This commit was manufactured by cvs2git to create tag 'tb_20210830'.tb_20210830

author: cvs2svn <admin@example.com> 2021-08-30 17:27:46 +0000
committer: cvs2svn <admin@example.com> 2021-08-30 17:27:46 +0000
commit: 4e4f5b4c833ba5285e001bdb6b832bdf91c43da3 (patch)
tree: ab301f051b9dd067fa28b0fe56806a2893b8161e /src/regress/lib/libssl/interop/cipher
parent: 20a5de624e2e817be526407f2b8de078016ee258 (diff)
download: openbsd-tb_20210830.tar.gz
openbsd-tb_20210830.tar.bz2
openbsd-tb_20210830.zip
1 files changed, 0 insertions, 170 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index c88309962d..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,170 +0,0 @@
-# $OpenBSD: Makefile,v 1.7 2020/12/17 00:51:11 bluhm Exp $
-# Connect a client to a server.  Both can be current libressl, or
-# openssl 1.0.2, or openssl 1.1.  Create lists of supported ciphers
-# and pin client and server to one of the ciphers.  Use server
-# certificate with compatible type.  Check that client and server
-# have used correct cipher by grepping in their session print out.
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-        # gost does not work with libressl TLS 1.3 right now
-        @echo DISABLED
-LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl)
-LIBRARIES +=            openssl
-.endif
-.if exists(/usr/local/bin/eopenssl11)
-LIBRARIES +=            openssl11
-.endif
-CLEANFILES =    *.tmp *.ciphers ciphers.mk
-.for clib in ${LIBRARIES}
-client-${clib}.ciphers:
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for slib in ${LIBRARIES}
-server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-ciphers.mk: client-${clib}-server-${slib}.ciphers
-client-${clib}-server-${slib}.ciphers: \
-    client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
-        # get ciphers shared between client and server
-        sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
-        uniq -d <$@.tmp >$@
-        # we are only interested in ciphers supported by libressl
-        sort $@ client-libressl.ciphers >$@.tmp
-        uniq -d <$@.tmp >$@
-        rm $@.tmp
-.endfor
-.endfor
-ciphers.mk:
-        rm -f $@ $@.tmp
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-        echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
-            `cat client-${clib}-server-${slib}.ciphers`
-.endfor
-.endfor
-        mv $@.tmp $@
-# hack to convert generated lists into usable make variables
-.if exists(ciphers.mk)
-.include "ciphers.mk"
-.else
-regress: ciphers.mk
-        ${MAKE} -C ${.CURDIR} regress
-.endif
-LEVEL_libressl =
-LEVEL_openssl =
-LEVEL_openssl11 = ,@SECLEVEL=0
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-.for cipher in ${CIPHERS_${clib}_${slib}}
-.if "${cipher:M*-DSS-*}" != ""
-TYPE_${cipher} =        dsa
-.elif "${cipher:M*-ECDSA-*}" != ""
-TYPE_${cipher} =        ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =        gost
-.elif "${cipher:M*-RSA-*}" != ""
-TYPE_${cipher} =        rsa
-.else
-TYPE_${cipher} =        127.0.0.1
-.endif
-.if "${slib}" == "openssl" && \
-    "${cipher:MADH-*}${cipher:MEDH-*}${cipher:MDHE-*}" != ""
-DHPARAM_${cipher}_${slib} =     -p dh.param
-.else
-DHPARAM_${cipher}_${slib} =
-.endif
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      run-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-REGRESS_SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-run-cipher-${cipher}-client-${clib}-server-${slib} \
-client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
-    127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server >${@:S/^run/server/}.out \
-            -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
-            -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
-            127.0.0.1 0
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client >${@:S/^run/client/}.out \
-            -l ${cipher}${LEVEL_${clib}} \
-            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
-        grep -q '^success$$' ${@:S/^run/server/}.out || \
-            { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
-        grep -q '^success$$' ${@:S/^run/client/}.out
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      check-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-REGRESS_SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-check-cipher-${cipher}-client-${clib}-server-${slib}: \
-    client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-    server-cipher-${cipher}-client-${clib}-server-${slib}.out
-.if "${clib}" != "openssl" && "${slib}" != "openssl" && \
-    "${cipher:C/AEAD-(AES.*-GCM|CHACHA.*-POLY.*)-SHA.*/TLS1_3/}" != TLS1_3
-        # client and server 1.3 capable, not TLS 1.3 cipher
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-        egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/client/}.out
-. else
-        # openssl 1.1 generic client cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
-. endif
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl11"
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  else
-        egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/server/}.out
-.  endif
-. else
-.  if "${slib}" == "openssl11"
-        # openssl 1.1 generic server cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
-.  else
-        # libressl generic server cipher
-        grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out
-.  endif
-. endif
-.else
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
-.endif
-.endfor
-.endfor
-.endfor
-.include <bsd.regress.mk>
author	cvs2svn <admin@example.com>	2021-08-30 17:27:46 +0000
committer	cvs2svn <admin@example.com>	2021-08-30 17:27:46 +0000
commit	4e4f5b4c833ba5285e001bdb6b832bdf91c43da3 (patch)
tree	ab301f051b9dd067fa28b0fe56806a2893b8161e /src/regress/lib/libssl/interop/cipher
parent	20a5de624e2e817be526407f2b8de078016ee258 (diff)
download	openbsd-tb_20210830.tar.gz openbsd-tb_20210830.tar.bz2 openbsd-tb_20210830.zip

diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile deleted file mode 100644 index c88309962d..0000000000 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ /dev/null
@@ -1,170 +0,0 @@
1	# $OpenBSD: Makefile,v 1.7 2020/12/17 00:51:11 bluhm Exp $
2
3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers
5	# and pin client and server to one of the ciphers. Use server
6	# certificate with compatible type. Check that client and server
7	# have used correct cipher by grepping in their session print out.
8
9	run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
10	run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
11	client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
12	client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
13	server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
14	server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
15	check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
16	check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
17	# gost does not work with libressl TLS 1.3 right now
18	@echo DISABLED
19
20	LIBRARIES = libressl
21	.if exists(/usr/local/bin/eopenssl)
22	LIBRARIES += openssl
23	.endif
24	.if exists(/usr/local/bin/eopenssl11)
25	LIBRARIES += openssl11
26	.endif
27
28	CLEANFILES = .tmp .ciphers ciphers.mk
29
30	.for clib in ${LIBRARIES}
31	client-${clib}.ciphers:
32	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
33	../${clib}/client -l ALL -L >$@.tmp
34	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
35	rm $@.tmp
36	.endfor
37	.for slib in ${LIBRARIES}
38	server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
39	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
40	../${slib}/server -l ALL -L >$@.tmp
41	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
42	rm $@.tmp
43	.endfor
44
45	.for clib in ${LIBRARIES}
46	.for slib in ${LIBRARIES}
47	ciphers.mk: client-${clib}-server-${slib}.ciphers
48	client-${clib}-server-${slib}.ciphers: \
49	client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
50	# get ciphers shared between client and server
51	sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
52	uniq -d <$@.tmp >$@
53	# we are only interested in ciphers supported by libressl
54	sort $@ client-libressl.ciphers >$@.tmp
55	uniq -d <$@.tmp >$@
56	rm $@.tmp
57	.endfor
58	.endfor
59
60	ciphers.mk:
61	rm -f $@ $@.tmp
62	.for clib in ${LIBRARIES}
63	.for slib in ${LIBRARIES}
64	echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
65	`cat client-${clib}-server-${slib}.ciphers`
66	.endfor
67	.endfor
68	mv $@.tmp $@
69
70	# hack to convert generated lists into usable make variables
71	.if exists(ciphers.mk)
72	.include "ciphers.mk"
73	.else
74	regress: ciphers.mk
75	${MAKE} -C ${.CURDIR} regress
76	.endif
77
78	LEVEL_libressl =
79	LEVEL_openssl =
80	LEVEL_openssl11 = ,@SECLEVEL=0
81
82	.for clib in ${LIBRARIES}
83	.for slib in ${LIBRARIES}
84	.for cipher in ${CIPHERS_${clib}_${slib}}
85
86	.if "${cipher:M-DSS-}" != ""
87	TYPE_${cipher} = dsa
88	.elif "${cipher:M-ECDSA-}" != ""
89	TYPE_${cipher} = ec
90	.elif "${cipher:M-GOST89-}" != ""
91	TYPE_${cipher} = gost
92	.elif "${cipher:M-RSA-}" != ""
93	TYPE_${cipher} = rsa
94	.else
95	TYPE_${cipher} = 127.0.0.1
96	.endif
97
98	.if "${slib}" == "openssl" && \
99	"${cipher:MADH-}${cipher:MEDH-}${cipher:MDHE-*}" != ""
100	DHPARAM_${cipher}_${slib} = -p dh.param
101	.else
102	DHPARAM_${cipher}_${slib} =
103	.endif
104
105	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
106	REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
107	.else
108	REGRESS_SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
109	.endif
110	run-cipher-${cipher}-client-${clib}-server-${slib} \
111	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
112	server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
113	127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
114	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
115	../${slib}/server >${@:S/^run/server/}.out \
116	-c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
117	-l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
118	127.0.0.1 0
119	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
120	../${clib}/client >${@:S/^run/client/}.out \
121	-l ${cipher}${LEVEL_${clib}} \
122	`sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
123	grep -q '^success$$' ${@:S/^run/server/}.out \|\| \
124	{ sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
125	grep -q '^success$$' ${@:S/^run/client/}.out
126
127	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
128	REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
129	.else
130	REGRESS_SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
131	.endif
132	check-cipher-${cipher}-client-${clib}-server-${slib}: \
133	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
134	server-cipher-${cipher}-client-${clib}-server-${slib}.out
135	.if "${clib}" != "openssl" && "${slib}" != "openssl" && \
136	"${cipher:C/AEAD-(AES.-GCM\|CHACHA.-POLY.)-SHA./TLS1_3/}" != TLS1_3
137	# client and server 1.3 capable, not TLS 1.3 cipher
138	. if "${clib}" == "libressl"
139	# libressl client may prefer chacha-poly if aes-ni is not supported
140	egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384\|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/client/}.out
141	. else
142	# openssl 1.1 generic client cipher
143	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
144	. endif
145	. if "${clib}" == "libressl"
146	# libressl client may prefer chacha-poly if aes-ni is not supported
147	. if "${slib}" == "openssl11"
148	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
149	. else
150	egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384\|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/server/}.out
151	. endif
152	. else
153	. if "${slib}" == "openssl11"
154	# openssl 1.1 generic server cipher
155	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
156	. else
157	# libressl generic server cipher
158	grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out
159	. endif
160	. endif
161	.else
162	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
163	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
164	.endif
165
166	.endfor
167	.endfor
168	.endfor
169
170	.include <bsd.regress.mk>