diff options
Diffstat (limited to 'crypto/openssh/regress/integrity.sh')
| -rwxr-xr-x | crypto/openssh/regress/integrity.sh | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/crypto/openssh/regress/integrity.sh b/crypto/openssh/regress/integrity.sh index 1d17fe1..852d826 100755 --- a/crypto/openssh/regress/integrity.sh +++ b/crypto/openssh/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ +# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $ # Placed in the Public Domain. tid="integrity" @@ -8,18 +8,10 @@ tid="integrity" # XXX and ssh tries to read... tries=10 startoffset=2900 -macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com - hmac-sha1-96 hmac-md5-96 - hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com - umac-64-etm@openssh.com umac-128-etm@openssh.com - hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com" -config_defined HAVE_EVP_SHA256 && - macs="$macs hmac-sha2-256 hmac-sha2-512 - hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" +macs=`${SSH} -Q mac` # The following are not MACs, but ciphers with integrated integrity. They are # handled specially below. -config_defined OPENSSL_HAVE_EVPGCM && \ - macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" +macs="$macs `${SSH} -Q cipher-auth`" # avoid DH group exchange as the extra traffic makes it harder to get the # offset into the stream right. @@ -44,12 +36,14 @@ for m in $macs; do fi # modify output from sshd at offset $off pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1" - case $m in - aes*gcm*) macopt="-c $m";; - *) macopt="-m $m";; - esac + if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then + macopt="-c $m" + else + macopt="-m $m -c aes128-ctr" + fi verbose "test $tid: $m @$off" ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ + -oServerAliveInterval=1 -oServerAliveCountMax=30 \ 999.999.999.999 'printf "%4096s" " "' >/dev/null if [ $? -eq 0 ]; then fail "ssh -m $m succeeds with bit-flip at $off" |
