1
0

openssl.test 35 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196
  1. #!/bin/bash
  2. #openssl.test
  3. # Enviornment variables used:
  4. # OPENSSL (openssl app to use)
  5. # OPENSSL_ENGINE_ID (engine id if any i.e. "wolfengine")
  6. CERT_DIR="$PWD/$(dirname "$0")/../certs"
  7. if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
  8. echo "WOLFSSL_OPENSSL_TEST NOT set, won't run"
  9. exit 77
  10. fi
  11. # if we can, isolate the network namespace to eliminate port collisions.
  12. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then
  13. if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then
  14. export NETWORK_UNSHARE_HELPER_CALLED=yes
  15. exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $?
  16. fi
  17. elif [ "${AM_BWRAPPED-}" != "yes" ]; then
  18. bwrap_path="$(command -v bwrap)"
  19. if [ -n "$bwrap_path" ]; then
  20. export AM_BWRAPPED=yes
  21. exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@"
  22. fi
  23. unset AM_BWRAPPED
  24. fi
  25. echo "WOLFSSL_OPENSSL_TEST set, running test..."
  26. # need a unique port since may run the same time as testsuite
  27. generate_port() {
  28. #-------------------------------------------------------------------------#
  29. # Generate a random port number
  30. #-------------------------------------------------------------------------#
  31. if [[ "$OSTYPE" == "linux-gnu"* ]]; then
  32. port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512))
  33. elif [[ "$OSTYPE" == "darwin"* ]]; then
  34. port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512))
  35. else
  36. echo "Unknown OS TYPE"
  37. exit 1
  38. fi
  39. }
  40. no_pid=-1
  41. servers=""
  42. openssl_pid=$no_pid
  43. ecdh_openssl_pid=$no_pid
  44. ecdsa_openssl_pid=$no_pid
  45. ed25519_openssl_pid=$no_pid
  46. ed448_openssl_pid=$no_pid
  47. tls13_psk_openssl_pid=$no_pid
  48. wolfssl_pid=$no_pid
  49. ecdh_wolfssl_pid=$no_pid
  50. ecdsa_wolfssl_pid=$no_pid
  51. ed25519_wolfssl_pid=$no_pid
  52. ed448_wolfssl_pid=$no_pid
  53. tls13_psk_wolfssl_pid=$no_pid
  54. anon_wolfssl_pid=$no_pid
  55. wolf_cases_tested=0
  56. wolf_cases_total=0
  57. counter=0
  58. testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
  59. versionName="Invalid"
  60. if [ "$OPENSSL" = "" ]; then
  61. OPENSSL=openssl
  62. fi
  63. WOLFSSL_SERVER=./examples/server/server
  64. WOLFSSL_CLIENT=./examples/client/client
  65. version_name() {
  66. case $version in "0")
  67. versionName="SSLv3"
  68. ;;
  69. "1")
  70. versionName="TLSv1"
  71. ;;
  72. "2")
  73. versionName="TLSv1.1"
  74. ;;
  75. "3")
  76. versionName="TLSv1.2"
  77. ;;
  78. "4")
  79. versionName="TLSv1.3"
  80. ;;
  81. "d")
  82. versionName="Down"
  83. ;;
  84. "")
  85. versionName="Def"
  86. ;;
  87. "5")
  88. versionName="ALL"
  89. ;;
  90. esac
  91. }
  92. do_cleanup() {
  93. echo "in cleanup"
  94. IFS=$OIFS #restore separator
  95. for s in $servers
  96. do
  97. f2=${s%:*}
  98. sname=${f2%:*}
  99. pid=${f2##*:}
  100. port=${s##*:}
  101. echo "killing server: $sname ($port)"
  102. kill -9 $pid
  103. done
  104. }
  105. do_trap() {
  106. echo "got trap"
  107. do_cleanup
  108. exit 1
  109. }
  110. trap do_trap INT TERM
  111. check_process_running() {
  112. if [ "$ps_grep" = "" ]
  113. then
  114. ps -p $server_pid > /dev/null
  115. PS_EXIT=$?
  116. else
  117. ps | grep "^ *$server_pid " > /dev/null
  118. PS_EXIT=$?
  119. fi
  120. }
  121. #
  122. # Start an OpenSSL server
  123. #
  124. start_openssl_server() {
  125. if [ "$wolfssl_client_avail" = "" ]
  126. then
  127. return
  128. fi
  129. generate_port
  130. server_port=$port
  131. found_free_port=0
  132. counter=0
  133. # If OPENSSL_ENGINE_ID has been set then check that the desired engine can
  134. # be loaded successfully and error out if not. Otherwise the OpenSSL app
  135. # will fall back to default engine.
  136. if [ ! -z "${OPENSSL_ENGINE_ID}" ]; then
  137. OUTPUT=`$OPENSSL engine -tt $OPENSSL_ENGINE_ID`
  138. if [ $? != 0 ]; then
  139. printf "not able to load engine\n"
  140. printf "$OPENSSL engine -tt $OPENSSL_ENGINE_ID\n"
  141. do_cleanup
  142. exit 1
  143. else
  144. echo $OUTPUT | grep "available"
  145. if [ $? != 0 ]; then
  146. printf "engine not available\n"
  147. do_cleanup
  148. exit 1
  149. fi
  150. fi
  151. OPENSSL_ENGINE_ID="-engine ${OPENSSL_ENGINE_ID}"
  152. fi
  153. while [ "$counter" -lt 20 ]; do
  154. echo -e "\n# Trying to start $openssl_suite OpenSSL server on port $server_port..."
  155. echo "#"
  156. if [ "$cert_file" != "" ]
  157. then
  158. echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
  159. $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
  160. else
  161. echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
  162. $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
  163. fi
  164. server_pid=$!
  165. # wait to see if s_server successfully starts before continuing
  166. sleep 0.1
  167. check_process_running
  168. if [ "$PS_EXIT" = "0" ]
  169. then
  170. echo "s_server started successfully on port $server_port"
  171. found_free_port=1
  172. break
  173. else
  174. #port already started, try a different port
  175. counter=$((counter+ 1))
  176. generate_port
  177. server_port=$port
  178. fi
  179. done
  180. if [ $found_free_port = 0 ]
  181. then
  182. echo -e "Couldn't find free port for server"
  183. do_cleanup
  184. exit 1
  185. fi
  186. servers="$servers OpenSSL_$openssl_suite:$server_pid:$server_port"
  187. }
  188. #
  189. # Start a wolfSSL server
  190. #
  191. start_wolfssl_server() {
  192. if [ "$wolfssl_server_avail" = "" ]
  193. then
  194. echo "# wolfSSL server not available"
  195. return
  196. fi
  197. wolfssl_cert=""
  198. wolfssl_key=""
  199. wolfssl_caCert=""
  200. if [ "$cert_file" != "" ]
  201. then
  202. wolfssl_cert="-c$cert_file"
  203. fi
  204. if [ "$key_file" != "" ]
  205. then
  206. wolfssl_key="-k$key_file"
  207. fi
  208. if [ "$ca_file" != "" ]
  209. then
  210. wolfssl_caCert="-A$ca_file"
  211. fi
  212. generate_port
  213. server_port=$port
  214. found_free_port=0
  215. counter=0
  216. while [ "$counter" -lt 20 ]; do
  217. echo -e "\n# Trying to start $wolfssl_suite wolfSSL server on port $server_port..."
  218. echo "#"
  219. echo "# $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\""
  220. $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" &
  221. server_pid=$!
  222. # wait to see if server successfully starts before continuing
  223. sleep 0.1
  224. check_process_running
  225. if [ "$PS_EXIT" = "0" ]
  226. then
  227. echo "wolfSSL server started successfully on port $server_port"
  228. found_free_port=1
  229. break
  230. else
  231. #port already started, try a different port
  232. counter=$((counter+ 1))
  233. generate_port
  234. server_port=$port
  235. fi
  236. done
  237. if [ $found_free_port = 0 ]
  238. then
  239. echo -e "Couldn't find free port for server"
  240. do_cleanup
  241. exit 1
  242. fi
  243. servers="$servers wolfSSL_$wolfssl_suite:$server_pid:$server_port"
  244. }
  245. check_server_ready() {
  246. # server should be ready, let's make sure
  247. server_ready=0
  248. while [ "$counter" -lt 20 ]; do
  249. echo -e "waiting for $server_name ready..."
  250. echo -e Checking | nc localhost $server_port
  251. nc_result=$?
  252. if [ $nc_result = 0 ]
  253. then
  254. echo -e "$server_name ready!"
  255. server_ready=1
  256. break
  257. fi
  258. sleep 0.1
  259. counter=$((counter+ 1))
  260. done
  261. if [ $server_ready = 0 ]
  262. then
  263. echo -e "Couldn't verify $server_name is running, timeout error"
  264. do_cleanup
  265. exit 1
  266. fi
  267. }
  268. #
  269. # Run wolfSSL client against OpenSSL server
  270. #
  271. do_wolfssl_client() {
  272. if [ "$wolfssl_client_avail" = "" ]
  273. then
  274. return
  275. fi
  276. wolfssl_cert=""
  277. wolfssl_key=""
  278. wolfssl_caCert=""
  279. if [ "$cert" != "" ]
  280. then
  281. wolfssl_cert="-c$cert"
  282. fi
  283. if [ "$key" != "" ]
  284. then
  285. wolfssl_key="-k$key"
  286. fi
  287. if [ "$caCert" != "" ]
  288. then
  289. wolfssl_caCert="-A$caCert"
  290. fi
  291. wolfssl_resume="-r"
  292. if [ "$openssl_psk_resume_bug" != "" -a "$tls13_suite" != "" ]
  293. then
  294. wolfssl_resume=
  295. fi
  296. if [ "$version" != "5" -a "$version" != "" ]
  297. then
  298. echo "#"
  299. echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
  300. $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
  301. else
  302. echo "#"
  303. echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl"
  304. # do all versions
  305. $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl
  306. fi
  307. client_result=$?
  308. if [ $client_result != 0 ]
  309. then
  310. echo -e "client failed! Suite = $wolfSuite version = $version"
  311. do_cleanup
  312. exit 1
  313. fi
  314. wolf_temp_cases_tested=$((wolf_temp_cases_tested+1))
  315. }
  316. #
  317. # Run OpenSSL client against wolfSSL server
  318. #
  319. do_openssl_client() {
  320. if [ "$wolfssl_server_avail" = "" ]
  321. then
  322. return
  323. fi
  324. if [ "$version" = "" -o "$version" = "5" ]
  325. then
  326. if [ "$tls13_cipher" = "" -a "$openssl_tls13" != "" ]
  327. then
  328. openssl_version="-no_tls1_3"
  329. fi
  330. fi
  331. if [ "$cert" != "" ]
  332. then
  333. openssl_cert1="-cert"
  334. openssl_cert2="$cert"
  335. fi
  336. if [ "$key" != "" ]
  337. then
  338. openssl_key1="-key"
  339. openssl_key2="$key"
  340. fi
  341. if [ "$caCert" != "" ]
  342. then
  343. openssl_caCert1="-CAfile"
  344. openssl_caCert2="$caCert"
  345. fi
  346. if [ "$tls13_cipher" = "" ]
  347. then
  348. echo "#"
  349. echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  350. echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  351. else
  352. echo "#"
  353. echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  354. echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\""
  355. fi
  356. client_result=$?
  357. if [ $client_result != 0 ]
  358. then
  359. echo -e "client failed! Suite = $wolfSuite version = $version"
  360. do_cleanup
  361. exit 1
  362. fi
  363. open_temp_cases_tested=$((open_temp_cases_tested+1))
  364. }
  365. OIFS=$IFS # store old separator to reset
  366. #
  367. # Start
  368. #
  369. ps -p $PPID >/dev/null 2>&1
  370. if [ "$?" = "1" ]
  371. then
  372. ps_grep="yes"
  373. echo "ps -p not working, using ps and grep"
  374. fi
  375. echo -e "\nTesting existence of openssl command...\n"
  376. command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; do_cleanup; exit 0; }
  377. echo -e "\nTesting for _build directory as part of distcheck, different paths"
  378. currentDir=`pwd`
  379. case "$currentDir" in
  380. *_build)
  381. echo -e "_build directory detected, moving a directory back"
  382. cd ..
  383. ;;
  384. esac
  385. echo -e "\nChecking for wolfSSL client - needed for cipher list"
  386. wolfssl_client_avail=`$WOLFSSL_CLIENT -?`
  387. case $wolfssl_client_avail in
  388. *"Client not compiled in!"*)
  389. wolfssl_client_avail=
  390. echo >&2 "Requires wolfSSL client, but it's not built. Ending."
  391. do_cleanup
  392. exit 0
  393. ;;
  394. esac
  395. echo -e "\nTesting for buggy version of OpenSSL - TLS 1.3, PSK and session ticket"
  396. openssl_version=`$OPENSSL version`
  397. case $openssl_version in
  398. "OpenSSL 1.1.1 "*)
  399. openssl_psk_resume_bug=yes
  400. ;;
  401. "OpenSSL 1.0.2"*)
  402. openssl_adh_reneg_bug=yes
  403. ;;
  404. esac
  405. # check for wolfssl server
  406. wolfssl_server_avail=`$WOLFSSL_SERVER -?`
  407. case $wolfssl_server_avail in
  408. *"Server not compiled in!"*)
  409. wolfssl_server_avail=
  410. ;;
  411. esac
  412. # get wolfssl ciphers
  413. wolf_ciphers=`$WOLFSSL_CLIENT -e`
  414. # get wolfssl supported versions
  415. wolf_versions=`$WOLFSSL_CLIENT -V`
  416. wolf_versions="${wolf_versions}:5" #5 will test without -v flag
  417. OIFS="$IFS" # store old separator to reset
  418. IFS=: # set delimiter
  419. for version in $wolf_versions
  420. do
  421. case $version in
  422. 1|2|3)
  423. wolf_tls=yes
  424. ;;
  425. 4)
  426. wolf_tls13=yes
  427. ;;
  428. esac
  429. done
  430. IFS="$OIFS" #restore separator
  431. #
  432. # Start OpenSSL servers
  433. #
  434. # Check for cerificate support in wolfSSL
  435. wolf_certs=`$WOLFSSL_CLIENT -? 2>&1`
  436. case $wolf_certs in
  437. *"cert"*)
  438. ;;
  439. *)
  440. wolf_certs=""
  441. ;;
  442. esac
  443. if [ "$wolf_certs" != "" ]
  444. then
  445. # Check if ECC certificates supported in wolfSSL
  446. wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/ca-ecc-cert.pem" 2>&1`
  447. case $wolf_ecc in
  448. *"ca file"*)
  449. wolf_ecc=""
  450. ;;
  451. *)
  452. ;;
  453. esac
  454. # Check if Ed25519 certificates supported in wolfSSL
  455. wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1`
  456. case $wolf_ed25519 in
  457. *"ca file"*)
  458. wolf_ed25519=""
  459. ;;
  460. *)
  461. ;;
  462. esac
  463. # Check if Ed25519 certificates supported in OpenSSL
  464. openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1`
  465. case $openssl_ed25519 in
  466. *"unable to load"*)
  467. wolf_ed25519=""
  468. ;;
  469. *)
  470. ;;
  471. esac
  472. # Check if Ed448 certificates supported in wolfSSL
  473. wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1`
  474. case $wolf_ed448 in
  475. *"ca file"*)
  476. wolf_ed448=""
  477. ;;
  478. *)
  479. ;;
  480. esac
  481. # Check if Ed448 certificates supported in OpenSSL
  482. openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1`
  483. case $openssl_ed448 in
  484. *"unable to load"*)
  485. wolf_ed448=""
  486. ;;
  487. *)
  488. ;;
  489. esac
  490. fi
  491. openssl_tls13=`$OPENSSL s_client -help 2>&1`
  492. case $openssl_tls13 in
  493. *no_tls1_3*)
  494. ;;
  495. *)
  496. openssl_tls13=
  497. ;;
  498. esac
  499. # Not all openssl versions support -allow_no_dhe_kex
  500. openssl_nodhe=`$OPENSSL s_client -help 2>&1`
  501. case $openssl_nodhe in
  502. *allow_no_dhe_kex*)
  503. openssl_nodhe=-allow_no_dhe_kex
  504. ;;
  505. *)
  506. openssl_nodhe=
  507. ;;
  508. esac
  509. # Check suites to determine support in wolfSSL
  510. OIFS="$IFS" # store old separator to reset
  511. IFS=: # set delimiter
  512. for wolfSuite in $wolf_ciphers; do
  513. case $wolfSuite in
  514. *ECDHE-RSA-*)
  515. ecdhe_avail=yes
  516. wolf_rsa=yes
  517. ;;
  518. *DHE-RSA-*)
  519. wolf_rsa=yes
  520. ;;
  521. *ECDH-RSA*)
  522. wolf_ecdh_rsa=yes
  523. ;;
  524. *ECDHE-ECDSA*|*ECDH-ECDSA*)
  525. wolf_ecdsa=yes
  526. ;;
  527. *ADH*)
  528. wolf_anon=yes
  529. ;;
  530. *PSK*)
  531. if [ "$wolf_psk" = "" ]
  532. then
  533. echo "Testing PSK"
  534. wolf_psk=1
  535. fi
  536. if [ "$wolf_tls" != "" ]
  537. then
  538. wolf_tls_psk=yes
  539. fi
  540. ;;
  541. *TLS13*)
  542. ;;
  543. *)
  544. wolf_rsa=yes
  545. esac
  546. done
  547. IFS="$OIFS" #restore separator
  548. openssl_ciphers=`$OPENSSL ciphers ALL 2>&1`
  549. case $openssl_ciphers in
  550. *ADH*)
  551. openssl_anon=yes
  552. ;;
  553. esac
  554. # TLSv1 -> TLSv1.2 PSK secret
  555. psk_hex="1a2b3c4d"
  556. # If RSA cipher suites supported in wolfSSL then start servers
  557. if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ]
  558. then
  559. if [ "$wolf_rsa" != "" ]
  560. then
  561. cert_file="${CERT_DIR}/server-cert.pem"
  562. key_file="${CERT_DIR}/server-key.pem"
  563. ca_file="${CERT_DIR}/client-ca.pem"
  564. else
  565. cert_file=
  566. key_file=
  567. ca_file=
  568. fi
  569. openssl_suite="RSA"
  570. start_openssl_server
  571. openssl_port=$server_port
  572. openssl_pid=$server_pid
  573. wolfssl_suite="RSA"
  574. if [ "$wolf_tls_psk" != "" ]
  575. then
  576. psk="-j"
  577. fi
  578. echo "cert_file=$cert_file"
  579. start_wolfssl_server
  580. psk=
  581. wolfssl_port=$server_port
  582. wolfssl_pid=$server_pid
  583. fi
  584. # If ECDH-RSA cipher suites supported in wolfSSL then start servers
  585. if [ "$wolf_ecdh_rsa" != "" ]
  586. then
  587. cert_file="${CERT_DIR}/server-ecc-rsa.pem"
  588. key_file="${CERT_DIR}/ecc-key.pem"
  589. ca_file="${CERT_DIR}/client-ca.pem"
  590. openssl_suite="ECDH-RSA"
  591. start_openssl_server
  592. ecdh_openssl_port=$server_port
  593. ecdh_openssl_pid=$server_pid
  594. wolfssl_suite="ECDH-RSA"
  595. start_wolfssl_server
  596. ecdh_wolfssl_port=$server_port
  597. ecdh_wolfssl_pid=$server_pid
  598. fi
  599. if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ]
  600. then
  601. cert_file="${CERT_DIR}/server-ecc.pem"
  602. key_file="${CERT_DIR}/ecc-key.pem"
  603. ca_file="${CERT_DIR}/client-ca.pem"
  604. openssl_suite="ECDH[E]-ECDSA"
  605. start_openssl_server
  606. ecdsa_openssl_port=$server_port
  607. ecdsa_openssl_pid=$server_pid
  608. wolfssl_suite="ECDH[E]-ECDSA"
  609. start_wolfssl_server
  610. ecdsa_wolfssl_port=$server_port
  611. ecdsa_wolfssl_pid=$server_pid
  612. fi
  613. # If Ed25519 certificates supported in wolfSSL then start servers
  614. if [ "$wolf_ed25519" != "" ];
  615. then
  616. cert_file="${CERT_DIR}/ed25519/server-ed25519.pem"
  617. key_file="${CERT_DIR}/ed25519/server-ed25519-priv.pem"
  618. ca_file="${CERT_DIR}/ed25519/client-ed25519.pem"
  619. openssl_suite="Ed25519"
  620. start_openssl_server
  621. ed25519_openssl_port=$server_port
  622. ed25519_openssl_pid=$server_pid
  623. crl="-V"
  624. wolfssl_suite="Ed25519"
  625. start_wolfssl_server
  626. ed25519_wolfssl_port=$server_port
  627. ed25519_wolfssl_pid=$server_pid
  628. crl=
  629. fi
  630. # If Ed448 certificates supported in wolfSSL then start servers
  631. if [ "$wolf_ed448" != "" ];
  632. then
  633. cert_file="${CERT_DIR}/ed448/server-ed448.pem"
  634. key_file="${CERT_DIR}/ed448/server-ed448-priv.pem"
  635. ca_file="${CERT_DIR}/ed448/client-ed448.pem"
  636. openssl_suite="Ed448"
  637. start_openssl_server
  638. ed448_openssl_port=$server_port
  639. ed448_openssl_pid=$server_pid
  640. crl="-V"
  641. wolfssl_suite="Ed448"
  642. start_wolfssl_server
  643. ed448_wolfssl_port=$server_port
  644. ed448_wolfssl_pid=$server_pid
  645. crl=
  646. fi
  647. if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ]
  648. then
  649. cert_file=
  650. psk_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
  651. openssl_suite="TLSv1.3_PSK"
  652. start_openssl_server
  653. tls13_psk_openssl_port=$server_port
  654. tls13_psk_openssl_pid=$server_pid
  655. psk="-s"
  656. wolfssl_suite="TLSv1.3_PSK"
  657. start_wolfssl_server
  658. tls13_psk_wolfssl_port=$server_port
  659. tls13_psk_wolfssl_pid=$server_pid
  660. fi
  661. if [ "$wolf_anon" != "" -a "$openssl_anon" ]
  662. then
  663. cert_file=""
  664. key_file=""
  665. ca_file=""
  666. wolfssl_suite="Anon"
  667. psk="-a" # anonymous not psk
  668. start_wolfssl_server
  669. anon_wolfssl_port=$server_port
  670. anon_wolfssl_pid=$server_pid
  671. fi
  672. for s in $servers
  673. do
  674. f2=${s%:*}
  675. server_name=${f2%:*}
  676. server_port=${s##*:}
  677. check_server_ready
  678. done
  679. OIFS="$IFS" # store old separator to reset
  680. IFS=: # set delimiter
  681. set -f # no globbing
  682. wolf_temp_cases_total=0
  683. wolf_temp_cases_tested=0
  684. # Testing of OpenSSL support for version requires a running OpenSSL server
  685. for version in $wolf_versions;
  686. do
  687. echo -e "version = $version"
  688. # get openssl ciphers depending on version
  689. # -s flag for only supported ciphers
  690. case $version in
  691. "0")
  692. openssl_ciphers=`$OPENSSL ciphers "SSLv3" 2>&1`
  693. # double check that can actually do a sslv3 connection using
  694. # client-cert.pem to send but any file with EOF works
  695. $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < "${CERT_DIR}/client-cert.pem"
  696. sslv3_sup=$?
  697. if [ $sslv3_sup != 0 ]
  698. then
  699. echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier"
  700. testing_summary="${testing_summary}SSLv3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  701. continue
  702. fi
  703. openssl_version="-ssl3"
  704. ;;
  705. "1")
  706. proto_check=`echo "hell" | $OPENSSL s_client -connect localhost:$openssl_port -tls1 2>&1`
  707. tlsv1_sup=$?
  708. if [ $tlsv1_sup != 0 ]
  709. then
  710. echo -e "Not testing TLSv1. No OpenSSL support for '-tls1'"
  711. testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL Support)\n"
  712. continue
  713. fi
  714. openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
  715. tlsv1_sup=$?
  716. if [ $tlsv1_sup != 0 ]
  717. then
  718. echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
  719. testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  720. continue
  721. fi
  722. openssl_version="-tls1"
  723. ;;
  724. "2")
  725. # Same ciphers for TLSv1.1 as TLSv1
  726. proto_check=`echo "hello" | $OPENSSL s_client -connect localhost:$openssl_port -tls1_1 2>&1`
  727. tlsv1_1_sup=$?
  728. if [ $tlsv1_1_sup != 0 ]
  729. then
  730. echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier"
  731. testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  732. continue
  733. fi
  734. openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1`
  735. tlsv1_sup=$?
  736. if [ $tlsv1_sup != 0 ]
  737. then
  738. echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier"
  739. testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  740. continue
  741. fi
  742. openssl_version="-tls1_1"
  743. ;;
  744. "3")
  745. openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2" 2>&1`
  746. tlsv1_2_sup=$?
  747. if [ $tlsv1_2_sup != 0 ]
  748. then
  749. echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier"
  750. testing_summary="${testing_summary}TLSv1.2\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  751. continue
  752. fi
  753. openssl_version="-tls1_2"
  754. ;;
  755. "4")
  756. openssl_ciphers=`$OPENSSL ciphers -tls1_3 2>&1`
  757. tlsv1_3_sup=$?
  758. if [ $tlsv1_3_sup != 0 ]
  759. then
  760. echo -e "Not testing TLSv1.3. No OpenSSL support for 'TLSv1.3' modifier"
  761. testing_summary="${testing_summary}TLSv1.3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  762. continue
  763. fi
  764. ecc_support=`$WOLFSSL_CLIENT -? 2>&1 | grep 'ECC named groups'`
  765. openssl_version="-tls1_3"
  766. ;;
  767. "d(downgrade)")
  768. version="d"
  769. openssl_version=""
  770. ;;
  771. "e(either)")
  772. continue
  773. ;;
  774. "5") #test all suites
  775. openssl_ciphers=`$OPENSSL ciphers -s "ALL" 2>&1`
  776. all_sup=$?
  777. if [ $all_sup != 0 ]
  778. then
  779. echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
  780. testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  781. continue
  782. fi
  783. openssl_version=""
  784. ;;
  785. "")
  786. openssl_ciphers=`$OPENSSL ciphers 2>&1`
  787. all_sup=$?
  788. if [ $all_sup != 0 ]
  789. then
  790. echo -e "Not testing ALL. No OpenSSL support for ALL modifier"
  791. testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n"
  792. continue
  793. fi
  794. openssl_version=""
  795. ;;
  796. esac
  797. for wolfSuite in $wolf_ciphers; do
  798. echo -e "trying wolfSSL cipher suite $wolfSuite"
  799. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  800. open_temp_cases_total=$((open_temp_cases_total + 1))
  801. matchSuite=0;
  802. tls13_suite=
  803. case $wolfSuite in
  804. "TLS13-AES128-GCM-SHA256")
  805. cmpSuite="TLS_AES_128_GCM_SHA256"
  806. tls13_suite="yes"
  807. ;;
  808. "TLS13-AES256-GCM-SHA384")
  809. cmpSuite="TLS_AES_256_GCM_SHA384"
  810. tls13_suite="yes"
  811. ;;
  812. "TLS13-CHACHA20-POLY1305-SHA256")
  813. cmpSuite="TLS_CHACHA20_POLY1305_SHA256"
  814. tls13_suite="yes"
  815. ;;
  816. "TLS13-AES128-CCM-SHA256")
  817. cmpSuite="TLS_AES_128_CCM_SHA256"
  818. tls13_suite="yes"
  819. ;;
  820. "TLS13-AES128-CCM-8-SHA256"|"TLS13-AES128-CCM8-SHA256")
  821. cmpSuite="TLS_AES_128_CCM_8_SHA256"
  822. tls13_suite="yes"
  823. ;;
  824. "TLS13-SHA256-SHA256")
  825. continue
  826. ;;
  827. "TLS13-SHA384-SHA384")
  828. continue
  829. ;;
  830. "TLS13-"*)
  831. echo -e "Suite = $wolfSuite not recognized!"
  832. echo -e "Add translation of wolfSSL name to OpenSSL"
  833. do_cleanup
  834. exit 1
  835. ;;
  836. *)
  837. cmpSuite=$wolfSuite
  838. ;;
  839. esac
  840. case ":$openssl_ciphers:" in *":$cmpSuite:"*) # add extra : for edge cases
  841. case "$cmpSuite" in
  842. "TLS_"*)
  843. if [ "$version" != "4" -a "$version" != "d" ]
  844. then
  845. echo -e "TLS 1.3 cipher suite but not TLS 1.3 protocol"
  846. matchSuite=0
  847. else
  848. echo -e "Matched to OpenSSL suite support"
  849. matchSuite=1
  850. fi
  851. ;;
  852. *)
  853. if [ "$version" = "d" -a "$wolfdowngrade" = "4" ]
  854. then
  855. echo -e "Not TLS 1.3 cipher suite but TLS 1.3 downgrade"
  856. matchSuite=0
  857. elif [ "$version" != "4" ]
  858. then
  859. echo -e "Matched to OpenSSL suite support"
  860. matchSuite=1
  861. else
  862. echo -e "Not TLS 1.3 cipher suite but TLS 1.3 protocol"
  863. matchSuite=0
  864. fi
  865. ;;
  866. esac
  867. ;;
  868. esac
  869. if [ $matchSuite = 0 ]
  870. then
  871. echo -e "Couldn't match suite, continuing..."
  872. continue
  873. fi
  874. # check for psk suite and turn on client psk if so
  875. psk=""
  876. adh=""
  877. crl=""
  878. cert=""
  879. key=""
  880. caCert=""
  881. case $wolfSuite in
  882. *ECDH-RSA*)
  883. cert="${CERT_DIR}/client-cert.pem"
  884. key="${CERT_DIR}/client-key.pem"
  885. caCert="${CERT_DIR}/ca-cert.pem"
  886. port=$ecdh_openssl_port
  887. do_wolfssl_client
  888. port=$ecdh_wolfssl_port
  889. do_openssl_client
  890. ;;
  891. *ECDHE-ECDSA*|*ECDH-ECDSA*)
  892. if [ "$wolf_ecc" != "" ]
  893. then
  894. cert="${CERT_DIR}/client-cert.pem"
  895. key="${CERT_DIR}/client-key.pem"
  896. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  897. port=$ecdsa_openssl_port
  898. do_wolfssl_client
  899. port=$ecdsa_wolfssl_port
  900. do_openssl_client
  901. else
  902. wolf_temp_cases_total=$((wolf_temp_cases_total - 1))
  903. fi
  904. if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
  905. then
  906. cert="${CERT_DIR}/ed25519/client-ed25519.pem"
  907. key="${CERT_DIR}/ed25519/client-ed25519-priv.pem"
  908. caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
  909. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  910. port=$ed25519_openssl_port
  911. crl="-C"
  912. do_wolfssl_client
  913. open_temp_cases_total=$((open_temp_cases_total + 1))
  914. port=$ed25519_wolfssl_port
  915. do_openssl_client
  916. fi
  917. if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ]
  918. then
  919. cert="${CERT_DIR}/ed448/client-ed448.pem"
  920. key="${CERT_DIR}/ed448/client-ed448-priv.pem"
  921. caCert="${CERT_DIR}/ed448/server-ed448.pem"
  922. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  923. port=$ed448_openssl_port
  924. crl="-C"
  925. do_wolfssl_client
  926. open_temp_cases_total=$((open_temp_cases_total + 1))
  927. port=$ed448_wolfssl_port
  928. do_openssl_client
  929. fi
  930. ;;
  931. *DHE-PSK*)
  932. cert="${CERT_DIR}/client-cert.pem"
  933. key="${CERT_DIR}/client-key.pem"
  934. caCert="${CERT_DIR}/ca-cert.pem"
  935. port=$openssl_port
  936. psk="-s"
  937. do_wolfssl_client
  938. # Skip when no RSA as some versions of OpenSSL can't handle no
  939. # signature
  940. if [ "$wolf_rsa" != "" ]
  941. then
  942. port=$wolfssl_port
  943. openssl_psk="-psk 1a2b3c4d"
  944. do_openssl_client
  945. fi
  946. ;;
  947. *PSK*)
  948. cert="${CERT_DIR}/client-cert.pem"
  949. key="${CERT_DIR}/client-key.pem"
  950. caCert="${CERT_DIR}/ca-cert.pem"
  951. port=$openssl_port
  952. psk="-s"
  953. do_wolfssl_client
  954. port=$wolfssl_port
  955. openssl_psk="-psk 1a2b3c4d"
  956. do_openssl_client
  957. ;;
  958. *ADH*)
  959. cert="${CERT_DIR}/client-cert.pem"
  960. key="${CERT_DIR}/client-key.pem"
  961. caCert="${CERT_DIR}/ca-cert.pem"
  962. if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ]
  963. then
  964. continue
  965. fi
  966. port=$openssl_port
  967. adh="-a"
  968. do_wolfssl_client
  969. port=$anon_wolfssl_port
  970. do_openssl_client
  971. ;;
  972. TLS13*)
  973. if [ $version != "4" -a $version != "d" -a $version != " " -a $version != "5" ]
  974. then
  975. continue
  976. fi
  977. tls13_cipher=yes
  978. # RSA
  979. if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ]
  980. then
  981. cert="${CERT_DIR}/client-cert.pem"
  982. key="${CERT_DIR}/client-key.pem"
  983. caCert="${CERT_DIR}/ca-cert.pem"
  984. port=$openssl_port
  985. do_wolfssl_client
  986. port=$wolfssl_port
  987. do_openssl_client
  988. fi
  989. # PSK
  990. if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" -a "$wolf_ecc" != "" -a $openssl_nodhe != "" ]
  991. then
  992. cert=""
  993. key=""
  994. caCert=""
  995. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  996. port=$tls13_psk_openssl_port
  997. psk="-s"
  998. # OpenSSL doesn't support DH for key exchange so do no PSK
  999. # DHE when ECC not supported
  1000. if [ "$wolf_ecc" = "" ]
  1001. then
  1002. adh="-K"
  1003. fi
  1004. do_wolfssl_client
  1005. psk=""
  1006. adh=""
  1007. openssl_psk="-psk 0123456789abcdef0123456789abcdef"
  1008. open_temp_cases_total=$((open_temp_cases_total + 1))
  1009. port=$wolfssl_port
  1010. do_openssl_client
  1011. open_temp_cases_total=$((open_temp_cases_total + 1))
  1012. port=$tls13_psk_wolfssl_port
  1013. do_openssl_client
  1014. openssl_psk=""
  1015. fi
  1016. # ECDSA
  1017. if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ]
  1018. then
  1019. cert="${CERT_DIR}/client-ecc-cert.pem"
  1020. key="${CERT_DIR}/ecc-client-key.pem"
  1021. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  1022. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1023. port=$ecdsa_openssl_port
  1024. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  1025. do_wolfssl_client
  1026. open_temp_cases_total=$((open_temp_cases_total + 1))
  1027. port=$ecdsa_wolfssl_port
  1028. caCert="${CERT_DIR}/ca-ecc-cert.pem"
  1029. do_openssl_client
  1030. fi
  1031. # Ed25519
  1032. if [ $ed25519_openssl_pid != $no_pid ]
  1033. then
  1034. cert="${CERT_DIR}/ed25519/client-ed25519.pem"
  1035. key="${CERT_DIR}/ed25519/client-ed25519-priv.pem"
  1036. caCert="${CERT_DIR}/ed25519/server-ed25519.pem"
  1037. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1038. port=$ed25519_openssl_port
  1039. crl="-C"
  1040. do_wolfssl_client
  1041. open_temp_cases_total=$((open_temp_cases_total + 1))
  1042. port=$ed25519_wolfssl_port
  1043. do_openssl_client
  1044. fi
  1045. # Ed448
  1046. if [ $ed448_openssl_pid != $no_pid ]
  1047. then
  1048. cert="${CERT_DIR}/ed448/client-ed448.pem"
  1049. key="${CERT_DIR}/ed448/client-ed448-priv.pem"
  1050. caCert="${CERT_DIR}/ed448/server-ed448.pem"
  1051. wolf_temp_cases_total=$((wolf_temp_cases_total + 1))
  1052. port=$ed448_openssl_port
  1053. crl="-C"
  1054. do_wolfssl_client
  1055. open_temp_cases_total=$((open_temp_cases_total + 1))
  1056. port=$ed448_wolfssl_port
  1057. do_openssl_client
  1058. fi
  1059. tls13_cipher=
  1060. ;;
  1061. *)
  1062. cert="${CERT_DIR}/client-cert.pem"
  1063. key="${CERT_DIR}/client-key.pem"
  1064. caCert="${CERT_DIR}/ca-cert.pem"
  1065. port=$openssl_port
  1066. do_wolfssl_client
  1067. port=$wolfssl_port
  1068. do_openssl_client
  1069. ;;
  1070. esac
  1071. done
  1072. wolf_cases_tested=$((wolf_temp_cases_tested+wolf_cases_tested))
  1073. wolf_cases_total=$((wolf_temp_cases_total+wolf_cases_total))
  1074. echo -e "wolfSSL cases tested with version:$version $wolf_temp_cases_tested"
  1075. open_cases_tested=$((open_temp_cases_tested+open_cases_tested))
  1076. open_cases_total=$((open_temp_cases_total+open_cases_total))
  1077. echo -e "OpenSSL cases tested with version:$version $open_temp_cases_tested"
  1078. version_name
  1079. testing_summary="$testing_summary$versionName\tYes\t$wolf_temp_cases_total\t$wolf_temp_cases_tested\t$open_temp_cases_total\t$open_temp_cases_tested\n"
  1080. wolf_temp_cases_total=0
  1081. wolf_temp_cases_tested=0
  1082. open_temp_cases_total=0
  1083. open_temp_cases_tested=0
  1084. wolfdowngrade="$version"
  1085. done
  1086. IFS="$OIFS" #restore separator
  1087. do_cleanup
  1088. echo -e "wolfSSL total cases $wolf_cases_total"
  1089. echo -e "wolfSSL cases tested $wolf_cases_tested"
  1090. echo -e "OpenSSL total cases $open_cases_total"
  1091. echo -e "OpenSSL cases tested $open_cases_tested"
  1092. echo -e "\nSuccess!\n\n\n\n"
  1093. echo -e "$testing_summary"
  1094. exit 0