[regress/modpipe.c]
use unsigned long long instead of u_int64_t here to avoid warnings
on some systems portable OpenSSH is built on.
+ - djm@cvs.openbsd.org 2013/11/21 03:18:51
+ [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
+ [regress/try-ciphers.sh]
+ use new "ssh -Q cipher-auth" query to obtain lists of authenticated
+ encryption ciphers instead of specifying them manually; ensures that
+ the new chacha20poly1305@openssh.com mode is tested;
+
+ ok markus@ and naddy@ as part of the diff to add
+ chacha20poly1305@openssh.com
20131110
- (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
-# $OpenBSD: cipher-speed.sh,v 1.10 2013/11/07 02:48:38 dtucker Exp $
+# $OpenBSD: cipher-speed.sh,v 1.11 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="cipher speed"
fail "ssh -2 failed with mac $m cipher $c"
fi
done
- # No point trying all MACs for GCM since they are ignored.
- case $c in
- aes*-gcm@openssh.com) test $n -gt 0 && break;;
- esac
+ # No point trying all MACs for AEAD ciphers since they are ignored.
+ if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
+ break
+ fi
n=`expr $n + 1`
done; done
-# $OpenBSD: integrity.sh,v 1.11 2013/11/07 02:48:38 dtucker Exp $
+# $OpenBSD: integrity.sh,v 1.12 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="integrity"
macs=`${SSH} -Q mac`
# The following are not MACs, but ciphers with integrated integrity. They are
# handled specially below.
-macs="$macs `${SSH} -Q cipher | grep gcm@openssh.com`"
+macs="$macs `${SSH} -Q cipher-auth`"
# avoid DH group exchange as the extra traffic makes it harder to get the
# offset into the stream right.
fi
# modify output from sshd at offset $off
pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
- case $m in
- aes*gcm*) macopt="-c $m";;
- *) macopt="-m $m";;
- esac
+ if ssh -Q cipher-auth | grep "^${m}\$" >/dev/null 2>&1 ; then
+ macopt="-c $m"
+ else
+ macopt="-m $m -c aes128-ctr"
+ fi
verbose "test $tid: $m @$off"
${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
+ -oServerAliveInterval=1 -oServerAliveCountMax=30 \
999.999.999.999 'printf "%4096s" " "' >/dev/null
if [ $? -eq 0 ]; then
fail "ssh -m $m succeeds with bit-flip at $off"
-# $OpenBSD: rekey.sh,v 1.13 2013/11/09 05:41:34 dtucker Exp $
+# $OpenBSD: rekey.sh,v 1.14 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="rekey"
ssh_data_rekeying -oRekeyLimit=256k -o$opt
done
-# GCM is magical so test with all KexAlgorithms
-if ${SSH} -Q cipher | grep gcm@openssh.com >/dev/null ; then
- for c in `${SSH} -Q cipher | grep gcm@openssh.com`; do
+# AEAD ciphers are magical so test with all KexAlgorithms
+if ${SSH} -Q cipher-auth | grep '^.*$' >/dev/null 2>&1 ; then
+ for c in `${SSH} -Q cipher-auth`; do
for kex in `${SSH} -Q kex`; do
verbose "client rekey $c $kex"
ssh_data_rekeying -oRekeyLimit=256k -oCiphers=$c -oKexAlgorithms=$kex
awk '/rekeylimit/{print $3}'`
if [ "$bytes" != "$b" ]; then
- fatal "rekeylimit size: expected $bytes got $b"
+ fatal "rekeylimit size: expected $bytes bytes got $b"
fi
if [ "$seconds" != "$s" ]; then
- fatal "rekeylimit time: expected $time got $s"
+ fatal "rekeylimit time: expected $time seconds got $s"
fi
done
done
-# $OpenBSD: try-ciphers.sh,v 1.21 2013/11/07 02:48:38 dtucker Exp $
+# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $
# Placed in the Public Domain.
tid="try ciphers"
if [ $? -ne 0 ]; then
fail "ssh -2 failed with mac $m cipher $c"
fi
- # No point trying all MACs for GCM since they are ignored.
- case $c in
- aes*-gcm@openssh.com) test $n -gt 0 && break;;
- esac
+ # No point trying all MACs for AEAD ciphers since they
+ # are ignored.
+ if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
+ break
+ fi
n=`expr $n + 1`
done
done
projects / thirdparty / openssh-portable.git / commitdiff
