This commit was manufactured by cvs2git to create tag 'tb_20230715'.tb_20230715

author: cvs2svn <admin@example.com> 2023-07-15 19:29:46 +0000
committer: cvs2svn <admin@example.com> 2023-07-15 19:29:46 +0000
commit: 72cc860132e5b7971e495ba621dcd0713b5dd801 (patch)
tree: eb2977d6a31db45cc5481c643fa2a77238fa93bb /src/regress/lib/libssl/interop/cipher
parent: 0d87a20f1d7f7c6ae9a6cbb5bc3c2235ee3fe18a (diff)
download: openbsd-tb_20230715.tar.gz
openbsd-tb_20230715.tar.bz2
openbsd-tb_20230715.zip
1 files changed, 0 insertions, 172 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index 85d927a92d..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,172 +0,0 @@
-# $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $
-# Connect a client to a server.  Both can be current libressl, or
-# openssl 1.1 or 3.0.  Create lists of supported ciphers
-# and pin client and server to one of the ciphers.  Use server
-# certificate with compatible type.  Check that client and server
-# have used correct cipher by grepping in their session print out.
-run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
-client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
-server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
-check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
-check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
-        # gost does not work with libressl TLS 1.3 right now
-        @echo DISABLED
-LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl11)
-LIBRARIES +=            openssl11
-.endif
-.if exists(/usr/local/bin/eopenssl30)
-LIBRARIES +=            openssl30
-.endif
-CLEANFILES =    *.tmp *.ciphers ciphers.mk
-.for clib in ${LIBRARIES}
-client-${clib}.ciphers:
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for slib in ${LIBRARIES}
-server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-ciphers.mk: client-${clib}-server-${slib}.ciphers
-client-${clib}-server-${slib}.ciphers: \
-    client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
-        # get ciphers shared between client and server
-        sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
-        uniq -d <$@.tmp >$@
-        # we are only interested in ciphers supported by libressl
-        sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \
-        "${clib}" == "openssl30" || "${slib}" == "openssl30"
-        # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
-        sed -i '/^TLS_/d' $@.tmp
-. endif
-        uniq -d <$@.tmp >$@
-        rm $@.tmp
-.endfor
-.endfor
-ciphers.mk:
-        rm -f $@ $@.tmp
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-        echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
-            `cat client-${clib}-server-${slib}.ciphers`
-.endfor
-.endfor
-        mv $@.tmp $@
-# hack to convert generated lists into usable make variables
-.if exists(ciphers.mk)
-.include "ciphers.mk"
-.else
-regress: ciphers.mk
-        ${MAKE} -C ${.CURDIR} regress
-.endif
-LEVEL_libressl =
-LEVEL_openssl11 = ,@SECLEVEL=0
-LEVEL_openssl30 = ,@SECLEVEL=0
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-.for cipher in ${CIPHERS_${clib}_${slib}}
-.if "${cipher:M*-DSS-*}" != ""
-TYPE_${cipher} =        dsa
-.elif "${cipher:M*-ECDSA-*}" != ""
-TYPE_${cipher} =        ec
-.elif "${cipher:M*-GOST89-*}" != ""
-TYPE_${cipher} =        gost
-.elif "${cipher:M*-RSA-*}" != ""
-TYPE_${cipher} =        rsa
-.else
-TYPE_${cipher} =        127.0.0.1
-.endif
-DHPARAM_${cipher}_${slib} =
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      run-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
-SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-run-cipher-${cipher}-client-${clib}-server-${slib} \
-client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
-    127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server >${@:S/^run/server/}.out \
-            -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
-            -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
-            127.0.0.1 0
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client >${@:S/^run/client/}.out \
-            -l ${cipher}${LEVEL_${clib}} \
-            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
-        grep -q '^success$$' ${@:S/^run/server/}.out || \
-            { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
-        grep -q '^success$$' ${@:S/^run/client/}.out
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      check-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
-SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-check-cipher-${cipher}-client-${clib}-server-${slib}: \
-    client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-    server-cipher-${cipher}-client-${clib}-server-${slib}.out
-.if "${cipher:C/TLS_(AES.*_GCM|CHACHA.*_POLY.*)_SHA.*/TLS1_3/}" != TLS1_3
-        # client and server 1.3 capable, not TLS 1.3 cipher
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
-. else
-        # openssl 1.1 generic client cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
-. endif
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl11" || "${slib}" == "openssl30"
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  else
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  endif
-. else
-        # generic server cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
-. endif
-.else
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
-.endif
-.endfor
-.endfor
-.endfor
-.include <bsd.own.mk>
-REGRESS_SKIP_SLOW ?= no
-.if ${REGRESS_SKIP_SLOW:L} != "yes"
-REGRESS_TARGETS += ${SLOW_TARGETS}
-.endif
-.include <bsd.regress.mk>
author	cvs2svn <admin@example.com>	2023-07-15 19:29:46 +0000
committer	cvs2svn <admin@example.com>	2023-07-15 19:29:46 +0000
commit	72cc860132e5b7971e495ba621dcd0713b5dd801 (patch)
tree	eb2977d6a31db45cc5481c643fa2a77238fa93bb /src/regress/lib/libssl/interop/cipher
parent	0d87a20f1d7f7c6ae9a6cbb5bc3c2235ee3fe18a (diff)
download	openbsd-tb_20230715.tar.gz openbsd-tb_20230715.tar.bz2 openbsd-tb_20230715.zip

diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile deleted file mode 100644 index 85d927a92d..0000000000 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ /dev/null
@@ -1,172 +0,0 @@
1	# $OpenBSD: Makefile,v 1.12 2023/04/19 15:34:23 tb Exp $
2
3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.1 or 3.0. Create lists of supported ciphers
5	# and pin client and server to one of the ciphers. Use server
6	# certificate with compatible type. Check that client and server
7	# have used correct cipher by grepping in their session print out.
8
9	run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
10	run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
11	client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
12	client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
13	server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
14	server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
15	check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
16	check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
17	# gost does not work with libressl TLS 1.3 right now
18	@echo DISABLED
19
20	LIBRARIES = libressl
21	.if exists(/usr/local/bin/eopenssl11)
22	LIBRARIES += openssl11
23	.endif
24	.if exists(/usr/local/bin/eopenssl30)
25	LIBRARIES += openssl30
26	.endif
27
28	CLEANFILES = .tmp .ciphers ciphers.mk
29
30	.for clib in ${LIBRARIES}
31	client-${clib}.ciphers:
32	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
33	../${clib}/client -l ALL -L >$@.tmp
34	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
35	rm $@.tmp
36	.endfor
37	.for slib in ${LIBRARIES}
38	server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
39	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
40	../${slib}/server -l ALL -L >$@.tmp
41	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
42	rm $@.tmp
43	.endfor
44
45	.for clib in ${LIBRARIES}
46	.for slib in ${LIBRARIES}
47	ciphers.mk: client-${clib}-server-${slib}.ciphers
48	client-${clib}-server-${slib}.ciphers: \
49	client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
50	# get ciphers shared between client and server
51	sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
52	uniq -d <$@.tmp >$@
53	# we are only interested in ciphers supported by libressl
54	sort $@ client-libressl.ciphers >$@.tmp
55	. if "${clib}" == "openssl11" \|\| "${slib}" == "openssl11" \|\| \
56	"${clib}" == "openssl30" \|\| "${slib}" == "openssl30"
57	# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
58	sed -i '/^TLS_/d' $@.tmp
59	. endif
60	uniq -d <$@.tmp >$@
61	rm $@.tmp
62	.endfor
63	.endfor
64
65	ciphers.mk:
66	rm -f $@ $@.tmp
67	.for clib in ${LIBRARIES}
68	.for slib in ${LIBRARIES}
69	echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
70	`cat client-${clib}-server-${slib}.ciphers`
71	.endfor
72	.endfor
73	mv $@.tmp $@
74
75	# hack to convert generated lists into usable make variables
76	.if exists(ciphers.mk)
77	.include "ciphers.mk"
78	.else
79	regress: ciphers.mk
80	${MAKE} -C ${.CURDIR} regress
81	.endif
82
83	LEVEL_libressl =
84	LEVEL_openssl11 = ,@SECLEVEL=0
85	LEVEL_openssl30 = ,@SECLEVEL=0
86
87	.for clib in ${LIBRARIES}
88	.for slib in ${LIBRARIES}
89	.for cipher in ${CIPHERS_${clib}_${slib}}
90
91	.if "${cipher:M-DSS-}" != ""
92	TYPE_${cipher} = dsa
93	.elif "${cipher:M-ECDSA-}" != ""
94	TYPE_${cipher} = ec
95	.elif "${cipher:M-GOST89-}" != ""
96	TYPE_${cipher} = gost
97	.elif "${cipher:M-RSA-}" != ""
98	TYPE_${cipher} = rsa
99	.else
100	TYPE_${cipher} = 127.0.0.1
101	.endif
102
103	DHPARAM_${cipher}_${slib} =
104
105	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
106	REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
107	.else
108	# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
109	SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
110	.endif
111	run-cipher-${cipher}-client-${clib}-server-${slib} \
112	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
113	server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
114	127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
115	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
116	../${slib}/server >${@:S/^run/server/}.out \
117	-c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
118	-l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
119	127.0.0.1 0
120	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
121	../${clib}/client >${@:S/^run/client/}.out \
122	-l ${cipher}${LEVEL_${clib}} \
123	`sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
124	grep -q '^success$$' ${@:S/^run/server/}.out \|\| \
125	{ sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
126	grep -q '^success$$' ${@:S/^run/client/}.out
127
128	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
129	REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
130	.else
131	# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
132	SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
133	.endif
134	check-cipher-${cipher}-client-${clib}-server-${slib}: \
135	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
136	server-cipher-${cipher}-client-${clib}-server-${slib}.out
137	.if "${cipher:C/TLS_(AES._GCM\|CHACHA._POLY.)_SHA./TLS1_3/}" != TLS1_3
138	# client and server 1.3 capable, not TLS 1.3 cipher
139	. if "${clib}" == "libressl"
140	# libressl client may prefer chacha-poly if aes-ni is not supported
141	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
142	. else
143	# openssl 1.1 generic client cipher
144	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
145	. endif
146	. if "${clib}" == "libressl"
147	# libressl client may prefer chacha-poly if aes-ni is not supported
148	. if "${slib}" == "openssl11" \|\| "${slib}" == "openssl30"
149	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
150	. else
151	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
152	. endif
153	. else
154	# generic server cipher
155	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
156	. endif
157	.else
158	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
159	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
160	.endif
161
162	.endfor
163	.endfor
164	.endfor
165
166	.include <bsd.own.mk>
167	REGRESS_SKIP_SLOW ?= no
168	.if ${REGRESS_SKIP_SLOW:L} != "yes"
169	REGRESS_TARGETS += ${SLOW_TARGETS}
170	.endif
171
172	.include <bsd.regress.mk>