crypto/openssl-0.9.7e/test/testfipsssl

   1 #!/bin/sh
   2
   3 if [ "$1" = "" ]; then
   4   key=../apps/server.pem
   5 else
   6   key="$1"
   7 fi
   8 if [ "$2" = "" ]; then
   9   cert=../apps/server.pem
  10 else
  11   cert="$2"
  12 fi
  13
  14 ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
  15
  16 ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
  17
  18 if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  19   dsa_cert=YES
  20 else
  21   dsa_cert=NO
  22 fi
  23
  24 if [ "$3" = "" ]; then
  25   CA="-CApath ../certs"
  26 else
  27   CA="-CAfile $3"
  28 fi
  29
  30 if [ "$4" = "" ]; then
  31   extra=""
  32 else
  33   extra="$4"
  34 fi
  35
  36 #############################################################################
  37
  38 echo test ssl3 is forbidden in FIPS mode
  39 $ssltest -ssl3 $extra && exit 1
  40
  41 echo test ssl2 is forbidden in FIPS mode
  42 $ssltest -ssl2 $extra && exit 1
  43
  44 echo test tls1
  45 $ssltest -tls1 $extra || exit 1
  46
  47 echo test tls1 with server authentication
  48 $ssltest -tls1 -server_auth $CA $extra || exit 1
  49
  50 echo test tls1 with client authentication
  51 $ssltest -tls1 -client_auth $CA $extra || exit 1
  52
  53 echo test tls1 with both client and server authentication
  54 $ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
  55
  56 echo test tls1 via BIO pair
  57 $ssltest -bio_pair -tls1 $extra || exit 1
  58
  59 echo test tls1 with server authentication via BIO pair
  60 $ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
  61
  62 echo test tls1 with client authentication via BIO pair
  63 $ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
  64
  65 echo test tls1 with both client and server authentication via BIO pair
  66 $ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
  67
  68 # note that all the below actually choose TLS...
  69
  70 if [ $dsa_cert = NO ]; then
  71   echo test sslv2/sslv3 w/o DHE via BIO pair
  72   $ssltest -bio_pair -no_dhe $extra || exit 1
  73 fi
  74
  75 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
  76 $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
  77
  78 echo test sslv2/sslv3 with server authentication
  79 $ssltest -bio_pair -server_auth $CA $extra || exit 1
  80
  81 echo test sslv2/sslv3 with client authentication via BIO pair
  82 $ssltest -bio_pair -client_auth $CA $extra || exit 1
  83
  84 echo test sslv2/sslv3 with both client and server authentication via BIO pair
  85 $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
  86
  87 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
  88 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
  89
  90 #############################################################################
  91
  92 if ../apps/openssl no-dh; then
  93   echo skipping anonymous DH tests
  94 else
  95   echo test tls1 with 1024bit anonymous DH, multiple handshakes
  96   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
  97 fi
  98
  99 if ../apps/openssl no-rsa; then
 100   echo skipping RSA tests
 101 else
 102   echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
 103   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
 104
 105   if ../apps/openssl no-dh; then
 106     echo skipping RSA+DHE tests
 107   else
 108     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
 109     ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
 110   fi
 111 fi
 112
 113 exit 0