summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop/cipher/Makefile
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libssl/interop/cipher/Makefile')
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile159
1 files changed, 0 insertions, 159 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index fa7e25f9ee..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,159 +0,0 @@
1# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers
5# and pin client and server to one of the ciphers. Use server
6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33)
11LIBRARIES += openssl33
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif
16
17CLEANFILES = *.tmp *.ciphers ciphers.mk
18
19.for clib in ${LIBRARIES}
20client-${clib}.ciphers:
21 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
22 ../${clib}/client -l ALL -L >$@.tmp
23 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
24 rm $@.tmp
25.endfor
26.for slib in ${LIBRARIES}
27server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
28 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
29 ../${slib}/server -l ALL -L >$@.tmp
30 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
31 rm $@.tmp
32.endfor
33
34.for clib in ${LIBRARIES}
35.for slib in ${LIBRARIES}
36ciphers.mk: client-${clib}-server-${slib}.ciphers
37client-${clib}-server-${slib}.ciphers: \
38 client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
39 # get ciphers shared between client and server
40 sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
41 uniq -d <$@.tmp >$@
42 # we are only interested in ciphers supported by libressl
43 sort $@ client-libressl.ciphers >$@.tmp
44. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
45 "${clib}" == "openssl34" || "${slib}" == "openssl34"
46 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
47 sed -i '/^TLS_/d' $@.tmp
48. endif
49 uniq -d <$@.tmp >$@
50 rm $@.tmp
51.endfor
52.endfor
53
54ciphers.mk:
55 rm -f $@ $@.tmp
56.for clib in ${LIBRARIES}
57.for slib in ${LIBRARIES}
58 echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
59 `cat client-${clib}-server-${slib}.ciphers`
60.endfor
61.endfor
62 mv $@.tmp $@
63
64# hack to convert generated lists into usable make variables
65.if exists(ciphers.mk)
66.include "ciphers.mk"
67.else
68regress: ciphers.mk
69 ${MAKE} -C ${.CURDIR} regress
70.endif
71
72LEVEL_libressl =
73LEVEL_openssl33 = ,@SECLEVEL=0
74LEVEL_openssl34 = ,@SECLEVEL=0
75
76.for clib in ${LIBRARIES}
77.for slib in ${LIBRARIES}
78.for cipher in ${CIPHERS_${clib}_${slib}}
79
80.if "${cipher:M*-DSS-*}" != ""
81TYPE_${cipher} = dsa
82.elif "${cipher:M*-ECDSA-*}" != ""
83TYPE_${cipher} = ec
84.elif "${cipher:M*-RSA-*}" != ""
85TYPE_${cipher} = rsa
86.else
87TYPE_${cipher} = 127.0.0.1
88.endif
89
90DHPARAM_${cipher}_${slib} =
91
92.if ("${clib}" == "libressl" || "${slib}" == "libressl")
93REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
94.else
95# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
96SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
97.endif
98run-cipher-${cipher}-client-${clib}-server-${slib} \
99client-cipher-${cipher}-client-${clib}-server-${slib}.out \
100server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
101 127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
102 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
103 ../${slib}/server >${@:S/^run/server/}.out \
104 -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
105 -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
106 127.0.0.1 0
107 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
108 ../${clib}/client >${@:S/^run/client/}.out \
109 -l ${cipher}${LEVEL_${clib}} \
110 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
111 grep -q '^success$$' ${@:S/^run/server/}.out || \
112 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
113 grep -q '^success$$' ${@:S/^run/client/}.out
114
115.if ("${clib}" == "libressl" || "${slib}" == "libressl")
116REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
117.else
118# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
119SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
120.endif
121check-cipher-${cipher}-client-${clib}-server-${slib}: \
122 client-cipher-${cipher}-client-${clib}-server-${slib}.out \
123 server-cipher-${cipher}-client-${clib}-server-${slib}.out
124.if "${cipher:C/TLS_(AES.*_GCM|CHACHA.*_POLY.*)_SHA.*/TLS1_3/}" != TLS1_3
125 # client and server 1.3 capable, not TLS 1.3 cipher
126. if "${clib}" == "libressl"
127 # libressl client may prefer chacha-poly if aes-ni is not supported
128 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
129. else
130 # openssl 1.1 generic client cipher
131 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
132. endif
133. if "${clib}" == "libressl"
134 # libressl client may prefer chacha-poly if aes-ni is not supported
135. if "${slib}" == "openssl33" || "${slib}" == "openssl34"
136 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
137. else
138 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
139. endif
140. else
141 # generic server cipher
142 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
143. endif
144.else
145 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
146 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
147.endif
148
149.endfor
150.endfor
151.endfor
152
153.include <bsd.own.mk>
154REGRESS_SKIP_SLOW ?= no
155.if ${REGRESS_SKIP_SLOW:L} != "yes"
156REGRESS_TARGETS += ${SLOW_TARGETS}
157.endif
158
159.include <bsd.regress.mk>