diff options
Diffstat (limited to 'crypto/openssh/regress/integrity.sh')
-rwxr-xr-x | crypto/openssh/regress/integrity.sh | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/crypto/openssh/regress/integrity.sh b/crypto/openssh/regress/integrity.sh index 852d826..1d49767 100755 --- a/crypto/openssh/regress/integrity.sh +++ b/crypto/openssh/regress/integrity.sh @@ -1,7 +1,8 @@ -# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ +# $OpenBSD: integrity.sh,v 1.16 2015/03/24 20:22:17 markus Exp $ # Placed in the Public Domain. tid="integrity" +cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak # start at byte 2900 (i.e. after kex) and corrupt at different offsets # XXX the test hangs if we modify the low bytes of the packet length @@ -19,7 +20,7 @@ echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ >> $OBJ/ssh_proxy # sshd-command for proxy (see test-exec.sh) -cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" +cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" for m in $macs; do trace "test $tid: mac $m" @@ -34,11 +35,15 @@ for m in $macs; do # avoid modifying the high bytes of the length continue fi + cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy # modify output from sshd at offset $off pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" - if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then + if ${SSH} -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then + echo "Ciphers=$m" >> $OBJ/sshd_proxy macopt="-c $m" else + echo "Ciphers=aes128-ctr" >> $OBJ/sshd_proxy + echo "MACs=$m" >> $OBJ/sshd_proxy macopt="-m $m -c aes128-ctr" fi verbose "test $tid: $m @$off" @@ -49,14 +54,14 @@ for m in $macs; do fail "ssh -m $m succeeds with bit-flip at $off" fi ecnt=`expr $ecnt + 1` - output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ + out=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ tr -s '\r\n' '.') - case "$output" in + case "$out" in Bad?packet*) elen=`expr $elen + 1`; skip=3;; - Corrupted?MAC* | Decryption?integrity?check?failed*) + Corrupted?MAC* | *message?authentication?code?incorrect*) emac=`expr $emac + 1`; skip=0;; padding*) epad=`expr $epad + 1`; skip=0;; - *) fail "unexpected error mac $m at $off";; + *) fail "unexpected error mac $m at $off: $out";; esac done verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen" |