1 files changed, 0 insertions, 159 deletions
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index fa7e25f9ee..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,159 +0,0 @@
-# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
-# Connect a client to a server.  Both can be current libressl, or
-# openssl 1.1 or 3.0.  Create lists of supported ciphers
-# and pin client and server to one of the ciphers.  Use server
-# certificate with compatible type.  Check that client and server
-# have used correct cipher by grepping in their session print out.
-LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
-LIBRARIES +=            openssl33
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
-.endif
-CLEANFILES =    *.tmp *.ciphers ciphers.mk
-.for clib in ${LIBRARIES}
-client-${clib}.ciphers:
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for slib in ${LIBRARIES}
-server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server -l ALL -L >$@.tmp
-        sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
-        rm $@.tmp
-.endfor
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-ciphers.mk: client-${clib}-server-${slib}.ciphers
-client-${clib}-server-${slib}.ciphers: \
-    client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
-        # get ciphers shared between client and server
-        sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
-        uniq -d <$@.tmp >$@
-        # we are only interested in ciphers supported by libressl
-        sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
-        "${clib}" == "openssl34" || "${slib}" == "openssl34"
-        # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
-        sed -i '/^TLS_/d' $@.tmp
-. endif
-        uniq -d <$@.tmp >$@
-        rm $@.tmp
-.endfor
-.endfor
-ciphers.mk:
-        rm -f $@ $@.tmp
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-        echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
-            `cat client-${clib}-server-${slib}.ciphers`
-.endfor
-.endfor
-        mv $@.tmp $@
-# hack to convert generated lists into usable make variables
-.if exists(ciphers.mk)
-.include "ciphers.mk"
-.else
-regress: ciphers.mk
-        ${MAKE} -C ${.CURDIR} regress
-.endif
-LEVEL_libressl =
-LEVEL_openssl33 = ,@SECLEVEL=0
-LEVEL_openssl34 = ,@SECLEVEL=0
-.for clib in ${LIBRARIES}
-.for slib in ${LIBRARIES}
-.for cipher in ${CIPHERS_${clib}_${slib}}
-.if "${cipher:M*-DSS-*}" != ""
-TYPE_${cipher} =        dsa
-.elif "${cipher:M*-ECDSA-*}" != ""
-TYPE_${cipher} =        ec
-.elif "${cipher:M*-RSA-*}" != ""
-TYPE_${cipher} =        rsa
-.else
-TYPE_${cipher} =        127.0.0.1
-.endif
-DHPARAM_${cipher}_${slib} =
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      run-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
-SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-run-cipher-${cipher}-client-${clib}-server-${slib} \
-client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
-    127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
-        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server >${@:S/^run/server/}.out \
-            -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
-            -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
-            127.0.0.1 0
-        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client >${@:S/^run/client/}.out \
-            -l ${cipher}${LEVEL_${clib}} \
-            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
-        grep -q '^success$$' ${@:S/^run/server/}.out || \
-            { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
-        grep -q '^success$$' ${@:S/^run/client/}.out
-.if ("${clib}" == "libressl" || "${slib}" == "libressl")
-REGRESS_TARGETS +=      check-cipher-${cipher}-client-${clib}-server-${slib}
-.else
-# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
-SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
-.endif
-check-cipher-${cipher}-client-${clib}-server-${slib}: \
-    client-cipher-${cipher}-client-${clib}-server-${slib}.out \
-    server-cipher-${cipher}-client-${clib}-server-${slib}.out
-.if "${cipher:C/TLS_(AES.*_GCM|CHACHA.*_POLY.*)_SHA.*/TLS1_3/}" != TLS1_3
-        # client and server 1.3 capable, not TLS 1.3 cipher
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
-. else
-        # openssl 1.1 generic client cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
-. endif
-. if "${clib}" == "libressl"
-        # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl33" || "${slib}" == "openssl34"
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  else
-        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
-.  endif
-. else
-        # generic server cipher
-        grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
-. endif
-.else
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
-        grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
-.endif
-.endfor
-.endfor
-.endfor
-.include <bsd.own.mk>
-REGRESS_SKIP_SLOW ?= no
-.if ${REGRESS_SKIP_SLOW:L} != "yes"
-REGRESS_TARGETS += ${SLOW_TARGETS}
-.endif
-.include <bsd.regress.mk>

diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile deleted file mode 100644 index fa7e25f9ee..0000000000 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ /dev/null
@@ -1,159 +0,0 @@
1	# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
2
3	# Connect a client to a server. Both can be current libressl, or
4	# openssl 1.1 or 3.0. Create lists of supported ciphers
5	# and pin client and server to one of the ciphers. Use server
6	# certificate with compatible type. Check that client and server
7	# have used correct cipher by grepping in their session print out.
8
9	LIBRARIES = libressl
10	.if exists(/usr/local/bin/eopenssl33)
11	LIBRARIES += openssl33
12	.endif
13	.if exists(/usr/local/bin/eopenssl34)
14	LIBRARIES += openssl34
15	.endif
16
17	CLEANFILES = .tmp .ciphers ciphers.mk
18
19	.for clib in ${LIBRARIES}
20	client-${clib}.ciphers:
21	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
22	../${clib}/client -l ALL -L >$@.tmp
23	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
24	rm $@.tmp
25	.endfor
26	.for slib in ${LIBRARIES}
27	server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
28	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
29	../${slib}/server -l ALL -L >$@.tmp
30	sed -n 's/^cipher //p' <$@.tmp \| sort -u >$@
31	rm $@.tmp
32	.endfor
33
34	.for clib in ${LIBRARIES}
35	.for slib in ${LIBRARIES}
36	ciphers.mk: client-${clib}-server-${slib}.ciphers
37	client-${clib}-server-${slib}.ciphers: \
38	client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
39	# get ciphers shared between client and server
40	sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
41	uniq -d <$@.tmp >$@
42	# we are only interested in ciphers supported by libressl
43	sort $@ client-libressl.ciphers >$@.tmp
44	. if "${clib}" == "openssl33" \|\| "${slib}" == "openssl33" \|\| \
45	"${clib}" == "openssl34" \|\| "${slib}" == "openssl34"
46	# OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
47	sed -i '/^TLS_/d' $@.tmp
48	. endif
49	uniq -d <$@.tmp >$@
50	rm $@.tmp
51	.endfor
52	.endfor
53
54	ciphers.mk:
55	rm -f $@ $@.tmp
56	.for clib in ${LIBRARIES}
57	.for slib in ${LIBRARIES}
58	echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
59	`cat client-${clib}-server-${slib}.ciphers`
60	.endfor
61	.endfor
62	mv $@.tmp $@
63
64	# hack to convert generated lists into usable make variables
65	.if exists(ciphers.mk)
66	.include "ciphers.mk"
67	.else
68	regress: ciphers.mk
69	${MAKE} -C ${.CURDIR} regress
70	.endif
71
72	LEVEL_libressl =
73	LEVEL_openssl33 = ,@SECLEVEL=0
74	LEVEL_openssl34 = ,@SECLEVEL=0
75
76	.for clib in ${LIBRARIES}
77	.for slib in ${LIBRARIES}
78	.for cipher in ${CIPHERS_${clib}_${slib}}
79
80	.if "${cipher:M-DSS-}" != ""
81	TYPE_${cipher} = dsa
82	.elif "${cipher:M-ECDSA-}" != ""
83	TYPE_${cipher} = ec
84	.elif "${cipher:M-RSA-}" != ""
85	TYPE_${cipher} = rsa
86	.else
87	TYPE_${cipher} = 127.0.0.1
88	.endif
89
90	DHPARAM_${cipher}_${slib} =
91
92	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
93	REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
94	.else
95	# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
96	SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
97	.endif
98	run-cipher-${cipher}-client-${clib}-server-${slib} \
99	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
100	server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
101	127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
102	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
103	../${slib}/server >${@:S/^run/server/}.out \
104	-c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
105	-l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
106	127.0.0.1 0
107	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
108	../${clib}/client >${@:S/^run/client/}.out \
109	-l ${cipher}${LEVEL_${clib}} \
110	`sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
111	grep -q '^success$$' ${@:S/^run/server/}.out \|\| \
112	{ sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
113	grep -q '^success$$' ${@:S/^run/client/}.out
114
115	.if ("${clib}" == "libressl" \|\| "${slib}" == "libressl")
116	REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
117	.else
118	# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
119	SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
120	.endif
121	check-cipher-${cipher}-client-${clib}-server-${slib}: \
122	client-cipher-${cipher}-client-${clib}-server-${slib}.out \
123	server-cipher-${cipher}-client-${clib}-server-${slib}.out
124	.if "${cipher:C/TLS_(AES._GCM\|CHACHA._POLY.)_SHA./TLS1_3/}" != TLS1_3
125	# client and server 1.3 capable, not TLS 1.3 cipher
126	. if "${clib}" == "libressl"
127	# libressl client may prefer chacha-poly if aes-ni is not supported
128	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
129	. else
130	# openssl 1.1 generic client cipher
131	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
132	. endif
133	. if "${clib}" == "libressl"
134	# libressl client may prefer chacha-poly if aes-ni is not supported
135	. if "${slib}" == "openssl33" \|\| "${slib}" == "openssl34"
136	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
137	. else
138	egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384\|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
139	. endif
140	. else
141	# generic server cipher
142	grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
143	. endif
144	.else
145	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
146	grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
147	.endif
148
149	.endfor
150	.endfor
151	.endfor
152
153	.include <bsd.own.mk>
154	REGRESS_SKIP_SLOW ?= no
155	.if ${REGRESS_SKIP_SLOW:L} != "yes"
156	REGRESS_TARGETS += ${SLOW_TARGETS}
157	.endif
158
159	.include <bsd.regress.mk>