Factor out session reuse test and verification test

author: inoguchi <> 2020-05-15 15:44:16 +0000
committer: inoguchi <> 2020-05-15 15:44:16 +0000
commit: 0db3b24cb3040a840e69e6aa9611d989c9ec9f6b (patch)
tree: a25265c99e009f9cd1e2695ad222172a139c85ae /src
parent: 9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6 (diff)
download: openbsd-0db3b24cb3040a840e69e6aa9611d989c9ec9f6b.tar.gz
openbsd-0db3b24cb3040a840e69e6aa9611d989c9ec9f6b.tar.bz2
openbsd-0db3b24cb3040a840e69e6aa9611d989c9ec9f6b.zip
1 files changed, 74 insertions, 56 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index 4d70ad5f7e..8527401ef0 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: appstest.sh,v 1.36 2020/05/15 14:38:40 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.37 2020/05/15 15:44:16 inoguchi Exp $
 #
 # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
 #
@@ -1394,6 +1394,75 @@ function test_sc_all_cipher {
        done
 }
+function test_sc_session_reuse {
+        sc=$1
+        ver=$2
+        sess_dat=$user1_dir/s_client_${sc}_${ver}_sess.dat
+        # Get session ticket to reuse
+        
+        s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_1.out
+        
+        start_message "s_client ... connect to TLS/SSL test server to get session id $ver"
+        sleep $test_pause_sec
+        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
+                -$ver -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
+                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+        check_exit_status $?
+        
+        grep '^New, TLS.*$' $s_client_out > /dev/null
+        check_exit_status $?
+        
+        grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+        check_exit_status $?
+        
+        # Reuse session ticket
+        
+        s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_2.out
+        
+        start_message "s_client ... connect to TLS/SSL test server reusing session id $ver"
+        sleep $test_pause_sec
+        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
+                -$ver -sess_in $sess_dat \
+                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+        check_exit_status $?
+        
+        grep '^Reused, TLS.*$' $s_client_out > /dev/null
+        check_exit_status $?
+        
+        grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+        check_exit_status $?
+        # sess_id
+        start_message "sess_id"
+        $c_bin sess_id -in $sess_dat -text -out $sess_dat.out
+        check_exit_status $?
+}
+function test_sc_verify {
+        sc=$1
+        ver=$2
+        # invalid verification pattern
+        
+        s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_invalid.out
+        
+        start_message "s_client ... connect to tls/ssl test server but verify error $ver"
+        sleep $test_pause_sec
+        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
+                -$ver -showcerts -crl_check -issuer_checks -policy_check \
+                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+        check_exit_status $?
+        
+        grep 'verify return code: 0 (ok)' $s_client_out > /dev/null
+        if [ $? -eq 0 ] ; then
+                check_exit_status 1
+        else
+                check_exit_status 0
+        fi
+}
 function test_server_client {
        # --- client/server operations (TLS) ---
        section_message "client/server operations (TLS)"
@@ -1421,7 +1490,6 @@ function test_server_client {
        host="localhost"
        port=4433
-        sess_dat=$user1_dir/s_client_${sc}_sess.dat
        s_server_out=$server_dir/s_server_${sc}_tls.out
        if [ $ecdsa_tests = 0 ] ; then
@@ -1464,68 +1532,18 @@ function test_server_client {
        test_sc_all_cipher $sc tls1_2
        test_sc_all_cipher $sc tls1_3
        
-        # Get session ticket to reuse
+        # session resumption
-        
+        test_sc_session_reuse $sc tls1_2
-        s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out
-        
-        start_message "s_client ... connect to TLS/SSL test server to get session id"
-        sleep $test_pause_sec
-        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                -tls1_2 -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
-                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-        check_exit_status $?
-        
-        grep '^New, TLS.*$' $s_client_out > /dev/null
-        check_exit_status $?
-        
-        grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-        check_exit_status $?
-        
-        # Reuse session ticket
-        
-        s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out
-        
-        start_message "s_client ... connect to TLS/SSL test server reusing session id"
-        sleep $test_pause_sec
-        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                -tls1_2 -sess_in $sess_dat \
-                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-        check_exit_status $?
-        
-        grep '^Reused, TLS.*$' $s_client_out > /dev/null
-        check_exit_status $?
-        
-        grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-        check_exit_status $?
        
        # invalid verification pattern
-        
+        test_sc_verify $sc tls1_2
-        s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out
+        test_sc_verify $sc tls1_3
-        
-        start_message "s_client ... connect to TLS/SSL test server but verify error"
-        sleep $test_pause_sec
-        $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                -tls1_2 -showcerts -crl_check -issuer_checks -policy_check \
-                -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-        check_exit_status $?
-        
-        grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-        if [ $? -eq 0 ] ; then
-                check_exit_status 1
-        else
-                check_exit_status 0
-        fi
        
        # s_time
        start_message "s_time ... connect to TLS/SSL test server"
        $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2
        check_exit_status $?
        
-        # sess_id
-        start_message "sess_id"
-        $c_bin sess_id -in $sess_dat -text -out $sess_dat.out
-        check_exit_status $?
-        
        stop_s_server
 }
author	inoguchi <>	2020-05-15 15:44:16 +0000
committer	inoguchi <>	2020-05-15 15:44:16 +0000
commit	0db3b24cb3040a840e69e6aa9611d989c9ec9f6b (patch)
tree	a25265c99e009f9cd1e2695ad222172a139c85ae /src
parent	9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6 (diff)
download	openbsd-0db3b24cb3040a840e69e6aa9611d989c9ec9f6b.tar.gz openbsd-0db3b24cb3040a840e69e6aa9611d989c9ec9f6b.tar.bz2 openbsd-0db3b24cb3040a840e69e6aa9611d989c9ec9f6b.zip

diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index 4d70ad5f7e..8527401ef0 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# $OpenBSD: appstest.sh,v 1.36 2020/05/15 14:38:40 inoguchi Exp $	3	# $OpenBSD: appstest.sh,v 1.37 2020/05/15 15:44:16 inoguchi Exp $
4	#	4	#
5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>	5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6	#	6	#
@@ -1394,6 +1394,75 @@ function test_sc_all_cipher {
1394	done	1394	done
1395	}	1395	}
1396		1396
		1397	function test_sc_session_reuse {
		1398	sc=$1
		1399	ver=$2
		1400	sess_dat=$user1_dir/s_client_${sc}_${ver}_sess.dat
		1401
		1402	# Get session ticket to reuse
		1403
		1404	s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_1.out
		1405
		1406	start_message "s_client ... connect to TLS/SSL test server to get session id $ver"
		1407	sleep $test_pause_sec
		1408	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
		1409	-$ver -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
		1410	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		1411	check_exit_status $?
		1412
		1413	grep '^New, TLS.*$' $s_client_out > /dev/null
		1414	check_exit_status $?
		1415
		1416	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		1417	check_exit_status $?
		1418
		1419	# Reuse session ticket
		1420
		1421	s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_2.out
		1422
		1423	start_message "s_client ... connect to TLS/SSL test server reusing session id $ver"
		1424	sleep $test_pause_sec
		1425	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
		1426	-$ver -sess_in $sess_dat \
		1427	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		1428	check_exit_status $?
		1429
		1430	grep '^Reused, TLS.*$' $s_client_out > /dev/null
		1431	check_exit_status $?
		1432
		1433	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		1434	check_exit_status $?
		1435
		1436	# sess_id
		1437
		1438	start_message "sess_id"
		1439	$c_bin sess_id -in $sess_dat -text -out $sess_dat.out
		1440	check_exit_status $?
		1441	}
		1442
		1443	function test_sc_verify {
		1444	sc=$1
		1445	ver=$2
		1446
		1447	# invalid verification pattern
		1448
		1449	s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_invalid.out
		1450
		1451	start_message "s_client ... connect to tls/ssl test server but verify error $ver"
		1452	sleep $test_pause_sec
		1453	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
		1454	-$ver -showcerts -crl_check -issuer_checks -policy_check \
		1455	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		1456	check_exit_status $?
		1457
		1458	grep 'verify return code: 0 (ok)' $s_client_out > /dev/null
		1459	if [ $? -eq 0 ] ; then
		1460	check_exit_status 1
		1461	else
		1462	check_exit_status 0
		1463	fi
		1464	}
		1465
1397	function test_server_client {	1466	function test_server_client {
1398	# --- client/server operations (TLS) ---	1467	# --- client/server operations (TLS) ---
1399	section_message "client/server operations (TLS)"	1468	section_message "client/server operations (TLS)"
@@ -1421,7 +1490,6 @@ function test_server_client {
1421		1490
1422	host="localhost"	1491	host="localhost"
1423	port=4433	1492	port=4433
1424	sess_dat=$user1_dir/s_client_${sc}_sess.dat
1425	s_server_out=$server_dir/s_server_${sc}_tls.out	1493	s_server_out=$server_dir/s_server_${sc}_tls.out
1426		1494
1427	if [ $ecdsa_tests = 0 ] ; then	1495	if [ $ecdsa_tests = 0 ] ; then
@@ -1464,68 +1532,18 @@ function test_server_client {
1464	test_sc_all_cipher $sc tls1_2	1532	test_sc_all_cipher $sc tls1_2
1465	test_sc_all_cipher $sc tls1_3	1533	test_sc_all_cipher $sc tls1_3
1466		1534
1467	# Get session ticket to reuse	1535	# session resumption
1468		1536	test_sc_session_reuse $sc tls1_2
1469	s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out
1470
1471	start_message "s_client ... connect to TLS/SSL test server to get session id"
1472	sleep $test_pause_sec
1473	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1474	-tls1_2 -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
1475	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1476	check_exit_status $?
1477
1478	grep '^New, TLS.*$' $s_client_out > /dev/null
1479	check_exit_status $?
1480
1481	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1482	check_exit_status $?
1483
1484	# Reuse session ticket
1485
1486	s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out
1487
1488	start_message "s_client ... connect to TLS/SSL test server reusing session id"
1489	sleep $test_pause_sec
1490	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1491	-tls1_2 -sess_in $sess_dat \
1492	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1493	check_exit_status $?
1494
1495	grep '^Reused, TLS.*$' $s_client_out > /dev/null
1496	check_exit_status $?
1497
1498	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1499	check_exit_status $?
1500		1537
1501	# invalid verification pattern	1538	# invalid verification pattern
1502		1539	test_sc_verify $sc tls1_2
1503	s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out	1540	test_sc_verify $sc tls1_3
1504
1505	start_message "s_client ... connect to TLS/SSL test server but verify error"
1506	sleep $test_pause_sec
1507	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1508	-tls1_2 -showcerts -crl_check -issuer_checks -policy_check \
1509	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1510	check_exit_status $?
1511
1512	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1513	if [ $? -eq 0 ] ; then
1514	check_exit_status 1
1515	else
1516	check_exit_status 0
1517	fi
1518		1541
1519	# s_time	1542	# s_time
1520	start_message "s_time ... connect to TLS/SSL test server"	1543	start_message "s_time ... connect to TLS/SSL test server"
1521	$c_bin s_time -connect $host:$port -CApath $ca_dir -time 2	1544	$c_bin s_time -connect $host:$port -CApath $ca_dir -time 2
1522	check_exit_status $?	1545	check_exit_status $?
1523		1546
1524	# sess_id
1525	start_message "sess_id"
1526	$c_bin sess_id -in $sess_dat -text -out $sess_dat.out
1527	check_exit_status $?
1528
1529	stop_s_server	1547	stop_s_server
1530	}	1548	}
1531		1549