Fwd: Re: Inconsisten declaration of ssh_aes_ctr_iv()
Damien Miller
djm at mindrot.org
Thu Feb 14 09:29:47 EST 2013
On Wed, 13 Feb 2013, Iain Morgan wrote:
> With the 0214 snapshot, the same errors are reported, but the overall
> test succeeds. It then fails for krl.sh.
>
> test integrity: hmac-sha2-512-etm at openssh.com @2507 Corrupted MAC on input. Disconnecting: Packet corrupt.
> test integrity: hmac-sha2-512-etm at openssh.com @2508 Corrupted MAC on input. Disconnecting: Packet corrupt.
> test integrity: hmac-sha2-512-etm at openssh.com @2509 Corrupted MAC on input. Disconnecting: Packet corrupt.
> test integrity: 10 errors: mac 10 padding 0 length 0
> ok integrity
Those errors are expected - this test fuzzes the stream between ssh and
sshd to verify that integrity protection is working correctly.
> run test krl.sh ...
> unknown key type ecdsa
> FATAL: /u/wk/imorgan/src/openssh/integrity/openssh/ssh-keygen CA failed
Here's a patch for that:
Index: regress/krl.sh
===================================================================
RCS file: /var/cvs/openssh/regress/krl.sh,v
retrieving revision 1.2
diff -u -p -r1.2 krl.sh
--- regress/krl.sh 20 Jan 2013 11:58:52 -0000 1.2
+++ regress/krl.sh 13 Feb 2013 22:28:20 -0000
@@ -3,13 +3,19 @@
tid="key revocation lists"
+# If we don't support ecdsa keys then this tell will be much slower.
+ECDSA=ecdsa
+if test "x$TEST_SSH_ECC" != "xyes"; then
+ $ECDSA=rsa
+fi
+
# Do most testing with ssh-keygen; it uses the same verification code as sshd.
# Old keys will interfere with ssh-keygen.
rm -f $OBJ/revoked-* $OBJ/krl-*
# Generate a CA key
-$SSHKEYGEN -t ecdsa -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
+$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
fatal "$SSHKEYGEN CA failed"
# A specification that revokes some certificates by serial numbers
@@ -48,7 +54,7 @@ keygen() {
N=$1
f=$OBJ/revoked-`printf "%04d" $N`
# Vary the keytype. We use mostly ECDSA since this is fastest by far.
- keytype=ecdsa
+ keytype=$ECDSA
case $N in
2 | 10 | 510 | 1001) keytype=rsa;;
4 | 30 | 520 | 1002) keytype=dsa;;
More information about the openssh-unix-dev
mailing list