This commit was manufactured by cvs2git to create tag 'tb_20221020'.tb_20221020

author: cvs2svn <admin@example.com> 2022-10-20 07:33:15 +0000
committer: cvs2svn <admin@example.com> 2022-10-20 07:33:15 +0000
commit: 963a7b06e7d578322df5c53439ac3f52eae54095 (patch)
tree: 47b3068b3442e2e9768ae23e8bcf303231adf015 /src/regress/lib/libssl/interop/cipher/Makefile
parent: 6ef02c2707dc554983552781e5b767ae8103de15 (diff)
download: openbsd-tb_20221020.tar.gz
openbsd-tb_20221020.tar.bz2
openbsd-tb_20221020.zip
1 files changed, 0 insertions, 169 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index bfe8cfea7a..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,169 +0,0 @@
-# $OpenBSD: Makefile,v 1.9 2022/02/05 18:34:06 tb Exp $
-# Connect a client to a server.  Both can be current libressl, or
-# openssl 1.0.2, or openssl 1.1.  Create lists of supported ciphers
-# and pin client and server to one of the ciphers.  Use server
-# certificate with compatible type.  Check that client and server
-# have used correct cipher by grepping in their session print out.
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-        # gost does not work with libressl TLS 1.3 right now
-        @echo DISABLED
-LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl)
-LIBRARIES +=            openssl
-.endif
-.if exists(/usr/local/bin/eopenssl11)
-LIBRARIES +=            openssl11
-.endif
-CLEANFILES =    *.tmp *.ciphers ciphers.mk
-.for clib in ${LIBRARIES}
-client-${clib}.ciphers:
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for slib in ${LIBRARIES}
-server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-ciphers.mk: client-${clib}-server-${slib}.ciphers
-client-${clib}-server-${slib}.ciphers: \
-    client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
-        # get ciphers shared between client and server
-        sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
-        uniq -d <$@.tmp >$@
-        # we are only interested in ciphers supported by libressl
-        sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl11" || "${slib}" == "openssl11"
-        # OpenSSL 1.1's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
-        sed -i '/^TLS_/d' $@.tmp
-. endif
-        uniq -d <$@.tmp >$@
-        rm $@.tmp
-.endfor
-.endfor
-ciphers.mk:
-        rm -f $@ $@.tmp
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-        echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
-            `cat client-${clib}-server-${slib}.ciphers`
-.endfor
-.endfor
-        mv $@.tmp $@
-# hack to convert generated lists into usable make variables
-.if exists(ciphers.mk)
-.include "ciphers.mk"
-.else
-regress: ciphers.mk
-        ${MAKE} -C ${.CURDIR} regress
-.endif
-LEVEL_libressl =
-LEVEL_openssl =
-LEVEL_openssl11 = ,@SECLEVEL=0
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-.for cipher in ${CIPHERS_${clib}_${slib}}
-.if "${cipher:M*-DSS-*}" != ""
-TYPE_${cipher} =        dsa
-.elif "${cipher:M*-ECDSA-*}" != ""
-TYPE_${cipher} =        ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =        gost
-.elif "${cipher:M*-RSA-*}" != ""
-TYPE_${cipher} =        rsa
-.else
-TYPE_${cipher} =        127.0.0.1
-.endif
-.if "${slib}" == "openssl" && \
-    "${cipher:MADH-*}${cipher:MEDH-*}${cipher:MDHE-*}" != ""
-DHPARAM_${cipher}_${slib} =     -p dh.param
-.else
-DHPARAM_${cipher}_${slib} =
-.endif
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      run-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-REGRESS_SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-run-cipher-${cipher}-client-${clib}-server-${slib} \
-client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
-    127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server >${@:S/^run/server/}.out \
-            -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
-            -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
-            127.0.0.1 0
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client >${@:S/^run/client/}.out \
-            -l ${cipher}${LEVEL_${clib}} \
-            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
-        grep -q '^success$$' ${@:S/^run/server/}.out || \
-            { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
-        grep -q '^success$$' ${@:S/^run/client/}.out
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      check-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-REGRESS_SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-check-cipher-${cipher}-client-${clib}-server-${slib}: \
-    client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-    server-cipher-${cipher}-client-${clib}-server-${slib}.out
-.if "${clib}" != "openssl" && "${slib}" != "openssl" && \
-    "${cipher:C/TLS_(AES.*_GCM|CHACHA.*_POLY.*)_SHA.*/TLS1_3/}" != TLS1_3
-        # client and server 1.3 capable, not TLS 1.3 cipher
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
-. else
-        # openssl 1.1 generic client cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
-. endif
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl11"
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  else
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  endif
-. else
-        # generic server cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
-. endif
-.else
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
-.endif
-.endfor
-.endfor
-.endfor
-.include <bsd.regress.mk>
author	cvs2svn <admin@example.com>	2022-10-20 07:33:15 +0000
committer	cvs2svn <admin@example.com>	2022-10-20 07:33:15 +0000
commit	963a7b06e7d578322df5c53439ac3f52eae54095 (patch)
tree	47b3068b3442e2e9768ae23e8bcf303231adf015 /src/regress/lib/libssl/interop/cipher/Makefile
parent	6ef02c2707dc554983552781e5b767ae8103de15 (diff)
download	openbsd-tb_20221020.tar.gz openbsd-tb_20221020.tar.bz2 openbsd-tb_20221020.zip

diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile deleted file mode 100644 index bfe8cfea7a..0000000000 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ /dev/null
@@ -1,169 +0,0 @@
1	# $OpenBSD: Makefile,v 1.9 2022/02/05 18:34:06 tb Exp $
2
3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers
5	# and pin client and server to one of the ciphers. Use server
6	# certificate with compatible type. Check that client and server
7	# have used correct cipher by grepping in their session print out.
8
9	run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
10	run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
11	client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
12	client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
13	server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
14	server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
15	check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
16	check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
17	# gost does not work with libressl TLS 1.3 right now
18	@echo DISABLED
19
20	LIBRARIES = libressl
21	.if exists(/usr/local/bin/eopenssl)
22	LIBRARIES += openssl
23	.endif
24	.if exists(/usr/local/bin/eopenssl11)
25	LIBRARIES += openssl11
26	.endif
27
28	CLEANFILES = .tmp .ciphers ciphers.mk
29
30	.for clib in ${LIBRARIES}
31	client-${clib}.ciphers:
32	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
33	../${clib}/client -l ALL -L >$@.tmp
34	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
35	rm $@.tmp
36	.endfor
37	.for slib in ${LIBRARIES}
38	server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
39	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
40	../${slib}/server -l ALL -L >$@.tmp
41	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
42	rm $@.tmp
43	.endfor
44
45	.for clib in ${LIBRARIES}
46	.for slib in ${LIBRARIES}
47	ciphers.mk: client-${clib}-server-${slib}.ciphers
48	client-${clib}-server-${slib}.ciphers: \
49	client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
50	# get ciphers shared between client and server
51	sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
52	uniq -d <$@.tmp >$@
53	# we are only interested in ciphers supported by libressl
54	sort $@ client-libressl.ciphers >$@.tmp
55	. if "${clib}" == "openssl11" \|\| "${slib}" == "openssl11"
56	# OpenSSL 1.1's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
57	sed -i '/^TLS_/d' $@.tmp
58	. endif
59	uniq -d <$@.tmp >$@
60	rm $@.tmp
61	.endfor
62	.endfor
63
64	ciphers.mk:
65	rm -f $@ $@.tmp
66	.for clib in ${LIBRARIES}
67	.for slib in ${LIBRARIES}
68	echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
69	`cat client-${clib}-server-${slib}.ciphers`
70	.endfor
71	.endfor
72	mv $@.tmp $@
73
74	# hack to convert generated lists into usable make variables
75	.if exists(ciphers.mk)
76	.include "ciphers.mk"
77	.else
78	regress: ciphers.mk
79	${MAKE} -C ${.CURDIR} regress
80	.endif
81
82	LEVEL_libressl =
83	LEVEL_openssl =
84	LEVEL_openssl11 = ,@SECLEVEL=0
85
86	.for clib in ${LIBRARIES}
87	.for slib in ${LIBRARIES}
88	.for cipher in ${CIPHERS_${clib}_${slib}}
89
90	.if "${cipher:M-DSS-}" != ""
91	TYPE_${cipher} = dsa
92	.elif "${cipher:M-ECDSA-}" != ""
93	TYPE_${cipher} = ec
94	.elif "${cipher:M-GOST89-}" != ""
95	TYPE_${cipher} = gost
96	.elif "${cipher:M-RSA-}" != ""
97	TYPE_${cipher} = rsa
98	.else
99	TYPE_${cipher} = 127.0.0.1
100	.endif
101
102	.if "${slib}" == "openssl" && \
103	"${cipher:MADH-}${cipher:MEDH-}${cipher:MDHE-*}" != ""
104	DHPARAM_${cipher}_${slib} = -p dh.param
105	.else
106	DHPARAM_${cipher}_${slib} =
107	.endif
108
109	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
110	REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
111	.else
112	REGRESS_SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
113	.endif
114	run-cipher-${cipher}-client-${clib}-server-${slib} \
115	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
116	server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
117	127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
118	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
119	../${slib}/server >${@:S/^run/server/}.out \
120	-c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
121	-l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
122	127.0.0.1 0
123	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
124	../${clib}/client >${@:S/^run/client/}.out \
125	-l ${cipher}${LEVEL_${clib}} \
126	`sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
127	grep -q '^success$$' ${@:S/^run/server/}.out \|\| \
128	{ sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
129	grep -q '^success$$' ${@:S/^run/client/}.out
130
131	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
132	REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
133	.else
134	REGRESS_SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
135	.endif
136	check-cipher-${cipher}-client-${clib}-server-${slib}: \
137	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
138	server-cipher-${cipher}-client-${clib}-server-${slib}.out
139	.if "${clib}" != "openssl" && "${slib}" != "openssl" && \
140	"${cipher:C/TLS_(AES._GCM\|CHACHA._POLY.)_SHA./TLS1_3/}" != TLS1_3
141	# client and server 1.3 capable, not TLS 1.3 cipher
142	. if "${clib}" == "libressl"
143	# libressl client may prefer chacha-poly if aes-ni is not supported
144	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
145	. else
146	# openssl 1.1 generic client cipher
147	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
148	. endif
149	. if "${clib}" == "libressl"
150	# libressl client may prefer chacha-poly if aes-ni is not supported
151	. if "${slib}" == "openssl11"
152	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
153	. else
154	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
155	. endif
156	. else
157	# generic server cipher
158	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
159	. endif
160	.else
161	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
162	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
163	.endif
164
165	.endfor
166	.endfor
167	.endfor
168
169	.include <bsd.regress.mk>