user_key_${ktype} failed"
25 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I \ 25 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
26 "regress user key for $USER" \ 26 -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
27 -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
28 fail "couldn't sign cert_user_key_${ktype}" 27 fail "couldn't sign cert_user_key_${ktype}"
29 # v00 ecdsa certs do not exist 28 # v00 ecdsa certs do not exist
30 test "${ktype}" = "ecdsa" && continue 29 test "${ktype}" = "ecdsa" && continue
@@ -185,14 +184,32 @@ basic_tests() {
185 ( 184 (
186 cat $OBJ/sshd_proxy_bak 185 cat $OBJ/sshd_proxy_bak
187 echo "UsePrivilegeSeparation $privsep" 186 echo "UsePrivilegeSeparation $privsep"
188 echo "RevokedKeys $OBJ/cert_user_key_${ktype}.pub" 187 echo "RevokedKeys $OBJ/cert_user_key_revoked"
189 echo "$extra_sshd" 188 echo "$extra_sshd"
190 ) > $OBJ/sshd_proxy 189 ) > $OBJ/sshd_proxy
190 cp $OBJ/cert_user_key_${ktype}.pub \
191 $OBJ/cert_user_key_revoked
192 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
193 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
194 if [ $? -eq 0 ]; then
195 fail "ssh cert connect succeeded unexpecedly"
196 fi
197 verbose "$tid: ${_prefix} revoked via KRL"
198 rm $OBJ/cert_user_key_revoked
199 ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
200 $OBJ/cert_user_key_${ktype}.pub
191 ${SSH} -2i $OBJ/cert_user_key_${ktype} \ 201 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
192 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 202 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
193 if [ $? -eq 0 ]; then 203 if [ $? -eq 0 ]; then
194 fail "ssh cert connect succeeded unexpecedly" 204 fail "ssh cert connect succeeded unexpecedly"
195 fi 205 fi
206 verbose "$tid: ${_prefix} empty KRL"
207 ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
208 ${SSH} -2i $OBJ/cert_user_key_${ktype} \
209 -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
210 if [ $? -ne 0 ]; then
211 fail "ssh cert connect failed"
212 fi
196 done 213 done
197 214
198 # Revoked CA 215 # Revoked CA
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh
index 5800f4b09..65e5f35ec 100644
--- a/regress/cipher-speed.sh
+++ b/regress/cipher-speed.sh
@@ -1,29 +1,31 @@
1# $OpenBSD: cipher-speed.sh,v 1.5 2012/06/28 05:07:45 dtucker Exp $ 1# $OpenBSD: cipher-speed.sh,v 1.7 2013/01/12 11:23:53 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="cipher speed" 4tid="cipher speed"
5 5
6getbytes () 6getbytes ()
7{ 7{
8 sed -n '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' 8 sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \
9 -e '/copied/s/.*s, \(.* MB.s\).*/\1/p'
9} 10}
10 11
11tries="1 2" 12tries="1 2"
12DATA=/bin/ls
13DATA=/bsd
14 13
15ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc 14ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
16 arcfour128 arcfour256 arcfour 15 arcfour128 arcfour256 arcfour
17 aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se 16 aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
18 aes128-ctr aes192-ctr aes256-ctr" 17 aes128-ctr aes192-ctr aes256-ctr"
19macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" 18config_defined OPENSSL_HAVE_EVPGCM && \
20config_defined HAVE_EVP_SHA256 && 19 ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
20macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
21 hmac-sha1-96 hmac-md5-96"
22config_defined HAVE_EVP_SHA256 && \
21 macs="$macs hmac-sha2-256 hmac-sha2-512" 23 macs="$macs hmac-sha2-256 hmac-sha2-512"
22 24
23for c in $ciphers; do for m in $macs; do 25for c in $ciphers; do n=0; for m in $macs; do
24 trace "proto 2 cipher $c mac $m" 26 trace "proto 2 cipher $c mac $m"
25 for x in $tries; do 27 for x in $tries; do
26 echon "$c/$m:\t" 28 printf "%-60s" "$c/$m:"
27 ( ${SSH} -o 'compression no' \ 29 ( ${SSH} -o 'compression no' \
28 -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ 30 -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
29 exec sh -c \'"dd of=/dev/null obs=32k"\' \ 31 exec sh -c \'"dd of=/dev/null obs=32k"\' \
@@ -33,13 +35,18 @@ for c in $ciphers; do for m in $macs; do
33 fail "ssh -2 failed with mac $m cipher $c" 35 fail "ssh -2 failed with mac $m cipher $c"
34 fi 36 fi
35 done 37 done
38 # No point trying all MACs for GCM since they are ignored.
39 case $c in
40 aes*-gcm@openssh.com) test $n -gt 0 && break;;
41 esac
42 n=`expr $n + 1`
36done; done 43done; done
37 44
38ciphers="3des blowfish" 45ciphers="3des blowfish"
39for c in $ciphers; do 46for c in $ciphers; do
40 trace "proto 1 cipher $c" 47 trace "proto 1 cipher $c"
41 for x in $tries; do 48 for x in $tries; do
42 echon "$c:\t" 49 printf "%-60s" "$c:"
43 ( ${SSH} -o 'compression no' \ 50 ( ${SSH} -o 'compression no' \
44 -F $OBJ/ssh_proxy -1 -c $c somehost \ 51 -F $OBJ/ssh_proxy -1 -c $c somehost \
45 exec sh -c \'"dd of=/dev/null obs=32k"\' \ 52 exec sh -c \'"dd of=/dev/null obs=32k"\' \
diff --git a/regress/forward-control.sh b/regress/forward-control.sh
new file mode 100644
index 000000000..80ddb4167
--- /dev/null
+++ b/regress/forward-control.sh
@@ -0,0 +1,168 @@
1# $OpenBSD: forward-control.sh,v 1.1 2012/12/02 20:47:48 djm Exp $
2# Placed in the Public Domain.
3
4tid="sshd control of local and remote forwarding"
5
6LFWD_PORT=3320
7RFWD_PORT=3321
8CTL=$OBJ/ctl-sock
9READY=$OBJ/ready
10
11wait_for_file_to_appear() {
12 _path=$1
13 _n=0
14 while test ! -f $_path ; do
15 test $_n -eq 1 && trace "waiting for $_path to appear"
16 _n=`expr $_n + 1`
17 test $_n -ge 20 && return 1
18 sleep 1
19 done
20 return 0
21}
22
23wait_for_process_to_exit() {
24 _pid=$1
25 _n=0
26 while kill -0 $_pid 2>/dev/null ; do
27 test $_n -eq 1 && trace "waiting for $_pid to exit"
28 _n=`expr $_n + 1`
29 test $_n -ge 20 && return 1
30 sleep 1
31 done
32 return 0
33}
34
35# usage: check_lfwd protocol Y|N message
36check_lfwd() {
37 _proto=$1
38 _expected=$2
39 _message=$3
40 rm -f $READY
41 ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
42 -L$LFWD_PORT:127.0.0.1:$PORT \
43 -o ExitOnForwardFailure=yes \
44 -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
45 >/dev/null 2>&1 &
46 _sshpid=$!
47 wait_for_file_to_appear $READY || \
48 fatal "check_lfwd ssh fail: $_message"
49 ${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \
50 -oConnectionAttempts=4 host true >/dev/null 2>&1
51 _result=$?
52 kill $_sshpid `cat $READY` 2>/dev/null
53 wait_for_process_to_exit $_sshpid
54 if test "x$_expected" = "xY" -a $_result -ne 0 ; then
55 fail "check_lfwd failed (expecting success): $_message"
56 elif test "x$_expected" = "xN" -a $_result -eq 0 ; then
57 fail "check_lfwd succeeded (expecting failure): $_message"
58 elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then
59 fatal "check_lfwd invalid argument \"$_expected\""
60 else
61 verbose "check_lfwd done (expecting $_expected): $_message"
62 fi
63}
64
65# usage: check_rfwd protocol Y|N message
66check_rfwd() {
67 _proto=$1
68 _expected=$2
69 _message=$3
70 rm -f $READY
71 ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
72 -R$RFWD_PORT:127.0.0.1:$PORT \
73 -o ExitOnForwardFailure=yes \
74 -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
75 >/dev/null 2>&1 &
76 _sshpid=$!
77 wait_for_file_to_appear $READY
78 _result=$?
79 if test $_result -eq 0 ; then
80 ${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \
81 -oConnectionAttempts=4 host true >/dev/null 2>&1
82 _result=$?
83 kill $_sshpid `cat $READY` 2>/dev/null
84 wait_for_process_to_exit $_sshpid
85 fi
86 if test "x$_expected" = "xY" -a $_result -ne 0 ; then
87 fail "check_rfwd failed (expecting success): $_message"
88 elif test "x$_expected" = "xN" -a $_result -eq 0 ; then
89 fail "check_rfwd succeeded (expecting failure): $_message"
90 elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then
91 fatal "check_rfwd invalid argument \"$_expected\""
92 else
93 verbose "check_rfwd done (expecting $_expected): $_message"
94 fi
95}
96
97start_sshd
98cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak
99cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak
100
101# Sanity check: ensure the default config allows forwarding
102for p in 1 2 ; do
103 check_lfwd $p Y "proto $p, default configuration"
104 check_rfwd $p Y "proto $p, default configuration"
105done
106
107# Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N
108all_tests() {
109 _tcpfwd=$1
110 _plain_lfwd=$2
111 _plain_rfwd=$3
112 _nopermit_lfwd=$4
113 _nopermit_rfwd=$5
114 _permit_lfwd=$6
115 _permit_rfwd=$7
116 _badfwd=127.0.0.1:22
117 _goodfwd=127.0.0.1:${PORT}
118 for _proto in 1 2 ; do
119 cp ${OBJ}/authorized_keys_${USER}.bak \
120 ${OBJ}/authorized_keys_${USER}
121 _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd"
122 # No PermitOpen
123 ( cat ${OBJ}/sshd_proxy.bak ;
124 echo "AllowTcpForwarding $_tcpfwd" ) \
125 > ${OBJ}/sshd_proxy
126 check_lfwd $_proto $_plain_lfwd "$_prefix"
127 check_rfwd $_proto $_plain_rfwd "$_prefix"
128 # PermitOpen via sshd_config that doesn't match
129 ( cat ${OBJ}/sshd_proxy.bak ;
130 echo "AllowTcpForwarding $_tcpfwd" ;
131 echo "PermitOpen $_badfwd" ) \
132 > ${OBJ}/sshd_proxy
133 check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen"
134 check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen"
135 # PermitOpen via sshd_config that does match
136 ( cat ${OBJ}/sshd_proxy.bak ;
137 echo "AllowTcpForwarding $_tcpfwd" ;
138 echo "PermitOpen $_badfwd $_goodfwd" ) \
139 > ${OBJ}/sshd_proxy
140 # NB. permitopen via authorized_keys should have same
141 # success/fail as via sshd_config
142 # permitopen via authorized_keys that doesn't match
143 sed "s/^/permitopen=\"$_badfwd\" /" \
144 < ${OBJ}/authorized_keys_${USER}.bak \
145 > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail"
146 ( cat ${OBJ}/sshd_proxy.bak ;
147 echo "AllowTcpForwarding $_tcpfwd" ) \
148 > ${OBJ}/sshd_proxy
149 check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen"
150 check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen"
151 # permitopen via authorized_keys that does match
152 sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \
153 < ${OBJ}/authorized_keys_${USER}.bak \
154 > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail"
155 ( cat ${OBJ}/sshd_proxy.bak ;
156 echo "AllowTcpForwarding $_tcpfwd" ) \
157 > ${OBJ}/sshd_proxy
158 check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen"
159 check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen"
160 done
161}
162
163# no-permitopen mismatch-permitopen match-permitopen
164# AllowTcpForwarding local remote local remote local remote
165all_tests yes Y Y N Y Y Y
166all_tests local Y N N N Y N
167all_tests remote N Y N Y N Y
168all_tests no N N N N N N
diff --git a/regress/integrity.sh b/regress/integrity.sh
new file mode 100644
index 000000000..4d46926d5
--- /dev/null
+++ b/regress/integrity.sh
@@ -0,0 +1,74 @@
1# $OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $
2# Placed in the Public Domain.
3
4tid="integrity"
5
6# start at byte 2900 (i.e. after kex) and corrupt at different offsets
7# XXX the test hangs if we modify the low bytes of the packet length
8# XXX and ssh tries to read...
9tries=10
10startoffset=2900
11macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
12 hmac-sha1-96 hmac-md5-96
13 hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
14 umac-64-etm@openssh.com umac-128-etm@openssh.com
15 hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com"
16config_defined HAVE_EVP_SHA256 &&
17 macs="$macs hmac-sha2-256 hmac-sha2-512
18 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
19# The following are not MACs, but ciphers with integrated integrity. They are
20# handled specially below.
21config_defined OPENSSL_HAVE_EVPGCM && \
22 macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"
23
24# sshd-command for proxy (see test-exec.sh)
25cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy"
26
27jot() {
28 awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
29}
30
31for m in $macs; do
32 trace "test $tid: mac $m"
33 elen=0
34 epad=0
35 emac=0
36 ecnt=0
37 skip=0
38 for off in `jot $tries $startoffset`; do
39 skip=`expr $skip - 1`
40 if [ $skip -gt 0 ]; then
41 # avoid modifying the high bytes of the length
42 continue
43 fi
44 # modify output from sshd at offset $off
45 pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
46 case $m in
47 aes*gcm*) macopt="-c $m";;
48 *) macopt="-m $m";;
49 esac
50 output=`${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
51 999.999.999.999 'printf "%4096s" " "' 2>&1`
52 if [ $? -eq 0 ]; then
53 fail "ssh -m $m succeeds with bit-flip at $off"
54 fi
55 ecnt=`expr $ecnt + 1`
56 output=`echo $output | tr -s '\r\n' '.'`
57 verbose "test $tid: $m @$off $output"
58 case "$output" in
59 Bad?packet*) elen=`expr $elen + 1`; skip=3;;
60 Corrupted?MAC* | Decryption?integrity?check?failed*)
61 emac=`expr $emac + 1`; skip=0;;
62 padding*) epad=`expr $epad + 1`; skip=0;;
63 *) fail "unexpected error mac $m at $off";;
64 esac
65 done
66 verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
67 if [ $emac -eq 0 ]; then
68 fail "$m: no mac errors"
69 fi
70 expect=`expr $ecnt - $epad - $elen`
71 if [ $emac -ne $expect ]; then
72 fail "$m: expected $expect mac errors, got $emac"
73 fi
74done
diff --git a/regress/keys-command.sh b/regress/keys-command.sh
new file mode 100644
index 000000000..b595a434f
--- /dev/null
+++ b/regress/keys-command.sh
@@ -0,0 +1,39 @@
1# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
2# Placed in the Public Domain.
3
4tid="authorized keys from command"
5
6if test -z "$SUDO" ; then
7 echo "skipped (SUDO not set)"
8 echo "need SUDO to create file in /var/run, test won't work without"
9 exit 0
10fi
11
12# Establish a AuthorizedKeysCommand in /var/run where it will have
13# acceptable directory permissions.
14KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
15cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
16#!/bin/sh
17test "x\$1" != "x${LOGNAME}" && exit 1
18exec cat "$OBJ/authorized_keys_${LOGNAME}"
19_EOF
20$SUDO chmod 0755 "$KEY_COMMAND"
21
22cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
23(
24 grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
25 echo AuthorizedKeysFile none
26 echo AuthorizedKeysCommand $KEY_COMMAND
27 echo AuthorizedKeysCommandUser ${LOGNAME}
28) > $OBJ/sshd_proxy
29
30if [ -x $KEY_COMMAND ]; then
31 ${SSH} -F $OBJ/ssh_proxy somehost true
32 if [ $? -ne 0 ]; then
33 fail "connect failed"
34 fi
35else
36 echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
37fi
38
39$SUDO rm -f $KEY_COMMAND
diff --git a/regress/krl.sh b/regress/krl.sh
new file mode 100644
index 000000000..62a239c38
--- /dev/null
+++ b/regress/krl.sh
@@ -0,0 +1,161 @@
1# $OpenBSD: krl.sh,v 1.1 2013/01/18 00:45:29 djm Exp $
2# Placed in the Public Domain.
3
4tid="key revocation lists"
5
6# If we don't support ecdsa keys then this tell will be much slower.
7ECDSA=ecdsa
8if test "x$TEST_SSH_ECC" != "xyes"; then
9 ECDSA=rsa
10fi
11
12# Do most testing with ssh-keygen; it uses the same verification code as sshd.
13
14# Old keys will interfere with ssh-keygen.
15rm -f $OBJ/revoked-* $OBJ/krl-*
16
17# Generate a CA key
18$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
19 fatal "$SSHKEYGEN CA failed"
20
21# A specification that revokes some certificates by serial numbers
22# The serial pattern is chosen to ensure the KRL includes list, range and
23# bitmap sections.
24cat << EOF >> $OBJ/revoked-serials
25serial: 1-4
26serial: 10
27serial: 15
28serial: 30
29serial: 50
30serial: 999
31# The following sum to 500-799
32serial: 500
33serial: 501
34serial: 502
35serial: 503-600
36serial: 700-797
37serial: 798
38serial: 799
39serial: 599-701
40EOF
41
42jot() {
43 awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
44}
45
46# A specification that revokes some certificated by key ID.
47touch $OBJ/revoked-keyid
48for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do
49 # Fill in by-ID revocation spec.
50 echo "id: revoked $n" >> $OBJ/revoked-keyid
51done
52
53keygen() {
54 N=$1
55 f=$OBJ/revoked-`printf "%04d" $N`
56 # Vary the keytype. We use mostly ECDSA since this is fastest by far.
57 keytype=$ECDSA
58 case $N in
59 2 | 10 | 510 | 1001) keytype=rsa;;
60 4 | 30 | 520 | 1002) keytype=dsa;;
61 esac
62 $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
63 || fatal "$SSHKEYGEN failed"
64 # Sign cert
65 $SSHKEYGEN -s $OBJ/revoked-ca -z $n -I "revoked $N" $f >/dev/null 2>&1 \
66 || fatal "$SSHKEYGEN sign failed"
67 echo $f
68}
69
70# Generate some keys.
71verbose "$tid: generating test keys"
72REVOKED_SERIALS="1 4 10 50 500 510 520 799 999"
73for n in $REVOKED_SERIALS ; do
74 f=`keygen $n`
75 REVOKED_KEYS="$REVOKED_KEYS ${f}.pub"
76 REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub"
77done
78NOTREVOKED_SERIALS="5 9 14 16 29 30 49 51 499 800 1000 1001"
79NOTREVOKED=""
80for n in $NOTREVOKED_SERIALS ; do
81 NOTREVOKED_KEYS="$NOTREVOKED_KEYS ${f}.pub"
82 NOTREVOKED_CERTS="$NOTREVOKED_CERTS ${f}-cert.pub"
83done
84
85genkrls() {
86 OPTS=$1
87$SSHKEYGEN $OPTS -kf $OBJ/krl-empty - </dev/null \
88 >/dev/null || fatal "$SSHKEYGEN KRL failed"
89$SSHKEYGEN $OPTS -kf $OBJ/krl-keys $REVOKED_KEYS \
90 >/dev/null || fatal "$SSHKEYGEN KRL failed"
91$SSHKEYGEN $OPTS -kf $OBJ/krl-cert $REVOKED_CERTS \
92 >/dev/null || fatal "$SSHKEYGEN KRL failed"
93$SSHKEYGEN $OPTS -kf $OBJ/krl-all $REVOKED_KEYS $REVOKED_CERTS \
94 >/dev/null || fatal "$SSHKEYGEN KRL failed"
95$SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \
96 >/dev/null || fatal "$SSHKEYGEN KRL failed"
97# KRLs from serial/key-id spec need the CA specified.
98$SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \
99 >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly"
100$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \
101 >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly"
102$SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \
103 >/dev/null || fatal "$SSHKEYGEN KRL failed"
104$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \
105 >/dev/null || fatal "$SSHKEYGEN KRL failed"
106}
107
108verbose "$tid: generating KRLs"
109genkrls
110
111check_krl() {
112 KEY=$1
113 KRL=$2
114 EXPECT_REVOKED=$3
115 TAG=$4
116 $SSHKEYGEN -Qf $KRL $KEY >/dev/null
117 result=$?
118 if test "x$EXPECT_REVOKED" = "xyes" -a $result -eq 0 ; then
119 fatal "key $KEY not revoked by KRL $KRL: $TAG"
120 elif test "x$EXPECT_REVOKED" = "xno" -a $result -ne 0 ; then
121 fatal "key $KEY unexpectedly revoked by KRL $KRL: $TAG"
122 fi
123}
124test_all() {
125 FILES=$1
126 TAG=$2
127 KEYS_RESULT=$3
128 ALL_RESULT=$4
129 SERIAL_RESULT=$5
130 KEYID_RESULT=$6
131 CERTS_RESULT=$7
132 CA_RESULT=$8
133 verbose "$tid: checking revocations for $TAG"
134 for f in $FILES ; do
135 check_krl $f $OBJ/krl-empty no "$TAG"
136 check_krl $f $OBJ/krl-keys $KEYS_RESULT "$TAG"
137 check_krl $f $OBJ/krl-all $ALL_RESULT "$TAG"
138 check_krl $f $OBJ/krl-serial $SERIAL_RESULT "$TAG"
139 check_krl $f $OBJ/krl-keyid $KEYID_RESULT "$TAG"
140 check_krl $f $OBJ/krl-cert $CERTS_RESULT "$TAG"
141 check_krl $f $OBJ/krl-ca $CA_RESULT "$TAG"
142 done
143}
144# keys all serial keyid certs CA
145test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no
146test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no
147test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes
148test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes
149
150# Check update. Results should be identical.
151verbose "$tid: testing KRL update"
152for f in $OBJ/krl-keys $OBJ/krl-cert $OBJ/krl-all \
153 $OBJ/krl-ca $OBJ/krl-serial $OBJ/krl-keyid ; do
154 cp -f $OBJ/krl-empty $f
155 genkrls -u
156done
157# keys all serial keyid certs CA
158test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no
159test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no
160test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes
161test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes
diff --git a/regress/modpipe.c b/regress/modpipe.c
new file mode 100755
index 000000000..9629aa80b
--- /dev/null
+++ b/regress/modpipe.c
@@ -0,0 +1,175 @@
1/*
2 * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17/* $OpenBSD: modpipe.c,v 1.4 2013/02/20 08:29:27 djm Exp $ */
18
19#include "includes.h"
20
21#include <sys/types.h>
22#include <unistd.h>
23#include <stdio.h>
24#include <string.h>
25#include <stdarg.h>
26#include <stdlib.h>
27#include <errno.h>
28#include "openbsd-compat/getopt.c"
29
30static void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
31static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
32
33static void
34err(int r, const char *fmt, ...)
35{
36 va_list args;
37
38 va_start(args, fmt);
39 fprintf(stderr, "%s: ", strerror(errno));
40 vfprintf(stderr, fmt, args);
41 fputc('\n', stderr);
42 va_end(args);
43 exit(r);
44}
45
46static void
47errx(int r, const char *fmt, ...)
48{
49 va_list args;
50
51 va_start(args, fmt);
52 vfprintf(stderr, fmt, args);
53 fputc('\n', stderr);
54 va_end(args);
55 exit(r);
56}
57
58static void
59usage(void)
60{
61 fprintf(stderr, "Usage: modpipe -w [-m modspec ...] < in > out\n");
62 fprintf(stderr, "modspec is one of:\n");
63 fprintf(stderr, " xor:offset:value - XOR \"value\" at \"offset\"\n");
64 fprintf(stderr, " andor:offset:val1:val2 - AND \"val1\" then OR \"val2\" at \"offset\"\n");
65 exit(1);
66}
67
68#define MAX_MODIFICATIONS 256
69struct modification {
70 enum { MOD_XOR, MOD_AND_OR } what;
71 u_int64_t offset;
72 u_int8_t m1, m2;
73};
74
75static void
76parse_modification(const char *s, struct modification *m)
77{
78 char what[16+1];
79 int n, m1, m2;
80
81 bzero(m, sizeof(*m));
82 if ((n = sscanf(s, "%16[^:]%*[:]%lli%*[:]%i%*[:]%i",
83 what, &m->offset, &m1, &m2)) < 3)
84 errx(1, "Invalid modification spec \"%s\"", s);
85 if (strcasecmp(what, "xor") == 0) {
86 if (n > 3)
87 errx(1, "Invalid modification spec \"%s\"", s);
88 if (m1 < 0 || m1 > 0xff)
89 errx(1, "Invalid XOR modification value");
90 m->what = MOD_XOR;
91 m->m1 = m1;
92 } else if (strcasecmp(what, "andor") == 0) {
93 if (n != 4)
94 errx(1, "Invalid modification spec \"%s\"", s);
95 if (m1 < 0 || m1 > 0xff)
96 errx(1, "Invalid AND modification value");
97 if (m2 < 0 || m2 > 0xff)
98 errx(1, "Invalid OR modification value");
99 m->what = MOD_AND_OR;
100 m->m1 = m1;
101 m->m2 = m2;
102 } else
103 errx(1, "Invalid modification type \"%s\"", what);
104}
105
106int
107main(int argc, char **argv)
108{
109 int ch;
110 u_char buf[8192];
111 size_t total;
112 ssize_t r, s, o;
113 struct modification mods[MAX_MODIFICATIONS];
114 u_int i, wflag = 0, num_mods = 0;
115
116 while ((ch = getopt(argc, argv, "wm:")) != -1) {
117 switch (ch) {
118 case 'm':
119 if (num_mods >= MAX_MODIFICATIONS)
120 errx(1, "Too many modifications");
121 parse_modification(optarg, &(mods[num_mods++]));
122 break;
123 case 'w':
124 wflag = 1;
125 break;
126 default:
127 usage();
128 /* NOTREACHED */
129 }
130 }
131 for (total = 0;;) {
132 r = s = read(STDIN_FILENO, buf, sizeof(buf));
133 if (r == 0)
134 break;
135 if (r < 0) {
136 if (errno == EAGAIN || errno == EINTR)
137 continue;
138 err(1, "read");
139 }
140 for (i = 0; i < num_mods; i++) {
141 if (mods[i].offset < total ||
142 mods[i].offset >= total + s)
143 continue;
144 switch (mods[i].what) {
145 case MOD_XOR:
146 buf[mods[i].offset - total] ^= mods[i].m1;
147 break;
148 case MOD_AND_OR:
149 buf[mods[i].offset - total] &= mods[i].m1;
150 buf[mods[i].offset - total] |= mods[i].m2;
151 break;
152 }
153 }
154 for (o = 0; o < s; o += r) {
155 r = write(STDOUT_FILENO, buf, s - o);
156 if (r == 0)
157 break;
158 if (r < 0) {
159 if (errno == EAGAIN || errno == EINTR)
160 continue;
161 err(1, "write");
162 }
163 }
164 total += s;
165 }
166 /* Warn if modifications not reached in input stream */
167 r = 0;
168 for (i = 0; wflag && i < num_mods; i++) {
169 if (mods[i].offset < total)
170 continue;
171 r = 1;
172 fprintf(stderr, "modpipe: warning - mod %u not reached\n", i);
173 }
174 return r;
175}
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index 93e15088f..1e6cc7606 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: multiplex.sh,v 1.13 2012/06/01 00:47:36 djm Exp $ 1# $OpenBSD: multiplex.sh,v 1.17 2012/10/05 02:05:30 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4CTL=/tmp/openssh.regress.ctl-sock.$$ 4CTL=/tmp/openssh.regress.ctl-sock.$$
@@ -13,14 +13,22 @@ fi
13DATA=/bin/ls${EXEEXT} 13DATA=/bin/ls${EXEEXT}
14COPY=$OBJ/ls.copy 14COPY=$OBJ/ls.copy
15 15
16wait_for_mux_master_ready()
17{
18 for i in 1 2 3 4 5; do
19 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost \
20 >/dev/null 2>&1 && return 0
21 sleep $i
22 done
23 fatal "mux master never becomes ready"
24}
25
16start_sshd 26start_sshd
17 27
18trace "start master, fork to background" 28trace "start master, fork to background"
19${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & 29${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost &
20MASTER_PID=$! 30MASTER_PID=$!
21 31wait_for_mux_master_ready
22# Wait for master to start and authenticate
23sleep 5
24 32
25verbose "test $tid: envpass" 33verbose "test $tid: envpass"
26trace "env passing over multiplexed connection" 34trace "env passing over multiplexed connection"
@@ -78,13 +86,35 @@ for s in 0 1 4 5 44; do
78 fi 86 fi
79done 87done
80 88
81trace "test check command" 89verbose "test $tid: cmd check"
82${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost || fail "check command failed" 90${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_SSH_LOGFILE 2>&1 \
91 || fail "check command failed"
83 92
84trace "test exit command" 93verbose "test $tid: cmd exit"
85${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost || fail "send exit command failed" 94${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_SSH_LOGFILE 2>&1 \
95 || fail "send exit command failed"
86 96
87# Wait for master to exit 97# Wait for master to exit
88sleep 2 98wait $MASTER_PID
99kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"
89 100
90kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" 101# Restart master and test -O stop command with master using -N
102verbose "test $tid: cmd stop"
103trace "restart master, fork to background"
104${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost &
105MASTER_PID=$!
106wait_for_mux_master_ready
107
108# start a long-running command then immediately request a stop
109${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \
110 >>$TEST_SSH_LOGFILE 2>&1 &
111SLEEP_PID=$!
112${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_SSH_LOGFILE 2>&1 \
113 || fail "send stop command failed"
114
115# wait until both long-running command and master have exited.
116wait $SLEEP_PID
117[ $! != 0 ] || fail "waiting for concurrent command"
118wait $MASTER_PID
119[ $! != 0 ] || fail "waiting for master stop"
120kill -0 $MASTER_PID >/dev/null 2>&1 && fail "stop command failed"
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index bdc2c1a49..aa4e6e5c0 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -140,6 +140,10 @@ if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
140 TEST_SSH_LOGFILE=/dev/null 140 TEST_SSH_LOGFILE=/dev/null
141fi 141fi
142 142
143# Some data for test copies
144DATA=$OBJ/testdata
145cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA
146
143# these should be used in tests 147# these should be used in tests
144export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP 148export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
145#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP 149#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
index 925863504..084a1457a 100644
--- a/regress/try-ciphers.sh
+++ b/regress/try-ciphers.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: try-ciphers.sh,v 1.13 2012/06/28 05:07:45 dtucker Exp $ 1# $OpenBSD: try-ciphers.sh,v 1.19 2013/02/11 23:58:51 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="try ciphers" 4tid="try ciphers"
@@ -7,11 +7,20 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
7 arcfour128 arcfour256 arcfour 7 arcfour128 arcfour256 arcfour
8 aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se 8 aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
9 aes128-ctr aes192-ctr aes256-ctr" 9 aes128-ctr aes192-ctr aes256-ctr"
10macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96" 10config_defined OPENSSL_HAVE_EVPGCM && \
11 ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
12macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
13 hmac-sha1-96 hmac-md5-96
14 hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
15 umac-64-etm@openssh.com umac-128-etm@openssh.com
16 hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com
17 hmac-ripemd160-etm@openssh.com"
11config_defined HAVE_EVP_SHA256 && 18config_defined HAVE_EVP_SHA256 &&
12 macs="$macs hmac-sha2-256 hmac-sha2-512" 19 macs="$macs hmac-sha2-256 hmac-sha2-512
20 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
13 21
14for c in $ciphers; do 22for c in $ciphers; do
23 n=0
15 for m in $macs; do 24 for m in $macs; do
16 trace "proto 2 cipher $c mac $m" 25 trace "proto 2 cipher $c mac $m"
17 verbose "test $tid: proto 2 cipher $c mac $m" 26 verbose "test $tid: proto 2 cipher $c mac $m"
@@ -19,6 +28,11 @@ for c in $ciphers; do
19 if [ $? -ne 0 ]; then 28 if [ $? -ne 0 ]; then
20 fail "ssh -2 failed with mac $m cipher $c" 29 fail "ssh -2 failed with mac $m cipher $c"
21 fi 30 fi
31 # No point trying all MACs for GCM since they are ignored.
32 case $c in
33 aes*-gcm@openssh.com) test $n -gt 0 && break;;
34 esac
35 n=`expr $n + 1`
22 done 36 done
23done 37done
24 38
@@ -32,20 +46,3 @@ for c in $ciphers; do
32 fi 46 fi
33done 47done
34 48
35if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
36then
37 :
38else
39
40echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy
41c=acss@openssh.org
42for m in $macs; do
43 trace "proto 2 $c mac $m"
44 verbose "test $tid: proto 2 cipher $c mac $m"
45 ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
46 if [ $? -ne 0 ]; then
47 fail "ssh -2 failed with mac $m cipher $c"
48 fi
49done
50
51fi
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 10:24:12 +0000