diff options
Diffstat (limited to '')
| -rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index fa7e25f9ee..5bdc9089fe 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $ |
| 2 | 2 | ||
| 3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
| 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers | 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers |
| @@ -7,11 +7,8 @@ | |||
| 7 | # have used correct cipher by grepping in their session print out. | 7 | # have used correct cipher by grepping in their session print out. |
| 8 | 8 | ||
| 9 | LIBRARIES = libressl | 9 | LIBRARIES = libressl |
| 10 | .if exists(/usr/local/bin/eopenssl33) | 10 | .if exists(/usr/local/bin/eopenssl35) |
| 11 | LIBRARIES += openssl33 | 11 | LIBRARIES += openssl35 |
| 12 | .endif | ||
| 13 | .if exists(/usr/local/bin/eopenssl34) | ||
| 14 | LIBRARIES += openssl34 | ||
| 15 | .endif | 12 | .endif |
| 16 | 13 | ||
| 17 | CLEANFILES = *.tmp *.ciphers ciphers.mk | 14 | CLEANFILES = *.tmp *.ciphers ciphers.mk |
| @@ -41,8 +38,7 @@ client-${clib}-server-${slib}.ciphers: \ | |||
| 41 | uniq -d <$@.tmp >$@ | 38 | uniq -d <$@.tmp >$@ |
| 42 | # we are only interested in ciphers supported by libressl | 39 | # we are only interested in ciphers supported by libressl |
| 43 | sort $@ client-libressl.ciphers >$@.tmp | 40 | sort $@ client-libressl.ciphers >$@.tmp |
| 44 | . if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ | 41 | . if "${clib}" == "openssl35" || "${slib}" == "openssl35" |
| 45 | "${clib}" == "openssl34" || "${slib}" == "openssl34" | ||
| 46 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | 42 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers |
| 47 | sed -i '/^TLS_/d' $@.tmp | 43 | sed -i '/^TLS_/d' $@.tmp |
| 48 | . endif | 44 | . endif |
| @@ -70,8 +66,7 @@ regress: ciphers.mk | |||
| 70 | .endif | 66 | .endif |
| 71 | 67 | ||
| 72 | LEVEL_libressl = | 68 | LEVEL_libressl = |
| 73 | LEVEL_openssl33 = ,@SECLEVEL=0 | 69 | LEVEL_openssl35 = ,@SECLEVEL=0 |
| 74 | LEVEL_openssl34 = ,@SECLEVEL=0 | ||
| 75 | 70 | ||
| 76 | .for clib in ${LIBRARIES} | 71 | .for clib in ${LIBRARIES} |
| 77 | .for slib in ${LIBRARIES} | 72 | .for slib in ${LIBRARIES} |
| @@ -132,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ | |||
| 132 | . endif | 127 | . endif |
| 133 | . if "${clib}" == "libressl" | 128 | . if "${clib}" == "libressl" |
| 134 | # libressl client may prefer chacha-poly if aes-ni is not supported | 129 | # libressl client may prefer chacha-poly if aes-ni is not supported |
| 135 | . if "${slib}" == "openssl33" || "${slib}" == "openssl34" | 130 | . if "${slib}" == "openssl35" |
| 136 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 131 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |
| 137 | . else | 132 | . else |
| 138 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 133 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |