Commit Graph

37 Commits

Author SHA1 Message Date
djm@openbsd.org
f8c11461aa upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting
cleared; with dtucker@

OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
2020-01-21 19:08:37 +11:00
Darren Tucker
0967a233b8 Remove override disabling DH-GEX.
The DH-GEX override doesn't work when build without OpenSSL, and
we'll prefer curve25519 these days, removing the need for it.
2019-07-25 20:11:45 +10:00
djm@openbsd.org
dd369320d2 upstream commit
eliminate explicit specification of protocol in tests and
loops over protocol. We only support SSHv2 now.

Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
2017-05-01 11:59:42 +10:00
Darren Tucker
9504ea6b27 Merge integrity.sh rev 1.22.
Merge missing bits from Colin Watson's patch in bz#2658 which make integrity
tests more robust against timeouts.  ok djm@
2017-04-28 14:33:43 +10:00
Darren Tucker
06ec837a34 Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes 2017-04-28 14:30:03 +10:00
dtucker@openbsd.org
e5c7ec67cd upstream commit
Account for timeouts in the integrity tests as failures.

If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure.  Patch from cjwatson at debian.org via
bz#2658.

Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
2017-01-30 11:08:36 +11:00
dtucker@openbsd.org
504c3a9a1b upstream commit
Reverse args to sshd-log-wrapper.  Matches change in
portable, where it allows sshd do be optionally run under Valgrind.

Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
2016-11-29 17:19:21 +11:00
dtucker@openbsd.org
331b8e07ee upstream commit
Filter debug messages out of log before picking the last
 two lines. Should prevent problems if any more debug output is added late in
 the connection.

Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
2016-03-04 15:12:25 +11:00
dtucker@openbsd.org
ae2562c47d upstream commit
Look back 3 lines for possible error messages.  Changes
 to the code mean that "Bad packet length" errors are 3 lines back instead of
 the previous two, which meant we didn't skip some offsets that we intended
 to.

Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
2016-03-04 15:12:22 +11:00
markus@openbsd.org
9e1777a0d1 upstream commit
use ${SSH} for -Q instead of installed ssh
2015-04-01 10:02:56 +11:00
Damien Miller
bd58853102 valgrind support 2015-02-26 14:55:55 -08:00
markus@openbsd.org
31821d7217 upstream commit
adapt to new error message (SSH_ERR_MAC_INVALID)
2015-01-20 09:46:48 +11:00
Damien Miller
43d3ed2dd3 - djm@cvs.openbsd.org 2014/05/21 07:04:21
[regress/integrity.sh]
     when failing because of unexpected output, show the offending output
2014-07-02 17:01:08 +10:00
Damien Miller
edb1af5044 - djm@cvs.openbsd.org 2014/04/21 22:15:37
[dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
     repair regress tests broken by server-side default cipher/kex/mac changes
     by ensuring that the option under test is included in the server's
     algorithm list
2014-05-15 15:07:53 +10:00
Damien Miller
8a073cf579 - djm@cvs.openbsd.org 2013/11/21 03:18:51
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
     [regress/try-ciphers.sh]
     use new "ssh -Q cipher-auth" query to obtain lists of authenticated
     encryption ciphers instead of specifying them manually; ensures that
     the new chacha20poly1305@openssh.com mode is tested;

     ok markus@ and naddy@ as part of the diff to add
     chacha20poly1305@openssh.com
2013-11-21 14:26:18 +11:00
Darren Tucker
a955041c93 - dtucker@cvs.openbsd.org 2013/11/07 02:48:38
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
     Use ssh -Q instead of hardcoding lists of ciphers or MACs.
2013-11-07 15:21:19 +11:00
Darren Tucker
5f1a89a3b6 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
Move the jot helper function to portable-specific part of test-exec.sh.
2013-05-17 19:17:58 +10:00
Darren Tucker
34035be27b - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
[regress/integrity.sh]
     don't print output from ssh before getting it (it's available in ssh.log)
2013-05-17 14:47:51 +10:00
Darren Tucker
91af05c516 - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
methods.  When the openssl version doesn't support ECDH then next one on
   the list is DH group exchange, but that causes a bit more traffic which can
   mean that the tests flip bits in the initial exchange rather than the MACed
   traffic and we get different errors to what the tests look for.
2013-05-17 13:16:59 +10:00
Darren Tucker
dfea3bcdd7 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
[regress/Makefile regress/rekey.sh regress/integrity.sh
     regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
     use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
     save the output from any failing tests.  If a test fails the debug output
     from ssh and sshd for the failing tests (and only the failing tests) should
     be available in failed-ssh{,d}.log.
2013-05-17 09:31:39 +10:00
Darren Tucker
75129025a2 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
     regress/multiplex.sh Makefile regress/cfgmatch.sh]
     Split the regress log into 3 parts: the debug output from ssh, the debug
     log from sshd and the output from the client command (ssh, scp or sftp).
     Somewhat functional now, will become more useful when ssh/sshd -E is added.
2013-05-17 09:19:10 +10:00
Tim Rice
ada7e17ae5 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 2013-02-26 21:49:09 -08:00
Tim Rice
f9e2060ca9 - (tim) [regress/integrity.sh] shell portability fix. 2013-02-26 20:27:29 -08:00
Damien Miller
6c21bb8c4a - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
for UsePAM=yes configuration
2013-02-26 19:41:30 +11:00
Damien Miller
1e657d592d - djm@cvs.openbsd.org 2013/02/20 08:27:50
[integrity.sh]
     Add an option to modpipe that warns if the modification offset it not
     reached in it's stream and turn it on for t-integrity. This should catch
     cases where the session is not fuzzed for being too short (cf. my last
     "oops" commit)
2013-02-26 18:58:06 +11:00
Damien Miller
dae85cc3ad - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
lack support for SHA2.
2013-02-19 14:27:44 +11:00
Damien Miller
b3764e1202 - djm@cvs.openbsd.org 2013/02/19 02:14:09
[integrity.sh]
     oops, forgot to increase the output of the ssh command to ensure that
     we actually reach $offset
2013-02-19 13:15:01 +11:00
Damien Miller
0dc3bc908e - djm@cvs.openbsd.org 2013/02/18 22:26:47
[integrity.sh]
     crank the offset yet again; it was still fuzzing KEX one of Darren's
     portable test hosts at 2800
2013-02-19 09:28:32 +11:00
Damien Miller
33d52566bc - djm@cvs.openbsd.org 2013/02/17 23:16:55
[integrity.sh]
     make the ssh command generates some output to ensure that there are at
     least offset+tries bytes in the stream.
2013-02-18 10:18:05 +11:00
Damien Miller
5d7b9565bc - djm@cvs.openbsd.org 2013/02/16 06:08:45
[integrity.sh]
     make sure the fuzz offset is actually past the end of KEX for all KEX
     types. diffie-hellman-group-exchange-sha256 requires an offset around
     2700. Noticed via test failures in portable OpenSSH on platforms that
     lack ECC and this the more byte-frugal ECDH KEX algorithms.
2013-02-16 17:32:31 +11:00
Damien Miller
57f9218528 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
  Iain Morgan
2013-02-14 10:32:33 +11:00
Damien Miller
b26699bbad - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
check for GCM support before testing GCM ciphers.
2013-01-17 14:31:57 +11:00
Damien Miller
efa1c95092 - (djm) [regress/integrity.sh] repair botched merge 2013-01-12 23:10:47 +11:00
Damien Miller
846dc7f21c - djm@cvs.openbsd.org 2013/01/12 11:23:53
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
     test AES-GCM modes; feedback markus@
2013-01-12 22:46:26 +11:00
Damien Miller
37461d7391 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 2012-12-12 12:37:32 +11:00
Damien Miller
9fec296b0a - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
work on platforms without 'jot'
2012-12-12 12:10:10 +11:00
Damien Miller
1fb593a3f1 - markus@cvs.openbsd.org 2012/12/11 22:42:11
[regress/Makefile regress/modpipe.c regress/integrity.sh]
     test the integrity of the packets; with djm@
2012-12-12 10:54:37 +11:00