diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:20:05 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:20:05 +0000 |
commit | b34f5f1f4d30a04d685ea430bd75d86567a3fb37 (patch) | |
tree | e050d4f8fb0ed92cfd35ce8c87c53c17acd9d018 /regress/putty-ciphers.sh | |
parent | Adding debian version 1:9.6p1-5. (diff) | |
download | openssh-b34f5f1f4d30a04d685ea430bd75d86567a3fb37.tar.xz openssh-b34f5f1f4d30a04d685ea430bd75d86567a3fb37.zip |
Merging upstream version 1:9.7p1.debian/1%9.7p1-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'regress/putty-ciphers.sh')
-rw-r--r-- | regress/putty-ciphers.sh | 51 |
1 files changed, 37 insertions, 14 deletions
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 5b8e25a..30f6461 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh @@ -1,24 +1,47 @@ -# $OpenBSD: putty-ciphers.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $ # Placed in the Public Domain. tid="putty ciphers" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi +puttysetup -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak -for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do - verbose "$tid: cipher $c" +# Since there doesn't seem to be a way to set MACs on the PuTTY client side, +# we force each in turn on the server side, omitting the ones PuTTY doesn't +# support. Grepping the binary is pretty janky, but AFAIK there's no way to +# query for supported algos. +macs="" +for m in `${SSH} -Q MACs`; do + if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then + macs="${macs} ${m}" + else + trace "omitting unsupported MAC ${m}" + fi +done + +ciphers="" +for c in `${SSH} -Q Ciphers`; do + if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then + ciphers="${ciphers} ${c}" + else + trace "omitting unsupported cipher ${c}" + fi +done + +for c in default $ciphers; do + for m in default ${macs}; do + verbose "$tid: cipher $c mac $m" cp ${OBJ}/.putty/sessions/localhost_proxy \ ${OBJ}/.putty/sessions/cipher_$c - echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + if [ "${c}" != "default" ]; then + echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + fi + + cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy + if [ "${m}" != "default" ]; then + echo "MACs $m" >> ${OBJ}/sshd_proxy + fi rm -f ${COPY} env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \ @@ -27,6 +50,6 @@ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do fail "ssh cat $DATA failed" fi cmp ${DATA} ${COPY} || fail "corrupted copy" + done done rm -f ${COPY} - |