diff options
author | bluhm <> | 2020-09-11 22:48:00 +0000 |
---|---|---|
committer | bluhm <> | 2020-09-11 22:48:00 +0000 |
commit | a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281 (patch) | |
tree | b726def09aba6a2d072a9f1a5e4ee9d3ee4d2b3a /src/regress/lib/libssl/interop/cipher | |
parent | 77c3247aa0b565ea6bf2032c2d2d20413a0d5af4 (diff) | |
download | openbsd-a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281.tar.gz openbsd-a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281.tar.bz2 openbsd-a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281.zip |
Enable cert and cipher interop tests. cert just works. cipher has
been fixed to work with libressl TLS 1.3. Both libressl and openssl11
replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or
TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects
that now. Currently GOST does not work with libressl and TLS 1.3
and is disabled.
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher')
-rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 81 |
1 files changed, 31 insertions, 50 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index 3f43ce804e..49c267c705 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.3 2019/03/28 22:24:13 bluhm Exp $ | 1 | # $OpenBSD: Makefile,v 1.4 2020/09/11 22:48:00 bluhm Exp $ |
2 | 2 | ||
3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
4 | # openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers | 4 | # openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers |
@@ -6,54 +6,16 @@ | |||
6 | # certificate with compatible type. Check that client and server | 6 | # certificate with compatible type. Check that client and server |
7 | # have used correct cipher by grepping in their session print out. | 7 | # have used correct cipher by grepping in their session print out. |
8 | 8 | ||
9 | check-cipher-ADH-AES128-GCM-SHA256-client-openssl11-server-openssl11 \ | 9 | run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \ |
10 | check-cipher-ADH-AES128-SHA-client-openssl11-server-openssl11 \ | 10 | run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \ |
11 | check-cipher-ADH-AES128-SHA256-client-openssl11-server-openssl11 \ | 11 | client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \ |
12 | check-cipher-ADH-AES256-GCM-SHA384-client-openssl11-server-openssl11 \ | 12 | client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \ |
13 | check-cipher-ADH-AES256-SHA-client-openssl11-server-openssl11 \ | 13 | server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \ |
14 | check-cipher-ADH-AES256-SHA256-client-openssl11-server-openssl11 \ | 14 | server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \ |
15 | check-cipher-ADH-CAMELLIA128-SHA-client-openssl11-server-openssl11 \ | 15 | check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \ |
16 | check-cipher-ADH-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \ | 16 | check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl: |
17 | check-cipher-ADH-CAMELLIA256-SHA-client-openssl11-server-openssl11 \ | 17 | @echo '\n======== $@ ========' |
18 | check-cipher-ADH-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \ | 18 | # gost does not work with libressl TLS 1.3 right now |
19 | check-cipher-AECDH-AES128-SHA-client-openssl11-server-openssl11 \ | ||
20 | check-cipher-AECDH-AES256-SHA-client-openssl11-server-openssl11 \ | ||
21 | check-cipher-AES128-GCM-SHA256-client-openssl11-server-openssl11 \ | ||
22 | check-cipher-AES128-SHA-client-openssl11-server-openssl11 \ | ||
23 | check-cipher-AES128-SHA256-client-openssl11-server-openssl11 \ | ||
24 | check-cipher-AES256-GCM-SHA384-client-openssl11-server-openssl11 \ | ||
25 | check-cipher-AES256-SHA-client-openssl11-server-openssl11 \ | ||
26 | check-cipher-AES256-SHA256-client-openssl11-server-openssl11 \ | ||
27 | check-cipher-CAMELLIA128-SHA-client-openssl11-server-openssl11 \ | ||
28 | check-cipher-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \ | ||
29 | check-cipher-CAMELLIA256-SHA-client-openssl11-server-openssl11 \ | ||
30 | check-cipher-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \ | ||
31 | check-cipher-DHE-RSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \ | ||
32 | check-cipher-DHE-RSA-AES128-SHA-client-openssl11-server-openssl11 \ | ||
33 | check-cipher-DHE-RSA-AES128-SHA256-client-openssl11-server-openssl11 \ | ||
34 | check-cipher-DHE-RSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \ | ||
35 | check-cipher-DHE-RSA-AES256-SHA-client-openssl11-server-openssl11 \ | ||
36 | check-cipher-DHE-RSA-AES256-SHA256-client-openssl11-server-openssl11 \ | ||
37 | check-cipher-DHE-RSA-CAMELLIA128-SHA-client-openssl11-server-openssl11 \ | ||
38 | check-cipher-DHE-RSA-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \ | ||
39 | check-cipher-DHE-RSA-CAMELLIA256-SHA-client-openssl11-server-openssl11 \ | ||
40 | check-cipher-DHE-RSA-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \ | ||
41 | check-cipher-DHE-RSA-CHACHA20-POLY1305-client-openssl11-server-openssl11 \ | ||
42 | check-cipher-ECDHE-ECDSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \ | ||
43 | check-cipher-ECDHE-ECDSA-AES128-SHA-client-openssl11-server-openssl11 \ | ||
44 | check-cipher-ECDHE-ECDSA-AES128-SHA256-client-openssl11-server-openssl11 \ | ||
45 | check-cipher-ECDHE-ECDSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \ | ||
46 | check-cipher-ECDHE-ECDSA-AES256-SHA-client-openssl11-server-openssl11 \ | ||
47 | check-cipher-ECDHE-ECDSA-AES256-SHA384-client-openssl11-server-openssl11 \ | ||
48 | check-cipher-ECDHE-ECDSA-CHACHA20-POLY1305-client-openssl11-server-openssl11 \ | ||
49 | check-cipher-ECDHE-RSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \ | ||
50 | check-cipher-ECDHE-RSA-AES128-SHA-client-openssl11-server-openssl11 \ | ||
51 | check-cipher-ECDHE-RSA-AES128-SHA256-client-openssl11-server-openssl11 \ | ||
52 | check-cipher-ECDHE-RSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \ | ||
53 | check-cipher-ECDHE-RSA-AES256-SHA-client-openssl11-server-openssl11 \ | ||
54 | check-cipher-ECDHE-RSA-AES256-SHA384-client-openssl11-server-openssl11 \ | ||
55 | check-cipher-ECDHE-RSA-CHACHA20-POLY1305-client-openssl11-server-openssl11: | ||
56 | # openssl11 always prints TLS_AES_256_GCM_SHA384 as cipher in out file | ||
57 | @echo DISABLED | 19 | @echo DISABLED |
58 | 20 | ||
59 | LIBRARIES = libressl | 21 | LIBRARIES = libressl |
@@ -165,8 +127,27 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ | |||
165 | client-cipher-${cipher}-client-${clib}-server-${slib}.out \ | 127 | client-cipher-${cipher}-client-${clib}-server-${slib}.out \ |
166 | server-cipher-${cipher}-client-${clib}-server-${slib}.out | 128 | server-cipher-${cipher}-client-${clib}-server-${slib}.out |
167 | @echo '\n======== $@ ========' | 129 | @echo '\n======== $@ ========' |
168 | grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out | 130 | .if "${clib}" != "openssl" && "${slib}" != "openssl" && \ |
131 | "${cipher:C/AEAD-(AES.*-GCM|CHACHA.*-POLY.*)-SHA.*/TLS1_3/}" != TLS1_3 | ||
132 | # client and server 1.3 capable, not TLS 1.3 cipher | ||
133 | .if "${clib}" == "openssl11" | ||
134 | # openssl 1.1 generic client cipher | ||
135 | grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out | ||
136 | .else | ||
137 | # libressl generic client cipher | ||
138 | grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/client/}.out | ||
139 | .endif | ||
140 | .if "${slib}" == "openssl11" | ||
141 | # openssl 1.1 generic server cipher | ||
142 | grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out | ||
143 | .else | ||
144 | # libressl generic server cipher | ||
145 | grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out | ||
146 | .endif | ||
147 | .else | ||
169 | grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out | 148 | grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out |
149 | grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out | ||
150 | .endif | ||
170 | 151 | ||
171 | .endfor | 152 | .endfor |
172 | .endfor | 153 | .endfor |