sync code with last improvements from OpenBSD
This commit is contained in:
parent
5903cbe575
commit
62d64fa864
GPG key ID:
F42C07F07E2E35B7
841 changed files with 83929 additions and 40755 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# $OpenBSD: Makefile,v 1.17 2023/02/01 14:39:09 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.18 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
SUBDIR = libressl openssl11 openssl30
|
||||
SUBDIR = libressl openssl11 openssl30 openssl31
|
||||
|
||||
# the above binaries must have been built before we can continue
|
||||
SUBDIR += netcat
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile.inc,v 1.8 2020/12/17 00:51:11 bluhm Exp $
|
||||
# $OpenBSD: Makefile.inc,v 1.9 2023/10/18 19:14:32 anton Exp $
|
||||
|
||||
.PATH: ${.CURDIR}/..
|
||||
|
||||
|
|
@ -23,6 +23,8 @@ run-self-client-server: client server 127.0.0.1.crt
|
|||
LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
|
||||
./client >client-self.out \
|
||||
`sed -n 's/listen sock: //p' server-self.out`
|
||||
# wait for server to terminate
|
||||
-sed -n 's/listen sock: //p' server-self.out | xargs nc 2>/dev/null
|
||||
# check that the client run successfully to the end
|
||||
grep -q '^success$$' client-self.out
|
||||
# client must have read server greeting
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.6 2023/02/01 15:58:20 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
.include <bsd.own.mk>
|
||||
|
||||
|
|
@ -26,6 +26,9 @@ LIBRARIES += openssl11
|
|||
.if exists(/usr/local/bin/eopenssl30)
|
||||
LIBRARIES += openssl30
|
||||
.endif
|
||||
.if exists(/usr/local/bin/eopenssl31)
|
||||
LIBRARIES += openssl31
|
||||
.endif
|
||||
|
||||
PROGS = client
|
||||
SRCS_client = client.cpp
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.10 2023/04/19 15:34:23 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.11 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
# Connect a client to a server. Both can be current libressl, or
|
||||
# openssl 1.1 or 3.0. Create client and server certificates
|
||||
|
|
@ -13,6 +13,9 @@ LIBRARIES += openssl11
|
|||
.if exists(/usr/local/bin/eopenssl30)
|
||||
LIBRARIES += openssl30
|
||||
.endif
|
||||
.if exists(/usr/local/bin/eopenssl31)
|
||||
LIBRARIES += openssl31
|
||||
.endif
|
||||
|
||||
.for cca in noca ca fakeca
|
||||
.for sca in noca ca fakeca
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
# Connect a client to a server. Both can be current libressl, or
|
||||
# openssl 1.1 or 3.0. Create lists of supported ciphers
|
||||
|
|
@ -24,6 +24,9 @@ LIBRARIES += openssl11
|
|||
.if exists(/usr/local/bin/eopenssl30)
|
||||
LIBRARIES += openssl30
|
||||
.endif
|
||||
.if exists(/usr/local/bin/eopenssl31)
|
||||
LIBRARIES += openssl31
|
||||
.endif
|
||||
|
||||
CLEANFILES = *.tmp *.ciphers ciphers.mk
|
||||
|
||||
|
|
@ -53,7 +56,8 @@ client-${clib}-server-${slib}.ciphers: \
|
|||
# we are only interested in ciphers supported by libressl
|
||||
sort $@ client-libressl.ciphers >$@.tmp
|
||||
. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
|
||||
"${clib}" == "openssl30" || "${slib}" == "openssl30"
|
||||
"${clib}" == "openssl30" || "${slib}" == "openssl30" || \
|
||||
"${clib}" == "openssl31" || "${slib}" == "openssl31"
|
||||
# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
|
||||
sed -i '/^TLS_/d' $@.tmp
|
||||
. endif
|
||||
|
|
@ -145,7 +149,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
|
|||
. endif
|
||||
. if "${clib}" == "libressl"
|
||||
# libressl client may prefer chacha-poly if aes-ni is not supported
|
||||
. if "${slib}" == "openssl11" || "${slib}" == "openssl30"
|
||||
. if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31"
|
||||
egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
|
||||
. else
|
||||
egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.6 2023/02/01 15:38:57 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.7 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
LIBRARIES = libressl
|
||||
.if exists(/usr/local/bin/eopenssl11)
|
||||
|
|
@ -7,6 +7,9 @@ LIBRARIES += openssl11
|
|||
.if exists(/usr/local/bin/eopenssl30)
|
||||
LIBRARIES += openssl30
|
||||
.endif
|
||||
.if exists(/usr/local/bin/eopenssl31)
|
||||
LIBRARIES += openssl31
|
||||
.endif
|
||||
|
||||
# run netcat server and connect with test client
|
||||
|
||||
|
|
|
|||
43
regress/lib/libssl/interop/openssl31/Makefile
Normal file
43
regress/lib/libssl/interop/openssl31/Makefile
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
# $OpenBSD: Makefile,v 1.1 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
.if !exists(/usr/local/bin/eopenssl31)
|
||||
regress:
|
||||
# install openssl-3.1 from ports for interop tests
|
||||
@echo 'Run "pkg_add openssl--%3.1" to run tests against OpenSSL 3.1'
|
||||
@echo SKIPPED
|
||||
.else
|
||||
|
||||
PROGS = client server
|
||||
CPPFLAGS = -I /usr/local/include/eopenssl31
|
||||
LDFLAGS = -L /usr/local/lib/eopenssl31
|
||||
LDADD = -lssl -lcrypto
|
||||
DPADD = /usr/local/lib/eopenssl31/libssl.a \
|
||||
/usr/local/lib/eopenssl31/libcrypto.a
|
||||
LD_LIBRARY_PATH = /usr/local/lib/eopenssl31
|
||||
REGRESS_TARGETS = run-self-client-server
|
||||
.for p in ${PROGS}
|
||||
REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
|
||||
.endfor
|
||||
|
||||
.for p in ${PROGS}
|
||||
|
||||
run-ldd-$p: ldd-$p.out
|
||||
# check that $p is linked with OpenSSL 3.1
|
||||
grep -q /usr/local/lib/eopenssl31/libcrypto.so ldd-$p.out
|
||||
grep -q /usr/local/lib/eopenssl31/libssl.so ldd-$p.out
|
||||
# check that $p is not linked with LibreSSL
|
||||
! grep -v libc.so ldd-$p.out | grep /usr/lib/
|
||||
|
||||
run-version-$p: $p-self.out
|
||||
# check that runtime version is OpenSSL 3.1
|
||||
grep 'SSLEAY_VERSION: OpenSSL 3.1' $p-self.out
|
||||
|
||||
run-protocol-$p: $p-self.out
|
||||
# check that OpenSSL 3.1 protocol version is TLS 1.3
|
||||
grep 'Protocol *: TLSv1.3' $p-self.out
|
||||
|
||||
.endfor
|
||||
|
||||
.endif # exists(/usr/local/bin/eopenssl31)
|
||||
|
||||
.include <bsd.regress.mk>
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.8 2023/02/01 16:03:47 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.9 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
LIBRARIES = libressl
|
||||
.if exists(/usr/local/bin/eopenssl11)
|
||||
|
|
@ -7,6 +7,9 @@ LIBRARIES += openssl11
|
|||
.if exists(/usr/local/bin/eopenssl30)
|
||||
#LIBRARIES += openssl30
|
||||
.endif
|
||||
.if exists(/usr/local/bin/eopenssl31)
|
||||
#LIBRARIES += openssl31
|
||||
.endif
|
||||
|
||||
run-session-client-libressl-server-libressl \
|
||||
run-session-client-libressl-server-openssl11 \
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
|
||||
# $OpenBSD: Makefile,v 1.8 2023/10/30 17:15:21 tb Exp $
|
||||
|
||||
# Connect a client to a server. Both can be current libressl, or
|
||||
# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
|
||||
|
|
@ -13,6 +13,9 @@ LIBRARIES += openssl11
|
|||
.if exists(/usr/local/bin/eopenssl30)
|
||||
LIBRARIES += openssl30
|
||||
.endif
|
||||
.if exists(/usr/local/bin/eopenssl31)
|
||||
LIBRARIES += openssl31
|
||||
.endif
|
||||
|
||||
VERSIONS = any TLS1_2 TLS1_3
|
||||
|
||||
|
|
@ -29,7 +32,8 @@ FAIL_${cver}_${sver} = !
|
|||
.for slib in ${LIBRARIES}
|
||||
|
||||
.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
|
||||
(("${clib}" != openssl30 && "${slib}" != openssl30) || \
|
||||
((("${clib}" != openssl30 && "${slib}" != openssl30) && \
|
||||
("${clib}" != openssl31 && "${slib}" != openssl31)) || \
|
||||
(("${cver}" != any && "${sver}" != any) && \
|
||||
("${cver}" != TLS1 && "${sver}" != TLS1) && \
|
||||
("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue