summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop/cipher/Makefile
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher/Makefile')
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index bfe8cfea7a..46951f6782 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,7 +1,7 @@
1# $OpenBSD: Makefile,v 1.9 2022/02/05 18:34:06 tb Exp $ 1# $OpenBSD: Makefile,v 1.10 2023/01/27 08:28:36 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers 4# openssl 1.0.2, 1.1, or 3.0. Create lists of supported ciphers
5# and pin client and server to one of the ciphers. Use server 5# and pin client and server to one of the ciphers. Use server
6# certificate with compatible type. Check that client and server 6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
@@ -24,6 +24,9 @@ LIBRARIES += openssl
24.if exists(/usr/local/bin/eopenssl11) 24.if exists(/usr/local/bin/eopenssl11)
25LIBRARIES += openssl11 25LIBRARIES += openssl11
26.endif 26.endif
27.if exists(/usr/local/bin/eopenssl30)
28LIBRARIES += openssl30
29.endif
27 30
28CLEANFILES = *.tmp *.ciphers ciphers.mk 31CLEANFILES = *.tmp *.ciphers ciphers.mk
29 32
@@ -52,8 +55,9 @@ client-${clib}-server-${slib}.ciphers: \
52 uniq -d <$@.tmp >$@ 55 uniq -d <$@.tmp >$@
53 # we are only interested in ciphers supported by libressl 56 # we are only interested in ciphers supported by libressl
54 sort $@ client-libressl.ciphers >$@.tmp 57 sort $@ client-libressl.ciphers >$@.tmp
55. if "${clib}" == "openssl11" || "${slib}" == "openssl11" 58. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
56 # OpenSSL 1.1's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 59 "${clib}" == "openssl30" || "${slib}" == "openssl30"
60 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
57 sed -i '/^TLS_/d' $@.tmp 61 sed -i '/^TLS_/d' $@.tmp
58. endif 62. endif
59 uniq -d <$@.tmp >$@ 63 uniq -d <$@.tmp >$@
@@ -82,6 +86,7 @@ regress: ciphers.mk
82LEVEL_libressl = 86LEVEL_libressl =
83LEVEL_openssl = 87LEVEL_openssl =
84LEVEL_openssl11 = ,@SECLEVEL=0 88LEVEL_openssl11 = ,@SECLEVEL=0
89LEVEL_openssl30 = ,@SECLEVEL=0
85 90
86.for clib in ${LIBRARIES} 91.for clib in ${LIBRARIES}
87.for slib in ${LIBRARIES} 92.for slib in ${LIBRARIES}
@@ -148,7 +153,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
148. endif 153. endif
149. if "${clib}" == "libressl" 154. if "${clib}" == "libressl"
150 # libressl client may prefer chacha-poly if aes-ni is not supported 155 # libressl client may prefer chacha-poly if aes-ni is not supported
151. if "${slib}" == "openssl11" 156. if "${slib}" == "openssl11" || "${slib}" == "openssl30"
152 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 157 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
153. else 158. else
154 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 159 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out