1# $OpenBSD: Makefile,v 1.144 2026/03/30 07:19:02 djm Exp $ 2 3tests: prep file-tests t-exec unit 4 5REGRESS_TARGETS= t1 t2 t3 t4 t5 t7 t9 t10 t11 t12 6 7# File based tests 8file-tests: $(REGRESS_TARGETS) 9 10# Interop tests are not run by default 11interop interop-tests: t-exec-interop 12 13extra extra-tests: t-extra 14 15prep: 16 test "x${USE_VALGRIND}" = "x" || mkdir -p $(OBJ)/valgrind-out 17 18clean: 19 for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done 20 rm -rf $(OBJ).putty 21 rm -rf $(OBJ).dropbear 22 rm -rf $(OBJ).fakehome 23 24distclean: clean 25 26LTESTS= connect \ 27 proxy-connect \ 28 sshfp-connect \ 29 connect-privsep \ 30 connect-uri \ 31 proto-version \ 32 proto-mismatch \ 33 exit-status \ 34 exit-status-signal \ 35 envpass \ 36 transfer \ 37 banner \ 38 rekey \ 39 dhgex \ 40 stderr-data \ 41 stderr-after-eof \ 42 broken-pipe \ 43 try-ciphers \ 44 yes-head \ 45 login-timeout \ 46 agent \ 47 agent-getpeereid \ 48 agent-timeout \ 49 agent-ptrace \ 50 agent-subprocess \ 51 keyscan \ 52 keygen-change \ 53 keygen-comment \ 54 keygen-convert \ 55 keygen-knownhosts \ 56 keygen-moduli \ 57 keygen-sshfp \ 58 key-options \ 59 scp \ 60 scp3 \ 61 scp-uri \ 62 sftp \ 63 sftp-chroot \ 64 sftp-cmds \ 65 sftp-badcmds \ 66 sftp-batch \ 67 sftp-glob \ 68 sftp-perm \ 69 sftp-resume \ 70 sftp-uri \ 71 reconfigure \ 72 dynamic-forward \ 73 forwarding \ 74 multiplex \ 75 reexec \ 76 brokenkeys \ 77 sshcfgparse \ 78 cfgparse \ 79 cfgmatch \ 80 cfgmatchlisten \ 81 percent \ 82 addrmatch \ 83 localcommand \ 84 forcecommand \ 85 portnum \ 86 keytype \ 87 kextype \ 88 cert-hostkey \ 89 cert-userkey \ 90 host-expand \ 91 keys-command \ 92 forward-control \ 93 integrity \ 94 krl \ 95 multipubkey \ 96 limit-keytype \ 97 hostkey-agent \ 98 hostkey-rotate \ 99 principals-command \ 100 cert-file \ 101 cfginclude \ 102 servcfginclude \ 103 allow-deny-users \ 104 authinfo \ 105 sshsig \ 106 knownhosts \ 107 knownhosts-command \ 108 agent-restrict \ 109 hostbased \ 110 password \ 111 kbdint \ 112 channel-timeout \ 113 connection-timeout \ 114 match-subsystem \ 115 agent-pkcs11-restrict \ 116 agent-pkcs11-cert \ 117 penalty \ 118 penalty-expire \ 119 connect-bigconf \ 120 ssh-pkcs11 \ 121 ssh-tty \ 122 proxyjump 123 124INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers 125INTEROP_TESTS+= dropbear-ciphers dropbear-kex dropbear-server 126#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp 127 128EXTRA_TESTS= agent-pkcs11 129#EXTRA_TESTS+= cipher-speed 130 131USERNAME= ${LOGNAME} 132CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ 133 authorized_keys_${USERNAME}.* \ 134 authorized_principals_${USERNAME} \ 135 banner.in banner.out cert_host_key* cert_user_key* \ 136 copy.1 copy.2 data ed25519-agent ed25519-agent* \ 137 ed25519-agent.pub ed25519 ed25519.pub empty.in \ 138 expect failed-regress.log failed-ssh.log failed-sshd.log \ 139 hkr.* host.ecdsa-sha2-nistp256 host.ecdsa-sha2-nistp384 \ 140 host.ecdsa-sha2-nistp521 host.ssh-ed25519 \ 141 host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \ 142 key.ecdsa-* key.ed25519-512 \ 143 key.ed25519-512.pub key.rsa-* keys-command-args kh.* askpass \ 144 known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \ 145 modpipe netcat no_identity_config \ 146 pidfile putty.rsa2 ready regress.log remote_pid \ 147 revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa_ssh2_cr.prv \ 148 rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ 149 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ 150 sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ 151 ssh-agent.log ssh-add.log slow-sftp-server.sh \ 152 ssh-rsa_oldfmt knownhosts_command \ 153 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ 154 ssh_proxy_* sshd.log sshd_config sshd_config.* \ 155 sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \ 156 sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \ 157 t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \ 158 t8.out t8.out.pub t9.out t9.out.pub \ 159 timestamp testdata user_*key* user_ca* user_key* \ 160 pin.sh nopin.sh wrongpin.sh key.pub test.sh ctl-sock 161 162# Enable all malloc(3) randomisations and checks 163TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX" 164 165TEST_SSH_SSHKEYGEN?=ssh-keygen 166 167CPPFLAGS=-I.. 168 169t1: 170 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 171 ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ 172 tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv ; \ 173 ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ 174 awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv ; \ 175 ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ 176 fi 177 178t2: 179 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 180 cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out ; \ 181 chmod 600 $(OBJ)/t2.out ; \ 182 ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ 183 fi 184 185t3: 186 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 187 ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out ; \ 188 ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ 189 fi 190 191t4: 192 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 193 ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ 194 awk '{print $$2}' | diff - ${.CURDIR}/t4.ok ; \ 195 fi 196 197t5: 198 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 199 ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ 200 awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \ 201 fi 202 203$(OBJ)/t7.out: 204 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 205 ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \ 206 fi 207 208t7: $(OBJ)/t7.out 209 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 210 ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \ 211 ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \ 212 fi 213 214$(OBJ)/t9.out: 215 ! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \ 216 ${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@ 217 218t9: $(OBJ)/t9.out 219 ! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \ 220 ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t9.out > /dev/null 221 ! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \ 222 ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null 223 224 225$(OBJ)/t10.out: 226 ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -f $@ 227 228t10: $(OBJ)/t10.out 229 ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t10.out > /dev/null 230 ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null 231 232t11: 233 set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ 234 ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ 235 awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \ 236 fi 237 238$(OBJ)/t12.out: 239 ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@ 240 241t12: $(OBJ)/t12.out 242 ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t12.out.pub | grep test-comment-1234 >/dev/null 243 244t-exec: ${LTESTS:=.sh} 245 @if [ "x$?" = "x" ]; then exit 0; fi; \ 246 _started=""; test -z "${LTESTS_FROM}" && _started=1 ;\ 247 for TEST in ""$?; do \ 248 if [ -z "$$_started" ] ; then \ 249 if [ "x$$TEST" = "x${LTESTS_FROM}.sh" ]; then \ 250 _started=1; \ 251 else \ 252 continue; \ 253 fi ; \ 254 fi ; \ 255 skip=no; \ 256 for t in ""$${SKIP_LTESTS}; do \ 257 if [ "x$${t}.sh" = "x$${TEST}" ]; then skip=yes; fi; \ 258 done; \ 259 if [ "x$${skip}" = "xno" ]; then \ 260 echo "run test $${TEST}" ... 1>&2; \ 261 (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ 262 else \ 263 echo skip test $${TEST} 1>&2; \ 264 fi; \ 265 done 266 267t-exec-interop: ${INTEROP_TESTS:=.sh} 268 @if [ "x$?" = "x" ]; then exit 0; fi; \ 269 for TEST in ""$?; do \ 270 echo "run test $${TEST}" ... 1>&2; \ 271 (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ 272 done 273 274t-extra: ${EXTRA_TESTS:=.sh} 275 @if [ "x$?" = "x" ]; then exit 0; fi; \ 276 for TEST in ""$?; do \ 277 echo "run test $${TEST}" ... 1>&2; \ 278 (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ 279 done 280 281# Not run by default 282interop: ${INTEROP_TARGETS} 283 284# Unit tests, built by top-level Makefile 285unit unit-bench: 286 set -e ; if test -z "${SKIP_UNIT}" ; then \ 287 V="" ; \ 288 test "x${USE_VALGRIND}" = "x" || \ 289 V=${.CURDIR}/valgrind-unit.sh ; \ 290 ARGS=""; \ 291 test "x$@" = "xunit-bench" && ARGS="-b"; \ 292 test "x${UNITTEST_FAST}" = "x" || ARGS="$$ARGS -f"; \ 293 test "x${UNITTEST_SLOW}" = "x" || ARGS="$$ARGS -F"; \ 294 test "x${UNITTEST_VERBOSE}" = "x" || ARGS="$$ARGS -v"; \ 295 test "x${UNITTEST_BENCH_DETAIL}" = "x" || ARGS="$$ARGS -B"; \ 296 test "x${UNITTEST_BENCH_ONLY}" = "x" || ARGS="$$ARGS -O ${UNITTEST_BENCH_ONLY}"; \ 297 $$V ${.OBJDIR}/unittests/sshbuf/test_sshbuf $${ARGS}; \ 298 $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \ 299 -d ${.CURDIR}/unittests/sshkey/testdata $${ARGS}; \ 300 $$V ${.OBJDIR}/unittests/sshsig/test_sshsig \ 301 -d ${.CURDIR}/unittests/sshsig/testdata $${ARGS}; \ 302 $$V ${.OBJDIR}/unittests/authopt/test_authopt \ 303 -d ${.CURDIR}/unittests/authopt/testdata $${ARGS}; \ 304 $$V ${.OBJDIR}/unittests/bitmap/test_bitmap $${ARGS}; \ 305 $$V ${.OBJDIR}/unittests/conversion/test_conversion $${ARGS}; \ 306 $$V ${.OBJDIR}/unittests/kex/test_kex $${ARGS}; \ 307 $$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \ 308 -d ${.CURDIR}/unittests/hostkeys/testdata $${ARGS}; \ 309 $$V ${.OBJDIR}/unittests/match/test_match $${ARGS}; \ 310 $$V ${.OBJDIR}/unittests/misc/test_misc $${ARGS}; \ 311 if test "x${TEST_SSH_UTF8}" = "xyes" ; then \ 312 $$V ${.OBJDIR}/unittests/utf8/test_utf8 $${ARGS}; \ 313 fi \ 314 fi 315