- dtucker@cvs.openbsd.org 2013/11/07 02:48:38

[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
     Use ssh -Q instead of hardcoding lists of ciphers or MACs.

ChangeLog

@@ -34,6 +34,9 @@
    - dtucker@cvs.openbsd.org 2013/11/07 01:12:51
      [regress/rekey.sh]
      Factor out the data transfer rekey tests
+   - dtucker@cvs.openbsd.org 2013/11/07 02:48:38
+     [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
+     Use ssh -Q instead of hardcoding lists of ciphers or MACs.
 
 20131104
  - (djm) OpenBSD CVS Sync

regress/cipher-speed.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: cipher-speed.sh,v 1.9 2013/05/17 04:29:14 dtucker Exp $
+#	$OpenBSD: cipher-speed.sh,v 1.10 2013/11/07 02:48:38 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="cipher speed"
@@ -11,18 +11,7 @@ getbytes ()
 
 tries="1 2"
 
-ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc 
+for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do
-	arcfour128 arcfour256 arcfour 
-	aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
-	aes128-ctr aes192-ctr aes256-ctr"
-config_defined OPENSSL_HAVE_EVPGCM && \
-	ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
-macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
-	hmac-sha1-96 hmac-md5-96"
-config_defined HAVE_EVP_SHA256 && \
-    macs="$macs hmac-sha2-256 hmac-sha2-512"
-
-for c in $ciphers; do n=0; for m in $macs; do
 	trace "proto 2 cipher $c mac $m"
 	for x in $tries; do
 		printf "%-60s" "$c/$m:"

regress/integrity.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $
+#	$OpenBSD: integrity.sh,v 1.11 2013/11/07 02:48:38 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="integrity"
@@ -8,18 +8,10 @@ tid="integrity"
 # XXX and ssh tries to read...
 tries=10
 startoffset=2900
-macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
+macs=`${SSH} -Q mac`
-	hmac-sha1-96 hmac-md5-96 
-	hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
-	umac-64-etm@openssh.com umac-128-etm@openssh.com
-	hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com"
-config_defined HAVE_EVP_SHA256 &&
-	macs="$macs hmac-sha2-256 hmac-sha2-512
-		hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
 # The following are not MACs, but ciphers with integrated integrity. They are
 # handled specially below.
-config_defined OPENSSL_HAVE_EVPGCM && \
+macs="$macs `${SSH} -Q cipher | grep gcm@openssh.com`"
-	macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"
 
 # avoid DH group exchange as the extra traffic makes it harder to get the
 # offset into the stream right.

regress/try-ciphers.sh

@@ -1,27 +1,11 @@
-#	$OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $
+#	$OpenBSD: try-ciphers.sh,v 1.21 2013/11/07 02:48:38 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="try ciphers"
 
-ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc 
+for c in `${SSH} -Q cipher`; do
-	arcfour128 arcfour256 arcfour 
-	aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
-	aes128-ctr aes192-ctr aes256-ctr"
-config_defined OPENSSL_HAVE_EVPGCM && \
-	ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
-macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
-	hmac-sha1-96 hmac-md5-96
-	hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
-	umac-64-etm@openssh.com umac-128-etm@openssh.com
-	hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com
-	hmac-ripemd160-etm@openssh.com"
-config_defined HAVE_EVP_SHA256 &&
-    macs="$macs hmac-sha2-256 hmac-sha2-512
-	hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
-
-for c in $ciphers; do
 	n=0
-	for m in $macs; do
+	for m in `${SSH} -Q mac`; do
 		trace "proto 2 cipher $c mac $m"
 		verbose "test $tid: proto 2 cipher $c mac $m"
 		${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true