search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
openssl: update to 1.0.2d
[tomato.git] / release / src / router / openssl / test / testssl
blob747e4ba381cdb91af28959ffd07027e893916166
1 #!/bin/sh
2
3 if [ "$1" = "" ]; then
4 key=../apps/server.pem
5 else
6 key="$1"
7 fi
8 if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10 else
11 cert="$2"
12 fi
13 ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15 if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17 else
18 dsa_cert=NO
19 fi
20
21 if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23 else
24 CA="-CAfile $3"
25 fi
26
27 if [ "$4" = "" ]; then
28 extra=""
29 else
30 extra="$4"
31 fi
32
33 serverinfo="./serverinfo.pem"
34
35 #############################################################################
36
37 echo test sslv2
38 $ssltest -ssl2 $extra || exit 1
39
40 echo test sslv2 with server authentication
41 $ssltest -ssl2 -server_auth $CA $extra || exit 1
42
43 if [ $dsa_cert = NO ]; then
44 echo test sslv2 with client authentication
45 $ssltest -ssl2 -client_auth $CA $extra || exit 1
46
47 echo test sslv2 with both client and server authentication
48 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
49 fi
50
51 echo test sslv3
52 $ssltest -ssl3 $extra || exit 1
53
54 echo test sslv3 with server authentication
55 $ssltest -ssl3 -server_auth $CA $extra || exit 1
56
57 echo test sslv3 with client authentication
58 $ssltest -ssl3 -client_auth $CA $extra || exit 1
59
60 echo test sslv3 with both client and server authentication
61 $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
62
63 echo test sslv2/sslv3
64 $ssltest $extra || exit 1
65
66 echo test sslv2/sslv3 with server authentication
67 $ssltest -server_auth $CA $extra || exit 1
68
69 echo test sslv2/sslv3 with client authentication
70 $ssltest -client_auth $CA $extra || exit 1
71
72 echo test sslv2/sslv3 with both client and server authentication
73 $ssltest -server_auth -client_auth $CA $extra || exit 1
74
75 echo test sslv2 via BIO pair
76 $ssltest -bio_pair -ssl2 $extra || exit 1
77
78 echo test sslv2 with server authentication via BIO pair
79 $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
80
81 if [ $dsa_cert = NO ]; then
82 echo test sslv2 with client authentication via BIO pair
83 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
84
85 echo test sslv2 with both client and server authentication via BIO pair
86 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
87 fi
88
89 echo test sslv3 via BIO pair
90 $ssltest -bio_pair -ssl3 $extra || exit 1
91
92 echo test sslv3 with server authentication via BIO pair
93 $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
94
95 echo test sslv3 with client authentication via BIO pair
96 $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
97
98 echo test sslv3 with both client and server authentication via BIO pair
99 $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
100
101 echo test sslv2/sslv3 via BIO pair
102 $ssltest $extra || exit 1
103
104 echo test dtlsv1
105 $ssltest -dtls1 $extra || exit 1
106
107 echo test dtlsv1 with server authentication
108 $ssltest -dtls1 -server_auth $CA $extra || exit 1
109
110 echo test dtlsv1 with client authentication
111 $ssltest -dtls1 -client_auth $CA $extra || exit 1
112
113 echo test dtlsv1 with both client and server authentication
114 $ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
115
116 echo test dtlsv1.2
117 $ssltest -dtls12 $extra || exit 1
118
119 echo test dtlsv1.2 with server authentication
120 $ssltest -dtls12 -server_auth $CA $extra || exit 1
121
122 echo test dtlsv1.2 with client authentication
123 $ssltest -dtls12 -client_auth $CA $extra || exit 1
124
125 echo test dtlsv1.2 with both client and server authentication
126 $ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
127
128 if [ $dsa_cert = NO ]; then
129 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
130 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
131 fi
132
133 echo test sslv2/sslv3 with 1024bit DHE via BIO pair
134 $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
135
136 echo test sslv2/sslv3 with server authentication
137 $ssltest -bio_pair -server_auth $CA $extra || exit 1
138
139 echo test sslv2/sslv3 with client authentication via BIO pair
140 $ssltest -bio_pair -client_auth $CA $extra || exit 1
141
142 echo test sslv2/sslv3 with both client and server authentication via BIO pair
143 $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
144
145 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
146 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
147
148 test_cipher() {
149 _cipher=$1
150 echo "Testing $_cipher"
151 prot=""
152 if [ $2 = "SSLv3" ] ; then
153 prot="-ssl3"
154 fi
155 $ssltest -cipher $_cipher $prot
156 if [ $? -ne 0 ] ; then
157 echo "Failed $_cipher"
158 exit 1
159 fi
160 }
161
162 echo "Testing ciphersuites"
163 for protocol in TLSv1.2 SSLv3; do
164 echo "Testing ciphersuites for $protocol"
165 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
166 test_cipher $cipher $protocol
167 done
168 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
169 echo "skipping RSA+DHE tests"
170 else
171 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
172 test_cipher $cipher $protocol
173 done
174 echo "testing connection with weak DH, expecting failure"
175 if [ $protocol = "SSLv3" ] ; then
176 $ssltest -cipher EDH -dhe512 -ssl3
177 else
178 $ssltest -cipher EDH -dhe512
179 fi
180 if [ $? -eq 0 ]; then
181 echo "FAIL: connection with weak DH succeeded"
182 exit 1
183 fi
184 fi
185 if ../util/shlib_wrap.sh ../apps/openssl no-ec; then
186 echo "skipping RSA+ECDHE tests"
187 else
188 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do
189 test_cipher $cipher $protocol
190 done
191 fi
192 done
193
194 #############################################################################
195
196 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
197 echo skipping anonymous DH tests
198 else
199 echo test tls1 with 1024bit anonymous DH, multiple handshakes
200 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
201 fi
202
203 if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
204 echo skipping RSA tests
205 else
206 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
207 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
208
209 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
210 echo skipping RSA+DHE tests
211 else
212 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
213 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
214 fi
215 fi
216
217 echo test tls1 with PSK
218 $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
219
220 echo test tls1 with PSK via BIO pair
221 $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
222
223 #############################################################################
224 # Custom Extension tests
225
226 echo test tls1 with custom extensions
227 $ssltest -bio_pair -tls1 -custom_ext || exit 1
228
229 #############################################################################
230 # Serverinfo tests
231
232 echo test tls1 with serverinfo
233 $ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1
234 $ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1
235 $ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1
236 $ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
237 $ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
238
239
240 #############################################################################
241 # ALPN tests
242
243 $ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
244 $ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1
245 $ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1
246 $ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1
247 $ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1
248 $ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1
249 $ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1
250 $ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
251
252 if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
253 echo skipping SRP tests
254 else
255 echo test tls1 with SRP
256 $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
257
258 echo test tls1 with SRP via BIO pair
259 $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
260
261 echo test tls1 with SRP auth
262 $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
263
264 echo test tls1 with SRP auth via BIO pair
265 $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
266 fi
267
268 #############################################################################
269 # Multi-buffer tests
270
271 if [ -z "$extra" -a `uname -m` = "x86_64" ]; then
272 $ssltest -cipher AES128-SHA -bytes 8m || exit 1
273 $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1
274 fi
275
276 exit 0
Tomato firmware and modifications.