From 691b8de7d24bd8454bc04998a7304a0cbfa4d3cb Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 18 Aug 2024 09:14:17 +0000 Subject: [PATCH] Add support for openssl32 in interop test --- regress/lib/libssl/interop/Makefile | 4 +- regress/lib/libssl/interop/botan/Makefile | 5 ++- regress/lib/libssl/interop/cert/Makefile | 5 ++- regress/lib/libssl/interop/cipher/Makefile | 12 ++++-- regress/lib/libssl/interop/netcat/Makefile | 5 ++- regress/lib/libssl/interop/openssl32/Makefile | 43 +++++++++++++++++++ regress/lib/libssl/interop/session/Makefile | 5 ++- 7 files changed, 70 insertions(+), 9 deletions(-) create mode 100644 regress/lib/libssl/interop/openssl32/Makefile diff --git a/regress/lib/libssl/interop/Makefile b/regress/lib/libssl/interop/Makefile index 82bef2314d9..0a545aded74 100644 --- a/regress/lib/libssl/interop/Makefile +++ b/regress/lib/libssl/interop/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.18 2023/10/30 17:15:21 tb Exp $ +# $OpenBSD: Makefile,v 1.19 2024/08/18 09:14:17 tb Exp $ -SUBDIR = libressl openssl11 openssl30 openssl31 +SUBDIR = libressl openssl11 openssl30 openssl31 openssl32 # the above binaries must have been built before we can continue SUBDIR += netcat diff --git a/regress/lib/libssl/interop/botan/Makefile b/regress/lib/libssl/interop/botan/Makefile index b9570b815af..acc350a9363 100644 --- a/regress/lib/libssl/interop/botan/Makefile +++ b/regress/lib/libssl/interop/botan/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $ +# $OpenBSD: Makefile,v 1.8 2024/08/18 09:14:17 tb Exp $ .include @@ -29,6 +29,9 @@ LIBRARIES += openssl30 .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif +.if exists(/usr/local/bin/eopenssl32) +LIBRARIES += openssl32 +.endif PROGS = client SRCS_client = client.cpp diff --git a/regress/lib/libssl/interop/cert/Makefile b/regress/lib/libssl/interop/cert/Makefile index ae755be2232..8c37d8a4f86 100644 --- a/regress/lib/libssl/interop/cert/Makefile +++ b/regress/lib/libssl/interop/cert/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.11 2023/10/30 17:15:21 tb Exp $ +# $OpenBSD: Makefile,v 1.12 2024/08/18 09:14:17 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or 3.0. Create client and server certificates @@ -16,6 +16,9 @@ LIBRARIES += openssl30 .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif +.if exists(/usr/local/bin/eopenssl32) +LIBRARIES += openssl32 +.endif .for cca in noca ca fakeca .for sca in noca ca fakeca diff --git a/regress/lib/libssl/interop/cipher/Makefile b/regress/lib/libssl/interop/cipher/Makefile index 3a116d5ed59..70eaeec44cd 100644 --- a/regress/lib/libssl/interop/cipher/Makefile +++ b/regress/lib/libssl/interop/cipher/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.14 2024/02/03 15:58:34 beck Exp $ +# $OpenBSD: Makefile,v 1.15 2024/08/18 09:14:17 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or 3.0. Create lists of supported ciphers @@ -16,6 +16,9 @@ LIBRARIES += openssl30 .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif +.if exists(/usr/local/bin/eopenssl32) +LIBRARIES += openssl32 +.endif CLEANFILES = *.tmp *.ciphers ciphers.mk @@ -46,7 +49,8 @@ client-${clib}-server-${slib}.ciphers: \ sort $@ client-libressl.ciphers >$@.tmp . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ "${clib}" == "openssl30" || "${slib}" == "openssl30" || \ - "${clib}" == "openssl31" || "${slib}" == "openssl31" + "${clib}" == "openssl31" || "${slib}" == "openssl31" || \ + "${clib}" == "openssl32" || "${slib}" == "openssl32" # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers sed -i '/^TLS_/d' $@.tmp . endif @@ -76,6 +80,8 @@ regress: ciphers.mk LEVEL_libressl = LEVEL_openssl11 = ,@SECLEVEL=0 LEVEL_openssl30 = ,@SECLEVEL=0 +LEVEL_openssl31 = ,@SECLEVEL=0 +LEVEL_openssl32 = ,@SECLEVEL=0 .for clib in ${LIBRARIES} .for slib in ${LIBRARIES} @@ -136,7 +142,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ . endif . if "${clib}" == "libressl" # libressl client may prefer chacha-poly if aes-ni is not supported -. if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31" +. if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31" || "${slib}" == "openssl32" egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out . else egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out diff --git a/regress/lib/libssl/interop/netcat/Makefile b/regress/lib/libssl/interop/netcat/Makefile index 568c4d255ae..3e3e4efd1e7 100644 --- a/regress/lib/libssl/interop/netcat/Makefile +++ b/regress/lib/libssl/interop/netcat/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $ +# $OpenBSD: Makefile,v 1.8 2024/08/18 09:14:17 tb Exp $ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) @@ -10,6 +10,9 @@ LIBRARIES += openssl30 .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif +.if exists(/usr/local/bin/eopenssl32) +LIBRARIES += openssl32 +.endif # run netcat server and connect with test client diff --git a/regress/lib/libssl/interop/openssl32/Makefile b/regress/lib/libssl/interop/openssl32/Makefile new file mode 100644 index 00000000000..12536d0c897 --- /dev/null +++ b/regress/lib/libssl/interop/openssl32/Makefile @@ -0,0 +1,43 @@ +# $OpenBSD: Makefile,v 1.1 2024/08/18 09:14:17 tb Exp $ + +.if ! exists(/usr/local/bin/eopenssl32) +regress: + # install openssl-3.2 ports for interop tests + @echo 'Run "pkg_add openssl--%3.2" to run tests against OpenSSL 3.2' + @echo SKIPPED +.else + +PROGS = client server +CPPFLAGS = -I /usr/local/include/eopenssl32 +LDFLAGS = -L /usr/local/lib/eopenssl32 +LDADD = -lssl -lcrypto +DPADD = /usr/local/lib/eopenssl32/libssl.a \ + /usr/local/lib/eopenssl32/libcrypto.a +LD_LIBRARY_PATH = /usr/local/lib/eopenssl32 +REGRESS_TARGETS = run-self-client-server +.for p in ${PROGS} +REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p +.endfor + +.for p in ${PROGS} + +run-ldd-$p: ldd-$p.out + # check that $p is linked with OpenSSL 3.2 + grep -q /usr/local/lib/eopenssl32/libcrypto.so ldd-$p.out + grep -q /usr/local/lib/eopenssl32/libssl.so ldd-$p.out + # check that $p is not linked with LibreSSL + ! grep -v libc.so ldd-$p.out | grep /usr/lib/ + +run-version-$p: $p-self.out + # check that runtime version is OpenSSL 3.2 + grep 'SSLEAY_VERSION: OpenSSL 3.2' $p-self.out + +run-protocol-$p: $p-self.out + # check that OpenSSL 3.2 protocol version is TLS 1.3 + grep 'Protocol *: TLSv1.3' $p-self.out + +.endfor + +.endif # exists(/usr/local/bin/eopenssl32) + +.include diff --git a/regress/lib/libssl/interop/session/Makefile b/regress/lib/libssl/interop/session/Makefile index 99daa4ba4fa..d1644de3f34 100644 --- a/regress/lib/libssl/interop/session/Makefile +++ b/regress/lib/libssl/interop/session/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2023/10/30 17:15:21 tb Exp $ +# $OpenBSD: Makefile,v 1.10 2024/08/18 09:14:17 tb Exp $ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) @@ -10,6 +10,9 @@ LIBRARIES += openssl11 .if exists(/usr/local/bin/eopenssl31) #LIBRARIES += openssl31 .endif +.if exists(/usr/local/bin/eopenssl32) +#LIBRARIES += openssl32 +.endif run-session-client-libressl-server-libressl \ run-session-client-libressl-server-openssl11 \ -- 2.20.1