From 92a8db2f2eb9c506d49c1842727aa316d060b99c Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 18 Aug 2024 10:02:10 +0000 Subject: [PATCH] Drop OpenSSL 3.0 interop testing infrastructure The openssl 3.0 port was removed nearly a year ago shortly after the 7.4 release. --- regress/lib/libssl/interop/Makefile | 6 +-- regress/lib/libssl/interop/botan/Makefile | 5 +-- regress/lib/libssl/interop/cert/Makefile | 5 +-- regress/lib/libssl/interop/cipher/Makefile | 9 +--- regress/lib/libssl/interop/netcat/Makefile | 5 +-- regress/lib/libssl/interop/openssl30/Makefile | 43 ------------------- regress/lib/libssl/interop/session/Makefile | 5 +-- regress/lib/libssl/interop/version/Makefile | 8 +--- 8 files changed, 11 insertions(+), 75 deletions(-) delete mode 100644 regress/lib/libssl/interop/openssl30/Makefile diff --git a/regress/lib/libssl/interop/Makefile b/regress/lib/libssl/interop/Makefile index 0a545aded74..21dfce359de 100644 --- a/regress/lib/libssl/interop/Makefile +++ b/regress/lib/libssl/interop/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.19 2024/08/18 09:14:17 tb Exp $ +# $OpenBSD: Makefile,v 1.20 2024/08/18 10:02:10 tb Exp $ -SUBDIR = libressl openssl11 openssl30 openssl31 openssl32 +SUBDIR = libressl openssl11 openssl31 openssl32 # the above binaries must have been built before we can continue SUBDIR += netcat @@ -10,7 +10,7 @@ SUBDIR += botan # What is below takes a long time. # setting REGRESS_SKIP_SLOW to "yes" in mk.conf # will skip the tests that do not test libressl -# but do things like test openssl11 to openssl30 +# but do things like test openssl11 to openssl 3 SUBDIR += version SUBDIR += cipher # This takes a really long time. diff --git a/regress/lib/libssl/interop/botan/Makefile b/regress/lib/libssl/interop/botan/Makefile index acc350a9363..e20553012a7 100644 --- a/regress/lib/libssl/interop/botan/Makefile +++ b/regress/lib/libssl/interop/botan/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.8 2024/08/18 09:14:17 tb Exp $ +# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $ .include @@ -23,9 +23,6 @@ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) LIBRARIES += openssl11 .endif -.if exists(/usr/local/bin/eopenssl30) -LIBRARIES += openssl30 -.endif .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif diff --git a/regress/lib/libssl/interop/cert/Makefile b/regress/lib/libssl/interop/cert/Makefile index 8c37d8a4f86..ab35d03d749 100644 --- a/regress/lib/libssl/interop/cert/Makefile +++ b/regress/lib/libssl/interop/cert/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.12 2024/08/18 09:14:17 tb Exp $ +# $OpenBSD: Makefile,v 1.13 2024/08/18 10:02:10 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or 3.0. Create client and server certificates @@ -10,9 +10,6 @@ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) LIBRARIES += openssl11 .endif -.if exists(/usr/local/bin/eopenssl30) -LIBRARIES += openssl30 -.endif .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif diff --git a/regress/lib/libssl/interop/cipher/Makefile b/regress/lib/libssl/interop/cipher/Makefile index 70eaeec44cd..bf4a1e28dca 100644 --- a/regress/lib/libssl/interop/cipher/Makefile +++ b/regress/lib/libssl/interop/cipher/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.15 2024/08/18 09:14:17 tb Exp $ +# $OpenBSD: Makefile,v 1.16 2024/08/18 10:02:10 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or 3.0. Create lists of supported ciphers @@ -10,9 +10,6 @@ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) LIBRARIES += openssl11 .endif -.if exists(/usr/local/bin/eopenssl30) -LIBRARIES += openssl30 -.endif .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif @@ -48,7 +45,6 @@ client-${clib}-server-${slib}.ciphers: \ # we are only interested in ciphers supported by libressl sort $@ client-libressl.ciphers >$@.tmp . if "${clib}" == "openssl11" || "${slib}" == "openssl11" || \ - "${clib}" == "openssl30" || "${slib}" == "openssl30" || \ "${clib}" == "openssl31" || "${slib}" == "openssl31" || \ "${clib}" == "openssl32" || "${slib}" == "openssl32" # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers @@ -79,7 +75,6 @@ regress: ciphers.mk LEVEL_libressl = LEVEL_openssl11 = ,@SECLEVEL=0 -LEVEL_openssl30 = ,@SECLEVEL=0 LEVEL_openssl31 = ,@SECLEVEL=0 LEVEL_openssl32 = ,@SECLEVEL=0 @@ -142,7 +137,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \ . endif . if "${clib}" == "libressl" # libressl client may prefer chacha-poly if aes-ni is not supported -. if "${slib}" == "openssl11" || "${slib}" == "openssl30" || "${slib}" == "openssl31" || "${slib}" == "openssl32" +. if "${slib}" == "openssl11" || "${slib}" == "openssl31" || "${slib}" == "openssl32" egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out . else egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out diff --git a/regress/lib/libssl/interop/netcat/Makefile b/regress/lib/libssl/interop/netcat/Makefile index 3e3e4efd1e7..ee6fc7e103b 100644 --- a/regress/lib/libssl/interop/netcat/Makefile +++ b/regress/lib/libssl/interop/netcat/Makefile @@ -1,12 +1,9 @@ -# $OpenBSD: Makefile,v 1.8 2024/08/18 09:14:17 tb Exp $ +# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) LIBRARIES += openssl11 .endif -.if exists(/usr/local/bin/eopenssl30) -LIBRARIES += openssl30 -.endif .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif diff --git a/regress/lib/libssl/interop/openssl30/Makefile b/regress/lib/libssl/interop/openssl30/Makefile deleted file mode 100644 index d667d1b17ee..00000000000 --- a/regress/lib/libssl/interop/openssl30/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# $OpenBSD: Makefile,v 1.1 2023/01/27 08:28:36 tb Exp $ - -.if ! exists(/usr/local/bin/eopenssl30) -regress: - # install openssl-3.0 from ports for interop tests - @echo 'Run "pkg_add openssl--%3.0" to run tests against OpenSSL 3.0' - @echo SKIPPED -.else - -PROGS = client server -CPPFLAGS = -I /usr/local/include/eopenssl30 -LDFLAGS = -L /usr/local/lib/eopenssl30 -LDADD = -lssl -lcrypto -DPADD = /usr/local/lib/eopenssl30/libssl.a \ - /usr/local/lib/eopenssl30/libcrypto.a -LD_LIBRARY_PATH = /usr/local/lib/eopenssl30 -REGRESS_TARGETS = run-self-client-server -.for p in ${PROGS} -REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p -.endfor - -.for p in ${PROGS} - -run-ldd-$p: ldd-$p.out - # check that $p is linked with OpenSSL 3.0 - grep -q /usr/local/lib/eopenssl30/libcrypto.so ldd-$p.out - grep -q /usr/local/lib/eopenssl30/libssl.so ldd-$p.out - # check that $p is not linked with LibreSSL - ! grep -v libc.so ldd-$p.out | grep /usr/lib/ - -run-version-$p: $p-self.out - # check that runtime version is OpenSSL 3.0 - grep 'SSLEAY_VERSION: OpenSSL 3.0' $p-self.out - -run-protocol-$p: $p-self.out - # check that OpenSSL 3.0 protocol version is TLS 1.3 - grep 'Protocol *: TLSv1.3' $p-self.out - -.endfor - -.endif # exists(/usr/local/bin/eopenssl30) - -.include diff --git a/regress/lib/libssl/interop/session/Makefile b/regress/lib/libssl/interop/session/Makefile index d1644de3f34..ab6503c97f9 100644 --- a/regress/lib/libssl/interop/session/Makefile +++ b/regress/lib/libssl/interop/session/Makefile @@ -1,12 +1,9 @@ -# $OpenBSD: Makefile,v 1.10 2024/08/18 09:14:17 tb Exp $ +# $OpenBSD: Makefile,v 1.11 2024/08/18 10:02:10 tb Exp $ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) LIBRARIES += openssl11 .endif -.if exists(/usr/local/bin/eopenssl30) -#LIBRARIES += openssl30 -.endif .if exists(/usr/local/bin/eopenssl31) #LIBRARIES += openssl31 .endif diff --git a/regress/lib/libssl/interop/version/Makefile b/regress/lib/libssl/interop/version/Makefile index bb4641afa98..aa5883fa2dd 100644 --- a/regress/lib/libssl/interop/version/Makefile +++ b/regress/lib/libssl/interop/version/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.8 2023/10/30 17:15:21 tb Exp $ +# $OpenBSD: Makefile,v 1.9 2024/08/18 10:02:10 tb Exp $ # Connect a client to a server. Both can be current libressl, or # openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS @@ -10,9 +10,6 @@ LIBRARIES = libressl .if exists(/usr/local/bin/eopenssl11) LIBRARIES += openssl11 .endif -.if exists(/usr/local/bin/eopenssl30) -LIBRARIES += openssl30 -.endif .if exists(/usr/local/bin/eopenssl31) LIBRARIES += openssl31 .endif @@ -32,8 +29,7 @@ FAIL_${cver}_${sver} = ! .for slib in ${LIBRARIES} .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \ - ((("${clib}" != openssl30 && "${slib}" != openssl30) && \ - ("${clib}" != openssl31 && "${slib}" != openssl31)) || \ + ((("${clib}" != openssl31 && "${slib}" != openssl31)) || \ (("${cver}" != any && "${sver}" != any) && \ ("${cver}" != TLS1 && "${sver}" != TLS1) && \ ("${cver}" != TLS1_1 && "${sver}" != TLS1_1))) -- 2.20.1