This Trac instance is not used for development anymore!

We migrated our development workflow to git and Gitea.
To test the future redirection, replace trac by ariadne in the page URL.

source: ps/trunk/build/premake/premake5/contrib/mbedtls/tests/compat.sh

Last change on this file was 20366, checked in by Itms, 7 years ago

Alpha 12 version of Premake 5, including prebuilt binary for Windows.
Directly taken from https://premake.github.io/.

Refs #3729.
File size: 44.9 KB
Line 
1#!/bin/sh
2
3# Test interop with OpenSSL and GnuTLS (and self-op while at it).
4#
5# Check each common ciphersuite, with each version, both ways (client/server),
6# with and without client authentication.
7#
8# Peer version requirements:
9# - OpenSSL 1.0.1e 11 Feb 2013 (probably NOT since 1.0.1, tested with 1.0.1e)
10# - GnuTLS 3.2.15 (probably works since 3.2.12 but tested only with 3.2.15)
11
12set -u
13
14# initialise counters
15TESTS=0
16FAILED=0
17SKIPPED=0
18SRVMEM=0
19
20# default commands, can be overriden by the environment
21: ${P_SRV:=../programs/ssl/ssl_server2}
22: ${P_CLI:=../programs/ssl/ssl_client2}
23: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
24: ${GNUTLS_CLI:=gnutls-cli}
25: ${GNUTLS_SERV:=gnutls-serv}
26
27# do we have a recent enough GnuTLS?
28if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
29 G_VER="$( $GNUTLS_CLI --version | head -n1 )"
30 if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version
31 PEER_GNUTLS=" GnuTLS"
32 else
33 eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' )
34 if [ $MAJOR -lt 3 -o \
35 \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \
36 \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ]
37 then
38 PEER_GNUTLS=""
39 else
40 PEER_GNUTLS=" GnuTLS"
41 fi
42 fi
43else
44 PEER_GNUTLS=""
45fi
46
47# default values for options
48MODES="ssl3 tls1 tls1_1 tls1_2 dtls1 dtls1_2"
49VERIFIES="NO YES"
50TYPES="ECDSA RSA PSK"
51FILTER=""
52EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
53VERBOSE=""
54MEMCHECK=0
55PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
56
57# hidden option: skip DTLS with OpenSSL
58# (travis CI has a version that doesn't work for us)
59: ${OSSL_NO_DTLS:=0}
60
61print_usage() {
62 echo "Usage: $0"
63 printf " -h|--help\tPrint this help.\n"
64 printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n"
65 printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n"
66 printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n"
67 printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n"
68 printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n"
69 printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n"
70 printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
71 printf " -M|--memcheck\tCheck memory leaks and errors.\n"
72 printf " -v|--verbose\tSet verbose output.\n"
73}
74
75get_options() {
76 while [ $# -gt 0 ]; do
77 case "$1" in
78 -f|--filter)
79 shift; FILTER=$1
80 ;;
81 -e|--exclude)
82 shift; EXCLUDE=$1
83 ;;
84 -m|--modes)
85 shift; MODES=$1
86 ;;
87 -t|--types)
88 shift; TYPES=$1
89 ;;
90 -V|--verify)
91 shift; VERIFIES=$1
92 ;;
93 -p|--peers)
94 shift; PEERS=$1
95 ;;
96 -v|--verbose)
97 VERBOSE=1
98 ;;
99 -M|--memcheck)
100 MEMCHECK=1
101 ;;
102 -h|--help)
103 print_usage
104 exit 0
105 ;;
106 *)
107 echo "Unknown argument: '$1'"
108 print_usage
109 exit 1
110 ;;
111 esac
112 shift
113 done
114
115 # sanitize some options (modes checked later)
116 VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )"
117 TYPES="$( echo $TYPES | tr [a-z] [A-Z] )"
118}
119
120log() {
121 if [ "X" != "X$VERBOSE" ]; then
122 echo ""
123 echo "$@"
124 fi
125}
126
127# is_dtls <mode>
128is_dtls()
129{
130 test "$1" = "dtls1" -o "$1" = "dtls1_2"
131}
132
133# minor_ver <mode>
134minor_ver()
135{
136 case "$1" in
137 ssl3)
138 echo 0
139 ;;
140 tls1)
141 echo 1
142 ;;
143 tls1_1|dtls1)
144 echo 2
145 ;;
146 tls1_2|dtls1_2)
147 echo 3
148 ;;
149 *)
150 echo "error: invalid mode: $MODE" >&2
151 # exiting is no good here, typically called in a subshell
152 echo -1
153 esac
154}
155
156filter()
157{
158 LIST="$1"
159 NEW_LIST=""
160
161 if is_dtls "$MODE"; then
162 EXCLMODE="$EXCLUDE"'\|RC4\|ARCFOUR'
163 else
164 EXCLMODE="$EXCLUDE"
165 fi
166
167 for i in $LIST;
168 do
169 NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )"
170 done
171
172 # normalize whitespace
173 echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//'
174}
175
176# OpenSSL 1.0.1h with -Verify wants a ClientCertificate message even for
177# PSK ciphersuites with DTLS, which is incorrect, so disable them for now
178check_openssl_server_bug()
179{
180 if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \
181 echo "$1" | grep "^TLS-PSK" >/dev/null;
182 then
183 SKIP_NEXT="YES"
184 fi
185}
186
187filter_ciphersuites()
188{
189 if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
190 then
191 P_CIPHERS=$( filter "$P_CIPHERS" )
192 O_CIPHERS=$( filter "$O_CIPHERS" )
193 G_CIPHERS=$( filter "$G_CIPHERS" )
194 fi
195
196 # OpenSSL 1.0.1h doesn't support DTLS 1.2
197 if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
198 O_CIPHERS=""
199 case "$PEER" in
200 [Oo]pen*)
201 P_CIPHERS=""
202 ;;
203 esac
204 fi
205
206 # For GnuTLS client -> mbed TLS server,
207 # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
208 if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then
209 G_CIPHERS=""
210 fi
211}
212
213reset_ciphersuites()
214{
215 P_CIPHERS=""
216 O_CIPHERS=""
217 G_CIPHERS=""
218}
219
220add_common_ciphersuites()
221{
222 case $TYPE in
223
224 "ECDSA")
225 if [ `minor_ver "$MODE"` -gt 0 ]
226 then
227 P_CIPHERS="$P_CIPHERS \
228 TLS-ECDHE-ECDSA-WITH-NULL-SHA \
229 TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
230 TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
231 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
232 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
233 "
234 G_CIPHERS="$G_CIPHERS \
235 +ECDHE-ECDSA:+NULL:+SHA1 \
236 +ECDHE-ECDSA:+ARCFOUR-128:+SHA1 \
237 +ECDHE-ECDSA:+3DES-CBC:+SHA1 \
238 +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \
239 +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \
240 "
241 O_CIPHERS="$O_CIPHERS \
242 ECDHE-ECDSA-NULL-SHA \
243 ECDHE-ECDSA-RC4-SHA \
244 ECDHE-ECDSA-DES-CBC3-SHA \
245 ECDHE-ECDSA-AES128-SHA \
246 ECDHE-ECDSA-AES256-SHA \
247 "
248 fi
249 if [ `minor_ver "$MODE"` -ge 3 ]
250 then
251 P_CIPHERS="$P_CIPHERS \
252 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
253 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
254 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
255 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
256 "
257 G_CIPHERS="$G_CIPHERS \
258 +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \
259 +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \
260 +ECDHE-ECDSA:+AES-128-GCM:+AEAD \
261 +ECDHE-ECDSA:+AES-256-GCM:+AEAD \
262 "
263 O_CIPHERS="$O_CIPHERS \
264 ECDHE-ECDSA-AES128-SHA256 \
265 ECDHE-ECDSA-AES256-SHA384 \
266 ECDHE-ECDSA-AES128-GCM-SHA256 \
267 ECDHE-ECDSA-AES256-GCM-SHA384 \
268 "
269 fi
270 ;;
271
272 "RSA")
273 P_CIPHERS="$P_CIPHERS \
274 TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
275 TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
276 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
277 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
278 TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \
279 TLS-RSA-WITH-AES-256-CBC-SHA \
280 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
281 TLS-RSA-WITH-AES-128-CBC-SHA \
282 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
283 TLS-RSA-WITH-3DES-EDE-CBC-SHA \
284 TLS-RSA-WITH-RC4-128-SHA \
285 TLS-RSA-WITH-RC4-128-MD5 \
286 TLS-RSA-WITH-NULL-MD5 \
287 TLS-RSA-WITH-NULL-SHA \
288 "
289 G_CIPHERS="$G_CIPHERS \
290 +DHE-RSA:+AES-128-CBC:+SHA1 \
291 +DHE-RSA:+AES-256-CBC:+SHA1 \
292 +DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \
293 +DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \
294 +DHE-RSA:+3DES-CBC:+SHA1 \
295 +RSA:+AES-256-CBC:+SHA1 \
296 +RSA:+CAMELLIA-256-CBC:+SHA1 \
297 +RSA:+AES-128-CBC:+SHA1 \
298 +RSA:+CAMELLIA-128-CBC:+SHA1 \
299 +RSA:+3DES-CBC:+SHA1 \
300 +RSA:+ARCFOUR-128:+SHA1 \
301 +RSA:+ARCFOUR-128:+MD5 \
302 +RSA:+NULL:+MD5 \
303 +RSA:+NULL:+SHA1 \
304 "
305 O_CIPHERS="$O_CIPHERS \
306 DHE-RSA-AES128-SHA \
307 DHE-RSA-AES256-SHA \
308 DHE-RSA-CAMELLIA128-SHA \
309 DHE-RSA-CAMELLIA256-SHA \
310 EDH-RSA-DES-CBC3-SHA \
311 AES256-SHA \
312 CAMELLIA256-SHA \
313 AES128-SHA \
314 CAMELLIA128-SHA \
315 DES-CBC3-SHA \
316 RC4-SHA \
317 RC4-MD5 \
318 NULL-MD5 \
319 NULL-SHA \
320 "
321 if [ `minor_ver "$MODE"` -gt 0 ]
322 then
323 P_CIPHERS="$P_CIPHERS \
324 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
325 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
326 TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
327 TLS-ECDHE-RSA-WITH-RC4-128-SHA \
328 TLS-ECDHE-RSA-WITH-NULL-SHA \
329 "
330 G_CIPHERS="$G_CIPHERS \
331 +ECDHE-RSA:+AES-128-CBC:+SHA1 \
332 +ECDHE-RSA:+AES-256-CBC:+SHA1 \
333 +ECDHE-RSA:+3DES-CBC:+SHA1 \
334 +ECDHE-RSA:+ARCFOUR-128:+SHA1 \
335 +ECDHE-RSA:+NULL:+SHA1 \
336 "
337 O_CIPHERS="$O_CIPHERS \
338 ECDHE-RSA-AES256-SHA \
339 ECDHE-RSA-AES128-SHA \
340 ECDHE-RSA-DES-CBC3-SHA \
341 ECDHE-RSA-RC4-SHA \
342 ECDHE-RSA-NULL-SHA \
343 "
344 fi
345 if [ `minor_ver "$MODE"` -ge 3 ]
346 then
347 P_CIPHERS="$P_CIPHERS \
348 TLS-RSA-WITH-AES-128-CBC-SHA256 \
349 TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
350 TLS-RSA-WITH-AES-256-CBC-SHA256 \
351 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
352 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
353 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
354 TLS-RSA-WITH-AES-128-GCM-SHA256 \
355 TLS-RSA-WITH-AES-256-GCM-SHA384 \
356 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
357 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
358 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
359 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
360 "
361 G_CIPHERS="$G_CIPHERS \
362 +RSA:+AES-128-CBC:+SHA256 \
363 +DHE-RSA:+AES-128-CBC:+SHA256 \
364 +RSA:+AES-256-CBC:+SHA256 \
365 +DHE-RSA:+AES-256-CBC:+SHA256 \
366 +ECDHE-RSA:+AES-128-CBC:+SHA256 \
367 +ECDHE-RSA:+AES-256-CBC:+SHA384 \
368 +RSA:+AES-128-GCM:+AEAD \
369 +RSA:+AES-256-GCM:+AEAD \
370 +DHE-RSA:+AES-128-GCM:+AEAD \
371 +DHE-RSA:+AES-256-GCM:+AEAD \
372 +ECDHE-RSA:+AES-128-GCM:+AEAD \
373 +ECDHE-RSA:+AES-256-GCM:+AEAD \
374 "
375 O_CIPHERS="$O_CIPHERS \
376 NULL-SHA256 \
377 AES128-SHA256 \
378 DHE-RSA-AES128-SHA256 \
379 AES256-SHA256 \
380 DHE-RSA-AES256-SHA256 \
381 ECDHE-RSA-AES128-SHA256 \
382 ECDHE-RSA-AES256-SHA384 \
383 AES128-GCM-SHA256 \
384 DHE-RSA-AES128-GCM-SHA256 \
385 AES256-GCM-SHA384 \
386 DHE-RSA-AES256-GCM-SHA384 \
387 ECDHE-RSA-AES128-GCM-SHA256 \
388 ECDHE-RSA-AES256-GCM-SHA384 \
389 "
390 fi
391 ;;
392
393 "PSK")
394 P_CIPHERS="$P_CIPHERS \
395 TLS-PSK-WITH-RC4-128-SHA \
396 TLS-PSK-WITH-3DES-EDE-CBC-SHA \
397 TLS-PSK-WITH-AES-128-CBC-SHA \
398 TLS-PSK-WITH-AES-256-CBC-SHA \
399 "
400 G_CIPHERS="$G_CIPHERS \
401 +PSK:+ARCFOUR-128:+SHA1 \
402 +PSK:+3DES-CBC:+SHA1 \
403 +PSK:+AES-128-CBC:+SHA1 \
404 +PSK:+AES-256-CBC:+SHA1 \
405 "
406 O_CIPHERS="$O_CIPHERS \
407 PSK-RC4-SHA \
408 PSK-3DES-EDE-CBC-SHA \
409 PSK-AES128-CBC-SHA \
410 PSK-AES256-CBC-SHA \
411 "
412 ;;
413 esac
414}
415
416add_openssl_ciphersuites()
417{
418 case $TYPE in
419
420 "ECDSA")
421 if [ `minor_ver "$MODE"` -gt 0 ]
422 then
423 P_CIPHERS="$P_CIPHERS \
424 TLS-ECDH-ECDSA-WITH-NULL-SHA \
425 TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
426 TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
427 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
428 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
429 "
430 O_CIPHERS="$O_CIPHERS \
431 ECDH-ECDSA-NULL-SHA \
432 ECDH-ECDSA-RC4-SHA \
433 ECDH-ECDSA-DES-CBC3-SHA \
434 ECDH-ECDSA-AES128-SHA \
435 ECDH-ECDSA-AES256-SHA \
436 "
437 fi
438 if [ `minor_ver "$MODE"` -ge 3 ]
439 then
440 P_CIPHERS="$P_CIPHERS \
441 TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
442 TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
443 TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
444 TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
445 "
446 O_CIPHERS="$O_CIPHERS \
447 ECDH-ECDSA-AES128-SHA256 \
448 ECDH-ECDSA-AES256-SHA384 \
449 ECDH-ECDSA-AES128-GCM-SHA256 \
450 ECDH-ECDSA-AES256-GCM-SHA384 \
451 "
452 fi
453 ;;
454
455 "RSA")
456 P_CIPHERS="$P_CIPHERS \
457 TLS-RSA-WITH-DES-CBC-SHA \
458 TLS-DHE-RSA-WITH-DES-CBC-SHA \
459 "
460 O_CIPHERS="$O_CIPHERS \
461 DES-CBC-SHA \
462 EDH-RSA-DES-CBC-SHA \
463 "
464 ;;
465
466 "PSK")
467 ;;
468 esac
469}
470
471add_gnutls_ciphersuites()
472{
473 case $TYPE in
474
475 "ECDSA")
476 if [ `minor_ver "$MODE"` -ge 3 ]
477 then
478 P_CIPHERS="$P_CIPHERS \
479 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
480 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
481 TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
482 TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
483 "
484 G_CIPHERS="$G_CIPHERS \
485 +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \
486 +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \
487 +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \
488 +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \
489 "
490 fi
491 ;;
492
493 "RSA")
494 if [ `minor_ver "$MODE"` -gt 0 ]
495 then
496 P_CIPHERS="$P_CIPHERS \
497 TLS-RSA-WITH-NULL-SHA256 \
498 "
499 G_CIPHERS="$G_CIPHERS \
500 +RSA:+NULL:+SHA256 \
501 "
502 fi
503 if [ `minor_ver "$MODE"` -ge 3 ]
504 then
505 P_CIPHERS="$P_CIPHERS \
506 TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
507 TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
508 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
509 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
510 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
511 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
512 TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
513 TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
514 TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
515 TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
516 TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
517 TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
518 "
519 G_CIPHERS="$G_CIPHERS \
520 +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
521 +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \
522 +RSA:+CAMELLIA-128-CBC:+SHA256 \
523 +RSA:+CAMELLIA-256-CBC:+SHA256 \
524 +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \
525 +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \
526 +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \
527 +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \
528 +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \
529 +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \
530 +RSA:+CAMELLIA-128-GCM:+AEAD \
531 +RSA:+CAMELLIA-256-GCM:+AEAD \
532 "
533 fi
534 ;;
535
536 "PSK")
537 P_CIPHERS="$P_CIPHERS \
538 TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
539 TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
540 TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
541 TLS-DHE-PSK-WITH-RC4-128-SHA \
542 "
543 G_CIPHERS="$G_CIPHERS \
544 +DHE-PSK:+3DES-CBC:+SHA1 \
545 +DHE-PSK:+AES-128-CBC:+SHA1 \
546 +DHE-PSK:+AES-256-CBC:+SHA1 \
547 +DHE-PSK:+ARCFOUR-128:+SHA1 \
548 "
549 if [ `minor_ver "$MODE"` -gt 0 ]
550 then
551 P_CIPHERS="$P_CIPHERS \
552 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
553 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
554 TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
555 TLS-ECDHE-PSK-WITH-RC4-128-SHA \
556 TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \
557 TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
558 TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
559 TLS-RSA-PSK-WITH-RC4-128-SHA \
560 "
561 G_CIPHERS="$G_CIPHERS \
562 +ECDHE-PSK:+3DES-CBC:+SHA1 \
563 +ECDHE-PSK:+AES-128-CBC:+SHA1 \
564 +ECDHE-PSK:+AES-256-CBC:+SHA1 \
565 +ECDHE-PSK:+ARCFOUR-128:+SHA1 \
566 +RSA-PSK:+3DES-CBC:+SHA1 \
567 +RSA-PSK:+AES-256-CBC:+SHA1 \
568 +RSA-PSK:+AES-128-CBC:+SHA1 \
569 +RSA-PSK:+ARCFOUR-128:+SHA1 \
570 "
571 fi
572 if [ `minor_ver "$MODE"` -ge 3 ]
573 then
574 P_CIPHERS="$P_CIPHERS \
575 TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
576 TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
577 TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
578 TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
579 TLS-ECDHE-PSK-WITH-NULL-SHA384 \
580 TLS-ECDHE-PSK-WITH-NULL-SHA256 \
581 TLS-PSK-WITH-AES-128-CBC-SHA256 \
582 TLS-PSK-WITH-AES-256-CBC-SHA384 \
583 TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
584 TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
585 TLS-PSK-WITH-NULL-SHA256 \
586 TLS-PSK-WITH-NULL-SHA384 \
587 TLS-DHE-PSK-WITH-NULL-SHA256 \
588 TLS-DHE-PSK-WITH-NULL-SHA384 \
589 TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
590 TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
591 TLS-RSA-PSK-WITH-NULL-SHA256 \
592 TLS-RSA-PSK-WITH-NULL-SHA384 \
593 TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
594 TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
595 TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
596 TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
597 TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
598 TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
599 TLS-PSK-WITH-AES-128-GCM-SHA256 \
600 TLS-PSK-WITH-AES-256-GCM-SHA384 \
601 TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
602 TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
603 TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
604 TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
605 TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
606 TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
607 TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
608 TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
609 TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
610 TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
611 "
612 G_CIPHERS="$G_CIPHERS \
613 +ECDHE-PSK:+AES-256-CBC:+SHA384 \
614 +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
615 +ECDHE-PSK:+AES-128-CBC:+SHA256 \
616 +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
617 +PSK:+AES-128-CBC:+SHA256 \
618 +PSK:+AES-256-CBC:+SHA384 \
619 +DHE-PSK:+AES-128-CBC:+SHA256 \
620 +DHE-PSK:+AES-256-CBC:+SHA384 \
621 +RSA-PSK:+AES-256-CBC:+SHA384 \
622 +RSA-PSK:+AES-128-CBC:+SHA256 \
623 +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \
624 +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \
625 +PSK:+CAMELLIA-128-CBC:+SHA256 \
626 +PSK:+CAMELLIA-256-CBC:+SHA384 \
627 +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \
628 +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \
629 +PSK:+AES-128-GCM:+AEAD \
630 +PSK:+AES-256-GCM:+AEAD \
631 +DHE-PSK:+AES-128-GCM:+AEAD \
632 +DHE-PSK:+AES-256-GCM:+AEAD \
633 +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \
634 +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \
635 +PSK:+CAMELLIA-128-GCM:+AEAD \
636 +PSK:+CAMELLIA-256-GCM:+AEAD \
637 +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \
638 +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \
639 +RSA-PSK:+AES-256-GCM:+AEAD \
640 +RSA-PSK:+AES-128-GCM:+AEAD \
641 +ECDHE-PSK:+NULL:+SHA384 \
642 +ECDHE-PSK:+NULL:+SHA256 \
643 +PSK:+NULL:+SHA256 \
644 +PSK:+NULL:+SHA384 \
645 +DHE-PSK:+NULL:+SHA256 \
646 +DHE-PSK:+NULL:+SHA384 \
647 +RSA-PSK:+NULL:+SHA256 \
648 +RSA-PSK:+NULL:+SHA384 \
649 "
650 fi
651 ;;
652 esac
653}
654
655add_mbedtls_ciphersuites()
656{
657 case $TYPE in
658
659 "ECDSA")
660 if [ `minor_ver "$MODE"` -gt 0 ]
661 then
662 P_CIPHERS="$P_CIPHERS \
663 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
664 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
665 "
666 fi
667 if [ `minor_ver "$MODE"` -ge 3 ]
668 then
669 P_CIPHERS="$P_CIPHERS \
670 TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
671 TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
672 TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
673 TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
674 TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
675 TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
676 "
677 fi
678 ;;
679
680 "RSA")
681 if [ "$MODE" = "tls1_2" ];
682 then
683 P_CIPHERS="$P_CIPHERS \
684 TLS-RSA-WITH-AES-128-CCM \
685 TLS-RSA-WITH-AES-256-CCM \
686 TLS-DHE-RSA-WITH-AES-128-CCM \
687 TLS-DHE-RSA-WITH-AES-256-CCM \
688 TLS-RSA-WITH-AES-128-CCM-8 \
689 TLS-RSA-WITH-AES-256-CCM-8 \
690 TLS-DHE-RSA-WITH-AES-128-CCM-8 \
691 TLS-DHE-RSA-WITH-AES-256-CCM-8 \
692 "
693 fi
694 ;;
695
696 "PSK")
697 # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
698 P_CIPHERS="$P_CIPHERS \
699 TLS-PSK-WITH-NULL-SHA \
700 TLS-DHE-PSK-WITH-NULL-SHA \
701 "
702 if [ `minor_ver "$MODE"` -gt 0 ]
703 then
704 P_CIPHERS="$P_CIPHERS \
705 TLS-ECDHE-PSK-WITH-NULL-SHA \
706 TLS-RSA-PSK-WITH-NULL-SHA \
707 "
708 fi
709 if [ "$MODE" = "tls1_2" ];
710 then
711 P_CIPHERS="$P_CIPHERS \
712 TLS-PSK-WITH-AES-128-CCM \
713 TLS-PSK-WITH-AES-256-CCM \
714 TLS-DHE-PSK-WITH-AES-128-CCM \
715 TLS-DHE-PSK-WITH-AES-256-CCM \
716 TLS-PSK-WITH-AES-128-CCM-8 \
717 TLS-PSK-WITH-AES-256-CCM-8 \
718 TLS-DHE-PSK-WITH-AES-128-CCM-8 \
719 TLS-DHE-PSK-WITH-AES-256-CCM-8 \
720 "
721 fi
722 ;;
723 esac
724}
725
726setup_arguments()
727{
728 G_MODE=""
729 case "$MODE" in
730 "ssl3")
731 G_PRIO_MODE="+VERS-SSL3.0"
732 ;;
733 "tls1")
734 G_PRIO_MODE="+VERS-TLS1.0"
735 ;;
736 "tls1_1")
737 G_PRIO_MODE="+VERS-TLS1.1"
738 ;;
739 "tls1_2")
740 G_PRIO_MODE="+VERS-TLS1.2"
741 ;;
742 "dtls1")
743 G_PRIO_MODE="+VERS-DTLS1.0"
744 G_MODE="-u"
745 ;;
746 "dtls1_2")
747 G_PRIO_MODE="+VERS-DTLS1.2"
748 G_MODE="-u"
749 ;;
750 *)
751 echo "error: invalid mode: $MODE" >&2
752 exit 1;
753 esac
754
755 P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
756 O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
757 G_SERVER_ARGS="-p $PORT --http $G_MODE"
758 G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
759
760 # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
761 if is_dtls "$MODE"; then
762 O_SERVER_ARGS="$O_SERVER_ARGS"
763 else
764 O_SERVER_ARGS="$O_SERVER_ARGS -www"
765 fi
766
767 P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
768 O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
769 G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
770 G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
771
772 if [ "X$VERIFY" = "XYES" ];
773 then
774 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
775 O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
776 G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
777
778 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
779 O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
780 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
781 else
782 # don't request a client cert at all
783 P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
784 G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
785
786 P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=none auth_mode=none"
787 O_CLIENT_ARGS="$O_CLIENT_ARGS"
788 G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
789 fi
790
791 case $TYPE in
792 "ECDSA")
793 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
794 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
795 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
796
797 if [ "X$VERIFY" = "XYES" ]; then
798 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
799 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
800 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
801 else
802 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
803 fi
804 ;;
805
806 "RSA")
807 P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
808 O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
809 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
810
811 if [ "X$VERIFY" = "XYES" ]; then
812 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
813 O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
814 G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
815 else
816 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
817 fi
818 ;;
819
820 "PSK")
821 # give RSA-PSK-capable server a RSA cert
822 # (should be a separate type, but harder to close with openssl)
823 P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
824 O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
825 G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
826
827 P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
828 O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
829 G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
830 ;;
831 esac
832}
833
834# is_polar <cmd_line>
835is_polar() {
836 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
837}
838
839# has_mem_err <log_file_name>
840has_mem_err() {
841 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
842 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
843 then
844 return 1 # false: does not have errors
845 else
846 return 0 # true: has errors
847 fi
848}
849
850# start_server <name>
851# also saves name and command
852start_server() {
853 case $1 in
854 [Oo]pen*)
855 SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS"
856 ;;
857 [Gg]nu*)
858 SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
859 ;;
860 mbed*)
861 SERVER_CMD="$P_SRV $P_SERVER_ARGS"
862 if [ "$MEMCHECK" -gt 0 ]; then
863 SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
864 fi
865 ;;
866 *)
867 echo "error: invalid server name: $1" >&2
868 exit 1
869 ;;
870 esac
871 SERVER_NAME=$1
872
873 log "$SERVER_CMD"
874 echo "$SERVER_CMD" > $SRV_OUT
875 # for servers without -www or equivalent
876 while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
877 PROCESS_ID=$!
878
879 sleep 1
880}
881
882# terminate the running server
883stop_server() {
884 kill $PROCESS_ID 2>/dev/null
885 wait $PROCESS_ID 2>/dev/null
886
887 if [ "$MEMCHECK" -gt 0 ]; then
888 if is_polar "$SERVER_CMD" && has_mem_err $SRV_OUT; then
889 echo " ! Server had memory errors"
890 SRVMEM=$(( $SRVMEM + 1 ))
891 return
892 fi
893 fi
894
895 rm -f $SRV_OUT
896}
897
898# kill the running server (used when killed by signal)
899cleanup() {
900 rm -f $SRV_OUT $CLI_OUT
901 kill $PROCESS_ID >/dev/null 2>&1
902 kill $WATCHDOG_PID >/dev/null 2>&1
903 exit 1
904}
905
906# wait for client to terminate and set EXIT
907# must be called right after starting the client
908wait_client_done() {
909 CLI_PID=$!
910
911 ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) &
912 WATCHDOG_PID=$!
913
914 wait $CLI_PID
915 EXIT=$?
916
917 kill $WATCHDOG_PID
918 wait $WATCHDOG_PID
919
920 echo "EXIT: $EXIT" >> $CLI_OUT
921}
922
923# run_client <name> <cipher>
924run_client() {
925 # announce what we're going to do
926 TESTS=$(( $TESTS + 1 ))
927 VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
928 TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
929 TITLE="$TITLE $MODE,$VERIF $2"
930 printf "$TITLE "
931 LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
932 for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
933
934 # should we skip?
935 if [ "X$SKIP_NEXT" = "XYES" ]; then
936 SKIP_NEXT="NO"
937 echo "SKIP"
938 SKIPPED=$(( $SKIPPED + 1 ))
939 return
940 fi
941
942 # run the command and interpret result
943 case $1 in
944 [Oo]pen*)
945 CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2"
946 log "$CLIENT_CMD"
947 echo "$CLIENT_CMD" > $CLI_OUT
948 printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
949 wait_client_done
950
951 if [ $EXIT -eq 0 ]; then
952 RESULT=0
953 else
954 if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
955 RESULT=1
956 else
957 RESULT=2
958 fi
959 fi
960 ;;
961
962 [Gg]nu*)
963 # need to force IPv4 with UDP, but keep localhost for auth
964 if is_dtls "$MODE"; then
965 G_HOST="127.0.0.1"
966 else
967 G_HOST="localhost"
968 fi
969 CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST"
970 log "$CLIENT_CMD"
971 echo "$CLIENT_CMD" > $CLI_OUT
972 printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
973 wait_client_done
974
975 if [ $EXIT -eq 0 ]; then
976 RESULT=0
977 else
978 RESULT=2
979 # interpret early failure, with a handshake_failure alert
980 # before the server hello, as "no ciphersuite in common"
981 if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then
982 if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then :
983 else
984 RESULT=1
985 fi
986 fi >/dev/null
987 fi
988 ;;
989
990 mbed*)
991 CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
992 if [ "$MEMCHECK" -gt 0 ]; then
993 CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
994 fi
995 log "$CLIENT_CMD"
996 echo "$CLIENT_CMD" > $CLI_OUT
997 $CLIENT_CMD >> $CLI_OUT 2>&1 &
998 wait_client_done
999
1000 case $EXIT in
1001 "0") RESULT=0 ;;
1002 "2") RESULT=1 ;;
1003 *) RESULT=2 ;;
1004 esac
1005
1006 if [ "$MEMCHECK" -gt 0 ]; then
1007 if is_polar "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
1008 RESULT=2
1009 fi
1010 fi
1011
1012 ;;
1013
1014 *)
1015 echo "error: invalid client name: $1" >&2
1016 exit 1
1017 ;;
1018 esac
1019
1020 echo "EXIT: $EXIT" >> $CLI_OUT
1021
1022 # report and count result
1023 case $RESULT in
1024 "0")
1025 echo PASS
1026 ;;
1027 "1")
1028 echo SKIP
1029 SKIPPED=$(( $SKIPPED + 1 ))
1030 ;;
1031 "2")
1032 echo FAIL
1033 cp $SRV_OUT c-srv-${TESTS}.log
1034 cp $CLI_OUT c-cli-${TESTS}.log
1035 echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
1036
1037 if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then
1038 echo " ! server output:"
1039 cat c-srv-${TESTS}.log
1040 echo " ! ==================================================="
1041 echo " ! client output:"
1042 cat c-cli-${TESTS}.log
1043 fi
1044
1045 FAILED=$(( $FAILED + 1 ))
1046 ;;
1047 esac
1048
1049 rm -f $CLI_OUT
1050}
1051
1052#
1053# MAIN
1054#
1055
1056if cd $( dirname $0 ); then :; else
1057 echo "cd $( dirname $0 ) failed" >&2
1058 exit 1
1059fi
1060
1061get_options "$@"
1062
1063# sanity checks, avoid an avalanche of errors
1064if [ ! -x "$P_SRV" ]; then
1065 echo "Command '$P_SRV' is not an executable file" >&2
1066 exit 1
1067fi
1068if [ ! -x "$P_CLI" ]; then
1069 echo "Command '$P_CLI' is not an executable file" >&2
1070 exit 1
1071fi
1072
1073if echo "$PEERS" | grep -i openssl > /dev/null; then
1074 if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else
1075 echo "Command '$OPENSSL_CMD' not found" >&2
1076 exit 1
1077 fi
1078fi
1079
1080if echo "$PEERS" | grep -i gnutls > /dev/null; then
1081 for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do
1082 if which "$CMD" >/dev/null 2>&1; then :; else
1083 echo "Command '$CMD' not found" >&2
1084 exit 1
1085 fi
1086 done
1087fi
1088
1089for PEER in $PEERS; do
1090 case "$PEER" in
1091 mbed*|[Oo]pen*|[Gg]nu*)
1092 ;;
1093 *)
1094 echo "Unknown peers: $PEER" >&2
1095 exit 1
1096 esac
1097done
1098
1099# Pick a "unique" port in the range 10000-19999.
1100PORT="0000$$"
1101PORT="1$(echo $PORT | tail -c 5)"
1102
1103# Also pick a unique name for intermediate files
1104SRV_OUT="srv_out.$$"
1105CLI_OUT="cli_out.$$"
1106
1107# client timeout delay: be more patient with valgrind
1108if [ "$MEMCHECK" -gt 0 ]; then
1109 DOG_DELAY=30
1110else
1111 DOG_DELAY=10
1112fi
1113
1114SKIP_NEXT="NO"
1115
1116trap cleanup INT TERM HUP
1117
1118for VERIFY in $VERIFIES; do
1119 for MODE in $MODES; do
1120 for TYPE in $TYPES; do
1121 for PEER in $PEERS; do
1122
1123 setup_arguments
1124
1125 case "$PEER" in
1126
1127 [Oo]pen*)
1128
1129 if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
1130 continue;
1131 fi
1132
1133 reset_ciphersuites
1134 add_common_ciphersuites
1135 add_openssl_ciphersuites
1136 filter_ciphersuites
1137
1138 if [ "X" != "X$P_CIPHERS" ]; then
1139 start_server "OpenSSL"
1140 for i in $P_CIPHERS; do
1141 check_openssl_server_bug $i
1142 run_client mbedTLS $i
1143 done
1144 stop_server
1145 fi
1146
1147 if [ "X" != "X$O_CIPHERS" ]; then
1148 start_server "mbedTLS"
1149 for i in $O_CIPHERS; do
1150 run_client OpenSSL $i
1151 done
1152 stop_server
1153 fi
1154
1155 ;;
1156
1157 [Gg]nu*)
1158
1159 reset_ciphersuites
1160 add_common_ciphersuites
1161 add_gnutls_ciphersuites
1162 filter_ciphersuites
1163
1164 if [ "X" != "X$P_CIPHERS" ]; then
1165 start_server "GnuTLS"
1166 for i in $P_CIPHERS; do
1167 run_client mbedTLS $i
1168 done
1169 stop_server
1170 fi
1171
1172 if [ "X" != "X$G_CIPHERS" ]; then
1173 start_server "mbedTLS"
1174 for i in $G_CIPHERS; do
1175 run_client GnuTLS $i
1176 done
1177 stop_server
1178 fi
1179
1180 ;;
1181
1182 mbed*)
1183
1184 reset_ciphersuites
1185 add_common_ciphersuites
1186 add_openssl_ciphersuites
1187 add_gnutls_ciphersuites
1188 add_mbedtls_ciphersuites
1189 filter_ciphersuites
1190
1191 if [ "X" != "X$P_CIPHERS" ]; then
1192 start_server "mbedTLS"
1193 for i in $P_CIPHERS; do
1194 run_client mbedTLS $i
1195 done
1196 stop_server
1197 fi
1198
1199 ;;
1200
1201 *)
1202 echo "Unknown peer: $PEER" >&2
1203 exit 1
1204 ;;
1205
1206 esac
1207
1208 done
1209 done
1210 done
1211done
1212
1213echo "------------------------------------------------------------------------"
1214
1215if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
1216then
1217 printf "FAILED"
1218else
1219 printf "PASSED"
1220fi
1221
1222if [ "$MEMCHECK" -gt 0 ]; then
1223 MEMREPORT=", $SRVMEM server memory errors"
1224else
1225 MEMREPORT=""
1226fi
1227
1228PASSED=$(( $TESTS - $FAILED ))
1229echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
1230
1231FAILED=$(( $FAILED + $SRVMEM ))
1232exit $FAILED
Note: See TracBrowser for help on using the repository browser.