[openssh-commits] [openssh] 05/05: upstream: Exapnd PuTTY test coverage.
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Feb 19 18:49:35 AEDT 2024
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 84046f9991abef5f46b040b10cf3d494f933a17b
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Fri Feb 9 08:56:59 2024 +0000
upstream: Exapnd PuTTY test coverage.
Expand the set of ciphers, MACs and KEX methods in the PuTTY interop
tests.
OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57
---
regress/putty-ciphers.sh | 51 ++++++++++++++++++++++++++++++++++-------------
regress/putty-kex.sh | 40 ++++++++++++++++++++++---------------
regress/putty-transfer.sh | 13 ++----------
3 files changed, 63 insertions(+), 41 deletions(-)
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
index 5b8e25a2..30f6461c 100644
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@@ -1,24 +1,47 @@
-# $OpenBSD: putty-ciphers.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $
+# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $
# Placed in the Public Domain.
tid="putty ciphers"
-if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
- skip "putty interop tests not enabled"
-fi
+puttysetup
-# Re-enable ssh-rsa on older PuTTY versions.
-oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
-if [ "x$oldver" = "xyes" ]; then
- echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
- echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
-fi
+cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak
-for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
- verbose "$tid: cipher $c"
+# Since there doesn't seem to be a way to set MACs on the PuTTY client side,
+# we force each in turn on the server side, omitting the ones PuTTY doesn't
+# support. Grepping the binary is pretty janky, but AFAIK there's no way to
+# query for supported algos.
+macs=""
+for m in `${SSH} -Q MACs`; do
+ if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then
+ macs="${macs} ${m}"
+ else
+ trace "omitting unsupported MAC ${m}"
+ fi
+done
+
+ciphers=""
+for c in `${SSH} -Q Ciphers`; do
+ if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then
+ ciphers="${ciphers} ${c}"
+ else
+ trace "omitting unsupported cipher ${c}"
+ fi
+done
+
+for c in default $ciphers; do
+ for m in default ${macs}; do
+ verbose "$tid: cipher $c mac $m"
cp ${OBJ}/.putty/sessions/localhost_proxy \
${OBJ}/.putty/sessions/cipher_$c
- echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+ if [ "${c}" != "default" ]; then
+ echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+ fi
+
+ cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy
+ if [ "${m}" != "default" ]; then
+ echo "MACs $m" >> ${OBJ}/sshd_proxy
+ fi
rm -f ${COPY}
env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \
@@ -27,6 +50,6 @@ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
fail "ssh cat $DATA failed"
fi
cmp ${DATA} ${COPY} || fail "corrupted copy"
+ done
done
rm -f ${COPY}
-
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
index c75802a0..22f8bd70 100644
--- a/regress/putty-kex.sh
+++ b/regress/putty-kex.sh
@@ -1,28 +1,36 @@
-# $OpenBSD: putty-kex.sh,v 1.9 2021/09/01 03:16:06 dtucker Exp $
+# $OpenBSD: putty-kex.sh,v 1.11 2024/02/09 08:56:59 dtucker Exp $
# Placed in the Public Domain.
tid="putty KEX"
-if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
- skip "putty interop tests not enabled"
-fi
+puttysetup
-# Re-enable ssh-rsa on older PuTTY versions.
-oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
-if [ "x$oldver" = "xyes" ]; then
- echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
- echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
-fi
+cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak
-for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
+# Enable group1, which PuTTY now disables by default
+echo "KEX=dh-group1-sha1" >>${OBJ}/.putty/sessions/localhost_proxy
+
+# Grepping algos out of the binary is pretty janky, but AFAIK there's no way
+# to query supported algos.
+kex=""
+for k in `$SSH -Q kex`; do
+ if strings "${PLINK}" | grep -E "^${k}$" >/dev/null; then
+ kex="${kex} ${k}"
+ else
+ trace "omitting unsupported KEX ${k}"
+ fi
+done
+
+for k in ${kex}; do
verbose "$tid: kex $k"
- cp ${OBJ}/.putty/sessions/localhost_proxy \
- ${OBJ}/.putty/sessions/kex_$k
- echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+ cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy
+ echo "KexAlgorithms ${k}" >>${OBJ}/sshd_proxy
- env HOME=$PWD ${PLINK} -load kex_$k -batch -i ${OBJ}/putty.rsa2 true
+ env HOME=$PWD ${PLINK} -v -load localhost_proxy -batch -i ${OBJ}/putty.rsa2 true \
+ 2>${OBJ}/log/putty-kex-$k.log
if [ $? -ne 0 ]; then
fail "KEX $k failed"
fi
+ kexmsg=`grep -E '^Doing.* key exchange' ${OBJ}/log/putty-kex-$k.log`
+ trace putty: ${kexmsg}
done
-
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
index a6864f95..1920f49a 100644
--- a/regress/putty-transfer.sh
+++ b/regress/putty-transfer.sh
@@ -1,18 +1,9 @@
-# $OpenBSD: putty-transfer.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $
+# $OpenBSD: putty-transfer.sh,v 1.12 2024/02/09 08:47:42 dtucker Exp $
# Placed in the Public Domain.
tid="putty transfer data"
-if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
- skip "putty interop tests not enabled"
-fi
-
-# Re-enable ssh-rsa on older PuTTY versions.
-oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
-if [ "x$oldver" = "xyes" ]; then
- echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
- echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
-fi
+puttysetup
if [ "`${SSH} -Q compression`" = "none" ]; then
comp="0"
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list