A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_6 2024-08-18T10:02:10+00:00 2024-08-18T10:02:10+00:00 tb 2024-08-18T10:02:10+00:00 urn:sha1:2a58c3044aacc0248cdd590f557266a1974bec55 The openssl 3.0 port was removed nearly a year ago shortly after the 7.4 release. 2024-08-18T09:14:17+00:00 tb 2024-08-18T09:14:17+00:00 urn:sha1:b3e075767e19536c9eb560beb39f7477834ccb45 2024-02-03T15:58:34+00:00 beck 2024-02-03T15:58:34+00:00 urn:sha1:20afa90e552d2efed2187dbafc92170a3895e921 This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@ 2023-10-30T17:15:21+00:00 tb 2023-10-30T17:15:21+00:00 urn:sha1:ef5d46388987ae46b79c7f8da6d2d73458c3d294 Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run both tests. Installed packages of OpenSSL 3.0 will update automatically to 3.1, so regress runners should not need to do anything. 2023-10-18T19:14:32+00:00 anton 2023-10-18T19:14:32+00:00 urn:sha1:70d2dccbde7b7bc2c4e52bcee7dcbe39b1a958cd server has terminated before examining the outcome. 2023-07-02T17:21:33+00:00 beck 2023-07-02T17:21:33+00:00 urn:sha1:4edd92a57f3a74829fe519f35b5c7c79e03ce0b0 Their time has long since past, and they should not be used. This change restricts ssl to versions 1.2 and 1.3, and changes the regression tests to understand we no longer speak the legacy protocols. For the moment the magical "golden" byte for byte comparison tests of raw handshake values are disabled util jsing fixes them. ok jsing@ tb@ 2023-04-19T15:34:23+00:00 tb 2023-04-19T15:34:23+00:00 urn:sha1:73798ebfda5eeaa9a9f42af994c4ac301b83b075 A few years back beck introduced REGRESS_SKIP_SLOW dances with the idea that this should speed up the interop tests for us devs because this also checked interop between opensslX and opensslY, which we don't particularly care about. This never really worked. On a mac m1 mini the result is this: REGRESS_SKIP_SLOW unset 9m56.69s real 3m42.24s user 3m00.70s system REGRESS_SKIP_SLOW=yes 11m04.61s real 7m29.61s user 1m40.29s system The problem is that REGRESS_SKIP_SLOW simply wasn't designed to handle the huge number of tests we have here. There are many nested .for loops resulting in several thousand tests. Each test has a name of length ~80. REGRESS_SKIP_SLOW concatenates them into a several hundred kilobytes long string in REGRESS_SKIP_TARGETS, iterates over all regress targets and tests with ".if ${REGRESS_SKIP_TARGETS:M${RT}}" if it should skip them. This means that during a regress run, make spends a lot of time linearly scanning a huge string. I ran into this when I added OpenSSL 3.0 tests to the already existing 1.0.2 and 1.1 tests with the result that with REGRESS_SLOW_TARGTS set it took the better part of an hour while without it it took about 15 min. The hack here is simply to avoid using REGRESS_SLOW_TARGTES here and handle the situation differently. patch, REGRESS_SKIP_SLOW=yes 5m42.32s real 2m09.98s user 1m45.21s system The real solution would be to fix this in bsd.regress.mk, which someone who understands make well is very welcome to do. For now, I'm happy with this. Debugged with jsing a few months ago 2023-02-01T16:03:47+00:00 tb 2023-02-01T16:03:47+00:00 urn:sha1:18e41f44e8da16fa34d9627787df9e72e6d1bf09 2023-02-01T15:59:50+00:00 tb 2023-02-01T15:59:50+00:00 urn:sha1:397f620c6d0e0e10db7eca8d1f7cdcf96e4ef3dc 2023-02-01T15:58:20+00:00 tb 2023-02-01T15:58:20+00:00 urn:sha1:544a66582d11ee6b8e488dc93ef69d2187f787c7