tests: enabled X25519 interop tests with openssl 1.1.0tmp-enable-x25519

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-06-18 17:35:06 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-06-18 17:38:03 +0200
commit: c5c791c205c4de2b7fe643648908b5fc4844346e (patch)
tree: c40af0a897a9bd971c29c41695d19d986abb5cfb
parent: 4973aca14340914fbec3630ff76ba14e7a5157c7 (diff)
download: gnutls-tmp-enable-x25519.tar.gz
2 files changed, 31 insertions, 15 deletions
diff --git a/tests/suite/testcompat-main-openssl b/tests/suite/testcompat-main-openssl
index 6845642021..98c1d4c5f1 100755
--- a/tests/suite/testcompat-main-openssl
+++ b/tests/suite/testcompat-main-openssl
@@ -61,30 +61,46 @@ if test ${SV} != 0; then
 	exit 77
 fi
 
-${SERV} ecparam -list_curves|grep X25519 >/dev/null 2>&1
-NO_X25519=$?
+test $FIPS_CURVES = 1 && echo "Running with FIPS140-2 enabled curves enabled"
+
+${SERV} version|grep -e '1\.[1-9]\..' >/dev/null 2>&1
+HAVE_X25519=$?
+
+test $HAVE_X25519 != 0 && echo "Disabling interop tests for x25519"
 
 ${SERV} version|grep -e '[1-9]\.[0-9]\.[0-9]' >/dev/null 2>&1
 NO_TLS1_2=$?
 
+test $NO_TLS1_2 = 0 && echo "Disabling interop tests for TLS 1.2"
+
 ${SERV} version|grep -e '[1-9]\.[1-9]\.[0-9]' >/dev/null 2>&1
 NO_DH_PARAMS=$?
 
 ${SERV} s_server -help 2>&1|grep -e -ssl3 >/dev/null 2>&1
 HAVE_SSL3=$?
 
+test $HAVE_SSL3 = 0 && echo "Disabling interop tests for SSL 3.0"
+
 ${SERV} ciphers -v ALL 2>&1|grep -e CAMELLIA >/dev/null 2>&1
 NO_CAMELLIA=$?
 
+test $NO_CAMELLIA = 0 && echo "Disabling interop tests for Camellia ciphersuites"
+
 ${SERV} ciphers -v ALL 2>&1|grep -e 3DES >/dev/null 2>&1
 NO_3DES=$?
 
+test $NO_3DES = 0 && echo "Disabling interop tests for 3DES ciphersuites"
+
 ${SERV} ciphers -v ALL 2>&1|grep -e DSS >/dev/null 2>&1
 NO_DSS=$?
 
+test $NO_DSS = 0 && echo "Disabling interop tests for DSS ciphersuites"
+
 ${SERV} ciphers -v ALL 2>&1|grep -e NULL >/dev/null 2>&1
 NO_NULL=$?
 
+test $NO_NULL = 0 && echo "Disabling interop tests for NULL ciphersuites"
+
 . "${srcdir}/testcompat-common"
 
 if test "${NO_DH_PARAMS}" = 0;then
@@ -210,7 +226,7 @@ run_client_suite() {
 	kill ${PID}
 	wait
 
-	if test "${FIPS}" != 1; then
+	if test "${FIPS_CURVES}" != 1; then
 		eval "${GETPORT}"
 		launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve prime192v1 -CAfile "${CA_CERT}"
 		PID=$!
@@ -313,9 +329,9 @@ run_client_suite() {
 		kill ${PID}
 		wait
 
-		if test "${NO_X25519}" = 0 && test "${FIPS}" != 1; then
+		if test "${HAVE_X25519}" = 0; then
 			eval "${GETPORT}"
-			launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -named_curve X25519 -CAfile "${CA_CERT}"
+			launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${RSA_KEY}" -cert "${RSA_CERT}" -curves X25519 -CAfile "${CA_CERT}"
 			PID=$!
 			wait_server ${PID}
 
@@ -327,7 +343,7 @@ run_client_suite() {
 			wait
 		fi
 
-		if test "${FIPS}" != 1; then
+		if test "${FIPS_CURVES}" != 1; then
 			#-cipher ECDHE-ECDSA-AES128-SHA
 			eval "${GETPORT}"
 			launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC224_KEY}" -cert "${ECC224_CERT}" -Verify 1 -named_curve secp224r1 -CAfile "${CA_ECC_CERT}"
@@ -355,7 +371,7 @@ run_client_suite() {
 		kill ${PID}
 		wait
 
-		if test "${FIPS}" != 1; then
+		if test "${FIPS_CURVES}" != 1; then
 			#-cipher ECDHE-ECDSA-AES128-SHA
 			eval "${GETPORT}"
 			launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1_2 -key "${ECC521_KEY}" -cert "${ECC521_CERT}" -Verify 1 -named_curve secp521r1 -CAfile "${CA_ECC_CERT}"
@@ -368,7 +384,7 @@ run_client_suite() {
 
 			kill ${PID}
 			wait
-		fi #FIPS
+		fi #FIPS_CURVES
 	fi #NO_TLS1_2
 
 	#-cipher PSK
@@ -564,7 +580,7 @@ run_server_suite() {
 	kill ${PID}
 	wait
 
-	if test "${FIPS}" != 1; then
+	if test "${FIPS_CURVES}" != 1; then
 		echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP224R1)"
 		eval "${GETPORT}"
 		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
@@ -605,7 +621,7 @@ run_server_suite() {
 	kill ${PID}
 	wait
 
-	if test "${FIPS}" != 1; then
+	if test "${FIPS_CURVES}" != 1; then
 		echo "${PREFIX}Check TLS 1.0 with ECDHE-ECDSA ciphersuite (SECP521R1)"
 		eval "${GETPORT}"
 		launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
@@ -674,7 +690,7 @@ run_server_suite() {
 		kill ${PID}
 		wait
 
-		if test "${NO_X22519}" = 0 && test "${FIPS}" != 1; then
+		if test "${HAVE_X22519}" = 0; then
 			echo "${PREFIX}Check TLS 1.2 with ECDHE-RSA ciphersuite (X25519)"
 			eval "${GETPORT}"
 			launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-X25519${ADD}" --x509certfile "${SERV_CERT}" --x509keyfile "${SERV_KEY}" --x509cafile "${CA_CERT}"
@@ -688,7 +704,7 @@ run_server_suite() {
 			wait
 		fi
 
-		if test "${FIPS}" != 1; then
+		if test "${FIPS_CURVES}" != 1; then
 			echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP224R1)"
 			eval "${GETPORT}"
 			launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-SECP224R1:+CURVE-ALL${ADD}" --x509certfile "${ECC224_CERT}" --x509keyfile "${ECC224_KEY}" --x509cafile "${CA_ECC_CERT}"
@@ -729,7 +745,7 @@ run_server_suite() {
 		kill ${PID}
 		wait
 
-		if test "${FIPS}" != 1; then
+		if test "${FIPS_CURVES}" != 1; then
 			echo "${PREFIX}Check TLS 1.2 with ECDHE-ECDSA ciphersuite (SECP521R1)"
 			eval "${GETPORT}"
 			launch_server $$ --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.2:+ECDHE-ECDSA:+CURVE-ALL${ADD}" --x509certfile "${ECC521_CERT}" --x509keyfile "${ECC521_KEY}" --x509cafile "${CA_ECC_CERT}"
diff --git a/tests/suite/testcompat-openssl.sh b/tests/suite/testcompat-openssl.sh
index cec0c7161e..216047087d 100755
--- a/tests/suite/testcompat-openssl.sh
+++ b/tests/suite/testcompat-openssl.sh
@@ -44,9 +44,9 @@ fi
 
 /usr/bin/openssl version|grep fips >/dev/null 2>&1
 if test $? = 0 || test "${ENABLE_NON_SUITEB_CURVES}" != "1"; then
-	export FIPS=1
+	export FIPS_CURVES=1
 else
-	export FIPS=0
+	export FIPS_CURVES=0
 fi
 
 export TZ="UTC"
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-06-18 17:35:06 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-06-18 17:38:03 +0200
commit	c5c791c205c4de2b7fe643648908b5fc4844346e (patch)
tree	c40af0a897a9bd971c29c41695d19d986abb5cfb
parent	4973aca14340914fbec3630ff76ba14e7a5157c7 (diff)
download	gnutls-tmp-enable-x25519.tar.gz