Factor out the test for all available ciphers and add TLSv1.3 case

author: inoguchi <> 2020-05-15 14:38:40 +0000
committer: inoguchi <> 2020-05-15 14:38:40 +0000
commit: 9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6 (patch)
tree: e9bf7b61717296231f4a06c76f62ac18a664df96 /src
parent: 8d23794cdbf0058b490db9d1ba80902c84ca9312 (diff)
download: openbsd-9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6.tar.gz
openbsd-9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6.tar.bz2
openbsd-9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6.zip
1 files changed, 61 insertions, 46 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index 94a7755f3a..4d70ad5f7e 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: appstest.sh,v 1.35 2020/05/15 13:45:36 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.36 2020/05/15 14:38:40 inoguchi Exp $
 #
 # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
 #
@@ -1336,6 +1336,64 @@ function test_sc_by_protocol_version {
        check_exit_status $?
 }
+function test_sc_all_cipher {
+        sc=$1
+        ver=$2
+        s_ciph=$server_dir/s_ciph_${sc}_${ver}
+        cipher_string=""
+        if [ $s_id = "0" ] ; then
+                if [ $ver = "tls1_3" ] ; then
+                        cipher_string="TLSv1.3"
+                else
+                        if [ $ecdsa_tests = 0 ] ; then
+                                cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
+                        else
+                                cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
+                        fi
+                fi
+        fi
+        $s_bin ciphers -v $cipher_string | awk '{print $1}' > $s_ciph
+        c_ciph=$user1_dir/c_ciph_${sc}_${ver}
+        cipher_string=""
+        if [ $c_id = "0" ] ; then
+                if [ $ver = "tls1_3" ] ; then
+                        cipher_string="TLSv1.3"
+                else
+                        if [ $ecdsa_tests = 0 ] ; then
+                                cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
+                        else
+                                cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
+                        fi
+                fi
+        fi
+        $c_bin ciphers -v $cipher_string | awk '{print $1}' > $c_ciph
+        ciphers=$user1_dir/ciphers_${sc}_${ver}
+        grep -x -f $s_ciph $c_ciph | sort -R > $ciphers
+        cnum=0
+        for c in `cat $ciphers` ; do
+                cnum=`expr $cnum + 1`
+                cnstr=`printf %03d $cnum`
+                s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_${cnstr}_${c}.out
+        
+                start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $ver $c"
+                sleep $test_pause_sec
+                $c_bin s_client -connect $host:$port -CAfile $ca_cert \
+                        -$ver -cipher $c \
+                        -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
+                check_exit_status $?
+        
+                grep "Cipher    : $c" $s_client_out > /dev/null
+                check_exit_status $?
+        
+                grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
+                check_exit_status $?
+        done
+}
 function test_server_client {
        # --- client/server operations (TLS) ---
        section_message "client/server operations (TLS)"
@@ -1403,51 +1461,8 @@ function test_server_client {
        test_sc_by_protocol_version $c_id tls1_3 'Protocol  : TLSv1\.3$'
        
        # all available ciphers with random order
-        
+        test_sc_all_cipher $sc tls1_2
-        s_ciph=$server_dir/s_ciph_${sc}
+        test_sc_all_cipher $sc tls1_3
-        cipher_string=""
-        if [ $s_id = "0" ] ; then
-                if [ $ecdsa_tests = 0 ] ; then
-                        cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
-                else
-                        cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
-                fi
-        fi
-        $s_bin ciphers -v $cipher_string | awk '{print $1}' > $s_ciph
-        c_ciph=$user1_dir/c_ciph_${sc}
-        cipher_string=""
-        if [ $c_id = "0" ] ; then
-                if [ $ecdsa_tests = 0 ] ; then
-                        cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
-                else
-                        cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
-                fi
-        fi
-        $c_bin ciphers -v $cipher_string | awk '{print $1}' > $c_ciph
-        ciphers=$user1_dir/ciphers_${sc}
-        grep -x -f $s_ciph $c_ciph | sort -R > $ciphers
-        cnum=0
-        for c in `cat $ciphers` ; do
-                cnum=`expr $cnum + 1`
-                cnstr=`printf %03d $cnum`
-                s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out
-        
-                start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
-                sleep $test_pause_sec
-                $c_bin s_client -connect $host:$port -CAfile $ca_cert \
-                        -tls1_2 -cipher $c \
-                        -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
-                check_exit_status $?
-        
-                grep "Cipher    : $c" $s_client_out > /dev/null
-                check_exit_status $?
-        
-                grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
-                check_exit_status $?
-        done
        
        # Get session ticket to reuse
author	inoguchi <>	2020-05-15 14:38:40 +0000
committer	inoguchi <>	2020-05-15 14:38:40 +0000
commit	9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6 (patch)
tree	e9bf7b61717296231f4a06c76f62ac18a664df96 /src
parent	8d23794cdbf0058b490db9d1ba80902c84ca9312 (diff)
download	openbsd-9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6.tar.gz openbsd-9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6.tar.bz2 openbsd-9169c247791ee736fa7ce5d8ab53b8a5f6b2b2e6.zip

diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index 94a7755f3a..4d70ad5f7e 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# $OpenBSD: appstest.sh,v 1.35 2020/05/15 13:45:36 inoguchi Exp $	3	# $OpenBSD: appstest.sh,v 1.36 2020/05/15 14:38:40 inoguchi Exp $
4	#	4	#
5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>	5	# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6	#	6	#
@@ -1336,6 +1336,64 @@ function test_sc_by_protocol_version {
1336	check_exit_status $?	1336	check_exit_status $?
1337	}	1337	}
1338		1338
		1339	function test_sc_all_cipher {
		1340	sc=$1
		1341	ver=$2
		1342
		1343	s_ciph=$server_dir/s_ciph_${sc}_${ver}
		1344	cipher_string=""
		1345	if [ $s_id = "0" ] ; then
		1346	if [ $ver = "tls1_3" ] ; then
		1347	cipher_string="TLSv1.3"
		1348	else
		1349	if [ $ecdsa_tests = 0 ] ; then
		1350	cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
		1351	else
		1352	cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
		1353	fi
		1354	fi
		1355	fi
		1356	$s_bin ciphers -v $cipher_string \| awk '{print $1}' > $s_ciph
		1357
		1358	c_ciph=$user1_dir/c_ciph_${sc}_${ver}
		1359	cipher_string=""
		1360	if [ $c_id = "0" ] ; then
		1361	if [ $ver = "tls1_3" ] ; then
		1362	cipher_string="TLSv1.3"
		1363	else
		1364	if [ $ecdsa_tests = 0 ] ; then
		1365	cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
		1366	else
		1367	cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
		1368	fi
		1369	fi
		1370	fi
		1371	$c_bin ciphers -v $cipher_string \| awk '{print $1}' > $c_ciph
		1372
		1373	ciphers=$user1_dir/ciphers_${sc}_${ver}
		1374	grep -x -f $s_ciph $c_ciph \| sort -R > $ciphers
		1375
		1376	cnum=0
		1377	for c in `cat $ciphers` ; do
		1378	cnum=`expr $cnum + 1`
		1379	cnstr=`printf %03d $cnum`
		1380	s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_${cnstr}_${c}.out
		1381
		1382	start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $ver $c"
		1383	sleep $test_pause_sec
		1384	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
		1385	-$ver -cipher $c \
		1386	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
		1387	check_exit_status $?
		1388
		1389	grep "Cipher : $c" $s_client_out > /dev/null
		1390	check_exit_status $?
		1391
		1392	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
		1393	check_exit_status $?
		1394	done
		1395	}
		1396
1339	function test_server_client {	1397	function test_server_client {
1340	# --- client/server operations (TLS) ---	1398	# --- client/server operations (TLS) ---
1341	section_message "client/server operations (TLS)"	1399	section_message "client/server operations (TLS)"
@@ -1403,51 +1461,8 @@ function test_server_client {
1403	test_sc_by_protocol_version $c_id tls1_3 'Protocol : TLSv1\.3$'	1461	test_sc_by_protocol_version $c_id tls1_3 'Protocol : TLSv1\.3$'
1404		1462
1405	# all available ciphers with random order	1463	# all available ciphers with random order
1406		1464	test_sc_all_cipher $sc tls1_2
1407	s_ciph=$server_dir/s_ciph_${sc}	1465	test_sc_all_cipher $sc tls1_3
1408	cipher_string=""
1409	if [ $s_id = "0" ] ; then
1410	if [ $ecdsa_tests = 0 ] ; then
1411	cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
1412	else
1413	cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
1414	fi
1415	fi
1416	$s_bin ciphers -v $cipher_string \| awk '{print $1}' > $s_ciph
1417
1418	c_ciph=$user1_dir/c_ciph_${sc}
1419	cipher_string=""
1420	if [ $c_id = "0" ] ; then
1421	if [ $ecdsa_tests = 0 ] ; then
1422	cipher_string="ALL:!ECDSA:!kGOST:!TLSv1.3"
1423	else
1424	cipher_string="ECDSA+TLSv1.2:!TLSv1.3"
1425	fi
1426	fi
1427	$c_bin ciphers -v $cipher_string \| awk '{print $1}' > $c_ciph
1428
1429	ciphers=$user1_dir/ciphers_${sc}
1430	grep -x -f $s_ciph $c_ciph \| sort -R > $ciphers
1431
1432	cnum=0
1433	for c in `cat $ciphers` ; do
1434	cnum=`expr $cnum + 1`
1435	cnstr=`printf %03d $cnum`
1436	s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out
1437
1438	start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
1439	sleep $test_pause_sec
1440	$c_bin s_client -connect $host:$port -CAfile $ca_cert \
1441	-tls1_2 -cipher $c \
1442	-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1443	check_exit_status $?
1444
1445	grep "Cipher : $c" $s_client_out > /dev/null
1446	check_exit_status $?
1447
1448	grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1449	check_exit_status $?
1450	done
1451		1466
1452	# Get session ticket to reuse	1467	# Get session ticket to reuse
1453		1468