From 0ba85d696ae9daf66002c2e4ab0d6bb111e1a787 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 4 Feb 2014 11:08:38 +1100
Subject: ignore a few more regress droppings

---
 regress/.cvsignore | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'regress')

diff --git a/regress/.cvsignore b/regress/.cvsignore
index 99add9cc3..3fd25b02e 100644
--- a/regress/.cvsignore
+++ b/regress/.cvsignore
@@ -5,6 +5,8 @@
 *.pub
 actual
 authorized_keys_*
+batch
+copy.dd*
 data
 expect
 host.rsa*
-- 
cgit v1.2.3


From 9c449bc183b256c84d8f740727b0bc54d247b15e Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 4 Feb 2014 11:38:28 +1100
Subject:  - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()

---
 ChangeLog                | 1 +
 regress/setuid-allowed.c | 1 +
 2 files changed, 2 insertions(+)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index 40e347e43..cccbfc7a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,6 +66,7 @@
      canonicalisation to unbreak case-sensitive matching of ssh_config;
      reported by Ike Devolder; ok markus@
  - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
+ - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
 
 20140131
  - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
diff --git a/regress/setuid-allowed.c b/regress/setuid-allowed.c
index 37b7dc8ad..676d2661c 100644
--- a/regress/setuid-allowed.c
+++ b/regress/setuid-allowed.c
@@ -23,6 +23,7 @@
 # include <sys/statvfs.h>
 #endif
 #include <stdio.h>
+#include <string.h>
 #include <errno.h>
 
 void
-- 
cgit v1.2.3


From f483cc16fe7314e24a37aa3a4422b03c013c3213 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:19:11 +1100
Subject:    - dtucker@cvs.openbsd.org 2014/01/19 23:43:02     
 [regress/sftp-chroot.sh]      Don't use -q on sftp as it suppresses logging,
 instead redirect the      output to the regress logfile.

---
 ChangeLog              | 5 +++++
 regress/sftp-chroot.sh | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index 7e27013b1..f6ffb16a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,11 @@
    - djm@cvs.openbsd.org 2014/02/27 22:57:40
      [version.h]
      openssh-6.6
+   - dtucker@cvs.openbsd.org 2014/01/19 23:43:02
+     [regress/sftp-chroot.sh]
+     Don't use -q on sftp as it suppresses logging, instead redirect the
+     output to the regress logfile.
+
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh
index 03b9bc6d7..cb731dfe8 100644
--- a/regress/sftp-chroot.sh
+++ b/regress/sftp-chroot.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sftp-chroot.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
+#	$OpenBSD: sftp-chroot.sh,v 1.3 2014/01/19 23:43:02 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sftp in chroot"
@@ -18,7 +18,8 @@ $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \
 start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /"
 
 verbose "test $tid: get"
-${SFTP} -qS "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY || \
+${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \
+    >$TEST_REGRESS_LOGFILE 2>&1 || \
 	fatal "Fetch ${FILENAME} failed"
 cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
 
-- 
cgit v1.2.3


From 1e2aa3d90472293ea19008f02336d6d68aa05793 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:19:51 +1100
Subject:    - dtucker@cvs.openbsd.org 2014/01/20 00:00:30     
 [sftp-chroot.sh]      append to rather than truncating the log file

---
 ChangeLog              | 4 +++-
 regress/sftp-chroot.sh | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index f6ffb16a0..7d8d827ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,7 +18,9 @@
      [regress/sftp-chroot.sh]
      Don't use -q on sftp as it suppresses logging, instead redirect the
      output to the regress logfile.
-
+   - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
+     [sftp-chroot.sh]
+     append to rather than truncating the log file
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh
index cb731dfe8..23f7456e8 100644
--- a/regress/sftp-chroot.sh
+++ b/regress/sftp-chroot.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sftp-chroot.sh,v 1.3 2014/01/19 23:43:02 dtucker Exp $
+#	$OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sftp in chroot"
@@ -19,7 +19,7 @@ start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /"
 
 verbose "test $tid: get"
 ${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \
-    >$TEST_REGRESS_LOGFILE 2>&1 || \
+    >>$TEST_REGRESS_LOGFILE 2>&1 || \
 	fatal "Fetch ${FILENAME} failed"
 cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
 
-- 
cgit v1.2.3


From b84392328425e4b9a71f8bde5fe6a4a4c48d3ec4 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:21:26 +1100
Subject:    - dtucker@cvs.openbsd.org 2014/01/25 04:35:32     
 [regress/Makefile regress/dhgex.sh]      Add a test for DH GEX sizes

---
 ChangeLog        |  5 ++++-
 regress/Makefile |  3 ++-
 regress/dhgex.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 regress/dhgex.sh

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index 7d8d827ed..f010a08db 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,8 +19,11 @@
      Don't use -q on sftp as it suppresses logging, instead redirect the
      output to the regress logfile.
    - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
-     [sftp-chroot.sh]
+     [sregress/ftp-chroot.sh]
      append to rather than truncating the log file
+   - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
+     [regress/Makefile regress/dhgex.sh]
+     Add a test for DH GEX sizes
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/Makefile b/regress/Makefile
index 0c66b1774..5405ca39b 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.67 2013/12/06 13:52:46 markus Exp $
+#	$OpenBSD: Makefile,v 1.68 2014/01/25 04:35:32 dtucker Exp $
 
 REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t-exec
 tests:		$(REGRESS_TARGETS)
@@ -23,6 +23,7 @@ LTESTS= 	connect \
 		transfer \
 		banner \
 		rekey \
+		dhgex \
 		stderr-data \
 		stderr-after-eof \
 		broken-pipe \
diff --git a/regress/dhgex.sh b/regress/dhgex.sh
new file mode 100644
index 000000000..4c1a3d83c
--- /dev/null
+++ b/regress/dhgex.sh
@@ -0,0 +1,54 @@
+#	$OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $
+#	Placed in the Public Domain.
+
+tid="dhgex"
+
+LOG=${TEST_SSH_LOGFILE}
+rm -f ${LOG}
+
+kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
+
+ssh_test_dhgex()
+{
+	bits="$1"; shift
+	cipher="$1"; shift
+	kex="$1"; shift
+
+	rm -f ${LOG}
+	opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
+	groupsz="1024<$bits<8192"
+	verbose "$tid bits $bits $kex $cipher"
+	${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true
+	if [ $? -ne 0 ]; then
+		fail "ssh failed ($@)"
+	fi
+	# check what we request
+	grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null
+	if [ $? != 0 ]; then
+		got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}`
+		fail "$tid unexpected GEX sizes, expected $groupsz, got $got"
+	fi
+	# check what we got (depends on contents of system moduli file)
+	gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`"
+	if [ "$gotbits" -lt "$bits" ]; then
+		fatal "$tid expected $bits bit group, got $gotbits"
+	fi
+}
+
+check()
+{
+	bits="$1"; shift
+
+	for c in $@; do
+		for k in $kexs; do
+			ssh_test_dhgex $bits $c $k
+		done
+	done
+}
+
+#check 2048 3des-cbc
+check 3072 `${SSH} -Q cipher | grep 128`
+check 3072 arcfour blowfish-cbc
+check 7680 `${SSH} -Q cipher | grep 192`
+check 8192 `${SSH} -Q cipher | grep 256`
+check 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com
-- 
cgit v1.2.3


From 624a3ca376e3955a4b9d936c9e899e241b65d357 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:22:37 +1100
Subject:    - djm@cvs.openbsd.org 2014/01/26 10:22:10     
 [regress/cert-hostkey.sh]      automatically generate revoked keys from
 listed keys rather than      manually specifying each type; from portable    
  (Id sync only)

---
 ChangeLog               | 5 +++++
 regress/cert-hostkey.sh | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index f010a08db..4a5e7aaf3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,11 @@
    - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
      [regress/Makefile regress/dhgex.sh]
      Add a test for DH GEX sizes
+   - djm@cvs.openbsd.org 2014/01/26 10:22:10
+     [regress/cert-hostkey.sh]
+     automatically generate revoked keys from listed keys rather than
+     manually specifying each type; from portable
+     (Id sync only)
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index a1318cd53..1d9e0ed8e 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.8 2013/12/06 13:52:46 markus Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.9 2014/01/26 10:22:10 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
-- 
cgit v1.2.3


From d705d987c27f68080c8798eeb5262adbdd6b4ffd Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:23:26 +1100
Subject:    - djm@cvs.openbsd.org 2014/01/26 10:49:17      [scp-ssh-wrapper.sh
 scp.sh]      make sure $SCP is tested on the remote end rather than whichever
 one      happens to be in $PATH; from portable      (Id sync only)

---
 ChangeLog                  | 5 +++++
 regress/scp-ssh-wrapper.sh | 2 +-
 regress/scp.sh             | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index 4a5e7aaf3..8f206f56a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,11 @@
      automatically generate revoked keys from listed keys rather than
      manually specifying each type; from portable
      (Id sync only)
+   - djm@cvs.openbsd.org 2014/01/26 10:49:17
+     [scp-ssh-wrapper.sh scp.sh]
+     make sure $SCP is tested on the remote end rather than whichever one
+     happens to be in $PATH; from portable
+     (Id sync only)
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh
index c63bc2bc1..59f1ff63e 100644
--- a/regress/scp-ssh-wrapper.sh
+++ b/regress/scp-ssh-wrapper.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-#       $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $
+#       $OpenBSD: scp-ssh-wrapper.sh,v 1.3 2014/01/26 10:49:17 djm Exp $
 #       Placed in the Public Domain.
 
 printname () {
diff --git a/regress/scp.sh b/regress/scp.sh
index c2da2a862..57cc77066 100644
--- a/regress/scp.sh
+++ b/regress/scp.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: scp.sh,v 1.9 2013/05/17 10:35:43 dtucker Exp $
+#	$OpenBSD: scp.sh,v 1.10 2014/01/26 10:49:17 djm Exp $
 #	Placed in the Public Domain.
 
 tid="scp"
-- 
cgit v1.2.3


From 4f7f1a9a0de24410c30952c7e16d433240422182 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:24:11 +1100
Subject:    - djm@cvs.openbsd.org 2014/02/27 20:04:16      [login-timeout.sh] 
     remove any existing LoginGraceTime from sshd_config before adding      a
 specific one for the test back in

---
 ChangeLog                | 4 ++++
 regress/login-timeout.sh | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index 8f206f56a..61e12f0e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,10 @@
      make sure $SCP is tested on the remote end rather than whichever one
      happens to be in $PATH; from portable
      (Id sync only)
+   - djm@cvs.openbsd.org 2014/02/27 20:04:16
+     [login-timeout.sh]
+     remove any existing LoginGraceTime from sshd_config before adding
+     a specific one for the test back in
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh
index d73923b9c..d9b48f391 100644
--- a/regress/login-timeout.sh
+++ b/regress/login-timeout.sh
@@ -1,9 +1,11 @@
-#	$OpenBSD: login-timeout.sh,v 1.5 2013/05/17 10:23:52 dtucker Exp $
+#	$OpenBSD: login-timeout.sh,v 1.6 2014/02/27 20:04:16 djm Exp $
 #	Placed in the Public Domain.
 
 tid="connect after login grace timeout"
 
 trace "test login grace with privsep"
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
+grep -vi LoginGraceTime $OBJ/sshd_config.orig > $OBJ/sshd_config
 echo "LoginGraceTime 10s" >> $OBJ/sshd_config
 echo "MaxStartups 1" >> $OBJ/sshd_config
 start_sshd
-- 
cgit v1.2.3


From 834aeac3555e53f7d29a6fcf3db010dfb99681c7 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:25:16 +1100
Subject:    - djm@cvs.openbsd.org 2014/02/27 21:21:25      [agent-ptrace.sh
 agent.sh]      keep return values that are printed in error messages;     
 from portable      (Id sync only)

---
 ChangeLog               | 5 +++++
 regress/agent-ptrace.sh | 2 +-
 regress/agent.sh        | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index 61e12f0e0..c1d725581 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,11 @@
      [login-timeout.sh]
      remove any existing LoginGraceTime from sshd_config before adding
      a specific one for the test back in
+   - djm@cvs.openbsd.org 2014/02/27 21:21:25
+     [agent-ptrace.sh agent.sh]
+     keep return values that are printed in error messages;
+     from portable
+     (Id sync only)
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
 
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
index ae150641f..1912ca8f9 100644
--- a/regress/agent-ptrace.sh
+++ b/regress/agent-ptrace.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
+#	$OpenBSD: agent-ptrace.sh,v 1.2 2014/02/27 21:21:25 djm Exp $
 #	Placed in the Public Domain.
 
 tid="disallow agent ptrace attach"
diff --git a/regress/agent.sh b/regress/agent.sh
index cf1a45fe0..caad3c88e 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent.sh,v 1.9 2013/12/06 13:52:46 markus Exp $
+#	$OpenBSD: agent.sh,v 1.10 2014/02/27 21:21:25 djm Exp $
 #	Placed in the Public Domain.
 
 tid="simple agent test"
-- 
cgit v1.2.3


From c83fdf30e9db865575b2521b1fe46315cf4c70ae Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 28 Feb 2014 10:34:03 +1100
Subject:  - (djm) [regress/host-expand.sh] Add RCS Id

---
 ChangeLog              | 1 +
 regress/host-expand.sh | 1 +
 2 files changed, 2 insertions(+)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index c1d725581..f547ae0f6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,7 @@
      (Id sync only)
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
    [contrib/suse/openssh.spec] Crank version numbers
+ - (djm) [regress/host-expand.sh] Add RCS Id
 
 20140227
  - OpenBSD CVS Sync
diff --git a/regress/host-expand.sh b/regress/host-expand.sh
index a0188363d..6cc0e6055 100644
--- a/regress/host-expand.sh
+++ b/regress/host-expand.sh
@@ -1,3 +1,4 @@
+#	$OpenBSD: host-expand.sh,v 1.3 2014/02/27 23:17:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="expand %h and %n"
-- 
cgit v1.2.3


From 2476c31b96e89aec7d4e73cb6fbfb9a4290de3a7 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 2 Mar 2014 04:01:00 +1100
Subject:  - (djm) [regress/Makefile] Disable dhgex regress test; it breaks
 when    no moduli file exists at the expected location.

---
 ChangeLog        | 4 ++++
 regress/Makefile | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'regress')

diff --git a/ChangeLog b/ChangeLog
index f547ae0f6..fa0453c86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20140301
+ - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
+   no moduli file exists at the expected location.
+
 20140228
  - OpenBSD CVS Sync
    - djm@cvs.openbsd.org 2014/02/27 00:41:49
diff --git a/regress/Makefile b/regress/Makefile
index 5405ca39b..6e3b8d634 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -23,7 +23,6 @@ LTESTS= 	connect \
 		transfer \
 		banner \
 		rekey \
-		dhgex \
 		stderr-data \
 		stderr-after-eof \
 		broken-pipe \
@@ -66,6 +65,7 @@ LTESTS= 	connect \
 		forward-control \
 		integrity \
 		krl
+#		dhgex \
 
 INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
 #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
-- 
cgit v1.2.3