openssl.test 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323
  1. #!/bin/sh
  2. #openssl.test
  3. # need a unique port since may run the same time as testsuite
  4. generate_port() {
  5. port=`LC_CTYPE=C tr -cd 0-9 </dev/urandom | head -c 7`
  6. port=$((`LC_CTYPE=C tr -cd 1-9 </dev/urandom | head -c 1`$port))
  7. port=$(($port % (65535-49512)))
  8. port=$(($port + 49512))
  9. }
  10. generate_port
  11. openssl_port=$port
  12. no_pid=-1
  13. server_pid=$no_pid
  14. ecdh_server_pid=$no_pid
  15. wolf_suites_tested=0
  16. wolf_suites_total=0
  17. counter=0
  18. testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#Tested\n"
  19. versionName="Invalid"
  20. version_name() {
  21. case $version in "0")
  22. versionName="SSLv3"
  23. ;;
  24. "1")
  25. versionName="TLSv1"
  26. ;;
  27. "2")
  28. versionName="TLSv1.1"
  29. ;;
  30. "3")
  31. versionName="TLSv1.2"
  32. ;;
  33. "4")
  34. versionName="ALL"
  35. ;;
  36. esac
  37. }
  38. do_cleanup() {
  39. echo "in cleanup"
  40. if [ $server_pid != $no_pid ]
  41. then
  42. echo "killing server"
  43. kill -9 $server_pid
  44. fi
  45. if [ $ecdh_server_pid != $no_pid ]
  46. then
  47. echo "killing ECDH-RSA server"
  48. kill -9 $ecdh_server_pid
  49. fi
  50. }
  51. do_trap() {
  52. echo "got trap"
  53. do_cleanup
  54. exit 1
  55. }
  56. trap do_trap INT TERM
  57. if test -n "$WOLFSSL_OPENSSL_TEST"; then
  58. echo "WOLFSSL_OPENSSL_TEST set, running test..."
  59. else
  60. echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
  61. exit 0
  62. fi
  63. echo -e "\nTesting existence of openssl command...\n"
  64. command -v openssl >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; exit 0; }
  65. echo -e "\nTesting for _build directory as part of distcheck, different paths"
  66. currentDir=`pwd`
  67. if [ $currentDir = *"_build" ]
  68. then
  69. echo -e "_build directory detected, moving a directory back"
  70. cd ..
  71. fi
  72. # get wolfssl ciphers
  73. wolf_ciphers=`./examples/client/client -e`
  74. found_free_port=0
  75. while [ "$counter" -lt 20 ]; do
  76. echo -e "\nTrying to start openssl server on port $openssl_port...\n"
  77. openssl s_server -accept $openssl_port -cert ./certs/server-cert.pem -key ./certs/server-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -dcert ./certs/server-ecc.pem -dkey ./certs/ecc-key.pem -verify 10 -verify_return_error -psk 1a2b3c4d -cipher "ALL:eNULL" &
  78. server_pid=$!
  79. # wait to see if s_server successfully starts before continuing
  80. sleep 0.1
  81. if ps -p $server_pid > /dev/null
  82. then
  83. echo "s_server started successfully on port $openssl_port"
  84. found_free_port=1
  85. break
  86. else
  87. #port already started, try a different port
  88. counter=$((counter+ 1))
  89. generate_port
  90. openssl_port=$port
  91. fi
  92. done
  93. if [ $found_free_port = 0 ]
  94. then
  95. echo -e "Couldn't find free port for server"
  96. do_cleanup
  97. exit 1
  98. fi
  99. # if ECDH-RSA is enabled then start up server for ECDH-RSA suites
  100. case $wolf_ciphers in
  101. *ECDH-RSA*)
  102. generate_port
  103. ecdh_port=$port
  104. found_free_port=0
  105. counter=0
  106. while [ "$counter" -lt 20 ]; do
  107. echo -e "\nTrying to start ECDH-RSA openssl server on port $ecdh_port...\n"
  108. openssl s_server -accept $ecdh_port -cert ./certs/server-ecc-rsa.pem -key ./certs/ecc-key.pem -quiet -CAfile ./certs/client-ca.pem -www -dhparam ./certs/dh2048.pem -verify 10 -verify_return_error -cipher "ALL:eNULL" &
  109. ecdh_server_pid=$!
  110. # wait to see if s_server successfully starts before continuing
  111. sleep 0.1
  112. if ps -p $ecdh_server_pid > /dev/null
  113. then
  114. echo "s_server started successfully on port $ecdh_port"
  115. found_free_port=1
  116. break
  117. else
  118. #port already started, try a different port
  119. counter=$((counter+ 1))
  120. generate_port
  121. ecdh_port=$port
  122. fi
  123. done
  124. if [ $found_free_port = 0 ]
  125. then
  126. echo -e "Couldn't find free port for server"
  127. do_cleanup
  128. exit 1
  129. fi
  130. ;;
  131. esac
  132. # server should be ready, let's make sure
  133. server_ready=0
  134. while [ "$counter" -lt 20 ]; do
  135. echo -e "waiting for openssl s_server ready..."
  136. nc -z localhost $openssl_port
  137. nc_result=$?
  138. if [ $nc_result = 0 ]
  139. then
  140. echo -e "openssl s_server ready!"
  141. server_ready=1
  142. break
  143. fi
  144. sleep 0.1
  145. counter=$((counter+ 1))
  146. done
  147. if [ $server_ready = 0 ]
  148. then
  149. echo -e "Couldn't verify openssl server is running, timeout error"
  150. do_cleanup
  151. exit 1
  152. fi
  153. OIFS=$IFS # store old seperator to reset
  154. IFS=$'\:' # set delimiter
  155. set -f # no globbing
  156. wolf_versions=`./examples/client/client -V`
  157. wolf_versions="$wolf_versions:4" #:4 will test without -v flag
  158. wolf_temp_suites_total=0
  159. wolf_temp_suites_tested=0
  160. for version in $wolf_versions;
  161. do
  162. echo -e "version = $version"
  163. # get openssl ciphers depending on version
  164. case $version in "0")
  165. openssl_ciphers=`openssl ciphers "SSLv3"`
  166. # double check that can actually do a sslv3 connection using
  167. # client-cert.pem to send but any file with EOF works
  168. openssl s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < ./certs/client-cert.pem
  169. sslv3_sup=$?
  170. if [ $sslv3_sup != 0 ]
  171. then
  172. echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier"
  173. testing_summary="$testing_summary SSLv3\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
  174. continue
  175. fi
  176. ;;
  177. "1")
  178. openssl_ciphers=`openssl ciphers "TLSv1"`
  179. tlsv1_sup=$?
  180. if [ $tlsv1_sup != 0 ]
  181. then
  182. echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
  183. testing_summary="$testing_summary TLSv1\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
  184. continue
  185. fi
  186. ;;
  187. "2")
  188. openssl_ciphers=`openssl ciphers "TLSv1.1"`
  189. tlsv1_1_sup=$?
  190. if [ $tlsv1_1_sup != 0 ]
  191. then
  192. echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier"
  193. testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
  194. continue
  195. fi
  196. ;;
  197. "3")
  198. openssl_ciphers=`openssl ciphers "TLSv1.2"`
  199. tlsv1_2_sup=$?
  200. if [ $tlsv1_2_sup != 0 ]
  201. then
  202. echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier"
  203. testing_summary="$testing_summary TLSv1.2\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
  204. continue
  205. fi
  206. ;;
  207. "4") #test all suites
  208. openssl_ciphers=`openssl ciphers "ALL"`
  209. all_sup=$?
  210. if [ $all_sup != 0 ]
  211. then
  212. echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
  213. testing_summary="$testing_summary ALL\tNo\tN/A\tN/A\t (No OpenSSL Support for cipherstring)\n"
  214. continue
  215. fi
  216. ;;
  217. esac
  218. for wolfSuite in $wolf_ciphers; do
  219. echo -e "trying wolfSSL cipher suite $wolfSuite"
  220. wolf_temp_suites_total=$((wolf_temp_suites_total + 1))
  221. matchSuite=0;
  222. case ":$openssl_ciphers:" in *":$wolfSuite:"*) # add extra : for edge cases
  223. echo -e "Matched to OpenSSL suite support"
  224. matchSuite=1;;
  225. esac
  226. if [ $matchSuite = 0 ]
  227. then
  228. echo -e "Couldn't match suite, continuing..."
  229. continue
  230. fi
  231. # check for psk suite and turn on client psk if so
  232. psk=""
  233. adh=""
  234. port=$openssl_port
  235. caCert=""
  236. case $wolfSuite in
  237. *ECDH-RSA*)
  238. port=$ecdh_port ;;
  239. *ECDHE-ECDSA*|*ECDH-ECDSA*)
  240. caCert="-A./certs/ca-ecc-cert.pem" ;;
  241. *PSK*)
  242. psk="-s " ;;
  243. *ADH*)
  244. adh="-a " ;;
  245. esac
  246. if [ $version -lt 4 ]
  247. then
  248. ./examples/client/client -p $port -g -r -l $wolfSuite -v $version $psk $adh $caCert
  249. else
  250. # do all versions
  251. ./examples/client/client -p $port -g -r -l $wolfSuite $psk $adh $caCert
  252. fi
  253. client_result=$?
  254. if [ $client_result != 0 ]
  255. then
  256. echo -e "client failed! Suite = $wolfSuite version = $version"
  257. do_cleanup
  258. exit 1
  259. fi
  260. wolf_temp_suites_tested=$((wolf_temp_suites_tested+1))
  261. done
  262. wolf_suites_tested=$((wolf_temp_suites_tested+wolf_suites_tested))
  263. wolf_suites_total=$((wolf_temp_suites_total+wolf_suites_total))
  264. echo -e "wolfSSL suites tested with version:$version $wolf_temp_suites_tested"
  265. version_name
  266. testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_suites_total\t$wolf_temp_suites_tested\n"
  267. wolf_temp_suites_total=0
  268. wolf_temp_suites_tested=0
  269. done
  270. IFS=$OIFS #restore separator
  271. kill -9 $server_pid
  272. if [ $ecdh_server_pid != $no_pid ]
  273. then
  274. kill -9 $ecdh_server_pid
  275. fi
  276. echo -e "wolfSSL total suites $wolf_suites_total"
  277. echo -e "wolfSSL suites tested $wolf_suites_tested"
  278. echo -e "\nSuccess!\n\n\n\n"
  279. echo -e "$testing_summary"
  280. exit 0