mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 03:12:10 +00:00
8a073cf579
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh] [regress/try-ciphers.sh] use new "ssh -Q cipher-auth" query to obtain lists of authenticated encryption ciphers instead of specifying them manually; ensures that the new chacha20poly1305@openssh.com mode is tested; ok markus@ and naddy@ as part of the diff to add chacha20poly1305@openssh.com
34 lines
811 B
Bash
34 lines
811 B
Bash
# $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $
|
|
# Placed in the Public Domain.
|
|
|
|
tid="try ciphers"
|
|
|
|
for c in `${SSH} -Q cipher`; do
|
|
n=0
|
|
for m in `${SSH} -Q mac`; do
|
|
trace "proto 2 cipher $c mac $m"
|
|
verbose "test $tid: proto 2 cipher $c mac $m"
|
|
${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
|
|
if [ $? -ne 0 ]; then
|
|
fail "ssh -2 failed with mac $m cipher $c"
|
|
fi
|
|
# No point trying all MACs for AEAD ciphers since they
|
|
# are ignored.
|
|
if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then
|
|
break
|
|
fi
|
|
n=`expr $n + 1`
|
|
done
|
|
done
|
|
|
|
ciphers="3des blowfish"
|
|
for c in $ciphers; do
|
|
trace "proto 1 cipher $c"
|
|
verbose "test $tid: proto 1 cipher $c"
|
|
${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true
|
|
if [ $? -ne 0 ]; then
|
|
fail "ssh -1 failed with cipher $c"
|
|
fi
|
|
done
|
|
|