mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 15:35:42 +01:00
Remove references to PolarSSL in compat.sh
Removed references to PolarSSL for mbed TLS for clarity.
This commit is contained in:
parent
cad6e93e19
commit
ac22d1113c
133
tests/compat.sh
133
tests/compat.sh
@ -1,6 +1,14 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Test interop with OpenSSL and GnuTLS (and self-op while at it).
|
# compat.sh
|
||||||
|
#
|
||||||
|
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||||
|
#
|
||||||
|
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
|
||||||
|
#
|
||||||
|
# Purpose
|
||||||
|
#
|
||||||
|
# Test interoperbility with OpenSSL, GnuTLS as well as itself.
|
||||||
#
|
#
|
||||||
# Check each common ciphersuite, with each version, both ways (client/server),
|
# Check each common ciphersuite, with each version, both ways (client/server),
|
||||||
# with and without client authentication.
|
# with and without client authentication.
|
||||||
@ -18,8 +26,8 @@ SKIPPED=0
|
|||||||
SRVMEM=0
|
SRVMEM=0
|
||||||
|
|
||||||
# default commands, can be overriden by the environment
|
# default commands, can be overriden by the environment
|
||||||
: ${P_SRV:=../programs/ssl/ssl_server2}
|
: ${M_SRV:=../programs/ssl/ssl_server2}
|
||||||
: ${P_CLI:=../programs/ssl/ssl_client2}
|
: ${M_CLI:=../programs/ssl/ssl_client2}
|
||||||
: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
|
: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
|
||||||
: ${GNUTLS_CLI:=gnutls-cli}
|
: ${GNUTLS_CLI:=gnutls-cli}
|
||||||
: ${GNUTLS_SERV:=gnutls-serv}
|
: ${GNUTLS_SERV:=gnutls-serv}
|
||||||
@ -188,8 +196,13 @@ filter_ciphersuites()
|
|||||||
{
|
{
|
||||||
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
|
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
|
||||||
then
|
then
|
||||||
P_CIPHERS=$( filter "$P_CIPHERS" )
|
# Ciphersuite for mbed TLS
|
||||||
|
M_CIPHERS=$( filter "$M_CIPHERS" )
|
||||||
|
|
||||||
|
# Ciphersuite for OpenSSL
|
||||||
O_CIPHERS=$( filter "$O_CIPHERS" )
|
O_CIPHERS=$( filter "$O_CIPHERS" )
|
||||||
|
|
||||||
|
# Ciphersuite for GnuTLS
|
||||||
G_CIPHERS=$( filter "$G_CIPHERS" )
|
G_CIPHERS=$( filter "$G_CIPHERS" )
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -198,7 +211,7 @@ filter_ciphersuites()
|
|||||||
O_CIPHERS=""
|
O_CIPHERS=""
|
||||||
case "$PEER" in
|
case "$PEER" in
|
||||||
[Oo]pen*)
|
[Oo]pen*)
|
||||||
P_CIPHERS=""
|
M_CIPHERS=""
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
@ -212,7 +225,7 @@ filter_ciphersuites()
|
|||||||
|
|
||||||
reset_ciphersuites()
|
reset_ciphersuites()
|
||||||
{
|
{
|
||||||
P_CIPHERS=""
|
M_CIPHERS=""
|
||||||
O_CIPHERS=""
|
O_CIPHERS=""
|
||||||
G_CIPHERS=""
|
G_CIPHERS=""
|
||||||
}
|
}
|
||||||
@ -224,7 +237,7 @@ add_common_ciphersuites()
|
|||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
|
||||||
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
|
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
|
||||||
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
@ -248,7 +261,7 @@ add_common_ciphersuites()
|
|||||||
fi
|
fi
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
@ -270,7 +283,7 @@ add_common_ciphersuites()
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
|
||||||
@ -320,7 +333,7 @@ add_common_ciphersuites()
|
|||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
|
||||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
|
||||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
@ -344,7 +357,7 @@ add_common_ciphersuites()
|
|||||||
fi
|
fi
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
TLS-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
TLS-RSA-WITH-AES-256-CBC-SHA256 \
|
||||||
@ -391,7 +404,7 @@ add_common_ciphersuites()
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-PSK-WITH-RC4-128-SHA \
|
TLS-PSK-WITH-RC4-128-SHA \
|
||||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
TLS-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||||
TLS-PSK-WITH-AES-128-CBC-SHA \
|
TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||||
@ -420,7 +433,7 @@ add_openssl_ciphersuites()
|
|||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDH-ECDSA-WITH-NULL-SHA \
|
TLS-ECDH-ECDSA-WITH-NULL-SHA \
|
||||||
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
|
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
|
||||||
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
|
||||||
@ -437,7 +450,7 @@ add_openssl_ciphersuites()
|
|||||||
fi
|
fi
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
|
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
@ -453,7 +466,7 @@ add_openssl_ciphersuites()
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-RSA-WITH-DES-CBC-SHA \
|
TLS-RSA-WITH-DES-CBC-SHA \
|
||||||
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
TLS-DHE-RSA-WITH-DES-CBC-SHA \
|
||||||
"
|
"
|
||||||
@ -475,7 +488,7 @@ add_gnutls_ciphersuites()
|
|||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
@ -493,7 +506,7 @@ add_gnutls_ciphersuites()
|
|||||||
"RSA")
|
"RSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-RSA-WITH-NULL-SHA256 \
|
TLS-RSA-WITH-NULL-SHA256 \
|
||||||
"
|
"
|
||||||
G_CIPHERS="$G_CIPHERS \
|
G_CIPHERS="$G_CIPHERS \
|
||||||
@ -502,7 +515,7 @@ add_gnutls_ciphersuites()
|
|||||||
fi
|
fi
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
@ -534,7 +547,7 @@ add_gnutls_ciphersuites()
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||||
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
|
||||||
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
|
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
|
||||||
@ -548,7 +561,7 @@ add_gnutls_ciphersuites()
|
|||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
|
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
|
||||||
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||||
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
|
||||||
@ -571,7 +584,7 @@ add_gnutls_ciphersuites()
|
|||||||
fi
|
fi
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||||
@ -659,14 +672,14 @@ add_mbedtls_ciphersuites()
|
|||||||
"ECDSA")
|
"ECDSA")
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ]
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
|
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
|
||||||
@ -680,7 +693,7 @@ add_mbedtls_ciphersuites()
|
|||||||
"RSA")
|
"RSA")
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-RSA-WITH-AES-128-CCM \
|
TLS-RSA-WITH-AES-128-CCM \
|
||||||
TLS-RSA-WITH-AES-256-CCM \
|
TLS-RSA-WITH-AES-256-CCM \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CCM \
|
TLS-DHE-RSA-WITH-AES-128-CCM \
|
||||||
@ -695,20 +708,20 @@ add_mbedtls_ciphersuites()
|
|||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
|
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-PSK-WITH-NULL-SHA \
|
TLS-PSK-WITH-NULL-SHA \
|
||||||
TLS-DHE-PSK-WITH-NULL-SHA \
|
TLS-DHE-PSK-WITH-NULL-SHA \
|
||||||
"
|
"
|
||||||
if [ `minor_ver "$MODE"` -gt 0 ]
|
if [ `minor_ver "$MODE"` -gt 0 ]
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-ECDHE-PSK-WITH-NULL-SHA \
|
TLS-ECDHE-PSK-WITH-NULL-SHA \
|
||||||
TLS-RSA-PSK-WITH-NULL-SHA \
|
TLS-RSA-PSK-WITH-NULL-SHA \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
if [ "$MODE" = "tls1_2" ];
|
if [ "$MODE" = "tls1_2" ];
|
||||||
then
|
then
|
||||||
P_CIPHERS="$P_CIPHERS \
|
M_CIPHERS="$M_CIPHERS \
|
||||||
TLS-PSK-WITH-AES-128-CCM \
|
TLS-PSK-WITH-AES-128-CCM \
|
||||||
TLS-PSK-WITH-AES-256-CCM \
|
TLS-PSK-WITH-AES-256-CCM \
|
||||||
TLS-DHE-PSK-WITH-AES-128-CCM \
|
TLS-DHE-PSK-WITH-AES-128-CCM \
|
||||||
@ -752,7 +765,7 @@ setup_arguments()
|
|||||||
exit 1;
|
exit 1;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
|
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
|
||||||
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
|
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
|
||||||
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
||||||
G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||||
@ -764,75 +777,75 @@ setup_arguments()
|
|||||||
O_SERVER_ARGS="$O_SERVER_ARGS -www"
|
O_SERVER_ARGS="$O_SERVER_ARGS -www"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
|
M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
|
||||||
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
|
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
|
||||||
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
|
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
|
||||||
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
|
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
|
||||||
|
|
||||||
if [ "X$VERIFY" = "XYES" ];
|
if [ "X$VERIFY" = "XYES" ];
|
||||||
then
|
then
|
||||||
P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
||||||
O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
|
O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
|
||||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
|
G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
|
||||||
|
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
|
O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
|
||||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
|
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
|
||||||
else
|
else
|
||||||
# don't request a client cert at all
|
# don't request a client cert at all
|
||||||
P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none"
|
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
|
||||||
G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
|
G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
|
||||||
|
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=none auth_mode=none"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_ARGS"
|
O_CLIENT_ARGS="$O_CLIENT_ARGS"
|
||||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
|
G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
"ECDSA")
|
"ECDSA")
|
||||||
P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
|
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
|
||||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
|
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
|
||||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
|
||||||
|
|
||||||
if [ "X$VERIFY" = "XYES" ]; then
|
if [ "X$VERIFY" = "XYES" ]; then
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
|
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
|
||||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
|
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
|
||||||
else
|
else
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"RSA")
|
"RSA")
|
||||||
P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
|
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
|
||||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
|
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
|
||||||
|
|
||||||
if [ "X$VERIFY" = "XYES" ]; then
|
if [ "X$VERIFY" = "XYES" ]; then
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
|
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
|
||||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
|
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
|
||||||
else
|
else
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
# give RSA-PSK-capable server a RSA cert
|
# give RSA-PSK-capable server a RSA cert
|
||||||
# (should be a separate type, but harder to close with openssl)
|
# (should be a separate type, but harder to close with openssl)
|
||||||
P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||||
O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
|
O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
|
||||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
|
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
|
||||||
|
|
||||||
P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
|
M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
|
||||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
||||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
|
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
# is_polar <cmd_line>
|
# is_mbedtls <cmd_line>
|
||||||
is_polar() {
|
is_mbedtls() {
|
||||||
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
|
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -858,7 +871,7 @@ start_server() {
|
|||||||
SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
|
SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
|
||||||
;;
|
;;
|
||||||
mbed*)
|
mbed*)
|
||||||
SERVER_CMD="$P_SRV $P_SERVER_ARGS"
|
SERVER_CMD="$M_SRV $M_SERVER_ARGS"
|
||||||
if [ "$MEMCHECK" -gt 0 ]; then
|
if [ "$MEMCHECK" -gt 0 ]; then
|
||||||
SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
|
SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
|
||||||
fi
|
fi
|
||||||
@ -885,7 +898,7 @@ stop_server() {
|
|||||||
wait $PROCESS_ID 2>/dev/null
|
wait $PROCESS_ID 2>/dev/null
|
||||||
|
|
||||||
if [ "$MEMCHECK" -gt 0 ]; then
|
if [ "$MEMCHECK" -gt 0 ]; then
|
||||||
if is_polar "$SERVER_CMD" && has_mem_err $SRV_OUT; then
|
if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
|
||||||
echo " ! Server had memory errors"
|
echo " ! Server had memory errors"
|
||||||
SRVMEM=$(( $SRVMEM + 1 ))
|
SRVMEM=$(( $SRVMEM + 1 ))
|
||||||
return
|
return
|
||||||
@ -951,6 +964,7 @@ run_client() {
|
|||||||
if [ $EXIT -eq 0 ]; then
|
if [ $EXIT -eq 0 ]; then
|
||||||
RESULT=0
|
RESULT=0
|
||||||
else
|
else
|
||||||
|
# If the cipher isn't supported...
|
||||||
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
|
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
|
||||||
RESULT=1
|
RESULT=1
|
||||||
else
|
else
|
||||||
@ -988,7 +1002,7 @@ run_client() {
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
mbed*)
|
mbed*)
|
||||||
CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2"
|
CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
|
||||||
if [ "$MEMCHECK" -gt 0 ]; then
|
if [ "$MEMCHECK" -gt 0 ]; then
|
||||||
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
|
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
|
||||||
fi
|
fi
|
||||||
@ -998,13 +1012,18 @@ run_client() {
|
|||||||
wait_client_done
|
wait_client_done
|
||||||
|
|
||||||
case $EXIT in
|
case $EXIT in
|
||||||
|
# Success
|
||||||
"0") RESULT=0 ;;
|
"0") RESULT=0 ;;
|
||||||
|
|
||||||
|
# Ciphersuite not supported
|
||||||
"2") RESULT=1 ;;
|
"2") RESULT=1 ;;
|
||||||
|
|
||||||
|
# Error
|
||||||
*) RESULT=2 ;;
|
*) RESULT=2 ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ "$MEMCHECK" -gt 0 ]; then
|
if [ "$MEMCHECK" -gt 0 ]; then
|
||||||
if is_polar "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
|
if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
|
||||||
RESULT=2
|
RESULT=2
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -1061,12 +1080,12 @@ fi
|
|||||||
get_options "$@"
|
get_options "$@"
|
||||||
|
|
||||||
# sanity checks, avoid an avalanche of errors
|
# sanity checks, avoid an avalanche of errors
|
||||||
if [ ! -x "$P_SRV" ]; then
|
if [ ! -x "$M_SRV" ]; then
|
||||||
echo "Command '$P_SRV' is not an executable file" >&2
|
echo "Command '$M_SRV' is not an executable file" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if [ ! -x "$P_CLI" ]; then
|
if [ ! -x "$M_CLI" ]; then
|
||||||
echo "Command '$P_CLI' is not an executable file" >&2
|
echo "Command '$M_CLI' is not an executable file" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -1135,9 +1154,9 @@ for VERIFY in $VERIFIES; do
|
|||||||
add_openssl_ciphersuites
|
add_openssl_ciphersuites
|
||||||
filter_ciphersuites
|
filter_ciphersuites
|
||||||
|
|
||||||
if [ "X" != "X$P_CIPHERS" ]; then
|
if [ "X" != "X$M_CIPHERS" ]; then
|
||||||
start_server "OpenSSL"
|
start_server "OpenSSL"
|
||||||
for i in $P_CIPHERS; do
|
for i in $M_CIPHERS; do
|
||||||
check_openssl_server_bug $i
|
check_openssl_server_bug $i
|
||||||
run_client mbedTLS $i
|
run_client mbedTLS $i
|
||||||
done
|
done
|
||||||
@ -1161,9 +1180,9 @@ for VERIFY in $VERIFIES; do
|
|||||||
add_gnutls_ciphersuites
|
add_gnutls_ciphersuites
|
||||||
filter_ciphersuites
|
filter_ciphersuites
|
||||||
|
|
||||||
if [ "X" != "X$P_CIPHERS" ]; then
|
if [ "X" != "X$M_CIPHERS" ]; then
|
||||||
start_server "GnuTLS"
|
start_server "GnuTLS"
|
||||||
for i in $P_CIPHERS; do
|
for i in $M_CIPHERS; do
|
||||||
run_client mbedTLS $i
|
run_client mbedTLS $i
|
||||||
done
|
done
|
||||||
stop_server
|
stop_server
|
||||||
@ -1188,9 +1207,9 @@ for VERIFY in $VERIFIES; do
|
|||||||
add_mbedtls_ciphersuites
|
add_mbedtls_ciphersuites
|
||||||
filter_ciphersuites
|
filter_ciphersuites
|
||||||
|
|
||||||
if [ "X" != "X$P_CIPHERS" ]; then
|
if [ "X" != "X$M_CIPHERS" ]; then
|
||||||
start_server "mbedTLS"
|
start_server "mbedTLS"
|
||||||
for i in $P_CIPHERS; do
|
for i in $M_CIPHERS; do
|
||||||
run_client mbedTLS $i
|
run_client mbedTLS $i
|
||||||
done
|
done
|
||||||
stop_server
|
stop_server
|
||||||
|
Loading…
Reference in New Issue
Block a user