summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop/cipher
diff options
context:
space:
mode:
authorbluhm <>2020-09-11 22:48:00 +0000
committerbluhm <>2020-09-11 22:48:00 +0000
commita91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281 (patch)
treeb726def09aba6a2d072a9f1a5e4ee9d3ee4d2b3a /src/regress/lib/libssl/interop/cipher
parent77c3247aa0b565ea6bf2032c2d2d20413a0d5af4 (diff)
downloadopenbsd-a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281.tar.gz
openbsd-a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281.tar.bz2
openbsd-a91c5ce4ccb891f0e7fdb5cb21fb7a48ca0b1281.zip
Enable cert and cipher interop tests. cert just works. cipher has
been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled.
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher')
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile81
1 files changed, 31 insertions, 50 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 3f43ce804e..49c267c705 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.3 2019/03/28 22:24:13 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.4 2020/09/11 22:48:00 bluhm Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers 4# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers
@@ -6,54 +6,16 @@
6# certificate with compatible type. Check that client and server 6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
8 8
9check-cipher-ADH-AES128-GCM-SHA256-client-openssl11-server-openssl11 \ 9run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
10check-cipher-ADH-AES128-SHA-client-openssl11-server-openssl11 \ 10run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
11check-cipher-ADH-AES128-SHA256-client-openssl11-server-openssl11 \ 11client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
12check-cipher-ADH-AES256-GCM-SHA384-client-openssl11-server-openssl11 \ 12client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
13check-cipher-ADH-AES256-SHA-client-openssl11-server-openssl11 \ 13server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
14check-cipher-ADH-AES256-SHA256-client-openssl11-server-openssl11 \ 14server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
15check-cipher-ADH-CAMELLIA128-SHA-client-openssl11-server-openssl11 \ 15check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
16check-cipher-ADH-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \ 16check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
17check-cipher-ADH-CAMELLIA256-SHA-client-openssl11-server-openssl11 \ 17 @echo '\n======== $@ ========'
18check-cipher-ADH-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \ 18 # gost does not work with libressl TLS 1.3 right now
19check-cipher-AECDH-AES128-SHA-client-openssl11-server-openssl11 \
20check-cipher-AECDH-AES256-SHA-client-openssl11-server-openssl11 \
21check-cipher-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
22check-cipher-AES128-SHA-client-openssl11-server-openssl11 \
23check-cipher-AES128-SHA256-client-openssl11-server-openssl11 \
24check-cipher-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
25check-cipher-AES256-SHA-client-openssl11-server-openssl11 \
26check-cipher-AES256-SHA256-client-openssl11-server-openssl11 \
27check-cipher-CAMELLIA128-SHA-client-openssl11-server-openssl11 \
28check-cipher-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \
29check-cipher-CAMELLIA256-SHA-client-openssl11-server-openssl11 \
30check-cipher-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \
31check-cipher-DHE-RSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
32check-cipher-DHE-RSA-AES128-SHA-client-openssl11-server-openssl11 \
33check-cipher-DHE-RSA-AES128-SHA256-client-openssl11-server-openssl11 \
34check-cipher-DHE-RSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
35check-cipher-DHE-RSA-AES256-SHA-client-openssl11-server-openssl11 \
36check-cipher-DHE-RSA-AES256-SHA256-client-openssl11-server-openssl11 \
37check-cipher-DHE-RSA-CAMELLIA128-SHA-client-openssl11-server-openssl11 \
38check-cipher-DHE-RSA-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \
39check-cipher-DHE-RSA-CAMELLIA256-SHA-client-openssl11-server-openssl11 \
40check-cipher-DHE-RSA-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \
41check-cipher-DHE-RSA-CHACHA20-POLY1305-client-openssl11-server-openssl11 \
42check-cipher-ECDHE-ECDSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
43check-cipher-ECDHE-ECDSA-AES128-SHA-client-openssl11-server-openssl11 \
44check-cipher-ECDHE-ECDSA-AES128-SHA256-client-openssl11-server-openssl11 \
45check-cipher-ECDHE-ECDSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
46check-cipher-ECDHE-ECDSA-AES256-SHA-client-openssl11-server-openssl11 \
47check-cipher-ECDHE-ECDSA-AES256-SHA384-client-openssl11-server-openssl11 \
48check-cipher-ECDHE-ECDSA-CHACHA20-POLY1305-client-openssl11-server-openssl11 \
49check-cipher-ECDHE-RSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
50check-cipher-ECDHE-RSA-AES128-SHA-client-openssl11-server-openssl11 \
51check-cipher-ECDHE-RSA-AES128-SHA256-client-openssl11-server-openssl11 \
52check-cipher-ECDHE-RSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
53check-cipher-ECDHE-RSA-AES256-SHA-client-openssl11-server-openssl11 \
54check-cipher-ECDHE-RSA-AES256-SHA384-client-openssl11-server-openssl11 \
55check-cipher-ECDHE-RSA-CHACHA20-POLY1305-client-openssl11-server-openssl11:
56 # openssl11 always prints TLS_AES_256_GCM_SHA384 as cipher in out file
57 @echo DISABLED 19 @echo DISABLED
58 20
59LIBRARIES = libressl 21LIBRARIES = libressl
@@ -165,8 +127,27 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
165 client-cipher-${cipher}-client-${clib}-server-${slib}.out \ 127 client-cipher-${cipher}-client-${clib}-server-${slib}.out \
166 server-cipher-${cipher}-client-${clib}-server-${slib}.out 128 server-cipher-${cipher}-client-${clib}-server-${slib}.out
167 @echo '\n======== $@ ========' 129 @echo '\n======== $@ ========'
168 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out 130.if "${clib}" != "openssl" && "${slib}" != "openssl" && \
131 "${cipher:C/AEAD-(AES.*-GCM|CHACHA.*-POLY.*)-SHA.*/TLS1_3/}" != TLS1_3
132 # client and server 1.3 capable, not TLS 1.3 cipher
133.if "${clib}" == "openssl11"
134 # openssl 1.1 generic client cipher
135 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
136.else
137 # libressl generic client cipher
138 grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/client/}.out
139.endif
140.if "${slib}" == "openssl11"
141 # openssl 1.1 generic server cipher
142 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
143.else
144 # libressl generic server cipher
145 grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out
146.endif
147.else
169 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out 148 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
149 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
150.endif
170 151
171.endfor 152.endfor
172.endfor 153.endfor