Add interop test with OpenSSL 1.1. TLS 1.3 should be used automatically

when it becomes available in LibreSSL. thanks to sthen@ for the new OpenSSL port
author: bluhm <> 2018-11-07 19:09:01 +0000
committer: bluhm <> 2018-11-07 19:09:01 +0000
commit: 13765826e4b6ab4b743501175301bb9fdc8108f4 (patch)
tree: d9d5952c6707b91f46ed428693145c87e2886021
parent: 49797ddc135fae1b661c1076d2f19e4b9979f0a9 (diff)
download: openbsd-13765826e4b6ab4b743501175301bb9fdc8108f4.tar.gz
openbsd-13765826e4b6ab4b743501175301bb9fdc8108f4.tar.bz2
openbsd-13765826e4b6ab4b743501175301bb9fdc8108f4.zip
5 files changed, 55 insertions, 10 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index 997cad2949..d89376aaf6 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,5 +1,5 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2018/11/07 19:09:01 bluhm Exp $
-SUBDIR =        libressl openssl
+SUBDIR =        libressl openssl openssl11
 .include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README
index d1ecc7e683..d8847e5ef5 100644
--- a/src/regress/lib/libssl/interop/README
+++ b/src/regress/lib/libssl/interop/README
@@ -1,9 +1,10 @@
 Test TLS interoperability between LibreSSL and OpenSSL.
-Implement simple SSL client and server in C.  Create four binaries
+Implement simple SSL client and server in C.  Create six binaries
-by linking them with LibreSSL or OpenSSL.  This way API compatibility
+by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1.  This
-is tested.  Connect and accept with netcat to test protocol
+way API compatibility is tested.  Connect and accept with netcat
-compatibility with libtls.
+to test protocol compatibility with libtls.
-Currently OpenSSL 1.0.2p from ports is used.  Plan is to move to
+Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used.  As
-OpenSSL 1.1 and and test TLS 1.3.
+soon as LibreSSL supports TLS 1.3, it should be used automatically
+when netcat is communicating with OpenSSL 1.1.
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
index 9d56182932..60fb718fdb 100644
--- a/src/regress/lib/libssl/interop/client.c
+++ b/src/regress/lib/libssl/interop/client.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: client.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $        */
+/*      $OpenBSD: client.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $        */
 /*
 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
 *
@@ -65,9 +65,15 @@ main(int argc, char *argv[])
        print_version();
        /* setup method and context */
+#if OPENSSL_VERSION_NUMBER >= 0x1010000f
+        method = TLS_client_method();
+        if (method == NULL)
+                err_ssl(1, "TLS_client_method");
+#else
        method = SSLv23_client_method();
        if (method == NULL)
                err_ssl(1, "SSLv23_client_method");
+#endif
        ctx = SSL_CTX_new(method);
        if (ctx == NULL)
                err_ssl(1, "SSL_CTX_new");
diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile
new file mode 100644
index 0000000000..b11e08488a
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl11/Makefile
@@ -0,0 +1,32 @@
+# $OpenBSD: Makefile,v 1.1 2018/11/07 19:09:01 bluhm Exp $
+.if ! exists(/usr/local/bin/eopenssl11)
+regress:
+        # install openssl-1.1.1 from ports for interop tests
+        @echo SKIPPED
+.endif
+PROGS =                 client server
+CPPFLAGS =              -I /usr/local/include/eopenssl11
+LDFLAGS =               -L /usr/local/lib/eopenssl11
+LDADD =                 -lssl -lcrypto
+DPADD =                 /usr/local/lib/eopenssl11/libssl.a \
+                        /usr/local/lib/eopenssl11/libcrypto.a
+LD_LIBRARY_PATH =       /usr/local/lib/eopenssl11
+.for p in ${PROGS}
+run-ldd-$p: ldd-$p.out
+        @echo '\n======== $@ ========'
+        # check that $p is linked with OpenSSL 1.1
+        grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out
+        grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
+        # check that $p is not linked with LibreSSL
+        ! grep -v libc.so ldd-$p.out | grep /usr/lib/
+run-version-$p: $p.out
+        @echo '\n======== $@ ========'
+        # check that runtime version is OpenSSL 1.1
+        grep 'SSLEAY_VERSION: OpenSSL 1.1' $p.out
+.endfor
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
index 6f40c4899c..0aece87583 100644
--- a/src/regress/lib/libssl/interop/server.c
+++ b/src/regress/lib/libssl/interop/server.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: server.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $        */
+/*      $OpenBSD: server.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $        */
 /*
 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
 *
@@ -69,9 +69,15 @@ main(int argc, char *argv[])
        print_version();
        /* setup method and context */
+#if OPENSSL_VERSION_NUMBER >= 0x1010000f
+        method = TLS_server_method();
+        if (method == NULL)
+                err_ssl(1, "TLS_server_method");
+#else
        method = SSLv23_server_method();
        if (method == NULL)
                err_ssl(1, "SSLv23_server_method");
+#endif
        ctx = SSL_CTX_new(method);
        if (ctx == NULL)
                err_ssl(1, "SSL_CTX_new");
author	bluhm <>	2018-11-07 19:09:01 +0000
committer	bluhm <>	2018-11-07 19:09:01 +0000
commit	13765826e4b6ab4b743501175301bb9fdc8108f4 (patch)
tree	d9d5952c6707b91f46ed428693145c87e2886021
parent	49797ddc135fae1b661c1076d2f19e4b9979f0a9 (diff)
download	openbsd-13765826e4b6ab4b743501175301bb9fdc8108f4.tar.gz openbsd-13765826e4b6ab4b743501175301bb9fdc8108f4.tar.bz2 openbsd-13765826e4b6ab4b743501175301bb9fdc8108f4.zip

diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile index 997cad2949..d89376aaf6 100644 --- a/src/regress/lib/libssl/interop/Makefile +++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,5 +1,5 @@
1	# $OpenBSD: Makefile,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $	1	# $OpenBSD: Makefile,v 1.2 2018/11/07 19:09:01 bluhm Exp $
2		2
3	SUBDIR = libressl openssl	3	SUBDIR = libressl openssl openssl11
4		4
5	.include <bsd.subdir.mk>	5	.include <bsd.subdir.mk>


diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README index d1ecc7e683..d8847e5ef5 100644 --- a/src/regress/lib/libssl/interop/README +++ b/src/regress/lib/libssl/interop/README
@@ -1,9 +1,10 @@
1	Test TLS interoperability between LibreSSL and OpenSSL.	1	Test TLS interoperability between LibreSSL and OpenSSL.
2		2
3	Implement simple SSL client and server in C. Create four binaries	3	Implement simple SSL client and server in C. Create six binaries
4	by linking them with LibreSSL or OpenSSL. This way API compatibility	4	by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1. This
5	is tested. Connect and accept with netcat to test protocol	5	way API compatibility is tested. Connect and accept with netcat
6	compatibility with libtls.	6	to test protocol compatibility with libtls.
7		7
8	Currently OpenSSL 1.0.2p from ports is used. Plan is to move to	8	Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As
9	OpenSSL 1.1 and and test TLS 1.3.	9	soon as LibreSSL supports TLS 1.3, it should be used automatically
		10	when netcat is communicating with OpenSSL 1.1.


diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c index 9d56182932..60fb718fdb 100644 --- a/src/regress/lib/libssl/interop/client.c +++ b/src/regress/lib/libssl/interop/client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: client.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */	1	/* $OpenBSD: client.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
@@ -65,9 +65,15 @@ main(int argc, char *argv[])
65	print_version();	65	print_version();
66		66
67	/* setup method and context */	67	/* setup method and context */
		68	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
		69	method = TLS_client_method();
		70	if (method == NULL)
		71	err_ssl(1, "TLS_client_method");
		72	#else
68	method = SSLv23_client_method();	73	method = SSLv23_client_method();
69	if (method == NULL)	74	if (method == NULL)
70	err_ssl(1, "SSLv23_client_method");	75	err_ssl(1, "SSLv23_client_method");
		76	#endif
71	ctx = SSL_CTX_new(method);	77	ctx = SSL_CTX_new(method);
72	if (ctx == NULL)	78	if (ctx == NULL)
73	err_ssl(1, "SSL_CTX_new");	79	err_ssl(1, "SSL_CTX_new");


diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile new file mode 100644 index 0000000000..b11e08488a --- /dev/null +++ b/src/regress/lib/libssl/interop/openssl11/Makefile
@@ -0,0 +1,32 @@
		1	# $OpenBSD: Makefile,v 1.1 2018/11/07 19:09:01 bluhm Exp $
		2
		3	.if ! exists(/usr/local/bin/eopenssl11)
		4	regress:
		5	# install openssl-1.1.1 from ports for interop tests
		6	@echo SKIPPED
		7	.endif
		8
		9	PROGS = client server
		10	CPPFLAGS = -I /usr/local/include/eopenssl11
		11	LDFLAGS = -L /usr/local/lib/eopenssl11
		12	LDADD = -lssl -lcrypto
		13	DPADD = /usr/local/lib/eopenssl11/libssl.a \
		14	/usr/local/lib/eopenssl11/libcrypto.a
		15	LD_LIBRARY_PATH = /usr/local/lib/eopenssl11
		16
		17	.for p in ${PROGS}
		18	run-ldd-$p: ldd-$p.out
		19	@echo '\n======== $@ ========'
		20	# check that $p is linked with OpenSSL 1.1
		21	grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out
		22	grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
		23	# check that $p is not linked with LibreSSL
		24	! grep -v libc.so ldd-$p.out \| grep /usr/lib/
		25
		26	run-version-$p: $p.out
		27	@echo '\n======== $@ ========'
		28	# check that runtime version is OpenSSL 1.1
		29	grep 'SSLEAY_VERSION: OpenSSL 1.1' $p.out
		30	.endfor
		31
		32	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 6f40c4899c..0aece87583 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: server.c,v 1.2 2018/11/07 06:29:26 bluhm Exp $ */	1	/* $OpenBSD: server.c,v 1.3 2018/11/07 19:09:01 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
@@ -69,9 +69,15 @@ main(int argc, char *argv[])
69	print_version();	69	print_version();
70		70
71	/* setup method and context */	71	/* setup method and context */
		72	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
		73	method = TLS_server_method();
		74	if (method == NULL)
		75	err_ssl(1, "TLS_server_method");
		76	#else
72	method = SSLv23_server_method();	77	method = SSLv23_server_method();
73	if (method == NULL)	78	if (method == NULL)
74	err_ssl(1, "SSLv23_server_method");	79	err_ssl(1, "SSLv23_server_method");
		80	#endif
75	ctx = SSL_CTX_new(method);	81	ctx = SSL_CTX_new(method);
76	if (ctx == NULL)	82	if (ctx == NULL)
77	err_ssl(1, "SSL_CTX_new");	83	err_ssl(1, "SSL_CTX_new");