A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.8.2 2023-04-19T15:34:23+00:00 2023-04-19T15:34:23+00:00 tb 2023-04-19T15:34:23+00:00 urn:sha1:73798ebfda5eeaa9a9f42af994c4ac301b83b075 A few years back beck introduced REGRESS_SKIP_SLOW dances with the idea that this should speed up the interop tests for us devs because this also checked interop between opensslX and opensslY, which we don't particularly care about. This never really worked. On a mac m1 mini the result is this: REGRESS_SKIP_SLOW unset 9m56.69s real 3m42.24s user 3m00.70s system REGRESS_SKIP_SLOW=yes 11m04.61s real 7m29.61s user 1m40.29s system The problem is that REGRESS_SKIP_SLOW simply wasn't designed to handle the huge number of tests we have here. There are many nested .for loops resulting in several thousand tests. Each test has a name of length ~80. REGRESS_SKIP_SLOW concatenates them into a several hundred kilobytes long string in REGRESS_SKIP_TARGETS, iterates over all regress targets and tests with ".if ${REGRESS_SKIP_TARGETS:M${RT}}" if it should skip them. This means that during a regress run, make spends a lot of time linearly scanning a huge string. I ran into this when I added OpenSSL 3.0 tests to the already existing 1.0.2 and 1.1 tests with the result that with REGRESS_SLOW_TARGTS set it took the better part of an hour while without it it took about 15 min. The hack here is simply to avoid using REGRESS_SLOW_TARGTES here and handle the situation differently. patch, REGRESS_SKIP_SLOW=yes 5m42.32s real 2m09.98s user 1m45.21s system The real solution would be to fix this in bsd.regress.mk, which someone who understands make well is very welcome to do. For now, I'm happy with this. Debugged with jsing a few months ago 2023-02-01T14:39:09+00:00 tb 2023-02-01T14:39:09+00:00 urn:sha1:17e85e0d750477ecd6d94c4da3d089193c536e8f Now that the OpenSSL 1.0.2 port is gone, there's no need to keep the interop tests anymore. anton's and bluhm's regress tests will switch to testing interoperability with OpenSSL 3.0. 2023-01-27T08:28:36+00:00 tb 2023-01-27T08:28:36+00:00 urn:sha1:971c759a469620704a18f7c93e7d71fbae75e7c2 The plan is to retire the 1.0.2 interop tests soon so as to be able to drop the dead and dangerous OpenSSL 1.0.2 port. The cert part is extremely slow on arm64: the whole interop test on an m1 is about 10x slower (~45 min!) than on a modern amd64 laptop, so people running regress may want to wait a bit with adding OpenSSL 3 to their test boxes until this is sorted out. 2022-02-05T18:34:06+00:00 tb 2022-02-05T18:34:06+00:00 urn:sha1:5ca2668e5b3228e2b85bc6198b8c7dce04c22d65 SSL_CTX_set_cipher_list() in OpenSSL 1.1 does not accept TLSv1.3 ciphers. This wasn't a problem until now since the AEAD- ciphers were counted as distinct from TLS_ ciphers by the regress test, so they were never used in the {run,check}-cipher-${cipher}-client-${clib}-server-${slib} tests With the renaming, the TLSv1.3 ciphers are now considered as common ciphers, so they're tested. With openssl11 this results in 0:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2573: The design of these tests doesn't allow easily adding a call to SSL_CTX_set_ciphersuites (since they also need to work with openssl 1.0.2) so skip the TLS_* ciphers for the time being. 2022-02-05T18:21:09+00:00 tb 2022-02-05T18:21:09+00:00 urn:sha1:ebd49daf0f01ffb595c4642dd2982bf31d7b9cd3 2020-12-17T00:51:12+00:00 bluhm 2020-12-17T00:51:12+00:00 urn:sha1:c7cbfcf2a0ad5dc204129e5fbf99dd57cc33e72a 2020-09-21T15:13:24+00:00 beck 2020-09-21T15:13:24+00:00 urn:sha1:9d558960cf920187dcf488f05a3decde546bbddc 2) Reorder the interop tests so the really slow "cert" test is at the end 3) Change the cert tests to use REGRESS_SLOW_TARGETS when testing combination of client and server that does not involve libressl. This way we can skip testing openssl to openssl11 when running these manually by setting REGRESS_SKIP_SLOW to "yet" in mk.conf ok jsing@ 2020-09-12T15:48:30+00:00 bluhm 2020-09-12T15:48:30+00:00 urn:sha1:e0ab7f11dbb9b75ca3e654c6a2b285049e1c7afc chacha-poly over aes-gcm. Expect both fallbacks for non 1.3 ciphers. 2020-09-11T22:48:00+00:00 bluhm 2020-09-11T22:48:00+00:00 urn:sha1:66b3b0fa0e26b882333bdd906d8811b1f4094144 been fixed to work with libressl TLS 1.3. Both libressl and openssl11 replace obsolete TLS 1.2 ciphers with AEAD-AES256-GCM-SHA384 or TLS_AES_256_GCM_SHA384 in TLS 1.3 respectively. The test expects that now. Currently GOST does not work with libressl and TLS 1.3 and is disabled. 2019-03-28T22:24:13+00:00 bluhm 2019-03-28T22:24:13+00:00 urn:sha1:c9f5a90a62bcbef702ae80d4c3d2063e5bfab8f7