1#!/bin/bash 2 3set -e 4 5# Use newly built oqsprovider to test interop with external sites 6 7if [ -z "$OPENSSL_APP" ]; then 8 echo "OPENSSL_APP env var not set. Exiting." 9 exit 1 10fi 11 12if [ -z "$OPENSSL_MODULES" ]; then 13 echo "Warning: OPENSSL_MODULES env var not set." 14fi 15 16# Set OSX DYLD_LIBRARY_PATH if not already externally set 17if [ -z "$DYLD_LIBRARY_PATH" ]; then 18 export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH 19fi 20 21# We assume the value of env var HTTP_PROXY is "http://host.domain:port_num" 22if [ ! -z "${HTTP_PROXY}" ]; then 23 echo "Using Web proxy \"${HTTP_PROXY}\"" 24 export USE_PROXY="-proxy ${HTTP_PROXY#http://} -allow_proxy_certs" 25else 26 export USE_PROXY="" 27fi 28 29# Ascertain algorithms are available: 30 31# skipping these tests for now as per https://mailarchive.ietf.org/arch/msg/tls/hli5ogDbUudAA4tZXskVbOqeor4 32# TBD replace with suitable ML-KEM hybrid tests as and when available XXX 33 34exit 0 35 36echo " Cloudflare:" 37 38if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber768); then 39 echo "Skipping unconfigured x25519_kyber768 interop test" 40else 41 export OQS_CODEPOINT_X25519_KYBER512=65072 42 (echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber768 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber768Draft00 43fi 44 45if ! ($OPENSSL_APP list -kem-algorithms | grep x25519_kyber512); then 46 echo "Skipping unconfigured x25519_kyber512 interop test" 47else 48 (echo -e "GET /cdn-cgi/trace HTTP/1.1\nHost: cloudflare.com\n\n"; sleep 1; echo $'\cc') | "${OPENSSL_APP}" s_client ${USE_PROXY} -connect pq.cloudflareresearch.com:443 -groups x25519_kyber512 -servername cloudflare.com -ign_eof 2>/dev/null | grep kex=X25519Kyber512Draft00 49fi 50