diff options
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher/Makefile')
-rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index bfe8cfea7a..46951f6782 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile | |||
@@ -1,7 +1,7 @@ | |||
1 | # $OpenBSD: Makefile,v 1.9 2022/02/05 18:34:06 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.10 2023/01/27 08:28:36 tb Exp $ |
2 | 2 | ||
3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
4 | # openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers | 4 | # openssl 1.0.2, 1.1, or 3.0. Create lists of supported ciphers |
5 | # and pin client and server to one of the ciphers. Use server | 5 | # and pin client and server to one of the ciphers. Use server |
6 | # certificate with compatible type. Check that client and server | 6 | # certificate with compatible type. Check that client and server |
7 | # have used correct cipher by grepping in their session print out. | 7 | # have used correct cipher by grepping in their session print out. |
@@ -24,6 +24,9 @@ LIBRARIES += openssl | |||
24 | .if exists(/usr/local/bin/eopenssl11) | 24 | .if exists(/usr/local/bin/eopenssl11) |
25 | LIBRARIES += openssl11 | 25 | LIBRARIES += openssl11 |
26 | .endif | 26 | .endif |
27 | .if exists(/usr/local/bin/eopenssl30) | ||
28 | LIBRARIES += openssl30 | ||
29 | .endif | ||
27 | 30 | ||
28 | CLEANFILES = *.tmp *.ciphers ciphers.mk | 31 | CLEANFILES = *.tmp *.ciphers ciphers.mk |
29 | 32 | ||
@@ -52,8 +55,9 @@ client-${clib}-server-${slib}.ciphers: \ | |||
52 | uniq -d <$@.tmp >$@ | 55 | uniq -d <$@.tmp >$@ |
53 | # we are only interested in ciphers supported by libressl | 56 | # we are only interested in ciphers supported by libressl |
54 | sort $@ client-libressl.ciphers >$@.tmp | 57 | sort $@ client-libressl.ciphers >$@.tmp |
55 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" | 58 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ |
56 | # OpenSSL 1.1's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | 59 | "${clib}" == "openssl30" || "${slib}" == "openssl30" |
60 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | ||
57 | sed -i '/^TLS_/d' $@.tmp | 61 | sed -i '/^TLS_/d' $@.tmp |
58 | . endif | 62 | . endif |
59 | uniq -d <$@.tmp >$@ | 63 | uniq -d <$@.tmp >$@ |
@@ -82,6 +86,7 @@ regress: ciphers.mk | |||
82 | LEVEL_libressl = | 86 | LEVEL_libressl = |
83 | LEVEL_openssl = | 87 | LEVEL_openssl = |
84 | LEVEL_openssl11 = ,@SECLEVEL=0 | 88 | LEVEL_openssl11 = ,@SECLEVEL=0 |
89 | LEVEL_openssl30 = ,@SECLEVEL=0 | ||
85 | 90 | ||
86 | .for clib in ${LIBRARIES} | 91 | .for clib in ${LIBRARIES} |
87 | .for slib in ${LIBRARIES} | 92 | .for slib in ${LIBRARIES} |
@@ -148,7 +153,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ | |||
148 | . endif | 153 | . endif |
149 | . if "${clib}" == "libressl" | 154 | . if "${clib}" == "libressl" |
150 | # libressl client may prefer chacha-poly if aes-ni is not supported | 155 | # libressl client may prefer chacha-poly if aes-ni is not supported |
151 | . if "${slib}" == "openssl11" | 156 | . if "${slib}" == "openssl11" || "${slib}" == "openssl30" |
152 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 157 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |
153 | . else | 158 | . else |
154 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 159 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |