From 771c43cee6343f757884030ff92f1156b2ef399f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Dec 2012 10:12:13 +1100 Subject: - djm@cvs.openbsd.org 2012/11/22 22:49:30 [regress/Makefile regress/keys-command.sh] regress for AuthorizedKeysCommand; hints from markus@ --- regress/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'regress/Makefile') diff --git a/regress/Makefile b/regress/Makefile index f114c27e9..dcc80b734 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.58 2011/01/06 22:46:21 djm Exp $ +# $OpenBSD: Makefile,v 1.59 2012/11/22 22:49:30 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: $(REGRESS_TARGETS) @@ -57,7 +57,8 @@ LTESTS= connect \ kextype \ cert-hostkey \ cert-userkey \ - host-expand + host-expand \ + keys-command INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp -- cgit v1.2.3 From 999bd2d259c1dacb53a2d8be31d4c1861b58cdb3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 3 Dec 2012 10:13:39 +1100 Subject: - djm@cvs.openbsd.org 2012/12/02 20:47:48 [Makefile regress/forward-control.sh] regress for AllowTcpForwarding local/remote; ok markus@ --- ChangeLog | 3 + regress/Makefile | 9 ++- regress/forward-control.sh | 168 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 177 insertions(+), 3 deletions(-) create mode 100644 regress/forward-control.sh (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index 873d81d59..2e9c4e279 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,9 @@ - djm@cvs.openbsd.org 2012/11/22 22:49:30 [regress/Makefile regress/keys-command.sh] regress for AuthorizedKeysCommand; hints from markus@ + - djm@cvs.openbsd.org 2012/12/02 20:47:48 + [Makefile regress/forward-control.sh] + regress for AllowTcpForwarding local/remote; ok markus@ 20121114 - (djm) OpenBSD CVS Sync diff --git a/regress/Makefile b/regress/Makefile index dcc80b734..c628fb5ff 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.59 2012/11/22 22:49:30 djm Exp $ +# $OpenBSD: Makefile,v 1.60 2012/12/02 20:47:48 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: $(REGRESS_TARGETS) @@ -58,7 +58,8 @@ LTESTS= connect \ cert-hostkey \ cert-userkey \ host-expand \ - keys-command + keys-command \ + forward-control INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -78,7 +79,9 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ known_hosts-cert host_ca_key* cert_host_key* \ putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ key.rsa-* key.dsa-* key.ecdsa-* \ - authorized_principals_${USER} expect actual + authorized_principals_${USER} expect actual ready \ + sshd_proxy.* authorized_keys_${USER}.* + # Enable all malloc(3) randomisations and checks TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" diff --git a/regress/forward-control.sh b/regress/forward-control.sh new file mode 100644 index 000000000..9d000bc76 --- /dev/null +++ b/regress/forward-control.sh @@ -0,0 +1,168 @@ +# $OpenBSD: forward-control.sh,v 1.1 2012/12/02 20:47:48 djm Exp $ +# Placed in the Public Domain. + +tid="sshd control of local and remote forwarding" + +LFWD_PORT=3320 +RFWD_PORT=3321 +CTL=$OBJ/ctl-sock +READY=$OBJ/ready + +wait_for_file_to_appear() { + _path=$1 + _n=0 + while test ! -e $_path ; do + test $_n -eq 1 && trace "waiting for $_path to appear" + _n=`expr $_n + 1` + test $_n -ge 5 && return 1 + sleep 1 + done + return 0 +} + +wait_for_process_to_exit() { + _pid=$1 + _n=0 + while kill -0 $_pid 2>/dev/null ; do + test $_n -eq 1 && trace "waiting for $_pid to exit" + _n=`expr $_n + 1` + test $_n -ge 5 && return 1 + sleep 1 + done + return 0 +} + +# usage: check_lfwd protocol Y|N message +check_lfwd() { + _proto=$1 + _expected=$2 + _message=$3 + rm -f $READY + ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \ + -L$LFWD_PORT:127.0.0.1:$PORT \ + -o ExitOnForwardFailure=yes \ + -n host "sleep 60 & echo \$! > $READY ; wait " \ + >/dev/null 2>&1 & + _sshpid=$! + wait_for_file_to_appear $READY || \ + fatal "check_lfwd ssh fail: $_message" + ${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \ + -oConnectionAttempts=4 host true >/dev/null 2>&1 + _result=$? + kill $_sshpid `cat $READY` 2>/dev/null + wait_for_process_to_exit $_sshpid + if test "x$_expected" = "xY" -a $_result -ne 0 ; then + fail "check_lfwd failed (expecting success): $_message" + elif test "x$_expected" = "xN" -a $_result -eq 0 ; then + fail "check_lfwd succeeded (expecting failure): $_message" + elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then + fatal "check_lfwd invalid argument \"$_expected\"" + else + verbose "check_lfwd done (expecting $_expected): $_message" + fi +} + +# usage: check_rfwd protocol Y|N message +check_rfwd() { + _proto=$1 + _expected=$2 + _message=$3 + rm -f $READY + ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \ + -R$RFWD_PORT:127.0.0.1:$PORT \ + -o ExitOnForwardFailure=yes \ + -n host "sleep 60 & echo \$! > $READY ; wait " \ + >/dev/null 2>&1 & + _sshpid=$! + wait_for_file_to_appear $READY + _result=$? + if test $_result -eq 0 ; then + ${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \ + -oConnectionAttempts=4 host true >/dev/null 2>&1 + _result=$? + kill $_sshpid `cat $READY` 2>/dev/null + wait_for_process_to_exit $_sshpid + fi + if test "x$_expected" = "xY" -a $_result -ne 0 ; then + fail "check_rfwd failed (expecting success): $_message" + elif test "x$_expected" = "xN" -a $_result -eq 0 ; then + fail "check_rfwd succeeded (expecting failure): $_message" + elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then + fatal "check_rfwd invalid argument \"$_expected\"" + else + verbose "check_rfwd done (expecting $_expected): $_message" + fi +} + +start_sshd +cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak +cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak + +# Sanity check: ensure the default config allows forwarding +for p in 1 2 ; do + check_lfwd $p Y "proto $p, default configuration" + check_rfwd $p Y "proto $p, default configuration" +done + +# Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N +all_tests() { + _tcpfwd=$1 + _plain_lfwd=$2 + _plain_rfwd=$3 + _nopermit_lfwd=$4 + _nopermit_rfwd=$5 + _permit_lfwd=$6 + _permit_rfwd=$7 + _badfwd=127.0.0.1:22 + _goodfwd=127.0.0.1:${PORT} + for _proto in 1 2 ; do + cp ${OBJ}/authorized_keys_${USER}.bak \ + ${OBJ}/authorized_keys_${USER} + _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd" + # No PermitOpen + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_proto $_plain_lfwd "$_prefix" + check_rfwd $_proto $_plain_rfwd "$_prefix" + # PermitOpen via sshd_config that doesn't match + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ; + echo "PermitOpen $_badfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen" + check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen" + # PermitOpen via sshd_config that does match + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ; + echo "PermitOpen $_badfwd $_goodfwd" ) \ + > ${OBJ}/sshd_proxy + # NB. permitopen via authorized_keys should have same + # success/fail as via sshd_config + # permitopen via authorized_keys that doesn't match + sed "s/^/permitopen=\"$_badfwd\" /" \ + < ${OBJ}/authorized_keys_${USER}.bak \ + > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail" + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen" + check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen" + # permitopen via authorized_keys that does match + sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \ + < ${OBJ}/authorized_keys_${USER}.bak \ + > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail" + ( cat ${OBJ}/sshd_proxy.bak ; + echo "AllowTcpForwarding $_tcpfwd" ) \ + > ${OBJ}/sshd_proxy + check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen" + check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen" + done +} + +# no-permitopen mismatch-permitopen match-permitopen +# AllowTcpForwarding local remote local remote local remote +all_tests yes Y Y N Y Y Y +all_tests local Y N N N Y N +all_tests remote N Y N Y N Y +all_tests no N N N N N N -- cgit v1.2.3 From 1fb593a3f198b75787c5c5974fe256122427d1d3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Dec 2012 10:54:37 +1100 Subject: - markus@cvs.openbsd.org 2012/12/11 22:42:11 [regress/Makefile regress/modpipe.c regress/integrity.sh] test the integrity of the packets; with djm@ --- ChangeLog | 3 ++ regress/Makefile | 9 ++-- regress/integrity.sh | 58 ++++++++++++++++++++++++ regress/modpipe.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 191 insertions(+), 3 deletions(-) create mode 100644 regress/integrity.sh create mode 100755 regress/modpipe.c (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index 49ee0eb00..2fe093dad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ - markus@cvs.openbsd.org 2012/12/11 22:32:56 [regress/try-ciphers.sh] add etm modes + - markus@cvs.openbsd.org 2012/12/11 22:42:11 + [regress/Makefile regress/modpipe.c regress/integrity.sh] + test the integrity of the packets; with djm@ 20121207 - (dtucker) OpenBSD CVS Sync diff --git a/regress/Makefile b/regress/Makefile index c628fb5ff..2eb2e3181 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.60 2012/12/02 20:47:48 djm Exp $ +# $OpenBSD: Makefile,v 1.61 2012/12/11 22:42:11 markus Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: $(REGRESS_TARGETS) @@ -59,7 +59,8 @@ LTESTS= connect \ cert-userkey \ host-expand \ keys-command \ - forward-control + forward-control \ + integrity INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -142,7 +143,9 @@ t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null -t-exec: ${LTESTS:=.sh} +modpipe: modpipe.c + +t-exec: modpipe ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ diff --git a/regress/integrity.sh b/regress/integrity.sh new file mode 100644 index 000000000..23135685c --- /dev/null +++ b/regress/integrity.sh @@ -0,0 +1,58 @@ +# $OpenBSD: integrity.sh,v 1.1 2012/12/11 22:42:11 markus Exp $ +# Placed in the Public Domain. + +tid="integrity" + +# start at byte 2300 (i.e. after kex) and corrupt at different offsets +# XXX the test hangs if we modify the low bytes of the packet length +# XXX and ssh tries to read... +tries=10 +startoffset=2300 +macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com + hmac-sha1-96 hmac-md5-96 hmac-sha2-256 hmac-sha2-512 + hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com + umac-64-etm@openssh.com umac-128-etm@openssh.com + hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com + hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" + +# sshd-command for proxy (see test-exec.sh) +cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" + +for m in $macs; do + trace "test $tid: mac $m" + elen=0 + epad=0 + emac=0 + ecnt=0 + skip=0 + for off in $(jot $tries $startoffset); do + if [ $((skip--)) -gt 0 ]; then + # avoid modifying the high bytes of the length + continue + fi + # modify output from sshd at offset $off + pxy="proxycommand=$cmd | $OBJ/modpipe -m xor:$off:1" + output=$(${SSH} -m $m -2F $OBJ/ssh_proxy -o "$pxy" \ + 999.999.999.999 true 2>&1) + if [ $? -eq 0 ]; then + fail "ssh -m $m succeeds with bit-flip at $off" + fi + ecnt=$((ecnt+1)) + output=$(echo $output | tr -s '\r\n' '.') + verbose "test $tid: $m @$off $output" + case "$output" in + Bad?packet*) elen=$((elen+1)); skip=2;; + Corrupted?MAC*) emac=$((emac+1)); skip=0;; + padding*) epad=$((epad+1)); skip=0;; + *) fail "unexpected error mac $m at $off";; + esac + done + verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen" + if [ $emac -eq 0 ]; then + fail "$m: no mac errors" + fi + expect=$((ecnt-epad-elen)) + if [ $emac -ne $expect ]; then + fail "$m: expected $expect mac errors, got $emac" + fi +done diff --git a/regress/modpipe.c b/regress/modpipe.c new file mode 100755 index 000000000..439be4c9d --- /dev/null +++ b/regress/modpipe.c @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2012 Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: modpipe.c,v 1.1 2012/12/11 23:54:40 djm Exp $ */ + +#include +#include +#include +#include +#include +#include +#include + +static void +usage(void) +{ + fprintf(stderr, "Usage: modpipe [-m modspec ...] < in > out\n"); + fprintf(stderr, "modspec is one of:\n"); + fprintf(stderr, " xor:offset:value - XOR \"value\" at \"offset\"\n"); + fprintf(stderr, " andor:offset:val1:val2 - AND \"val1\" then OR \"val2\" at \"offset\"\n"); + exit(1); +} + +#define MAX_MODIFICATIONS 256 +struct modification { + enum { MOD_XOR, MOD_AND_OR } what; + u_int64_t offset; + u_int8_t m1, m2; +}; + +static void +parse_modification(const char *s, struct modification *m) +{ + char what[16+1]; + int n; + + bzero(m, sizeof(*m)); + if ((n = sscanf(s, "%16[^:]%*[:]%lli%*[:]%hhi%*[:]%hhi", + what, &m->offset, &m->m1, &m->m2)) < 3) + errx(1, "Invalid modification spec \"%s\"", s); + if (strcasecmp(what, "xor") == 0) { + m->what = MOD_XOR; + if (n > 3) + errx(1, "Invalid modification spec \"%s\"", s); + } else if (strcasecmp(what, "andor") == 0) { + m->what = MOD_AND_OR; + if (n != 4) + errx(1, "Invalid modification spec \"%s\"", s); + } else + errx(1, "Invalid modification type \"%s\"", what); +} + +int +main(int argc, char **argv) +{ + int ch; + u_char buf[8192]; + size_t total; + ssize_t r, s, o; + struct modification mods[MAX_MODIFICATIONS]; + u_int i, num_mods = 0; + + while ((ch = getopt(argc, argv, "m:")) != -1) { + switch (ch) { + case 'm': + if (num_mods >= MAX_MODIFICATIONS) + errx(1, "Too many modifications"); + parse_modification(optarg, &(mods[num_mods++])); + break; + default: + usage(); + /* NOTREACHED */ + } + } + for (total = 0;;) { + r = s = read(STDIN_FILENO, buf, sizeof(buf)); + if (r == 0) + return 0; + if (r < 0) { + if (errno == EAGAIN || errno == EINTR) + continue; + err(1, "read"); + } + for (i = 0; i < num_mods; i++) { + if (mods[i].offset < total || + mods[i].offset >= total + s) + continue; + switch (mods[i].what) { + case MOD_XOR: + buf[mods[i].offset - total] ^= mods[i].m1; + break; + case MOD_AND_OR: + buf[mods[i].offset - total] &= mods[i].m1; + buf[mods[i].offset - total] |= mods[i].m2; + break; + } + } + for (o = 0; o < s; o += r) { + r = write(STDOUT_FILENO, buf, s - o); + if (r == 0) + return 0; + if (r < 0) { + if (errno == EAGAIN || errno == EINTR) + continue; + err(1, "write"); + } + } + total += s; + } + return 0; +} -- cgit v1.2.3 From 9fec296b0ac3e17ea1dcdf01761870297f7fd50a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Dec 2012 12:10:10 +1100 Subject: - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test work on platforms without 'jot' --- regress/Makefile | 8 ++++---- regress/integrity.sh | 7 ++++++- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'regress/Makefile') diff --git a/regress/Makefile b/regress/Makefile index 2eb2e3181..636858662 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -81,7 +81,7 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ key.rsa-* key.dsa-* key.ecdsa-* \ authorized_principals_${USER} expect actual ready \ - sshd_proxy.* authorized_keys_${USER}.* + sshd_proxy.* authorized_keys_${USER}.* modpipe # Enable all malloc(3) randomisations and checks @@ -143,15 +143,15 @@ t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null -modpipe: modpipe.c - -t-exec: modpipe ${LTESTS:=.sh} +t-exec: ${LTESTS:=.sh} modpipe @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done +modpipe: modpipe.c + t-exec-interop: ${INTEROP_TESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ diff --git a/regress/integrity.sh b/regress/integrity.sh index 23135685c..f6e5c1963 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -18,6 +18,10 @@ macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com # sshd-command for proxy (see test-exec.sh) cmd="sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" +jot() { + awk 'BEGIN { for (i = $2; i < $2 + $1; i++) { printf "%d\n", i } }' +} +set -x for m in $macs; do trace "test $tid: mac $m" elen=0 @@ -26,7 +30,8 @@ for m in $macs; do ecnt=0 skip=0 for off in $(jot $tries $startoffset); do - if [ $((skip--)) -gt 0 ]; then + skip=$((skip - 1)) + if [ $skip -gt 0 ]; then # avoid modifying the high bytes of the length continue fi -- cgit v1.2.3 From faabeb6b36df2e1d17b5d23280812c68900d4e40 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Dec 2012 12:51:54 +1100 Subject: - (djm) [regress/Makefile] fix t-exec rule --- ChangeLog | 1 + regress/Makefile | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index 9473d60ca..93f2404f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,7 @@ - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test work on platforms without 'jot' - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip + - (djm) [regress/Makefile] fix t-exec rule 20121207 - (dtucker) OpenBSD CVS Sync diff --git a/regress/Makefile b/regress/Makefile index 636858662..af1fa31df 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.61 2012/12/11 22:42:11 markus Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec -tests: $(REGRESS_TARGETS) +tests: prereq $(REGRESS_TARGETS) # Interop tests are not run by default interop interop-tests: t-exec-interop @@ -143,15 +143,17 @@ t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null -t-exec: ${LTESTS:=.sh} modpipe +prereq: modpipe + +modpipe: modpipe.c + +t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done -modpipe: modpipe.c - t-exec-interop: ${INTEROP_TESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ -- cgit v1.2.3 From ebafebda8570b2b013327cdc6627f9c5fb9733c1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 18 Jan 2013 11:51:56 +1100 Subject: - djm@cvs.openbsd.org 2013/01/18 00:45:29 [regress/Makefile regress/cert-userkey.sh regress/krl.sh] Tests for Key Revocation Lists (KRLs) --- ChangeLog | 4 ++ regress/Makefile | 9 +-- regress/cert-userkey.sh | 22 ++++++- regress/krl.sh | 151 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 180 insertions(+), 6 deletions(-) create mode 100644 regress/krl.sh (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index 65403d6e7..a45d24b29 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,10 @@ a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@ + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2013/01/18 00:45:29 + [regress/Makefile regress/cert-userkey.sh regress/krl.sh] + Tests for Key Revocation Lists (KRLs) 20130117 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] diff --git a/regress/Makefile b/regress/Makefile index af1fa31df..18f9f124c 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.61 2012/12/11 22:42:11 markus Exp $ +# $OpenBSD: Makefile,v 1.62 2013/01/18 00:45:29 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec tests: prereq $(REGRESS_TARGETS) @@ -60,7 +60,8 @@ LTESTS= connect \ host-expand \ keys-command \ forward-control \ - integrity + integrity \ + krl INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -77,11 +78,11 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ ls.copy banner.in banner.out empty.in \ scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ - known_hosts-cert host_ca_key* cert_host_key* \ + known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \ putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ key.rsa-* key.dsa-* key.ecdsa-* \ authorized_principals_${USER} expect actual ready \ - sshd_proxy.* authorized_keys_${USER}.* modpipe + sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* # Enable all malloc(3) randomisations and checks diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index aa85cd6cb..3bba9f8f2 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.9 2012/10/19 05:10:42 djm Exp $ +# $OpenBSD: cert-userkey.sh,v 1.10 2013/01/18 00:45:29 djm Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -184,14 +184,32 @@ basic_tests() { ( cat $OBJ/sshd_proxy_bak echo "UsePrivilegeSeparation $privsep" - echo "RevokedKeys $OBJ/cert_user_key_${ktype}.pub" + echo "RevokedKeys $OBJ/cert_user_key_revoked" echo "$extra_sshd" ) > $OBJ/sshd_proxy + cp $OBJ/cert_user_key_${ktype}.pub \ + $OBJ/cert_user_key_revoked ${SSH} -2i $OBJ/cert_user_key_${ktype} \ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpecedly" fi + verbose "$tid: ${_prefix} revoked via KRL" + rm $OBJ/cert_user_key_revoked + ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \ + $OBJ/cert_user_key_${ktype}.pub + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ + -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 + if [ $? -eq 0 ]; then + fail "ssh cert connect succeeded unexpecedly" + fi + verbose "$tid: ${_prefix} empty KRL" + ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ + -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 + if [ $? -ne 0 ]; then + fail "ssh cert connect failed" + fi done # Revoked CA diff --git a/regress/krl.sh b/regress/krl.sh new file mode 100644 index 000000000..3ee5a9060 --- /dev/null +++ b/regress/krl.sh @@ -0,0 +1,151 @@ +# $OpenBSD: krl.sh,v 1.1 2013/01/18 00:45:29 djm Exp $ +# Placed in the Public Domain. + +tid="key revocation lists" + +# Do most testing with ssh-keygen; it uses the same verification code as sshd. + +# Old keys will interfere with ssh-keygen. +rm -f $OBJ/revoked-* $OBJ/krl-* + +# Generate a CA key +$SSHKEYGEN -t ecdsa -f $OBJ/revoked-ca -C "" -N "" > /dev/null || + fatal "$SSHKEYGEN CA failed" + +# A specification that revokes some certificates by serial numbers +# The serial pattern is chosen to ensure the KRL includes list, range and +# bitmap sections. +cat << EOF >> $OBJ/revoked-serials +serial: 1-4 +serial: 10 +serial: 15 +serial: 30 +serial: 50 +serial: 999 +# The following sum to 500-799 +serial: 500 +serial: 501 +serial: 502 +serial: 503-600 +serial: 700-797 +serial: 798 +serial: 799 +serial: 599-701 +EOF + +# A specification that revokes some certificated by key ID. +touch $OBJ/revoked-keyid +for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do + # Fill in by-ID revocation spec. + echo "id: revoked $n" >> $OBJ/revoked-keyid +done + +keygen() { + N=$1 + f=$OBJ/revoked-`printf "%04d" $N` + # Vary the keytype. We use mostly ECDSA since this is fastest by far. + keytype=ecdsa + case $N in + 2 | 10 | 510 | 1001) keytype=rsa;; + 4 | 30 | 520 | 1002) keytype=dsa;; + esac + $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \ + || fatal "$SSHKEYGEN failed" + # Sign cert + $SSHKEYGEN -s $OBJ/revoked-ca -z $n -I "revoked $N" $f >/dev/null 2>&1 \ + || fatal "$SSHKEYGEN sign failed" + echo $f +} + +# Generate some keys. +verbose "$tid: generating test keys" +REVOKED_SERIALS="1 4 10 50 500 510 520 799 999" +for n in $REVOKED_SERIALS ; do + f=`keygen $n` + REVOKED_KEYS="$REVOKED_KEYS ${f}.pub" + REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub" +done +NOTREVOKED_SERIALS="5 9 14 16 29 30 49 51 499 800 1000 1001" +NOTREVOKED="" +for n in $NOTREVOKED_SERIALS ; do + NOTREVOKED_KEYS="$NOTREVOKED_KEYS ${f}.pub" + NOTREVOKED_CERTS="$NOTREVOKED_CERTS ${f}-cert.pub" +done + +genkrls() { + OPTS=$1 +$SSHKEYGEN $OPTS -kf $OBJ/krl-empty - /dev/null || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-keys $REVOKED_KEYS \ + >/dev/null || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-cert $REVOKED_CERTS \ + >/dev/null || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-all $REVOKED_KEYS $REVOKED_CERTS \ + >/dev/null || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \ + >/dev/null || fatal "$SSHKEYGEN KRL failed" +# KRLs from serial/key-id spec need the CA specified. +$SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \ + >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" +$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \ + >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" +$SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \ + >/dev/null || fatal "$SSHKEYGEN KRL failed" +$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \ + >/dev/null || fatal "$SSHKEYGEN KRL failed" +} + +verbose "$tid: generating KRLs" +genkrls + +check_krl() { + KEY=$1 + KRL=$2 + EXPECT_REVOKED=$3 + TAG=$4 + $SSHKEYGEN -Qf $KRL $KEY >/dev/null + result=$? + if test "x$EXPECT_REVOKED" = "xyes" -a $result -eq 0 ; then + fatal "key $KEY not revoked by KRL $KRL: $TAG" + elif test "x$EXPECT_REVOKED" = "xno" -a $result -ne 0 ; then + fatal "key $KEY unexpectedly revoked by KRL $KRL: $TAG" + fi +} +test_all() { + FILES=$1 + TAG=$2 + KEYS_RESULT=$3 + ALL_RESULT=$4 + SERIAL_RESULT=$5 + KEYID_RESULT=$6 + CERTS_RESULT=$7 + CA_RESULT=$8 + verbose "$tid: checking revocations for $TAG" + for f in $FILES ; do + check_krl $f $OBJ/krl-empty no "$TAG" + check_krl $f $OBJ/krl-keys $KEYS_RESULT "$TAG" + check_krl $f $OBJ/krl-all $ALL_RESULT "$TAG" + check_krl $f $OBJ/krl-serial $SERIAL_RESULT "$TAG" + check_krl $f $OBJ/krl-keyid $KEYID_RESULT "$TAG" + check_krl $f $OBJ/krl-cert $CERTS_RESULT "$TAG" + check_krl $f $OBJ/krl-ca $CA_RESULT "$TAG" + done +} +# keys all serial keyid certs CA +test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no +test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no +test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes +test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes + +# Check update. Results should be identical. +verbose "$tid: testing KRL update" +for f in $OBJ/krl-keys $OBJ/krl-cert $OBJ/krl-all \ + $OBJ/krl-ca $OBJ/krl-serial $OBJ/krl-keyid ; do + cp -f $OBJ/krl-empty $f + genkrls -u +done +# keys all serial keyid certs CA +test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no +test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no +test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes +test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes -- cgit v1.2.3 From b3764e12024e70296d35877a3da2c4d575dafdb9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 19 Feb 2013 13:15:01 +1100 Subject: - djm@cvs.openbsd.org 2013/02/19 02:14:09 [integrity.sh] oops, forgot to increase the output of the ssh command to ensure that we actually reach $offset --- ChangeLog | 4 ++++ regress/Makefile | 2 ++ regress/integrity.sh | 4 ++-- regress/modpipe.c | 32 ++++++++++++++++++++++++++++++-- 4 files changed, 38 insertions(+), 4 deletions(-) (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index afde4d9b2..bac8998c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [integrity.sh] crank the offset yet again; it was still fuzzing KEX one of Darren's portable test hosts at 2800 + - djm@cvs.openbsd.org 2013/02/19 02:14:09 + [integrity.sh] + oops, forgot to increase the output of the ssh command to ensure that + we actually reach $offset 20130217 - OpenBSD CVS Sync diff --git a/regress/Makefile b/regress/Makefile index 18f9f124c..c3aec43fc 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -90,6 +90,8 @@ TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" TEST_SSH_SSHKEYGEN?=ssh-keygen +CPPFLAGS=-I.. + t1: ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv diff --git a/regress/integrity.sh b/regress/integrity.sh index 261e9f9a9..0a0146e05 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.5 2013/02/18 22:26:47 djm Exp $ +# $OpenBSD: integrity.sh,v 1.6 2013/02/19 02:14:09 djm Exp $ # Placed in the Public Domain. tid="integrity" @@ -46,7 +46,7 @@ for m in $macs; do *) macopt="-m $m";; esac output=$(${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ - 999.999.999.999 'printf "%2048s" " "' 2>&1) + 999.999.999.999 'printf "%4096s" " "' 2>&1) if [ $? -eq 0 ]; then fail "ssh -m $m succeeds with bit-flip at $off" fi diff --git a/regress/modpipe.c b/regress/modpipe.c index 439be4c9d..b05915b63 100755 --- a/regress/modpipe.c +++ b/regress/modpipe.c @@ -14,16 +14,44 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: modpipe.c,v 1.1 2012/12/11 23:54:40 djm Exp $ */ +/* $Id: modpipe.c,v 1.2 2013/02/19 02:15:08 djm Exp $ */ #include #include #include #include +#include #include -#include #include +static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); +static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); + +static void +err(int r, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + fprintf(stderr, "%s: ", strerror(errno)); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(r); +} + +static void +errx(int r, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(r); +} + static void usage(void) { -- cgit v1.2.3 From c31db8cd6e301c8d4024cb9250e3178d13d1be44 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Tue, 19 Feb 2013 19:01:51 -0800 Subject: - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded err.h include from krl.c. Additional portability fixes for modpipe. OK djm --- ChangeLog | 4 ++++ Makefile.in | 12 +++++++----- krl.c | 1 - regress/Makefile | 6 +----- regress/modpipe.c | 3 ++- 5 files changed, 14 insertions(+), 12 deletions(-) (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index 41d49f6b5..cf50b4688 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 20130220 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. + - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded + err.h include from krl.c. Additional portability fixes for modpipe. OK djm 20130219 - OpenBSD CVS Sync @@ -13,6 +15,8 @@ we actually reach $offset - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that lack support for SHA2. + - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms + that do not have them. 20130217 - OpenBSD CVS Sync diff --git a/Makefile.in b/Makefile.in index ec3e1f417..44d594441 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.331 2013/02/12 00:00:34 djm Exp $ +# $Id: Makefile.in,v 1.332 2013/02/20 03:01:51 tim Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -379,14 +379,16 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 -tests interop-tests: $(TARGETS) +regress/modpipe: $(srcdir)/regress/modpipe.c + [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ + $(CC) $(CPPFLAGS) -o $@ $? \ + $(LDFLAGS) -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + +tests interop-tests: $(TARGETS) regress/modpipe BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ - [ -f `pwd`/regress/modpipe.c ] || \ - ln -s `cd $(srcdir) && pwd`/regress/modpipe.c `pwd`/regress/modpipe.c; \ - (cd regress && make prereq); \ TEST_SHELL="@TEST_SHELL@"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ diff --git a/krl.c b/krl.c index 5ed7bd7e5..5a6bd14aa 100644 --- a/krl.c +++ b/krl.c @@ -33,7 +33,6 @@ #include "buffer.h" #include "key.h" #include "authfile.h" -#include "err.h" #include "misc.h" #include "log.h" #include "xmalloc.h" diff --git a/regress/Makefile b/regress/Makefile index c3aec43fc..779abf4fb 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.62 2013/01/18 00:45:29 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec -tests: prereq $(REGRESS_TARGETS) +tests: $(REGRESS_TARGETS) # Interop tests are not run by default interop interop-tests: t-exec-interop @@ -146,10 +146,6 @@ t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null -prereq: modpipe - -modpipe: modpipe.c - t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ diff --git a/regress/modpipe.c b/regress/modpipe.c index b05915b63..1d4229885 100755 --- a/regress/modpipe.c +++ b/regress/modpipe.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: modpipe.c,v 1.2 2013/02/19 02:15:08 djm Exp $ */ +/* $Id: modpipe.c,v 1.3 2013/02/20 03:01:52 tim Exp $ */ #include #include @@ -23,6 +23,7 @@ #include #include #include +#include "openbsd-compat/getopt.c" static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); -- cgit v1.2.3 From fe10a28e088751ec3a6ac96e73be21bae8b86d70 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 12 Mar 2013 11:19:40 +1100 Subject: - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] Improve portability of cipher-speed test, based mostly on a patch from Iain Morgan. --- ChangeLog | 5 +++++ regress/Makefile | 2 +- regress/cipher-speed.sh | 9 ++++----- regress/test-exec.sh | 4 ++++ 4 files changed, 14 insertions(+), 6 deletions(-) (limited to 'regress/Makefile') diff --git a/ChangeLog b/ChangeLog index 3b5b5482f..859c01ad9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20120312 + - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] + Improve portability of cipher-speed test, based mostly on a patch from + Iain Morgan. + 20130307 - (dtucker) [INSTALL] Bump documented autoconf version to what we're currently using. diff --git a/regress/Makefile b/regress/Makefile index 779abf4fb..6ef5d9cce 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -71,7 +71,7 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers USER!= id -un CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ t8.out t8.out.pub t9.out t9.out.pub \ - authorized_keys_${USER} known_hosts pidfile \ + authorized_keys_${USER} known_hosts pidfile testdata \ ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 21bf0f2e9..65e5f35ec 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh @@ -5,12 +5,11 @@ tid="cipher speed" getbytes () { - sed -n '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' + sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \ + -e '/copied/s/.*s, \(.* MB.s\).*/\1/p' } tries="1 2" -DATA=/bin/ls -DATA=/bsd ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour128 arcfour256 arcfour @@ -26,7 +25,7 @@ config_defined HAVE_EVP_SHA256 && \ for c in $ciphers; do n=0; for m in $macs; do trace "proto 2 cipher $c mac $m" for x in $tries; do - echon "$c/$m:\t" + printf "%-60s" "$c/$m:" ( ${SSH} -o 'compression no' \ -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ exec sh -c \'"dd of=/dev/null obs=32k"\' \ @@ -47,7 +46,7 @@ ciphers="3des blowfish" for c in $ciphers; do trace "proto 1 cipher $c" for x in $tries; do - echon "$c:\t" + printf "%-60s" "$c:" ( ${SSH} -o 'compression no' \ -F $OBJ/ssh_proxy -1 -c $c somehost \ exec sh -c \'"dd of=/dev/null obs=32k"\' \ diff --git a/regress/test-exec.sh b/regress/test-exec.sh index bdc2c1a49..aa4e6e5c0 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -140,6 +140,10 @@ if [ "x$TEST_SSH_LOGFILE" = "x" ]; then TEST_SSH_LOGFILE=/dev/null fi +# Some data for test copies +DATA=$OBJ/testdata +cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA + # these should be used in tests export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP -- cgit v1.2.3