summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/interop
diff options
context:
space:
mode:
authorbeck <>2024-02-03 15:58:34 +0000
committerbeck <>2024-02-03 15:58:34 +0000
commitfeaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3 (patch)
treedc1f0834366a35df8a6de61e2722798629d7c4c2 /src/regress/lib/libssl/interop
parenta931b9fe4c471545a30c6975c303fa27abc695af (diff)
downloadopenbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.gz
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.tar.bz2
openbsd-feaf10d0a7eb5e59e69c058b10c91c45d2b1b0e3.zip
Remove GOST and STREEBOG support from libssl.
This version of GOST is old and not anywhere close to compliant with modern GOST standards. It is also very intrusive in libssl and makes a mess everywhere. Efforts to entice a suitably minded anyone to care about it have been unsuccessful. At this point it is probably best to remove this, and if someone ever showed up who truly needed a working version, it should be a clean implementation from scratch, and have it use something closer to the typical API in libcrypto so it would integrate less painfully here. This removes it from libssl in preparation for it's removal from libcrypto with a future major bump ok tb@
Diffstat (limited to 'src/regress/lib/libssl/interop')
-rw-r--r--src/regress/lib/libssl/interop/Makefile.inc15
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile15
2 files changed, 4 insertions, 26 deletions
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
index 4a66390cbd..fa22fb8514 100644
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ b/src/regress/lib/libssl/interop/Makefile.inc
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile.inc,v 1.9 2023/10/18 19:14:32 anton Exp $ 1# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $
2 2
3.PATH: ${.CURDIR}/.. 3.PATH: ${.CURDIR}/..
4 4
@@ -39,7 +39,7 @@ run-self-client-server: client server 127.0.0.1.crt
39CLEANFILES += 127.0.0.1.{crt,key} \ 39CLEANFILES += 127.0.0.1.{crt,key} \
40 ca.{crt,key,srl} fake-ca.{crt,key} \ 40 ca.{crt,key,srl} fake-ca.{crt,key} \
41 {client,server}.{req,crt,key} \ 41 {client,server}.{req,crt,key} \
42 {dsa,ec,gost,rsa}.{key,req,crt} \ 42 {dsa,ec,rsa}.{key,req,crt} \
43 dh.param 43 dh.param
44 44
45127.0.0.1.crt: 45127.0.0.1.crt:
@@ -70,10 +70,6 @@ dsa.key:
70ec.key: 70ec.key:
71 openssl ecparam -genkey -name secp256r1 -out $@ 71 openssl ecparam -genkey -name secp256r1 -out $@
72 72
73gost.key:
74 openssl genpkey -algorithm gost2001 \
75 -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
76
77rsa.key: 73rsa.key:
78 openssl genrsa -out $@ 2048 74 openssl genrsa -out $@ 2048
79 75
@@ -82,11 +78,6 @@ dsa.req ec.req rsa.req: ${@:R}.key
82 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \ 78 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
83 -nodes -key ${@:R}.key -out $@ 79 -nodes -key ${@:R}.key -out $@
84 80
85gost.req: ${@:R}.key 81dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req
86 openssl req -batch -new -md_gost94 \
87 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
88 -nodes -key ${@:R}.key -out $@
89
90dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
91 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \ 82 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
92 -req -in ${@:R}.req -out $@ 83 -req -in ${@:R}.req -out $@
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index 627cfc8f9f..3a116d5ed5 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.13 2023/10/30 17:15:21 tb Exp $ 1# $OpenBSD: Makefile,v 1.14 2024/02/03 15:58:34 beck Exp $
2 2
3# Connect a client to a server. Both can be current libressl, or 3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers 4# openssl 1.1 or 3.0. Create lists of supported ciphers
@@ -6,17 +6,6 @@
6# certificate with compatible type. Check that client and server 6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out. 7# have used correct cipher by grepping in their session print out.
8 8
9run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
10run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
11client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
12client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
13server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
14server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
15check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
16check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
17 # gost does not work with libressl TLS 1.3 right now
18 @echo DISABLED
19
20LIBRARIES = libressl 9LIBRARIES = libressl
21.if exists(/usr/local/bin/eopenssl11) 10.if exists(/usr/local/bin/eopenssl11)
22LIBRARIES += openssl11 11LIBRARIES += openssl11
@@ -96,8 +85,6 @@ LEVEL_openssl30 = ,@SECLEVEL=0
96TYPE_${cipher} = dsa 85TYPE_${cipher} = dsa
97.elif "${cipher:M*-ECDSA-*}" != "" 86.elif "${cipher:M*-ECDSA-*}" != ""
98TYPE_${cipher} = ec 87TYPE_${cipher} = ec
99.elif "${cipher:M*-GOST89-*}" != ""
100TYPE_${cipher} = gost
101.elif "${cipher:M*-RSA-*}" != "" 88.elif "${cipher:M*-RSA-*}" != ""
102TYPE_${cipher} = rsa 89TYPE_${cipher} = rsa
103.else 90.else
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 18:28:43 +0000