diff options
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher/Makefile')
-rw-r--r-- | src/regress/lib/libssl/interop/cipher/Makefile | 159 |
1 files changed, 0 insertions, 159 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile deleted file mode 100644 index fa7e25f9ee..0000000000 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ /dev/null | |||
@@ -1,159 +0,0 @@ | |||
1 | # $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $ | ||
2 | |||
3 | # Connect a client to a server. Both can be current libressl, or | ||
4 | # openssl 1.1 or 3.0. Create lists of supported ciphers | ||
5 | # and pin client and server to one of the ciphers. Use server | ||
6 | # certificate with compatible type. Check that client and server | ||
7 | # have used correct cipher by grepping in their session print out. | ||
8 | |||
9 | LIBRARIES = libressl | ||
10 | .if exists(/usr/local/bin/eopenssl33) | ||
11 | LIBRARIES += openssl33 | ||
12 | .endif | ||
13 | .if exists(/usr/local/bin/eopenssl34) | ||
14 | LIBRARIES += openssl34 | ||
15 | .endif | ||
16 | |||
17 | CLEANFILES = *.tmp *.ciphers ciphers.mk | ||
18 | |||
19 | .for clib in ${LIBRARIES} | ||
20 | client-${clib}.ciphers: | ||
21 | LD_LIBRARY_PATH=/usr/local/lib/e${clib} \ | ||
22 | ../${clib}/client -l ALL -L >$@.tmp | ||
23 | sed -n 's/^cipher //p' <$@.tmp | sort -u >$@ | ||
24 | rm $@.tmp | ||
25 | .endfor | ||
26 | .for slib in ${LIBRARIES} | ||
27 | server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt | ||
28 | LD_LIBRARY_PATH=/usr/local/lib/e${slib} \ | ||
29 | ../${slib}/server -l ALL -L >$@.tmp | ||
30 | sed -n 's/^cipher //p' <$@.tmp | sort -u >$@ | ||
31 | rm $@.tmp | ||
32 | .endfor | ||
33 | |||
34 | .for clib in ${LIBRARIES} | ||
35 | .for slib in ${LIBRARIES} | ||
36 | ciphers.mk: client-${clib}-server-${slib}.ciphers | ||
37 | client-${clib}-server-${slib}.ciphers: \ | ||
38 | client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers | ||
39 | # get ciphers shared between client and server | ||
40 | sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp | ||
41 | uniq -d <$@.tmp >$@ | ||
42 | # we are only interested in ciphers supported by libressl | ||
43 | sort $@ client-libressl.ciphers >$@.tmp | ||
44 | . if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \ | ||
45 | "${clib}" == "openssl34" || "${slib}" == "openssl34" | ||
46 | # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers | ||
47 | sed -i '/^TLS_/d' $@.tmp | ||
48 | . endif | ||
49 | uniq -d <$@.tmp >$@ | ||
50 | rm $@.tmp | ||
51 | .endfor | ||
52 | .endfor | ||
53 | |||
54 | ciphers.mk: | ||
55 | rm -f $@ $@.tmp | ||
56 | .for clib in ${LIBRARIES} | ||
57 | .for slib in ${LIBRARIES} | ||
58 | echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \ | ||
59 | `cat client-${clib}-server-${slib}.ciphers` | ||
60 | .endfor | ||
61 | .endfor | ||
62 | mv $@.tmp $@ | ||
63 | |||
64 | # hack to convert generated lists into usable make variables | ||
65 | .if exists(ciphers.mk) | ||
66 | .include "ciphers.mk" | ||
67 | .else | ||
68 | regress: ciphers.mk | ||
69 | ${MAKE} -C ${.CURDIR} regress | ||
70 | .endif | ||
71 | |||
72 | LEVEL_libressl = | ||
73 | LEVEL_openssl33 = ,@SECLEVEL=0 | ||
74 | LEVEL_openssl34 = ,@SECLEVEL=0 | ||
75 | |||
76 | .for clib in ${LIBRARIES} | ||
77 | .for slib in ${LIBRARIES} | ||
78 | .for cipher in ${CIPHERS_${clib}_${slib}} | ||
79 | |||
80 | .if "${cipher:M*-DSS-*}" != "" | ||
81 | TYPE_${cipher} = dsa | ||
82 | .elif "${cipher:M*-ECDSA-*}" != "" | ||
83 | TYPE_${cipher} = ec | ||
84 | .elif "${cipher:M*-RSA-*}" != "" | ||
85 | TYPE_${cipher} = rsa | ||
86 | .else | ||
87 | TYPE_${cipher} = 127.0.0.1 | ||
88 | .endif | ||
89 | |||
90 | DHPARAM_${cipher}_${slib} = | ||
91 | |||
92 | .if ("${clib}" == "libressl" || "${slib}" == "libressl") | ||
93 | REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib} | ||
94 | .else | ||
95 | # Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow. | ||
96 | SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib} | ||
97 | .endif | ||
98 | run-cipher-${cipher}-client-${clib}-server-${slib} \ | ||
99 | client-cipher-${cipher}-client-${clib}-server-${slib}.out \ | ||
100 | server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \ | ||
101 | 127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server | ||
102 | LD_LIBRARY_PATH=/usr/local/lib/e${slib} \ | ||
103 | ../${slib}/server >${@:S/^run/server/}.out \ | ||
104 | -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \ | ||
105 | -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \ | ||
106 | 127.0.0.1 0 | ||
107 | LD_LIBRARY_PATH=/usr/local/lib/e${clib} \ | ||
108 | ../${clib}/client >${@:S/^run/client/}.out \ | ||
109 | -l ${cipher}${LEVEL_${clib}} \ | ||
110 | `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out` | ||
111 | grep -q '^success$$' ${@:S/^run/server/}.out || \ | ||
112 | { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; } | ||
113 | grep -q '^success$$' ${@:S/^run/client/}.out | ||
114 | |||
115 | .if ("${clib}" == "libressl" || "${slib}" == "libressl") | ||
116 | REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib} | ||
117 | .else | ||
118 | # Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow. | ||
119 | SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib} | ||
120 | .endif | ||
121 | check-cipher-${cipher}-client-${clib}-server-${slib}: \ | ||
122 | client-cipher-${cipher}-client-${clib}-server-${slib}.out \ | ||
123 | server-cipher-${cipher}-client-${clib}-server-${slib}.out | ||
124 | .if "${cipher:C/TLS_(AES.*_GCM|CHACHA.*_POLY.*)_SHA.*/TLS1_3/}" != TLS1_3 | ||
125 | # client and server 1.3 capable, not TLS 1.3 cipher | ||
126 | . if "${clib}" == "libressl" | ||
127 | # libressl client may prefer chacha-poly if aes-ni is not supported | ||
128 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out | ||
129 | . else | ||
130 | # openssl 1.1 generic client cipher | ||
131 | grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out | ||
132 | . endif | ||
133 | . if "${clib}" == "libressl" | ||
134 | # libressl client may prefer chacha-poly if aes-ni is not supported | ||
135 | . if "${slib}" == "openssl33" || "${slib}" == "openssl34" | ||
136 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | ||
137 | . else | ||
138 | egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out | ||
139 | . endif | ||
140 | . else | ||
141 | # generic server cipher | ||
142 | grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out | ||
143 | . endif | ||
144 | .else | ||
145 | grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out | ||
146 | grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out | ||
147 | .endif | ||
148 | |||
149 | .endfor | ||
150 | .endfor | ||
151 | .endfor | ||
152 | |||
153 | .include <bsd.own.mk> | ||
154 | REGRESS_SKIP_SLOW ?= no | ||
155 | .if ${REGRESS_SKIP_SLOW:L} != "yes" | ||
156 | REGRESS_TARGETS += ${SLOW_TARGETS} | ||
157 | .endif | ||
158 | |||
159 | .include <bsd.regress.mk> | ||