Arcola
mbed TLS upgraded to 2.6.0
Fork of
mbedtls
by 
Mark Radbourne
tests/compat.sh@2:bbdeda018a3c, 2017-09-29 (annotated)
- Committer:
- Jasper Wallace
- Date:
- Fri Sep 29 19:50:30 2017 +0100
- Revision:
- 2:bbdeda018a3c
- Parent:
- 0:cdf462088d13
Update to mbedtls 2.6.0, many changes.
Changes to mbedtls sources made:
in include/mbedtls/config.h comment out:
#define MBEDTLS_FS_IO
#define MBEDTLS_NET_C
#define MBEDTLS_TIMING_C
uncomment:
#define MBEDTLS_NO_PLATFORM_ENTROPY
remove the following directorys:
programs
yotta
visualc
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| markrad | 0:cdf462088d13 | 1 | #!/bin/sh |
| markrad | 0:cdf462088d13 | 2 | |
| markrad | 0:cdf462088d13 | 3 | # compat.sh |
| markrad | 0:cdf462088d13 | 4 | # |
| markrad | 0:cdf462088d13 | 5 | # This file is part of mbed TLS (https://tls.mbed.org) |
| markrad | 0:cdf462088d13 | 6 | # |
| markrad | 0:cdf462088d13 | 7 | # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved |
| markrad | 0:cdf462088d13 | 8 | # |
| markrad | 0:cdf462088d13 | 9 | # Purpose |
| markrad | 0:cdf462088d13 | 10 | # |
| markrad | 0:cdf462088d13 | 11 | # Test interoperbility with OpenSSL, GnuTLS as well as itself. |
| markrad | 0:cdf462088d13 | 12 | # |
| markrad | 0:cdf462088d13 | 13 | # Check each common ciphersuite, with each version, both ways (client/server), |
| markrad | 0:cdf462088d13 | 14 | # with and without client authentication. |
| markrad | 0:cdf462088d13 | 15 | |
| markrad | 0:cdf462088d13 | 16 | set -u |
| markrad | 0:cdf462088d13 | 17 | |
| markrad | 0:cdf462088d13 | 18 | # initialise counters |
| markrad | 0:cdf462088d13 | 19 | TESTS=0 |
| markrad | 0:cdf462088d13 | 20 | FAILED=0 |
| markrad | 0:cdf462088d13 | 21 | SKIPPED=0 |
| markrad | 0:cdf462088d13 | 22 | SRVMEM=0 |
| markrad | 0:cdf462088d13 | 23 | |
| markrad | 0:cdf462088d13 | 24 | # default commands, can be overriden by the environment |
| markrad | 0:cdf462088d13 | 25 | : ${M_SRV:=../programs/ssl/ssl_server2} |
| markrad | 0:cdf462088d13 | 26 | : ${M_CLI:=../programs/ssl/ssl_client2} |
| markrad | 0:cdf462088d13 | 27 | : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system |
| markrad | 0:cdf462088d13 | 28 | : ${GNUTLS_CLI:=gnutls-cli} |
| markrad | 0:cdf462088d13 | 29 | : ${GNUTLS_SERV:=gnutls-serv} |
| markrad | 0:cdf462088d13 | 30 | |
| markrad | 0:cdf462088d13 | 31 | # do we have a recent enough GnuTLS? |
| markrad | 0:cdf462088d13 | 32 | if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then |
| markrad | 0:cdf462088d13 | 33 | G_VER="$( $GNUTLS_CLI --version | head -n1 )" |
| markrad | 0:cdf462088d13 | 34 | if echo "$G_VER" | grep '@VERSION@' > /dev/null; then # git version |
| markrad | 0:cdf462088d13 | 35 | PEER_GNUTLS=" GnuTLS" |
| markrad | 0:cdf462088d13 | 36 | else |
| markrad | 0:cdf462088d13 | 37 | eval $( echo $G_VER | sed 's/.* \([0-9]*\)\.\([0-9]\)*\.\([0-9]*\)$/MAJOR="\1" MINOR="\2" PATCH="\3"/' ) |
| markrad | 0:cdf462088d13 | 38 | if [ $MAJOR -lt 3 -o \ |
| markrad | 0:cdf462088d13 | 39 | \( $MAJOR -eq 3 -a $MINOR -lt 2 \) -o \ |
| markrad | 0:cdf462088d13 | 40 | \( $MAJOR -eq 3 -a $MINOR -eq 2 -a $PATCH -lt 15 \) ] |
| markrad | 0:cdf462088d13 | 41 | then |
| markrad | 0:cdf462088d13 | 42 | PEER_GNUTLS="" |
| markrad | 0:cdf462088d13 | 43 | else |
| markrad | 0:cdf462088d13 | 44 | PEER_GNUTLS=" GnuTLS" |
| markrad | 0:cdf462088d13 | 45 | fi |
| markrad | 0:cdf462088d13 | 46 | fi |
| markrad | 0:cdf462088d13 | 47 | else |
| markrad | 0:cdf462088d13 | 48 | PEER_GNUTLS="" |
| markrad | 0:cdf462088d13 | 49 | fi |
| markrad | 0:cdf462088d13 | 50 | |
| markrad | 0:cdf462088d13 | 51 | # default values for options |
| markrad | 0:cdf462088d13 | 52 | MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2" |
| markrad | 0:cdf462088d13 | 53 | VERIFIES="NO YES" |
| markrad | 0:cdf462088d13 | 54 | TYPES="ECDSA RSA PSK" |
| markrad | 0:cdf462088d13 | 55 | FILTER="" |
| markrad | 0:cdf462088d13 | 56 | EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) |
| markrad | 0:cdf462088d13 | 57 | VERBOSE="" |
| markrad | 0:cdf462088d13 | 58 | MEMCHECK=0 |
| markrad | 0:cdf462088d13 | 59 | PEERS="OpenSSL$PEER_GNUTLS mbedTLS" |
| markrad | 0:cdf462088d13 | 60 | |
| markrad | 0:cdf462088d13 | 61 | # hidden option: skip DTLS with OpenSSL |
| markrad | 0:cdf462088d13 | 62 | # (travis CI has a version that doesn't work for us) |
| markrad | 0:cdf462088d13 | 63 | : ${OSSL_NO_DTLS:=0} |
| markrad | 0:cdf462088d13 | 64 | |
| markrad | 0:cdf462088d13 | 65 | print_usage() { |
| markrad | 0:cdf462088d13 | 66 | echo "Usage: $0" |
| markrad | 0:cdf462088d13 | 67 | printf " -h|--help\tPrint this help.\n" |
| markrad | 0:cdf462088d13 | 68 | printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n" |
| markrad | 0:cdf462088d13 | 69 | printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n" |
| markrad | 0:cdf462088d13 | 70 | printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n" |
| markrad | 0:cdf462088d13 | 71 | printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n" |
| markrad | 0:cdf462088d13 | 72 | printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n" |
| markrad | 0:cdf462088d13 | 73 | printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n" |
| markrad | 0:cdf462088d13 | 74 | printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" |
| markrad | 0:cdf462088d13 | 75 | printf " -M|--memcheck\tCheck memory leaks and errors.\n" |
| markrad | 0:cdf462088d13 | 76 | printf " -v|--verbose\tSet verbose output.\n" |
| markrad | 0:cdf462088d13 | 77 | } |
| markrad | 0:cdf462088d13 | 78 | |
| markrad | 0:cdf462088d13 | 79 | get_options() { |
| markrad | 0:cdf462088d13 | 80 | while [ $# -gt 0 ]; do |
| markrad | 0:cdf462088d13 | 81 | case "$1" in |
| markrad | 0:cdf462088d13 | 82 | -f|--filter) |
| markrad | 0:cdf462088d13 | 83 | shift; FILTER=$1 |
| markrad | 0:cdf462088d13 | 84 | ;; |
| markrad | 0:cdf462088d13 | 85 | -e|--exclude) |
| markrad | 0:cdf462088d13 | 86 | shift; EXCLUDE=$1 |
| markrad | 0:cdf462088d13 | 87 | ;; |
| markrad | 0:cdf462088d13 | 88 | -m|--modes) |
| markrad | 0:cdf462088d13 | 89 | shift; MODES=$1 |
| markrad | 0:cdf462088d13 | 90 | ;; |
| markrad | 0:cdf462088d13 | 91 | -t|--types) |
| markrad | 0:cdf462088d13 | 92 | shift; TYPES=$1 |
| markrad | 0:cdf462088d13 | 93 | ;; |
| markrad | 0:cdf462088d13 | 94 | -V|--verify) |
| markrad | 0:cdf462088d13 | 95 | shift; VERIFIES=$1 |
| markrad | 0:cdf462088d13 | 96 | ;; |
| markrad | 0:cdf462088d13 | 97 | -p|--peers) |
| markrad | 0:cdf462088d13 | 98 | shift; PEERS=$1 |
| markrad | 0:cdf462088d13 | 99 | ;; |
| markrad | 0:cdf462088d13 | 100 | -v|--verbose) |
| markrad | 0:cdf462088d13 | 101 | VERBOSE=1 |
| markrad | 0:cdf462088d13 | 102 | ;; |
| markrad | 0:cdf462088d13 | 103 | -M|--memcheck) |
| markrad | 0:cdf462088d13 | 104 | MEMCHECK=1 |
| markrad | 0:cdf462088d13 | 105 | ;; |
| markrad | 0:cdf462088d13 | 106 | -h|--help) |
| markrad | 0:cdf462088d13 | 107 | print_usage |
| markrad | 0:cdf462088d13 | 108 | exit 0 |
| markrad | 0:cdf462088d13 | 109 | ;; |
| markrad | 0:cdf462088d13 | 110 | *) |
| markrad | 0:cdf462088d13 | 111 | echo "Unknown argument: '$1'" |
| markrad | 0:cdf462088d13 | 112 | print_usage |
| markrad | 0:cdf462088d13 | 113 | exit 1 |
| markrad | 0:cdf462088d13 | 114 | ;; |
| markrad | 0:cdf462088d13 | 115 | esac |
| markrad | 0:cdf462088d13 | 116 | shift |
| markrad | 0:cdf462088d13 | 117 | done |
| markrad | 0:cdf462088d13 | 118 | |
| markrad | 0:cdf462088d13 | 119 | # sanitize some options (modes checked later) |
| markrad | 0:cdf462088d13 | 120 | VERIFIES="$( echo $VERIFIES | tr [a-z] [A-Z] )" |
| markrad | 0:cdf462088d13 | 121 | TYPES="$( echo $TYPES | tr [a-z] [A-Z] )" |
| markrad | 0:cdf462088d13 | 122 | } |
| markrad | 0:cdf462088d13 | 123 | |
| markrad | 0:cdf462088d13 | 124 | log() { |
| markrad | 0:cdf462088d13 | 125 | if [ "X" != "X$VERBOSE" ]; then |
| markrad | 0:cdf462088d13 | 126 | echo "" |
| markrad | 0:cdf462088d13 | 127 | echo "$@" |
| markrad | 0:cdf462088d13 | 128 | fi |
| markrad | 0:cdf462088d13 | 129 | } |
| markrad | 0:cdf462088d13 | 130 | |
| markrad | 0:cdf462088d13 | 131 | # is_dtls <mode> |
| markrad | 0:cdf462088d13 | 132 | is_dtls() |
| markrad | 0:cdf462088d13 | 133 | { |
| markrad | 0:cdf462088d13 | 134 | test "$1" = "dtls1" -o "$1" = "dtls1_2" |
| markrad | 0:cdf462088d13 | 135 | } |
| markrad | 0:cdf462088d13 | 136 | |
| markrad | 0:cdf462088d13 | 137 | # minor_ver <mode> |
| markrad | 0:cdf462088d13 | 138 | minor_ver() |
| markrad | 0:cdf462088d13 | 139 | { |
| markrad | 0:cdf462088d13 | 140 | case "$1" in |
| markrad | 0:cdf462088d13 | 141 | ssl3) |
| markrad | 0:cdf462088d13 | 142 | echo 0 |
| markrad | 0:cdf462088d13 | 143 | ;; |
| markrad | 0:cdf462088d13 | 144 | tls1) |
| markrad | 0:cdf462088d13 | 145 | echo 1 |
| markrad | 0:cdf462088d13 | 146 | ;; |
| markrad | 0:cdf462088d13 | 147 | tls1_1|dtls1) |
| markrad | 0:cdf462088d13 | 148 | echo 2 |
| markrad | 0:cdf462088d13 | 149 | ;; |
| markrad | 0:cdf462088d13 | 150 | tls1_2|dtls1_2) |
| markrad | 0:cdf462088d13 | 151 | echo 3 |
| markrad | 0:cdf462088d13 | 152 | ;; |
| markrad | 0:cdf462088d13 | 153 | *) |
| markrad | 0:cdf462088d13 | 154 | echo "error: invalid mode: $MODE" >&2 |
| markrad | 0:cdf462088d13 | 155 | # exiting is no good here, typically called in a subshell |
| markrad | 0:cdf462088d13 | 156 | echo -1 |
| markrad | 0:cdf462088d13 | 157 | esac |
| markrad | 0:cdf462088d13 | 158 | } |
| markrad | 0:cdf462088d13 | 159 | |
| markrad | 0:cdf462088d13 | 160 | filter() |
| markrad | 0:cdf462088d13 | 161 | { |
| markrad | 0:cdf462088d13 | 162 | LIST="$1" |
| markrad | 0:cdf462088d13 | 163 | NEW_LIST="" |
| markrad | 0:cdf462088d13 | 164 | |
| markrad | 0:cdf462088d13 | 165 | if is_dtls "$MODE"; then |
| markrad | 0:cdf462088d13 | 166 | EXCLMODE="$EXCLUDE"'\|RC4\|ARCFOUR' |
| markrad | 0:cdf462088d13 | 167 | else |
| markrad | 0:cdf462088d13 | 168 | EXCLMODE="$EXCLUDE" |
| markrad | 0:cdf462088d13 | 169 | fi |
| markrad | 0:cdf462088d13 | 170 | |
| markrad | 0:cdf462088d13 | 171 | for i in $LIST; |
| markrad | 0:cdf462088d13 | 172 | do |
| markrad | 0:cdf462088d13 | 173 | NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" | grep -v "$EXCLMODE" )" |
| markrad | 0:cdf462088d13 | 174 | done |
| markrad | 0:cdf462088d13 | 175 | |
| markrad | 0:cdf462088d13 | 176 | # normalize whitespace |
| markrad | 0:cdf462088d13 | 177 | echo "$NEW_LIST" | sed -e 's/[[:space:]][[:space:]]*/ /g' -e 's/^ //' -e 's/ $//' |
| markrad | 0:cdf462088d13 | 178 | } |
| markrad | 0:cdf462088d13 | 179 | |
| markrad | 0:cdf462088d13 | 180 | # OpenSSL 1.0.1h with -Verify wants a ClientCertificate message even for |
| markrad | 0:cdf462088d13 | 181 | # PSK ciphersuites with DTLS, which is incorrect, so disable them for now |
| markrad | 0:cdf462088d13 | 182 | check_openssl_server_bug() |
| markrad | 0:cdf462088d13 | 183 | { |
| markrad | 0:cdf462088d13 | 184 | if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \ |
| markrad | 0:cdf462088d13 | 185 | echo "$1" | grep "^TLS-PSK" >/dev/null; |
| markrad | 0:cdf462088d13 | 186 | then |
| markrad | 0:cdf462088d13 | 187 | SKIP_NEXT="YES" |
| markrad | 0:cdf462088d13 | 188 | fi |
| markrad | 0:cdf462088d13 | 189 | } |
| markrad | 0:cdf462088d13 | 190 | |
| markrad | 0:cdf462088d13 | 191 | filter_ciphersuites() |
| markrad | 0:cdf462088d13 | 192 | { |
| markrad | 0:cdf462088d13 | 193 | if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; |
| markrad | 0:cdf462088d13 | 194 | then |
| markrad | 0:cdf462088d13 | 195 | # Ciphersuite for mbed TLS |
| markrad | 0:cdf462088d13 | 196 | M_CIPHERS=$( filter "$M_CIPHERS" ) |
| markrad | 0:cdf462088d13 | 197 | |
| markrad | 0:cdf462088d13 | 198 | # Ciphersuite for OpenSSL |
| markrad | 0:cdf462088d13 | 199 | O_CIPHERS=$( filter "$O_CIPHERS" ) |
| markrad | 0:cdf462088d13 | 200 | |
| markrad | 0:cdf462088d13 | 201 | # Ciphersuite for GnuTLS |
| markrad | 0:cdf462088d13 | 202 | G_CIPHERS=$( filter "$G_CIPHERS" ) |
| markrad | 0:cdf462088d13 | 203 | fi |
| markrad | 0:cdf462088d13 | 204 | |
| markrad | 0:cdf462088d13 | 205 | # OpenSSL 1.0.1h doesn't support DTLS 1.2 |
| markrad | 0:cdf462088d13 | 206 | if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then |
| markrad | 0:cdf462088d13 | 207 | O_CIPHERS="" |
| markrad | 0:cdf462088d13 | 208 | case "$PEER" in |
| markrad | 0:cdf462088d13 | 209 | [Oo]pen*) |
| markrad | 0:cdf462088d13 | 210 | M_CIPHERS="" |
| markrad | 0:cdf462088d13 | 211 | ;; |
| markrad | 0:cdf462088d13 | 212 | esac |
| markrad | 0:cdf462088d13 | 213 | fi |
| markrad | 0:cdf462088d13 | 214 | |
| markrad | 0:cdf462088d13 | 215 | # For GnuTLS client -> mbed TLS server, |
| markrad | 0:cdf462088d13 | 216 | # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails |
| markrad | 0:cdf462088d13 | 217 | if [ "X$VERIFY" = "XYES" ] && is_dtls "$MODE"; then |
| markrad | 0:cdf462088d13 | 218 | G_CIPHERS="" |
| markrad | 0:cdf462088d13 | 219 | fi |
| markrad | 0:cdf462088d13 | 220 | } |
| markrad | 0:cdf462088d13 | 221 | |
| markrad | 0:cdf462088d13 | 222 | reset_ciphersuites() |
| markrad | 0:cdf462088d13 | 223 | { |
| markrad | 0:cdf462088d13 | 224 | M_CIPHERS="" |
| markrad | 0:cdf462088d13 | 225 | O_CIPHERS="" |
| markrad | 0:cdf462088d13 | 226 | G_CIPHERS="" |
| markrad | 0:cdf462088d13 | 227 | } |
| markrad | 0:cdf462088d13 | 228 | |
| markrad | 0:cdf462088d13 | 229 | add_common_ciphersuites() |
| markrad | 0:cdf462088d13 | 230 | { |
| markrad | 0:cdf462088d13 | 231 | case $TYPE in |
| markrad | 0:cdf462088d13 | 232 | |
| markrad | 0:cdf462088d13 | 233 | "ECDSA") |
| markrad | 0:cdf462088d13 | 234 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 235 | then |
| markrad | 0:cdf462088d13 | 236 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 237 | TLS-ECDHE-ECDSA-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 238 | TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 239 | TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 240 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 241 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 242 | " |
| markrad | 0:cdf462088d13 | 243 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 244 | +ECDHE-ECDSA:+NULL:+SHA1 \ |
| markrad | 0:cdf462088d13 | 245 | +ECDHE-ECDSA:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 246 | +ECDHE-ECDSA:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 247 | +ECDHE-ECDSA:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 248 | +ECDHE-ECDSA:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 249 | " |
| markrad | 0:cdf462088d13 | 250 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 251 | ECDHE-ECDSA-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 252 | ECDHE-ECDSA-RC4-SHA \ |
| markrad | 0:cdf462088d13 | 253 | ECDHE-ECDSA-DES-CBC3-SHA \ |
| markrad | 0:cdf462088d13 | 254 | ECDHE-ECDSA-AES128-SHA \ |
| markrad | 0:cdf462088d13 | 255 | ECDHE-ECDSA-AES256-SHA \ |
| markrad | 0:cdf462088d13 | 256 | " |
| markrad | 0:cdf462088d13 | 257 | fi |
| markrad | 0:cdf462088d13 | 258 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 259 | then |
| markrad | 0:cdf462088d13 | 260 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 261 | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 262 | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 263 | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 264 | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 265 | " |
| markrad | 0:cdf462088d13 | 266 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 267 | +ECDHE-ECDSA:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 268 | +ECDHE-ECDSA:+AES-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 269 | +ECDHE-ECDSA:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 270 | +ECDHE-ECDSA:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 271 | " |
| markrad | 0:cdf462088d13 | 272 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 273 | ECDHE-ECDSA-AES128-SHA256 \ |
| markrad | 0:cdf462088d13 | 274 | ECDHE-ECDSA-AES256-SHA384 \ |
| markrad | 0:cdf462088d13 | 275 | ECDHE-ECDSA-AES128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 276 | ECDHE-ECDSA-AES256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 277 | " |
| markrad | 0:cdf462088d13 | 278 | fi |
| markrad | 0:cdf462088d13 | 279 | ;; |
| markrad | 0:cdf462088d13 | 280 | |
| markrad | 0:cdf462088d13 | 281 | "RSA") |
| markrad | 0:cdf462088d13 | 282 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 283 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 284 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 285 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 286 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 287 | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 288 | TLS-RSA-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 289 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 290 | TLS-RSA-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 291 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 292 | TLS-RSA-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 293 | TLS-RSA-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 294 | TLS-RSA-WITH-RC4-128-MD5 \ |
| markrad | 0:cdf462088d13 | 295 | TLS-RSA-WITH-NULL-MD5 \ |
| markrad | 0:cdf462088d13 | 296 | TLS-RSA-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 297 | " |
| markrad | 0:cdf462088d13 | 298 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 299 | +DHE-RSA:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 300 | +DHE-RSA:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 301 | +DHE-RSA:+CAMELLIA-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 302 | +DHE-RSA:+CAMELLIA-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 303 | +DHE-RSA:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 304 | +RSA:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 305 | +RSA:+CAMELLIA-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 306 | +RSA:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 307 | +RSA:+CAMELLIA-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 308 | +RSA:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 309 | +RSA:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 310 | +RSA:+ARCFOUR-128:+MD5 \ |
| markrad | 0:cdf462088d13 | 311 | +RSA:+NULL:+MD5 \ |
| markrad | 0:cdf462088d13 | 312 | +RSA:+NULL:+SHA1 \ |
| markrad | 0:cdf462088d13 | 313 | " |
| markrad | 0:cdf462088d13 | 314 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 315 | DHE-RSA-AES128-SHA \ |
| markrad | 0:cdf462088d13 | 316 | DHE-RSA-AES256-SHA \ |
| markrad | 0:cdf462088d13 | 317 | DHE-RSA-CAMELLIA128-SHA \ |
| markrad | 0:cdf462088d13 | 318 | DHE-RSA-CAMELLIA256-SHA \ |
| markrad | 0:cdf462088d13 | 319 | EDH-RSA-DES-CBC3-SHA \ |
| markrad | 0:cdf462088d13 | 320 | AES256-SHA \ |
| markrad | 0:cdf462088d13 | 321 | CAMELLIA256-SHA \ |
| markrad | 0:cdf462088d13 | 322 | AES128-SHA \ |
| markrad | 0:cdf462088d13 | 323 | CAMELLIA128-SHA \ |
| markrad | 0:cdf462088d13 | 324 | DES-CBC3-SHA \ |
| markrad | 0:cdf462088d13 | 325 | RC4-SHA \ |
| markrad | 0:cdf462088d13 | 326 | RC4-MD5 \ |
| markrad | 0:cdf462088d13 | 327 | NULL-MD5 \ |
| markrad | 0:cdf462088d13 | 328 | NULL-SHA \ |
| markrad | 0:cdf462088d13 | 329 | " |
| markrad | 0:cdf462088d13 | 330 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 331 | then |
| markrad | 0:cdf462088d13 | 332 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 333 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 334 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 335 | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 336 | TLS-ECDHE-RSA-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 337 | TLS-ECDHE-RSA-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 338 | " |
| markrad | 0:cdf462088d13 | 339 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 340 | +ECDHE-RSA:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 341 | +ECDHE-RSA:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 342 | +ECDHE-RSA:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 343 | +ECDHE-RSA:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 344 | +ECDHE-RSA:+NULL:+SHA1 \ |
| markrad | 0:cdf462088d13 | 345 | " |
| markrad | 0:cdf462088d13 | 346 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 347 | ECDHE-RSA-AES256-SHA \ |
| markrad | 0:cdf462088d13 | 348 | ECDHE-RSA-AES128-SHA \ |
| markrad | 0:cdf462088d13 | 349 | ECDHE-RSA-DES-CBC3-SHA \ |
| markrad | 0:cdf462088d13 | 350 | ECDHE-RSA-RC4-SHA \ |
| markrad | 0:cdf462088d13 | 351 | ECDHE-RSA-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 352 | " |
| markrad | 0:cdf462088d13 | 353 | fi |
| markrad | 0:cdf462088d13 | 354 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 355 | then |
| markrad | 0:cdf462088d13 | 356 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 357 | TLS-RSA-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 358 | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 359 | TLS-RSA-WITH-AES-256-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 360 | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 361 | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 362 | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 363 | TLS-RSA-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 364 | TLS-RSA-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 365 | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 366 | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 367 | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 368 | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 369 | " |
| markrad | 0:cdf462088d13 | 370 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 371 | +RSA:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 372 | +DHE-RSA:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 373 | +RSA:+AES-256-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 374 | +DHE-RSA:+AES-256-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 375 | +ECDHE-RSA:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 376 | +ECDHE-RSA:+AES-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 377 | +RSA:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 378 | +RSA:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 379 | +DHE-RSA:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 380 | +DHE-RSA:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 381 | +ECDHE-RSA:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 382 | +ECDHE-RSA:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 383 | " |
| markrad | 0:cdf462088d13 | 384 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 385 | NULL-SHA256 \ |
| markrad | 0:cdf462088d13 | 386 | AES128-SHA256 \ |
| markrad | 0:cdf462088d13 | 387 | DHE-RSA-AES128-SHA256 \ |
| markrad | 0:cdf462088d13 | 388 | AES256-SHA256 \ |
| markrad | 0:cdf462088d13 | 389 | DHE-RSA-AES256-SHA256 \ |
| markrad | 0:cdf462088d13 | 390 | ECDHE-RSA-AES128-SHA256 \ |
| markrad | 0:cdf462088d13 | 391 | ECDHE-RSA-AES256-SHA384 \ |
| markrad | 0:cdf462088d13 | 392 | AES128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 393 | DHE-RSA-AES128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 394 | AES256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 395 | DHE-RSA-AES256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 396 | ECDHE-RSA-AES128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 397 | ECDHE-RSA-AES256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 398 | " |
| markrad | 0:cdf462088d13 | 399 | fi |
| markrad | 0:cdf462088d13 | 400 | ;; |
| markrad | 0:cdf462088d13 | 401 | |
| markrad | 0:cdf462088d13 | 402 | "PSK") |
| markrad | 0:cdf462088d13 | 403 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 404 | TLS-PSK-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 405 | TLS-PSK-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 406 | TLS-PSK-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 407 | TLS-PSK-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 408 | " |
| markrad | 0:cdf462088d13 | 409 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 410 | +PSK:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 411 | +PSK:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 412 | +PSK:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 413 | +PSK:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 414 | " |
| markrad | 0:cdf462088d13 | 415 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 416 | PSK-RC4-SHA \ |
| markrad | 0:cdf462088d13 | 417 | PSK-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 418 | PSK-AES128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 419 | PSK-AES256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 420 | " |
| markrad | 0:cdf462088d13 | 421 | ;; |
| markrad | 0:cdf462088d13 | 422 | esac |
| markrad | 0:cdf462088d13 | 423 | } |
| markrad | 0:cdf462088d13 | 424 | |
| markrad | 0:cdf462088d13 | 425 | add_openssl_ciphersuites() |
| markrad | 0:cdf462088d13 | 426 | { |
| markrad | 0:cdf462088d13 | 427 | case $TYPE in |
| markrad | 0:cdf462088d13 | 428 | |
| markrad | 0:cdf462088d13 | 429 | "ECDSA") |
| markrad | 0:cdf462088d13 | 430 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 431 | then |
| markrad | 0:cdf462088d13 | 432 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 433 | TLS-ECDH-ECDSA-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 434 | TLS-ECDH-ECDSA-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 435 | TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 436 | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 437 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 438 | " |
| markrad | 0:cdf462088d13 | 439 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 440 | ECDH-ECDSA-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 441 | ECDH-ECDSA-RC4-SHA \ |
| markrad | 0:cdf462088d13 | 442 | ECDH-ECDSA-DES-CBC3-SHA \ |
| markrad | 0:cdf462088d13 | 443 | ECDH-ECDSA-AES128-SHA \ |
| markrad | 0:cdf462088d13 | 444 | ECDH-ECDSA-AES256-SHA \ |
| markrad | 0:cdf462088d13 | 445 | " |
| markrad | 0:cdf462088d13 | 446 | fi |
| markrad | 0:cdf462088d13 | 447 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 448 | then |
| markrad | 0:cdf462088d13 | 449 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 450 | TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 451 | TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 452 | TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 453 | TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 454 | " |
| markrad | 0:cdf462088d13 | 455 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 456 | ECDH-ECDSA-AES128-SHA256 \ |
| markrad | 0:cdf462088d13 | 457 | ECDH-ECDSA-AES256-SHA384 \ |
| markrad | 0:cdf462088d13 | 458 | ECDH-ECDSA-AES128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 459 | ECDH-ECDSA-AES256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 460 | " |
| markrad | 0:cdf462088d13 | 461 | fi |
| markrad | 0:cdf462088d13 | 462 | ;; |
| markrad | 0:cdf462088d13 | 463 | |
| markrad | 0:cdf462088d13 | 464 | "RSA") |
| markrad | 0:cdf462088d13 | 465 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 466 | TLS-RSA-WITH-DES-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 467 | TLS-DHE-RSA-WITH-DES-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 468 | " |
| markrad | 0:cdf462088d13 | 469 | O_CIPHERS="$O_CIPHERS \ |
| markrad | 0:cdf462088d13 | 470 | DES-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 471 | EDH-RSA-DES-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 472 | " |
| markrad | 0:cdf462088d13 | 473 | ;; |
| markrad | 0:cdf462088d13 | 474 | |
| markrad | 0:cdf462088d13 | 475 | "PSK") |
| markrad | 0:cdf462088d13 | 476 | ;; |
| markrad | 0:cdf462088d13 | 477 | esac |
| markrad | 0:cdf462088d13 | 478 | } |
| markrad | 0:cdf462088d13 | 479 | |
| markrad | 0:cdf462088d13 | 480 | add_gnutls_ciphersuites() |
| markrad | 0:cdf462088d13 | 481 | { |
| markrad | 0:cdf462088d13 | 482 | case $TYPE in |
| markrad | 0:cdf462088d13 | 483 | |
| markrad | 0:cdf462088d13 | 484 | "ECDSA") |
| markrad | 0:cdf462088d13 | 485 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 486 | then |
| markrad | 0:cdf462088d13 | 487 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 488 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 489 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 490 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 491 | TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 492 | " |
| markrad | 0:cdf462088d13 | 493 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 494 | +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 495 | +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 496 | +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 497 | +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 498 | " |
| markrad | 0:cdf462088d13 | 499 | fi |
| markrad | 0:cdf462088d13 | 500 | ;; |
| markrad | 0:cdf462088d13 | 501 | |
| markrad | 0:cdf462088d13 | 502 | "RSA") |
| markrad | 0:cdf462088d13 | 503 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 504 | then |
| markrad | 0:cdf462088d13 | 505 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 506 | TLS-RSA-WITH-NULL-SHA256 \ |
| markrad | 0:cdf462088d13 | 507 | " |
| markrad | 0:cdf462088d13 | 508 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 509 | +RSA:+NULL:+SHA256 \ |
| markrad | 0:cdf462088d13 | 510 | " |
| markrad | 0:cdf462088d13 | 511 | fi |
| markrad | 0:cdf462088d13 | 512 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 513 | then |
| markrad | 0:cdf462088d13 | 514 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 515 | TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 516 | TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 517 | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 518 | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 519 | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 520 | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 521 | TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 522 | TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 523 | TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 524 | TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 525 | TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 526 | TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 527 | " |
| markrad | 0:cdf462088d13 | 528 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 529 | +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 530 | +ECDHE-RSA:+CAMELLIA-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 531 | +RSA:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 532 | +RSA:+CAMELLIA-256-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 533 | +DHE-RSA:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 534 | +DHE-RSA:+CAMELLIA-256-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 535 | +ECDHE-RSA:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 536 | +ECDHE-RSA:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 537 | +DHE-RSA:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 538 | +DHE-RSA:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 539 | +RSA:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 540 | +RSA:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 541 | " |
| markrad | 0:cdf462088d13 | 542 | fi |
| markrad | 0:cdf462088d13 | 543 | ;; |
| markrad | 0:cdf462088d13 | 544 | |
| markrad | 0:cdf462088d13 | 545 | "PSK") |
| markrad | 0:cdf462088d13 | 546 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 547 | TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 548 | TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 549 | TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 550 | TLS-DHE-PSK-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 551 | " |
| markrad | 0:cdf462088d13 | 552 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 553 | +DHE-PSK:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 554 | +DHE-PSK:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 555 | +DHE-PSK:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 556 | +DHE-PSK:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 557 | " |
| markrad | 0:cdf462088d13 | 558 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 559 | then |
| markrad | 0:cdf462088d13 | 560 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 561 | TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 562 | TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 563 | TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 564 | TLS-ECDHE-PSK-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 565 | TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 566 | TLS-RSA-PSK-WITH-AES-256-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 567 | TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ |
| markrad | 0:cdf462088d13 | 568 | TLS-RSA-PSK-WITH-RC4-128-SHA \ |
| markrad | 0:cdf462088d13 | 569 | " |
| markrad | 0:cdf462088d13 | 570 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 571 | +ECDHE-PSK:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 572 | +ECDHE-PSK:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 573 | +ECDHE-PSK:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 574 | +ECDHE-PSK:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 575 | +RSA-PSK:+3DES-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 576 | +RSA-PSK:+AES-256-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 577 | +RSA-PSK:+AES-128-CBC:+SHA1 \ |
| markrad | 0:cdf462088d13 | 578 | +RSA-PSK:+ARCFOUR-128:+SHA1 \ |
| markrad | 0:cdf462088d13 | 579 | " |
| markrad | 0:cdf462088d13 | 580 | fi |
| markrad | 0:cdf462088d13 | 581 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 582 | then |
| markrad | 0:cdf462088d13 | 583 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 584 | TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 585 | TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 586 | TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 587 | TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 588 | TLS-ECDHE-PSK-WITH-NULL-SHA384 \ |
| markrad | 0:cdf462088d13 | 589 | TLS-ECDHE-PSK-WITH-NULL-SHA256 \ |
| markrad | 0:cdf462088d13 | 590 | TLS-PSK-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 591 | TLS-PSK-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 592 | TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 593 | TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 594 | TLS-PSK-WITH-NULL-SHA256 \ |
| markrad | 0:cdf462088d13 | 595 | TLS-PSK-WITH-NULL-SHA384 \ |
| markrad | 0:cdf462088d13 | 596 | TLS-DHE-PSK-WITH-NULL-SHA256 \ |
| markrad | 0:cdf462088d13 | 597 | TLS-DHE-PSK-WITH-NULL-SHA384 \ |
| markrad | 0:cdf462088d13 | 598 | TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 599 | TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 600 | TLS-RSA-PSK-WITH-NULL-SHA256 \ |
| markrad | 0:cdf462088d13 | 601 | TLS-RSA-PSK-WITH-NULL-SHA384 \ |
| markrad | 0:cdf462088d13 | 602 | TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 603 | TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 604 | TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 605 | TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 606 | TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 607 | TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 608 | TLS-PSK-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 609 | TLS-PSK-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 610 | TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 611 | TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 612 | TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 613 | TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 614 | TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 615 | TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 616 | TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 617 | TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 618 | TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 619 | TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 620 | " |
| markrad | 0:cdf462088d13 | 621 | G_CIPHERS="$G_CIPHERS \ |
| markrad | 0:cdf462088d13 | 622 | +ECDHE-PSK:+AES-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 623 | +ECDHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 624 | +ECDHE-PSK:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 625 | +ECDHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 626 | +PSK:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 627 | +PSK:+AES-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 628 | +DHE-PSK:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 629 | +DHE-PSK:+AES-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 630 | +RSA-PSK:+AES-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 631 | +RSA-PSK:+AES-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 632 | +DHE-PSK:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 633 | +DHE-PSK:+CAMELLIA-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 634 | +PSK:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 635 | +PSK:+CAMELLIA-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 636 | +RSA-PSK:+CAMELLIA-256-CBC:+SHA384 \ |
| markrad | 0:cdf462088d13 | 637 | +RSA-PSK:+CAMELLIA-128-CBC:+SHA256 \ |
| markrad | 0:cdf462088d13 | 638 | +PSK:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 639 | +PSK:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 640 | +DHE-PSK:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 641 | +DHE-PSK:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 642 | +RSA-PSK:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 643 | +RSA-PSK:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 644 | +PSK:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 645 | +PSK:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 646 | +DHE-PSK:+CAMELLIA-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 647 | +DHE-PSK:+CAMELLIA-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 648 | +RSA-PSK:+AES-256-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 649 | +RSA-PSK:+AES-128-GCM:+AEAD \ |
| markrad | 0:cdf462088d13 | 650 | +ECDHE-PSK:+NULL:+SHA384 \ |
| markrad | 0:cdf462088d13 | 651 | +ECDHE-PSK:+NULL:+SHA256 \ |
| markrad | 0:cdf462088d13 | 652 | +PSK:+NULL:+SHA256 \ |
| markrad | 0:cdf462088d13 | 653 | +PSK:+NULL:+SHA384 \ |
| markrad | 0:cdf462088d13 | 654 | +DHE-PSK:+NULL:+SHA256 \ |
| markrad | 0:cdf462088d13 | 655 | +DHE-PSK:+NULL:+SHA384 \ |
| markrad | 0:cdf462088d13 | 656 | +RSA-PSK:+NULL:+SHA256 \ |
| markrad | 0:cdf462088d13 | 657 | +RSA-PSK:+NULL:+SHA384 \ |
| markrad | 0:cdf462088d13 | 658 | " |
| markrad | 0:cdf462088d13 | 659 | fi |
| markrad | 0:cdf462088d13 | 660 | ;; |
| markrad | 0:cdf462088d13 | 661 | esac |
| markrad | 0:cdf462088d13 | 662 | } |
| markrad | 0:cdf462088d13 | 663 | |
| markrad | 0:cdf462088d13 | 664 | add_mbedtls_ciphersuites() |
| markrad | 0:cdf462088d13 | 665 | { |
| markrad | 0:cdf462088d13 | 666 | case $TYPE in |
| markrad | 0:cdf462088d13 | 667 | |
| markrad | 0:cdf462088d13 | 668 | "ECDSA") |
| markrad | 0:cdf462088d13 | 669 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 670 | then |
| markrad | 0:cdf462088d13 | 671 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 672 | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ |
| markrad | 0:cdf462088d13 | 673 | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ |
| markrad | 0:cdf462088d13 | 674 | " |
| markrad | 0:cdf462088d13 | 675 | fi |
| markrad | 0:cdf462088d13 | 676 | if [ `minor_ver "$MODE"` -ge 3 ] |
| markrad | 0:cdf462088d13 | 677 | then |
| markrad | 0:cdf462088d13 | 678 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 679 | TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \ |
| markrad | 0:cdf462088d13 | 680 | TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \ |
| markrad | 0:cdf462088d13 | 681 | TLS-ECDHE-ECDSA-WITH-AES-128-CCM \ |
| markrad | 0:cdf462088d13 | 682 | TLS-ECDHE-ECDSA-WITH-AES-256-CCM \ |
| markrad | 0:cdf462088d13 | 683 | TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ |
| markrad | 0:cdf462088d13 | 684 | TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \ |
| markrad | 0:cdf462088d13 | 685 | " |
| markrad | 0:cdf462088d13 | 686 | fi |
| markrad | 0:cdf462088d13 | 687 | ;; |
| markrad | 0:cdf462088d13 | 688 | |
| markrad | 0:cdf462088d13 | 689 | "RSA") |
| markrad | 0:cdf462088d13 | 690 | if [ "$MODE" = "tls1_2" ]; |
| markrad | 0:cdf462088d13 | 691 | then |
| markrad | 0:cdf462088d13 | 692 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 693 | TLS-RSA-WITH-AES-128-CCM \ |
| markrad | 0:cdf462088d13 | 694 | TLS-RSA-WITH-AES-256-CCM \ |
| markrad | 0:cdf462088d13 | 695 | TLS-DHE-RSA-WITH-AES-128-CCM \ |
| markrad | 0:cdf462088d13 | 696 | TLS-DHE-RSA-WITH-AES-256-CCM \ |
| markrad | 0:cdf462088d13 | 697 | TLS-RSA-WITH-AES-128-CCM-8 \ |
| markrad | 0:cdf462088d13 | 698 | TLS-RSA-WITH-AES-256-CCM-8 \ |
| markrad | 0:cdf462088d13 | 699 | TLS-DHE-RSA-WITH-AES-128-CCM-8 \ |
| markrad | 0:cdf462088d13 | 700 | TLS-DHE-RSA-WITH-AES-256-CCM-8 \ |
| markrad | 0:cdf462088d13 | 701 | " |
| markrad | 0:cdf462088d13 | 702 | fi |
| markrad | 0:cdf462088d13 | 703 | ;; |
| markrad | 0:cdf462088d13 | 704 | |
| markrad | 0:cdf462088d13 | 705 | "PSK") |
| markrad | 0:cdf462088d13 | 706 | # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15 |
| markrad | 0:cdf462088d13 | 707 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 708 | TLS-PSK-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 709 | TLS-DHE-PSK-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 710 | " |
| markrad | 0:cdf462088d13 | 711 | if [ `minor_ver "$MODE"` -gt 0 ] |
| markrad | 0:cdf462088d13 | 712 | then |
| markrad | 0:cdf462088d13 | 713 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 714 | TLS-ECDHE-PSK-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 715 | TLS-RSA-PSK-WITH-NULL-SHA \ |
| markrad | 0:cdf462088d13 | 716 | " |
| markrad | 0:cdf462088d13 | 717 | fi |
| markrad | 0:cdf462088d13 | 718 | if [ "$MODE" = "tls1_2" ]; |
| markrad | 0:cdf462088d13 | 719 | then |
| markrad | 0:cdf462088d13 | 720 | M_CIPHERS="$M_CIPHERS \ |
| markrad | 0:cdf462088d13 | 721 | TLS-PSK-WITH-AES-128-CCM \ |
| markrad | 0:cdf462088d13 | 722 | TLS-PSK-WITH-AES-256-CCM \ |
| markrad | 0:cdf462088d13 | 723 | TLS-DHE-PSK-WITH-AES-128-CCM \ |
| markrad | 0:cdf462088d13 | 724 | TLS-DHE-PSK-WITH-AES-256-CCM \ |
| markrad | 0:cdf462088d13 | 725 | TLS-PSK-WITH-AES-128-CCM-8 \ |
| markrad | 0:cdf462088d13 | 726 | TLS-PSK-WITH-AES-256-CCM-8 \ |
| markrad | 0:cdf462088d13 | 727 | TLS-DHE-PSK-WITH-AES-128-CCM-8 \ |
| markrad | 0:cdf462088d13 | 728 | TLS-DHE-PSK-WITH-AES-256-CCM-8 \ |
| markrad | 0:cdf462088d13 | 729 | " |
| markrad | 0:cdf462088d13 | 730 | fi |
| markrad | 0:cdf462088d13 | 731 | ;; |
| markrad | 0:cdf462088d13 | 732 | esac |
| markrad | 0:cdf462088d13 | 733 | } |
| markrad | 0:cdf462088d13 | 734 | |
| markrad | 0:cdf462088d13 | 735 | setup_arguments() |
| markrad | 0:cdf462088d13 | 736 | { |
| markrad | 0:cdf462088d13 | 737 | G_MODE="" |
| markrad | 0:cdf462088d13 | 738 | case "$MODE" in |
| markrad | 0:cdf462088d13 | 739 | "ssl3") |
| markrad | 0:cdf462088d13 | 740 | G_PRIO_MODE="+VERS-SSL3.0" |
| markrad | 0:cdf462088d13 | 741 | ;; |
| markrad | 0:cdf462088d13 | 742 | "tls1") |
| markrad | 0:cdf462088d13 | 743 | G_PRIO_MODE="+VERS-TLS1.0" |
| markrad | 0:cdf462088d13 | 744 | ;; |
| markrad | 0:cdf462088d13 | 745 | "tls1_1") |
| markrad | 0:cdf462088d13 | 746 | G_PRIO_MODE="+VERS-TLS1.1" |
| markrad | 0:cdf462088d13 | 747 | ;; |
| markrad | 0:cdf462088d13 | 748 | "tls1_2") |
| markrad | 0:cdf462088d13 | 749 | G_PRIO_MODE="+VERS-TLS1.2" |
| markrad | 0:cdf462088d13 | 750 | ;; |
| markrad | 0:cdf462088d13 | 751 | "dtls1") |
| markrad | 0:cdf462088d13 | 752 | G_PRIO_MODE="+VERS-DTLS1.0" |
| markrad | 0:cdf462088d13 | 753 | G_MODE="-u" |
| markrad | 0:cdf462088d13 | 754 | ;; |
| markrad | 0:cdf462088d13 | 755 | "dtls1_2") |
| markrad | 0:cdf462088d13 | 756 | G_PRIO_MODE="+VERS-DTLS1.2" |
| markrad | 0:cdf462088d13 | 757 | G_MODE="-u" |
| markrad | 0:cdf462088d13 | 758 | ;; |
| markrad | 0:cdf462088d13 | 759 | *) |
| markrad | 0:cdf462088d13 | 760 | echo "error: invalid mode: $MODE" >&2 |
| markrad | 0:cdf462088d13 | 761 | exit 1; |
| markrad | 0:cdf462088d13 | 762 | esac |
| markrad | 0:cdf462088d13 | 763 | |
| markrad | 0:cdf462088d13 | 764 | M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1" |
| markrad | 0:cdf462088d13 | 765 | O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem" |
| markrad | 0:cdf462088d13 | 766 | G_SERVER_ARGS="-p $PORT --http $G_MODE" |
| markrad | 0:cdf462088d13 | 767 | G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" |
| markrad | 0:cdf462088d13 | 768 | |
| markrad | 0:cdf462088d13 | 769 | # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes |
| markrad | 0:cdf462088d13 | 770 | if is_dtls "$MODE"; then |
| markrad | 0:cdf462088d13 | 771 | O_SERVER_ARGS="$O_SERVER_ARGS" |
| markrad | 0:cdf462088d13 | 772 | else |
| markrad | 0:cdf462088d13 | 773 | O_SERVER_ARGS="$O_SERVER_ARGS -www" |
| markrad | 0:cdf462088d13 | 774 | fi |
| markrad | 0:cdf462088d13 | 775 | |
| markrad | 0:cdf462088d13 | 776 | M_CLIENT_ARGS="server_port=$PORT server_addr=127.0.0.1 force_version=$MODE" |
| markrad | 0:cdf462088d13 | 777 | O_CLIENT_ARGS="-connect localhost:$PORT -$MODE" |
| markrad | 0:cdf462088d13 | 778 | G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" |
| markrad | 0:cdf462088d13 | 779 | G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" |
| markrad | 0:cdf462088d13 | 780 | |
| markrad | 0:cdf462088d13 | 781 | if [ "X$VERIFY" = "XYES" ]; |
| markrad | 0:cdf462088d13 | 782 | then |
| markrad | 0:cdf462088d13 | 783 | M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" |
| markrad | 0:cdf462088d13 | 784 | O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10" |
| markrad | 0:cdf462088d13 | 785 | G_SERVER_ARGS="$G_SERVER_ARGS --x509cafile data_files/test-ca_cat12.crt --require-client-cert" |
| markrad | 0:cdf462088d13 | 786 | |
| markrad | 0:cdf462088d13 | 787 | M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" |
| markrad | 0:cdf462088d13 | 788 | O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10" |
| markrad | 0:cdf462088d13 | 789 | G_CLIENT_ARGS="$G_CLIENT_ARGS --x509cafile data_files/test-ca_cat12.crt" |
| markrad | 0:cdf462088d13 | 790 | else |
| markrad | 0:cdf462088d13 | 791 | # don't request a client cert at all |
| markrad | 0:cdf462088d13 | 792 | M_SERVER_ARGS="$M_SERVER_ARGS ca_file=none auth_mode=none" |
| markrad | 0:cdf462088d13 | 793 | G_SERVER_ARGS="$G_SERVER_ARGS --disable-client-cert" |
| markrad | 0:cdf462088d13 | 794 | |
| markrad | 0:cdf462088d13 | 795 | M_CLIENT_ARGS="$M_CLIENT_ARGS ca_file=none auth_mode=none" |
| markrad | 0:cdf462088d13 | 796 | O_CLIENT_ARGS="$O_CLIENT_ARGS" |
| markrad | 0:cdf462088d13 | 797 | G_CLIENT_ARGS="$G_CLIENT_ARGS --insecure" |
| markrad | 0:cdf462088d13 | 798 | fi |
| markrad | 0:cdf462088d13 | 799 | |
| markrad | 0:cdf462088d13 | 800 | case $TYPE in |
| markrad | 0:cdf462088d13 | 801 | "ECDSA") |
| markrad | 0:cdf462088d13 | 802 | M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" |
| markrad | 0:cdf462088d13 | 803 | O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" |
| markrad | 0:cdf462088d13 | 804 | G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" |
| markrad | 0:cdf462088d13 | 805 | |
| markrad | 0:cdf462088d13 | 806 | if [ "X$VERIFY" = "XYES" ]; then |
| markrad | 0:cdf462088d13 | 807 | M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" |
| markrad | 0:cdf462088d13 | 808 | O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" |
| markrad | 0:cdf462088d13 | 809 | G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server6.crt --x509keyfile data_files/server6.key" |
| markrad | 0:cdf462088d13 | 810 | else |
| markrad | 0:cdf462088d13 | 811 | M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" |
| markrad | 0:cdf462088d13 | 812 | fi |
| markrad | 0:cdf462088d13 | 813 | ;; |
| markrad | 0:cdf462088d13 | 814 | |
| markrad | 0:cdf462088d13 | 815 | "RSA") |
| markrad | 0:cdf462088d13 | 816 | M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" |
| markrad | 0:cdf462088d13 | 817 | O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key" |
| markrad | 0:cdf462088d13 | 818 | G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key" |
| markrad | 0:cdf462088d13 | 819 | |
| markrad | 0:cdf462088d13 | 820 | if [ "X$VERIFY" = "XYES" ]; then |
| markrad | 0:cdf462088d13 | 821 | M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" |
| markrad | 0:cdf462088d13 | 822 | O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key" |
| markrad | 0:cdf462088d13 | 823 | G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key" |
| markrad | 0:cdf462088d13 | 824 | else |
| markrad | 0:cdf462088d13 | 825 | M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none" |
| markrad | 0:cdf462088d13 | 826 | fi |
| Jasper Wallace |
2:bbdeda018a3c | 827 | |
| Jasper Wallace |
2:bbdeda018a3c | 828 | # Allow SHA-1. It's disabled by default for security reasons but |
| Jasper Wallace |
2:bbdeda018a3c | 829 | # our tests still use certificates signed with it. |
| Jasper Wallace |
2:bbdeda018a3c | 830 | M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" |
| Jasper Wallace |
2:bbdeda018a3c | 831 | M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" |
| markrad | 0:cdf462088d13 | 832 | ;; |
| markrad | 0:cdf462088d13 | 833 | |
| markrad | 0:cdf462088d13 | 834 | "PSK") |
| markrad | 0:cdf462088d13 | 835 | # give RSA-PSK-capable server a RSA cert |
| markrad | 0:cdf462088d13 | 836 | # (should be a separate type, but harder to close with openssl) |
| markrad | 0:cdf462088d13 | 837 | M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key" |
| markrad | 0:cdf462088d13 | 838 | O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert" |
| markrad | 0:cdf462088d13 | 839 | G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk" |
| markrad | 0:cdf462088d13 | 840 | |
| markrad | 0:cdf462088d13 | 841 | M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" |
| markrad | 0:cdf462088d13 | 842 | O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" |
| markrad | 0:cdf462088d13 | 843 | G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" |
| Jasper Wallace |
2:bbdeda018a3c | 844 | |
| Jasper Wallace |
2:bbdeda018a3c | 845 | # Allow SHA-1. It's disabled by default for security reasons but |
| Jasper Wallace |
2:bbdeda018a3c | 846 | # our tests still use certificates signed with it. |
| Jasper Wallace |
2:bbdeda018a3c | 847 | M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" |
| Jasper Wallace |
2:bbdeda018a3c | 848 | M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" |
| markrad | 0:cdf462088d13 | 849 | ;; |
| markrad | 0:cdf462088d13 | 850 | esac |
| markrad | 0:cdf462088d13 | 851 | } |
| markrad | 0:cdf462088d13 | 852 | |
| markrad | 0:cdf462088d13 | 853 | # is_mbedtls <cmd_line> |
| markrad | 0:cdf462088d13 | 854 | is_mbedtls() { |
| markrad | 0:cdf462088d13 | 855 | echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null |
| markrad | 0:cdf462088d13 | 856 | } |
| markrad | 0:cdf462088d13 | 857 | |
| markrad | 0:cdf462088d13 | 858 | # has_mem_err <log_file_name> |
| markrad | 0:cdf462088d13 | 859 | has_mem_err() { |
| markrad | 0:cdf462088d13 | 860 | if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && |
| markrad | 0:cdf462088d13 | 861 | grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null |
| markrad | 0:cdf462088d13 | 862 | then |
| markrad | 0:cdf462088d13 | 863 | return 1 # false: does not have errors |
| markrad | 0:cdf462088d13 | 864 | else |
| markrad | 0:cdf462088d13 | 865 | return 0 # true: has errors |
| markrad | 0:cdf462088d13 | 866 | fi |
| markrad | 0:cdf462088d13 | 867 | } |
| markrad | 0:cdf462088d13 | 868 | |
| markrad | 0:cdf462088d13 | 869 | # start_server <name> |
| markrad | 0:cdf462088d13 | 870 | # also saves name and command |
| markrad | 0:cdf462088d13 | 871 | start_server() { |
| markrad | 0:cdf462088d13 | 872 | case $1 in |
| markrad | 0:cdf462088d13 | 873 | [Oo]pen*) |
| markrad | 0:cdf462088d13 | 874 | SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS" |
| markrad | 0:cdf462088d13 | 875 | ;; |
| markrad | 0:cdf462088d13 | 876 | [Gg]nu*) |
| markrad | 0:cdf462088d13 | 877 | SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO" |
| markrad | 0:cdf462088d13 | 878 | ;; |
| markrad | 0:cdf462088d13 | 879 | mbed*) |
| markrad | 0:cdf462088d13 | 880 | SERVER_CMD="$M_SRV $M_SERVER_ARGS" |
| markrad | 0:cdf462088d13 | 881 | if [ "$MEMCHECK" -gt 0 ]; then |
| markrad | 0:cdf462088d13 | 882 | SERVER_CMD="valgrind --leak-check=full $SERVER_CMD" |
| markrad | 0:cdf462088d13 | 883 | fi |
| markrad | 0:cdf462088d13 | 884 | ;; |
| markrad | 0:cdf462088d13 | 885 | *) |
| markrad | 0:cdf462088d13 | 886 | echo "error: invalid server name: $1" >&2 |
| markrad | 0:cdf462088d13 | 887 | exit 1 |
| markrad | 0:cdf462088d13 | 888 | ;; |
| markrad | 0:cdf462088d13 | 889 | esac |
| markrad | 0:cdf462088d13 | 890 | SERVER_NAME=$1 |
| markrad | 0:cdf462088d13 | 891 | |
| markrad | 0:cdf462088d13 | 892 | log "$SERVER_CMD" |
| markrad | 0:cdf462088d13 | 893 | echo "$SERVER_CMD" > $SRV_OUT |
| markrad | 0:cdf462088d13 | 894 | # for servers without -www or equivalent |
| markrad | 0:cdf462088d13 | 895 | while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & |
| markrad | 0:cdf462088d13 | 896 | PROCESS_ID=$! |
| markrad | 0:cdf462088d13 | 897 | |
| markrad | 0:cdf462088d13 | 898 | sleep 1 |
| markrad | 0:cdf462088d13 | 899 | } |
| markrad | 0:cdf462088d13 | 900 | |
| markrad | 0:cdf462088d13 | 901 | # terminate the running server |
| markrad | 0:cdf462088d13 | 902 | stop_server() { |
| markrad | 0:cdf462088d13 | 903 | kill $PROCESS_ID 2>/dev/null |
| markrad | 0:cdf462088d13 | 904 | wait $PROCESS_ID 2>/dev/null |
| markrad | 0:cdf462088d13 | 905 | |
| markrad | 0:cdf462088d13 | 906 | if [ "$MEMCHECK" -gt 0 ]; then |
| markrad | 0:cdf462088d13 | 907 | if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then |
| markrad | 0:cdf462088d13 | 908 | echo " ! Server had memory errors" |
| markrad | 0:cdf462088d13 | 909 | SRVMEM=$(( $SRVMEM + 1 )) |
| markrad | 0:cdf462088d13 | 910 | return |
| markrad | 0:cdf462088d13 | 911 | fi |
| markrad | 0:cdf462088d13 | 912 | fi |
| markrad | 0:cdf462088d13 | 913 | |
| markrad | 0:cdf462088d13 | 914 | rm -f $SRV_OUT |
| markrad | 0:cdf462088d13 | 915 | } |
| markrad | 0:cdf462088d13 | 916 | |
| markrad | 0:cdf462088d13 | 917 | # kill the running server (used when killed by signal) |
| markrad | 0:cdf462088d13 | 918 | cleanup() { |
| markrad | 0:cdf462088d13 | 919 | rm -f $SRV_OUT $CLI_OUT |
| markrad | 0:cdf462088d13 | 920 | kill $PROCESS_ID >/dev/null 2>&1 |
| markrad | 0:cdf462088d13 | 921 | kill $WATCHDOG_PID >/dev/null 2>&1 |
| markrad | 0:cdf462088d13 | 922 | exit 1 |
| markrad | 0:cdf462088d13 | 923 | } |
| markrad | 0:cdf462088d13 | 924 | |
| markrad | 0:cdf462088d13 | 925 | # wait for client to terminate and set EXIT |
| markrad | 0:cdf462088d13 | 926 | # must be called right after starting the client |
| markrad | 0:cdf462088d13 | 927 | wait_client_done() { |
| markrad | 0:cdf462088d13 | 928 | CLI_PID=$! |
| markrad | 0:cdf462088d13 | 929 | |
| markrad | 0:cdf462088d13 | 930 | ( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) & |
| markrad | 0:cdf462088d13 | 931 | WATCHDOG_PID=$! |
| markrad | 0:cdf462088d13 | 932 | |
| markrad | 0:cdf462088d13 | 933 | wait $CLI_PID |
| markrad | 0:cdf462088d13 | 934 | EXIT=$? |
| markrad | 0:cdf462088d13 | 935 | |
| markrad | 0:cdf462088d13 | 936 | kill $WATCHDOG_PID |
| markrad | 0:cdf462088d13 | 937 | wait $WATCHDOG_PID |
| markrad | 0:cdf462088d13 | 938 | |
| markrad | 0:cdf462088d13 | 939 | echo "EXIT: $EXIT" >> $CLI_OUT |
| markrad | 0:cdf462088d13 | 940 | } |
| markrad | 0:cdf462088d13 | 941 | |
| markrad | 0:cdf462088d13 | 942 | # run_client <name> <cipher> |
| markrad | 0:cdf462088d13 | 943 | run_client() { |
| markrad | 0:cdf462088d13 | 944 | # announce what we're going to do |
| markrad | 0:cdf462088d13 | 945 | TESTS=$(( $TESTS + 1 )) |
| markrad | 0:cdf462088d13 | 946 | VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') |
| markrad | 0:cdf462088d13 | 947 | TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`" |
| markrad | 0:cdf462088d13 | 948 | TITLE="$TITLE $MODE,$VERIF $2" |
| markrad | 0:cdf462088d13 | 949 | printf "$TITLE " |
| markrad | 0:cdf462088d13 | 950 | LEN=$(( 72 - `echo "$TITLE" | wc -c` )) |
| markrad | 0:cdf462088d13 | 951 | for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' |
| markrad | 0:cdf462088d13 | 952 | |
| markrad | 0:cdf462088d13 | 953 | # should we skip? |
| markrad | 0:cdf462088d13 | 954 | if [ "X$SKIP_NEXT" = "XYES" ]; then |
| markrad | 0:cdf462088d13 | 955 | SKIP_NEXT="NO" |
| markrad | 0:cdf462088d13 | 956 | echo "SKIP" |
| markrad | 0:cdf462088d13 | 957 | SKIPPED=$(( $SKIPPED + 1 )) |
| markrad | 0:cdf462088d13 | 958 | return |
| markrad | 0:cdf462088d13 | 959 | fi |
| markrad | 0:cdf462088d13 | 960 | |
| markrad | 0:cdf462088d13 | 961 | # run the command and interpret result |
| markrad | 0:cdf462088d13 | 962 | case $1 in |
| markrad | 0:cdf462088d13 | 963 | [Oo]pen*) |
| markrad | 0:cdf462088d13 | 964 | CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2" |
| markrad | 0:cdf462088d13 | 965 | log "$CLIENT_CMD" |
| markrad | 0:cdf462088d13 | 966 | echo "$CLIENT_CMD" > $CLI_OUT |
| markrad | 0:cdf462088d13 | 967 | printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & |
| markrad | 0:cdf462088d13 | 968 | wait_client_done |
| markrad | 0:cdf462088d13 | 969 | |
| markrad | 0:cdf462088d13 | 970 | if [ $EXIT -eq 0 ]; then |
| markrad | 0:cdf462088d13 | 971 | RESULT=0 |
| markrad | 0:cdf462088d13 | 972 | else |
| markrad | 0:cdf462088d13 | 973 | # If the cipher isn't supported... |
| markrad | 0:cdf462088d13 | 974 | if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then |
| markrad | 0:cdf462088d13 | 975 | RESULT=1 |
| markrad | 0:cdf462088d13 | 976 | else |
| markrad | 0:cdf462088d13 | 977 | RESULT=2 |
| markrad | 0:cdf462088d13 | 978 | fi |
| markrad | 0:cdf462088d13 | 979 | fi |
| markrad | 0:cdf462088d13 | 980 | ;; |
| markrad | 0:cdf462088d13 | 981 | |
| markrad | 0:cdf462088d13 | 982 | [Gg]nu*) |
| markrad | 0:cdf462088d13 | 983 | # need to force IPv4 with UDP, but keep localhost for auth |
| markrad | 0:cdf462088d13 | 984 | if is_dtls "$MODE"; then |
| markrad | 0:cdf462088d13 | 985 | G_HOST="127.0.0.1" |
| markrad | 0:cdf462088d13 | 986 | else |
| markrad | 0:cdf462088d13 | 987 | G_HOST="localhost" |
| markrad | 0:cdf462088d13 | 988 | fi |
| markrad | 0:cdf462088d13 | 989 | CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST" |
| markrad | 0:cdf462088d13 | 990 | log "$CLIENT_CMD" |
| markrad | 0:cdf462088d13 | 991 | echo "$CLIENT_CMD" > $CLI_OUT |
| markrad | 0:cdf462088d13 | 992 | printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 & |
| markrad | 0:cdf462088d13 | 993 | wait_client_done |
| markrad | 0:cdf462088d13 | 994 | |
| markrad | 0:cdf462088d13 | 995 | if [ $EXIT -eq 0 ]; then |
| markrad | 0:cdf462088d13 | 996 | RESULT=0 |
| markrad | 0:cdf462088d13 | 997 | else |
| markrad | 0:cdf462088d13 | 998 | RESULT=2 |
| markrad | 0:cdf462088d13 | 999 | # interpret early failure, with a handshake_failure alert |
| markrad | 0:cdf462088d13 | 1000 | # before the server hello, as "no ciphersuite in common" |
| markrad | 0:cdf462088d13 | 1001 | if grep -F 'Received alert [40]: Handshake failed' $CLI_OUT; then |
| markrad | 0:cdf462088d13 | 1002 | if grep -i 'SERVER HELLO .* was received' $CLI_OUT; then : |
| markrad | 0:cdf462088d13 | 1003 | else |
| markrad | 0:cdf462088d13 | 1004 | RESULT=1 |
| markrad | 0:cdf462088d13 | 1005 | fi |
| markrad | 0:cdf462088d13 | 1006 | fi >/dev/null |
| markrad | 0:cdf462088d13 | 1007 | fi |
| markrad | 0:cdf462088d13 | 1008 | ;; |
| markrad | 0:cdf462088d13 | 1009 | |
| markrad | 0:cdf462088d13 | 1010 | mbed*) |
| markrad | 0:cdf462088d13 | 1011 | CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2" |
| markrad | 0:cdf462088d13 | 1012 | if [ "$MEMCHECK" -gt 0 ]; then |
| markrad | 0:cdf462088d13 | 1013 | CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD" |
| markrad | 0:cdf462088d13 | 1014 | fi |
| markrad | 0:cdf462088d13 | 1015 | log "$CLIENT_CMD" |
| markrad | 0:cdf462088d13 | 1016 | echo "$CLIENT_CMD" > $CLI_OUT |
| markrad | 0:cdf462088d13 | 1017 | $CLIENT_CMD >> $CLI_OUT 2>&1 & |
| markrad | 0:cdf462088d13 | 1018 | wait_client_done |
| markrad | 0:cdf462088d13 | 1019 | |
| markrad | 0:cdf462088d13 | 1020 | case $EXIT in |
| markrad | 0:cdf462088d13 | 1021 | # Success |
| markrad | 0:cdf462088d13 | 1022 | "0") RESULT=0 ;; |
| markrad | 0:cdf462088d13 | 1023 | |
| markrad | 0:cdf462088d13 | 1024 | # Ciphersuite not supported |
| markrad | 0:cdf462088d13 | 1025 | "2") RESULT=1 ;; |
| markrad | 0:cdf462088d13 | 1026 | |
| markrad | 0:cdf462088d13 | 1027 | # Error |
| markrad | 0:cdf462088d13 | 1028 | *) RESULT=2 ;; |
| markrad | 0:cdf462088d13 | 1029 | esac |
| markrad | 0:cdf462088d13 | 1030 | |
| markrad | 0:cdf462088d13 | 1031 | if [ "$MEMCHECK" -gt 0 ]; then |
| markrad | 0:cdf462088d13 | 1032 | if is_mbedtls "$CLIENT_CMD" && has_mem_err $CLI_OUT; then |
| markrad | 0:cdf462088d13 | 1033 | RESULT=2 |
| markrad | 0:cdf462088d13 | 1034 | fi |
| markrad | 0:cdf462088d13 | 1035 | fi |
| markrad | 0:cdf462088d13 | 1036 | |
| markrad | 0:cdf462088d13 | 1037 | ;; |
| markrad | 0:cdf462088d13 | 1038 | |
| markrad | 0:cdf462088d13 | 1039 | *) |
| markrad | 0:cdf462088d13 | 1040 | echo "error: invalid client name: $1" >&2 |
| markrad | 0:cdf462088d13 | 1041 | exit 1 |
| markrad | 0:cdf462088d13 | 1042 | ;; |
| markrad | 0:cdf462088d13 | 1043 | esac |
| markrad | 0:cdf462088d13 | 1044 | |
| markrad | 0:cdf462088d13 | 1045 | echo "EXIT: $EXIT" >> $CLI_OUT |
| markrad | 0:cdf462088d13 | 1046 | |
| markrad | 0:cdf462088d13 | 1047 | # report and count result |
| markrad | 0:cdf462088d13 | 1048 | case $RESULT in |
| markrad | 0:cdf462088d13 | 1049 | "0") |
| markrad | 0:cdf462088d13 | 1050 | echo PASS |
| markrad | 0:cdf462088d13 | 1051 | ;; |
| markrad | 0:cdf462088d13 | 1052 | "1") |
| markrad | 0:cdf462088d13 | 1053 | echo SKIP |
| markrad | 0:cdf462088d13 | 1054 | SKIPPED=$(( $SKIPPED + 1 )) |
| markrad | 0:cdf462088d13 | 1055 | ;; |
| markrad | 0:cdf462088d13 | 1056 | "2") |
| markrad | 0:cdf462088d13 | 1057 | echo FAIL |
| markrad | 0:cdf462088d13 | 1058 | cp $SRV_OUT c-srv-${TESTS}.log |
| markrad | 0:cdf462088d13 | 1059 | cp $CLI_OUT c-cli-${TESTS}.log |
| markrad | 0:cdf462088d13 | 1060 | echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" |
| markrad | 0:cdf462088d13 | 1061 | |
| markrad | 0:cdf462088d13 | 1062 | if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot ]; then |
| markrad | 0:cdf462088d13 | 1063 | echo " ! server output:" |
| markrad | 0:cdf462088d13 | 1064 | cat c-srv-${TESTS}.log |
| markrad | 0:cdf462088d13 | 1065 | echo " ! ===================================================" |
| markrad | 0:cdf462088d13 | 1066 | echo " ! client output:" |
| markrad | 0:cdf462088d13 | 1067 | cat c-cli-${TESTS}.log |
| markrad | 0:cdf462088d13 | 1068 | fi |
| markrad | 0:cdf462088d13 | 1069 | |
| markrad | 0:cdf462088d13 | 1070 | FAILED=$(( $FAILED + 1 )) |
| markrad | 0:cdf462088d13 | 1071 | ;; |
| markrad | 0:cdf462088d13 | 1072 | esac |
| markrad | 0:cdf462088d13 | 1073 | |
| markrad | 0:cdf462088d13 | 1074 | rm -f $CLI_OUT |
| markrad | 0:cdf462088d13 | 1075 | } |
| markrad | 0:cdf462088d13 | 1076 | |
| markrad | 0:cdf462088d13 | 1077 | # |
| markrad | 0:cdf462088d13 | 1078 | # MAIN |
| markrad | 0:cdf462088d13 | 1079 | # |
| markrad | 0:cdf462088d13 | 1080 | |
| markrad | 0:cdf462088d13 | 1081 | if cd $( dirname $0 ); then :; else |
| markrad | 0:cdf462088d13 | 1082 | echo "cd $( dirname $0 ) failed" >&2 |
| markrad | 0:cdf462088d13 | 1083 | exit 1 |
| markrad | 0:cdf462088d13 | 1084 | fi |
| markrad | 0:cdf462088d13 | 1085 | |
| markrad | 0:cdf462088d13 | 1086 | get_options "$@" |
| markrad | 0:cdf462088d13 | 1087 | |
| markrad | 0:cdf462088d13 | 1088 | # sanity checks, avoid an avalanche of errors |
| markrad | 0:cdf462088d13 | 1089 | if [ ! -x "$M_SRV" ]; then |
| markrad | 0:cdf462088d13 | 1090 | echo "Command '$M_SRV' is not an executable file" >&2 |
| markrad | 0:cdf462088d13 | 1091 | exit 1 |
| markrad | 0:cdf462088d13 | 1092 | fi |
| markrad | 0:cdf462088d13 | 1093 | if [ ! -x "$M_CLI" ]; then |
| markrad | 0:cdf462088d13 | 1094 | echo "Command '$M_CLI' is not an executable file" >&2 |
| markrad | 0:cdf462088d13 | 1095 | exit 1 |
| markrad | 0:cdf462088d13 | 1096 | fi |
| markrad | 0:cdf462088d13 | 1097 | |
| markrad | 0:cdf462088d13 | 1098 | if echo "$PEERS" | grep -i openssl > /dev/null; then |
| markrad | 0:cdf462088d13 | 1099 | if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else |
| markrad | 0:cdf462088d13 | 1100 | echo "Command '$OPENSSL_CMD' not found" >&2 |
| markrad | 0:cdf462088d13 | 1101 | exit 1 |
| markrad | 0:cdf462088d13 | 1102 | fi |
| markrad | 0:cdf462088d13 | 1103 | fi |
| markrad | 0:cdf462088d13 | 1104 | |
| markrad | 0:cdf462088d13 | 1105 | if echo "$PEERS" | grep -i gnutls > /dev/null; then |
| markrad | 0:cdf462088d13 | 1106 | for CMD in "$GNUTLS_CLI" "$GNUTLS_SERV"; do |
| markrad | 0:cdf462088d13 | 1107 | if which "$CMD" >/dev/null 2>&1; then :; else |
| markrad | 0:cdf462088d13 | 1108 | echo "Command '$CMD' not found" >&2 |
| markrad | 0:cdf462088d13 | 1109 | exit 1 |
| markrad | 0:cdf462088d13 | 1110 | fi |
| markrad | 0:cdf462088d13 | 1111 | done |
| markrad | 0:cdf462088d13 | 1112 | fi |
| markrad | 0:cdf462088d13 | 1113 | |
| markrad | 0:cdf462088d13 | 1114 | for PEER in $PEERS; do |
| markrad | 0:cdf462088d13 | 1115 | case "$PEER" in |
| markrad | 0:cdf462088d13 | 1116 | mbed*|[Oo]pen*|[Gg]nu*) |
| markrad | 0:cdf462088d13 | 1117 | ;; |
| markrad | 0:cdf462088d13 | 1118 | *) |
| markrad | 0:cdf462088d13 | 1119 | echo "Unknown peers: $PEER" >&2 |
| markrad | 0:cdf462088d13 | 1120 | exit 1 |
| markrad | 0:cdf462088d13 | 1121 | esac |
| markrad | 0:cdf462088d13 | 1122 | done |
| markrad | 0:cdf462088d13 | 1123 | |
| markrad | 0:cdf462088d13 | 1124 | # Pick a "unique" port in the range 10000-19999. |
| markrad | 0:cdf462088d13 | 1125 | PORT="0000$$" |
| markrad | 0:cdf462088d13 | 1126 | PORT="1$(echo $PORT | tail -c 5)" |
| markrad | 0:cdf462088d13 | 1127 | |
| markrad | 0:cdf462088d13 | 1128 | # Also pick a unique name for intermediate files |
| markrad | 0:cdf462088d13 | 1129 | SRV_OUT="srv_out.$$" |
| markrad | 0:cdf462088d13 | 1130 | CLI_OUT="cli_out.$$" |
| markrad | 0:cdf462088d13 | 1131 | |
| markrad | 0:cdf462088d13 | 1132 | # client timeout delay: be more patient with valgrind |
| markrad | 0:cdf462088d13 | 1133 | if [ "$MEMCHECK" -gt 0 ]; then |
| markrad | 0:cdf462088d13 | 1134 | DOG_DELAY=30 |
| markrad | 0:cdf462088d13 | 1135 | else |
| markrad | 0:cdf462088d13 | 1136 | DOG_DELAY=10 |
| markrad | 0:cdf462088d13 | 1137 | fi |
| markrad | 0:cdf462088d13 | 1138 | |
| markrad | 0:cdf462088d13 | 1139 | SKIP_NEXT="NO" |
| markrad | 0:cdf462088d13 | 1140 | |
| markrad | 0:cdf462088d13 | 1141 | trap cleanup INT TERM HUP |
| markrad | 0:cdf462088d13 | 1142 | |
| markrad | 0:cdf462088d13 | 1143 | for VERIFY in $VERIFIES; do |
| markrad | 0:cdf462088d13 | 1144 | for MODE in $MODES; do |
| markrad | 0:cdf462088d13 | 1145 | for TYPE in $TYPES; do |
| markrad | 0:cdf462088d13 | 1146 | for PEER in $PEERS; do |
| markrad | 0:cdf462088d13 | 1147 | |
| markrad | 0:cdf462088d13 | 1148 | setup_arguments |
| markrad | 0:cdf462088d13 | 1149 | |
| markrad | 0:cdf462088d13 | 1150 | case "$PEER" in |
| markrad | 0:cdf462088d13 | 1151 | |
| markrad | 0:cdf462088d13 | 1152 | [Oo]pen*) |
| markrad | 0:cdf462088d13 | 1153 | |
| markrad | 0:cdf462088d13 | 1154 | if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then |
| markrad | 0:cdf462088d13 | 1155 | continue; |
| markrad | 0:cdf462088d13 | 1156 | fi |
| markrad | 0:cdf462088d13 | 1157 | |
| markrad | 0:cdf462088d13 | 1158 | reset_ciphersuites |
| markrad | 0:cdf462088d13 | 1159 | add_common_ciphersuites |
| markrad | 0:cdf462088d13 | 1160 | add_openssl_ciphersuites |
| markrad | 0:cdf462088d13 | 1161 | filter_ciphersuites |
| markrad | 0:cdf462088d13 | 1162 | |
| markrad | 0:cdf462088d13 | 1163 | if [ "X" != "X$M_CIPHERS" ]; then |
| markrad | 0:cdf462088d13 | 1164 | start_server "OpenSSL" |
| markrad | 0:cdf462088d13 | 1165 | for i in $M_CIPHERS; do |
| markrad | 0:cdf462088d13 | 1166 | check_openssl_server_bug $i |
| markrad | 0:cdf462088d13 | 1167 | run_client mbedTLS $i |
| markrad | 0:cdf462088d13 | 1168 | done |
| markrad | 0:cdf462088d13 | 1169 | stop_server |
| markrad | 0:cdf462088d13 | 1170 | fi |
| markrad | 0:cdf462088d13 | 1171 | |
| markrad | 0:cdf462088d13 | 1172 | if [ "X" != "X$O_CIPHERS" ]; then |
| markrad | 0:cdf462088d13 | 1173 | start_server "mbedTLS" |
| markrad | 0:cdf462088d13 | 1174 | for i in $O_CIPHERS; do |
| markrad | 0:cdf462088d13 | 1175 | run_client OpenSSL $i |
| markrad | 0:cdf462088d13 | 1176 | done |
| markrad | 0:cdf462088d13 | 1177 | stop_server |
| markrad | 0:cdf462088d13 | 1178 | fi |
| markrad | 0:cdf462088d13 | 1179 | |
| markrad | 0:cdf462088d13 | 1180 | ;; |
| markrad | 0:cdf462088d13 | 1181 | |
| markrad | 0:cdf462088d13 | 1182 | [Gg]nu*) |
| markrad | 0:cdf462088d13 | 1183 | |
| markrad | 0:cdf462088d13 | 1184 | reset_ciphersuites |
| markrad | 0:cdf462088d13 | 1185 | add_common_ciphersuites |
| markrad | 0:cdf462088d13 | 1186 | add_gnutls_ciphersuites |
| markrad | 0:cdf462088d13 | 1187 | filter_ciphersuites |
| markrad | 0:cdf462088d13 | 1188 | |
| markrad | 0:cdf462088d13 | 1189 | if [ "X" != "X$M_CIPHERS" ]; then |
| markrad | 0:cdf462088d13 | 1190 | start_server "GnuTLS" |
| markrad | 0:cdf462088d13 | 1191 | for i in $M_CIPHERS; do |
| markrad | 0:cdf462088d13 | 1192 | run_client mbedTLS $i |
| markrad | 0:cdf462088d13 | 1193 | done |
| markrad | 0:cdf462088d13 | 1194 | stop_server |
| markrad | 0:cdf462088d13 | 1195 | fi |
| markrad | 0:cdf462088d13 | 1196 | |
| markrad | 0:cdf462088d13 | 1197 | if [ "X" != "X$G_CIPHERS" ]; then |
| markrad | 0:cdf462088d13 | 1198 | start_server "mbedTLS" |
| markrad | 0:cdf462088d13 | 1199 | for i in $G_CIPHERS; do |
| markrad | 0:cdf462088d13 | 1200 | run_client GnuTLS $i |
| markrad | 0:cdf462088d13 | 1201 | done |
| markrad | 0:cdf462088d13 | 1202 | stop_server |
| markrad | 0:cdf462088d13 | 1203 | fi |
| markrad | 0:cdf462088d13 | 1204 | |
| markrad | 0:cdf462088d13 | 1205 | ;; |
| markrad | 0:cdf462088d13 | 1206 | |
| markrad | 0:cdf462088d13 | 1207 | mbed*) |
| markrad | 0:cdf462088d13 | 1208 | |
| markrad | 0:cdf462088d13 | 1209 | reset_ciphersuites |
| markrad | 0:cdf462088d13 | 1210 | add_common_ciphersuites |
| markrad | 0:cdf462088d13 | 1211 | add_openssl_ciphersuites |
| markrad | 0:cdf462088d13 | 1212 | add_gnutls_ciphersuites |
| markrad | 0:cdf462088d13 | 1213 | add_mbedtls_ciphersuites |
| markrad | 0:cdf462088d13 | 1214 | filter_ciphersuites |
| markrad | 0:cdf462088d13 | 1215 | |
| markrad | 0:cdf462088d13 | 1216 | if [ "X" != "X$M_CIPHERS" ]; then |
| markrad | 0:cdf462088d13 | 1217 | start_server "mbedTLS" |
| markrad | 0:cdf462088d13 | 1218 | for i in $M_CIPHERS; do |
| markrad | 0:cdf462088d13 | 1219 | run_client mbedTLS $i |
| markrad | 0:cdf462088d13 | 1220 | done |
| markrad | 0:cdf462088d13 | 1221 | stop_server |
| markrad | 0:cdf462088d13 | 1222 | fi |
| markrad | 0:cdf462088d13 | 1223 | |
| markrad | 0:cdf462088d13 | 1224 | ;; |
| markrad | 0:cdf462088d13 | 1225 | |
| markrad | 0:cdf462088d13 | 1226 | *) |
| markrad | 0:cdf462088d13 | 1227 | echo "Unknown peer: $PEER" >&2 |
| markrad | 0:cdf462088d13 | 1228 | exit 1 |
| markrad | 0:cdf462088d13 | 1229 | ;; |
| markrad | 0:cdf462088d13 | 1230 | |
| markrad | 0:cdf462088d13 | 1231 | esac |
| markrad | 0:cdf462088d13 | 1232 | |
| markrad | 0:cdf462088d13 | 1233 | done |
| markrad | 0:cdf462088d13 | 1234 | done |
| markrad | 0:cdf462088d13 | 1235 | done |
| markrad | 0:cdf462088d13 | 1236 | done |
| markrad | 0:cdf462088d13 | 1237 | |
| markrad | 0:cdf462088d13 | 1238 | echo "------------------------------------------------------------------------" |
| markrad | 0:cdf462088d13 | 1239 | |
| markrad | 0:cdf462088d13 | 1240 | if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; |
| markrad | 0:cdf462088d13 | 1241 | then |
| markrad | 0:cdf462088d13 | 1242 | printf "FAILED" |
| markrad | 0:cdf462088d13 | 1243 | else |
| markrad | 0:cdf462088d13 | 1244 | printf "PASSED" |
| markrad | 0:cdf462088d13 | 1245 | fi |
| markrad | 0:cdf462088d13 | 1246 | |
| markrad | 0:cdf462088d13 | 1247 | if [ "$MEMCHECK" -gt 0 ]; then |
| markrad | 0:cdf462088d13 | 1248 | MEMREPORT=", $SRVMEM server memory errors" |
| markrad | 0:cdf462088d13 | 1249 | else |
| markrad | 0:cdf462088d13 | 1250 | MEMREPORT="" |
| markrad | 0:cdf462088d13 | 1251 | fi |
| markrad | 0:cdf462088d13 | 1252 | |
| markrad | 0:cdf462088d13 | 1253 | PASSED=$(( $TESTS - $FAILED )) |
| markrad | 0:cdf462088d13 | 1254 | echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))" |
| markrad | 0:cdf462088d13 | 1255 | |
| markrad | 0:cdf462088d13 | 1256 | FAILED=$(( $FAILED + $SRVMEM )) |
| markrad | 0:cdf462088d13 | 1257 | exit $FAILED |