From 4e4f5b4c833ba5285e001bdb6b832bdf91c43da3 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 30 Aug 2021 17:27:46 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20210830'. --- src/regress/lib/libssl/interop/cipher/Makefile | 170 ------------------------- 1 file changed, 170 deletions(-) delete mode 100644 src/regress/lib/libssl/interop/cipher/Makefile (limited to 'src/regress/lib/libssl/interop/cipher') diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile deleted file mode 100644 index c88309962d..0000000000 --- a/src/regress/lib/libssl/interop/cipher/Makefile +++ /dev/null @@ -1,170 +0,0 @@ -# $OpenBSD: Makefile,v 1.7 2020/12/17 00:51:11 bluhm Exp $ - -# Connect a client to a server. Both can be current libressl, or -# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers -# and pin client and server to one of the ciphers. Use server -# certificate with compatible type. Check that client and server -# have used correct cipher by grepping in their session print out. - -run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \ -run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \ -client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \ -client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \ -server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \ -server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \ -check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \ -check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl: - # gost does not work with libressl TLS 1.3 right now - @echo DISABLED - -LIBRARIES = libressl -.if exists(/usr/local/bin/eopenssl) -LIBRARIES += openssl -.endif -.if exists(/usr/local/bin/eopenssl11) -LIBRARIES += openssl11 -.endif - -CLEANFILES = *.tmp *.ciphers ciphers.mk - -.for clib in ${LIBRARIES} -client-${clib}.ciphers: - LD_LIBRARY_PATH=/usr/local/lib/e${clib} \ - ../${clib}/client -l ALL -L >$@.tmp - sed -n 's/^cipher //p' <$@.tmp | sort -u >$@ - rm $@.tmp -.endfor -.for slib in ${LIBRARIES} -server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt - LD_LIBRARY_PATH=/usr/local/lib/e${slib} \ - ../${slib}/server -l ALL -L >$@.tmp - sed -n 's/^cipher //p' <$@.tmp | sort -u >$@ - rm $@.tmp -.endfor - -.for clib in ${LIBRARIES} -.for slib in ${LIBRARIES} -ciphers.mk: client-${clib}-server-${slib}.ciphers -client-${clib}-server-${slib}.ciphers: \ - client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers - # get ciphers shared between client and server - sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp - uniq -d <$@.tmp >$@ - # we are only interested in ciphers supported by libressl - sort $@ client-libressl.ciphers >$@.tmp - uniq -d <$@.tmp >$@ - rm $@.tmp -.endfor -.endfor - -ciphers.mk: - rm -f $@ $@.tmp -.for clib in ${LIBRARIES} -.for slib in ${LIBRARIES} - echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \ - `cat client-${clib}-server-${slib}.ciphers` -.endfor -.endfor - mv $@.tmp $@ - -# hack to convert generated lists into usable make variables -.if exists(ciphers.mk) -.include "ciphers.mk" -.else -regress: ciphers.mk - ${MAKE} -C ${.CURDIR} regress -.endif - -LEVEL_libressl = -LEVEL_openssl = -LEVEL_openssl11 = ,@SECLEVEL=0 - -.for clib in ${LIBRARIES} -.for slib in ${LIBRARIES} -.for cipher in ${CIPHERS_${clib}_${slib}} - -.if "${cipher:M*-DSS-*}" != "" -TYPE_${cipher} = dsa -.elif "${cipher:M*-ECDSA-*}" != "" -TYPE_${cipher} = ec -.elif "${cipher:M*-GOST89-*}" != "" -TYPE_${cipher} = gost -.elif "${cipher:M*-RSA-*}" != "" -TYPE_${cipher} = rsa -.else -TYPE_${cipher} = 127.0.0.1 -.endif - -.if "${slib}" == "openssl" && \ - "${cipher:MADH-*}${cipher:MEDH-*}${cipher:MDHE-*}" != "" -DHPARAM_${cipher}_${slib} = -p dh.param -.else -DHPARAM_${cipher}_${slib} = -.endif - -.if ("${clib}" == "libressl" || "${slib}" == "libressl") -REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib} -.else -REGRESS_SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib} -.endif -run-cipher-${cipher}-client-${clib}-server-${slib} \ -client-cipher-${cipher}-client-${clib}-server-${slib}.out \ -server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \ - 127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server - LD_LIBRARY_PATH=/usr/local/lib/e${slib} \ - ../${slib}/server >${@:S/^run/server/}.out \ - -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \ - -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \ - 127.0.0.1 0 - LD_LIBRARY_PATH=/usr/local/lib/e${clib} \ - ../${clib}/client >${@:S/^run/client/}.out \ - -l ${cipher}${LEVEL_${clib}} \ - `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out` - grep -q '^success$$' ${@:S/^run/server/}.out || \ - { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; } - grep -q '^success$$' ${@:S/^run/client/}.out - -.if ("${clib}" == "libressl" || "${slib}" == "libressl") -REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib} -.else -REGRESS_SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib} -.endif -check-cipher-${cipher}-client-${clib}-server-${slib}: \ - client-cipher-${cipher}-client-${clib}-server-${slib}.out \ - server-cipher-${cipher}-client-${clib}-server-${slib}.out -.if "${clib}" != "openssl" && "${slib}" != "openssl" && \ - "${cipher:C/AEAD-(AES.*-GCM|CHACHA.*-POLY.*)-SHA.*/TLS1_3/}" != TLS1_3 - # client and server 1.3 capable, not TLS 1.3 cipher -. if "${clib}" == "libressl" - # libressl client may prefer chacha-poly if aes-ni is not supported - egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/client/}.out -. else - # openssl 1.1 generic client cipher - grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out -. endif -. if "${clib}" == "libressl" - # libressl client may prefer chacha-poly if aes-ni is not supported -. if "${slib}" == "openssl11" - egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out -. else - egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/server/}.out -. endif -. else -. if "${slib}" == "openssl11" - # openssl 1.1 generic server cipher - grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out -. else - # libressl generic server cipher - grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out -. endif -. endif -.else - grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out - grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out -.endif - -.endfor -.endfor -.endfor - -.include -- cgit v1.2.3-55-g6feb