1
0

openssl.test 36 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239
  1. #!/usr/bin/env bash
  2. # openssl.test
  3. # Environment variables used:
  4. # OPENSSL (openssl app to use)
  5. # OPENSSL_ENGINE_ID (engine id if any i.e. "wolfengine")
  6. CERT_DIR="$PWD/$(dirname "$0")/../certs"
  7. if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
  8. echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
  9. exit 77
  10. fi
  11. # if we can, isolate the network namespace to eliminate port collisions.
  12. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
  13. if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
  14. export NETWORK_UNSHARE_HELPER_CALLED=yes
  15. exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
  16. fi
  17. elif [ "${AM_BWRAPPED-}" != "yes" ]; then
  18. bwrap_path="$(command -v bwrap)"
  19. if [ -n "$bwrap_path" ]; then
  20. export AM_BWRAPPED=yes
  21. exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
  22. fi
  23. unset AM_BWRAPPED
  24. fi
  25. echo "WOLFSSL_OPENSSL_TEST set, running test..."
  26. # need a unique port since may run the same time as testsuite
  27. generate_port() {
  28. #-------------------------------------------------------------------------#
  29. # Generate a random port number
  30. #-------------------------------------------------------------------------#
  31. if [[ "$OSTYPE" == "linux"* ]]; then
  32. port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
  33. elif [[ "$OSTYPE" == "darwin"* ]]; then
  34. port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
  35. else
  36. echo "Unknown OS TYPE"
  37. exit 1
  38. fi
  39. }
  40. no_pid=-1
  41. servers=""
  42. openssl_pid=$no_pid
  43. ecdh_openssl_pid=$no_pid
  44. ecdsa_openssl_pid=$no_pid
  45. ed25519_openssl_pid=$no_pid
  46. ed448_openssl_pid=$no_pid
  47. tls13_psk_openssl_pid=$no_pid
  48. wolfssl_pid=$no_pid
  49. ecdh_wolfssl_pid=$no_pid
  50. ecdsa_wolfssl_pid=$no_pid
  51. ed25519_wolfssl_pid=$no_pid
  52. ed448_wolfssl_pid=$no_pid
  53. tls13_psk_wolfssl_pid=$no_pid
  54. anon_wolfssl_pid=$no_pid
  55. wolf_cases_tested=0
  56. wolf_cases_total=0
  57. counter=0
  58. testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
  59. versionName="Invalid"
  60. if [ "$OPENSSL" = "" ]; then
  61. OPENSSL=openssl
  62. fi
  63. WOLFSSL_SERVER=./examples/server/server
  64. WOLFSSL_CLIENT=./examples/client/client
  65. version_name() {
  66. case $version in "0")
  67. versionName="SSLv3"
  68. ;;
  69. "1")
  70. versionName="TLSv1"
  71. ;;
  72. "2")
  73. versionName="TLSv1.1"
  74. ;;
  75. "3")
  76. versionName="TLSv1.2"
  77. ;;
  78. "4")
  79. versionName="TLSv1.3"
  80. ;;
  81. "d")
  82. versionName="Down"
  83. ;;
  84. "")
  85. versionName="Def"
  86. ;;
  87. "5")
  88. versionName="ALL"
  89. ;;
  90. esac
  91. }
  92. do_cleanup() {
  93. echo "in cleanup"
  94. IFS=$OIFS #restore separator
  95. for s in $servers
  96. do
  97. f2=${s%:*}
  98. sname=${f2%:*}
  99. pid=${f2##*:}
  100. port=${s##*:}
  101. echo "killing server: $sname ($port)"
  102. kill -9 $pid
  103. done
  104. }
  105. do_trap() {
  106. echo "got trap"
  107. do_cleanup
  108. exit 1
  109. }
  110. trap do_trap INT TERM
  111. check_process_running() {
  112. if [ "$ps_grep" = "" ]
  113. then
  114. ps -p $server_pid > /dev/null
  115. PS_EXIT=$?
  116. else
  117. ps | grep "^ *$server_pid " > /dev/null
  118. PS_EXIT=$?
  119. fi
  120. }
  121. #
  122. # Start an OpenSSL server
  123. #
  124. start_openssl_server() {
  125. if [ "$wolfssl_client_avail" = "" ]
  126. then
  127. return
  128. fi
  129. generate_port
  130. server_port=$port
  131. found_free_port=0
  132. counter=0
  133. # If OPENSSL_ENGINE_ID has been set then check that the desired engine can
  134. # be loaded successfully and error out if not. Otherwise the OpenSSL app
  135. # will fall back to default engine.
  136. if [ ! -z "${OPENSSL_ENGINE_ID}" ]; then
  137. OUTPUT=`$OPENSSL engine -tt $OPENSSL_ENGINE_ID`
  138. if [ $? != 0 ]; then
  139. printf "not able to load engine\n"
  140. printf "$OPENSSL engine -tt $OPENSSL_ENGINE_ID\n"
  141. do_cleanup
  142. exit 1
  143. else
  144. echo $OUTPUT | grep "available"
  145. if [ $? != 0 ]; then
  146. printf "engine not available\n"
  147. do_cleanup
  148. exit 1
  149. fi
  150. fi
  151. OPENSSL_ENGINE_ID="-engine ${OPENSSL_ENGINE_ID}"
  152. fi
  153. while [ "$counter" -lt 20 ]; do
  154. echo -e "\n# Trying to start $openssl_suite OpenSSL server on port $server_port..."
  155. echo "#"
  156. if [ "$cert_file" != "" ]
  157. then
  158. echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
  159. $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
  160. else
  161. echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
  162. $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
  163. fi
  164. server_pid=$!
  165. # wait to see if s_server successfully starts before continuing
  166. sleep 0.1
  167. check_process_running
  168. if [ "$PS_EXIT" = "0" ]
  169. then
  170. echo "s_server started successfully on port $server_port"
  171. found_free_port=1
  172. break
  173. else
  174. #port already started, try a different port
  175. counter=$((counter+ 1))
  176. generate_port
  177. server_port=$port
  178. fi
  179. done
  180. if [ $found_free_port = 0 ]
  181. then
  182. echo -e "Couldn't find free port for server"
  183. do_cleanup
  184. exit 1
  185. fi
  186. servers="$servers OpenSSL_$openssl_suite:$server_pid:$server_port"
  187. }
  188. #
  189. # Start a wolfSSL server
  190. #
  191. start_wolfssl_server() {
  192. if [ "$wolfssl_server_avail" = "" ]
  193. then
  194. echo "# wolfSSL server not available"
  195. return
  196. fi
  197. wolfssl_cert=""
  198. wolfssl_key=""
  199. wolfssl_caCert=""
  200. if [ "$cert_file" != "" ]
  201. then
  202. wolfssl_cert="-c$cert_file"
  203. fi
  204. if [ "$key_file" != "" ]
  205. then
  206. wolfssl_key="-k$key_file"
  207. fi
  208. if [ "$ca_file" != "" ]
  209. then
  210. wolfssl_caCert="-A$ca_file"
  211. fi
  212. generate_port
  213. server_port=$port
  214. found_free_port=0
  215. counter=0
  216. while [ "$counter" -lt 20 ]; do
  217. echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..."
  218. echo "#"
  219. echo "# $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\""
  220. $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" &
  221. server_pid=$!
  222. # wait to see if server successfully starts before continuing
  223. sleep 0.1
  224. check_process_running
  225. if [ "$PS_EXIT" = "0" ]
  226. then
  227. echo "wolfSSL server started successfully on port $server_port"
  228. found_free_port=1
  229. break
  230. else
  231. #port already started, try a different port
  232. counter=$((counter+ 1))
  233. generate_port
  234. server_port=$port
  235. fi
  236. done
  237. if [ $found_free_port = 0 ]
  238. then
  239. echo -e "Couldn't find free port for server"
  240. do_cleanup
  241. exit 1
  242. fi
  243. servers="$servers wolfSSL_$wolfssl_suite:$server_pid:$server_port"
  244. }
  245. check_server_ready() {
  246. # server should be ready, let's make sure
  247. server_ready=0
  248. while [ "$counter" -lt 20 ]; do
  249. echo -e "waiting for $server_name ready..."
  250. echo -e Checking | nc -w 5 localhost $server_port
  251. nc_result=$?
  252. if [ $nc_result = 0 ]
  253. then
  254. echo -e "$server_name ready!"
  255. server_ready=1
  256. break
  257. fi
  258. sleep 0.1
  259. counter=$((counter+ 1))
  260. done
  261. if [ $server_ready = 0 ]
  262. then
  263. echo -e "Couldn't verify $server_name is running, timeout error"
  264. do_cleanup
  265. exit 1
  266. fi
  267. }
  268. #
  269. # Run wolfSSL client against OpenSSL server
  270. #
  271. do_wolfssl_client() {
  272. if [ "$wolfssl_client_avail" = "" ]
  273. then
  274. return
  275. fi
  276. wolfssl_cert=""
  277. wolfssl_key=""
  278. wolfssl_caCert=""
  279. if [ "$cert" != "" ]
  280. then
  281. wolfssl_cert="-c$cert"
  282. fi
  283. if [ "$key" != "" ]
  284. then
  285. wolfssl_key="-k$key"
  286. fi
  287. if [ "$caCert" != "" ]
  288. then
  289. wolfssl_caCert="-A$caCert"
  290. fi
  291. wolfssl_resume="-r"
  292. if [ "$openssl_psk_resume_bug" != "" -a "$tls13_suite" != "" ]
  293. then
  294. wolfssl_resume=
  295. fi
  296. if [ "$version" != "5" -a "$version" != "" ]
  297. then
  298. echo "#"
  299. echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
  300. $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
  301. else
  302. echo "#"
  303. echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
  304. # do all versions
  305. $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
  306. fi
  307. client_result=$?
  308. if [ $client_result != 0 ]
  309. then
  310. echo -e "client failed! Suite = $wolfSuite version = $version"
  311. do_cleanup
  312. exit 1
  313. fi
  314. wolf_temp_cases_tested=$((wolf_temp_cases_tested+1))
  315. }
  316. #
  317. # Run OpenSSL client against wolfSSL server
  318. #
  319. do_openssl_client() {
  320. if [ "$wolfssl_server_avail" = "" ]
  321. then
  322. return
  323. fi
  324. if [ "$version" = "" -o "$version" = "5" ]
  325. then
  326. if [ "$tls13_cipher" = "" -a "$openssl_tls13" != "" ]
  327. then
  328. openssl_version="-no_tls1_3"
  329. fi
  330. fi
  331. if [ "$cert" != "" ]
  332. then
  333. openssl_cert1="-cert"
  334. openssl_cert2="$cert"
  335. fi
  336. if [ "$key" != "" ]
  337. then
  338. openssl_key1="-key"
  339. openssl_key2="$key"
  340. fi
  341. if [ "$caCert" != "" ]
  342. then
  343. openssl_caCert1="-CAfile"
  344. openssl_caCert2="$caCert"
  345. fi
  346. if [ "$tls13_cipher" = "" ]
  347. then
  348. echo "#"
  349. echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  350. echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  351. else
  352. echo "#"
  353. echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  354. echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  355. fi
  356. client_result=$?
  357. if [ $client_result != 0 ]
  358. then
  359. echo -e "client failed! Suite = $wolfSuite version = $version"
  360. do_cleanup
  361. exit 1
  362. fi
  363. open_temp_cases_tested=$((open_temp_cases_tested+1))
  364. }
  365. OIFS=$IFS # store old separator to reset
  366. #
  367. # Start
  368. #
  369. echo
  370. echo "wolfSSL configuration:"
  371. ./config.status --config
  372. echo
  373. echo "OpenSSL version:"
  374. $OPENSSL version -a
  375. echo
  376. ps -p $PPID >/dev/null 2>&1
  377. if [ "$?" = "1" ]
  378. then
  379. ps_grep="yes"
  380. echo "ps -p not working, using ps and grep"
  381. fi
  382. echo -e "\nTesting existence of openssl command...\n"
  383. command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; do_cleanup; exit 0; }
  384. echo -e "\nTesting for _build directory as part of distcheck, different paths"
  385. currentDir=`pwd`
  386. case "$currentDir" in
  387. *_build)
  388. echo -e "_build directory detected, moving a directory back"
  389. cd ..
  390. ;;
  391. esac
  392. echo -e "\nChecking for wolfSSL client - needed for cipher list"
  393. wolfssl_client_avail=`$WOLFSSL_CLIENT -?`
  394. case $wolfssl_client_avail in
  395. *"Client not compiled in!"*)
  396. wolfssl_client_avail=
  397. echo >&2 "Requires wolfSSL client, but it's not built. Ending."
  398. do_cleanup
  399. exit 0
  400. ;;
  401. esac
  402. echo -e "\nTesting for buggy version of OpenSSL - TLS 1.3, PSK and session ticket"
  403. openssl_version=`$OPENSSL version`
  404. case $openssl_version in
  405. "OpenSSL 1.1.1 "*)
  406. openssl_psk_resume_bug=yes
  407. ;;
  408. "OpenSSL 1.0.2"*)
  409. openssl_adh_reneg_bug=yes
  410. ;;
  411. esac
  412. # check for wolfssl server
  413. wolfssl_server_avail=`$WOLFSSL_SERVER -?`
  414. case $wolfssl_server_avail in
  415. *"Server not compiled in!"*)
  416. wolfssl_server_avail=
  417. ;;
  418. esac
  419. # get wolfssl ciphers
  420. wolf_ciphers=`$WOLFSSL_CLIENT -e`
  421. # get wolfssl supported versions
  422. wolf_versions=`$WOLFSSL_CLIENT -V`
  423. wolf_versions="${wolf_versions}:5" #5 will test without -v flag
  424. OIFS="$IFS" # store old separator to reset
  425. IFS=: # set delimiter
  426. for version in $wolf_versions
  427. do
  428. case $version in
  429. 1|2|3)
  430. wolf_tls=yes
  431. ;;
  432. 4)
  433. wolf_tls13=yes
  434. ;;
  435. esac
  436. done
  437. IFS="$OIFS" #restore separator
  438. #
  439. # Start OpenSSL servers
  440. #
  441. # Check for certificate support in wolfSSL
  442. wolf_certs=`$WOLFSSL_CLIENT -? 2>&1`
  443. case $wolf_certs in
  444. *"cert"*)
  445. ;;
  446. *)
  447. wolf_certs=""
  448. ;;
  449. esac
  450. if [ "$wolf_certs" != "" ]
  451. then
  452. echo
  453. # Check if RSA certificates supported in wolfSSL
  454. wolf_rsa=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1`
  455. case $wolf_rsa in
  456. *"ca file"*)
  457. echo "wolfSSL does not support RSA"
  458. wolf_rsa=""
  459. ;;
  460. *)
  461. ;;
  462. esac
  463. if [ "$wolf_rsa" != "" ]; then
  464. echo "wolfSSL supports RSA"
  465. fi
  466. # Check if ECC certificates supported in wolfSSL
  467. wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1`
  468. case $wolf_ecc in
  469. *"ca file"*)
  470. echo "wolfSSL does not support ECDSA"
  471. wolf_ecc=""
  472. ;;
  473. *)
  474. ;;
  475. esac
  476. if [ "$wolf_ecc" != "" ]; then
  477. echo "wolfSSL supports ECDSA"
  478. fi
  479. # Check if Ed25519 certificates supported in wolfSSL
  480. wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1`
  481. case $wolf_ed25519 in
  482. *"ca file"*)
  483. echo "wolfSSL does not support Ed25519"
  484. wolf_ed25519=""
  485. ;;
  486. *)
  487. ;;
  488. esac
  489. if [ "$wolf_ed25519" != "" ]; then
  490. echo "wolfSSL supports Ed25519"
  491. fi
  492. # Check if Ed25519 certificates supported in OpenSSL
  493. openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1`
  494. case $openssl_ed25519 in
  495. *"unable to load"*)
  496. echo "OpenSSL does not support Ed25519"
  497. wolf_ed25519=""
  498. ;;
  499. *)
  500. ;;
  501. esac
  502. if [ "$wolf_ed25519" != "" ]; then
  503. echo "OpenSSL supports Ed25519"
  504. fi
  505. # Check if Ed448 certificates supported in wolfSSL
  506. wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1`
  507. case $wolf_ed448 in
  508. *"ca file"*)
  509. echo "wolfSSL does not support Ed448"
  510. wolf_ed448=""
  511. ;;
  512. *)
  513. ;;
  514. esac
  515. if [ "$wolf_ed448" != "" ]; then
  516. echo "wolfSSL supports Ed448"
  517. fi
  518. # Check if Ed448 certificates supported in OpenSSL
  519. openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1`
  520. case $openssl_ed448 in
  521. *"unable to load"*)
  522. echo "OpenSSL does not support Ed448"
  523. wolf_ed448=""
  524. ;;
  525. *)
  526. ;;
  527. esac
  528. if [ "$wolf_ed448" != "" ]; then
  529. echo "OpenSSL supports Ed448"
  530. fi
  531. echo
  532. fi
  533. openssl_tls13=`$OPENSSL s_client -help 2>&1`
  534. case $openssl_tls13 in
  535. *no_tls1_3*)
  536. ;;
  537. *)
  538. openssl_tls13=
  539. ;;
  540. esac
  541. # Not all openssl versions support -allow_no_dhe_kex
  542. openssl_nodhe=`$OPENSSL s_client -help 2>&1`
  543. case $openssl_nodhe in
  544. *allow_no_dhe_kex*)
  545. openssl_nodhe=-allow_no_dhe_kex
  546. ;;
  547. *)
  548. openssl_nodhe=
  549. ;;
  550. esac
  551. # Check suites to determine support in wolfSSL
  552. OIFS="$IFS" # store old separator to reset
  553. IFS=: # set delimiter
  554. for wolfSuite in $wolf_ciphers; do
  555. case $wolfSuite in
  556. *ECDHE-RSA-*)
  557. ecdhe_avail=yes
  558. wolf_rsa=yes
  559. ;;
  560. *DHE-RSA-*)
  561. wolf_rsa=yes
  562. ;;
  563. *ECDH-RSA*)
  564. wolf_ecdh_rsa=yes
  565. ;;
  566. *ECDHE-ECDSA*|*ECDH-ECDSA*)
  567. wolf_ecdsa=yes
  568. ;;
  569. *ADH*)
  570. wolf_anon=yes
  571. ;;
  572. *PSK*)
  573. if [ "$wolf_psk" = "" ]
  574. then
  575. echo "Testing PSK"
  576. wolf_psk=1
  577. fi
  578. if [ "$wolf_tls" != "" ]
  579. then
  580. wolf_tls_psk=yes
  581. fi
  582. ;;
  583. *TLS13*)
  584. ;;
  585. *)
  586. wolf_rsa=yes
  587. esac
  588. done
  589. IFS="$OIFS" #restore separator
  590. openssl_ciphers=`$OPENSSL ciphers ALL 2>&1`
  591. case $openssl_ciphers in
  592. *ADH*)
  593. openssl_anon=yes
  594. ;;
  595. esac
  596. # TLSv1 -> TLSv1.2 PSK secret
  597. psk_hex="1a2b3c4d"
  598. # If RSA cipher suites supported in wolfSSL then start servers
  599. if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ]
  600. then
  601. if [ "$wolf_rsa" != "" ]
  602. then
  603. cert_file="${CERT_DIR}/server-cert.pem"
  604. key_file="${CERT_DIR}/server-key.pem"
  605. ca_file="${CERT_DIR}/client-ca.pem"
  606. else
  607. cert_file=
  608. key_file=
  609. ca_file=
  610. fi
  611. openssl_suite="RSA"
  612. start_openssl_server
  613. openssl_port=$server_port
  614. openssl_pid=$server_pid
  615. wolfssl_suite="RSA"
  616. if [ "$wolf_tls_psk" != "" ]
  617. then
  618. psk="-j"
  619. fi
  620. echo "cert_file=$cert_file"
  621. start_wolfssl_server
  622. psk=
  623. wolfssl_port=$server_port
  624. wolfssl_pid=$server_pid
  625. fi
  626. # If ECDH-RSA cipher suites supported in wolfSSL then start servers
  627. if [ "$wolf_ecdh_rsa" != "" ]
  628. then
  629. cert_file="${CERT_DIR}/server-ecc-rsa.pem"
  630. key_file="${CERT_DIR}/ecc-key.pem"
  631. ca_file="${CERT_DIR}/client-ca.pem"
  632. openssl_suite="ECDH-RSA"
  633. start_openssl_server
  634. ecdh_openssl_port=$server_port
  635. ecdh_openssl_pid=$server_pid
  636. wolfssl_suite="ECDH-RSA"
  637. start_wolfssl_server
  638. ecdh_wolfssl_port=$server_port
  639. ecdh_wolfssl_pid=$server_pid
  640. fi
  641. if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ]
  642. then
  643. cert_file="${CERT_DIR}/server-ecc.pem"
  644. key_file="${CERT_DIR}/ecc-key.pem"
  645. ca_file="${CERT_DIR}/client-ecc-cert.pem"
  646. openssl_suite="ECDH[E]-ECDSA"
  647. start_openssl_server
  648. ecdsa_openssl_port=$server_port
  649. ecdsa_openssl_pid=$server_pid
  650. wolfssl_suite="ECDH[E]-ECDSA"
  651. start_wolfssl_server
  652. ecdsa_wolfssl_port=$server_port
  653. ecdsa_wolfssl_pid=$server_pid
  654. fi
  655. # If Ed25519 certificates supported in wolfSSL then start servers
  656. if [ "$wolf_ed25519" != "" ];
  657. then
  658. cert_file="${CERT_DIR}/ed25519/server-ed25519.pem"
  659. key_file="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
  660. ca_file="${CERT_DIR}/ed25519/client-ed25519.pem"
  661. openssl_suite="Ed25519"
  662. start_openssl_server
  663. ed25519_openssl_port=$server_port
  664. ed25519_openssl_pid=$server_pid
  665. crl="-V"
  666. wolfssl_suite="Ed25519"
  667. start_wolfssl_server
  668. ed25519_wolfssl_port=$server_port
  669. ed25519_wolfssl_pid=$server_pid
  670. crl=
  671. fi
  672. # If Ed448 certificates supported in wolfSSL then start servers
  673. if [ "$wolf_ed448" != "" ];
  674. then
  675. cert_file="${CERT_DIR}/ed448/server-ed448.pem"
  676. key_file="${CERT_DIR}/ed448/server-ed448-priv.pem"
  677. ca_file="${CERT_DIR}/ed448/client-ed448.pem"
  678. openssl_suite="Ed448"
  679. start_openssl_server
  680. ed448_openssl_port=$server_port
  681. ed448_openssl_pid=$server_pid
  682. crl="-V"
  683. wolfssl_suite="Ed448"
  684. start_wolfssl_server
  685. ed448_wolfssl_port=$server_port
  686. ed448_wolfssl_pid=$server_pid
  687. crl=
  688. fi
  689. if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ]
  690. then
  691. cert_file=
  692. psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
  693. openssl_suite="TLSv1.3_PSK"
  694. start_openssl_server
  695. tls13_psk_openssl_port=$server_port
  696. tls13_psk_openssl_pid=$server_pid
  697. psk="-s --openssl-psk"
  698. wolfssl_suite="TLSv1.3_PSK"
  699. start_wolfssl_server
  700. tls13_psk_wolfssl_port=$server_port
  701. tls13_psk_wolfssl_pid=$server_pid
  702. fi
  703. if [ "$wolf_anon" != "" -a "$openssl_anon" ]
  704. then
  705. cert_file=""
  706. key_file=""
  707. ca_file=""
  708. wolfssl_suite="Anon"
  709. psk="-a" # anonymous not psk
  710. start_wolfssl_server
  711. anon_wolfssl_port=$server_port
  712. anon_wolfssl_pid=$server_pid
  713. fi
  714. for s in $servers
  715. do
  716. f2=${s%:*}
  717. server_name=${f2%:*}
  718. server_port=${s##*:}
  719. check_server_ready
  720. done
  721. OIFS="$IFS" # store old separator to reset
  722. IFS=: # set delimiter
  723. set -f # no globbing
  724. wolf_temp_cases_total=0
  725. wolf_temp_cases_tested=0
  726. # Testing of OpenSSL support for version requires a running OpenSSL server
  727. for version in $wolf_versions;
  728. do
  729. echo -e "version = $version"
  730. # get openssl ciphers depending on version
  731. # -s flag for only supported ciphers
  732. case $version in
  733. "0")
  734. openssl_ciphers=`$OPENSSL ciphers "SSLv3" 2>&1`
  735. # double check that can actually do a sslv3 connection using
  736. # client-cert.pem to send but any file with EOF works
  737. $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < "${CERT_DIR}/client-cert.pem"
  738. sslv3_sup=$?
  739. if [ $sslv3_sup != 0 ]
  740. then
  741. echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier"
  742. testing_summary="${testing_summary}SSLv3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  743. continue
  744. fi
  745. openssl_version="-ssl3"
  746. ;;
  747. "1")
  748. proto_check=`echo "hell" | $OPENSSL s_client -connect localhost:$openssl_port -tls1 2>&1`
  749. tlsv1_sup=$?
  750. if [ $tlsv1_sup != 0 ]
  751. then
  752. echo -e "Not testing TLSv1. No OpenSSL support for '-tls1'"
  753. testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL Support)\n"
  754. continue
  755. fi
  756. openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
  757. tlsv1_sup=$?
  758. if [ $tlsv1_sup != 0 ]
  759. then
  760. echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
  761. testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  762. continue
  763. fi
  764. openssl_version="-tls1"
  765. ;;
  766. "2")
  767. # Same ciphers for TLSv1.1 as TLSv1
  768. proto_check=`echo "hello" | $OPENSSL s_client -connect localhost:$openssl_port -tls1_1 2>&1`
  769. tlsv1_1_sup=$?
  770. if [ $tlsv1_1_sup != 0 ]
  771. then
  772. echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier"
  773. testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  774. continue
  775. fi
  776. openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
  777. tlsv1_sup=$?
  778. if [ $tlsv1_sup != 0 ]
  779. then
  780. echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
  781. testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  782. continue
  783. fi
  784. openssl_version="-tls1_1"
  785. ;;
  786. "3")
  787. openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2" 2>&1`
  788. tlsv1_2_sup=$?
  789. if [ $tlsv1_2_sup != 0 ]
  790. then
  791. echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier"
  792. testing_summary="${testing_summary}TLSv1.2\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  793. continue
  794. fi
  795. openssl_version="-tls1_2"
  796. ;;
  797. "4")
  798. openssl_ciphers=`$OPENSSL ciphers -tls1_3 2>&1`
  799. tlsv1_3_sup=$?
  800. if [ $tlsv1_3_sup != 0 ]
  801. then
  802. echo -e "Not testing TLSv1.3. No OpenSSL support for 'TLSv1.3' modifier"
  803. testing_summary="${testing_summary}TLSv1.3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  804. continue
  805. fi
  806. ecc_support=`$WOLFSSL_CLIENT -? 2>&1 | grep 'ECC named groups'`
  807. openssl_version="-tls1_3"
  808. ;;
  809. "d(downgrade)")
  810. version="d"
  811. openssl_version=""
  812. ;;
  813. "e(either)")
  814. continue
  815. ;;
  816. "5") #test all suites
  817. openssl_ciphers=`$OPENSSL ciphers -s "ALL" 2>&1`
  818. all_sup=$?
  819. if [ $all_sup != 0 ]
  820. then
  821. echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
  822. testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  823. continue
  824. fi
  825. openssl_version=""
  826. ;;
  827. "")
  828. openssl_ciphers=`$OPENSSL ciphers 2>&1`
  829. all_sup=$?
  830. if [ $all_sup != 0 ]
  831. then
  832. echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
  833. testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  834. continue
  835. fi
  836. openssl_version=""
  837. ;;
  838. esac
  839. for wolfSuite in $wolf_ciphers; do
  840. echo -e "trying wolfSSL cipher suite $wolfSuite"
  841. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  842. open_temp_cases_total=$((open_temp_cases_total + 1))
  843. matchSuite=0;
  844. tls13_suite=
  845. case $wolfSuite in
  846. "TLS13-AES128-GCM-SHA256")
  847. cmpSuite="TLS_AES_128_GCM_SHA256"
  848. tls13_suite="yes"
  849. ;;
  850. "TLS13-AES256-GCM-SHA384")
  851. cmpSuite="TLS_AES_256_GCM_SHA384"
  852. tls13_suite="yes"
  853. ;;
  854. "TLS13-CHACHA20-POLY1305-SHA256")
  855. cmpSuite="TLS_CHACHA20_POLY1305_SHA256"
  856. tls13_suite="yes"
  857. ;;
  858. "TLS13-AES128-CCM-SHA256")
  859. cmpSuite="TLS_AES_128_CCM_SHA256"
  860. tls13_suite="yes"
  861. ;;
  862. "TLS13-AES128-CCM-8-SHA256"|"TLS13-AES128-CCM8-SHA256")
  863. cmpSuite="TLS_AES_128_CCM_8_SHA256"
  864. tls13_suite="yes"
  865. ;;
  866. "TLS13-SHA256-SHA256")
  867. continue
  868. ;;
  869. "TLS13-SHA384-SHA384")
  870. continue
  871. ;;
  872. "TLS13-"*)
  873. echo -e "Suite = $wolfSuite not recognized!"
  874. echo -e "Add translation of wolfSSL name to OpenSSL"
  875. do_cleanup
  876. exit 1
  877. ;;
  878. *)
  879. cmpSuite=$wolfSuite
  880. ;;
  881. esac
  882. case ":$openssl_ciphers:" in *":$cmpSuite:"*) # add extra : for edge cases
  883. case "$cmpSuite" in
  884. "TLS_"*)
  885. if [ "$version" != "4" -a "$version" != "d" ]
  886. then
  887. echo -e "TLS 1.3 cipher suite but not TLS 1.3 protocol"
  888. matchSuite=0
  889. else
  890. echo -e "Matched to OpenSSL suite support"
  891. matchSuite=1
  892. fi
  893. ;;
  894. *)
  895. if [ "$version" = "d" -a "$wolfdowngrade" = "4" ]
  896. then
  897. echo -e "Not TLS 1.3 cipher suite but TLS 1.3 downgrade"
  898. matchSuite=0
  899. elif [ "$version" != "4" ]
  900. then
  901. echo -e "Matched to OpenSSL suite support"
  902. matchSuite=1
  903. else
  904. echo -e "Not TLS 1.3 cipher suite but TLS 1.3 protocol"
  905. matchSuite=0
  906. fi
  907. ;;
  908. esac
  909. ;;
  910. esac
  911. if [ $matchSuite = 0 ]
  912. then
  913. echo -e "Couldn't match suite, continuing..."
  914. continue
  915. fi
  916. # check for psk suite and turn on client psk if so
  917. psk=""
  918. adh=""
  919. crl=""
  920. cert=""
  921. key=""
  922. caCert=""
  923. case $wolfSuite in
  924. *ECDH-RSA*)
  925. cert="${CERT_DIR}/client-cert.pem"
  926. key="${CERT_DIR}/client-key.pem"
  927. caCert="${CERT_DIR}/ca-cert.pem"
  928. port=$ecdh_openssl_port
  929. do_wolfssl_client
  930. port=$ecdh_wolfssl_port
  931. do_openssl_client
  932. ;;
  933. *ECDHE-ECDSA*|*ECDH-ECDSA*)
  934. if [ "$wolf_ecc" != "" ]
  935. then
  936. cert="${CERT_DIR}/client-ecc-cert.pem"
  937. key="${CERT_DIR}/ecc-client-key.pem"
  938. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  939. port=$ecdsa_openssl_port
  940. do_wolfssl_client
  941. port=$ecdsa_wolfssl_port
  942. do_openssl_client
  943. else
  944. wolf_temp_cases_total=$((wolf_temp_cases_total - 1))
  945. fi
  946. if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
  947. then
  948. cert="${CERT_DIR}/ed25519/client-ed25519.pem"
  949. key="${CERT_DIR}/ed25519/client-ed25519-priv.pem"
  950. caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
  951. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  952. port=$ed25519_openssl_port
  953. crl="-C"
  954. do_wolfssl_client
  955. open_temp_cases_total=$((open_temp_cases_total + 1))
  956. port=$ed25519_wolfssl_port
  957. do_openssl_client
  958. fi
  959. if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
  960. then
  961. cert="${CERT_DIR}/ed448/client-ed448.pem"
  962. key="${CERT_DIR}/ed448/client-ed448-priv.pem"
  963. caCert="${CERT_DIR}/ed448/server-ed448.pem"
  964. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  965. port=$ed448_openssl_port
  966. crl="-C"
  967. do_wolfssl_client
  968. open_temp_cases_total=$((open_temp_cases_total + 1))
  969. port=$ed448_wolfssl_port
  970. do_openssl_client
  971. fi
  972. ;;
  973. *DHE-PSK*)
  974. cert="${CERT_DIR}/client-cert.pem"
  975. key="${CERT_DIR}/client-key.pem"
  976. caCert="${CERT_DIR}/ca-cert.pem"
  977. port=$openssl_port
  978. psk="-s"
  979. do_wolfssl_client
  980. # Skip when no RSA as some versions of OpenSSL can't handle no
  981. # signature
  982. if [ "$wolf_rsa" != "" ]
  983. then
  984. port=$wolfssl_port
  985. openssl_psk="-psk 1a2b3c4d"
  986. do_openssl_client
  987. fi
  988. ;;
  989. *PSK*)
  990. cert="${CERT_DIR}/client-cert.pem"
  991. key="${CERT_DIR}/client-key.pem"
  992. caCert="${CERT_DIR}/ca-cert.pem"
  993. port=$openssl_port
  994. psk="-s"
  995. do_wolfssl_client
  996. port=$wolfssl_port
  997. openssl_psk="-psk 1a2b3c4d"
  998. do_openssl_client
  999. ;;
  1000. *ADH*)
  1001. cert="${CERT_DIR}/client-cert.pem"
  1002. key="${CERT_DIR}/client-key.pem"
  1003. caCert="${CERT_DIR}/ca-cert.pem"
  1004. if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ]
  1005. then
  1006. continue
  1007. fi
  1008. port=$openssl_port
  1009. adh="-a"
  1010. do_wolfssl_client
  1011. port=$anon_wolfssl_port
  1012. do_openssl_client
  1013. ;;
  1014. TLS13*)
  1015. if [ $version != "4" -a $version != "d" -a $version != " " -a $version != "5" ]
  1016. then
  1017. continue
  1018. fi
  1019. tls13_cipher=yes
  1020. # RSA
  1021. if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ]
  1022. then
  1023. cert="${CERT_DIR}/client-cert.pem"
  1024. key="${CERT_DIR}/client-key.pem"
  1025. caCert="${CERT_DIR}/ca-cert.pem"
  1026. port=$openssl_port
  1027. do_wolfssl_client
  1028. port=$wolfssl_port
  1029. do_openssl_client
  1030. fi
  1031. # PSK
  1032. if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" -a "$wolf_ecc" != "" -a $openssl_nodhe != "" ]
  1033. then
  1034. cert=""
  1035. key=""
  1036. caCert=""
  1037. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1038. port=$tls13_psk_openssl_port
  1039. psk="-s --openssl-psk"
  1040. # OpenSSL doesn't support DH for key exchange so do no PSK
  1041. # DHE when ECC not supported
  1042. if [ "$wolf_ecc" = "" ]
  1043. then
  1044. adh="-K"
  1045. fi
  1046. do_wolfssl_client
  1047. psk=""
  1048. adh=""
  1049. openssl_psk="-psk 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
  1050. open_temp_cases_total=$((open_temp_cases_total + 1))
  1051. port=$wolfssl_port
  1052. do_openssl_client
  1053. open_temp_cases_total=$((open_temp_cases_total + 1))
  1054. port=$tls13_psk_wolfssl_port
  1055. do_openssl_client
  1056. openssl_psk=""
  1057. fi
  1058. # ECDSA
  1059. if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ]
  1060. then
  1061. cert="${CERT_DIR}/client-ecc-cert.pem"
  1062. key="${CERT_DIR}/ecc-client-key.pem"
  1063. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  1064. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1065. port=$ecdsa_openssl_port
  1066. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  1067. do_wolfssl_client
  1068. open_temp_cases_total=$((open_temp_cases_total + 1))
  1069. port=$ecdsa_wolfssl_port
  1070. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  1071. do_openssl_client
  1072. fi
  1073. # Ed25519
  1074. if [ $ed25519_openssl_pid != $no_pid ]
  1075. then
  1076. cert="${CERT_DIR}/ed25519/client-ed25519.pem"
  1077. key="${CERT_DIR}/ed25519/client-ed25519-priv.pem"
  1078. caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
  1079. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1080. port=$ed25519_openssl_port
  1081. crl="-C"
  1082. do_wolfssl_client
  1083. open_temp_cases_total=$((open_temp_cases_total + 1))
  1084. port=$ed25519_wolfssl_port
  1085. do_openssl_client
  1086. fi
  1087. # Ed448
  1088. if [ $ed448_openssl_pid != $no_pid ]
  1089. then
  1090. cert="${CERT_DIR}/ed448/client-ed448.pem"
  1091. key="${CERT_DIR}/ed448/client-ed448-priv.pem"
  1092. caCert="${CERT_DIR}/ed448/server-ed448.pem"
  1093. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1094. port=$ed448_openssl_port
  1095. crl="-C"
  1096. do_wolfssl_client
  1097. open_temp_cases_total=$((open_temp_cases_total + 1))
  1098. port=$ed448_wolfssl_port
  1099. do_openssl_client
  1100. fi
  1101. tls13_cipher=
  1102. ;;
  1103. *)
  1104. cert="${CERT_DIR}/client-cert.pem"
  1105. key="${CERT_DIR}/client-key.pem"
  1106. caCert="${CERT_DIR}/ca-cert.pem"
  1107. port=$openssl_port
  1108. do_wolfssl_client
  1109. port=$wolfssl_port
  1110. do_openssl_client
  1111. ;;
  1112. esac
  1113. done
  1114. wolf_cases_tested=$((wolf_temp_cases_tested+wolf_cases_tested))
  1115. wolf_cases_total=$((wolf_temp_cases_total+wolf_cases_total))
  1116. echo -e "wolfSSL cases tested with version:$version $wolf_temp_cases_tested"
  1117. open_cases_tested=$((open_temp_cases_tested+open_cases_tested))
  1118. open_cases_total=$((open_temp_cases_total+open_cases_total))
  1119. echo -e "OpenSSL cases tested with version:$version $open_temp_cases_tested"
  1120. version_name
  1121. testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_cases_total\t$wolf_temp_cases_tested\t$open_temp_cases_total\t$open_temp_cases_tested\n"
  1122. wolf_temp_cases_total=0
  1123. wolf_temp_cases_tested=0
  1124. open_temp_cases_total=0
  1125. open_temp_cases_tested=0
  1126. wolfdowngrade="$version"
  1127. done
  1128. IFS="$OIFS" #restore separator
  1129. do_cleanup
  1130. echo -e "wolfSSL total cases $wolf_cases_total"
  1131. echo -e "wolfSSL cases tested $wolf_cases_tested"
  1132. echo -e "OpenSSL total cases $open_cases_total"
  1133. echo -e "OpenSSL cases tested $open_cases_tested"
  1134. echo -e "\nSuccess!\n\n\n\n"
  1135. echo -e "$testing_summary"
  1136. exit 0