- djm@cvs.openbsd.org 2013/02/16 06:08:45

     [integrity.sh]
     make sure the fuzz offset is actually past the end of KEX for all KEX
     types. diffie-hellman-group-exchange-sha256 requires an offset around
     2700. Noticed via test failures in portable OpenSSH on platforms that
     lack ECC and this the more byte-frugal ECDH KEX algorithms.

2 files changed, 12 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 8dd37b2c..406a609a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+20130216
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2013/02/16 06:08:45
+     [integrity.sh]
+     make sure the fuzz offset is actually past the end of KEX for all KEX
+     types. diffie-hellman-group-exchange-sha256 requires an offset around
+     2700. Noticed via test failures in portable OpenSSH on platforms that
+     lack ECC and this the more byte-frugal ECDH KEX algorithms.
+
 20130215
  - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
    Iain Morgan
diff --git a/regress/integrity.sh b/regress/integrity.sh
index bcace97e..d779aa93 100644
--- a/regress/integrity.sh
+++ b/regress/integrity.sh
@@ -1,13 +1,13 @@
-#	$OpenBSD: integrity.sh,v 1.2 2013/01/12 11:23:53 djm Exp $
+#	$OpenBSD: integrity.sh,v 1.3 2013/02/16 06:08:45 djm Exp $
 #	Placed in the Public Domain.
 
 tid="integrity"
 
-# start at byte 2500 (i.e. after kex) and corrupt at different offsets
+# start at byte 2800 (i.e. after kex) and corrupt at different offsets
 # XXX the test hangs if we modify the low bytes of the packet length
 # XXX and ssh tries to read...
 tries=10
-startoffset=2500
+startoffset=2800
 macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
 	hmac-sha1-96 hmac-md5-96 hmac-sha2-256 hmac-sha2-512
 	hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com