summaryrefslogtreecommitdiffstats
path: root/regress/putty-ciphers.sh
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:20:05 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:20:05 +0000
commitb34f5f1f4d30a04d685ea430bd75d86567a3fb37 (patch)
treee050d4f8fb0ed92cfd35ce8c87c53c17acd9d018 /regress/putty-ciphers.sh
parentAdding debian version 1:9.6p1-5. (diff)
downloadopenssh-b34f5f1f4d30a04d685ea430bd75d86567a3fb37.tar.xz
openssh-b34f5f1f4d30a04d685ea430bd75d86567a3fb37.zip
Merging upstream version 1:9.7p1.debian/1%9.7p1-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'regress/putty-ciphers.sh')
-rw-r--r--regress/putty-ciphers.sh51
1 files changed, 37 insertions, 14 deletions
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
index 5b8e25a..30f6461 100644
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@@ -1,24 +1,47 @@
-# $OpenBSD: putty-ciphers.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $
+# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $
# Placed in the Public Domain.
tid="putty ciphers"
-if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
- skip "putty interop tests not enabled"
-fi
+puttysetup
-# Re-enable ssh-rsa on older PuTTY versions.
-oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
-if [ "x$oldver" = "xyes" ]; then
- echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
- echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
-fi
+cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak
-for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
- verbose "$tid: cipher $c"
+# Since there doesn't seem to be a way to set MACs on the PuTTY client side,
+# we force each in turn on the server side, omitting the ones PuTTY doesn't
+# support. Grepping the binary is pretty janky, but AFAIK there's no way to
+# query for supported algos.
+macs=""
+for m in `${SSH} -Q MACs`; do
+ if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then
+ macs="${macs} ${m}"
+ else
+ trace "omitting unsupported MAC ${m}"
+ fi
+done
+
+ciphers=""
+for c in `${SSH} -Q Ciphers`; do
+ if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then
+ ciphers="${ciphers} ${c}"
+ else
+ trace "omitting unsupported cipher ${c}"
+ fi
+done
+
+for c in default $ciphers; do
+ for m in default ${macs}; do
+ verbose "$tid: cipher $c mac $m"
cp ${OBJ}/.putty/sessions/localhost_proxy \
${OBJ}/.putty/sessions/cipher_$c
- echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+ if [ "${c}" != "default" ]; then
+ echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+ fi
+
+ cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy
+ if [ "${m}" != "default" ]; then
+ echo "MACs $m" >> ${OBJ}/sshd_proxy
+ fi
rm -f ${COPY}
env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \
@@ -27,6 +50,6 @@ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
fail "ssh cat $DATA failed"
fi
cmp ${DATA} ${COPY} || fail "corrupted copy"
+ done
done
rm -f ${COPY}
-