- djm@cvs.openbsd.org 2014/04/21 22:15:37
[dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
repair regress tests broken by server-side default cipher/kex/mac changes
by ensuring that the option under test is included in the server's
algorithm list
diff --git a/ChangeLog b/ChangeLog
index 0010452..0c5d870 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -97,6 +97,11 @@
this test is a sorry mess of race conditions; add another sleep
to avoid a failure on slow machines (at least until I find a
better way)
+ - djm@cvs.openbsd.org 2014/04/21 22:15:37
+ [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
+ repair regress tests broken by server-side default cipher/kex/mac changes
+ by ensuring that the option under test is included in the server's
+ algorithm list
20140430
- (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
diff --git a/regress/dhgex.sh b/regress/dhgex.sh
index 4c1a3d8..57fca4a 100644
--- a/regress/dhgex.sh
+++ b/regress/dhgex.sh
@@ -1,10 +1,11 @@
-# $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $
+# $OpenBSD: dhgex.sh,v 1.2 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="dhgex"
LOG=${TEST_SSH_LOGFILE}
rm -f ${LOG}
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange`
@@ -14,6 +15,9 @@
cipher="$1"; shift
kex="$1"; shift
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "KexAlgorithms=$kex" >> $OBJ/sshd_proxy
+ echo "Ciphers=$cipher" >> $OBJ/sshd_proxy
rm -f ${LOG}
opts="-oKexAlgorithms=$kex -oCiphers=$cipher"
groupsz="1024<$bits<8192"
diff --git a/regress/integrity.sh b/regress/integrity.sh
index 852d826..03d8061 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,7 +1,8 @@
-# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: integrity.sh,v 1.13 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="integrity"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# start at byte 2900 (i.e. after kex) and corrupt at different offsets
# XXX the test hangs if we modify the low bytes of the packet length
@@ -34,11 +35,15 @@
# avoid modifying the high bytes of the length
continue
fi
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
# modify output from sshd at offset $off
pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
+ echo "Ciphers=$m" >> $OBJ/sshd_proxy
macopt="-c $m"
else
+ echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy
+ echo "MACs=$m" >> $OBJ/sshd_proxy
macopt="-m $m -c aes128-ctr"
fi
verbose "test $tid: $m @$off"
diff --git a/regress/kextype.sh b/regress/kextype.sh
index 8c2ac09..6f952f4 100644
--- a/regress/kextype.sh
+++ b/regress/kextype.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: kextype.sh,v 1.4 2013/11/07 04:26:56 dtucker Exp $
+# $OpenBSD: kextype.sh,v 1.5 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="login with different key exchange algorithms"
@@ -7,6 +7,11 @@
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+# Make server accept all key exchanges.
+ALLKEX=`ssh -Q kex`
+KEXOPT=`echo $ALLKEX | tr ' ' ,`
+echo "KexAlgorithms=$KEXOPT" >> $OBJ/sshd_proxy
+
tries="1 2 3 4"
for k in `${SSH} -Q kex`; do
verbose "kex $k"
diff --git a/regress/rekey.sh b/regress/rekey.sh
index cf9401e..fd452b0 100644
--- a/regress/rekey.sh
+++ b/regress/rekey.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: rekey.sh,v 1.15 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="rekey"
@@ -6,14 +6,22 @@
LOG=${TEST_SSH_LOGFILE}
rm -f ${LOG}
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
# Test rekeying based on data volume only.
# Arguments will be passed to ssh.
ssh_data_rekeying()
{
+ _kexopt=$1 ; shift
+ _opts="$@"
+ if ! test -z "$_kexopts" ; then
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "$_kexopt" >> $OBJ/sshd_proxy
+ _opts="$_opts -o$_kexopt"
+ fi
rm -f ${COPY} ${LOG}
- ${SSH} <${DATA} -oCompression=no $@ -v -F $OBJ/ssh_proxy somehost \
- "cat > ${COPY}"
+ _opts="$_opts -oCompression=no"
+ ${SSH} <${DATA} $_opts -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
if [ $? -ne 0 ]; then
fail "ssh failed ($@)"
fi
@@ -41,7 +49,7 @@
for opt in $opts; do
verbose "client rekey $opt"
- ssh_data_rekeying -oRekeyLimit=256k -o$opt
+ ssh_data_rekeying "$opt" -oRekeyLimit=256k
done
# AEAD ciphers are magical so test with all KexAlgorithms
@@ -49,14 +57,14 @@
for c in `${SSH} -Q cipher-auth`; do
for kex in `${SSH} -Q kex`; do
verbose "client rekey $c $kex"
- ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex
+ ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c
done
done
fi
for s in 16 1k 128k 256k; do
verbose "client rekeylimit ${s}"
- ssh_data_rekeying -oCompression=no -oRekeyLimit=$s
+ ssh_data_rekeying "" -oCompression=no -oRekeyLimit=$s
done
for s in 5 10; do
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
index ac34ced..2881ce1 100644
--- a/regress/try-ciphers.sh
+++ b/regress/try-ciphers.sh
@@ -1,13 +1,18 @@
-# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $
+# $OpenBSD: try-ciphers.sh,v 1.23 2014/04/21 22:15:37 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
for c in `${SSH} -Q cipher`; do
n=0
for m in `${SSH} -Q mac`; do
trace "proto 2 cipher $c mac $m"
verbose "test $tid: proto 2 cipher $c mac $m"
+ cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+ echo "Ciphers=$c" >> $OBJ/sshd_proxy
+ echo "MACs=$m" >> $OBJ/sshd_proxy
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
if [ $? -ne 0 ]; then
fail "ssh -2 failed with mac $m cipher $c"