summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop/cipher
diff options
context:
space:
mode:
authortb <>2023-10-30 17:15:21 +0000
committertb <>2023-10-30 17:15:21 +0000
commitbc08093d61a7c129c8e10c0201e9f3ab3167593f (patch)
treec5fce117c872d075f932d494bd786f9804e73c8c /src/regress/lib/libssl/interop/cipher
parente961968230ef9656870099b75ce61f5a340c5b06 (diff)
downloadopenbsd-bc08093d61a7c129c8e10c0201e9f3ab3167593f.tar.gz
openbsd-bc08093d61a7c129c8e10c0201e9f3ab3167593f.tar.bz2
openbsd-bc08093d61a7c129c8e10c0201e9f3ab3167593f.zip
Add support for OpenSSL 3.1 interop tests
Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run both tests. Installed packages of OpenSSL 3.0 will update automatically to 3.1, so regress runners should not need to do anything.
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher')
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 85d927a92d..627cfc8f9f 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $ 1# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers 4# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -24,6 +24,9 @@ LIBRARIES += openssl11
24.if exists(/usr/local/bin/eopenssl30) 24.if exists(/usr/local/bin/eopenssl30)
25LIBRARIES += openssl30 25LIBRARIES += openssl30
26.endif 26.endif
27.if exists(/usr/local/bin/eopenssl31)
28LIBRARIES += openssl31
29.endif
27 30
28CLEANFILES = *.tmp *.ciphers ciphers.mk 31CLEANFILES = *.tmp *.ciphers ciphers.mk
29 32
@@ -53,7 +56,8 @@ client-${clib}-server-${slib}.ciphers: \
53 # we are only interested in ciphers supported by libressl 56 # we are only interested in ciphers supported by libressl
54 sort $@ client-libressl.ciphers >$@.tmp 57 sort $@ client-libressl.ciphers >$@.tmp
55. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ 58. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
56 "${clib}" == "openssl30" || "${slib}" == "openssl30" 59 "${clib}" == "openssl30" || "${slib}" == "openssl30" || \
60 "${clib}" == "openssl31" || "${slib}" == "openssl31"
57 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 61 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
58 sed -i '/^TLS_/d' $@.tmp 62 sed -i '/^TLS_/d' $@.tmp
59. endif 63. endif
@@ -145,7 +149,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
145. endif 149. endif
146. if "${clib}" == "libressl" 150. if "${clib}" == "libressl"
147 # libressl client may prefer chacha-poly if aes-ni is not supported 151 # libressl client may prefer chacha-poly if aes-ni is not supported
148. if "${slib}" == "openssl11" || "${slib}" == "openssl30" 152. if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31"
149 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 153 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
150. else 154. else
151 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 155 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out