summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop/cipher
diff options
context:
space:
mode:
authortb <>2025-01-15 10:54:17 +0000
committertb <>2025-01-15 10:54:17 +0000
commit5f0eba55ef76d10d214ee6e9720f71139555905b (patch)
treeb4d18eb73941fd86bc3bffedf7d6913942390942 /src/regress/lib/libssl/interop/cipher
parent85b648c5f8603ca38a5239a92436c6d644c7b87b (diff)
downloadopenbsd-5f0eba55ef76d10d214ee6e9720f71139555905b.tar.gz
openbsd-5f0eba55ef76d10d214ee6e9720f71139555905b.tar.bz2
openbsd-5f0eba55ef76d10d214ee6e9720f71139555905b.zip
Interop tests for openssl 3.3 and 3.4, retire 3.2, 1.1 (and 3.1 remnants)
OpenSSL 1.1 and 3.2 will be removed from the ports tree, so test the two remaining versions. Unfortunately, this requires a lot more manual massaging than there should be.
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher')
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile25
1 files changed, 10 insertions, 15 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index bf4a1e28dc..fa7e25f9ee 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.16 2024/08/18 10:02:10 tb Exp $ 1# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers 4# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -7,14 +7,11 @@
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
8 8
9LIBRARIES = libressl 9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl11) 10.if exists(/usr/local/bin/eopenssl33)
11LIBRARIES += openssl11 11LIBRARIES += openssl33
12.endif 12.endif
13.if exists(/usr/local/bin/eopenssl31) 13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl31 14LIBRARIES += openssl34
15.endif
16.if exists(/usr/local/bin/eopenssl32)
17LIBRARIES += openssl32
18.endif 15.endif
19 16
20CLEANFILES = *.tmp *.ciphers ciphers.mk 17CLEANFILES = *.tmp *.ciphers ciphers.mk
@@ -44,9 +41,8 @@ client-${clib}-server-${slib}.ciphers: \
44 uniq -d <$@.tmp >$@ 41 uniq -d <$@.tmp >$@
45 # we are only interested in ciphers supported by libressl 42 # we are only interested in ciphers supported by libressl
46 sort $@ client-libressl.ciphers >$@.tmp 43 sort $@ client-libressl.ciphers >$@.tmp
47. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ 44. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
48 "${clib}" == "openssl31" || "${slib}" == "openssl31" || \ 45 "${clib}" == "openssl34" || "${slib}" == "openssl34"
49 "${clib}" == "openssl32" || "${slib}" == "openssl32"
50 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 46 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
51 sed -i '/^TLS_/d' $@.tmp 47 sed -i '/^TLS_/d' $@.tmp
52. endif 48. endif
@@ -74,9 +70,8 @@ regress: ciphers.mk
74.endif 70.endif
75 71
76LEVEL_libressl = 72LEVEL_libressl =
77LEVEL_openssl11 = ,@SECLEVEL=0 73LEVEL_openssl33 = ,@SECLEVEL=0
78LEVEL_openssl31 = ,@SECLEVEL=0 74LEVEL_openssl34 = ,@SECLEVEL=0
79LEVEL_openssl32 = ,@SECLEVEL=0
80 75
81.for clib in ${LIBRARIES} 76.for clib in ${LIBRARIES}
82.for slib in ${LIBRARIES} 77.for slib in ${LIBRARIES}
@@ -137,7 +132,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
137. endif 132. endif
138. if "${clib}" == "libressl" 133. if "${clib}" == "libressl"
139 # libressl client may prefer chacha-poly if aes-ni is not supported 134 # libressl client may prefer chacha-poly if aes-ni is not supported
140. if "${slib}" == "openssl11" || "${slib}" == "openssl31" || "${slib}" == "openssl32" 135. if "${slib}" == "openssl33" || "${slib}" == "openssl34"
141 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 136 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
142. else 137. else
143 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 138 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out