diff options
| -rw-r--r-- | src/regress/lib/libssl/interop/Makefile | 4 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/botan/Makefile | 5 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/cert/Makefile | 5 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 10 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/netcat/Makefile | 5 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/openssl31/Makefile | 43 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/session/Makefile | 5 | ||||
| -rw-r--r-- | src/regress/lib/libssl/interop/version/Makefile | 8 |
8 files changed, 74 insertions, 11 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile index 72dc87b5c2..82bef2314d 100644 --- a/src/regress/lib/libssl/interop/Makefile +++ b/src/regress/lib/libssl/interop/Makefile | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.17 2023/02/01 14:39:09 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.18 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | SUBDIR = libressl openssl11 openssl30 | 3 | SUBDIR = libressl openssl11 openssl30 openssl31 |
| 4 | 4 | ||
| 5 | # the above binaries must have been built before we can continue | 5 | # the above binaries must have been built before we can continue |
| 6 | SUBDIR += netcat | 6 | SUBDIR += netcat |
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile index 23f8a07bf4..b9570b815a 100644 --- a/src/regress/lib/libssl/interop/botan/Makefile +++ b/src/regress/lib/libssl/interop/botan/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.6 2023/02/01 15:58:20 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | 4 | ||
| @@ -26,6 +26,9 @@ LIBRARIES += openssl11 | |||
| 26 | .if exists(/usr/local/bin/eopenssl30) | 26 | .if exists(/usr/local/bin/eopenssl30) |
| 27 | LIBRARIES += openssl30 | 27 | LIBRARIES += openssl30 |
| 28 | .endif | 28 | .endif |
| 29 | .if exists(/usr/local/bin/eopenssl31) | ||
| 30 | LIBRARIES += openssl31 | ||
| 31 | .endif | ||
| 29 | 32 | ||
| 30 | PROGS = client | 33 | PROGS = client |
| 31 | SRCS_client = client.cpp | 34 | SRCS_client = client.cpp |
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile index 47f4422d6e..ae755be223 100644 --- a/src/regress/lib/libssl/interop/cert/Makefile +++ b/src/regress/lib/libssl/interop/cert/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.10 2023/04/19 15:34:23 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.11 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
| 4 | # openssl 1.1 or 3.0. Create client and server certificates | 4 | # openssl 1.1 or 3.0. Create client and server certificates |
| @@ -13,6 +13,9 @@ LIBRARIES += openssl11 | |||
| 13 | .if exists(/usr/local/bin/eopenssl30) | 13 | .if exists(/usr/local/bin/eopenssl30) |
| 14 | LIBRARIES += openssl30 | 14 | LIBRARIES += openssl30 |
| 15 | .endif | 15 | .endif |
| 16 | .if exists(/usr/local/bin/eopenssl31) | ||
| 17 | LIBRARIES += openssl31 | ||
| 18 | .endif | ||
| 16 | 19 | ||
| 17 | .for cca in noca ca fakeca | 20 | .for cca in noca ca fakeca |
| 18 | .for sca in noca ca fakeca | 21 | .for sca in noca ca fakeca |
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile index 85d927a92d..627cfc8f9f 100644 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ b/src/regress/lib/libssl/interop/cipher/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
| 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers | 4 | # openssl 1.1 or 3.0. Create lists of supported ciphers |
| @@ -24,6 +24,9 @@ LIBRARIES += openssl11 | |||
| 24 | .if exists(/usr/local/bin/eopenssl30) | 24 | .if exists(/usr/local/bin/eopenssl30) |
| 25 | LIBRARIES += openssl30 | 25 | LIBRARIES += openssl30 |
| 26 | .endif | 26 | .endif |
| 27 | .if exists(/usr/local/bin/eopenssl31) | ||
| 28 | LIBRARIES += openssl31 | ||
| 29 | .endif | ||
| 27 | 30 | ||
| 28 | CLEANFILES = *.tmp *.ciphers ciphers.mk | 31 | CLEANFILES = *.tmp *.ciphers ciphers.mk |
| 29 | 32 | ||
| @@ -53,7 +56,8 @@ client-${clib}-server-${slib}.ciphers: \ | |||
| 53 | # we are only interested in ciphers supported by libressl | 56 | # we are only interested in ciphers supported by libressl |
| 54 | sort $@ client-libressl.ciphers >$@.tmp | 57 | sort $@ client-libressl.ciphers >$@.tmp |
| 55 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ | 58 | . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ |
| 56 | "${clib}" == "openssl30" || "${slib}" == "openssl30" | 59 | "${clib}" == "openssl30" || "${slib}" == "openssl30" || \ |
| 60 | "${clib}" == "openssl31" || "${slib}" == "openssl31" | ||
| 57 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | 61 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers |
| 58 | sed -i '/^TLS_/d' $@.tmp | 62 | sed -i '/^TLS_/d' $@.tmp |
| 59 | . endif | 63 | . endif |
| @@ -145,7 +149,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ | |||
| 145 | . endif | 149 | . endif |
| 146 | . if "${clib}" == "libressl" | 150 | . if "${clib}" == "libressl" |
| 147 | # libressl client may prefer chacha-poly if aes-ni is not supported | 151 | # libressl client may prefer chacha-poly if aes-ni is not supported |
| 148 | . if "${slib}" == "openssl11" || "${slib}" == "openssl30" | 152 | . if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31" |
| 149 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 153 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |
| 150 | . else | 154 | . else |
| 151 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | 155 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out |
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile index 9cf10417af..568c4d255a 100644 --- a/src/regress/lib/libssl/interop/netcat/Makefile +++ b/src/regress/lib/libssl/interop/netcat/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.6 2023/02/01 15:38:57 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | LIBRARIES = libressl | 3 | LIBRARIES = libressl |
| 4 | .if exists(/usr/local/bin/eopenssl11) | 4 | .if exists(/usr/local/bin/eopenssl11) |
| @@ -7,6 +7,9 @@ LIBRARIES += openssl11 | |||
| 7 | .if exists(/usr/local/bin/eopenssl30) | 7 | .if exists(/usr/local/bin/eopenssl30) |
| 8 | LIBRARIES += openssl30 | 8 | LIBRARIES += openssl30 |
| 9 | .endif | 9 | .endif |
| 10 | .if exists(/usr/local/bin/eopenssl31) | ||
| 11 | LIBRARIES += openssl31 | ||
| 12 | .endif | ||
| 10 | 13 | ||
| 11 | # run netcat server and connect with test client | 14 | # run netcat server and connect with test client |
| 12 | 15 | ||
diff --git a/src/regress/lib/libssl/interop/openssl31/Makefile b/src/regress/lib/libssl/interop/openssl31/Makefile new file mode 100644 index 0000000000..8f35fa272f --- /dev/null +++ b/src/regress/lib/libssl/interop/openssl31/Makefile | |||
| @@ -0,0 +1,43 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2023/10/30 17:15:21 tb Exp $ | ||
| 2 | |||
| 3 | .if !exists(/usr/local/bin/eopenssl31) | ||
| 4 | regress: | ||
| 5 | # install openssl-3.1 from ports for interop tests | ||
| 6 | @echo 'Run "pkg_add openssl--%3.1" to run tests against OpenSSL 3.1' | ||
| 7 | @echo SKIPPED | ||
| 8 | .else | ||
| 9 | |||
| 10 | PROGS = client server | ||
| 11 | CPPFLAGS = -I /usr/local/include/eopenssl31 | ||
| 12 | LDFLAGS = -L /usr/local/lib/eopenssl31 | ||
| 13 | LDADD = -lssl -lcrypto | ||
| 14 | DPADD = /usr/local/lib/eopenssl31/libssl.a \ | ||
| 15 | /usr/local/lib/eopenssl31/libcrypto.a | ||
| 16 | LD_LIBRARY_PATH = /usr/local/lib/eopenssl31 | ||
| 17 | REGRESS_TARGETS = run-self-client-server | ||
| 18 | .for p in ${PROGS} | ||
| 19 | REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p | ||
| 20 | .endfor | ||
| 21 | |||
| 22 | .for p in ${PROGS} | ||
| 23 | |||
| 24 | run-ldd-$p: ldd-$p.out | ||
| 25 | # check that $p is linked with OpenSSL 3.1 | ||
| 26 | grep -q /usr/local/lib/eopenssl31/libcrypto.so ldd-$p.out | ||
| 27 | grep -q /usr/local/lib/eopenssl31/libssl.so ldd-$p.out | ||
| 28 | # check that $p is not linked with LibreSSL | ||
| 29 | ! grep -v libc.so ldd-$p.out | grep /usr/lib/ | ||
| 30 | |||
| 31 | run-version-$p: $p-self.out | ||
| 32 | # check that runtime version is OpenSSL 3.1 | ||
| 33 | grep 'SSLEAY_VERSION: OpenSSL 3.1' $p-self.out | ||
| 34 | |||
| 35 | run-protocol-$p: $p-self.out | ||
| 36 | # check that OpenSSL 3.1 protocol version is TLS 1.3 | ||
| 37 | grep 'Protocol *: TLSv1.3' $p-self.out | ||
| 38 | |||
| 39 | .endfor | ||
| 40 | |||
| 41 | .endif # exists(/usr/local/bin/eopenssl31) | ||
| 42 | |||
| 43 | .include <bsd.regress.mk> | ||
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile index f5858eaba0..99daa4ba4f 100644 --- a/src/regress/lib/libssl/interop/session/Makefile +++ b/src/regress/lib/libssl/interop/session/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.8 2023/02/01 16:03:47 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.9 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | LIBRARIES = libressl | 3 | LIBRARIES = libressl |
| 4 | .if exists(/usr/local/bin/eopenssl11) | 4 | .if exists(/usr/local/bin/eopenssl11) |
| @@ -7,6 +7,9 @@ LIBRARIES += openssl11 | |||
| 7 | .if exists(/usr/local/bin/eopenssl30) | 7 | .if exists(/usr/local/bin/eopenssl30) |
| 8 | #LIBRARIES += openssl30 | 8 | #LIBRARIES += openssl30 |
| 9 | .endif | 9 | .endif |
| 10 | .if exists(/usr/local/bin/eopenssl31) | ||
| 11 | #LIBRARIES += openssl31 | ||
| 12 | .endif | ||
| 10 | 13 | ||
| 11 | run-session-client-libressl-server-libressl \ | 14 | run-session-client-libressl-server-libressl \ |
| 12 | run-session-client-libressl-server-openssl11 \ | 15 | run-session-client-libressl-server-openssl11 \ |
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile index c4f7705d63..bb4641afa9 100644 --- a/src/regress/lib/libssl/interop/version/Makefile +++ b/src/regress/lib/libssl/interop/version/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $ | 1 | # $OpenBSD: Makefile,v 1.8 2023/10/30 17:15:21 tb Exp $ |
| 2 | 2 | ||
| 3 | # Connect a client to a server. Both can be current libressl, or | 3 | # Connect a client to a server. Both can be current libressl, or |
| 4 | # openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS | 4 | # openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS |
| @@ -13,6 +13,9 @@ LIBRARIES += openssl11 | |||
| 13 | .if exists(/usr/local/bin/eopenssl30) | 13 | .if exists(/usr/local/bin/eopenssl30) |
| 14 | LIBRARIES += openssl30 | 14 | LIBRARIES += openssl30 |
| 15 | .endif | 15 | .endif |
| 16 | .if exists(/usr/local/bin/eopenssl31) | ||
| 17 | LIBRARIES += openssl31 | ||
| 18 | .endif | ||
| 16 | 19 | ||
| 17 | VERSIONS = any TLS1_2 TLS1_3 | 20 | VERSIONS = any TLS1_2 TLS1_3 |
| 18 | 21 | ||
| @@ -29,7 +32,8 @@ FAIL_${cver}_${sver} = ! | |||
| 29 | .for slib in ${LIBRARIES} | 32 | .for slib in ${LIBRARIES} |
| 30 | 33 | ||
| 31 | .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ | 34 | .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ |
| 32 | (("${clib}" != openssl30 && "${slib}" != openssl30) || \ | 35 | ((("${clib}" != openssl30 && "${slib}" != openssl30) && \ |
| 36 | ("${clib}" != openssl31 && "${slib}" != openssl31)) || \ | ||
| 33 | (("${cver}" != any && "${sver}" != any) && \ | 37 | (("${cver}" != any && "${sver}" != any) && \ |
| 34 | ("${cver}" != TLS1 && "${sver}" != TLS1) && \ | 38 | ("${cver}" != TLS1 && "${sver}" != TLS1) && \ |
| 35 | ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) | 39 | ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) |