summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2025-07-09 17:48:02 +0000
committertb <>2025-07-09 17:48:02 +0000
commitd25f32ed32ab5666e77ae5843fcd4f087baf139a (patch)
tree0c48b6ef031fc1c0c17d6d000d3d073d275a57db /src
parent38e9c2a327865da6134fd3ecc45f8cd025eca3c3 (diff)
downloadopenbsd-d25f32ed32ab5666e77ae5843fcd4f087baf139a.tar.gz
openbsd-d25f32ed32ab5666e77ae5843fcd4f087baf139a.tar.bz2
openbsd-d25f32ed32ab5666e77ae5843fcd4f087baf139a.zip
libcrypto regress: add interop harness for openssl/3.5
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/interop/Makefile4
-rw-r--r--src/regress/lib/libssl/interop/botan/Makefile5
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile5
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile11
-rw-r--r--src/regress/lib/libssl/interop/netcat/Makefile5
-rw-r--r--src/regress/lib/libssl/interop/openssl35/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/session/Makefile5
-rw-r--r--src/regress/lib/libssl/interop/version/Makefile6
8 files changed, 75 insertions, 10 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index bdc67f627a..acb5d18205 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.22 2025/07/09 17:48:02 tb Exp $
2 2
3SUBDIR = libressl openssl33 openssl34 3SUBDIR = libressl openssl33 openssl34 openssl35
4 4
5# the above binaries must have been built before we can continue 5# the above binaries must have been built before we can continue
6SUBDIR += netcat 6SUBDIR += netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 85877d4290..1464cf84a8 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4 4
@@ -26,6 +26,9 @@ LIBRARIES += openssl33
26.if exists(/usr/local/bin/eopenssl34) 26.if exists(/usr/local/bin/eopenssl34)
27LIBRARIES += openssl34 27LIBRARIES += openssl34
28.endif 28.endif
29.if exists(/usr/local/bin/eopenssl35)
30LIBRARIES += openssl35
31.endif
29 32
30PROGS = client 33PROGS = client
31SRCS_client = client.cpp 34SRCS_client = client.cpp
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 74c63c86a8..8f05e3f84d 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.15 2025/07/09 17:48:02 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 3.x. Create client and server certificates 4# openssl 3.x. Create client and server certificates
@@ -13,6 +13,9 @@ LIBRARIES += openssl33
13.if exists(/usr/local/bin/eopenssl34) 13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34 14LIBRARIES += openssl34
15.endif 15.endif
16.if exists(/usr/local/bin/eopenssl35)
17LIBRARIES += openssl35
18.endif
16 19
17.for cca in noca ca fakeca 20.for cca in noca ca fakeca
18.for sca in noca ca fakeca 21.for sca in noca ca fakeca
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index fa7e25f9ee..6693b962d0 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.18 2025/07/09 17:48:02 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers 4# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -13,6 +13,9 @@ LIBRARIES += openssl33
13.if exists(/usr/local/bin/eopenssl34) 13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34 14LIBRARIES += openssl34
15.endif 15.endif
16.if exists(/usr/local/bin/eopenssl35)
17LIBRARIES += openssl35
18.endif
16 19
17CLEANFILES = *.tmp *.ciphers ciphers.mk 20CLEANFILES = *.tmp *.ciphers ciphers.mk
18 21
@@ -42,7 +45,8 @@ client-${clib}-server-${slib}.ciphers: \
42 # we are only interested in ciphers supported by libressl 45 # we are only interested in ciphers supported by libressl
43 sort $@ client-libressl.ciphers >$@.tmp 46 sort $@ client-libressl.ciphers >$@.tmp
44. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ 47. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
45 "${clib}" == "openssl34" || "${slib}" == "openssl34" 48 "${clib}" == "openssl34" || "${slib}" == "openssl34" || \
49 "${clib}" == "openssl35" || "${slib}" == "openssl35"
46 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 50 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
47 sed -i '/^TLS_/d' $@.tmp 51 sed -i '/^TLS_/d' $@.tmp
48. endif 52. endif
@@ -72,6 +76,7 @@ regress: ciphers.mk
72LEVEL_libressl = 76LEVEL_libressl =
73LEVEL_openssl33 = ,@SECLEVEL=0 77LEVEL_openssl33 = ,@SECLEVEL=0
74LEVEL_openssl34 = ,@SECLEVEL=0 78LEVEL_openssl34 = ,@SECLEVEL=0
79LEVEL_openssl35 = ,@SECLEVEL=0
75 80
76.for clib in ${LIBRARIES} 81.for clib in ${LIBRARIES}
77.for slib in ${LIBRARIES} 82.for slib in ${LIBRARIES}
@@ -132,7 +137,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
132. endif 137. endif
133. if "${clib}" == "libressl" 138. if "${clib}" == "libressl"
134 # libressl client may prefer chacha-poly if aes-ni is not supported 139 # libressl client may prefer chacha-poly if aes-ni is not supported
135. if "${slib}" == "openssl33" || "${slib}" == "openssl34" 140. if "${slib}" == "openssl33" || "${slib}" == "openssl34" || "${slib}" == "openssl35"
136 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 141 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
137. else 142. else
138 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 143 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 3b8e3f95be..0f2864ccca 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
2 2
3LIBRARIES = libressl 3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33) 4.if exists(/usr/local/bin/eopenssl33)
@@ -7,6 +7,9 @@ LIBRARIES += openssl33
7.if exists(/usr/local/bin/eopenssl34) 7.if exists(/usr/local/bin/eopenssl34)
8LIBRARIES += openssl34 8LIBRARIES += openssl34
9.endif 9.endif
10.if exists(/usr/local/bin/eopenssl35)
11LIBRARIES += openssl35
12.endif
10 13
11# run netcat server and connect with test client 14# run netcat server and connect with test client
12 15
diff --git a/src/regress/lib/libssl/interop/openssl35/Makefile b/src/regress/lib/libssl/interop/openssl35/Makefile
new file mode 100644
index 0000000000..e11ad5dd20
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl35/Makefile
@@ -0,0 +1,44 @@
1# $OpenBSD: Makefile,v 1.1 2025/07/09 17:48:02 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl35)
4regress:
5 # install openssl-3.5 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.5" to run tests against OpenSSL 3.5'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl35
13LDFLAGS = -L /usr/local/lib/eopenssl35
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl35/libssl.a \
16 /usr/local/lib/eopenssl35/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl35
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.5
27 grep -q /usr/local/lib/eopenssl35/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl35/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.5
34 grep 'SSLEAY_VERSION: OpenSSL 3.5' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.5 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl35)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index e9a353f99e..4670240f9f 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.13 2025/07/09 17:48:02 tb Exp $
2 2
3LIBRARIES = libressl 3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33) 4.if exists(/usr/local/bin/eopenssl33)
@@ -7,6 +7,9 @@ LIBRARIES = libressl
7.if exists(/usr/local/bin/eopenssl34) 7.if exists(/usr/local/bin/eopenssl34)
8#LIBRARIES += openssl34 8#LIBRARIES += openssl34
9.endif 9.endif
10.if exists(/usr/local/bin/eopenssl35)
11#LIBRARIES += openssl35
12.endif
10 13
11run-session-client-libressl-server-libressl: 14run-session-client-libressl-server-libressl:
12 # TLS 1.3 needs some extra setup for session reuse 15 # TLS 1.3 needs some extra setup for session reuse
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 605fba252f..133fc29629 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $ 1# $OpenBSD: Makefile,v 1.11 2025/07/09 17:48:02 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS 4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@@ -13,6 +13,9 @@ LIBRARIES += openssl33
13.if exists(/usr/local/bin/eopenssl34) 13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34 14LIBRARIES += openssl34
15.endif 15.endif
16.if exists(/usr/local/bin/eopenssl35)
17LIBRARIES += openssl35
18.endif
16 19
17VERSIONS = any TLS1_2 TLS1_3 20VERSIONS = any TLS1_2 TLS1_3
18 21
@@ -31,6 +34,7 @@ FAIL_${cver}_${sver} = !
31.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ 34.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
32 ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \ 35 ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
33 (("${clib}" != openssl34 && "${slib}" != openssl34)) || \ 36 (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
37 (("${clib}" != openssl35 && "${slib}" != openssl35)) || \
34 (("${cver}" != any && "${sver}" != any) && \ 38 (("${cver}" != any && "${sver}" != any) && \
35 ("${cver}" != TLS1 && "${sver}" != TLS1) && \ 39 ("${cver}" != TLS1 && "${sver}" != TLS1) && \
36 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) 40 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-08 10:32:40 +0000