diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2020-09-12 15:48:31 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2020-09-12 15:48:31 +0000 |
| commit | 53931b9a6a5b6ccd1d251ae2a72bb19097e86f5c (patch) | |
| tree | 2fe60a0040d4eea861d68c463f4e017d21e796c1 /regress/lib/libssl | |
| parent | 343b64f167342c9cc1d5e01b494fc9aa28f1eb0f (diff) | |
If CPU does not support AES-NI, LibreSSL TLS 1.3 client prefers
chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers.
Diffstat (limited to 'regress/lib/libssl')
| -rw-r--r-- | regress/lib/libssl/interop/cipher/Makefile | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/regress/lib/libssl/interop/cipher/Makefile b/regress/lib/libssl/interop/cipher/Makefile index 49c267c7057..4ad2dbe39b7 100644 --- a/regress/lib/libssl/interop/cipher/Makefile +++ b/regress/lib/libssl/interop/cipher/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2020/09/11 22:48:00 bluhm Exp $ +# $OpenBSD: Makefile,v 1.5 2020/09/12 15:48:30 bluhm Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers @@ -130,20 +130,29 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ .if "${clib}" != "openssl" && "${slib}" != "openssl" && \ "${cipher:C/AEAD-(AES.*-GCM|CHACHA.*-POLY.*)-SHA.*/TLS1_3/}" != TLS1_3 # client and server 1.3 capable, not TLS 1.3 cipher -.if "${clib}" == "openssl11" +. if "${clib}" == "libressl" + # libressl client may prefer chacha-poly if aes-ni is not supported + egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/client/}.out +. else # openssl 1.1 generic client cipher grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out -.else - # libressl generic client cipher - grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/client/}.out -.endif -.if "${slib}" == "openssl11" +. endif +. if "${clib}" == "libressl" + # libressl client may prefer chacha-poly if aes-ni is not supported +. if "${slib}" == "openssl11" + egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out +. else + egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/server/}.out +. endif +. else +. if "${slib}" == "openssl11" # openssl 1.1 generic server cipher grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out -.else +. else # libressl generic server cipher grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out -.endif +. endif +. endif .else grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out |