1 /*
2 * Copyright (c) 2007-2016, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /*
32 * The testing of the crypto and ssl stuff goes here. Keeps the individual code
33 * modules from being uncluttered with test code.
34 *
35 * This is test code - I make no apologies for the quality!
36 */
37
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <signal.h>
41 #include <string.h>
42 #include <errno.h>
43 #include <sys/stat.h>
44 #include <fcntl.h>
45
46 #ifndef WIN32
47 #include <pthread.h>
48 #endif
49
50 #include "os_port.h"
51 #include "ssl.h"
52
53 #define DEFAULT_CERT "../ssl/test/axTLS.x509_1024.cer"
54 #define DEFAULT_KEY "../ssl/test/axTLS.key_1024"
55 //#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
56 #define DEFAULT_SVR_OPTION 0
57 //#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
58 #define DEFAULT_CLNT_OPTION 0
59
60 /* hack to remove gcc warning */
61 #define SYSTEM(A) if (system(A) < 0) printf("system call error\n");
62
63 static int g_port = 19001;
64
65 #ifndef WIN32
66 typedef void* ax_thread_status;
67 typedef void* ax_thread_param;
68 #define AX_THREAD_RETURN NULL
69 #define AX_INVALID_SOCKET ((int)-1)
70 #define AX_INVALID_SOCKET_P(fd) ((fd) < 0)
71 #else
72 typedef DWORD ax_thread_status;
73 typedef LPVOID ax_thread_param;
74 #define AX_THREAD_RETURN 0
75 #define AX_INVALID_SOCKET ((int)INVALID_SOCKET)
76 #define AX_INVALID_SOCKET_P(fd) ((fd) == AX_INVALID_SOCKET)
77 #endif
78
79 /**************************************************************************
80 * AES tests
81 *
82 * Run through a couple of the RFC3602 tests to verify that AES is correct.
83 **************************************************************************/
84 #define TEST1_SIZE 16
85 #define TEST2_SIZE 32
86
AES_test(BI_CTX * bi_ctx)87 static int AES_test(BI_CTX *bi_ctx)
88 {
89 AES_CTX aes_key;
90 int res = 1;
91 uint8_t key[TEST1_SIZE];
92 uint8_t iv[TEST1_SIZE];
93
94 {
95 /*
96 Case #1: Encrypting 16 bytes (1 block) using AES-CBC
97 Key : 0x06a9214036b8a15b512e03d534120006
98 IV : 0x3dafba429d9eb430b422da802c9fac41
99 Plaintext : "Single block msg"
100 Ciphertext: 0xe353779c1079aeb82708942dbe77181a
101
102 */
103 char *in_str = "Single block msg";
104 uint8_t ct[TEST1_SIZE];
105 uint8_t enc_data[TEST1_SIZE];
106 uint8_t dec_data[TEST1_SIZE];
107
108 bigint *key_bi = bi_str_import(
109 bi_ctx, "06A9214036B8A15B512E03D534120006");
110 bigint *iv_bi = bi_str_import(
111 bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
112 bigint *ct_bi = bi_str_import(
113 bi_ctx, "E353779C1079AEB82708942DBE77181A");
114 bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
115 bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
116 bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
117
118 AES_set_key(&aes_key, key, iv, AES_MODE_128);
119 AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str,
120 enc_data, sizeof(enc_data));
121 if (memcmp(enc_data, ct, sizeof(ct)))
122 {
123 printf("Error: AES ENCRYPT #1 failed\n");
124 goto end;
125 }
126
127 AES_set_key(&aes_key, key, iv, AES_MODE_128);
128 AES_convert_key(&aes_key);
129 AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
130
131 if (memcmp(dec_data, in_str, sizeof(dec_data)))
132 {
133 printf("Error: AES DECRYPT #1 failed\n");
134 goto end;
135 }
136 }
137
138 {
139 /*
140 Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC
141 Key : 0xc286696d887c9aa0611bbb3e2025a45a
142 IV : 0x562e17996d093d28ddb3ba695a2e6f58
143 Plaintext : 0x000102030405060708090a0b0c0d0e0f
144 101112131415161718191a1b1c1d1e1f
145 Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
146 7586602d253cfff91b8266bea6d61ab1
147 */
148 uint8_t in_data[TEST2_SIZE];
149 uint8_t ct[TEST2_SIZE];
150 uint8_t enc_data[TEST2_SIZE];
151 uint8_t dec_data[TEST2_SIZE];
152
153 bigint *in_bi = bi_str_import(bi_ctx,
154 "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
155 bigint *key_bi = bi_str_import(
156 bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
157 bigint *iv_bi = bi_str_import(
158 bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
159 bigint *ct_bi = bi_str_import(bi_ctx,
160 "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
161 bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
162 bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
163 bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
164 bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
165
166 AES_set_key(&aes_key, key, iv, AES_MODE_128);
167 AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data,
168 enc_data, sizeof(enc_data));
169
170 if (memcmp(enc_data, ct, sizeof(ct)))
171 {
172 printf("Error: ENCRYPT #2 failed\n");
173 goto end;
174 }
175
176 AES_set_key(&aes_key, key, iv, AES_MODE_128);
177 AES_convert_key(&aes_key);
178 AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
179 if (memcmp(dec_data, in_data, sizeof(dec_data)))
180 {
181 printf("Error: DECRYPT #2 failed\n");
182 goto end;
183 }
184 }
185
186 res = 0;
187 printf("All AES tests passed\n");
188
189 end:
190 return res;
191 }
192
193 /**************************************************************************
194 * SHA1 tests
195 *
196 * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
197 **************************************************************************/
SHA1_test(BI_CTX * bi_ctx)198 static int SHA1_test(BI_CTX *bi_ctx)
199 {
200 SHA1_CTX ctx;
201 uint8_t ct[SHA1_SIZE];
202 uint8_t digest[SHA1_SIZE];
203 int res = 1;
204
205 {
206 const char *in_str = "abc";
207 bigint *ct_bi = bi_str_import(bi_ctx,
208 "A9993E364706816ABA3E25717850C26C9CD0D89D");
209 bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
210
211 SHA1_Init(&ctx);
212 SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
213 SHA1_Final(digest, &ctx);
214
215 if (memcmp(digest, ct, sizeof(ct)))
216 {
217 printf("Error: SHA1 #1 failed\n");
218 goto end;
219 }
220 }
221
222 {
223 const char *in_str =
224 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
225 bigint *ct_bi = bi_str_import(bi_ctx,
226 "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
227 bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
228
229 SHA1_Init(&ctx);
230 SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
231 SHA1_Final(digest, &ctx);
232
233 if (memcmp(digest, ct, sizeof(ct)))
234 {
235 printf("Error: SHA1 #2 failed\n");
236 goto end;
237 }
238 }
239
240 res = 0;
241 printf("All SHA1 tests passed\n");
242
243 end:
244 return res;
245 }
246
247 /**************************************************************************
248 * SHA256 tests
249 *
250 * Run through a couple of the SHA-2 tests to verify that SHA256 is correct.
251 **************************************************************************/
SHA256_test(BI_CTX * bi_ctx)252 static int SHA256_test(BI_CTX *bi_ctx)
253 {
254 SHA256_CTX ctx;
255 uint8_t ct[SHA256_SIZE];
256 uint8_t digest[SHA256_SIZE];
257 int res = 1;
258
259 {
260 const char *in_str = "abc";
261 bigint *ct_bi = bi_str_import(bi_ctx,
262 "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
263 bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
264
265 SHA256_Init(&ctx);
266 SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
267 SHA256_Final(digest, &ctx);
268
269 if (memcmp(digest, ct, sizeof(ct)))
270 {
271 printf("Error: SHA256 #1 failed\n");
272 goto end;
273 }
274 }
275
276 {
277 const char *in_str =
278 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
279 bigint *ct_bi = bi_str_import(bi_ctx,
280 "248D6A61D20638B8E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1");
281 bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
282
283 SHA256_Init(&ctx);
284 SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
285 SHA256_Final(digest, &ctx);
286
287 if (memcmp(digest, ct, sizeof(ct)))
288 {
289 printf("Error: SHA256 #2 failed\n");
290 goto end;
291 }
292 }
293
294 res = 0;
295 printf("All SHA256 tests passed\n");
296
297 end:
298 return res;
299 }
300
301 /**************************************************************************
302 * SHA384 tests
303 *
304 * Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
305 **************************************************************************/
SHA384_test(BI_CTX * bi_ctx)306 static int SHA384_test(BI_CTX *bi_ctx)
307 {
308 SHA384_CTX ctx;
309 uint8_t ct[SHA384_SIZE];
310 uint8_t digest[SHA384_SIZE];
311 int res = 1;
312
313 {
314 const char *in_str = "abc";
315 bigint *ct_bi = bi_str_import(bi_ctx,
316 "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
317 bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
318
319 SHA384_Init(&ctx);
320 SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
321 SHA384_Final(digest, &ctx);
322
323 if (memcmp(digest, ct, sizeof(ct)))
324 {
325 printf("Error: SHA384 #1 failed\n");
326 goto end;
327 }
328 }
329
330 {
331 const char *in_str =
332 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
333 bigint *ct_bi = bi_str_import(bi_ctx,
334 "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
335 bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
336
337 SHA384_Init(&ctx);
338 SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
339 SHA384_Final(digest, &ctx);
340
341 if (memcmp(digest, ct, sizeof(ct)))
342 {
343 printf("Error: SHA384 #2 failed\n");
344 goto end;
345 }
346 }
347
348 res = 0;
349 printf("All SHA384 tests passed\n");
350
351 end:
352 return res;
353 }
354 /**************************************************************************
355 * SHA512 tests
356 *
357 * Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
358 **************************************************************************/
SHA512_test(BI_CTX * bi_ctx)359 static int SHA512_test(BI_CTX *bi_ctx)
360 {
361 SHA512_CTX ctx;
362 uint8_t ct[SHA512_SIZE];
363 uint8_t digest[SHA512_SIZE];
364 int res = 1;
365
366 {
367 const char *in_str = "abc";
368 bigint *ct_bi = bi_str_import(bi_ctx,
369 "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
370 bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
371
372 SHA512_Init(&ctx);
373 SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
374 SHA512_Final(digest, &ctx);
375
376 if (memcmp(digest, ct, sizeof(ct)))
377 {
378 printf("Error: SHA512 #1 failed\n");
379 goto end;
380 }
381 }
382
383 {
384 const char *in_str =
385 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
386 bigint *ct_bi = bi_str_import(bi_ctx,
387 "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
388 bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
389
390 SHA512_Init(&ctx);
391 SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
392 SHA512_Final(digest, &ctx);
393
394 if (memcmp(digest, ct, sizeof(ct)))
395 {
396 printf("Error: SHA512 #2 failed\n");
397 goto end;
398 }
399 }
400
401 res = 0;
402 printf("All SHA512 tests passed\n");
403
404 end:
405 return res;
406 }
407 /**************************************************************************
408 * MD5 tests
409 *
410 * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
411 **************************************************************************/
MD5_test(BI_CTX * bi_ctx)412 static int MD5_test(BI_CTX *bi_ctx)
413 {
414 MD5_CTX ctx;
415 uint8_t ct[MD5_SIZE];
416 uint8_t digest[MD5_SIZE];
417 int res = 1;
418
419 {
420 const char *in_str = "abc";
421 bigint *ct_bi = bi_str_import(bi_ctx,
422 "900150983CD24FB0D6963F7D28E17F72");
423 bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
424
425 MD5_Init(&ctx);
426 MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
427 MD5_Final(digest, &ctx);
428
429 if (memcmp(digest, ct, sizeof(ct)))
430 {
431 printf("Error: MD5 #1 failed\n");
432 goto end;
433 }
434 }
435
436 {
437 const char *in_str =
438 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
439 bigint *ct_bi = bi_str_import(
440 bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
441 bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
442
443 MD5_Init(&ctx);
444 MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
445 MD5_Final(digest, &ctx);
446
447 if (memcmp(digest, ct, sizeof(ct)))
448 {
449 printf("Error: MD5 #2 failed\n");
450 goto end;
451 }
452 }
453 res = 0;
454 printf("All MD5 tests passed\n");
455
456 end:
457 return res;
458 }
459
460 /**************************************************************************
461 * HMAC tests
462 *
463 * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
464 **************************************************************************/
HMAC_test(BI_CTX * bi_ctx)465 static int HMAC_test(BI_CTX *bi_ctx)
466 {
467 uint8_t key[SHA256_SIZE];
468 uint8_t ct[SHA256_SIZE];
469 uint8_t dgst[SHA256_SIZE];
470 int res = 1;
471 const char *key_str;
472
473 const char *data_str = "Hi There";
474 bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
475 bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
476 bi_export(bi_ctx, key_bi, key, MD5_SIZE);
477 bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
478 hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
479 if (memcmp(dgst, ct, MD5_SIZE))
480 {
481 printf("HMAC MD5 #1 failed\n");
482 goto end;
483 }
484
485 data_str = "what do ya want for nothing?";
486 key_str = "Jefe";
487 ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
488 bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
489 hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
490 if (memcmp(dgst, ct, MD5_SIZE))
491 {
492 printf("HMAC MD5 #2 failed\n");
493 goto end;
494 }
495
496 data_str = "Hi There";
497 key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
498 ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
499 bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
500 bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
501
502 hmac_sha1((const uint8_t *)data_str, 8,
503 (const uint8_t *)key, SHA1_SIZE, dgst);
504 if (memcmp(dgst, ct, SHA1_SIZE))
505 {
506 printf("HMAC SHA1 #1 failed\n");
507 goto end;
508 }
509
510 data_str = "what do ya want for nothing?";
511 key_str = "Jefe";
512 ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
513 bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
514
515 hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
516 if (memcmp(dgst, ct, SHA1_SIZE))
517 {
518 printf("HMAC SHA1 #2 failed\n");
519 goto end;
520 }
521
522 data_str = "Hi There";
523 key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
524 ct_bi = bi_str_import(bi_ctx,
525 "B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
526 bi_export(bi_ctx, key_bi, key, 20);
527 bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
528
529 hmac_sha256((const uint8_t *)data_str, 8,
530 (const uint8_t *)key, 20, dgst);
531
532 if (memcmp(dgst, ct, SHA256_SIZE))
533 {
534 printf("HMAC SHA256 #1 failed\n");
535 goto end;
536 }
537
538 data_str = "what do ya want for nothing?";
539 key_str = "Jefe";
540 ct_bi = bi_str_import(bi_ctx,
541 "5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
542 bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
543
544 hmac_sha256((const uint8_t *)data_str, 28,
545 (const uint8_t *)key_str, 4, dgst);
546 if (memcmp(dgst, ct, SHA256_SIZE))
547 {
548 printf("HMAC SHA256 #2 failed\n");
549 goto end;
550 }
551
552 // other test
553 /*uint8_t secret[16];
554 key_str = "9BBE436BA940F017B17652849A71DB35";
555 ct_bi = bi_str_import(bi_ctx, key_str);
556 bi_export(bi_ctx, ct_bi, secret, 16);
557
558 uint8_t random[26];
559 data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
560 ct_bi = bi_str_import(bi_ctx, data_str);
561 bi_export(bi_ctx, ct_bi, random, 26);
562
563 uint8_t output[256];
564 p_hash_sha256(secret, 16, random, 26, output, 100);
565 ct_bi = bi_import(bi_ctx, output, 100);
566 bi_print("RESULT", ct_bi);
567 */
568
569 /*uint8_t secret[48];
570 uint8_t random[256];
571 uint8_t output[256];
572
573 key_str =
574 "8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
575 ct_bi = bi_str_import(bi_ctx, key_str);
576 bi_export(bi_ctx, ct_bi, secret, 48);
577
578 data_str =
579 "636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
580 ct_bi = bi_str_import(bi_ctx, data_str);
581 bi_export(bi_ctx, ct_bi, random, 47);
582
583 p_hash_sha256(secret, 48, random, 47, output, 12);
584 ct_bi = bi_import(bi_ctx, output, 12);
585 bi_print("RESULT1", ct_bi);*/
586
587 res = 0;
588 printf("All HMAC tests passed\n");
589
590 end:
591 return res;
592 }
593
594 /**************************************************************************
595 * BIGINT tests
596 *
597 **************************************************************************/
BIGINT_test(BI_CTX * ctx)598 static int BIGINT_test(BI_CTX *ctx)
599 {
600 int res = 1;
601
602 #ifndef CONFIG_INTEGER_8BIT
603 #ifndef CONFIG_INTEGER_16BIT
604 bigint *bi_data, *bi_exp, *bi_res;
605 const char *expnt, *plaintext, *mod;
606 uint8_t compare[MAX_KEY_BYTE_SIZE];
607 /**
608 * 512 bit key
609 */
610 plaintext = /* 64 byte number */
611 "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
612
613 mod = "C30773C8ABE09FCC279EE0E5343370DE"
614 "8B2FFDB6059271E3005A7CEEF0D35E0A"
615 "1F9915D95E63560836CC2EB2C289270D"
616 "BCAE8CAF6F5E907FC2759EE220071E1B";
617
618 expnt = "A1E556CD1738E10DF539E35101334E97"
619 "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
620 "F3140F5091CC535CBAA47CEC4159EE1F"
621 "B6A3661AFF1AB758426EAB158452A9B9";
622
623 bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
624 bi_exp = int_to_bi(ctx, 0x10001);
625 bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
626 bi_res = bi_mod_power(ctx, bi_data, bi_exp);
627
628 bi_data = bi_res; /* resuse again - see if we get the original */
629
630 bi_exp = bi_str_import(ctx, expnt);
631 bi_res = bi_mod_power(ctx, bi_data, bi_exp);
632 bi_free_mod(ctx, 0);
633
634 bi_export(ctx, bi_res, compare, 64);
635 if (memcmp(plaintext, compare, 64) != 0)
636 goto end;
637 #endif
638 #endif
639
640 /*
641 * Multiply with psssible carry issue (8 bit)
642 */
643 {
644 bigint *bi_x = bi_str_import(ctx,
645 "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
646 bigint *arg2 = bi_clone(ctx, bi_x);
647 bigint *arg3 = bi_clone(ctx, bi_x);
648 bigint *sqr_result = bi_square(ctx, bi_x);
649 bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
650
651 if (bi_compare(sqr_result, mlt_result) != 0)
652 {
653 bi_print("SQR_RESULT", sqr_result);
654 bi_print("MLT_RESULT", mlt_result);
655 bi_free(ctx, sqr_result);
656 bi_free(ctx, mlt_result);
657 goto end;
658 }
659
660 bi_free(ctx, sqr_result);
661 bi_free(ctx, mlt_result);
662 }
663
664 printf("All BIGINT tests passed\n");
665 res = 0;
666
667 end:
668 return res;
669 }
670
671 /**************************************************************************
672 * RSA tests
673 *
674 * Use the results from openssl to verify PKCS1 etc
675 **************************************************************************/
RSA_test(void)676 static int RSA_test(void)
677 {
678 int res = 1;
679 const char *plaintext = /* 128 byte hex number */
680 "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
681 "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
682 uint8_t enc_data[128], dec_data[128];
683 RSA_CTX *rsa_ctx = NULL;
684 BI_CTX *bi_ctx;
685 bigint *plaintext_bi;
686 bigint *enc_data_bi, *dec_data_bi;
687 uint8_t enc_data2[128], dec_data2[128];
688 int len;
689 uint8_t *buf;
690
691 RNG_initialize();
692
693 /* extract the private key elements */
694 len = get_file("../ssl/test/axTLS.key_1024", &buf);
695 if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
696 {
697 goto end;
698 }
699
700 free(buf);
701 bi_ctx = rsa_ctx->bi_ctx;
702 plaintext_bi = bi_import(bi_ctx,
703 (const uint8_t *)plaintext, strlen(plaintext));
704
705 /* basic rsa encrypt */
706 enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
707 bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
708
709 /* basic rsa decrypt */
710 dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
711 bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
712
713 if (memcmp(dec_data, plaintext, strlen(plaintext)))
714 {
715 printf("Error: DECRYPT #1 failed\n");
716 goto end;
717 }
718
719 if (RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0) < 0)
720 {
721 printf("Error: ENCRYPT #2 failed\n");
722 goto end;
723 }
724
725 RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
726 if (memcmp("abc", dec_data2, 3))
727 {
728 printf("Error: DECRYPT #2 failed\n");
729 goto end;
730 }
731
732 RSA_free(rsa_ctx);
733 res = 0;
734 printf("All RSA tests passed\n");
735
736 end:
737 RNG_terminate();
738 return res;
739 }
740
741 /**************************************************************************
742 * Cert Testing
743 *
744 **************************************************************************/
cert_tests(void)745 static int cert_tests(void)
746 {
747 int res = -1, len;
748 X509_CTX *x509_ctx;
749 SSL_CTX *ssl_ctx;
750 uint8_t *buf;
751
752 /* check a bunch of 3rd party certificates */
753 ssl_ctx = ssl_ctx_new(0, 0);
754 len = get_file("../ssl/test/microsoft.x509_ca", &buf);
755 if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
756 {
757 printf("Cert #1\n");
758 ssl_display_error(res);
759 goto bad_cert;
760 }
761
762 ssl_ctx_free(ssl_ctx);
763 free(buf);
764
765 ssl_ctx = ssl_ctx_new(0, 0);
766 len = get_file("../ssl/test/thawte.x509_ca", &buf);
767 if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
768 {
769 printf("Cert #2\n");
770 ssl_display_error(res);
771 goto bad_cert;
772 }
773
774 ssl_ctx_free(ssl_ctx);
775 free(buf);
776
777 ssl_ctx = ssl_ctx_new(0, 0);
778 len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
779 if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
780 {
781 printf("Cert #3\n");
782 ssl_display_error(res);
783 goto bad_cert;
784 }
785
786 ssl_ctx_free(ssl_ctx);
787 free(buf);
788
789 ssl_ctx = ssl_ctx_new(0, 0);
790 len = get_file("../ssl/test/equifax.x509_ca", &buf);
791 if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
792 {
793 printf("Cert #4\n");
794 ssl_display_error(res);
795 goto bad_cert;
796 }
797
798 ssl_ctx_free(ssl_ctx);
799 free(buf);
800
801 ssl_ctx = ssl_ctx_new(0, 0);
802 len = get_file("../ssl/test/gnutls.cer", &buf);
803 if ((res = add_cert(ssl_ctx, buf, len)) < 0)
804 {
805 printf("Cert #5\n");
806 ssl_display_error(res);
807 goto bad_cert;
808 }
809
810 ssl_ctx_free(ssl_ctx);
811 free(buf);
812
813 ssl_ctx = ssl_ctx_new(0, 0);
814 len = get_file("../ssl/test/socgen.cer", &buf);
815 if ((res = add_cert(ssl_ctx, buf, len)) < 0)
816 {
817 printf("Cert #6\n");
818 ssl_display_error(res);
819 goto bad_cert;
820 }
821
822 ssl_ctx_free(ssl_ctx);
823 free(buf);
824
825 ssl_ctx = ssl_ctx_new(0, 0);
826 if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT,
827 "../ssl/test/camster_duckdns_org.crt", NULL)) != SSL_OK)
828 {
829 printf("Cert #7\n");
830 ssl_display_error(res);
831 goto bad_cert;
832 }
833
834 ssl_ctx_free(ssl_ctx);
835
836 ssl_ctx = ssl_ctx_new(0, 0);
837 if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT,
838 "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
839 {
840 printf("Cert #8\n");
841 ssl_display_error(res);
842 goto bad_cert;
843 }
844
845 ssl_ctx_free(ssl_ctx);
846
847 ssl_ctx = ssl_ctx_new(0, 0);
848 if ((res = ssl_obj_load(ssl_ctx,
849 SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
850 {
851 printf("Cert #9\n");
852 ssl_display_error(res);
853 goto bad_cert;
854 }
855
856 ssl_ctx_free(ssl_ctx);
857
858 if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
859 x509_new(buf, &len, &x509_ctx))
860 {
861 printf("Cert #10\n");
862 res = -1;
863 goto bad_cert;
864 }
865
866 if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
867 {
868 printf("Cert #11\n");
869 res = -1;
870 goto bad_cert;
871 }
872 x509_free(x509_ctx);
873 free(buf);
874
875 // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
876 ssl_ctx = ssl_ctx_new(0, 0);
877 if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
878 "../ssl/test/ca-bundle.crt", NULL))
879 {
880 goto bad_cert;
881 }
882
883 ssl_ctx_free(ssl_ctx);
884 res = 0; /* all ok */
885 printf("All Certificate tests passed\n");
886
887 bad_cert:
888 if (res)
889 printf("Error: A certificate test failed\n");
890
891 return res;
892 }
893
894 /**
895 * init a server socket.
896 */
server_socket_init(int * port)897 static int server_socket_init(int *port)
898 {
899 struct sockaddr_in serv_addr;
900 int server_fd;
901 char yes = 1;
902
903 /* Create socket for incoming connections */
904 if (AX_INVALID_SOCKET_P(server_fd = socket(AF_INET, SOCK_STREAM, 0)))
905 {
906 return AX_INVALID_SOCKET;
907 }
908
909 setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
910
911 go_again:
912 /* Construct local address structure */
913 memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */
914 serv_addr.sin_family = AF_INET; /* Internet address family */
915 serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
916 serv_addr.sin_port = htons(*port); /* Local port */
917
918 /* Bind to the local address */
919 if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
920 {
921 (*port)++;
922 goto go_again;
923 }
924 /* Mark the socket so it will listen for incoming connections */
925 if (listen(server_fd, 3000) < 0)
926 {
927 return AX_INVALID_SOCKET;
928 }
929
930 return server_fd;
931 }
932
933 /**
934 * init a client socket.
935 */
client_socket_init(uint16_t port)936 static int client_socket_init(uint16_t port)
937 {
938 struct sockaddr_in address;
939 int client_fd = AX_INVALID_SOCKET;
940 int i;
941
942 /* <SK> In case if the server process might not be ready, we retry
943 connecting after some nap. */
944 for (i=0; i<3; i++) {
945 address.sin_family = AF_INET;
946 address.sin_port = htons(port);
947 address.sin_addr.s_addr = inet_addr("127.0.0.1");
948 client_fd = socket(AF_INET, SOCK_STREAM, 0);
949 if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) == 0) break;
950 perror("socket");
951 SOCKET_CLOSE(client_fd);
952 client_fd = AX_INVALID_SOCKET;
953 sleep(2);
954 }
955 /* </SK> */
956 return client_fd;
957 }
958
959 /**************************************************************************
960 * SSL Server Testing
961 *
962 **************************************************************************/
963 typedef struct
964 {
965 /* not used as yet */
966 int dummy;
967 } SVR_CTX;
968
969 typedef struct
970 {
971 const char *testname;
972 const char *openssl_option;
973 } client_t;
974
do_client(ax_thread_param ptr)975 static ax_thread_status do_client(ax_thread_param ptr)
976 {
977 client_t *clnt = ptr;
978 char openssl_buf[2048];
979 usleep(200000); /* allow server to start */
980
981 /* show the session ids in the reconnect test */
982 if (strcmp(clnt->testname, "Session Reuse") == 0)
983 {
984 sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
985 "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
986 g_port, clnt->openssl_option);
987 }
988 else if (strstr(clnt->testname, "GNUTLS") == NULL)
989 {
990 sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
991 #ifdef WIN32
992 "-connect localhost:%d -quiet %s",
993 #else
994 "-connect localhost:%d -quiet %s > /dev/null 2>&1",
995 #endif
996 g_port, clnt->openssl_option);
997 }
998 else /* gnutls */
999 {
1000 sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
1001 #ifdef WIN32
1002 "-p %d %s localhost",
1003 #else
1004 "-p %d %s localhost > /dev/null 2>&1",
1005 #endif
1006 g_port, clnt->openssl_option);
1007 }
1008
1009 //printf("CLIENT %s\n", openssl_buf);
1010 SYSTEM(openssl_buf);
1011
1012 return AX_THREAD_RETURN;
1013 }
1014
SSL_server_test(const char * testname,const char * openssl_option,const char * device_cert,const char * product_cert,const char * private_key,const char * ca_cert,const char * password,int axtls_option)1015 static int SSL_server_test(
1016 const char *testname,
1017 const char *openssl_option,
1018 const char *device_cert,
1019 const char *product_cert,
1020 const char *private_key,
1021 const char *ca_cert,
1022 const char *password,
1023 int axtls_option)
1024 {
1025 int server_fd, ret = 0;
1026 SSL_CTX *ssl_ctx = NULL;
1027 struct sockaddr_in client_addr;
1028 uint8_t *read_buf;
1029 socklen_t clnt_len = sizeof(client_addr);
1030 client_t client_data;
1031 #ifndef WIN32
1032 pthread_t thread;
1033 #endif
1034 g_port++;
1035
1036 client_data.testname = testname;
1037 client_data.openssl_option = openssl_option;
1038
1039 if (AX_INVALID_SOCKET_P(server_fd = server_socket_init(&g_port)))
1040 goto error;
1041
1042 if (private_key)
1043 {
1044 axtls_option |= SSL_NO_DEFAULT_KEY;
1045 }
1046
1047 if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
1048 {
1049 ret = SSL_ERROR_INVALID_KEY;
1050 goto error;
1051 }
1052
1053 if (private_key)
1054 {
1055 int obj_type = SSL_OBJ_RSA_KEY;
1056
1057 if (strstr(private_key, ".p8"))
1058 obj_type = SSL_OBJ_PKCS8;
1059 else if (strstr(private_key, ".p12"))
1060 obj_type = SSL_OBJ_PKCS12;
1061
1062 if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
1063 {
1064 ret = SSL_ERROR_INVALID_KEY;
1065 goto error;
1066 }
1067 }
1068
1069 if (device_cert) /* test chaining */
1070 {
1071 if ((ret = ssl_obj_load(ssl_ctx,
1072 SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
1073 goto error;
1074 }
1075
1076 if (product_cert) /* test chaining */
1077 {
1078 if ((ret = ssl_obj_load(ssl_ctx,
1079 SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
1080 goto error;
1081 }
1082
1083 if (ca_cert) /* test adding certificate authorities */
1084 {
1085 if ((ret = ssl_obj_load(ssl_ctx,
1086 SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
1087 goto error;
1088 }
1089
1090 #ifndef WIN32
1091 pthread_create(&thread, NULL, do_client, &client_data);
1092 pthread_detach(thread);
1093 #else
1094 CreateThread(NULL, 1024, do_client, &client_data, 0, NULL);
1095 #endif
1096
1097 for (;;)
1098 {
1099 int client_fd, size = 0;
1100 SSL *ssl;
1101
1102 /* Wait for a client to connect */
1103 if (AX_INVALID_SOCKET_P(client_fd = accept(server_fd, (struct sockaddr *)&client_addr, &clnt_len)))
1104 {
1105 ret = SSL_ERROR_SOCK_SETUP_FAILURE;
1106 goto error;
1107 }
1108
1109 /* we are ready to go */
1110 ssl = ssl_server_new(ssl_ctx, client_fd);
1111 while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
1112 SOCKET_CLOSE(client_fd);
1113
1114 if (size == SSL_CLOSE_NOTIFY)
1115 {
1116 /* do nothing */
1117 }
1118 else if (size < SSL_OK) /* got some alert or something nasty */
1119 {
1120 ret = size;
1121
1122 if (ret == SSL_ERROR_CONN_LOST)
1123 continue;
1124
1125 break; /* we've got a problem */
1126 }
1127 else /* looks more promising */
1128 {
1129 if (strstr("hello client", (char *)read_buf) == NULL)
1130 {
1131 printf("SSL server test \"%s\" passed\n", testname);
1132 TTY_FLUSH();
1133 ret = 0;
1134 break;
1135 }
1136 }
1137
1138 ssl_free(ssl);
1139 }
1140
1141 SOCKET_CLOSE(server_fd);
1142
1143 error:
1144 ssl_ctx_free(ssl_ctx);
1145 return ret;
1146 }
1147
SSL_server_tests(void)1148 int SSL_server_tests(void)
1149 {
1150 int ret = -1;
1151 struct stat stat_buf;
1152 SVR_CTX svr_test_ctx;
1153 memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
1154
1155 printf("### starting server tests\n"); TTY_FLUSH();
1156
1157 /* Go through the algorithms */
1158
1159 /*
1160 * TLS client hello
1161 */
1162
1163 /*
1164 * AES128-SHA TLS1.2
1165 */
1166 if ((ret = SSL_server_test("AES128-SHA TLS1.2",
1167 "-cipher AES128-SHA -tls1_2",
1168 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1169 DEFAULT_SVR_OPTION)))
1170 goto cleanup;
1171
1172 /*
1173 * AES256-SHA TLS1.2
1174 */
1175 if ((ret = SSL_server_test("AES256-SHA TLS1.2",
1176 "-cipher AES256-SHA -tls1_2",
1177 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1178 DEFAULT_SVR_OPTION)))
1179 goto cleanup;
1180
1181 /*
1182 * AES128-SHA256 TLS1.2
1183 */
1184 if ((ret = SSL_server_test("AES128-SHA256 TLS1.2",
1185 "-cipher AES128-SHA256 -tls1_2",
1186 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1187 DEFAULT_SVR_OPTION)))
1188 goto cleanup;
1189
1190
1191 /*
1192 * AES256-SHA256 TLS1.2
1193 */
1194 if ((ret = SSL_server_test("AES256-SHA256 TLS1.2",
1195 "-cipher AES256-SHA256 -tls1_2",
1196 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1197 DEFAULT_SVR_OPTION)))
1198 goto cleanup;
1199
1200 /*
1201 * AES128-SHA TLS1.1
1202 */
1203 if ((ret = SSL_server_test("AES128-SHA TLS1.1",
1204 "-cipher AES128-SHA -tls1_1",
1205 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1206 DEFAULT_SVR_OPTION)))
1207 goto cleanup;
1208
1209 /*
1210 * AES128-SHA TLS1.0
1211 */
1212 if ((ret = SSL_server_test("AES128-SHA TLS1.0",
1213 "-cipher AES128-SHA -tls1",
1214 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1215 DEFAULT_SVR_OPTION)))
1216 goto cleanup;
1217
1218 /*
1219 * Session Reuse
1220 * all the session id's should match for session resumption.
1221 */
1222 if ((ret = SSL_server_test("Session Reuse",
1223 "-cipher AES128-SHA -reconnect -tls1_2",
1224 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
1225 DEFAULT_SVR_OPTION)))
1226 goto cleanup;
1227
1228 /*
1229 * 1024 bit RSA key (check certificate chaining)
1230 */
1231 if ((ret = SSL_server_test("1024 bit key",
1232 "-cipher AES128-SHA -tls1_2",
1233 "../ssl/test/axTLS.x509_1024.cer", NULL,
1234 "../ssl/test/axTLS.key_1024",
1235 NULL, NULL, DEFAULT_SVR_OPTION)))
1236 goto cleanup;
1237
1238 /*
1239 * 2048 bit RSA key
1240 */
1241 if ((ret = SSL_server_test("2048 bit key",
1242 "-cipher AES128-SHA -tls1_2",
1243 "../ssl/test/axTLS.x509_2048.cer", NULL,
1244 "../ssl/test/axTLS.key_2048",
1245 NULL, NULL, DEFAULT_SVR_OPTION)))
1246 goto cleanup;
1247
1248 /*
1249 * 4096 bit RSA key
1250 */
1251 if ((ret = SSL_server_test("4096 bit key",
1252 "-cipher AES128-SHA -tls1_2",
1253 "../ssl/test/axTLS.x509_4096.cer", NULL,
1254 "../ssl/test/axTLS.key_4096",
1255 NULL, NULL, DEFAULT_SVR_OPTION)))
1256 goto cleanup;
1257
1258 /*
1259 * RSA1024/SHA256
1260 */
1261 if ((ret = SSL_server_test("RSA1024/SHA256",
1262 "-tls1_2",
1263 "../ssl/test/axTLS.x509_1024_sha256.pem" , NULL,
1264 "../ssl/test/axTLS.key_1024",
1265 NULL, NULL, DEFAULT_SVR_OPTION)))
1266 goto cleanup;
1267
1268 /*
1269 * RSA1024/SHA384
1270 */
1271 if ((ret = SSL_server_test("RSA1024/SHA384",
1272 "-tls1_2",
1273 "../ssl/test/axTLS.x509_1024_sha384.pem" , NULL,
1274 "../ssl/test/axTLS.key_1024",
1275 NULL, NULL, DEFAULT_SVR_OPTION)))
1276 goto cleanup;
1277
1278 /*
1279 * RSA1024/SHA512
1280 */
1281 if ((ret = SSL_server_test("RSA1024/SHA512",
1282 "-tls1_2",
1283 "../ssl/test/axTLS.x509_1024_sha512.pem" , NULL,
1284 "../ssl/test/axTLS.key_1024",
1285 NULL, NULL, DEFAULT_SVR_OPTION)))
1286 goto cleanup;
1287
1288 /*
1289 * Client Verification
1290 */
1291 if ((ret = SSL_server_test("Client Verification TLS1.2",
1292 "-cipher AES128-SHA -tls1_2 "
1293 "-cert ../ssl/test/axTLS.x509_2048.pem "
1294 "-key ../ssl/test/axTLS.key_2048.pem ",
1295 NULL,
1296 "../ssl/test/axTLS.x509_1024.pem",
1297 "../ssl/test/axTLS.key_1024.pem",
1298 "../ssl/test/axTLS.ca_x509.cer", NULL,
1299 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
1300 goto cleanup;
1301
1302 if ((ret = SSL_server_test("Client Verification TLS1.1",
1303 "-cipher AES128-SHA -tls1_1 "
1304 "-cert ../ssl/test/axTLS.x509_2048.pem "
1305 "-key ../ssl/test/axTLS.key_2048.pem ",
1306 NULL,
1307 "../ssl/test/axTLS.x509_1024.pem",
1308 "../ssl/test/axTLS.key_1024.pem",
1309 "../ssl/test/axTLS.ca_x509.cer", NULL,
1310 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
1311 goto cleanup;
1312
1313 /* this test should fail */
1314 if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
1315 {
1316 if ((ret = SSL_server_test("Error: Bad Before Cert",
1317 "-cipher AES128-SHA -tls1_2 "
1318 "-cert ../ssl/test/axTLS.x509_bad_before.pem "
1319 "-key ../ssl/test/axTLS.key_1024.pem ",
1320 NULL,
1321 "../ssl/test/axTLS.x509_1024.pem",
1322 "../ssl/test/axTLS.key_1024.pem",
1323 "../ssl/test/axTLS.ca_x509.cer", NULL,
1324 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1325 SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
1326 goto cleanup;
1327
1328 printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
1329 TTY_FLUSH();
1330 }
1331
1332 /* this test should fail */
1333 if ((ret = SSL_server_test("Error: Bad After Cert",
1334 "-cipher AES128-SHA -tls1_2 "
1335 "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1336 "-key ../ssl/test/axTLS.key_1024.pem ",
1337 NULL,
1338 "../ssl/test/axTLS.x509_1024.pem",
1339 "../ssl/test/axTLS.key_1024.pem",
1340 "../ssl/test/axTLS.ca_x509.cer", NULL,
1341 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1342 SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
1343 goto cleanup;
1344
1345 printf("SSL server test \"%s\" passed\n", "Bad After Cert");
1346 TTY_FLUSH();
1347
1348 /*
1349 * No trusted cert
1350 */
1351 if ((ret = SSL_server_test("Error: No trusted certificate",
1352 "-cipher AES128-SHA -tls1_2 "
1353 "-cert ../ssl/test/axTLS.x509_1024.pem "
1354 "-key ../ssl/test/axTLS.key_1024.pem ",
1355 NULL,
1356 "../ssl/test/axTLS.x509_1024.pem",
1357 "../ssl/test/axTLS.key_1024.pem",
1358 NULL, NULL,
1359 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1360 SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
1361 goto cleanup;
1362
1363 printf("SSL server test \"%s\" passed\n", "No trusted certificate");
1364 TTY_FLUSH();
1365
1366 /*
1367 * Self-signed (from the server)
1368 */
1369 if ((ret = SSL_server_test("Error: Self-signed certificate (from server)",
1370 "-cipher AES128-SHA -tls1_2 "
1371 "-cert ../ssl/test/axTLS.x509_1024.pem "
1372 "-key ../ssl/test/axTLS.key_1024.pem "
1373 "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
1374 NULL,
1375 "../ssl/test/axTLS.x509_1024.pem",
1376 "../ssl/test/axTLS.key_1024.pem",
1377 NULL, NULL,
1378 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
1379 SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
1380 goto cleanup;
1381
1382 printf("SSL server test \"%s\" passed\n",
1383 "Self-signed certificate (from server)");
1384 TTY_FLUSH();
1385
1386 /*
1387 * Self-signed (from the client)
1388 */
1389 if ((ret = SSL_server_test("Self-signed certificate (from client)",
1390 "-cipher AES128-SHA -tls1_2 "
1391 "-cert ../ssl/test/axTLS.x509_1024.pem "
1392 "-key ../ssl/test/axTLS.key_1024.pem ",
1393 NULL,
1394 "../ssl/test/axTLS.x509_1024.pem",
1395 "../ssl/test/axTLS.key_1024.pem",
1396 "../ssl/test/axTLS.ca_x509.cer",
1397 NULL,
1398 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
1399 goto cleanup;
1400
1401 /*
1402 * Key in PEM format
1403 */
1404 if ((ret = SSL_server_test("Key in PEM format",
1405 "-cipher AES128-SHA -tls1_2",
1406 "../ssl/test/axTLS.x509_1024.cer", NULL,
1407 "../ssl/test/axTLS.key_1024.pem", NULL,
1408 NULL, DEFAULT_SVR_OPTION)))
1409 goto cleanup;
1410
1411 /*
1412 * Cert in PEM format
1413 */
1414 if ((ret = SSL_server_test("Cert in PEM format",
1415 "-cipher AES128-SHA -tls1_2",
1416 "../ssl/test/axTLS.x509_1024.pem", NULL,
1417 "../ssl/test/axTLS.key_1024.pem", NULL,
1418 NULL, DEFAULT_SVR_OPTION)))
1419 goto cleanup;
1420
1421 /*
1422 * Cert chain in PEM format
1423 */
1424 if ((ret = SSL_server_test("Cert chain in PEM format",
1425 "-cipher AES128-SHA -tls1_2",
1426 "../ssl/test/axTLS.x509_device.pem",
1427 NULL, "../ssl/test/axTLS.key_device.pem",
1428 "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
1429 goto cleanup;
1430
1431 /*
1432 * AES128 Encrypted key
1433 */
1434 if ((ret = SSL_server_test("AES128 encrypted key",
1435 "-cipher AES128-SHA -tls1_2",
1436 "../ssl/test/axTLS.x509_aes128.pem", NULL,
1437 "../ssl/test/axTLS.key_aes128.pem",
1438 NULL, "abcd", DEFAULT_SVR_OPTION)))
1439 goto cleanup;
1440
1441 /*
1442 * AES256 Encrypted key
1443 */
1444 if ((ret = SSL_server_test("AES256 encrypted key",
1445 "-cipher AES128-SHA -tls1_2",
1446 "../ssl/test/axTLS.x509_aes256.pem", NULL,
1447 "../ssl/test/axTLS.key_aes256.pem",
1448 NULL, "abcd", DEFAULT_SVR_OPTION)))
1449 goto cleanup;
1450
1451 /*
1452 * AES128 Encrypted invalid key
1453 */
1454 if ((ret = SSL_server_test("AES128 encrypted invalid key",
1455 "-cipher AES128-SHA -tls1_2",
1456 "../ssl/test/axTLS.x509_aes128.pem", NULL,
1457 "../ssl/test/axTLS.key_aes128.pem",
1458 NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
1459 goto cleanup;
1460
1461 printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
1462 TTY_FLUSH();
1463
1464 /*
1465 * PKCS#8 key (encrypted)
1466 */
1467 if ((ret = SSL_server_test("pkcs#8 encrypted",
1468 "-cipher AES128-SHA -tls1_2",
1469 DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8",
1470 NULL, "abcd", DEFAULT_SVR_OPTION)))
1471 goto cleanup;
1472
1473 /*
1474 * PKCS#8 key (unencrypted DER format)
1475 */
1476 if ((ret = SSL_server_test("pkcs#8 DER unencrypted",
1477 "-cipher AES128-SHA -tls1_2",
1478 DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8",
1479 NULL, NULL, DEFAULT_SVR_OPTION)))
1480 goto cleanup;
1481
1482 /*
1483 * PKCS#8 key (unencrypted PEM format)
1484 */
1485 if ((ret = SSL_server_test("pkcs#8 PEM unencrypted",
1486 "-cipher AES128-SHA -tls1_2",
1487 DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8",
1488 NULL, NULL, DEFAULT_SVR_OPTION)))
1489 goto cleanup;
1490
1491 /*
1492 * PKCS#12 key/certificate
1493 */
1494 if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher AES128-SHA",
1495 NULL, NULL, "../ssl/test/axTLS.withCA.p12",
1496 NULL, "abcd", DEFAULT_SVR_OPTION)))
1497 goto cleanup;
1498
1499 if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher AES128-SHA",
1500 DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12",
1501 NULL, "abcd", DEFAULT_SVR_OPTION)))
1502 goto cleanup;
1503
1504 #if 0
1505 /*
1506 * GNUTLS
1507 */
1508 if ((ret = SSL_server_test("GNUTLS client",
1509 "",
1510 "../ssl/test/axTLS.x509_1024.cer", NULL,
1511 "../ssl/test/axTLS.key_1024",
1512 NULL, NULL, DEFAULT_SVR_OPTION)))
1513 goto cleanup;
1514
1515 if ((ret = SSL_server_test("GNUTLS client with verify",
1516 "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
1517 "--x509keyfile ../ssl/test/axTLS.key_1024.pem",
1518 "../ssl/test/axTLS.x509_1024.cer", NULL,
1519 "../ssl/test/axTLS.key_1024",
1520 "../ssl/test/axTLS.ca_x509.cer", NULL,
1521 DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
1522 goto cleanup;
1523 #endif
1524 ret = 0;
1525
1526 cleanup:
1527 if (ret)
1528 {
1529 printf("Error: A server test failed\n");
1530 ssl_display_error(ret);
1531 exit(1);
1532 }
1533 else
1534 {
1535 printf("All server tests passed\n"); TTY_FLUSH();
1536 }
1537
1538 return ret;
1539 }
1540
1541 /**************************************************************************
1542 * SSL Client Testing
1543 *
1544 **************************************************************************/
1545 typedef struct
1546 {
1547 uint8_t session_id[SSL_SESSION_ID_SIZE];
1548 #ifndef WIN32
1549 pthread_t server_thread;
1550 #endif
1551 int start_server;
1552 int stop_server;
1553 int do_reneg;
1554 } CLNT_SESSION_RESUME_CTX;
1555
1556 typedef struct
1557 {
1558 const char *testname;
1559 const char *openssl_option;
1560 int do_gnutls;
1561 } server_t;
1562
do_server(ax_thread_param ptr)1563 static ax_thread_status do_server(ax_thread_param ptr)
1564 {
1565 server_t *svr = ptr;
1566 char openssl_buf[2048];
1567 #ifndef WIN32
1568 pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
1569 #endif
1570 if (svr->do_gnutls)
1571 {
1572 sprintf(openssl_buf, "gnutls-serv "
1573 "-p %d --quiet %s ", g_port, svr->openssl_option);
1574 }
1575 else
1576 {
1577 sprintf(openssl_buf, "openssl s_server "
1578 #ifdef WIN32
1579 "-accept %d -quiet %s",
1580 #else
1581 "-accept %d -quiet %s > /dev/null",
1582 #endif
1583 g_port, svr->openssl_option);
1584 }
1585 //printf("SERVER %s\n", openssl_buf);
1586 SYSTEM(openssl_buf);
1587
1588 return AX_THREAD_RETURN;
1589 }
1590
SSL_client_test(const char * test,SSL_CTX ** ssl_ctx,const char * openssl_option,CLNT_SESSION_RESUME_CTX * sess_resume,uint32_t client_options,const char * private_key,const char * password,const char * cert)1591 static int SSL_client_test(
1592 const char *test,
1593 SSL_CTX **ssl_ctx,
1594 const char *openssl_option,
1595 CLNT_SESSION_RESUME_CTX *sess_resume,
1596 uint32_t client_options,
1597 const char *private_key,
1598 const char *password,
1599 const char *cert)
1600 {
1601 server_t server_data;
1602 SSL *ssl = NULL;
1603 int client_fd = AX_INVALID_SOCKET;
1604 uint8_t *session_id = NULL;
1605 int ret = 1;
1606 #ifndef WIN32
1607 pthread_t thread;
1608 #endif
1609
1610 server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
1611
1612 if (sess_resume == NULL || sess_resume->start_server)
1613 {
1614 g_port++;
1615 server_data.openssl_option = openssl_option;
1616
1617 #ifndef WIN32
1618 pthread_create(&thread, NULL, do_server, &server_data);
1619 pthread_detach(thread);
1620 #else
1621 CreateThread(NULL, 1024, do_server, &server_data, 0, NULL);
1622 #endif
1623 }
1624
1625 usleep(200000); /* allow server to start */
1626
1627 if (*ssl_ctx == NULL)
1628 {
1629 if (private_key)
1630 {
1631 client_options |= SSL_NO_DEFAULT_KEY;
1632 }
1633
1634 if ((*ssl_ctx = ssl_ctx_new(
1635 client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
1636 {
1637 ret = SSL_ERROR_INVALID_KEY;
1638 goto client_test_exit;
1639 }
1640
1641 if (private_key)
1642 {
1643 int obj_type = SSL_OBJ_RSA_KEY;
1644
1645 if (strstr(private_key, ".p8"))
1646 obj_type = SSL_OBJ_PKCS8;
1647 else if (strstr(private_key, ".p12"))
1648 obj_type = SSL_OBJ_PKCS12;
1649
1650 if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
1651 {
1652 ret = SSL_ERROR_INVALID_KEY;
1653 goto client_test_exit;
1654 }
1655 }
1656
1657 if (cert)
1658 {
1659 if ((ret = ssl_obj_load(*ssl_ctx,
1660 SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
1661 {
1662 printf("could not add cert %s (%d)\n", cert, ret);
1663 TTY_FLUSH();
1664 goto client_test_exit;
1665 }
1666 }
1667
1668 if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT,
1669 "../ssl/test/axTLS.ca_x509.cer", NULL))
1670 {
1671 printf("could not add cert auth\n"); TTY_FLUSH();
1672 goto client_test_exit;
1673 }
1674 }
1675
1676 if (sess_resume && !sess_resume->start_server)
1677 {
1678 session_id = sess_resume->session_id;
1679 }
1680
1681 if (AX_INVALID_SOCKET_P(client_fd = client_socket_init(g_port)))
1682 {
1683 printf("could not start socket on %d\n", g_port); TTY_FLUSH();
1684 goto client_test_exit;
1685 }
1686
1687 ssl = ssl_client_new(*ssl_ctx, client_fd,
1688 session_id, sizeof(session_id), NULL);
1689
1690 /* check the return status */
1691 if ((ret = ssl_handshake_status(ssl)))
1692 goto client_test_exit;
1693
1694 /* renegotiate client */
1695 if (sess_resume && sess_resume->do_reneg)
1696 {
1697 if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION)
1698 ret = 0;
1699 else
1700 ret = -SSL_ALERT_NO_RENEGOTIATION;
1701
1702 goto client_test_exit;
1703 }
1704
1705 if (sess_resume)
1706 {
1707 memcpy(sess_resume->session_id,
1708 ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
1709 }
1710
1711 if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) &&
1712 (ret = ssl_verify_cert(ssl)))
1713 {
1714 goto client_test_exit;
1715 }
1716
1717 ssl_write(ssl, (uint8_t *)"hello world\n", 13);
1718 if (sess_resume)
1719 {
1720 const uint8_t *sess_id = ssl_get_session_id(ssl);
1721 int i;
1722
1723 printf(" Session-ID: ");
1724 for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
1725 {
1726 printf("%02X", sess_id[i]);
1727 }
1728 printf("\n");
1729 TTY_FLUSH();
1730 }
1731
1732 ret = 0;
1733
1734 client_test_exit:
1735 ssl_free(ssl);
1736 SOCKET_CLOSE(client_fd);
1737 usleep(200000); /* allow openssl to say something */
1738
1739 if (sess_resume)
1740 {
1741 if (sess_resume->stop_server)
1742 {
1743 ssl_ctx_free(*ssl_ctx);
1744 *ssl_ctx = NULL;
1745 }
1746 else if (sess_resume->start_server)
1747 {
1748 #ifndef WIN32
1749 sess_resume->server_thread = thread;
1750 #endif
1751 }
1752 }
1753 else
1754 {
1755 ssl_ctx_free(*ssl_ctx);
1756 *ssl_ctx = NULL;
1757 }
1758
1759 if (ret == 0)
1760 {
1761 printf("SSL client test \"%s\" passed\n", test);
1762 TTY_FLUSH();
1763 }
1764
1765 return ret;
1766 }
1767
SSL_client_tests(void)1768 int SSL_client_tests(void)
1769 {
1770 int ret = -1;
1771 SSL_CTX *ssl_ctx = NULL;
1772 CLNT_SESSION_RESUME_CTX sess_resume;
1773 memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
1774
1775 sess_resume.start_server = 1;
1776 printf("### starting client tests\n");
1777
1778 if ((ret = SSL_client_test("1024 bit key",
1779 &ssl_ctx,
1780 "-cert ../ssl/test/axTLS.x509_1024.pem "
1781 "-key ../ssl/test/axTLS.key_1024.pem",
1782 &sess_resume,
1783 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1784 goto cleanup;
1785
1786 /* all the session id's should match for session resumption */
1787 sess_resume.start_server = 0;
1788 if ((ret = SSL_client_test("Client session resumption #1",
1789 &ssl_ctx, NULL, &sess_resume,
1790 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1791 goto cleanup;
1792
1793 // no client renegotiation
1794 sess_resume.do_reneg = 1;
1795 // test relies on openssl killing the call
1796 if ((ret = SSL_client_test("Client renegotiation",
1797 &ssl_ctx, NULL, &sess_resume,
1798 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1799 /*[SK] This test seems to fail depending on openssl version,
1800 so we make the test merely records the result and keep going. */
1801 printf("Client renegotiation: ret=%d\n", ret);
1802 sess_resume.do_reneg = 0;
1803
1804 sess_resume.stop_server = 1;
1805 if ((ret = SSL_client_test("Client session resumption #2",
1806 &ssl_ctx, NULL, &sess_resume,
1807 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1808 goto cleanup;
1809
1810 if ((ret = SSL_client_test("1024 bit key",
1811 &ssl_ctx,
1812 "-cert ../ssl/test/axTLS.x509_1024.pem "
1813 "-key ../ssl/test/axTLS.key_1024.pem", NULL,
1814 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1815 goto cleanup;
1816
1817 if ((ret = SSL_client_test("2048 bit key",
1818 &ssl_ctx,
1819 "-cert ../ssl/test/axTLS.x509_2048.pem "
1820 "-key ../ssl/test/axTLS.key_2048.pem", NULL,
1821 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1822 goto cleanup;
1823
1824 if ((ret = SSL_client_test("4096 bit key",
1825 &ssl_ctx,
1826 "-cert ../ssl/test/axTLS.x509_4096.pem "
1827 "-key ../ssl/test/axTLS.key_4096.pem", NULL,
1828 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1829 goto cleanup;
1830
1831 if ((ret = SSL_client_test("TLS 1.1",
1832 &ssl_ctx,
1833 "-cert ../ssl/test/axTLS.x509_1024.pem "
1834 "-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
1835 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1836 goto cleanup;
1837
1838 if ((ret = SSL_client_test("TLS 1.0",
1839 &ssl_ctx,
1840 "-cert ../ssl/test/axTLS.x509_1024.pem "
1841 "-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
1842 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1843 goto cleanup;
1844
1845 if ((ret = SSL_client_test("Basic Constraint - len OK",
1846 &ssl_ctx,
1847 "-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
1848 "../ssl/test/axTLS.key_end_chain.pem -CAfile "
1849 "../ssl/test/axTLS.x509_intermediate_ca.pem",
1850 NULL,
1851 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1852 goto cleanup;
1853
1854 if ((ret = SSL_client_test("Basic Constraint - len NOT OK",
1855 &ssl_ctx,
1856 "-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
1857 "../ssl/test/axTLS.key_end_chain.pem -CAfile "
1858 "../ssl/test/axTLS.x509_intermediate_ca2.pem",
1859 NULL,
1860 DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
1861 != SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
1862 {
1863 printf("*** Error: %d\n", ret);
1864 if (ret == 0)
1865 ret = SSL_NOT_OK;
1866
1867 goto cleanup;
1868 }
1869
1870 printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
1871
1872 if ((ret = SSL_client_test("Server cert chaining",
1873 &ssl_ctx,
1874 "-cert ../ssl/test/axTLS.x509_device.pem "
1875 "-key ../ssl/test/axTLS.key_device.pem "
1876 "-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
1877 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
1878 goto cleanup;
1879
1880 /* Check the server can verify the client */
1881 if ((ret = SSL_client_test("Client peer authentication",
1882 &ssl_ctx,
1883 "-cert ../ssl/test/axTLS.x509_2048.pem "
1884 "-key ../ssl/test/axTLS.key_2048.pem "
1885 "-CAfile ../ssl/test/axTLS.ca_x509.pem "
1886 "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
1887 "../ssl/test/axTLS.key_1024", NULL,
1888 "../ssl/test/axTLS.x509_1024.cer")))
1889 goto cleanup;
1890
1891 /* Check the server can verify the client */
1892 if ((ret = SSL_client_test("Client peer authentication TLS1.1",
1893 &ssl_ctx,
1894 "-cert ../ssl/test/axTLS.x509_2048.pem "
1895 "-key ../ssl/test/axTLS.key_2048.pem "
1896 "-CAfile ../ssl/test/axTLS.ca_x509.pem "
1897 "-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION,
1898 "../ssl/test/axTLS.key_1024", NULL,
1899 "../ssl/test/axTLS.x509_1024.cer")))
1900 goto cleanup;
1901
1902 /* Should get an "ERROR" from openssl (as the handshake fails as soon as
1903 * the certificate verification fails) */
1904 if ((ret = SSL_client_test("Error: Expired cert (verify now)",
1905 &ssl_ctx,
1906 "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1907 "-key ../ssl/test/axTLS.key_1024.pem", NULL,
1908 DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
1909 SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
1910 {
1911 printf("*** Error: %d\n", ret);
1912 goto cleanup;
1913 }
1914
1915 printf("SSL client test \"Expired cert (verify now)\" passed\n");
1916
1917 /* There is no "ERROR" from openssl */
1918 if ((ret = SSL_client_test("Error: Expired cert (verify later)",
1919 &ssl_ctx,
1920 "-cert ../ssl/test/axTLS.x509_bad_after.pem "
1921 "-key ../ssl/test/axTLS.key_1024.pem", NULL,
1922 DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL,
1923 NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
1924 {
1925 printf("*** Error: %d\n", ret); TTY_FLUSH();
1926 goto cleanup;
1927 }
1928
1929 printf("SSL client test \"Expired cert (verify later)\" passed\n");
1930
1931 /* invalid cert type */
1932 /*if ((ret = SSL_client_test("Error: Invalid certificate type",
1933 &ssl_ctx,
1934 "-cert ../ssl/test/axTLS.x509_2048.pem "
1935 "-key ../ssl/test/axTLS.key_2048.pem "
1936 "-CAfile ../ssl/test/axTLS.ca_x509.pem "
1937 "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
1938 "../ssl/test/axTLS.key_1024.pem", NULL,
1939 "../ssl/test/axTLS.x509_1024.pem"))
1940 != SSL_ERROR_INVALID_KEY)
1941 {
1942 if (ret == 0)
1943 ret = SSL_NOT_OK;
1944
1945 printf("*** Error: %d\n", ret); TTY_FLUSH();
1946 goto cleanup;
1947 }
1948
1949 printf("SSL client test \"Invalid certificate type\" passed\n"); */
1950
1951 #if 0
1952 if ((ret = SSL_client_test("GNUTLS client",
1953 &ssl_ctx,
1954 "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
1955 "--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
1956 DEFAULT_CLNT_OPTION,
1957 "../ssl/test/axTLS.key_1024.pem", NULL,
1958 "../ssl/test/axTLS.x509_1024.pem")))
1959 goto cleanup;
1960
1961 ret = 0;
1962
1963 if ((ret = SSL_client_test("GNUTLS client with verify",
1964 &ssl_ctx,
1965 "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
1966 "--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
1967 DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER,
1968 "../ssl/test/axTLS.key_1024.pem", NULL,
1969 "../ssl/test/axTLS.x509_1024.pem")))
1970 goto cleanup;
1971 #endif
1972 ret = 0;
1973
1974 cleanup:
1975 if (ret)
1976 {
1977 ssl_display_error(ret);
1978 printf("Error: A client test failed\n");
1979 SYSTEM("sh ../ssl/test/killopenssl.sh");
1980 SYSTEM("sh ../ssl/test/killgnutls.sh");
1981 exit(1);
1982 }
1983 else
1984 {
1985 printf("All client tests passed\n"); TTY_FLUSH();
1986 }
1987
1988 ssl_ctx_free(ssl_ctx);
1989 return ret;
1990 }
1991
1992 /**************************************************************************
1993 * SSL Basic Testing (test a big packet handshake)
1994 *
1995 **************************************************************************/
1996 static uint8_t basic_buf[256*1024];
1997
do_basic(void)1998 static void do_basic(void)
1999 {
2000 int client_fd;
2001 SSL *ssl_clnt;
2002 SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
2003 DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
2004 usleep(200000); /* allow server to start */
2005
2006 if (AX_INVALID_SOCKET_P(client_fd = client_socket_init(g_port)))
2007 goto error;
2008
2009 if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
2010 "../ssl/test/axTLS.ca_x509.cer", NULL))
2011 goto error;
2012
2013 ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
2014
2015 /* check the return status */
2016 if (ssl_handshake_status(ssl_clnt) < 0)
2017 {
2018 ssl_display_error(ssl_handshake_status(ssl_clnt));
2019 goto error;
2020 }
2021
2022 ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
2023 ssl_free(ssl_clnt);
2024
2025 error:
2026 ssl_ctx_free(ssl_clnt_ctx);
2027 SOCKET_CLOSE(client_fd);
2028
2029 /* exit this thread */
2030 }
2031
SSL_basic_test(void)2032 static int SSL_basic_test(void)
2033 {
2034 int server_fd, client_fd, ret = 0, size = 0, offset = 0;
2035 SSL_CTX *ssl_svr_ctx = NULL;
2036 struct sockaddr_in client_addr;
2037 uint8_t *read_buf;
2038 socklen_t clnt_len = sizeof(client_addr);
2039 SSL *ssl_svr;
2040 #ifndef WIN32
2041 pthread_t thread;
2042 #endif
2043 memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
2044 memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
2045
2046 if (AX_INVALID_SOCKET_P(server_fd = server_socket_init(&g_port)))
2047 goto error;
2048
2049 ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
2050 if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
2051 "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
2052 goto error;
2053
2054 if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
2055 "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
2056 goto error;
2057 #ifndef WIN32
2058 pthread_create(&thread, NULL,
2059 (void *(*)(void *))do_basic, NULL);
2060 pthread_detach(thread);
2061 #else
2062 CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
2063 #endif
2064
2065 /* Wait for a client to connect */
2066 if (AX_INVALID_SOCKET_P(client_fd = accept(server_fd, (struct sockaddr *) &client_addr, &clnt_len)))
2067 {
2068 ret = SSL_ERROR_SOCK_SETUP_FAILURE;
2069 goto error;
2070 }
2071
2072 /* we are ready to go */
2073 ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
2074
2075 do
2076 {
2077 while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
2078
2079 if (size < SSL_OK) /* got some alert or something nasty */
2080 {
2081 ssl_display_error(size);
2082 ret = size;
2083 break;
2084 }
2085 else /* looks more promising */
2086 {
2087 if (memcmp(read_buf, &basic_buf[offset], size) != 0)
2088 {
2089 ret = SSL_NOT_OK;
2090 break;
2091 }
2092 }
2093
2094 offset += size;
2095 } while ((size_t)offset < sizeof(basic_buf));
2096
2097 printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
2098 "SSL basic test passed\n" :
2099 "SSL basic test failed\n");
2100 TTY_FLUSH();
2101
2102 ssl_free(ssl_svr);
2103 SOCKET_CLOSE(server_fd);
2104 SOCKET_CLOSE(client_fd);
2105
2106 error:
2107 ssl_ctx_free(ssl_svr_ctx);
2108 return ret;
2109 }
2110
2111 /**************************************************************************
2112 * SSL unblocked case
2113 *
2114 **************************************************************************/
do_unblocked(void)2115 static void do_unblocked(void)
2116 {
2117 int client_fd;
2118 SSL *ssl_clnt;
2119 SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
2120 DEFAULT_CLNT_OPTION,
2121 SSL_DEFAULT_CLNT_SESS |
2122 SSL_CONNECT_IN_PARTS);
2123 usleep(200000); /* allow server to start */
2124
2125 if (AX_INVALID_SOCKET_P(client_fd = client_socket_init(g_port)))
2126 goto error;
2127
2128 {
2129 #ifdef WIN32
2130 u_long argp = 1;
2131 ioctlsocket(client_fd, FIONBIO, &argp);
2132 #else
2133 int flags = fcntl(client_fd, F_GETFL, NULL);
2134 fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
2135 #endif
2136 }
2137
2138 if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
2139 "../ssl/test/axTLS.ca_x509.cer", NULL))
2140 goto error;
2141
2142 ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
2143
2144 while (ssl_handshake_status(ssl_clnt) != SSL_OK)
2145 {
2146 if (ssl_read(ssl_clnt, NULL) < 0)
2147 {
2148 ssl_display_error(ssl_handshake_status(ssl_clnt));
2149 goto error;
2150 }
2151 }
2152
2153 ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
2154 ssl_free(ssl_clnt);
2155
2156 error:
2157 ssl_ctx_free(ssl_clnt_ctx);
2158 SOCKET_CLOSE(client_fd);
2159
2160 /* exit this thread */
2161 }
2162
SSL_unblocked_test(void)2163 static int SSL_unblocked_test(void)
2164 {
2165 int server_fd, client_fd, ret = 0, size = 0, offset = 0;
2166 SSL_CTX *ssl_svr_ctx = NULL;
2167 struct sockaddr_in client_addr;
2168 uint8_t *read_buf;
2169 socklen_t clnt_len = sizeof(client_addr);
2170 SSL *ssl_svr;
2171 #ifndef WIN32
2172 pthread_t thread;
2173 #endif
2174 memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
2175 memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
2176
2177 if (AX_INVALID_SOCKET_P(server_fd = server_socket_init(&g_port)))
2178 goto error;
2179
2180 ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
2181 if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
2182 "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
2183 goto error;
2184
2185 if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
2186 "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
2187 goto error;
2188
2189 #ifndef WIN32
2190 pthread_create(&thread, NULL,
2191 (void *(*)(void *))do_unblocked, NULL);
2192 pthread_detach(thread);
2193 #else
2194 CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked,
2195 NULL, 0, NULL);
2196 #endif
2197
2198 /* Wait for a client to connect */
2199 if (AX_INVALID_SOCKET_P(client_fd = accept(server_fd, (struct sockaddr *) &client_addr, &clnt_len)))
2200 {
2201 ret = SSL_ERROR_SOCK_SETUP_FAILURE;
2202 goto error;
2203 }
2204
2205 /* we are ready to go */
2206 ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
2207
2208 do
2209 {
2210 while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
2211
2212 if (size < SSL_OK) /* got some alert or something nasty */
2213 {
2214 ssl_display_error(size);
2215 ret = size;
2216 break;
2217 }
2218 else /* looks more promising */
2219 {
2220 if (memcmp(read_buf, &basic_buf[offset], size) != 0)
2221 {
2222 ret = SSL_NOT_OK;
2223 break;
2224 }
2225 }
2226
2227 offset += size;
2228 } while ((size_t)offset < sizeof(basic_buf));
2229
2230 printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
2231 "SSL unblocked test passed\n" :
2232 "SSL unblocked test failed\n");
2233 TTY_FLUSH();
2234
2235 ssl_free(ssl_svr);
2236 SOCKET_CLOSE(server_fd);
2237 SOCKET_CLOSE(client_fd);
2238
2239 error:
2240 ssl_ctx_free(ssl_svr_ctx);
2241 return ret;
2242 }
2243
2244 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
2245 /**************************************************************************
2246 * Multi-Threading Tests
2247 *
2248 **************************************************************************/
2249 #define NUM_THREADS 100
2250
2251 typedef struct
2252 {
2253 SSL_CTX *ssl_clnt_ctx;
2254 int port;
2255 int thread_id;
2256 } multi_t;
2257
do_multi_clnt(multi_t * multi_data)2258 void do_multi_clnt(multi_t *multi_data)
2259 {
2260 int res = 1, client_fd, i;
2261 SSL *ssl = NULL;
2262 char tmp[5];
2263
2264 if (AX_INVALID_SOCKET_P(client_fd = client_socket_init(multi_data->port)))
2265 goto client_test_exit;
2266
2267 usleep(200000);
2268 ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);
2269
2270 if ((res = ssl_handshake_status(ssl)))
2271 {
2272 printf("Client ");
2273 ssl_display_error(res);
2274 goto client_test_exit;
2275 }
2276
2277 sprintf(tmp, "%d\n", multi_data->thread_id);
2278 for (i = 0; i < 10; i++)
2279 ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
2280
2281 client_test_exit:
2282 ssl_free(ssl);
2283 SOCKET_CLOSE(client_fd);
2284 free(multi_data);
2285 }
2286
do_multi_svr(SSL * ssl)2287 void do_multi_svr(SSL *ssl)
2288 {
2289 uint8_t *read_buf;
2290 int *res_ptr = malloc(sizeof(int));
2291 int res;
2292
2293 for (;;)
2294 {
2295 res = ssl_read(ssl, &read_buf);
2296
2297 /* kill the client */
2298 if (res != SSL_OK)
2299 {
2300 if (res == SSL_ERROR_CONN_LOST)
2301 {
2302 SOCKET_CLOSE(ssl->client_fd);
2303 ssl_free(ssl);
2304 break;
2305 }
2306 else if (res > 0)
2307 {
2308 /* do nothing */
2309 }
2310 else /* some problem */
2311 {
2312 printf("Server ");
2313 ssl_display_error(res);
2314 goto error;
2315 }
2316 }
2317 }
2318
2319 res = SSL_OK;
2320 error:
2321 *res_ptr = res;
2322 pthread_exit(res_ptr);
2323 }
2324
multi_thread_test(void)2325 int multi_thread_test(void)
2326 {
2327 int server_fd = AX_INVALID_SOCKET;
2328 SSL_CTX *ssl_server_ctx;
2329 SSL_CTX *ssl_clnt_ctx;
2330 pthread_t clnt_threads[NUM_THREADS];
2331 pthread_t svr_threads[NUM_THREADS];
2332 int i, res = 0;
2333 struct sockaddr_in client_addr;
2334 socklen_t clnt_len = sizeof(client_addr);
2335
2336 printf("Do multi-threading test (takes a minute)\n");
2337
2338 ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
2339 if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT,
2340 "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
2341 goto error;
2342
2343 if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY,
2344 "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
2345 goto error;
2346 ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
2347
2348 if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
2349 "../ssl/test/axTLS.ca_x509.cer", NULL))
2350 goto error;
2351
2352 if (AX_INVALID_SOCKET_P(server_fd = server_socket_init(&g_port)))
2353 goto error;
2354
2355 for (i = 0; i < NUM_THREADS; i++)
2356 {
2357 multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
2358 multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
2359 multi_data->port = g_port;
2360 multi_data->thread_id = i+1;
2361 pthread_create(&clnt_threads[i], NULL,
2362 (void *(*)(void *))do_multi_clnt, (void *)multi_data);
2363 pthread_detach(clnt_threads[i]);
2364 }
2365
2366 for (i = 0; i < NUM_THREADS; i++)
2367 {
2368 SSL *ssl_svr;
2369 int client_fd = accept(server_fd,
2370 (struct sockaddr *)&client_addr, &clnt_len);
2371
2372 if (AX_INVALID_SOCKET_P(client_fd))
2373 goto error;
2374
2375 ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
2376
2377 pthread_create(&svr_threads[i], NULL,
2378 (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
2379 }
2380
2381 /* make sure we've run all of the threads */
2382 for (i = 0; i < NUM_THREADS; i++)
2383 {
2384 void *thread_res;
2385 pthread_join(svr_threads[i], &thread_res);
2386
2387 if (*((int *)thread_res) != 0)
2388 res = 1;
2389
2390 free(thread_res);
2391 }
2392
2393 if (res)
2394 goto error;
2395
2396 printf("Multi-thread test passed (%d)\n", NUM_THREADS);
2397 error:
2398 ssl_ctx_free(ssl_svr_ctx);
2399 ssl_ctx_free(ssl_clnt_ctx);
2400 SOCKET_CLOSE(server_fd);
2401 return res;
2402 }
2403 #endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */
2404
2405 /**************************************************************************
2406 * Header issue
2407 *
2408 **************************************************************************/
2409 //static void do_header_issue(void)
2410 //{
2411 // char axtls_buf[2048];
2412 //#ifndef WIN32
2413 // pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
2414 //#endif
2415 // sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
2416 // SYSTEM(axtls_buf);
2417 //}
2418 //
2419 //static int header_issue(void)
2420 //{
2421 // FILE *f = fopen("../ssl/test/header_issue.dat", "r");
2422 // int server_fd = AX_INVALID_SOCKET, client_fd = AX_INVALID_SOCKET, ret = 1;
2423 // uint8_t buf[2048];
2424 // int size = 0;
2425 // struct sockaddr_in client_addr;
2426 // socklen_t clnt_len = sizeof(client_addr);
2427 //#ifndef WIN32
2428 // pthread_t thread;
2429 //#endif
2430 //
2431 // if (f == NULL || AX_INVALID_SOCKET_P(server_fd = server_socket_init(&g_port)))
2432 // goto error;
2433 //
2434 //#ifndef WIN32
2435 // pthread_create(&thread, NULL,
2436 // (void *(*)(void *))do_header_issue, NULL);
2437 // pthread_detach(thread);
2438 //#else
2439 // CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue,
2440 // NULL, 0, NULL);
2441 //#endif
2442 // if (AX_INVALID_SOCKET_P(client_fd = accept(server_fd, (struct sockaddr *) &client_addr, &clnt_len)))
2443 // {
2444 // ret = SSL_ERROR_SOCK_SETUP_FAILURE;
2445 // goto error;
2446 // }
2447 //
2448 // size = fread(buf, 1, sizeof(buf), f);
2449 // if (SOCKET_WRITE(client_fd, buf, size) < 0)
2450 // {
2451 // ret = SSL_ERROR_SOCK_SETUP_FAILURE;
2452 // goto error;
2453 // }
2454 //
2455 // usleep(200000);
2456 //
2457 // ret = 0;
2458 //error:
2459 // fclose(f);
2460 // SOCKET_CLOSE(client_fd);
2461 // SOCKET_CLOSE(server_fd);
2462 // TTY_FLUSH();
2463 // SYSTEM("killall axssl");
2464 // return ret;
2465 //}
2466
2467 /**************************************************************************
2468 * main()
2469 *
2470 **************************************************************************/
main(int argc,char * argv[])2471 int main(int argc, char *argv[])
2472 {
2473 int ret = 1;
2474 BI_CTX *bi_ctx;
2475 int fd;
2476 /*<SK> NB: String "openssl " will be replaced by the build script, so
2477 avoid ending the variable name with "openssl". */
2478 int have_openssl_p = 0;
2479 /*</SK>*/
2480
2481 #ifdef WIN32
2482 WSADATA wsaData;
2483 WORD wVersionRequested = MAKEWORD(2, 2);
2484 WSAStartup(wVersionRequested, &wsaData);
2485 fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
2486 dup2(fd, 2); /* write stderr to this file */
2487 #else
2488 fd = open("/dev/null", O_WRONLY); /* write stderr to /dev/null */
2489 signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */
2490 dup2(fd, 2);
2491 #endif
2492
2493 /*<SK>*/
2494 if (argc == 2 && strcmp(argv[1], "--exttest") == 0) {
2495 have_openssl_p = 1;
2496 }
2497 /*</SK>*/
2498
2499 /* can't do testing in this mode */
2500 #if defined CONFIG_SSL_GENERATE_X509_CERT
2501 printf("Error: Must compile with default key/certificates\n");
2502 exit(1);
2503 #endif
2504
2505 bi_ctx = bi_initialize();
2506
2507 if (AES_test(bi_ctx))
2508 {
2509 printf("AES tests failed\n");
2510 goto cleanup;
2511 }
2512 TTY_FLUSH();
2513
2514 if (MD5_test(bi_ctx))
2515 {
2516 printf("MD5 tests failed\n");
2517 goto cleanup;
2518 }
2519 TTY_FLUSH();
2520
2521 if (SHA1_test(bi_ctx))
2522 {
2523 printf("SHA1 tests failed\n");
2524 goto cleanup;
2525 }
2526 TTY_FLUSH();
2527
2528 if (SHA256_test(bi_ctx))
2529 {
2530 printf("SHA256 tests failed\n");
2531 goto cleanup;
2532 }
2533 TTY_FLUSH();
2534
2535 if (SHA384_test(bi_ctx))
2536 {
2537 printf("SHA384 tests failed\n");
2538 goto cleanup;
2539 }
2540 TTY_FLUSH();
2541
2542 if (SHA512_test(bi_ctx))
2543 {
2544 printf("SHA512 tests failed\n");
2545 goto cleanup;
2546 }
2547 TTY_FLUSH();
2548
2549 if (HMAC_test(bi_ctx))
2550 {
2551 printf("HMAC tests failed\n");
2552 goto cleanup;
2553 }
2554 TTY_FLUSH();
2555
2556 if (BIGINT_test(bi_ctx))
2557 {
2558 printf("BigInt tests failed!\n");
2559 goto cleanup;
2560 }
2561 TTY_FLUSH();
2562
2563 bi_terminate(bi_ctx);
2564
2565 if (RSA_test())
2566 {
2567 printf("RSA tests failed\n");
2568 goto cleanup;
2569 }
2570 TTY_FLUSH();
2571
2572 if (cert_tests())
2573 {
2574 printf("CERT tests failed\n");
2575 goto cleanup;
2576 }
2577 TTY_FLUSH();
2578
2579 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
2580 if (multi_thread_test())
2581 goto cleanup;
2582 #endif
2583
2584 if (SSL_basic_test())
2585 goto cleanup;
2586
2587 SYSTEM("sh ../ssl/test/killopenssl.sh");
2588
2589 if (SSL_unblocked_test())
2590 goto cleanup;
2591
2592 SYSTEM("sh ../ssl/test/killopenssl.sh");
2593
2594 /*<SK>*/
2595 if (have_openssl_p) {
2596 /*</SK>*/
2597
2598 if (SSL_client_tests())
2599 goto cleanup;
2600
2601 SYSTEM("sh ../ssl/test/killopenssl.sh");
2602 SYSTEM("sh ../ssl/test/killgnutls.sh");
2603
2604 if (SSL_server_tests())
2605 goto cleanup;
2606
2607 SYSTEM("sh ../ssl/test/killopenssl.sh");
2608
2609 /*<SK>*/
2610 } /*have_openssl_p*/
2611 /*</SK>*/
2612
2613 // if (header_issue())
2614 // {
2615 // printf("Header tests failed\n"); TTY_FLUSH();
2616 // goto cleanup;
2617 // }
2618
2619 ret = 0; /* all ok */
2620 printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
2621 cleanup:
2622
2623 if (ret)
2624 printf("Error: Some tests failed!\n");
2625
2626 close(fd);
2627 return ret;
2628 }
2629