diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-18 17:35:06 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-06-18 17:38:03 +0200 |
commit | c5c791c205c4de2b7fe643648908b5fc4844346e (patch) | |
tree | c40af0a897a9bd971c29c41695d19d986abb5cfb | |
parent | 4973aca14340914fbec3630ff76ba14e7a5157c7 (diff) | |
download | gnutls-tmp-enable-x25519.tar.gz |
tests: enabled X25519 interop tests with openssl 1.1.0tmp-enable-x25519
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rwxr-xr-x | tests/suite/testcompat-main-openssl | 42 | ||||
-rwxr-xr-x | tests/suite/testcompat-openssl.sh | 4 |
2 files changed, 31 insertions, 15 deletions
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl index 6845642021..98c1d4c5f1 100755 --- a/tests/suite/testcompat-main-openssl +++ b/tests/suite/testcompat-main-openssl @@ -61,30 +61,46 @@ if test ${SV} != 0; then exit 77 fi -${SERV} ecparam -list_curves|grep X25519 >/dev/null 2>&1 -NO_X25519=$? +test $FIPS_CURVES = 1 && echo "Running with FIPS140-2 enabled curves enabled" + +${SERV} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1 +HAVE_X25519=$? + +test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519" ${SERV} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1 NO_TLS1_2=$? +test $NO_TLS1_2 = 0 && echo "Disabling interop tests for TLS 1.2" + ${SERV} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1 NO_DH_PARAMS=$? ${SERV} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1 HAVE_SSL3=$? +test $HAVE_SSL3 = 0 && echo "Disabling interop tests for SSL 3.0" + ${SERV} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1 NO_CAMELLIA=$? +test $NO_CAMELLIA = 0 && echo "Disabling interop tests for Camellia ciphersuites" + ${SERV} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1 NO_3DES=$? +test $NO_3DES = 0 && echo "Disabling interop tests for 3DES ciphersuites" + ${SERV} ciphers -v ALL 2>&1|grep -e DSS >/dev/null 2>&1 NO_DSS=$? +test $NO_DSS = 0 && echo "Disabling interop tests for DSS ciphersuites" + ${SERV} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1 NO_NULL=$? +test $NO_NULL = 0 && echo "Disabling interop tests for NULL ciphersuites" + . "${srcdir}/testcompat-common" if test "${NO_DH_PARAMS}" = 0;then @@ -210,7 +226,7 @@ run_client_suite() { kill ${PID} wait - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then eval "${GETPORT}" launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}" PID=$! @@ -313,9 +329,9 @@ run_client_suite() { kill ${PID} wait - if test "${NO_X25519}" = 0 && test "${FIPS}" != 1; then + if test "${HAVE_X25519}" = 0; then eval "${GETPORT}" - launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve X25519 -CAfile "${CA_CERT}" + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}" PID=$! wait_server ${PID} @@ -327,7 +343,7 @@ run_client_suite() { wait fi - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}" @@ -355,7 +371,7 @@ run_client_suite() { kill ${PID} wait - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then #-cipher ECDHE-ECDSA-AES128-SHA eval "${GETPORT}" launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}" @@ -368,7 +384,7 @@ run_client_suite() { kill ${PID} wait - fi #FIPS + fi #FIPS_CURVES fi #NO_TLS1_2 #-cipher PSK @@ -564,7 +580,7 @@ run_server_suite() { kill ${PID} wait - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)" eval "${GETPORT}" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" @@ -605,7 +621,7 @@ run_server_suite() { kill ${PID} wait - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)" eval "${GETPORT}" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" @@ -674,7 +690,7 @@ run_server_suite() { kill ${PID} wait - if test "${NO_X22519}" = 0 && test "${FIPS}" != 1; then + if test "${HAVE_X22519}" = 0; then echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)" eval "${GETPORT}" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}" @@ -688,7 +704,7 @@ run_server_suite() { wait fi - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)" eval "${GETPORT}" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}" @@ -729,7 +745,7 @@ run_server_suite() { kill ${PID} wait - if test "${FIPS}" != 1; then + if test "${FIPS_CURVES}" != 1; then echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)" eval "${GETPORT}" launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}" diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl.sh index cec0c7161e..216047087d 100755 --- a/tests/suite/testcompat-openssl.sh +++ b/tests/suite/testcompat-openssl.sh @@ -44,9 +44,9 @@ fi /usr/bin/openssl version|grep fips >/dev/null 2>&1 if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then - export FIPS=1 + export FIPS_CURVES=1 else - export FIPS=0 + export FIPS_CURVES=0 fi export TZ="UTC" |