summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/interop/Makefile4
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile7
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile15
-rw-r--r--src/regress/lib/libssl/interop/openssl30/Makefile43
-rw-r--r--src/regress/lib/libssl/interop/version/Makefile13
5 files changed, 70 insertions, 12 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index 789ff00e7f..2f6b165ae6 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
1# $OpenBSD: Makefile,v 1.15 2021/08/30 17:34:02 tb Exp $ 1# $OpenBSD: Makefile,v 1.16 2023/01/27 08:28:36 tb Exp $
2 2
3SUBDIR = libressl openssl openssl11 3SUBDIR = libressl openssl openssl11 openssl30
4 4
5# the above binaries must have been built before we can continue 5# the above binaries must have been built before we can continue
6SUBDIR += netcat 6SUBDIR += netcat
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 6698975d7e..6156a988ae 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,7 +1,7 @@
1# $OpenBSD: Makefile,v 1.7 2021/09/03 11:58:24 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.8 2023/01/27 08:28:36 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create client and server certificates 4# openssl 1.0.2, 1.1, or 3.0. Create client and server certificates
5# that are signed by a CA and not signed by a fake CA. Try all 5# that are signed by a CA and not signed by a fake CA. Try all
6# combinations with, without, and with wrong CA for client and server 6# combinations with, without, and with wrong CA for client and server
7# and check the result of certificate verification. 7# and check the result of certificate verification.
@@ -13,6 +13,9 @@ LIBRARIES += openssl
13.if exists(/usr/local/bin/eopenssl11) 13.if exists(/usr/local/bin/eopenssl11)
14LIBRARIES += openssl11 14LIBRARIES += openssl11
15.endif 15.endif
16.if exists(/usr/local/bin/eopenssl30)
17LIBRARIES += openssl30
18.endif
16 19
17.for cca in noca ca fakeca 20.for cca in noca ca fakeca
18.for sca in noca ca fakeca 21.for sca in noca ca fakeca
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index bfe8cfea7a..46951f6782 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,7 +1,7 @@
1# $OpenBSD: Makefile,v 1.9 2022/02/05 18:34:06 tb Exp $ 1# $OpenBSD: Makefile,v 1.10 2023/01/27 08:28:36 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers 4# openssl 1.0.2, 1.1, or 3.0. Create lists of supported ciphers
5# and pin client and server to one of the ciphers. Use server 5# and pin client and server to one of the ciphers. Use server
6# certificate with compatible type. Check that client and server 6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
@@ -24,6 +24,9 @@ LIBRARIES += openssl
24.if exists(/usr/local/bin/eopenssl11) 24.if exists(/usr/local/bin/eopenssl11)
25LIBRARIES += openssl11 25LIBRARIES += openssl11
26.endif 26.endif
27.if exists(/usr/local/bin/eopenssl30)
28LIBRARIES += openssl30
29.endif
27 30
28CLEANFILES = *.tmp *.ciphers ciphers.mk 31CLEANFILES = *.tmp *.ciphers ciphers.mk
29 32
@@ -52,8 +55,9 @@ client-${clib}-server-${slib}.ciphers: \
52 uniq -d <$@.tmp >$@ 55 uniq -d <$@.tmp >$@
53 # we are only interested in ciphers supported by libressl 56 # we are only interested in ciphers supported by libressl
54 sort $@ client-libressl.ciphers >$@.tmp 57 sort $@ client-libressl.ciphers >$@.tmp
55. if "${clib}" == "openssl11" || "${slib}" == "openssl11" 58. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
56 # OpenSSL 1.1's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers 59 "${clib}" == "openssl30" || "${slib}" == "openssl30"
60 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
57 sed -i '/^TLS_/d' $@.tmp 61 sed -i '/^TLS_/d' $@.tmp
58. endif 62. endif
59 uniq -d <$@.tmp >$@ 63 uniq -d <$@.tmp >$@
@@ -82,6 +86,7 @@ regress: ciphers.mk
82LEVEL_libressl = 86LEVEL_libressl =
83LEVEL_openssl = 87LEVEL_openssl =
84LEVEL_openssl11 = ,@SECLEVEL=0 88LEVEL_openssl11 = ,@SECLEVEL=0
89LEVEL_openssl30 = ,@SECLEVEL=0
85 90
86.for clib in ${LIBRARIES} 91.for clib in ${LIBRARIES}
87.for slib in ${LIBRARIES} 92.for slib in ${LIBRARIES}
@@ -148,7 +153,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
148. endif 153. endif
149. if "${clib}" == "libressl" 154. if "${clib}" == "libressl"
150 # libressl client may prefer chacha-poly if aes-ni is not supported 155 # libressl client may prefer chacha-poly if aes-ni is not supported
151. if "${slib}" == "openssl11" 156. if "${slib}" == "openssl11" || "${slib}" == "openssl30"
152 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 157 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
153. else 158. else
154 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out 159 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/openssl30/Makefile b/src/regress/lib/libssl/interop/openssl30/Makefile
new file mode 100644
index 0000000000..d667d1b17e
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl30/Makefile
@@ -0,0 +1,43 @@
1# $OpenBSD: Makefile,v 1.1 2023/01/27 08:28:36 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl30)
4regress:
5 # install openssl-3.0 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.0" to run tests against OpenSSL 3.0'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CPPFLAGS = -I /usr/local/include/eopenssl30
12LDFLAGS = -L /usr/local/lib/eopenssl30
13LDADD = -lssl -lcrypto
14DPADD = /usr/local/lib/eopenssl30/libssl.a \
15 /usr/local/lib/eopenssl30/libcrypto.a
16LD_LIBRARY_PATH = /usr/local/lib/eopenssl30
17REGRESS_TARGETS = run-self-client-server
18.for p in ${PROGS}
19REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
20.endfor
21
22.for p in ${PROGS}
23
24run-ldd-$p: ldd-$p.out
25 # check that $p is linked with OpenSSL 3.0
26 grep -q /usr/local/lib/eopenssl30/libcrypto.so ldd-$p.out
27 grep -q /usr/local/lib/eopenssl30/libssl.so ldd-$p.out
28 # check that $p is not linked with LibreSSL
29 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
30
31run-version-$p: $p-self.out
32 # check that runtime version is OpenSSL 3.0
33 grep 'SSLEAY_VERSION: OpenSSL 3.0' $p-self.out
34
35run-protocol-$p: $p-self.out
36 # check that OpenSSL 3.0 protocol version is TLS 1.3
37 grep 'Protocol *: TLSv1.3' $p-self.out
38
39.endfor
40
41.endif # exists(/usr/local/bin/eopenssl30)
42
43.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 7ac86ccbeb..7b1be9a3ed 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.3 2020/12/17 00:51:12 bluhm Exp $ 1# $OpenBSD: Makefile,v 1.4 2023/01/27 08:28:36 tb Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS 4# openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS
@@ -13,6 +13,9 @@ LIBRARIES += openssl
13.if exists(/usr/local/bin/eopenssl11) 13.if exists(/usr/local/bin/eopenssl11)
14LIBRARIES += openssl11 14LIBRARIES += openssl11
15.endif 15.endif
16.if exists(/usr/local/bin/eopenssl30)
17LIBRARIES += openssl30
18.endif
16 19
17VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3 20VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3
18 21
@@ -28,8 +31,12 @@ FAIL_${cver}_${sver} = !
28.for clib in ${LIBRARIES} 31.for clib in ${LIBRARIES}
29.for slib in ${LIBRARIES} 32.for slib in ${LIBRARIES}
30 33
31.if ("${clib}" != openssl && "${slib}" != openssl) || \ 34.if (("${clib}" != openssl && "${slib}" != openssl) || \
32 ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) 35 ("${cver}" != TLS1_3 && "${sver}" != TLS1_3)) && \
36 (("${clib}" != openssl30 && "${slib}" != openssl30) || \
37 (("${cver}" != any && "${sver}" != any) && \
38 ("${cver}" != TLS1 && "${sver}" != TLS1) && \
39 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
33 40
34.if ("${clib}" == "libressl" || "${slib}" == "libressl") 41.if ("${clib}" == "libressl" || "${slib}" == "libressl")
35REGRESS_TARGETS += run-version-client-${clib}-${cver}-server-${slib}-${sver} 42REGRESS_TARGETS += run-version-client-${clib}-${cver}-server-${slib}-${sver}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-23 17:22:42 +0000