12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196 |
- #!/bin/bash
- CERT_DIR="$PWD/$(dirname "$0")/../certs"
- if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
- echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
- exit 77
- fi
- if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
- if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
- export NETWORK_UNSHARE_HELPER_CALLED=yes
- exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
- fi
- elif [ "${AM_BWRAPPED-}" != "yes" ]; then
- bwrap_path="$(command -v bwrap)"
- if [ -n "$bwrap_path" ]; then
- export AM_BWRAPPED=yes
- exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
- fi
- unset AM_BWRAPPED
- fi
- echo "WOLFSSL_OPENSSL_TEST set, running test..."
- generate_port() {
-
-
-
- if [[ "$OSTYPE" == "linux-gnu"* ]]; then
- port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
- elif [[ "$OSTYPE" == "darwin"* ]]; then
- port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
- else
- echo "Unknown OS TYPE"
- exit 1
- fi
- }
- no_pid=-1
- servers=""
- openssl_pid=$no_pid
- ecdh_openssl_pid=$no_pid
- ecdsa_openssl_pid=$no_pid
- ed25519_openssl_pid=$no_pid
- ed448_openssl_pid=$no_pid
- tls13_psk_openssl_pid=$no_pid
- wolfssl_pid=$no_pid
- ecdh_wolfssl_pid=$no_pid
- ecdsa_wolfssl_pid=$no_pid
- ed25519_wolfssl_pid=$no_pid
- ed448_wolfssl_pid=$no_pid
- tls13_psk_wolfssl_pid=$no_pid
- anon_wolfssl_pid=$no_pid
- wolf_cases_tested=0
- wolf_cases_total=0
- counter=0
- testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
- versionName="Invalid"
- if [ "$OPENSSL" = "" ]; then
- OPENSSL=openssl
- fi
- WOLFSSL_SERVER=./examples/server/server
- WOLFSSL_CLIENT=./examples/client/client
- version_name() {
- case $version in "0")
- versionName="SSLv3"
- ;;
- "1")
- versionName="TLSv1"
- ;;
- "2")
- versionName="TLSv1.1"
- ;;
- "3")
- versionName="TLSv1.2"
- ;;
- "4")
- versionName="TLSv1.3"
- ;;
- "d")
- versionName="Down"
- ;;
- "")
- versionName="Def"
- ;;
- "5")
- versionName="ALL"
- ;;
- esac
- }
- do_cleanup() {
- echo "in cleanup"
- IFS=$OIFS
- for s in $servers
- do
- f2=${s%:*}
- sname=${f2%:*}
- pid=${f2##*:}
- port=${s##*:}
- echo "killing server: $sname ($port)"
- kill -9 $pid
- done
- }
- do_trap() {
- echo "got trap"
- do_cleanup
- exit 1
- }
- trap do_trap INT TERM
- check_process_running() {
- if [ "$ps_grep" = "" ]
- then
- ps -p $server_pid > /dev/null
- PS_EXIT=$?
- else
- ps | grep "^ *$server_pid " > /dev/null
- PS_EXIT=$?
- fi
- }
- start_openssl_server() {
- if [ "$wolfssl_client_avail" = "" ]
- then
- return
- fi
- generate_port
- server_port=$port
- found_free_port=0
- counter=0
-
-
-
- if [ ! -z "${OPENSSL_ENGINE_ID}" ]; then
- OUTPUT=`$OPENSSL engine -tt $OPENSSL_ENGINE_ID`
- if [ $? != 0 ]; then
- printf "not able to load engine\n"
- printf "$OPENSSL engine -tt $OPENSSL_ENGINE_ID\n"
- do_cleanup
- exit 1
- else
- echo $OUTPUT | grep "available"
- if [ $? != 0 ]; then
- printf "engine not available\n"
- do_cleanup
- exit 1
- fi
- fi
- OPENSSL_ENGINE_ID="-engine ${OPENSSL_ENGINE_ID}"
- fi
- while [ "$counter" -lt 20 ]; do
- echo -e "\n# Trying to start $openssl_suite OpenSSL server on port $server_port..."
- echo "#"
- if [ "$cert_file" != "" ]
- then
- echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
- $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
- else
- echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
- $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
- fi
- server_pid=$!
-
- sleep 0.1
- check_process_running
- if [ "$PS_EXIT" = "0" ]
- then
- echo "s_server started successfully on port $server_port"
- found_free_port=1
- break
- else
-
- counter=$((counter+ 1))
- generate_port
- server_port=$port
- fi
- done
- if [ $found_free_port = 0 ]
- then
- echo -e "Couldn't find free port for server"
- do_cleanup
- exit 1
- fi
- servers="$servers OpenSSL_$openssl_suite:$server_pid:$server_port"
- }
- start_wolfssl_server() {
- if [ "$wolfssl_server_avail" = "" ]
- then
- echo "# wolfSSL server not available"
- return
- fi
- wolfssl_cert=""
- wolfssl_key=""
- wolfssl_caCert=""
- if [ "$cert_file" != "" ]
- then
- wolfssl_cert="-c$cert_file"
- fi
- if [ "$key_file" != "" ]
- then
- wolfssl_key="-k$key_file"
- fi
- if [ "$ca_file" != "" ]
- then
- wolfssl_caCert="-A$ca_file"
- fi
- generate_port
- server_port=$port
- found_free_port=0
- counter=0
- while [ "$counter" -lt 20 ]; do
- echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..."
- echo "#"
- echo "# $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\""
- $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" &
- server_pid=$!
-
- sleep 0.1
- check_process_running
- if [ "$PS_EXIT" = "0" ]
- then
- echo "wolfSSL server started successfully on port $server_port"
- found_free_port=1
- break
- else
-
- counter=$((counter+ 1))
- generate_port
- server_port=$port
- fi
- done
- if [ $found_free_port = 0 ]
- then
- echo -e "Couldn't find free port for server"
- do_cleanup
- exit 1
- fi
- servers="$servers wolfSSL_$wolfssl_suite:$server_pid:$server_port"
- }
- check_server_ready() {
-
- server_ready=0
- while [ "$counter" -lt 20 ]; do
- echo -e "waiting for $server_name ready..."
- echo -e Checking | nc localhost $server_port
- nc_result=$?
- if [ $nc_result = 0 ]
- then
- echo -e "$server_name ready!"
- server_ready=1
- break
- fi
- sleep 0.1
- counter=$((counter+ 1))
- done
- if [ $server_ready = 0 ]
- then
- echo -e "Couldn't verify $server_name is running, timeout error"
- do_cleanup
- exit 1
- fi
- }
- do_wolfssl_client() {
- if [ "$wolfssl_client_avail" = "" ]
- then
- return
- fi
- wolfssl_cert=""
- wolfssl_key=""
- wolfssl_caCert=""
- if [ "$cert" != "" ]
- then
- wolfssl_cert="-c$cert"
- fi
- if [ "$key" != "" ]
- then
- wolfssl_key="-k$key"
- fi
- if [ "$caCert" != "" ]
- then
- wolfssl_caCert="-A$caCert"
- fi
- wolfssl_resume="-r"
- if [ "$openssl_psk_resume_bug" != "" -a "$tls13_suite" != "" ]
- then
- wolfssl_resume=
- fi
- if [ "$version" != "5" -a "$version" != "" ]
- then
- echo "#"
- echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
- $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
- else
- echo "#"
- echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
-
- $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
- fi
- client_result=$?
- if [ $client_result != 0 ]
- then
- echo -e "client failed! Suite = $wolfSuite version = $version"
- do_cleanup
- exit 1
- fi
- wolf_temp_cases_tested=$((wolf_temp_cases_tested+1))
- }
- do_openssl_client() {
- if [ "$wolfssl_server_avail" = "" ]
- then
- return
- fi
- if [ "$version" = "" -o "$version" = "5" ]
- then
- if [ "$tls13_cipher" = "" -a "$openssl_tls13" != "" ]
- then
- openssl_version="-no_tls1_3"
- fi
- fi
- if [ "$cert" != "" ]
- then
- openssl_cert1="-cert"
- openssl_cert2="$cert"
- fi
- if [ "$key" != "" ]
- then
- openssl_key1="-key"
- openssl_key2="$key"
- fi
- if [ "$caCert" != "" ]
- then
- openssl_caCert1="-CAfile"
- openssl_caCert2="$caCert"
- fi
- if [ "$tls13_cipher" = "" ]
- then
- echo "#"
- echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
- echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
- else
- echo "#"
- echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
- echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
- fi
- client_result=$?
- if [ $client_result != 0 ]
- then
- echo -e "client failed! Suite = $wolfSuite version = $version"
- do_cleanup
- exit 1
- fi
- open_temp_cases_tested=$((open_temp_cases_tested+1))
- }
- OIFS=$IFS
- ps -p $PPID >/dev/null 2>&1
- if [ "$?" = "1" ]
- then
- ps_grep="yes"
- echo "ps -p not working, using ps and grep"
- fi
- echo -e "\nTesting existence of openssl command...\n"
- command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; do_cleanup; exit 0; }
- echo -e "\nTesting for _build directory as part of distcheck, different paths"
- currentDir=`pwd`
- case "$currentDir" in
- *_build)
- echo -e "_build directory detected, moving a directory back"
- cd ..
- ;;
- esac
- echo -e "\nChecking for wolfSSL client - needed for cipher list"
- wolfssl_client_avail=`$WOLFSSL_CLIENT -?`
- case $wolfssl_client_avail in
- *"Client not compiled in!"*)
- wolfssl_client_avail=
- echo >&2 "Requires wolfSSL client, but it's not built. Ending."
- do_cleanup
- exit 0
- ;;
- esac
- echo -e "\nTesting for buggy version of OpenSSL - TLS 1.3, PSK and session ticket"
- openssl_version=`$OPENSSL version`
- case $openssl_version in
- "OpenSSL 1.1.1 "*)
- openssl_psk_resume_bug=yes
- ;;
- "OpenSSL 1.0.2"*)
- openssl_adh_reneg_bug=yes
- ;;
- esac
- wolfssl_server_avail=`$WOLFSSL_SERVER -?`
- case $wolfssl_server_avail in
- *"Server not compiled in!"*)
- wolfssl_server_avail=
- ;;
- esac
- wolf_ciphers=`$WOLFSSL_CLIENT -e`
- wolf_versions=`$WOLFSSL_CLIENT -V`
- wolf_versions="${wolf_versions}:5"
- OIFS="$IFS"
- IFS=:
- for version in $wolf_versions
- do
- case $version in
- 1|2|3)
- wolf_tls=yes
- ;;
- 4)
- wolf_tls13=yes
- ;;
- esac
- done
- IFS="$OIFS"
- wolf_certs=`$WOLFSSL_CLIENT -? 2>&1`
- case $wolf_certs in
- *"cert"*)
- ;;
- *)
- wolf_certs=""
- ;;
- esac
- if [ "$wolf_certs" != "" ]
- then
-
- wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/ca-ecc-cert.pem" 2>&1`
- case $wolf_ecc in
- *"ca file"*)
- wolf_ecc=""
- ;;
- *)
- ;;
- esac
-
- wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1`
- case $wolf_ed25519 in
- *"ca file"*)
- wolf_ed25519=""
- ;;
- *)
- ;;
- esac
-
- openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1`
- case $openssl_ed25519 in
- *"unable to load"*)
- wolf_ed25519=""
- ;;
- *)
- ;;
- esac
-
- wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1`
- case $wolf_ed448 in
- *"ca file"*)
- wolf_ed448=""
- ;;
- *)
- ;;
- esac
-
- openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1`
- case $openssl_ed448 in
- *"unable to load"*)
- wolf_ed448=""
- ;;
- *)
- ;;
- esac
- fi
- openssl_tls13=`$OPENSSL s_client -help 2>&1`
- case $openssl_tls13 in
- *no_tls1_3*)
- ;;
- *)
- openssl_tls13=
- ;;
- esac
- openssl_nodhe=`$OPENSSL s_client -help 2>&1`
- case $openssl_nodhe in
- *allow_no_dhe_kex*)
- openssl_nodhe=-allow_no_dhe_kex
- ;;
- *)
- openssl_nodhe=
- ;;
- esac
- OIFS="$IFS"
- IFS=:
- for wolfSuite in $wolf_ciphers; do
- case $wolfSuite in
- *ECDHE-RSA-*)
- ecdhe_avail=yes
- wolf_rsa=yes
- ;;
- *DHE-RSA-*)
- wolf_rsa=yes
- ;;
- *ECDH-RSA*)
- wolf_ecdh_rsa=yes
- ;;
- *ECDHE-ECDSA*|*ECDH-ECDSA*)
- wolf_ecdsa=yes
- ;;
- *ADH*)
- wolf_anon=yes
- ;;
- *PSK*)
- if [ "$wolf_psk" = "" ]
- then
- echo "Testing PSK"
- wolf_psk=1
- fi
- if [ "$wolf_tls" != "" ]
- then
- wolf_tls_psk=yes
- fi
- ;;
- *TLS13*)
- ;;
- *)
- wolf_rsa=yes
- esac
- done
- IFS="$OIFS"
- openssl_ciphers=`$OPENSSL ciphers ALL 2>&1`
- case $openssl_ciphers in
- *ADH*)
- openssl_anon=yes
- ;;
- esac
- psk_hex="1a2b3c4d"
- if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ]
- then
- if [ "$wolf_rsa" != "" ]
- then
- cert_file="${CERT_DIR}/server-cert.pem"
- key_file="${CERT_DIR}/server-key.pem"
- ca_file="${CERT_DIR}/client-ca.pem"
- else
- cert_file=
- key_file=
- ca_file=
- fi
- openssl_suite="RSA"
- start_openssl_server
- openssl_port=$server_port
- openssl_pid=$server_pid
- wolfssl_suite="RSA"
- if [ "$wolf_tls_psk" != "" ]
- then
- psk="-j"
- fi
- echo "cert_file=$cert_file"
- start_wolfssl_server
- psk=
- wolfssl_port=$server_port
- wolfssl_pid=$server_pid
- fi
- if [ "$wolf_ecdh_rsa" != "" ]
- then
- cert_file="${CERT_DIR}/server-ecc-rsa.pem"
- key_file="${CERT_DIR}/ecc-key.pem"
- ca_file="${CERT_DIR}/client-ca.pem"
- openssl_suite="ECDH-RSA"
- start_openssl_server
- ecdh_openssl_port=$server_port
- ecdh_openssl_pid=$server_pid
- wolfssl_suite="ECDH-RSA"
- start_wolfssl_server
- ecdh_wolfssl_port=$server_port
- ecdh_wolfssl_pid=$server_pid
- fi
- if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ]
- then
- cert_file="${CERT_DIR}/server-ecc.pem"
- key_file="${CERT_DIR}/ecc-key.pem"
- ca_file="${CERT_DIR}/client-ca.pem"
- openssl_suite="ECDH[E]-ECDSA"
- start_openssl_server
- ecdsa_openssl_port=$server_port
- ecdsa_openssl_pid=$server_pid
- wolfssl_suite="ECDH[E]-ECDSA"
- start_wolfssl_server
- ecdsa_wolfssl_port=$server_port
- ecdsa_wolfssl_pid=$server_pid
- fi
- if [ "$wolf_ed25519" != "" ];
- then
- cert_file="${CERT_DIR}/ed25519/server-ed25519.pem"
- key_file="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
- ca_file="${CERT_DIR}/ed25519/client-ed25519.pem"
- openssl_suite="Ed25519"
- start_openssl_server
- ed25519_openssl_port=$server_port
- ed25519_openssl_pid=$server_pid
- crl="-V"
- wolfssl_suite="Ed25519"
- start_wolfssl_server
- ed25519_wolfssl_port=$server_port
- ed25519_wolfssl_pid=$server_pid
- crl=
- fi
- if [ "$wolf_ed448" != "" ];
- then
- cert_file="${CERT_DIR}/ed448/server-ed448.pem"
- key_file="${CERT_DIR}/ed448/server-ed448-priv.pem"
- ca_file="${CERT_DIR}/ed448/client-ed448.pem"
- openssl_suite="Ed448"
- start_openssl_server
- ed448_openssl_port=$server_port
- ed448_openssl_pid=$server_pid
- crl="-V"
- wolfssl_suite="Ed448"
- start_wolfssl_server
- ed448_wolfssl_port=$server_port
- ed448_wolfssl_pid=$server_pid
- crl=
- fi
- if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ]
- then
- cert_file=
- psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
- openssl_suite="TLSv1.3_PSK"
- start_openssl_server
- tls13_psk_openssl_port=$server_port
- tls13_psk_openssl_pid=$server_pid
- psk="-s"
- wolfssl_suite="TLSv1.3_PSK"
- start_wolfssl_server
- tls13_psk_wolfssl_port=$server_port
- tls13_psk_wolfssl_pid=$server_pid
- fi
- if [ "$wolf_anon" != "" -a "$openssl_anon" ]
- then
- cert_file=""
- key_file=""
- ca_file=""
- wolfssl_suite="Anon"
- psk="-a"
- start_wolfssl_server
- anon_wolfssl_port=$server_port
- anon_wolfssl_pid=$server_pid
- fi
- for s in $servers
- do
- f2=${s%:*}
- server_name=${f2%:*}
- server_port=${s##*:}
- check_server_ready
- done
- OIFS="$IFS"
- IFS=:
- set -f
- wolf_temp_cases_total=0
- wolf_temp_cases_tested=0
- for version in $wolf_versions;
- do
- echo -e "version = $version"
-
-
- case $version in
- "0")
- openssl_ciphers=`$OPENSSL ciphers "SSLv3" 2>&1`
-
-
- $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < "${CERT_DIR}/client-cert.pem"
- sslv3_sup=$?
- if [ $sslv3_sup != 0 ]
- then
- echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier"
- testing_summary="${testing_summary}SSLv3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_version="-ssl3"
- ;;
- "1")
- proto_check=`echo "hell" | $OPENSSL s_client -connect localhost:$openssl_port -tls1 2>&1`
- tlsv1_sup=$?
- if [ $tlsv1_sup != 0 ]
- then
- echo -e "Not testing TLSv1. No OpenSSL support for '-tls1'"
- testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL Support)\n"
- continue
- fi
- openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
- tlsv1_sup=$?
- if [ $tlsv1_sup != 0 ]
- then
- echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
- testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_version="-tls1"
- ;;
- "2")
-
- proto_check=`echo "hello" | $OPENSSL s_client -connect localhost:$openssl_port -tls1_1 2>&1`
- tlsv1_1_sup=$?
- if [ $tlsv1_1_sup != 0 ]
- then
- echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier"
- testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
- tlsv1_sup=$?
- if [ $tlsv1_sup != 0 ]
- then
- echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
- testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_version="-tls1_1"
- ;;
- "3")
- openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2" 2>&1`
- tlsv1_2_sup=$?
- if [ $tlsv1_2_sup != 0 ]
- then
- echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier"
- testing_summary="${testing_summary}TLSv1.2\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_version="-tls1_2"
- ;;
- "4")
- openssl_ciphers=`$OPENSSL ciphers -tls1_3 2>&1`
- tlsv1_3_sup=$?
- if [ $tlsv1_3_sup != 0 ]
- then
- echo -e "Not testing TLSv1.3. No OpenSSL support for 'TLSv1.3' modifier"
- testing_summary="${testing_summary}TLSv1.3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- ecc_support=`$WOLFSSL_CLIENT -? 2>&1 | grep 'ECC named groups'`
- openssl_version="-tls1_3"
- ;;
- "d(downgrade)")
- version="d"
- openssl_version=""
- ;;
- "e(either)")
- continue
- ;;
- "5")
- openssl_ciphers=`$OPENSSL ciphers -s "ALL" 2>&1`
- all_sup=$?
- if [ $all_sup != 0 ]
- then
- echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
- testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_version=""
- ;;
- "")
- openssl_ciphers=`$OPENSSL ciphers 2>&1`
- all_sup=$?
- if [ $all_sup != 0 ]
- then
- echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
- testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
- continue
- fi
- openssl_version=""
- ;;
- esac
- for wolfSuite in $wolf_ciphers; do
- echo -e "trying wolfSSL cipher suite $wolfSuite"
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- open_temp_cases_total=$((open_temp_cases_total + 1))
- matchSuite=0;
- tls13_suite=
- case $wolfSuite in
- "TLS13-AES128-GCM-SHA256")
- cmpSuite="TLS_AES_128_GCM_SHA256"
- tls13_suite="yes"
- ;;
- "TLS13-AES256-GCM-SHA384")
- cmpSuite="TLS_AES_256_GCM_SHA384"
- tls13_suite="yes"
- ;;
- "TLS13-CHACHA20-POLY1305-SHA256")
- cmpSuite="TLS_CHACHA20_POLY1305_SHA256"
- tls13_suite="yes"
- ;;
- "TLS13-AES128-CCM-SHA256")
- cmpSuite="TLS_AES_128_CCM_SHA256"
- tls13_suite="yes"
- ;;
- "TLS13-AES128-CCM-8-SHA256"|"TLS13-AES128-CCM8-SHA256")
- cmpSuite="TLS_AES_128_CCM_8_SHA256"
- tls13_suite="yes"
- ;;
- "TLS13-SHA256-SHA256")
- continue
- ;;
- "TLS13-SHA384-SHA384")
- continue
- ;;
- "TLS13-"*)
- echo -e "Suite = $wolfSuite not recognized!"
- echo -e "Add translation of wolfSSL name to OpenSSL"
- do_cleanup
- exit 1
- ;;
- *)
- cmpSuite=$wolfSuite
- ;;
- esac
- case ":$openssl_ciphers:" in *":$cmpSuite:"*)
- case "$cmpSuite" in
- "TLS_"*)
- if [ "$version" != "4" -a "$version" != "d" ]
- then
- echo -e "TLS 1.3 cipher suite but not TLS 1.3 protocol"
- matchSuite=0
- else
- echo -e "Matched to OpenSSL suite support"
- matchSuite=1
- fi
- ;;
- *)
- if [ "$version" = "d" -a "$wolfdowngrade" = "4" ]
- then
- echo -e "Not TLS 1.3 cipher suite but TLS 1.3 downgrade"
- matchSuite=0
- elif [ "$version" != "4" ]
- then
- echo -e "Matched to OpenSSL suite support"
- matchSuite=1
- else
- echo -e "Not TLS 1.3 cipher suite but TLS 1.3 protocol"
- matchSuite=0
- fi
- ;;
- esac
- ;;
- esac
- if [ $matchSuite = 0 ]
- then
- echo -e "Couldn't match suite, continuing..."
- continue
- fi
-
- psk=""
- adh=""
- crl=""
- cert=""
- key=""
- caCert=""
- case $wolfSuite in
- *ECDH-RSA*)
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-cert.pem"
- port=$ecdh_openssl_port
- do_wolfssl_client
- port=$ecdh_wolfssl_port
- do_openssl_client
- ;;
- *ECDHE-ECDSA*|*ECDH-ECDSA*)
- if [ "$wolf_ecc" != "" ]
- then
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-ecc-cert.pem"
- port=$ecdsa_openssl_port
- do_wolfssl_client
- port=$ecdsa_wolfssl_port
- do_openssl_client
- else
- wolf_temp_cases_total=$((wolf_temp_cases_total - 1))
- fi
- if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
- then
- cert="${CERT_DIR}/ed25519/client-ed25519.pem"
- key="${CERT_DIR}/ed25519/client-ed25519-priv.pem"
- caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- port=$ed25519_openssl_port
- crl="-C"
- do_wolfssl_client
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$ed25519_wolfssl_port
- do_openssl_client
- fi
- if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
- then
- cert="${CERT_DIR}/ed448/client-ed448.pem"
- key="${CERT_DIR}/ed448/client-ed448-priv.pem"
- caCert="${CERT_DIR}/ed448/server-ed448.pem"
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- port=$ed448_openssl_port
- crl="-C"
- do_wolfssl_client
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$ed448_wolfssl_port
- do_openssl_client
- fi
- ;;
- *DHE-PSK*)
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-cert.pem"
- port=$openssl_port
- psk="-s"
- do_wolfssl_client
-
-
- if [ "$wolf_rsa" != "" ]
- then
- port=$wolfssl_port
- openssl_psk="-psk 1a2b3c4d"
- do_openssl_client
- fi
- ;;
- *PSK*)
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-cert.pem"
- port=$openssl_port
- psk="-s"
- do_wolfssl_client
- port=$wolfssl_port
- openssl_psk="-psk 1a2b3c4d"
- do_openssl_client
- ;;
- *ADH*)
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-cert.pem"
- if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ]
- then
- continue
- fi
- port=$openssl_port
- adh="-a"
- do_wolfssl_client
- port=$anon_wolfssl_port
- do_openssl_client
- ;;
- TLS13*)
- if [ $version != "4" -a $version != "d" -a $version != " " -a $version != "5" ]
- then
- continue
- fi
- tls13_cipher=yes
-
- if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ]
- then
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-cert.pem"
- port=$openssl_port
- do_wolfssl_client
- port=$wolfssl_port
- do_openssl_client
- fi
-
- if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" -a "$wolf_ecc" != "" -a $openssl_nodhe != "" ]
- then
- cert=""
- key=""
- caCert=""
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- port=$tls13_psk_openssl_port
- psk="-s"
-
-
- if [ "$wolf_ecc" = "" ]
- then
- adh="-K"
- fi
- do_wolfssl_client
- psk=""
- adh=""
- openssl_psk="-psk 0123456789abcdef0123456789abcdef"
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$wolfssl_port
- do_openssl_client
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$tls13_psk_wolfssl_port
- do_openssl_client
- openssl_psk=""
- fi
-
- if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ]
- then
- cert="${CERT_DIR}/client-ecc-cert.pem"
- key="${CERT_DIR}/ecc-client-key.pem"
- caCert="${CERT_DIR}/ca-ecc-cert.pem"
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- port=$ecdsa_openssl_port
- caCert="${CERT_DIR}/ca-ecc-cert.pem"
- do_wolfssl_client
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$ecdsa_wolfssl_port
- caCert="${CERT_DIR}/ca-ecc-cert.pem"
- do_openssl_client
- fi
-
- if [ $ed25519_openssl_pid != $no_pid ]
- then
- cert="${CERT_DIR}/ed25519/client-ed25519.pem"
- key="${CERT_DIR}/ed25519/client-ed25519-priv.pem"
- caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- port=$ed25519_openssl_port
- crl="-C"
- do_wolfssl_client
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$ed25519_wolfssl_port
- do_openssl_client
- fi
-
- if [ $ed448_openssl_pid != $no_pid ]
- then
- cert="${CERT_DIR}/ed448/client-ed448.pem"
- key="${CERT_DIR}/ed448/client-ed448-priv.pem"
- caCert="${CERT_DIR}/ed448/server-ed448.pem"
- wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
- port=$ed448_openssl_port
- crl="-C"
- do_wolfssl_client
- open_temp_cases_total=$((open_temp_cases_total + 1))
- port=$ed448_wolfssl_port
- do_openssl_client
- fi
- tls13_cipher=
- ;;
- *)
- cert="${CERT_DIR}/client-cert.pem"
- key="${CERT_DIR}/client-key.pem"
- caCert="${CERT_DIR}/ca-cert.pem"
- port=$openssl_port
- do_wolfssl_client
- port=$wolfssl_port
- do_openssl_client
- ;;
- esac
- done
- wolf_cases_tested=$((wolf_temp_cases_tested+wolf_cases_tested))
- wolf_cases_total=$((wolf_temp_cases_total+wolf_cases_total))
- echo -e "wolfSSL cases tested with version:$version $wolf_temp_cases_tested"
- open_cases_tested=$((open_temp_cases_tested+open_cases_tested))
- open_cases_total=$((open_temp_cases_total+open_cases_total))
- echo -e "OpenSSL cases tested with version:$version $open_temp_cases_tested"
- version_name
- testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_cases_total\t$wolf_temp_cases_tested\t$open_temp_cases_total\t$open_temp_cases_tested\n"
- wolf_temp_cases_total=0
- wolf_temp_cases_tested=0
- open_temp_cases_total=0
- open_temp_cases_tested=0
- wolfdowngrade="$version"
- done
- IFS="$OIFS"
- do_cleanup
- echo -e "wolfSSL total cases $wolf_cases_total"
- echo -e "wolfSSL cases tested $wolf_cases_tested"
- echo -e "OpenSSL total cases $open_cases_total"
- echo -e "OpenSSL cases tested $open_cases_tested"
- echo -e "\nSuccess!\n\n\n\n"
- echo -e "$testing_summary"
- exit 0
|