1# perl script to run OpenSSL tests 2 3 4my $base_path = "\\openssl"; 5 6my $output_path = "$base_path\\test_out"; 7my $cert_path = "$base_path\\certs"; 8my $test_path = "$base_path\\test"; 9my $app_path = "$base_path\\apps"; 10 11my $tmp_cert = "$output_path\\cert.tmp"; 12my $OpenSSL_config = "$app_path\\openssl.cnf"; 13my $log_file = "$output_path\\tests.log"; 14 15my $pause = 0; 16 17 18# process the command line args to see if they wanted us to pause 19# between executing each command 20foreach $i (@ARGV) 21{ 22 if ($i =~ /^-p$/) 23 { $pause=1; } 24} 25 26 27 28main(); 29 30 31############################################################################ 32sub main() 33{ 34 # delete all the output files in the output directory 35 unlink <$output_path\\*.*>; 36 37 # open the main log file 38 open(OUT, ">$log_file") || die "unable to open $log_file\n"; 39 40 41 algorithm_tests(); 42 encryption_tests(); 43 pem_tests(); 44 verify_tests(); 45 ca_tests(); 46 ssl_tests(); 47 48 close(OUT); 49 50 print("\nCompleted running tests.\n\n"); 51 print("Check log file for errors: $log_file\n"); 52} 53 54############################################################################ 55sub algorithm_tests 56{ 57 my $i; 58 my $outFile; 59 my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test, 60 md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest, 61 dhtest, exptest ); 62 63 print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); 64 65 print( OUT "\n========================================================\n"); 66 print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); 67 68 foreach $i (@tests) 69 { 70 if (-e "$base_path\\$i.nlm") 71 { 72 $outFile = "$output_path\\$i.out"; 73 system("$i > $outFile"); 74 log_desc("Test: $i\.nlm:"); 75 log_output("", $outFile ); 76 } 77 else 78 { 79 log_desc("Test: $i\.nlm: file not found"); 80 } 81 } 82} 83 84############################################################################ 85sub encryption_tests 86{ 87 my $i; 88 my $outFile; 89 my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", 90 "des-ofb", "des-ede-ofb", "des-ede3-ofb", 91 "des-ecb", "des-ede", "des-ede3", "des-cbc", 92 "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", 93 "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", 94 "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", 95 "bf-ofb", "bf-cbc" ); 96 97 my $input = "$base_path\\do_tests.pl"; 98 my $cipher = "$output_path\\cipher.out"; 99 my $clear = "$output_path\\clear.out"; 100 101 print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); 102 103 print( OUT "\n========================================================\n"); 104 print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); 105 106 foreach $i (@enc_tests) 107 { 108 log_desc("Testing: $i"); 109 110 # do encryption 111 $outFile = "$output_path\\enc.out"; 112 system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" ); 113 log_output("Encrypting: $input --> $cipher", $outFile); 114 115 # do decryption 116 $outFile = "$output_path\\dec.out"; 117 system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); 118 log_output("Decrypting: $cipher --> $clear", $outFile); 119 120 # compare files 121 $x = compare_files( $input, $clear, 1); 122 if ( $x == 0 ) 123 { 124 print( "SUCCESS - files match: $input, $clear\n"); 125 print( OUT "SUCCESS - files match: $input, $clear\n"); 126 } 127 else 128 { 129 print( "ERROR: files don't match\n"); 130 print( OUT "ERROR: files don't match\n"); 131 } 132 133 do_wait(); 134 135 # Now do the same encryption but use Base64 136 137 # do encryption B64 138 $outFile = "$output_path\\B64enc.out"; 139 system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile"); 140 log_output("Encrypting(B64): $cipher --> $clear", $outFile); 141 142 # do decryption B64 143 $outFile = "$output_path\\B64dec.out"; 144 system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); 145 log_output("Decrypting(B64): $cipher --> $clear", $outFile); 146 147 # compare files 148 $x = compare_files( $input, $clear, 1); 149 if ( $x == 0 ) 150 { 151 print( "SUCCESS - files match: $input, $clear\n"); 152 print( OUT "SUCCESS - files match: $input, $clear\n"); 153 } 154 else 155 { 156 print( "ERROR: files don't match\n"); 157 print( OUT "ERROR: files don't match\n"); 158 } 159 160 do_wait(); 161 162 } # end foreach 163 164 # delete the temporary files 165 unlink($cipher); 166 unlink($clear); 167} 168 169 170############################################################################ 171sub pem_tests 172{ 173 my $i; 174 my $tmp_out; 175 my $outFile = "$output_path\\pem.out"; 176 177 my %pem_tests = ( 178 "crl" => "testcrl.pem", 179 "pkcs7" => "testp7.pem", 180 "req" => "testreq2.pem", 181 "rsa" => "testrsa.pem", 182 "x509" => "testx509.pem", 183 "x509" => "v3-cert1.pem", 184 "sess_id" => "testsid.pem" ); 185 186 187 print( "\nRUNNING PEM TESTS:\n\n"); 188 189 print( OUT "\n========================================================\n"); 190 print( OUT "PEM TESTS:\n\n"); 191 192 foreach $i (keys(%pem_tests)) 193 { 194 log_desc( "Testing: $i"); 195 196 my $input = "$test_path\\$pem_tests{$i}"; 197 198 $tmp_out = "$output_path\\$pem_tests{$i}"; 199 200 if ($i ne "req" ) 201 { 202 system("openssl2 $i -in $input -out $tmp_out > $outFile"); 203 log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); 204 } 205 else 206 { 207 system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile"); 208 log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); 209 } 210 211 $x = compare_files( $input, $tmp_out); 212 if ( $x == 0 ) 213 { 214 print( "SUCCESS - files match: $input, $tmp_out\n"); 215 print( OUT "SUCCESS - files match: $input, $tmp_out\n"); 216 } 217 else 218 { 219 print( "ERROR: files don't match\n"); 220 print( OUT "ERROR: files don't match\n"); 221 } 222 do_wait(); 223 224 } # end foreach 225} 226 227 228############################################################################ 229sub verify_tests 230{ 231 my $i; 232 my $outFile = "$output_path\\verify.out"; 233 234 my @cert_files = <$cert_path\\*.pem>; 235 236 print( "\nRUNNING VERIFY TESTS:\n\n"); 237 238 print( OUT "\n========================================================\n"); 239 print( OUT "VERIFY TESTS:\n\n"); 240 241 make_tmp_cert_file(); 242 243 foreach $i (@cert_files) 244 { 245 system("openssl2 verify -CAfile $tmp_cert $i >$outFile"); 246 log_desc("Verifying cert: $i"); 247 log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); 248 } 249} 250 251 252############################################################################ 253sub ssl_tests 254{ 255 my $outFile = "$output_path\\ssl_tst.out"; 256 my($CAcert) = "$output_path\\certCA.ss"; 257 my($Ukey) = "$output_path\\keyU.ss"; 258 my($Ucert) = "$output_path\\certU.ss"; 259 my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert"; 260 261 print( "\nRUNNING SSL TESTS:\n\n"); 262 263 print( OUT "\n========================================================\n"); 264 print( OUT "SSL TESTS:\n\n"); 265 266 system("ssltest -ssl2 >$outFile"); 267 log_desc("Testing sslv2:"); 268 log_output("ssltest -ssl2", $outFile); 269 270 system("$ssltest -ssl2 -server_auth >$outFile"); 271 log_desc("Testing sslv2 with server authentication:"); 272 log_output("$ssltest -ssl2 -server_auth", $outFile); 273 274 system("$ssltest -ssl2 -client_auth >$outFile"); 275 log_desc("Testing sslv2 with client authentication:"); 276 log_output("$ssltest -ssl2 -client_auth", $outFile); 277 278 system("$ssltest -ssl2 -server_auth -client_auth >$outFile"); 279 log_desc("Testing sslv2 with both client and server authentication:"); 280 log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile); 281 282 system("ssltest -ssl3 >$outFile"); 283 log_desc("Testing sslv3:"); 284 log_output("ssltest -ssl3", $outFile); 285 286 system("$ssltest -ssl3 -server_auth >$outFile"); 287 log_desc("Testing sslv3 with server authentication:"); 288 log_output("$ssltest -ssl3 -server_auth", $outFile); 289 290 system("$ssltest -ssl3 -client_auth >$outFile"); 291 log_desc("Testing sslv3 with client authentication:"); 292 log_output("$ssltest -ssl3 -client_auth", $outFile); 293 294 system("$ssltest -ssl3 -server_auth -client_auth >$outFile"); 295 log_desc("Testing sslv3 with both client and server authentication:"); 296 log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile); 297 298 system("ssltest >$outFile"); 299 log_desc("Testing sslv2/sslv3:"); 300 log_output("ssltest", $outFile); 301 302 system("$ssltest -server_auth >$outFile"); 303 log_desc("Testing sslv2/sslv3 with server authentication:"); 304 log_output("$ssltest -server_auth", $outFile); 305 306 system("$ssltest -client_auth >$outFile"); 307 log_desc("Testing sslv2/sslv3 with client authentication:"); 308 log_output("$ssltest -client_auth ", $outFile); 309 310 system("$ssltest -server_auth -client_auth >$outFile"); 311 log_desc("Testing sslv2/sslv3 with both client and server authentication:"); 312 log_output("$ssltest -server_auth -client_auth", $outFile); 313 314 system("ssltest -bio_pair -ssl2 >$outFile"); 315 log_desc("Testing sslv2 via BIO pair:"); 316 log_output("ssltest -bio_pair -ssl2", $outFile); 317 318 system("ssltest -bio_pair -dhe1024dsa -v >$outFile"); 319 log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); 320 log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); 321 322 system("$ssltest -bio_pair -ssl2 -server_auth >$outFile"); 323 log_desc("Testing sslv2 with server authentication via BIO pair:"); 324 log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile); 325 326 system("$ssltest -bio_pair -ssl2 -client_auth >$outFile"); 327 log_desc("Testing sslv2 with client authentication via BIO pair:"); 328 log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile); 329 330 system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile"); 331 log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); 332 log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile); 333 334 system("ssltest -bio_pair -ssl3 >$outFile"); 335 log_desc("Testing sslv3 via BIO pair:"); 336 log_output("ssltest -bio_pair -ssl3", $outFile); 337 338 system("$ssltest -bio_pair -ssl3 -server_auth >$outFile"); 339 log_desc("Testing sslv3 with server authentication via BIO pair:"); 340 log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile); 341 342 system("$ssltest -bio_pair -ssl3 -client_auth >$outFile"); 343 log_desc("Testing sslv3 with client authentication via BIO pair:"); 344 log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile); 345 346 system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile"); 347 log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); 348 log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile); 349 350 system("ssltest -bio_pair >$outFile"); 351 log_desc("Testing sslv2/sslv3 via BIO pair:"); 352 log_output("ssltest -bio_pair", $outFile); 353 354 system("$ssltest -bio_pair -server_auth >$outFile"); 355 log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); 356 log_output("$ssltest -bio_pair -server_auth", $outFile); 357 358 system("$ssltest -bio_pair -client_auth >$outFile"); 359 log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); 360 log_output("$ssltest -bio_pair -client_auth", $outFile); 361 362 system("$ssltest -bio_pair -server_auth -client_auth >$outFile"); 363 log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); 364 log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile); 365} 366 367 368############################################################################ 369sub ca_tests 370{ 371 my $outFile = "$output_path\\ca_tst.out"; 372 373 my($CAkey) = "$output_path\\keyCA.ss"; 374 my($CAcert) = "$output_path\\certCA.ss"; 375 my($CAserial) = "$output_path\\certCA.srl"; 376 my($CAreq) = "$output_path\\reqCA.ss"; 377 my($CAreq2) = "$output_path\\req2CA.ss"; 378 379 my($CAconf) = "$test_path\\CAss.cnf"; 380 381 my($Uconf) = "$test_path\\Uss.cnf"; 382 383 my($Ukey) = "$output_path\\keyU.ss"; 384 my($Ureq) = "$output_path\\reqU.ss"; 385 my($Ucert) = "$output_path\\certU.ss"; 386 387 print( "\nRUNNING CA TESTS:\n\n"); 388 389 print( OUT "\n========================================================\n"); 390 print( OUT "CA TESTS:\n"); 391 392 system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile"); 393 log_desc("Make a certificate request using req:"); 394 log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); 395 396 system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile"); 397 log_desc("Convert the certificate request into a self signed certificate using x509:"); 398 log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); 399 400 system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile"); 401 log_desc("Convert a certificate into a certificate request using 'x509':"); 402 log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); 403 404 system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile"); 405 log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); 406 407 system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile"); 408 log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); 409 410 system("openssl2 verify -CAfile $CAcert $CAcert >$outFile"); 411 log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); 412 413 system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile"); 414 log_desc("Make another certificate request using req:"); 415 log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); 416 417 system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile"); 418 log_desc("Sign certificate request with the just created CA via x509:"); 419 log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); 420 421 system("openssl2 verify -CAfile $CAcert $Ucert >$outFile"); 422 log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); 423 424 system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile"); 425 log_desc("Certificate details"); 426 log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); 427 428 print(OUT "-- \n"); 429 print(OUT "The generated CA certificate is $CAcert\n"); 430 print(OUT "The generated CA private key is $CAkey\n"); 431 print(OUT "The current CA signing serial number is in $CAserial\n"); 432 433 print(OUT "The generated user certificate is $Ucert\n"); 434 print(OUT "The generated user private key is $Ukey\n"); 435 print(OUT "--\n"); 436} 437 438############################################################################ 439sub log_output( $ $ ) 440{ 441 my( $desc, $file ) = @_; 442 my($error) = 0; 443 my($key); 444 my($msg); 445 446 if ($desc) 447 { 448 print("$desc\n"); 449 print(OUT "$desc\n"); 450 } 451 452 # loop waiting for test program to complete 453 while ( stat($file) == 0) 454 { print(". "); sleep(1); } 455 456 457 # copy test output to log file 458 open(IN, "<$file"); 459 while (<IN>) 460 { 461 print(OUT $_); 462 if ( $_ =~ /ERROR/ ) 463 { 464 $error = 1; 465 } 466 } 467 # close and delete the temporary test output file 468 close(IN); 469 unlink($file); 470 471 if ( $error == 0 ) 472 { 473 $msg = "Test Succeeded"; 474 } 475 else 476 { 477 $msg = "Test Failed"; 478 } 479 480 print(OUT "$msg\n"); 481 482 if ($pause) 483 { 484 print("$msg - press ENTER to continue..."); 485 $key = getc; 486 print("\n"); 487 } 488 489 # Several of the testing scripts run a loop loading the 490 # same NLM with different options. 491 # On slow NetWare machines there appears to be some delay in the 492 # OS actually unloading the test nlms and the OS complains about. 493 # the NLM already being loaded. This additional pause is to 494 # to help provide a little more time for unloading before trying to 495 # load again. 496 sleep(1); 497} 498 499 500############################################################################ 501sub log_desc( $ ) 502{ 503 my( $desc ) = @_; 504 505 print("\n"); 506 print("$desc\n"); 507 508 print(OUT "\n"); 509 print(OUT "$desc\n"); 510 print(OUT "======================================\n"); 511} 512 513############################################################################ 514sub compare_files( $ $ $ ) 515{ 516 my( $file1, $file2, $binary ) = @_; 517 my( $n1, $n2, $b1, $b2 ); 518 my($ret) = 1; 519 520 open(IN0, $file1) || die "\nunable to open $file1\n"; 521 open(IN1, $file2) || die "\nunable to open $file2\n"; 522 523 if ($binary) 524 { 525 binmode IN0; 526 binmode IN1; 527 } 528 529 for (;;) 530 { 531 $n1 = read(IN0, $b1, 512); 532 $n2 = read(IN1, $b2, 512); 533 534 if ($n1 != $n2) {last;} 535 if ($b1 != $b2) {last;} 536 537 if ($n1 == 0) 538 { 539 $ret = 0; 540 last; 541 } 542 } 543 close(IN0); 544 close(IN1); 545 return($ret); 546} 547 548############################################################################ 549sub do_wait() 550{ 551 my($key); 552 553 if ($pause) 554 { 555 print("Press ENTER to continue..."); 556 $key = getc; 557 print("\n"); 558 } 559} 560 561 562############################################################################ 563sub make_tmp_cert_file() 564{ 565 my @cert_files = <$cert_path\\*.pem>; 566 567 # delete the file if it already exists 568 unlink($tmp_cert); 569 570 open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; 571 572 print("building temporary cert file\n"); 573 574 # create a temporary cert file that contains all the certs 575 foreach $i (@cert_files) 576 { 577 open( IN_CERT, $i ) || die "\nunable to open $i\n"; 578 579 for(;;) 580 { 581 $n = sysread(IN_CERT, $data, 1024); 582 583 if ($n == 0) 584 { 585 close(IN_CERT); 586 last; 587 }; 588 589 syswrite(TMP_CERT, $data, $n); 590 } 591 } 592 593 close( TMP_CERT ); 594} 595