Age | Commit message (Collapse) | Author |
|
[regress/integrity.sh regress/modpipe.c]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
|
|
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
|
|
|
|
lack support for SHA2.
|
|
[integrity.sh]
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset
|
|
[integrity.sh]
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800
|
|
[integrity.sh]
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.
|
|
[integrity.sh]
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.
|
|
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
Iain Morgan
|
|
|
|
|
|
|
|
[try-ciphers.sh]
remove acss here too
|
|
|
|
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
Tests for Key Revocation Lists (KRLs)
|
|
check for GCM support before testing GCM ciphers.
|
|
|
|
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
test AES-GCM modes; feedback markus@
|
|
|
|
|
|
work on platforms without 'jot'
|
|
[try-ciphers.sh]
add hmac-ripemd160-etm@openssh.com
|
|
[regress/Makefile regress/modpipe.c regress/integrity.sh]
test the integrity of the packets; with djm@
|
|
[regress/try-ciphers.sh]
add etm modes
|
|
[regress/keys-command.sh]
Fix some problems with the keys-command test:
- use string comparison rather than numeric comparison
- check for existing KEY_COMMAND file and don't clobber if it exists
- clean up KEY_COMMAND file if we do create it.
- check that KEY_COMMAND is executable (which it won't be if eg /var/run
is mounted noexec).
ok djm.
|
|
[Makefile regress/forward-control.sh]
regress for AllowTcpForwarding local/remote; ok markus@
|
|
[regress/Makefile regress/keys-command.sh]
regress for AuthorizedKeysCommand; hints from markus@
|
|
[regress/cert-userkey.sh]
include a serial number when generating certs
|
|
[regress/cipher-speed.sh regress/try-ciphers.sh]
Add umac-128@openssh.com to the list of MACs to be tested
|
|
[regress/multiplex.sh]
Use 'kill -0' to test for the presence of a pid since it's more portable
|
|
[regress/multiplex.sh]
use -Ocheck and waiting for completions by PID to make multiplexing test
less racy and (hopefully) more reliable on slow hardware.
|
|
[regress/multiplex.sh]
Log -O cmd output to the log file and make logging consistent with the
other tests. Test clean shutdown of an existing channel when testing
"stop".
|
|
[multiplex.sh]
Add test for ssh -Ostop
|
|
[regress/try-ciphers.sh]
Restore missing space. (Id sync only).
|
|
|
|
Move cygwin detection to test-exec and use to skip reexec test on cygwin.
|
|
[regress/connect-privsep.sh]
remove exit from end of test since it prevents reporting failure
|
|
[regress/try-ciphers.sh regress/cipher-speed.sh]
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
from draft6 of the spec and will not be in the RFC when published. Patch
from mdb at juniper net via bz#2023, ok markus
|
|
[regress/connect-privsep.sh]
test sandbox with every malloc option
|
|
[regress/sftp-cmds.sh]
don't delete .* on cleanup due to unintended env expansion; pointed out in
bz#2014 by openssh AT roumenpetrov.info
|
|
[multiplex.sh forwarding.sh]
append to rather than truncate test log; bz#2013 from openssh AT
roumenpetrov.
|
|
[regress/addrmatch.sh]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
|
|
platform rather than exiting early, so that we still clean up and return
status to test-exec.sh
|
|
to work. Spotted by Angel Gonzalez
|
|
regress errors for the sandbox to warnings. ok tim dtucker
|
|
MAC tests for platforms that hack EVP_SHA2 support
|
|
[regress/cipher-speed.sh regress/try-ciphers.sh]
add SHA256/SHA512 based HMAC modes
|
|
[connect-privsep.sh]
test with sandbox enabled; ok djm@
|
|
[regress/cfgmatch.sh]
use OBJ to find test configs, patch from Tim Rice
|
|
|