Remove references to PolarSSL in compat.sh

Removed references to PolarSSL for mbed TLS for clarity.
This commit is contained in:
Simon Butcher 2016-09-04 22:31:09 +01:00 committed by Janos Follath
parent cad6e93e19
commit ac22d1113c

View File

@ -1,6 +1,14 @@
#!/bin/sh #!/bin/sh
# Test interop with OpenSSL and GnuTLS (and self-op while at it). # compat.sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# Test interoperbility with OpenSSL, GnuTLS as well as itself.
# #
# Check each common ciphersuite, with each version, both ways (client/server), # Check each common ciphersuite, with each version, both ways (client/server),
# with and without client authentication. # with and without client authentication.
@ -18,8 +26,8 @@ SKIPPED=0
SRVMEM=0 SRVMEM=0
# default commands, can be overriden by the environment # default commands, can be overriden by the environment
: ${P_SRV:=../programs/ssl/ssl_server2} : ${M_SRV:=../programs/ssl/ssl_server2}
: ${P_CLI:=../programs/ssl/ssl_client2} : ${M_CLI:=../programs/ssl/ssl_client2}
: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
: ${GNUTLS_CLI:=gnutls-cli} : ${GNUTLS_CLI:=gnutls-cli}
: ${GNUTLS_SERV:=gnutls-serv} : ${GNUTLS_SERV:=gnutls-serv}
@ -188,8 +196,13 @@ filter_ciphersuites()
{ {
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
then then
P_CIPHERS=$( filter "$P_CIPHERS" ) # Ciphersuite for mbed TLS
M_CIPHERS=$( filter "$M_CIPHERS" )
# Ciphersuite for OpenSSL
O_CIPHERS=$( filter "$O_CIPHERS" ) O_CIPHERS=$( filter "$O_CIPHERS" )
# Ciphersuite for GnuTLS
G_CIPHERS=$( filter "$G_CIPHERS" ) G_CIPHERS=$( filter "$G_CIPHERS" )
fi fi
@ -198,7 +211,7 @@ filter_ciphersuites()
O_CIPHERS="" O_CIPHERS=""
case "$PEER" in case "$PEER" in
[Oo]pen*) [Oo]pen*)
P_CIPHERS="" M_CIPHERS=""
;; ;;
esac esac
fi fi
@ -212,7 +225,7 @@ filter_ciphersuites()
reset_ciphersuites() reset_ciphersuites()
{ {
P_CIPHERS="" M_CIPHERS=""
O_CIPHERS="" O_CIPHERS=""
G_CIPHERS="" G_CIPHERS=""
} }
@ -224,7 +237,7 @@ add_common_ciphersuites()
"ECDSA") "ECDSA")
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-ECDSA-WITH-NULL-SHA \ TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \ TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \
TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \
@ -248,7 +261,7 @@ add_common_ciphersuites()
fi fi
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -270,7 +283,7 @@ add_common_ciphersuites()
;; ;;
"RSA") "RSA")
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
@ -320,7 +333,7 @@ add_common_ciphersuites()
" "
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \
@ -344,7 +357,7 @@ add_common_ciphersuites()
fi fi
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-RSA-WITH-AES-128-CBC-SHA256 \ TLS-RSA-WITH-AES-128-CBC-SHA256 \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
TLS-RSA-WITH-AES-256-CBC-SHA256 \ TLS-RSA-WITH-AES-256-CBC-SHA256 \
@ -391,7 +404,7 @@ add_common_ciphersuites()
;; ;;
"PSK") "PSK")
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-PSK-WITH-RC4-128-SHA \ TLS-PSK-WITH-RC4-128-SHA \
TLS-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-PSK-WITH-AES-128-CBC-SHA \ TLS-PSK-WITH-AES-128-CBC-SHA \
@ -420,7 +433,7 @@ add_openssl_ciphersuites()
"ECDSA") "ECDSA")
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDH-ECDSA-WITH-NULL-SHA \ TLS-ECDH-ECDSA-WITH-NULL-SHA \
TLS-ECDH-ECDSA-WITH-RC4-128-SHA \ TLS-ECDH-ECDSA-WITH-RC4-128-SHA \
TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \
@ -437,7 +450,7 @@ add_openssl_ciphersuites()
fi fi
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -453,7 +466,7 @@ add_openssl_ciphersuites()
;; ;;
"RSA") "RSA")
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-RSA-WITH-DES-CBC-SHA \ TLS-RSA-WITH-DES-CBC-SHA \
TLS-DHE-RSA-WITH-DES-CBC-SHA \ TLS-DHE-RSA-WITH-DES-CBC-SHA \
" "
@ -475,7 +488,7 @@ add_gnutls_ciphersuites()
"ECDSA") "ECDSA")
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
@ -493,7 +506,7 @@ add_gnutls_ciphersuites()
"RSA") "RSA")
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-RSA-WITH-NULL-SHA256 \ TLS-RSA-WITH-NULL-SHA256 \
" "
G_CIPHERS="$G_CIPHERS \ G_CIPHERS="$G_CIPHERS \
@ -502,7 +515,7 @@ add_gnutls_ciphersuites()
fi fi
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
@ -534,7 +547,7 @@ add_gnutls_ciphersuites()
;; ;;
"PSK") "PSK")
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
@ -548,7 +561,7 @@ add_gnutls_ciphersuites()
" "
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \
@ -571,7 +584,7 @@ add_gnutls_ciphersuites()
fi fi
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
@ -659,14 +672,14 @@ add_mbedtls_ciphersuites()
"ECDSA") "ECDSA")
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
" "
fi fi
if [ `minor_ver "$MODE"` -ge 3 ] if [ `minor_ver "$MODE"` -ge 3 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
@ -680,7 +693,7 @@ add_mbedtls_ciphersuites()
"RSA") "RSA")
if [ "$MODE" = "tls1_2" ]; if [ "$MODE" = "tls1_2" ];
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-RSA-WITH-AES-128-CCM \ TLS-RSA-WITH-AES-128-CCM \
TLS-RSA-WITH-AES-256-CCM \ TLS-RSA-WITH-AES-256-CCM \
TLS-DHE-RSA-WITH-AES-128-CCM \ TLS-DHE-RSA-WITH-AES-128-CCM \
@ -695,20 +708,20 @@ add_mbedtls_ciphersuites()
"PSK") "PSK")
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-PSK-WITH-NULL-SHA \ TLS-PSK-WITH-NULL-SHA \
TLS-DHE-PSK-WITH-NULL-SHA \ TLS-DHE-PSK-WITH-NULL-SHA \
" "
if [ `minor_ver "$MODE"` -gt 0 ] if [ `minor_ver "$MODE"` -gt 0 ]
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-ECDHE-PSK-WITH-NULL-SHA \ TLS-ECDHE-PSK-WITH-NULL-SHA \
TLS-RSA-PSK-WITH-NULL-SHA \ TLS-RSA-PSK-WITH-NULL-SHA \
" "
fi fi
if [ "$MODE" = "tls1_2" ]; if [ "$MODE" = "tls1_2" ];
then then
P_CIPHERS="$P_CIPHERS \ M_CIPHERS="$M_CIPHERS \
TLS-PSK-WITH-AES-128-CCM \ TLS-PSK-WITH-AES-128-CCM \
TLS-PSK-WITH-AES-256-CCM \ TLS-PSK-WITH-AES-256-CCM \
TLS-DHE-PSK-WITH-AES-128-CCM \ TLS-DHE-PSK-WITH-AES-128-CCM \
@ -752,7 +765,7 @@ setup_arguments()
exit 1; exit 1;
esac esac
P_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
@ -764,75 +777,75 @@ setup_arguments()
O_SERVER_ARGS="$O_SERVER_ARGS -www" O_SERVER_ARGS="$O_SERVER_ARGS -www"
fi fi
P_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE"
O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" O_CLIENT_ARGS="-connect localhost:$PORT -$MODE"
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
if [ "X$VERIFY" = "XYES" ]; if [ "X$VERIFY" = "XYES" ];
then then
P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10" O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert" G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert"
P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10" O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt"
else else
# don't request a client cert at all # don't request a client cert at all
P_SERVER_ARGS="$P_SERVER_ARGS ca_file=none auth_mode=none" M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none"
G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert"
P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=none auth_mode=none" M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none"
O_CLIENT_ARGS="$O_CLIENT_ARGS" O_CLIENT_ARGS="$O_CLIENT_ARGS"
G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure"
fi fi
case $TYPE in case $TYPE in
"ECDSA") "ECDSA")
P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key"
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key"
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
if [ "X$VERIFY" = "XYES" ]; then if [ "X$VERIFY" = "XYES" ]; then
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key"
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key"
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key"
else else
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none" M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
fi fi
;; ;;
"RSA") "RSA")
P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
if [ "X$VERIFY" = "XYES" ]; then if [ "X$VERIFY" = "XYES" ]; then
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
else else
P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none" M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
fi fi
;; ;;
"PSK") "PSK")
# give RSA-PSK-capable server a RSA cert # give RSA-PSK-capable server a RSA cert
# (should be a separate type, but harder to close with openssl) # (should be a separate type, but harder to close with openssl)
P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
;; ;;
esac esac
} }
# is_polar <cmd_line> # is_mbedtls <cmd_line>
is_polar() { is_mbedtls() {
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
} }
@ -858,7 +871,7 @@ start_server() {
SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
;; ;;
mbed*) mbed*)
SERVER_CMD="$P_SRV $P_SERVER_ARGS" SERVER_CMD="$M_SRV $M_SERVER_ARGS"
if [ "$MEMCHECK" -gt 0 ]; then if [ "$MEMCHECK" -gt 0 ]; then
SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" SERVER_CMD="valgrind --leak-check=full $SERVER_CMD"
fi fi
@ -885,7 +898,7 @@ stop_server() {
wait $PROCESS_ID 2>/dev/null wait $PROCESS_ID 2>/dev/null
if [ "$MEMCHECK" -gt 0 ]; then if [ "$MEMCHECK" -gt 0 ]; then
if is_polar "$SERVER_CMD" && has_mem_err $SRV_OUT; then if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
echo " ! Server had memory errors" echo " ! Server had memory errors"
SRVMEM=$(( $SRVMEM + 1 )) SRVMEM=$(( $SRVMEM + 1 ))
return return
@ -951,6 +964,7 @@ run_client() {
if [ $EXIT -eq 0 ]; then if [ $EXIT -eq 0 ]; then
RESULT=0 RESULT=0
else else
# If the cipher isn't supported...
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
RESULT=1 RESULT=1
else else
@ -988,7 +1002,7 @@ run_client() {
;; ;;
mbed*) mbed*)
CLIENT_CMD="$P_CLI $P_CLIENT_ARGS force_ciphersuite=$2" CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
if [ "$MEMCHECK" -gt 0 ]; then if [ "$MEMCHECK" -gt 0 ]; then
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
fi fi
@ -998,13 +1012,18 @@ run_client() {
wait_client_done wait_client_done
case $EXIT in case $EXIT in
# Success
"0") RESULT=0 ;; "0") RESULT=0 ;;
# Ciphersuite not supported
"2") RESULT=1 ;; "2") RESULT=1 ;;
# Error
*) RESULT=2 ;; *) RESULT=2 ;;
esac esac
if [ "$MEMCHECK" -gt 0 ]; then if [ "$MEMCHECK" -gt 0 ]; then
if is_polar "$CLIENT_CMD" && has_mem_err $CLI_OUT; then if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then
RESULT=2 RESULT=2
fi fi
fi fi
@ -1061,12 +1080,12 @@ fi
get_options "$@" get_options "$@"
# sanity checks, avoid an avalanche of errors # sanity checks, avoid an avalanche of errors
if [ ! -x "$P_SRV" ]; then if [ ! -x "$M_SRV" ]; then
echo "Command '$P_SRV' is not an executable file" >&2 echo "Command '$M_SRV' is not an executable file" >&2
exit 1 exit 1
fi fi
if [ ! -x "$P_CLI" ]; then if [ ! -x "$M_CLI" ]; then
echo "Command '$P_CLI' is not an executable file" >&2 echo "Command '$M_CLI' is not an executable file" >&2
exit 1 exit 1
fi fi
@ -1135,9 +1154,9 @@ for VERIFY in $VERIFIES; do
add_openssl_ciphersuites add_openssl_ciphersuites
filter_ciphersuites filter_ciphersuites
if [ "X" != "X$P_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "OpenSSL" start_server "OpenSSL"
for i in $P_CIPHERS; do for i in $M_CIPHERS; do
check_openssl_server_bug $i check_openssl_server_bug $i
run_client mbedTLS $i run_client mbedTLS $i
done done
@ -1161,9 +1180,9 @@ for VERIFY in $VERIFIES; do
add_gnutls_ciphersuites add_gnutls_ciphersuites
filter_ciphersuites filter_ciphersuites
if [ "X" != "X$P_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "GnuTLS" start_server "GnuTLS"
for i in $P_CIPHERS; do for i in $M_CIPHERS; do
run_client mbedTLS $i run_client mbedTLS $i
done done
stop_server stop_server
@ -1188,9 +1207,9 @@ for VERIFY in $VERIFIES; do
add_mbedtls_ciphersuites add_mbedtls_ciphersuites
filter_ciphersuites filter_ciphersuites
if [ "X" != "X$P_CIPHERS" ]; then if [ "X" != "X$M_CIPHERS" ]; then
start_server "mbedTLS" start_server "mbedTLS"
for i in $P_CIPHERS; do for i in $M_CIPHERS; do
run_client mbedTLS $i run_client mbedTLS $i
done done
stop_server stop_server