1# perl script to run OpenSSL tests 2 3 4my $base_path = "\\openssl"; 5 6my $output_path = "$base_path\\test_out"; 7my $cert_path = "$base_path\\certs"; 8my $test_path = "$base_path\\test"; 9my $app_path = "$base_path\\apps"; 10 11my $tmp_cert = "$output_path\\cert.tmp"; 12my $OpenSSL_config = "$app_path\\openssl.cnf"; 13my $log_file = "$output_path\\tests.log"; 14 15my $pause = 0; 16 17 18# process the command line args to see if they wanted us to pause 19# between executing each command 20foreach $i (@ARGV) 21{ 22 if ($i =~ /^-p$/) 23 { $pause=1; } 24} 25 26 27 28main(); 29 30 31############################################################################ 32sub main() 33{ 34 # delete all the output files in the output directory 35 unlink <$output_path\\*.*>; 36 37 # open the main log file 38 open(OUT, ">$log_file") || die "unable to open $log_file\n"; 39 40 print( OUT "========================================================\n"); 41 my $outFile = "$output_path\\version.out"; 42 system("openssl2 version (CLIB_OPT)/>$outFile"); 43 log_output("CHECKING FOR OPENSSL VERSION:", $outFile); 44 45 algorithm_tests(); 46 encryption_tests(); 47 evp_tests(); 48 pem_tests(); 49 verify_tests(); 50 ca_tests(); 51 ssl_tests(); 52 53 close(OUT); 54 55 print("\nCompleted running tests.\n\n"); 56 print("Check log file for errors: $log_file\n"); 57} 58 59############################################################################ 60sub algorithm_tests 61{ 62 my $i; 63 my $outFile; 64 my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test, 65 sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test, 66 rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest, 67 ecdsatest, ectest, exptest, casttest, hmactest ); 68 69 print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); 70 71 print( OUT "\n========================================================\n"); 72 print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); 73 74 foreach $i (@tests) 75 { 76 if (-e "$base_path\\$i.nlm") 77 { 78 $outFile = "$output_path\\$i.out"; 79 system("$i (CLIB_OPT)/>$outFile"); 80 log_desc("Test: $i\.nlm:"); 81 log_output("", $outFile ); 82 } 83 else 84 { 85 log_desc("Test: $i\.nlm: file not found"); 86 } 87 } 88} 89 90############################################################################ 91sub encryption_tests 92{ 93 my $i; 94 my $outFile; 95 my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", 96 "des-ofb", "des-ede-ofb", "des-ede3-ofb", 97 "des-ecb", "des-ede", "des-ede3", "des-cbc", 98 "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", 99 "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", 100 "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", 101 "bf-ofb", "bf-cbc" ); 102 103 my $input = "$base_path\\do_tests.pl"; 104 my $cipher = "$output_path\\cipher.out"; 105 my $clear = "$output_path\\clear.out"; 106 107 print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); 108 109 print( OUT "\n========================================================\n"); 110 print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); 111 112 foreach $i (@enc_tests) 113 { 114 log_desc("Testing: $i"); 115 116 # do encryption 117 $outFile = "$output_path\\enc.out"; 118 system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" ); 119 log_output("Encrypting: $input --> $cipher", $outFile); 120 121 # do decryption 122 $outFile = "$output_path\\dec.out"; 123 system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile"); 124 log_output("Decrypting: $cipher --> $clear", $outFile); 125 126 # compare files 127 $x = compare_files( $input, $clear, 1); 128 if ( $x == 0 ) 129 { 130 print( "\rSUCCESS - files match: $input, $clear\n"); 131 print( OUT "SUCCESS - files match: $input, $clear\n"); 132 } 133 else 134 { 135 print( "\rERROR: files don't match\n"); 136 print( OUT "ERROR: files don't match\n"); 137 } 138 139 do_wait(); 140 141 # Now do the same encryption but use Base64 142 143 # do encryption B64 144 $outFile = "$output_path\\B64enc.out"; 145 system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile"); 146 log_output("Encrypting(B64): $cipher --> $clear", $outFile); 147 148 # do decryption B64 149 $outFile = "$output_path\\B64dec.out"; 150 system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile"); 151 log_output("Decrypting(B64): $cipher --> $clear", $outFile); 152 153 # compare files 154 $x = compare_files( $input, $clear, 1); 155 if ( $x == 0 ) 156 { 157 print( "\rSUCCESS - files match: $input, $clear\n"); 158 print( OUT "SUCCESS - files match: $input, $clear\n"); 159 } 160 else 161 { 162 print( "\rERROR: files don't match\n"); 163 print( OUT "ERROR: files don't match\n"); 164 } 165 166 do_wait(); 167 168 } # end foreach 169 170 # delete the temporary files 171 unlink($cipher); 172 unlink($clear); 173} 174 175 176############################################################################ 177sub pem_tests 178{ 179 my $i; 180 my $tmp_out; 181 my $outFile = "$output_path\\pem.out"; 182 183 my %pem_tests = ( 184 "crl" => "testcrl.pem", 185 "pkcs7" => "testp7.pem", 186 "req" => "testreq2.pem", 187 "rsa" => "testrsa.pem", 188 "x509" => "testx509.pem", 189 "x509" => "v3-cert1.pem", 190 "sess_id" => "testsid.pem" ); 191 192 193 print( "\nRUNNING PEM TESTS:\n\n"); 194 195 print( OUT "\n========================================================\n"); 196 print( OUT "PEM TESTS:\n\n"); 197 198 foreach $i (keys(%pem_tests)) 199 { 200 log_desc( "Testing: $i"); 201 202 my $input = "$test_path\\$pem_tests{$i}"; 203 204 $tmp_out = "$output_path\\$pem_tests{$i}"; 205 206 if ($i ne "req" ) 207 { 208 system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile"); 209 log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); 210 } 211 else 212 { 213 system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile"); 214 log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); 215 } 216 217 $x = compare_files( $input, $tmp_out); 218 if ( $x == 0 ) 219 { 220 print( "\rSUCCESS - files match: $input, $tmp_out\n"); 221 print( OUT "SUCCESS - files match: $input, $tmp_out\n"); 222 } 223 else 224 { 225 print( "\rERROR: files don't match\n"); 226 print( OUT "ERROR: files don't match\n"); 227 } 228 do_wait(); 229 230 } # end foreach 231} 232 233 234############################################################################ 235sub verify_tests 236{ 237 my $i; 238 my $outFile = "$output_path\\verify.out"; 239 240 $cert_path =~ s/\\/\//g; 241 my @cert_files = <$cert_path/*.pem>; 242 243 print( "\nRUNNING VERIFY TESTS:\n\n"); 244 245 print( OUT "\n========================================================\n"); 246 print( OUT "VERIFY TESTS:\n\n"); 247 248 make_tmp_cert_file(); 249 250 foreach $i (@cert_files) 251 { 252 system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile"); 253 log_desc("Verifying cert: $i"); 254 log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); 255 } 256} 257 258 259############################################################################ 260sub ssl_tests 261{ 262 my $outFile = "$output_path\\ssl_tst.out"; 263 my($CAcert) = "$output_path\\certCA.ss"; 264 my($Ukey) = "$output_path\\keyU.ss"; 265 my($Ucert) = "$output_path\\certU.ss"; 266 my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert"; 267 268 print( "\nRUNNING SSL TESTS:\n\n"); 269 270 print( OUT "\n========================================================\n"); 271 print( OUT "SSL TESTS:\n\n"); 272 273 system("ssltest -ssl2 (CLIB_OPT)/>$outFile"); 274 log_desc("Testing sslv2:"); 275 log_output("ssltest -ssl2", $outFile); 276 277 system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile"); 278 log_desc("Testing sslv2 with server authentication:"); 279 log_output("$ssltest -ssl2 -server_auth", $outFile); 280 281 system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile"); 282 log_desc("Testing sslv2 with client authentication:"); 283 log_output("$ssltest -ssl2 -client_auth", $outFile); 284 285 system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile"); 286 log_desc("Testing sslv2 with both client and server authentication:"); 287 log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile); 288 289 system("ssltest -ssl3 (CLIB_OPT)/>$outFile"); 290 log_desc("Testing sslv3:"); 291 log_output("ssltest -ssl3", $outFile); 292 293 system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile"); 294 log_desc("Testing sslv3 with server authentication:"); 295 log_output("$ssltest -ssl3 -server_auth", $outFile); 296 297 system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile"); 298 log_desc("Testing sslv3 with client authentication:"); 299 log_output("$ssltest -ssl3 -client_auth", $outFile); 300 301 system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile"); 302 log_desc("Testing sslv3 with both client and server authentication:"); 303 log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile); 304 305 system("ssltest (CLIB_OPT)/>$outFile"); 306 log_desc("Testing sslv2/sslv3:"); 307 log_output("ssltest", $outFile); 308 309 system("$ssltest -server_auth (CLIB_OPT)/>$outFile"); 310 log_desc("Testing sslv2/sslv3 with server authentication:"); 311 log_output("$ssltest -server_auth", $outFile); 312 313 system("$ssltest -client_auth (CLIB_OPT)/>$outFile"); 314 log_desc("Testing sslv2/sslv3 with client authentication:"); 315 log_output("$ssltest -client_auth ", $outFile); 316 317 system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile"); 318 log_desc("Testing sslv2/sslv3 with both client and server authentication:"); 319 log_output("$ssltest -server_auth -client_auth", $outFile); 320 321 system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile"); 322 log_desc("Testing sslv2 via BIO pair:"); 323 log_output("ssltest -bio_pair -ssl2", $outFile); 324 325 system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile"); 326 log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); 327 log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); 328 329 system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile"); 330 log_desc("Testing sslv2 with server authentication via BIO pair:"); 331 log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile); 332 333 system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile"); 334 log_desc("Testing sslv2 with client authentication via BIO pair:"); 335 log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile); 336 337 system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile"); 338 log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); 339 log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile); 340 341 system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile"); 342 log_desc("Testing sslv3 via BIO pair:"); 343 log_output("ssltest -bio_pair -ssl3", $outFile); 344 345 system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile"); 346 log_desc("Testing sslv3 with server authentication via BIO pair:"); 347 log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile); 348 349 system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile"); 350 log_desc("Testing sslv3 with client authentication via BIO pair:"); 351 log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile); 352 353 system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile"); 354 log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); 355 log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile); 356 357 system("ssltest -bio_pair (CLIB_OPT)/>$outFile"); 358 log_desc("Testing sslv2/sslv3 via BIO pair:"); 359 log_output("ssltest -bio_pair", $outFile); 360 361 system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile"); 362 log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); 363 log_output("$ssltest -bio_pair -server_auth", $outFile); 364 365 system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile"); 366 log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); 367 log_output("$ssltest -bio_pair -client_auth", $outFile); 368 369 system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile"); 370 log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); 371 log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile); 372} 373 374 375############################################################################ 376sub ca_tests 377{ 378 my $outFile = "$output_path\\ca_tst.out"; 379 380 my($CAkey) = "$output_path\\keyCA.ss"; 381 my($CAcert) = "$output_path\\certCA.ss"; 382 my($CAserial) = "$output_path\\certCA.srl"; 383 my($CAreq) = "$output_path\\reqCA.ss"; 384 my($CAreq2) = "$output_path\\req2CA.ss"; 385 386 my($CAconf) = "$test_path\\CAss.cnf"; 387 388 my($Uconf) = "$test_path\\Uss.cnf"; 389 390 my($Ukey) = "$output_path\\keyU.ss"; 391 my($Ureq) = "$output_path\\reqU.ss"; 392 my($Ucert) = "$output_path\\certU.ss"; 393 394 print( "\nRUNNING CA TESTS:\n\n"); 395 396 print( OUT "\n========================================================\n"); 397 print( OUT "CA TESTS:\n"); 398 399 system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile"); 400 log_desc("Make a certificate request using req:"); 401 log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); 402 403 system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile"); 404 log_desc("Convert the certificate request into a self signed certificate using x509:"); 405 log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); 406 407 system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile"); 408 log_desc("Convert a certificate into a certificate request using 'x509':"); 409 log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); 410 411 system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile"); 412 log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); 413 414 system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile"); 415 log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); 416 417 system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile"); 418 log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); 419 420 system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile"); 421 log_desc("Make another certificate request using req:"); 422 log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); 423 424 system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile"); 425 log_desc("Sign certificate request with the just created CA via x509:"); 426 log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); 427 428 system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile"); 429 log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); 430 431 system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile"); 432 log_desc("Certificate details"); 433 log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); 434 435 print(OUT "--\n"); 436 print(OUT "The generated CA certificate is $CAcert\n"); 437 print(OUT "The generated CA private key is $CAkey\n"); 438 print(OUT "The current CA signing serial number is in $CAserial\n"); 439 440 print(OUT "The generated user certificate is $Ucert\n"); 441 print(OUT "The generated user private key is $Ukey\n"); 442 print(OUT "--\n"); 443} 444 445############################################################################ 446sub evp_tests 447{ 448 my $i = 'evp_test'; 449 450 print( "\nRUNNING EVP TESTS:\n\n"); 451 452 print( OUT "\n========================================================\n"); 453 print( OUT "EVP TESTS:\n\n"); 454 455 if (-e "$base_path\\$i.nlm") 456 { 457 my $outFile = "$output_path\\$i.out"; 458 system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile"); 459 log_desc("Test: $i\.nlm:"); 460 log_output("", $outFile ); 461 } 462 else 463 { 464 log_desc("Test: $i\.nlm: file not found"); 465 } 466} 467 468############################################################################ 469sub log_output( $ $ ) 470{ 471 my( $desc, $file ) = @_; 472 my($error) = 0; 473 my($key); 474 my($msg); 475 476 if ($desc) 477 { 478 print("\r$desc\n"); 479 print(OUT "$desc\n"); 480 } 481 482 # loop waiting for test program to complete 483 while ( stat($file) == 0) 484 { print(". "); sleep(1); } 485 486 487 # copy test output to log file 488 open(IN, "<$file"); 489 while (<IN>) 490 { 491 print(OUT $_); 492 if ( $_ =~ /ERROR/ ) 493 { 494 $error = 1; 495 } 496 } 497 # close and delete the temporary test output file 498 close(IN); 499 unlink($file); 500 501 if ( $error == 0 ) 502 { 503 $msg = "Test Succeeded"; 504 } 505 else 506 { 507 $msg = "Test Failed"; 508 } 509 510 print(OUT "$msg\n"); 511 512 if ($pause) 513 { 514 print("$msg - press ENTER to continue..."); 515 $key = getc; 516 print("\n"); 517 } 518 519 # Several of the testing scripts run a loop loading the 520 # same NLM with different options. 521 # On slow NetWare machines there appears to be some delay in the 522 # OS actually unloading the test nlms and the OS complains about. 523 # the NLM already being loaded. This additional pause is to 524 # to help provide a little more time for unloading before trying to 525 # load again. 526 sleep(1); 527} 528 529 530############################################################################ 531sub log_desc( $ ) 532{ 533 my( $desc ) = @_; 534 535 print("\n"); 536 print("$desc\n"); 537 538 print(OUT "\n"); 539 print(OUT "$desc\n"); 540 print(OUT "======================================\n"); 541} 542 543############################################################################ 544sub compare_files( $ $ $ ) 545{ 546 my( $file1, $file2, $binary ) = @_; 547 my( $n1, $n2, $b1, $b2 ); 548 my($ret) = 1; 549 550 open(IN0, $file1) || die "\nunable to open $file1\n"; 551 open(IN1, $file2) || die "\nunable to open $file2\n"; 552 553 if ($binary) 554 { 555 binmode IN0; 556 binmode IN1; 557 } 558 559 for (;;) 560 { 561 $n1 = read(IN0, $b1, 512); 562 $n2 = read(IN1, $b2, 512); 563 564 if ($n1 != $n2) {last;} 565 if ($b1 != $b2) {last;} 566 567 if ($n1 == 0) 568 { 569 $ret = 0; 570 last; 571 } 572 } 573 close(IN0); 574 close(IN1); 575 return($ret); 576} 577 578############################################################################ 579sub do_wait() 580{ 581 my($key); 582 583 if ($pause) 584 { 585 print("Press ENTER to continue..."); 586 $key = getc; 587 print("\n"); 588 } 589} 590 591 592############################################################################ 593sub make_tmp_cert_file() 594{ 595 my @cert_files = <$cert_path/*.pem>; 596 597 # delete the file if it already exists 598 unlink($tmp_cert); 599 600 open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; 601 602 print("building temporary cert file\n"); 603 604 # create a temporary cert file that contains all the certs 605 foreach $i (@cert_files) 606 { 607 open( IN_CERT, $i ) || die "\nunable to open $i\n"; 608 609 for(;;) 610 { 611 $n = sysread(IN_CERT, $data, 1024); 612 613 if ($n == 0) 614 { 615 close(IN_CERT); 616 last; 617 }; 618 619 syswrite(TMP_CERT, $data, $n); 620 } 621 } 622 623 close( TMP_CERT ); 624} 625