diff options
author | tb <> | 2025-01-15 10:54:17 +0000 |
---|---|---|
committer | tb <> | 2025-01-15 10:54:17 +0000 |
commit | 5f0eba55ef76d10d214ee6e9720f71139555905b (patch) | |
tree | b4d18eb73941fd86bc3bffedf7d6913942390942 /src/regress/lib/libssl/interop/cipher | |
parent | 85b648c5f8603ca38a5239a92436c6d644c7b87b (diff) | |
download | openbsd-5f0eba55ef76d10d214ee6e9720f71139555905b.tar.gz openbsd-5f0eba55ef76d10d214ee6e9720f71139555905b.tar.bz2 openbsd-5f0eba55ef76d10d214ee6e9720f71139555905b.zip |
Interop tests for openssl 3.3 and 3.4, retire 3.2, 1.1 (and 3.1 remnants)
OpenSSL 1.1 and 3.2 will be removed from the ports tree, so test the two
remaining versions. Unfortunately, this requires a lot more manual
massaging than there should be.
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher')
-rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index bf4a1e28dc..fa7e25f9ee 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.16 2024/08/18 10:02:10 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ |
2 | 2 | ||
3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
4 | # openssl 1.1 or 3.0. Create lists of supported ciphers | 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers |
@@ -7,14 +7,11 @@ | |||
7 | # have used correct cipher by grepping in their session print out. | 7 | # have used correct cipher by grepping in their session print out. |
8 | 8 | ||
9 | LIBRARIES = libressl | 9 | LIBRARIES = libressl |
10 | .if exists(/usr/local/bin/eopenssl11) | 10 | .if exists(/usr/local/bin/eopenssl33) |
11 | LIBRARIES += openssl11 | 11 | LIBRARIES += openssl33 |
12 | .endif | 12 | .endif |
13 | .if exists(/usr/local/bin/eopenssl31) | 13 | .if exists(/usr/local/bin/eopenssl34) |
14 | LIBRARIES += openssl31 | 14 | LIBRARIES += openssl34 |
15 | .endif | ||
16 | .if exists(/usr/local/bin/eopenssl32) | ||
17 | LIBRARIES += openssl32 | ||
18 | .endif | 15 | .endif |
19 | 16 | ||
20 | CLEANFILES = *.tmp *.ciphers ciphers.mk | 17 | CLEANFILES = *.tmp *.ciphers ciphers.mk |
@@ -44,9 +41,8 @@ client-${clib}-server-${slib}.ciphers: \ | |||
44 | uniq -d <$@.tmp >$@ | 41 | uniq -d <$@.tmp >$@ |
45 | # we are only interested in ciphers supported by libressl | 42 | # we are only interested in ciphers supported by libressl |
46 | sort $@ client-libressl.ciphers >$@.tmp | 43 | sort $@ client-libressl.ciphers >$@.tmp |
47 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ | 44 | . if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ |
48 | "${clib}" == "openssl31" || "${slib}" == "openssl31" || \ | 45 | "${clib}" == "openssl34" || "${slib}" == "openssl34" |
49 | "${clib}" == "openssl32" || "${slib}" == "openssl32" | ||
50 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | 46 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers |
51 | sed -i '/^TLS_/d' $@.tmp | 47 | sed -i '/^TLS_/d' $@.tmp |
52 | . endif | 48 | . endif |
@@ -74,9 +70,8 @@ regress: ciphers.mk | |||
74 | .endif | 70 | .endif |
75 | 71 | ||
76 | LEVEL_libressl = | 72 | LEVEL_libressl = |
77 | LEVEL_openssl11 = ,@SECLEVEL=0 | 73 | LEVEL_openssl33 = ,@SECLEVEL=0 |
78 | LEVEL_openssl31 = ,@SECLEVEL=0 | 74 | LEVEL_openssl34 = ,@SECLEVEL=0 |
79 | LEVEL_openssl32 = ,@SECLEVEL=0 | ||
80 | 75 | ||
81 | .for clib in ${LIBRARIES} | 76 | .for clib in ${LIBRARIES} |
82 | .for slib in ${LIBRARIES} | 77 | .for slib in ${LIBRARIES} |
@@ -137,7 +132,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ | |||
137 | . endif | 132 | . endif |
138 | . if "${clib}" == "libressl" | 133 | . if "${clib}" == "libressl" |
139 | # libressl client may prefer chacha-poly if aes-ni is not supported | 134 | # libressl client may prefer chacha-poly if aes-ni is not supported |
140 | . if "${slib}" == "openssl11" || "${slib}" == "openssl31" || "${slib}" == "openssl32" | 135 | . if "${slib}" == "openssl33" || "${slib}" == "openssl34" |
141 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 136 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |
142 | . else | 137 | . else |
143 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 138 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |