|
@@ -15,19 +15,31 @@ generate_port() {
|
|
|
}
|
|
|
|
|
|
|
|
|
-generate_port
|
|
|
-openssl_port=$port
|
|
|
no_pid=-1
|
|
|
-server_pid=$no_pid
|
|
|
-ecdh_server_pid=$no_pid
|
|
|
-wolf_suites_tested=0
|
|
|
-wolf_suites_total=0
|
|
|
+servers=""
|
|
|
+openssl_pid=$no_pid
|
|
|
+ecdh_openssl_pid=$no_pid
|
|
|
+ecdsa_openssl_pid=$no_pid
|
|
|
+ed25519_openssl_pid=$no_pid
|
|
|
+ed448_openssl_pid=$no_pid
|
|
|
+tls13_psk_openssl_pid=$no_pid
|
|
|
+wolfssl_pid=$no_pid
|
|
|
+ecdh_wolfssl_pid=$no_pid
|
|
|
+ecdsa_wolfssl_pid=$no_pid
|
|
|
+ed25519_wolfssl_pid=$no_pid
|
|
|
+ed448_wolfssl_pid=$no_pid
|
|
|
+tls13_psk_wolfssl_pid=$no_pid
|
|
|
+anon_wolfssl_pid=$no_pid
|
|
|
+wolf_cases_tested=0
|
|
|
+wolf_cases_total=0
|
|
|
counter=0
|
|
|
-testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#Tested\n"
|
|
|
+testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
|
|
|
versionName="Invalid"
|
|
|
if [ "$OPENSSL" = "" ]; then
|
|
|
OPENSSL=openssl
|
|
|
fi
|
|
|
+WOLFSSL_SERVER=./examples/server/server
|
|
|
+WOLFSSL_CLIENT=./examples/client/client
|
|
|
|
|
|
version_name() {
|
|
|
case $version in "0")
|
|
@@ -43,6 +55,15 @@ version_name() {
|
|
|
versionName="TLSv1.2"
|
|
|
;;
|
|
|
"4")
|
|
|
+ versionName="TLSv1.3"
|
|
|
+ ;;
|
|
|
+ "d")
|
|
|
+ versionName="Down"
|
|
|
+ ;;
|
|
|
+ "")
|
|
|
+ versionName="Def"
|
|
|
+ ;;
|
|
|
+ "5")
|
|
|
versionName="ALL"
|
|
|
;;
|
|
|
esac
|
|
@@ -51,17 +72,16 @@ version_name() {
|
|
|
do_cleanup() {
|
|
|
echo "in cleanup"
|
|
|
|
|
|
- if [ $server_pid != $no_pid ]
|
|
|
- then
|
|
|
- echo "killing server"
|
|
|
- kill -9 $server_pid
|
|
|
- fi
|
|
|
-
|
|
|
- if [ $ecdh_server_pid != $no_pid ]
|
|
|
- then
|
|
|
- echo "killing ECDH-RSA server"
|
|
|
- kill -9 $ecdh_server_pid
|
|
|
- fi
|
|
|
+ IFS=$OIFS #restore separator
|
|
|
+ for s in $servers
|
|
|
+ do
|
|
|
+ f2=${s%:*}
|
|
|
+ sname=${f2%:*}
|
|
|
+ pid=${f2##*:}
|
|
|
+ port=${s##*:}
|
|
|
+ echo "killing server: $sname ($port)"
|
|
|
+ kill -9 $pid
|
|
|
+ done
|
|
|
}
|
|
|
|
|
|
do_trap() {
|
|
@@ -72,76 +92,122 @@ do_trap() {
|
|
|
|
|
|
trap do_trap INT TERM
|
|
|
|
|
|
-echo -e "\nTesting existence of openssl command...\n"
|
|
|
-command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; }
|
|
|
|
|
|
+check_process_running() {
|
|
|
+ if [ "$ps_grep" = "" ]
|
|
|
+ then
|
|
|
+ ps -p $server_pid > /dev/null
|
|
|
+ PS_EXIT=$?
|
|
|
+ else
|
|
|
+ ps | grep "^ *$server_pid " > /dev/null
|
|
|
+ PS_EXIT=$?
|
|
|
+ fi
|
|
|
+}
|
|
|
|
|
|
-echo -e "\nTesting for _build directory as part of distcheck, different paths"
|
|
|
-currentDir=`pwd`
|
|
|
-if [ $currentDir = *"_build" ]
|
|
|
-then
|
|
|
- echo -e "_build directory detected, moving a directory back"
|
|
|
- cd ..
|
|
|
-fi
|
|
|
+#
|
|
|
+# Start an OpenSSL server
|
|
|
+#
|
|
|
+start_openssl_server() {
|
|
|
+ if [ "$wolfssl_client_avail" = "" ]
|
|
|
+ then
|
|
|
+ return
|
|
|
+ fi
|
|
|
|
|
|
+ generate_port
|
|
|
+ server_port=$port
|
|
|
+ found_free_port=0
|
|
|
+ counter=0
|
|
|
+ while [ "$counter" -lt 20 ]; do
|
|
|
+ echo -e "\n# Trying to start $openssl_suite OpenSSL server on port $server_port..."
|
|
|
+ echo "#"
|
|
|
|
|
|
-# get wolfssl ciphers
|
|
|
-wolf_ciphers=`./examples/client/client -e`
|
|
|
+ if [ "$cert_file" != "" ]
|
|
|
+ then
|
|
|
+ echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL"
|
|
|
+ $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" &
|
|
|
+ else
|
|
|
+ echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL"
|
|
|
+ $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" &
|
|
|
+ fi
|
|
|
+ server_pid=$!
|
|
|
+ # wait to see if s_server successfully starts before continuing
|
|
|
+ sleep 0.1
|
|
|
+
|
|
|
+ check_process_running
|
|
|
+ if [ "$PS_EXIT" = "0" ]
|
|
|
+ then
|
|
|
+ echo "s_server started successfully on port $server_port"
|
|
|
+ found_free_port=1
|
|
|
+ break
|
|
|
+ else
|
|
|
+ #port already started, try a different port
|
|
|
+ counter=$((counter+ 1))
|
|
|
+ generate_port
|
|
|
+ server_port=$port
|
|
|
+ fi
|
|
|
+ done
|
|
|
|
|
|
-found_free_port=0
|
|
|
-while [ "$counter" -lt 20 ]; do
|
|
|
- echo -e "\nTrying to start openssl server on port $openssl_port...\n"
|
|
|
+ if [ $found_free_port = 0 ]
|
|
|
+ then
|
|
|
+ echo -e "Couldn't find free port for server"
|
|
|
+ do_cleanup
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
|
|
|
- $OPENSSL s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" &
|
|
|
- server_pid=$!
|
|
|
- # wait to see if s_server successfully starts before continuing
|
|
|
- sleep 0.1
|
|
|
+ servers="$servers OpenSSL_$openssl_suite:$server_pid:$server_port"
|
|
|
+}
|
|
|
|
|
|
- if ps -p $server_pid > /dev/null
|
|
|
+#
|
|
|
+# Start a wolfSSL server
|
|
|
+#
|
|
|
+start_wolfssl_server() {
|
|
|
+ if [ "$wolfssl_server_avail" = "" ]
|
|
|
then
|
|
|
- echo "s_server started successfully on port $openssl_port"
|
|
|
- found_free_port=1
|
|
|
- break
|
|
|
- else
|
|
|
- #port already started, try a different port
|
|
|
- counter=$((counter+ 1))
|
|
|
- generate_port
|
|
|
- openssl_port=$port
|
|
|
+ echo "# wolfSSL server not available"
|
|
|
+ return
|
|
|
fi
|
|
|
-done
|
|
|
|
|
|
-if [ $found_free_port = 0 ]
|
|
|
-then
|
|
|
- echo -e "Couldn't find free port for server"
|
|
|
- do_cleanup
|
|
|
- exit 1
|
|
|
-fi
|
|
|
+ wolfssl_cert=""
|
|
|
+ wolfssl_key=""
|
|
|
+ wolfssl_caCert=""
|
|
|
+ if [ "$cert_file" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_cert="-c$cert_file"
|
|
|
+ fi
|
|
|
+ if [ "$key_file" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_key="-k$key_file"
|
|
|
+ fi
|
|
|
+ if [ "$ca_file" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_caCert="-A$ca_file"
|
|
|
+ fi
|
|
|
|
|
|
-# if ECDH-RSA is enabled then start up server for ECDH-RSA suites
|
|
|
-case $wolf_ciphers in
|
|
|
-*ECDH-RSA*)
|
|
|
generate_port
|
|
|
- ecdh_port=$port
|
|
|
+ server_port=$port
|
|
|
found_free_port=0
|
|
|
counter=0
|
|
|
while [ "$counter" -lt 20 ]; do
|
|
|
- echo -e "\nTrying to start ECDH-RSA openssl server on port $ecdh_port...\n"
|
|
|
+ echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..."
|
|
|
|
|
|
- $OPENSSL s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
|
|
|
- ecdh_server_pid=$!
|
|
|
+ echo "#"
|
|
|
+ echo "# $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL"
|
|
|
+ $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL &
|
|
|
+ server_pid=$!
|
|
|
# wait to see if s_server successfully starts before continuing
|
|
|
sleep 0.1
|
|
|
|
|
|
- if ps -p $ecdh_server_pid > /dev/null
|
|
|
+ check_process_running
|
|
|
+ if [ "$PS_EXIT" = "0" ]
|
|
|
then
|
|
|
- echo "s_server started successfully on port $ecdh_port"
|
|
|
+ echo "wolfSSL server started successfully on port $server_port"
|
|
|
found_free_port=1
|
|
|
break
|
|
|
else
|
|
|
#port already started, try a different port
|
|
|
counter=$((counter+ 1))
|
|
|
generate_port
|
|
|
- ecdh_port=$port
|
|
|
+ server_port=$port
|
|
|
fi
|
|
|
done
|
|
|
|
|
@@ -151,113 +217,661 @@ case $wolf_ciphers in
|
|
|
do_cleanup
|
|
|
exit 1
|
|
|
fi
|
|
|
+
|
|
|
+ servers="$servers wolfSSL_$wolfssl_suite:$server_pid:$server_port"
|
|
|
+}
|
|
|
+
|
|
|
+check_server_ready() {
|
|
|
+ # server should be ready, let's make sure
|
|
|
+ server_ready=0
|
|
|
+ while [ "$counter" -lt 20 ]; do
|
|
|
+ echo -e "waiting for $server_name ready..."
|
|
|
+ echo -e Checking | nc localhost $server_port
|
|
|
+ nc_result=$?
|
|
|
+ if [ $nc_result = 0 ]
|
|
|
+ then
|
|
|
+ echo -e "$server_name ready!"
|
|
|
+ server_ready=1
|
|
|
+ break
|
|
|
+ fi
|
|
|
+ sleep 0.1
|
|
|
+ counter=$((counter+ 1))
|
|
|
+ done
|
|
|
+
|
|
|
+ if [ $server_ready = 0 ]
|
|
|
+ then
|
|
|
+ echo -e "Couldn't verify $server_name is running, timeout error"
|
|
|
+ do_cleanup
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+}
|
|
|
+
|
|
|
+#
|
|
|
+# Run wolfSSL client against OpenSSL server
|
|
|
+#
|
|
|
+do_wolfssl_client() {
|
|
|
+ if [ "$wolfssl_client_avail" = "" ]
|
|
|
+ then
|
|
|
+ return
|
|
|
+ fi
|
|
|
+
|
|
|
+ wolfssl_cert=""
|
|
|
+ wolfssl_key=""
|
|
|
+ wolfssl_caCert=""
|
|
|
+ if [ "$cert" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_cert="-c$cert"
|
|
|
+ fi
|
|
|
+ if [ "$key" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_key="-k$key"
|
|
|
+ fi
|
|
|
+ if [ "$caCert" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_caCert="-A$caCert"
|
|
|
+ fi
|
|
|
+ wolfssl_resume="-r"
|
|
|
+ if [ "$openssl_psk_resume_bug" != "" -a "$tls13_suite" != "" ]
|
|
|
+ then
|
|
|
+ wolfssl_resume=
|
|
|
+ fi
|
|
|
+ if [ "$version" != "5" -a "$version" != "" ]
|
|
|
+ then
|
|
|
+ echo "#"
|
|
|
+ echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl"
|
|
|
+ $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl
|
|
|
+ else
|
|
|
+ echo "#"
|
|
|
+ echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl"
|
|
|
+ # do all versions
|
|
|
+ $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh $wolfssl_cert $wolfssl_key $wolfssl_caCert $crl
|
|
|
+ fi
|
|
|
+
|
|
|
+ client_result=$?
|
|
|
+
|
|
|
+ if [ $client_result != 0 ]
|
|
|
+ then
|
|
|
+ echo -e "client failed! Suite = $wolfSuite version = $version"
|
|
|
+ do_cleanup
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+ wolf_temp_cases_tested=$((wolf_temp_cases_tested+1))
|
|
|
+}
|
|
|
+
|
|
|
+#
|
|
|
+# Run OpenSSL client against wolfSSL server
|
|
|
+#
|
|
|
+do_openssl_client() {
|
|
|
+ if [ "$wolfssl_server_avail" = "" ]
|
|
|
+ then
|
|
|
+ return
|
|
|
+ fi
|
|
|
+
|
|
|
+ if [ "$version" = "" -o "$version" = "5" ]
|
|
|
+ then
|
|
|
+ if [ "$tls13_cipher" = "" -a "$openssl_tls13" != "" ]
|
|
|
+ then
|
|
|
+ openssl_version="-no_tls1_3"
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+ if [ "$cert" != "" ]
|
|
|
+ then
|
|
|
+ openssl_cert1="-cert"
|
|
|
+ openssl_cert2="$cert"
|
|
|
+ fi
|
|
|
+ if [ "$key" != "" ]
|
|
|
+ then
|
|
|
+ openssl_key1="-key"
|
|
|
+ openssl_key2="$key"
|
|
|
+ fi
|
|
|
+ if [ "$caCert" != "" ]
|
|
|
+ then
|
|
|
+ openssl_caCert1="-CAfile"
|
|
|
+ openssl_caCert2="$caCert"
|
|
|
+ fi
|
|
|
+ if [ "$tls13_cipher" = "" ]
|
|
|
+ then
|
|
|
+ echo "#"
|
|
|
+ echo "# $OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2"
|
|
|
+ echo "Hello" | $OPENSSL s_client -connect localhost:$port -reconnect -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2
|
|
|
+ else
|
|
|
+ echo "#"
|
|
|
+ echo "# $OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2"
|
|
|
+ echo "Hello" | $OPENSSL s_client -connect localhost:$port -reconnect -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 $openssl_cert2 $openssl_key1 $openssl_key2 $openssl_caCert1 $openssl_caCert2
|
|
|
+ fi
|
|
|
+
|
|
|
+ client_result=$?
|
|
|
+
|
|
|
+ if [ $client_result != 0 ]
|
|
|
+ then
|
|
|
+ echo -e "client failed! Suite = $wolfSuite version = $version"
|
|
|
+ do_cleanup
|
|
|
+ exit 1
|
|
|
+ fi
|
|
|
+ open_temp_cases_tested=$((open_temp_cases_tested+1))
|
|
|
+}
|
|
|
+
|
|
|
+OIFS=$IFS # store old separator to reset
|
|
|
+
|
|
|
+#
|
|
|
+# Start
|
|
|
+#
|
|
|
+ps -p $PPID >/dev/null 2>&1
|
|
|
+if [ "$?" = "1" ]
|
|
|
+then
|
|
|
+ ps_grep="yes"
|
|
|
+ echo "ps -p not working, using ps and grep"
|
|
|
+fi
|
|
|
+
|
|
|
+echo -e "\nTesting existence of openssl command...\n"
|
|
|
+command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; do_cleanup; exit 0; }
|
|
|
+
|
|
|
+
|
|
|
+echo -e "\nTesting for _build directory as part of distcheck, different paths"
|
|
|
+currentDir=`pwd`
|
|
|
+if [ $currentDir = *"_build" ]
|
|
|
+then
|
|
|
+ echo -e "_build directory detected, moving a directory back"
|
|
|
+ cd ..
|
|
|
+fi
|
|
|
+echo -e "\nChecking for wolfSSL client - needed for cipher list"
|
|
|
+wolfssl_client_avail=`$WOLFSSL_CLIENT -?`
|
|
|
+case $wolfssl_client_avail in
|
|
|
+*"Client not compiled in!"*)
|
|
|
+ wolfssl_client_avail=
|
|
|
+ echo >&2 "Requires wolfSSL client, but it's not built. Ending."
|
|
|
+ do_cleanup
|
|
|
+ exit 0
|
|
|
;;
|
|
|
esac
|
|
|
|
|
|
-# server should be ready, let's make sure
|
|
|
-server_ready=0
|
|
|
-while [ "$counter" -lt 20 ]; do
|
|
|
- echo -e "waiting for openssl s_server ready..."
|
|
|
- nc -z localhost $openssl_port
|
|
|
- nc_result=$?
|
|
|
- if [ $nc_result = 0 ]
|
|
|
+echo -e "\nTesting for buggy version of OpenSSL - TLS 1.3, PSK and session ticket"
|
|
|
+openssl_version=`$OPENSSL version`
|
|
|
+case $openssl_version in
|
|
|
+"OpenSSL 1.1.1 "*)
|
|
|
+ openssl_psk_resume_bug=yes
|
|
|
+ ;;
|
|
|
+"OpenSSL 1.0.2"*)
|
|
|
+ openssl_adh_reneg_bug=yes
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+
|
|
|
+# check for wolfssl server
|
|
|
+wolfssl_server_avail=`$WOLFSSL_SERVER -?`
|
|
|
+case $wolfssl_server_avail in
|
|
|
+*"Server not compiled in!"*)
|
|
|
+ wolfssl_server_avail=
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+# get wolfssl ciphers
|
|
|
+wolf_ciphers=`$WOLFSSL_CLIENT -e`
|
|
|
+# get wolfssl supported versions
|
|
|
+wolf_versions=`$WOLFSSL_CLIENT -V`
|
|
|
+wolf_versions="$wolf_versions:5" #5 will test without -v flag
|
|
|
+
|
|
|
+OIFS=$IFS # store old separator to reset
|
|
|
+IFS=$'\:' # set delimiter
|
|
|
+for version in $wolf_versions
|
|
|
+do
|
|
|
+ case $version in
|
|
|
+ 1|2|3)
|
|
|
+ wolf_tls=yes
|
|
|
+ ;;
|
|
|
+ 4)
|
|
|
+ wolf_tls13=yes
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
+done
|
|
|
+IFS=$OIFS #restore separator
|
|
|
+
|
|
|
+#
|
|
|
+# Start OpenSSL servers
|
|
|
+#
|
|
|
+
|
|
|
+# Check if ECC certificates supported in wolfSSL
|
|
|
+wolf_ecc=`$WOLFSSL_CLIENT -A ./certs/ed25519/ca-ecc-cert.pem 2>&1`
|
|
|
+case $wolf_ecc in
|
|
|
+*"ca file"*)
|
|
|
+ wolf_ecc=""
|
|
|
+ ;;
|
|
|
+*)
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+# Check if Ed25519 certificates supported in wolfSSL
|
|
|
+wolf_ed25519=`$WOLFSSL_CLIENT -A ./certs/ed25519/root-ed25519.pem 2>&1`
|
|
|
+case $wolf_ed25519 in
|
|
|
+*"ca file"*)
|
|
|
+ wolf_ed25519=""
|
|
|
+ ;;
|
|
|
+*)
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+# Check if Ed25519 certificates supported in OpenSSL
|
|
|
+openssl_ed25519=`$OPENSSL s_client -cert ./certs/ed25519/client-ed25519.pem -key ./certs/ed25519/client-ed25519-priv.pem 2>&1`
|
|
|
+case $openssl_ed25519 in
|
|
|
+*"unable to load"*)
|
|
|
+ wolf_ed25519=""
|
|
|
+ ;;
|
|
|
+*)
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+# Check if Ed448 certificates supported in wolfSSL
|
|
|
+wolf_ed448=`$WOLFSSL_CLIENT -A ./certs/ed448/root-ed448.pem 2>&1`
|
|
|
+case $wolf_ed448 in
|
|
|
+*"ca file"*)
|
|
|
+ wolf_ed448=""
|
|
|
+ ;;
|
|
|
+*)
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+# Check if Ed448 certificates supported in OpenSSL
|
|
|
+openssl_ed448=`$OPENSSL s_client -cert ./certs/ed448/client-ed448.pem -key ./certs/ed448/client-ed448-priv.pem 2>&1`
|
|
|
+case $openssl_ed448 in
|
|
|
+*"unable to load"*)
|
|
|
+ wolf_ed448=""
|
|
|
+ ;;
|
|
|
+*)
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+
|
|
|
+openssl_tls13=`$OPENSSL s_client -help 2>&1`
|
|
|
+case $openssl_tls13 in
|
|
|
+*no_tls1_3*)
|
|
|
+ ;;
|
|
|
+*)
|
|
|
+ openssl_tls13=
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+
|
|
|
+# Check suites to determine support in wolfSSL
|
|
|
+OIFS=$IFS # store old separator to reset
|
|
|
+IFS=$'\:' # set delimiter
|
|
|
+for wolfSuite in $wolf_ciphers; do
|
|
|
+ case $wolfSuite in
|
|
|
+ *ECDHE-RSA-*)
|
|
|
+ ecdhe_avail=yes
|
|
|
+ wolf_rsa=yes
|
|
|
+ ;;
|
|
|
+ *DHE-RSA-*)
|
|
|
+ wolf_rsa=yes
|
|
|
+ ;;
|
|
|
+ *ECDH-RSA*)
|
|
|
+ wolf_ecdh_rsa=yes
|
|
|
+ ;;
|
|
|
+ *ECDHE-ECDSA*|*ECDH-ECDSA*)
|
|
|
+ wolf_ecdsa=yes
|
|
|
+ ;;
|
|
|
+ *ADH*)
|
|
|
+ wolf_anon=yes
|
|
|
+ ;;
|
|
|
+ *PSK*)
|
|
|
+ if [ "$wolf_psk" = "" ]
|
|
|
+ then
|
|
|
+ echo "Testing PSK"
|
|
|
+ wolf_psk=1
|
|
|
+ fi
|
|
|
+ if [ "$wolf_tls" != "" ]
|
|
|
+ then
|
|
|
+ wolf_tls_psk=yes
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ *TLS13*)
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ wolf_rsa=yes
|
|
|
+ esac
|
|
|
+done
|
|
|
+IFS=$OIFS #restore separator
|
|
|
+
|
|
|
+openssl_ciphers=`$OPENSSL ciphers ALL 2>&1`
|
|
|
+case $openssl_ciphers in
|
|
|
+*ADH*)
|
|
|
+ openssl_anon=yes
|
|
|
+ ;;
|
|
|
+esac
|
|
|
+
|
|
|
+# TLSv1 -> TLSv1.2 PSK secret
|
|
|
+psk_hex="1a2b3c4d"
|
|
|
+
|
|
|
+# If RSA cipher suites supported in wolfSSL then start servers
|
|
|
+if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ]
|
|
|
+then
|
|
|
+ if [ "$wolf_rsa" != "" ]
|
|
|
then
|
|
|
- echo -e "openssl s_server ready!"
|
|
|
- server_ready=1
|
|
|
- break
|
|
|
+ cert_file="./certs/server-cert.pem"
|
|
|
+ key_file="./certs/server-key.pem"
|
|
|
+ ca_file="./certs/client-ca.pem"
|
|
|
+ else
|
|
|
+ cert_file=
|
|
|
+ key_file=
|
|
|
+ ca_file=
|
|
|
fi
|
|
|
- sleep 0.1
|
|
|
- counter=$((counter+ 1))
|
|
|
-done
|
|
|
|
|
|
+ openssl_suite="RSA"
|
|
|
+ start_openssl_server
|
|
|
+ openssl_port=$server_port
|
|
|
+ openssl_pid=$server_pid
|
|
|
+
|
|
|
+ wolfssl_suite="RSA"
|
|
|
+ if [ "$wolf_tls_psk" != "" ]
|
|
|
+ then
|
|
|
+ psk="-j"
|
|
|
+ fi
|
|
|
+echo "cert_file=$cert_file"
|
|
|
+ start_wolfssl_server
|
|
|
+ psk=
|
|
|
+ wolfssl_port=$server_port
|
|
|
+ wolfssl_pid=$server_pid
|
|
|
+fi
|
|
|
|
|
|
-if [ $server_ready = 0 ]
|
|
|
+# If ECDH-RSA cipher suites supported in wolfSSL then start servers
|
|
|
+if [ "$wolf_ecdh_rsa" != "" ]
|
|
|
then
|
|
|
- echo -e "Couldn't verify openssl server is running, timeout error"
|
|
|
- do_cleanup
|
|
|
- exit 1
|
|
|
+ cert_file="./certs/server-ecc-rsa.pem"
|
|
|
+ key_file="./certs/ecc-key.pem"
|
|
|
+ ca_file="./certs/client-ca.pem"
|
|
|
+
|
|
|
+ openssl_suite="ECDH-RSA"
|
|
|
+ start_openssl_server
|
|
|
+ ecdh_openssl_port=$server_port
|
|
|
+ ecdh_openssl_pid=$server_pid
|
|
|
+
|
|
|
+ wolfssl_suite="ECDH-RSA"
|
|
|
+ start_wolfssl_server
|
|
|
+ ecdh_wolfssl_port=$server_port
|
|
|
+ ecdh_wolfssl_pid=$server_pid
|
|
|
fi
|
|
|
|
|
|
+if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ]
|
|
|
+then
|
|
|
+ cert_file="./certs/server-ecc.pem"
|
|
|
+ key_file="./certs/ecc-key.pem"
|
|
|
+ ca_file="./certs/client-ca.pem"
|
|
|
+
|
|
|
+ openssl_suite="ECDH[E]-ECDSA"
|
|
|
+ start_openssl_server
|
|
|
+ ecdsa_openssl_port=$server_port
|
|
|
+ ecdsa_openssl_pid=$server_pid
|
|
|
+
|
|
|
+ wolfssl_suite="ECDH[E]-ECDSA"
|
|
|
+ start_wolfssl_server
|
|
|
+ ecdsa_wolfssl_port=$server_port
|
|
|
+ ecdsa_wolfssl_pid=$server_pid
|
|
|
+fi
|
|
|
+
|
|
|
+# If Ed25519 certificates supported in wolfSSL then start servers
|
|
|
+if [ "$wolf_ed25519" != "" ];
|
|
|
+then
|
|
|
+ cert_file="./certs/ed25519/server-ed25519.pem"
|
|
|
+ key_file="./certs/ed25519/server-ed25519-priv.pem"
|
|
|
+ ca_file="./certs/ed25519/root-ed25519.pem"
|
|
|
+
|
|
|
+ openssl_suite="Ed25519"
|
|
|
+ start_openssl_server
|
|
|
+ ed25519_openssl_port=$server_port
|
|
|
+ ed25519_openssl_pid=$server_pid
|
|
|
+
|
|
|
+ crl="-V"
|
|
|
+ wolfssl_suite="Ed25519"
|
|
|
+ start_wolfssl_server
|
|
|
+ ed25519_wolfssl_port=$server_port
|
|
|
+ ed25519_wolfssl_pid=$server_pid
|
|
|
+ crl=
|
|
|
+fi
|
|
|
+
|
|
|
+# If Ed448 certificates supported in wolfSSL then start servers
|
|
|
+if [ "$wolf_ed448" != "" ];
|
|
|
+then
|
|
|
+ cert_file="./certs/ed448/server-ed448.pem"
|
|
|
+ key_file="./certs/ed448/server-ed448-priv.pem"
|
|
|
+ ca_file="./certs/ed448/client-ed448.pem"
|
|
|
+
|
|
|
+ openssl_suite="Ed448"
|
|
|
+ start_openssl_server
|
|
|
+ ed448_openssl_port=$server_port
|
|
|
+ ed448_openssl_pid=$server_pid
|
|
|
+
|
|
|
+ crl="-V"
|
|
|
+ wolfssl_suite="Ed448"
|
|
|
+ start_wolfssl_server
|
|
|
+ ed448_wolfssl_port=$server_port
|
|
|
+ ed448_wolfssl_pid=$server_pid
|
|
|
+ crl=
|
|
|
+fi
|
|
|
+
|
|
|
+if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ]
|
|
|
+then
|
|
|
+ cert_file="./certs/server-cert.pem"
|
|
|
+ key_file="./certs/server-key.pem"
|
|
|
+
|
|
|
+ psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
|
|
|
+ openssl_suite="TLSv1.3_PSK"
|
|
|
+ start_openssl_server
|
|
|
+ tls13_psk_openssl_port=$server_port
|
|
|
+ tls13_psk_openssl_pid=$server_pid
|
|
|
+
|
|
|
+ psk="-s"
|
|
|
+ wolfssl_suite="TLSv1.3_PSK"
|
|
|
+ start_wolfssl_server
|
|
|
+ tls13_psk_wolfssl_port=$server_port
|
|
|
+ tls13_psk_wolfssl_pid=$server_pid
|
|
|
+fi
|
|
|
+if [ "$wolf_anon" != "" -a "$openssl_anon" ]
|
|
|
+then
|
|
|
+ cert_file=""
|
|
|
+ key_file=""
|
|
|
+ ca_file=""
|
|
|
+
|
|
|
+ wolfssl_suite="Anon"
|
|
|
+ psk="-a" # anonymous not psk
|
|
|
+ start_wolfssl_server
|
|
|
+ anon_wolfssl_port=$server_port
|
|
|
+ anon_wolfssl_pid=$server_pid
|
|
|
+fi
|
|
|
+
|
|
|
+for s in $servers
|
|
|
+do
|
|
|
+ f2=${s%:*}
|
|
|
+ server_name=${f2%:*}
|
|
|
+ server_port=${s##*:}
|
|
|
+ check_server_ready
|
|
|
+done
|
|
|
+
|
|
|
OIFS=$IFS # store old separator to reset
|
|
|
IFS=$'\:' # set delimiter
|
|
|
set -f # no globbing
|
|
|
|
|
|
-wolf_versions=`./examples/client/client -V`
|
|
|
-wolf_versions="$wolf_versions:4" #:4 will test without -v flag
|
|
|
-
|
|
|
-wolf_temp_suites_total=0
|
|
|
-wolf_temp_suites_tested=0
|
|
|
+wolf_temp_cases_total=0
|
|
|
+wolf_temp_cases_tested=0
|
|
|
|
|
|
+# Testing of OpenSSL support for version requires a running OpenSSL server
|
|
|
for version in $wolf_versions;
|
|
|
do
|
|
|
echo -e "version = $version"
|
|
|
# get openssl ciphers depending on version
|
|
|
# -s flag for only supported ciphers
|
|
|
- case $version in "0")
|
|
|
- openssl_ciphers=`$OPENSSL ciphers "SSLv3"`
|
|
|
+ case $version in
|
|
|
+ "0")
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers "SSLv3" 2>&1`
|
|
|
|
|
|
# double check that can actually do a sslv3 connection using
|
|
|
# client-cert.pem to send but any file with EOF works
|
|
|
$OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem
|
|
|
sslv3_sup=$?
|
|
|
-
|
|
|
if [ $sslv3_sup != 0 ]
|
|
|
then
|
|
|
echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier"
|
|
|
- testing_summary="$testing_summary SSLv3\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
|
|
|
+ testing_summary="${testing_summary}SSLv3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
continue
|
|
|
fi
|
|
|
+ openssl_version="-ssl3"
|
|
|
;;
|
|
|
"1")
|
|
|
- openssl_ciphers=`$OPENSSL ciphers -s "TLSv1"`
|
|
|
+ proto_check=`echo "hell" | $OPENSSL s_client -connect localhost:$openssl_port -tls1 2>&1`
|
|
|
+ tlsv1_sup=$?
|
|
|
+ if [ $tlsv1_sup != 0 ]
|
|
|
+ then
|
|
|
+ echo -e "Not testing TLSv1. No OpenSSL support for '-tls1'"
|
|
|
+ testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL Support)\n"
|
|
|
+ continue
|
|
|
+ fi
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
|
|
|
tlsv1_sup=$?
|
|
|
if [ $tlsv1_sup != 0 ]
|
|
|
then
|
|
|
echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
|
|
|
- testing_summary="$testing_summary TLSv1\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
|
|
|
+ testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
continue
|
|
|
fi
|
|
|
+ openssl_version="-tls1"
|
|
|
;;
|
|
|
"2")
|
|
|
- openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.1"`
|
|
|
+ # Same ciphers for TLSv1.1 as TLSv1
|
|
|
+ proto_check=`echo "hello" | $OPENSSL s_client -connect localhost:$openssl_port -tls1_1 2>&1`
|
|
|
tlsv1_1_sup=$?
|
|
|
if [ $tlsv1_1_sup != 0 ]
|
|
|
then
|
|
|
echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier"
|
|
|
- testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
|
|
|
+ testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
+ continue
|
|
|
+ fi
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
|
|
|
+ tlsv1_sup=$?
|
|
|
+ if [ $tlsv1_sup != 0 ]
|
|
|
+ then
|
|
|
+ echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
|
|
|
+ testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
continue
|
|
|
fi
|
|
|
+ openssl_version="-tls1_1"
|
|
|
;;
|
|
|
"3")
|
|
|
- openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2"`
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2" 2>&1`
|
|
|
tlsv1_2_sup=$?
|
|
|
if [ $tlsv1_2_sup != 0 ]
|
|
|
then
|
|
|
echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier"
|
|
|
- testing_summary="$testing_summary TLSv1.2\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
|
|
|
+ testing_summary="${testing_summary}TLSv1.2\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
continue
|
|
|
fi
|
|
|
+ openssl_version="-tls1_2"
|
|
|
+ ;;
|
|
|
+ "4")
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers -tls1_3 2>&1`
|
|
|
+ tlsv1_3_sup=$?
|
|
|
+ if [ $tlsv1_3_sup != 0 ]
|
|
|
+ then
|
|
|
+ echo -e "Not testing TLSv1.3. No OpenSSL support for 'TLSv1.3' modifier"
|
|
|
+ testing_summary="${testing_summary}TLSv1.3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
+ continue
|
|
|
+ fi
|
|
|
+ ecc_support=`$WOLFSSL_CLIENT -? 2>&1 | grep 'ECC named groups'`
|
|
|
+ openssl_version="-tls1_3"
|
|
|
+ ;;
|
|
|
+ "d(downgrade)")
|
|
|
+ version="d"
|
|
|
+ openssl_version=""
|
|
|
;;
|
|
|
- "4") #test all suites
|
|
|
- openssl_ciphers=`$OPENSSL ciphers -s "ALL"`
|
|
|
+ "e(either)")
|
|
|
+ continue
|
|
|
+ ;;
|
|
|
+ "5") #test all suites
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers -s "ALL" 2>&1`
|
|
|
all_sup=$?
|
|
|
if [ $all_sup != 0 ]
|
|
|
then
|
|
|
echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
|
|
|
- testing_summary="$testing_summary ALL\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
|
|
|
+ testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
continue
|
|
|
fi
|
|
|
+ openssl_version=""
|
|
|
+ ;;
|
|
|
+ "")
|
|
|
+ openssl_ciphers=`$OPENSSL ciphers 2>&1`
|
|
|
+ all_sup=$?
|
|
|
+ if [ $all_sup != 0 ]
|
|
|
+ then
|
|
|
+ echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
|
|
|
+ testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
|
|
|
+ continue
|
|
|
+ fi
|
|
|
+ openssl_version=""
|
|
|
;;
|
|
|
esac
|
|
|
|
|
|
for wolfSuite in $wolf_ciphers; do
|
|
|
echo -e "trying wolfSSL cipher suite $wolfSuite"
|
|
|
- wolf_temp_suites_total=$((wolf_temp_suites_total + 1))
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
matchSuite=0;
|
|
|
+ tls13_suite=
|
|
|
+
|
|
|
+ case $wolfSuite in
|
|
|
+ "TLS13-AES128-GCM-SHA256")
|
|
|
+ cmpSuite="TLS_AES_128_GCM_SHA256"
|
|
|
+ tls13_suite="yes"
|
|
|
+ ;;
|
|
|
+ "TLS13-AES256-GCM-SHA384")
|
|
|
+ cmpSuite="TLS_AES_256_GCM_SHA384"
|
|
|
+ tls13_suite="yes"
|
|
|
+ ;;
|
|
|
+ "TLS13-CHACHA20-POLY1305-SHA256")
|
|
|
+ cmpSuite="TLS_CHACHA20_POLY1305_SHA256"
|
|
|
+ tls13_suite="yes"
|
|
|
+ ;;
|
|
|
+ "TLS13-AES128-CCM-SHA256")
|
|
|
+ cmpSuite="TLS_AES_128_CCM_SHA256"
|
|
|
+ tls13_suite="yes"
|
|
|
+ ;;
|
|
|
+ "TLS13-AES128-CCM-8-SHA256")
|
|
|
+ cmpSuite="TLS_AES_128_CCM_8_SHA256"
|
|
|
+ tls13_suite="yes"
|
|
|
+ ;;
|
|
|
+ "TLS13-SHA256-SHA256")
|
|
|
+ continue
|
|
|
+ ;;
|
|
|
+ "TLS13-SHA384-SHA384")
|
|
|
+ continue
|
|
|
+ ;;
|
|
|
+ "TLS13-"*)
|
|
|
+ echo -e "Suite = $wolfSuite not recognized!"
|
|
|
+ echo -e "Add translation of wolfSSL name to OpenSSL"
|
|
|
+ do_cleanup
|
|
|
+ exit 1
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ cmpSuite=$wolfSuite
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
|
|
|
- case ":$openssl_ciphers:" in *":$wolfSuite:"*) # add extra : for edge cases
|
|
|
- echo -e "Matched to OpenSSL suite support"
|
|
|
- matchSuite=1;;
|
|
|
+ case ":$openssl_ciphers:" in *":$cmpSuite:"*) # add extra : for edge cases
|
|
|
+ case "$cmpSuite" in
|
|
|
+ "TLS_"*)
|
|
|
+ if [ "$version" != "4" -a "$version" != "d" ]
|
|
|
+ then
|
|
|
+ echo -e "TLS 1.3 cipher suite but not TLS 1.3 protocol"
|
|
|
+ matchSuite=0
|
|
|
+ else
|
|
|
+ echo -e "Matched to OpenSSL suite support"
|
|
|
+ matchSuite=1
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ if [ "$version" = "d" -a "$wolfdowngrade" = "4" ]
|
|
|
+ then
|
|
|
+ echo -e "Not TLS 1.3 cipher suite but TLS 1.3 downgrade"
|
|
|
+ matchSuite=0
|
|
|
+ elif [ "$version" != "4" ]
|
|
|
+ then
|
|
|
+ echo -e "Matched to OpenSSL suite support"
|
|
|
+ matchSuite=1
|
|
|
+ else
|
|
|
+ echo -e "Not TLS 1.3 cipher suite but TLS 1.3 protocol"
|
|
|
+ matchSuite=0
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
+ ;;
|
|
|
esac
|
|
|
|
|
|
if [ $matchSuite = 0 ]
|
|
@@ -269,56 +883,230 @@ do
|
|
|
# check for psk suite and turn on client psk if so
|
|
|
psk=""
|
|
|
adh=""
|
|
|
- port=$openssl_port
|
|
|
+ crl=""
|
|
|
+ cert=""
|
|
|
+ key=""
|
|
|
caCert=""
|
|
|
case $wolfSuite in
|
|
|
*ECDH-RSA*)
|
|
|
- port=$ecdh_port ;;
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
+ port=$ecdh_openssl_port
|
|
|
+ do_wolfssl_client
|
|
|
+ port=$ecdh_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ ;;
|
|
|
*ECDHE-ECDSA*|*ECDH-ECDSA*)
|
|
|
- caCert="-A./certs/ca-ecc-cert.pem" ;;
|
|
|
+ if [ "$wolf_ecc" != "" ]
|
|
|
+ then
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-ecc-cert.pem"
|
|
|
+
|
|
|
+ port=$ecdsa_openssl_port
|
|
|
+ do_wolfssl_client
|
|
|
+ port=$ecdsa_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ else
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total - 1))
|
|
|
+ fi
|
|
|
+ if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
|
|
|
+ then
|
|
|
+ cert="./certs/ed25519/server-ed25519.pem"
|
|
|
+ key="./certs/ed25519/server-ed25519-priv.pem"
|
|
|
+ caCert="./certs/ed25519/server-ed25519.pem"
|
|
|
+
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ port=$ed25519_openssl_port
|
|
|
+ crl="-C"
|
|
|
+ do_wolfssl_client
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$ed25519_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
|
|
|
+ then
|
|
|
+ cert="./certs/ed448/client-ed448.pem"
|
|
|
+ key="./certs/ed448/client-ed448-priv.pem"
|
|
|
+ caCert="./certs/ed448/server-ed448.pem"
|
|
|
+
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ port=$ed448_openssl_port
|
|
|
+ crl="-C"
|
|
|
+ do_wolfssl_client
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$ed448_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
+ *DHE-PSK*)
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
+
|
|
|
+ port=$openssl_port
|
|
|
+ psk="-s"
|
|
|
+ do_wolfssl_client
|
|
|
+
|
|
|
+ # Skip when no RSA as some versions of OpenSSL can't handle no
|
|
|
+ # signature
|
|
|
+ if [ "$wolf_rsa" != "" ]
|
|
|
+ then
|
|
|
+ port=$wolfssl_port
|
|
|
+ openssl_psk="-psk=1a2b3c4d"
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ ;;
|
|
|
*PSK*)
|
|
|
- psk="-s " ;;
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
+
|
|
|
+ port=$openssl_port
|
|
|
+ psk="-s"
|
|
|
+ do_wolfssl_client
|
|
|
+ port=$wolfssl_port
|
|
|
+ openssl_psk="-psk=1a2b3c4d"
|
|
|
+ do_openssl_client
|
|
|
+ ;;
|
|
|
*ADH*)
|
|
|
- adh="-a " ;;
|
|
|
- esac
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
|
|
|
- if [ $version -lt 4 ]
|
|
|
- then
|
|
|
- ./examples/client/client -p $port -g -r -l $wolfSuite -v $version $psk $adh $caCert
|
|
|
- else
|
|
|
- # do all versions
|
|
|
- ./examples/client/client -p $port -g -r -l $wolfSuite $psk $adh $caCert
|
|
|
- fi
|
|
|
+ if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ]
|
|
|
+ then
|
|
|
+ continue
|
|
|
+ fi
|
|
|
|
|
|
- client_result=$?
|
|
|
+ port=$openssl_port
|
|
|
+ adh="-a"
|
|
|
+ do_wolfssl_client
|
|
|
+ port=$anon_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ ;;
|
|
|
+ TLS13*)
|
|
|
+ if [ $version != "4" -a $version != "d" -a $version != " " -a $version != "5" ]
|
|
|
+ then
|
|
|
+ continue
|
|
|
+ fi
|
|
|
+ tls13_cipher=yes
|
|
|
+ # RSA
|
|
|
+ if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ]
|
|
|
+ then
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
|
|
|
- if [ $client_result != 0 ]
|
|
|
- then
|
|
|
- echo -e "client failed! Suite = $wolfSuite version = $version"
|
|
|
- do_cleanup
|
|
|
- exit 1
|
|
|
- fi
|
|
|
- wolf_temp_suites_tested=$((wolf_temp_suites_tested+1))
|
|
|
+ port=$openssl_port
|
|
|
+ do_wolfssl_client
|
|
|
+ port=$wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ # PSK
|
|
|
+ if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" ]
|
|
|
+ then
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
+
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ port=$tls13_psk_openssl_port
|
|
|
+ psk="-s"
|
|
|
+ do_wolfssl_client
|
|
|
+ psk=""
|
|
|
+ openssl_psk="-psk=0123456789abcdef0123456789abcdef"
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$tls13_psk_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ openssl_psk=""
|
|
|
+ fi
|
|
|
+ # ECDSA
|
|
|
+ if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ]
|
|
|
+ then
|
|
|
+ cert="./certs/client-ecc-cert.pem"
|
|
|
+ key="./certs/ecc-client-key.pem"
|
|
|
+ caCert="./certs/ca-ecc-cert.pem"
|
|
|
+
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ port=$ecdsa_openssl_port
|
|
|
+ caCert="./certs/ca-ecc-cert.pem"
|
|
|
+ do_wolfssl_client
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$ecdsa_wolfssl_port
|
|
|
+ caCert="./certs/ca-ecc-cert.pem"
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ # Ed25519
|
|
|
+ if [ $ed25519_openssl_pid != $no_pid ]
|
|
|
+ then
|
|
|
+ cert="./certs/ed25519/server-ed25519.pem"
|
|
|
+ key="./certs/ed25519/server-ed25519-priv.pem"
|
|
|
+ caCert="./certs/ed25519/server-ed25519.pem"
|
|
|
+
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ port=$ed25519_openssl_port
|
|
|
+ crl="-C"
|
|
|
+ do_wolfssl_client
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$ed25519_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ # Ed448
|
|
|
+ if [ $ed448_openssl_pid != $no_pid ]
|
|
|
+ then
|
|
|
+ cert="./certs/ed448/client-ed448.pem"
|
|
|
+ key="./certs/ed448/client-ed448-priv.pem"
|
|
|
+ caCert="./certs/ed448/server-ed448.pem"
|
|
|
|
|
|
+ wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
|
|
|
+ port=$ed448_openssl_port
|
|
|
+ crl="-C"
|
|
|
+ do_wolfssl_client
|
|
|
+ open_temp_cases_total=$((open_temp_cases_total + 1))
|
|
|
+ port=$ed448_wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ fi
|
|
|
+ tls13_cipher=
|
|
|
+ ;;
|
|
|
+ *)
|
|
|
+ cert="./certs/client-cert.pem"
|
|
|
+ key="./certs/client-key.pem"
|
|
|
+ caCert="./certs/ca-cert.pem"
|
|
|
+
|
|
|
+ port=$openssl_port
|
|
|
+ do_wolfssl_client
|
|
|
+ port=$wolfssl_port
|
|
|
+ do_openssl_client
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
done
|
|
|
- wolf_suites_tested=$((wolf_temp_suites_tested+wolf_suites_tested))
|
|
|
- wolf_suites_total=$((wolf_temp_suites_total+wolf_suites_total))
|
|
|
- echo -e "wolfSSL suites tested with version:$version $wolf_temp_suites_tested"
|
|
|
+ wolf_cases_tested=$((wolf_temp_cases_tested+wolf_cases_tested))
|
|
|
+ wolf_cases_total=$((wolf_temp_cases_total+wolf_cases_total))
|
|
|
+ echo -e "wolfSSL cases tested with version:$version $wolf_temp_cases_tested"
|
|
|
+ open_cases_tested=$((open_temp_cases_tested+open_cases_tested))
|
|
|
+ open_cases_total=$((open_temp_cases_total+open_cases_total))
|
|
|
+ echo -e "OpenSSL cases tested with version:$version $open_temp_cases_tested"
|
|
|
version_name
|
|
|
- testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_suites_total\t$wolf_temp_suites_tested\n"
|
|
|
- wolf_temp_suites_total=0
|
|
|
- wolf_temp_suites_tested=0
|
|
|
+ testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_cases_total\t$wolf_temp_cases_tested\t$open_temp_cases_total\t$open_temp_cases_tested\n"
|
|
|
+ wolf_temp_cases_total=0
|
|
|
+ wolf_temp_cases_tested=0
|
|
|
+ open_temp_cases_total=0
|
|
|
+ open_temp_cases_tested=0
|
|
|
+ wolfdowngrade="$version"
|
|
|
done
|
|
|
IFS=$OIFS #restore separator
|
|
|
|
|
|
-kill -9 $server_pid
|
|
|
-if [ $ecdh_server_pid != $no_pid ]
|
|
|
-then
|
|
|
- kill -9 $ecdh_server_pid
|
|
|
-fi
|
|
|
+do_cleanup
|
|
|
|
|
|
-echo -e "wolfSSL total suites $wolf_suites_total"
|
|
|
-echo -e "wolfSSL suites tested $wolf_suites_tested"
|
|
|
+echo -e "wolfSSL total cases $wolf_cases_total"
|
|
|
+echo -e "wolfSSL cases tested $wolf_cases_tested"
|
|
|
+echo -e "OpenSSL total cases $open_cases_total"
|
|
|
+echo -e "OpenSSL cases tested $open_cases_tested"
|
|
|
echo -e "\nSuccess!\n\n\n\n"
|
|
|
echo -e "$testing_summary"
|
|
|
exit 0
|