external/openssh: update to 6.8p1.

In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.

  * Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
    OpenSSH 5.9p1 exactly (save for the removal of the scard
    subdirectory).

  * Downloaded openssh-6.8p1.tar.gz (SHA256:
    3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
    and verified with PGP signature. (I've verified Damien's key in
    person previously.)

  * Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
    OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
    ugliest change is probably the duplication of umac.c to umac128.c
    because Android conditionally compiles that file twice. See the
    comment in those files.

Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/Makefile.in b/Makefile.in
index 3be3aa6..40cc7aa 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.325 2011/08/05 20:15:18 djm Exp $
+# $Id: Makefile.in,v 1.365 2014/08/30 06:23:07 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -29,6 +29,7 @@
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 STRIP_OPT=@STRIP_OPT@
+TEST_SHELL=@TEST_SHELL@
 
 PATHS= -DSSHDIR=\"$(sysconfdir)\" \
 	-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@@ -37,13 +38,15 @@
 	-D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
 	-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
 	-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
-	-D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
+	-D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
 
 CC=@CC@
 LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+K5LIBS=@K5LIBS@
+GSSLIBS=@GSSLIBS@
 SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
@@ -61,17 +64,34 @@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
 
-LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
-	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+LIBOPENSSH_OBJS=\
+	ssh_api.o \
+	ssherr.o \
+	sshbuf.o \
+	sshkey.o \
+	sshbuf-getput-basic.o \
+	sshbuf-misc.o \
+	sshbuf-getput-crypto.o \
+	krl.o \
+	bitmap.o
+
+LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
+	authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \
+	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
 	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
-	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
-	log.o match.o md-sha256.o moduli.o nchan.o packet.o \
+	compat.o crc32.o deattack.o fatal.o hostfile.o \
+	log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
 	readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
-	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
-	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
-	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
-	schnorr.o ssh-pkcs11.o
+	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+	ssh-pkcs11.o smult_curve25519_ref.o \
+	poly1305.o chacha.o cipher-chachapoly.o \
+	ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
+	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \
+	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
+	kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
+	kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o
 
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
@@ -83,14 +103,14 @@
 	auth.o auth1.o auth2.o auth-options.o session.o \
 	auth-chall.o auth2-chall.o groupaccess.o \
 	auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
-	auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
-	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
-	auth-krb5.o \
+	auth2-none.o auth2-passwd.o auth2-pubkey.o \
+	monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
 	sftp-server.o sftp-common.o \
 	roaming_common.o roaming_serv.o \
-	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+	sandbox-seccomp-filter.o sandbox-capsicum.o
 
 MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -109,6 +129,7 @@
 	-e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \
 	-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
 	-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
+	-e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \
 	-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
 	-e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
 	-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
@@ -118,6 +139,8 @@
 	-e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
 
 FIXPATHSCMD	= $(SED) $(PATHSUBS)
+FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
+		     @UNSUPPORTED_ALGORITHMS@
 
 all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
 
@@ -126,7 +149,7 @@
 $(SSHDOBJS): Makefile.in config.h
 
 .c.o:
-	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
 
 LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
 $(LIBCOMPAT): always
@@ -138,10 +161,10 @@
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
 
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
 	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -181,9 +204,10 @@
 		manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
 	fi; \
 	if test "$(MANTYPE)" = "man"; then \
-		$(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
+		$(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \
+		    $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
 	else \
-		$(FIXPATHSCMD) $${manpage} > $@; \
+		$(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \
 	fi
 
 $(CONFIGFILES): $(CONFIGFILES_IN)
@@ -194,9 +218,28 @@
 moduli:
 	echo
 
+# special case target for umac128
+umac128.o:	umac.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \
+	    -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \
+	    -Dumac_update=umac128_update -Dumac_final=umac128_final \
+	    -Dumac_delete=umac128_delete
+
 clean:	regressclean
 	rm -f *.o *.a $(TARGETS) logintest config.cache config.log
 	rm -f *.out core survey
+	rm -f regress/unittests/test_helper/*.a
+	rm -f regress/unittests/test_helper/*.o
+	rm -f regress/unittests/sshbuf/*.o
+	rm -f regress/unittests/sshbuf/test_sshbuf
+	rm -f regress/unittests/sshkey/*.o
+	rm -f regress/unittests/sshkey/test_sshkey
+	rm -f regress/unittests/bitmap/*.o
+	rm -f regress/unittests/bitmap/test_bitmap
+	rm -f regress/unittests/hostkeys/*.o
+	rm -f regress/unittests/hostkeys/test_hostkeys
+	rm -f regress/unittests/kex/*.o
+	rm -f regress/unittests/kex/test_kex
 	(cd openbsd-compat && $(MAKE) clean)
 
 distclean:	regressclean
@@ -205,6 +248,18 @@
 	rm -f Makefile buildpkg.sh config.h config.status
 	rm -f survey.sh openbsd-compat/regress/Makefile *~ 
 	rm -rf autom4te.cache
+	rm -f regress/unittests/test_helper/*.a
+	rm -f regress/unittests/test_helper/*.o
+	rm -f regress/unittests/sshbuf/*.o
+	rm -f regress/unittests/sshbuf/test_sshbuf
+	rm -f regress/unittests/sshkey/*.o
+	rm -f regress/unittests/sshkey/test_sshkey
+	rm -f regress/unittests/bitmap/*.o
+	rm -f regress/unittests/bitmap/test_bitmap
+	rm -f regress/unittests/hostkeys/*.o
+	rm -f regress/unittests/hostkeys/test_hostkeys
+	rm -f regress/unittests/kex/*.o
+	rm -f regress/unittests/kex/test_kex
 	(cd openbsd-compat && $(MAKE) distclean)
 	if test -d pkg ; then \
 		rm -fr pkg ; \
@@ -319,6 +374,11 @@
 		else \
 			./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \
 		fi ; \
+		if [ -f $(sysconfdir)/ssh_host_ed25519_key ] ; then \
+			echo "$(sysconfdir)/ssh_host_ed25519_key already exists, skipping." ; \
+		else \
+			./ssh-keygen -t ed25519 -f $(sysconfdir)/ssh_host_ed25519_key -N "" ; \
+		fi ; \
 		if [ -z "@COMMENT_OUT_ECC@" ] ; then \
 		    if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \
 			echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \
@@ -332,6 +392,7 @@
 	./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
 	./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
 	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
+	./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N ""
 	test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""
 
 uninstallall:	uninstall
@@ -371,12 +432,117 @@
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
 
-tests interop-tests:	$(TARGETS)
+regress-prep:
+	[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+	[ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests
+	[ -d `pwd`/regress/unittests/test_helper ] || \
+		mkdir -p `pwd`/regress/unittests/test_helper
+	[ -d `pwd`/regress/unittests/sshbuf ] || \
+		mkdir -p `pwd`/regress/unittests/sshbuf
+	[ -d `pwd`/regress/unittests/sshkey ] || \
+		mkdir -p `pwd`/regress/unittests/sshkey
+	[ -d `pwd`/regress/unittests/bitmap ] || \
+		mkdir -p `pwd`/regress/unittests/bitmap
+	[ -d `pwd`/regress/unittests/hostkeys ] || \
+		mkdir -p `pwd`/regress/unittests/hostkeys
+	[ -d `pwd`/regress/unittests/kex ] || \
+		mkdir -p `pwd`/regress/unittests/kex
+	[ -f `pwd`/regress/Makefile ] || \
+	    ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+
+regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+	$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+	$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c
+	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+	$(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_HELPER_OBJS=\
+	regress/unittests/test_helper/test_helper.o \
+	regress/unittests/test_helper/fuzz.o
+
+regress/unittests/test_helper/libtest_helper.a: ${UNITTESTS_TEST_HELPER_OBJS}
+	$(AR) rv $@ $(UNITTESTS_TEST_HELPER_OBJS)
+	$(RANLIB) $@
+
+UNITTESTS_TEST_SSHBUF_OBJS=\
+	regress/unittests/sshbuf/tests.o \
+	regress/unittests/sshbuf/test_sshbuf.o \
+	regress/unittests/sshbuf/test_sshbuf_getput_basic.o \
+	regress/unittests/sshbuf/test_sshbuf_getput_crypto.o \
+	regress/unittests/sshbuf/test_sshbuf_misc.o \
+	regress/unittests/sshbuf/test_sshbuf_fuzz.o \
+	regress/unittests/sshbuf/test_sshbuf_getput_fuzz.o \
+	regress/unittests/sshbuf/test_sshbuf_fixed.o
+
+regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_SSHKEY_OBJS=\
+	regress/unittests/sshkey/test_fuzz.o \
+	regress/unittests/sshkey/tests.o \
+	regress/unittests/sshkey/common.o \
+	regress/unittests/sshkey/test_file.o \
+	regress/unittests/sshkey/test_sshkey.o
+
+regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHKEY_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_BITMAP_OBJS=\
+	regress/unittests/bitmap/tests.o
+
+regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_BITMAP_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_KEX_OBJS=\
+	regress/unittests/kex/tests.o \
+	regress/unittests/kex/test_kex.o \
+	roaming_dummy.o
+
+regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_KEX_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+UNITTESTS_TEST_HOSTKEYS_OBJS=\
+	regress/unittests/hostkeys/tests.o \
+	regress/unittests/hostkeys/test_iterate.o
+
+regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
+    ${UNITTESTS_TEST_HOSTKEYS_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_HOSTKEYS_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+REGRESS_BINARIES=\
+	regress/modpipe$(EXEEXT) \
+	regress/setuid-allowed$(EXEEXT) \
+	regress/netcat$(EXEEXT) \
+	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
+	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
+	regress/unittests/bitmap/test_bitmap$(EXEEXT) \
+	regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
+	regress/unittests/kex/test_kex$(EXEEXT)
+
+tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES)
 	BUILDDIR=`pwd`; \
-	[ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress; \
-	[ -f `pwd`/regress/Makefile ]  || \
-	    ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \
-	TEST_SHELL="@TEST_SHELL@"; \
+	TEST_SSH_SCP="$${BUILDDIR}/scp"; \
 	TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
 	TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
 	TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
@@ -391,7 +557,6 @@
 	TEST_SSH_CONCH="conch"; \
 	TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
 	TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
-	TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
 	cd $(srcdir)/regress || exit $$?; \
 	$(MAKE) \
 		.OBJDIR="$${BUILDDIR}/regress" \
@@ -399,7 +564,8 @@
 		BUILDDIR="$${BUILDDIR}" \
 		OBJ="$${BUILDDIR}/regress/" \
 		PATH="$${BUILDDIR}:$${PATH}" \
-		TEST_SHELL="$${TEST_SHELL}" \
+		TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
+		TEST_SSH_SCP="$${TEST_SSH_SCP}" \
 		TEST_SSH_SSH="$${TEST_SSH_SSH}" \
 		TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
 		TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
@@ -414,7 +580,7 @@
 		TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
 		TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
 		TEST_SSH_ECC="$${TEST_SSH_ECC}" \
-		TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
+		TEST_SHELL="${TEST_SHELL}" \
 		EXEEXT="$(EXEEXT)" \
 		$@ && echo all tests passed
 
@@ -439,4 +605,3 @@
 	if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
 		sh buildpkg.sh; \
 	fi
-