Add GnuTLS interoperability test in appstest.sh

author: inoguchi <> 2021-06-21 13:29:05 +0000
committer: inoguchi <> 2021-06-21 13:29:05 +0000
commit: 6a02fee4a2d95cb497bd80d5c4e193cf75422cb1 (patch)
tree: 7c6d87e9c33162447d6c15609fc0a4f61e224c45 /src
parent: f3231da7e89a3a1b6fbe00fb2afa52f76f4c9745 (diff)
download: openbsd-6a02fee4a2d95cb497bd80d5c4e193cf75422cb1.tar.gz
openbsd-6a02fee4a2d95cb497bd80d5c4e193cf75422cb1.tar.bz2
openbsd-6a02fee4a2d95cb497bd80d5c4e193cf75422cb1.zip
1 files changed, 109 insertions, 1 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index f7ad3686cb..457e671ece 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: appstest.sh,v 1.50 2021/05/12 10:39:13 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.51 2021/06/21 13:29:05 inoguchi Exp $
 #
 # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
 #
@@ -46,6 +46,16 @@ function stop_s_server {
        fi
 }
+function stop_gnutls_serv {
+        if [ ! -z "$gnutls_serv_pid" ] ; then
+                echo ":-| stop gnutls-serv [ $gnutls_serv_pid ]"
+                sleep 1
+                kill -TERM $gnutls_serv_pid
+                wait $gnutls_serv_pid
+                gnutls_serv_pid=
+        fi
+}
 function check_exit_status {
        status=$1
        if [ $status -ne 0 ] ; then
@@ -708,6 +718,10 @@ __EOF__
        $openssl_bin genrsa -aes256 -passout pass:$sv_rsa_pass -out $sv_rsa_key
        check_exit_status $?
+        $openssl_bin rsa -in $sv_rsa_key -passin pass:$sv_rsa_pass \
+                -out $sv_rsa_key.nopass
+        check_exit_status $?
        start_message "req ... generate server csr#1"
        $openssl_bin req -new -subj $subj -sha256 \
@@ -1847,6 +1861,92 @@ function test_server_client_dtls {
        stop_s_server
 }
+function test_gnutls {
+        # --- GnuTLS interoperability ---
+        section_message "GnuTLS $1 interoperability"
+        proto="$1"
+        if [ $proto = "tls" ] ; then
+                sopt="-www"
+                lopt=
+                gopt=
+        else
+                sopt="-quiet"
+                lopt="-dtls"
+                gopt="-u"
+        fi
+        gs_bin=/usr/local/bin/gnutls-serv
+        gc_bin=/usr/local/bin/gnutls-cli
+        host="localhost"
+        port=4433
+        if [ $ecdsa_tests = 1 ] ; then
+                echo "Using ECDSA certificate"
+                crt=$sv_ecdsa_cert
+                key=$sv_ecdsa_key
+                sni=ecdsa.test-dummy.com
+        elif [ $gost_tests = 1 ] ; then
+                echo "Using GOST certificate"
+                crt=$sv_gost_cert
+                key=$sv_gost_key
+                sni=gost.test-dummy.com
+        else
+                echo "Using RSA certificate"
+                crt=$sv_rsa_cert
+                key=$sv_rsa_key.nopass
+                sni=localhost.test-dummy.com
+        fi
+        # LibreSSL - GnuTLS
+        start_message "s_server ... start $proto test server"
+        s_server_out=$server_dir/s_server_LG_$proto.out
+        $openssl_bin s_server -accept $port -CAfile $ca_cert \
+                -cert $crt -key $key -cert2 $crt -key2 $key \
+                -servername $sni -msg -tlsextdebug -status $sopt $lopt \
+                > $s_server_out 2>&1 &
+        check_exit_status $?
+        s_server_pid=$!
+        echo "s_server pid = [ $s_server_pid ]"
+        sleep 1
+        gnutls_cli_out=$user1_dir/gnutls-cli_LG_$proto.out
+        $gc_bin --x509cafile=$ca_cert --sni-hostname=$sni \
+                --verify-hostname=$sni $gopt -p $port $host < /dev/null \
+                > $gnutls_cli_out 2>&1
+        check_exit_status $?
+        grep 'Handshake was completed' $gnutls_cli_out > /dev/null
+        check_exit_status $?
+        stop_s_server
+        # GnuTLS - LibreSSL
+        start_message "gnutls-serv ... start $proto test server"
+        gnutls_serv_out=$server_dir/gnutls-serv_GL_$proto.out
+        $gs_bin --x509cafile=$ca_cert --x509certfile=$crt --x509keyfile=$key \
+               $gopt -p $port > $gnutls_serv_out 2>&1 &
+        check_exit_status $?
+        gnutls_serv_pid=$!
+        echo "gnutls-serv pid = [ $gnutls_serv_pid ]"
+        sleep 1
+        s_client_out=$user1_dir/s_client_GL_$proto.out
+        $openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
+                -msg -tlsextdebug -status $lopt < /dev/null > $s_client_out 2>&1
+        check_exit_status $?
+        grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+        check_exit_status $?
+        stop_gnutls_serv
+}
 function test_speed {
        # === PERFORMANCE ===
        section_message "PERFORMANCE"
@@ -1877,6 +1977,7 @@ other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl11}
 ecdsa_tests=0
 gost_tests=0
 interop_tests=0
+gnutls_tests=0
 no_long_tests=0
 while [ "$1" != "" ]; do
@@ -1892,6 +1993,9 @@ while [ "$1" != "" ]; do
                -i | --interop)         shift
                                        interop_tests=1
                                        ;;
+                -n | --gnutls)          shift
+                                        gnutls_tests=1
+                                        ;;
                -q | --quick )          shift
                                        no_long_tests=1
                                        ;;
@@ -1964,6 +2068,10 @@ if [ $interop_tests = 1 ] ; then
        test_server_client_dtls 0 1
        test_server_client_dtls 1 0
 fi
+if [ $gnutls_tests = 1 ] ; then
+        test_gnutls tls
+        test_gnutls dtls
+fi
 test_speed
 test_version
author	inoguchi <>	2021-06-21 13:29:05 +0000
committer	inoguchi <>	2021-06-21 13:29:05 +0000
commit	6a02fee4a2d95cb497bd80d5c4e193cf75422cb1 (patch)
tree	7c6d87e9c33162447d6c15609fc0a4f61e224c45 /src
parent	f3231da7e89a3a1b6fbe00fb2afa52f76f4c9745 (diff)
download	openbsd-6a02fee4a2d95cb497bd80d5c4e193cf75422cb1.tar.gz openbsd-6a02fee4a2d95cb497bd80d5c4e193cf75422cb1.tar.bz2 openbsd-6a02fee4a2d95cb497bd80d5c4e193cf75422cb1.zip

diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index f7ad3686cb..457e671ece 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# $OpenBSD: appstest.sh,v 1.50 2021/05/12 10:39:13 inoguchi Exp $	3	# $OpenBSD: appstest.sh,v 1.51 2021/06/21 13:29:05 inoguchi Exp $
4	#	4	#
5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>	5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6	#	6	#
@@ -46,6 +46,16 @@ function stop_s_server {
46	fi	46	fi
47	}	47	}
48		48
		49	function stop_gnutls_serv {
		50	if [ ! -z "$gnutls_serv_pid" ] ; then
		51	echo ":-\| stop gnutls-serv [ $gnutls_serv_pid ]"
		52	sleep 1
		53	kill -TERM $gnutls_serv_pid
		54	wait $gnutls_serv_pid
		55	gnutls_serv_pid=
		56	fi
		57	}
		58
49	function check_exit_status {	59	function check_exit_status {
50	status=$1	60	status=$1
51	if [ $status -ne 0 ] ; then	61	if [ $status -ne 0 ] ; then
@@ -708,6 +718,10 @@ __EOF__
708	$openssl_bin genrsa -aes256 -passout pass:$sv_rsa_pass -out $sv_rsa_key	718	$openssl_bin genrsa -aes256 -passout pass:$sv_rsa_pass -out $sv_rsa_key
709	check_exit_status $?	719	check_exit_status $?
710		720
		721	$openssl_bin rsa -in $sv_rsa_key -passin pass:$sv_rsa_pass \
		722	-out $sv_rsa_key.nopass
		723	check_exit_status $?
		724
711	start_message "req ... generate server csr#1"	725	start_message "req ... generate server csr#1"
712		726
713	$openssl_bin req -new -subj $subj -sha256 \	727	$openssl_bin req -new -subj $subj -sha256 \
@@ -1847,6 +1861,92 @@ function test_server_client_dtls {
1847		1861
1848	stop_s_server	1862	stop_s_server
1849	}	1863	}
		1864
		1865	function test_gnutls {
		1866	# --- GnuTLS interoperability ---
		1867	section_message "GnuTLS $1 interoperability"
		1868
		1869	proto="$1"
		1870
		1871	if [ $proto = "tls" ] ; then
		1872	sopt="-www"
		1873	lopt=
		1874	gopt=
		1875	else
		1876	sopt="-quiet"
		1877	lopt="-dtls"
		1878	gopt="-u"
		1879	fi
		1880
		1881	gs_bin=/usr/local/bin/gnutls-serv
		1882	gc_bin=/usr/local/bin/gnutls-cli
		1883
		1884	host="localhost"
		1885	port=4433
		1886
		1887	if [ $ecdsa_tests = 1 ] ; then
		1888	echo "Using ECDSA certificate"
		1889	crt=$sv_ecdsa_cert
		1890	key=$sv_ecdsa_key
		1891	sni=ecdsa.test-dummy.com
		1892	elif [ $gost_tests = 1 ] ; then
		1893	echo "Using GOST certificate"
		1894	crt=$sv_gost_cert
		1895	key=$sv_gost_key
		1896	sni=gost.test-dummy.com
		1897	else
		1898	echo "Using RSA certificate"
		1899	crt=$sv_rsa_cert
		1900	key=$sv_rsa_key.nopass
		1901	sni=localhost.test-dummy.com
		1902	fi
		1903
		1904	# LibreSSL - GnuTLS
		1905
		1906	start_message "s_server ... start $proto test server"
		1907	s_server_out=$server_dir/s_server_LG_$proto.out
		1908	$openssl_bin s_server -accept $port -CAfile $ca_cert \
		1909	-cert $crt -key $key -cert2 $crt -key2 $key \
		1910	-servername $sni -msg -tlsextdebug -status $sopt $lopt \
		1911	> $s_server_out 2>&1 &
		1912	check_exit_status $?
		1913	s_server_pid=$!
		1914	echo "s_server pid = [ $s_server_pid ]"
		1915	sleep 1
		1916
		1917	gnutls_cli_out=$user1_dir/gnutls-cli_LG_$proto.out
		1918	$gc_bin --x509cafile=$ca_cert --sni-hostname=$sni \
		1919	--verify-hostname=$sni $gopt -p $port $host < /dev/null \
		1920	> $gnutls_cli_out 2>&1
		1921	check_exit_status $?
		1922
		1923	grep 'Handshake was completed' $gnutls_cli_out > /dev/null
		1924	check_exit_status $?
		1925
		1926	stop_s_server
		1927
		1928	# GnuTLS - LibreSSL
		1929
		1930	start_message "gnutls-serv ... start $proto test server"
		1931	gnutls_serv_out=$server_dir/gnutls-serv_GL_$proto.out
		1932	$gs_bin --x509cafile=$ca_cert --x509certfile=$crt --x509keyfile=$key \
		1933	$gopt -p $port > $gnutls_serv_out 2>&1 &
		1934	check_exit_status $?
		1935	gnutls_serv_pid=$!
		1936	echo "gnutls-serv pid = [ $gnutls_serv_pid ]"
		1937	sleep 1
		1938
		1939	s_client_out=$user1_dir/s_client_GL_$proto.out
		1940	$openssl_bin s_client -connect $host:$port -CAfile $ca_cert \
		1941	-msg -tlsextdebug -status $lopt < /dev/null > $s_client_out 2>&1
		1942	check_exit_status $?
		1943
		1944	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		1945	check_exit_status $?
		1946
		1947	stop_gnutls_serv
		1948	}
		1949
1850	function test_speed {	1950	function test_speed {
1851	# === PERFORMANCE ===	1951	# === PERFORMANCE ===
1852	section_message "PERFORMANCE"	1952	section_message "PERFORMANCE"
@@ -1877,6 +1977,7 @@ other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl11}
1877	ecdsa_tests=0	1977	ecdsa_tests=0
1878	gost_tests=0	1978	gost_tests=0
1879	interop_tests=0	1979	interop_tests=0
		1980	gnutls_tests=0
1880	no_long_tests=0	1981	no_long_tests=0
1881		1982
1882	while [ "$1" != "" ]; do	1983	while [ "$1" != "" ]; do
@@ -1892,6 +1993,9 @@ while [ "$1" != "" ]; do
1892	-i \| --interop) shift	1993	-i \| --interop) shift
1893	interop_tests=1	1994	interop_tests=1
1894	;;	1995	;;
		1996	-n \| --gnutls) shift
		1997	gnutls_tests=1
		1998	;;
1895	-q \| --quick ) shift	1999	-q \| --quick ) shift
1896	no_long_tests=1	2000	no_long_tests=1
1897	;;	2001	;;
@@ -1964,6 +2068,10 @@ if [ $interop_tests = 1 ] ; then
1964	test_server_client_dtls 0 1	2068	test_server_client_dtls 0 1
1965	test_server_client_dtls 1 0	2069	test_server_client_dtls 1 0
1966	fi	2070	fi
		2071	if [ $gnutls_tests = 1 ] ; then
		2072	test_gnutls tls
		2073	test_gnutls dtls
		2074	fi
1967	test_speed	2075	test_speed
1968	test_version	2076	test_version
1969		2077