1: # perl script to run OpenSSL tests 2: 3: 4: my $base_path = "\\openssl"; 5: 6: my $output_path = "$base_path\\test_out"; 7: my $cert_path = "$base_path\\certs"; 8: my $test_path = "$base_path\\test"; 9: my $app_path = "$base_path\\apps"; 10: 11: my $tmp_cert = "$output_path\\cert.tmp"; 12: my $OpenSSL_config = "$app_path\\openssl.cnf"; 13: my $log_file = "$output_path\\tests.log"; 14: 15: my $pause = 0; 16: 17: 18: # process the command line args to see if they wanted us to pause 19: # between executing each command 20: foreach $i (@ARGV) 21: { 22: if ($i =~ /^-p$/) 23: { $pause=1; } 24: } 25: 26: 27: 28: main(); 29: 30: 31: ############################################################################ 32: sub main() 33: { 34: # delete all the output files in the output directory 35: unlink <$output_path\\*.*>; 36: 37: # open the main log file 38: open(OUT, ">$log_file") || die "unable to open $log_file\n"; 39: 40: 41: algorithm_tests(); 42: encryption_tests(); 43: pem_tests(); 44: verify_tests(); 45: ca_tests(); 46: ssl_tests(); 47: 48: close(OUT); 49: 50: print("\nCompleted running tests.\n\n"); 51: print("Check log file for errors: $log_file\n"); 52: } 53: 54: ############################################################################ 55: sub algorithm_tests 56: { 57: my $i; 58: my $outFile; 59: my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test, 60: md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest, 61: dhtest, exptest ); 62: 63: print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); 64: 65: print( OUT "\n========================================================\n"); 66: print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); 67: 68: foreach $i (@tests) 69: { 70: if (-e "$base_path\\$i.nlm") 71: { 72: $outFile = "$output_path\\$i.out"; 73: system("$i > $outFile"); 74: log_desc("Test: $i\.nlm:"); 75: log_output("", $outFile ); 76: } 77: else 78: { 79: log_desc("Test: $i\.nlm: file not found"); 80: } 81: } 82: } 83: 84: ############################################################################ 85: sub encryption_tests 86: { 87: my $i; 88: my $outFile; 89: my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", 90: "des-ofb", "des-ede-ofb", "des-ede3-ofb", 91: "des-ecb", "des-ede", "des-ede3", "des-cbc", 92: "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", 93: "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", 94: "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", 95: "bf-ofb", "bf-cbc" ); 96: 97: my $input = "$base_path\\do_tests.pl"; 98: my $cipher = "$output_path\\cipher.out"; 99: my $clear = "$output_path\\clear.out"; 100: 101: print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); 102: 103: print( OUT "\n========================================================\n"); 104: print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); 105: 106: foreach $i (@enc_tests) 107: { 108: log_desc("Testing: $i"); 109: 110: # do encryption 111: $outFile = "$output_path\\enc.out"; 112: system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" ); 113: log_output("Encrypting: $input --> $cipher", $outFile); 114: 115: # do decryption 116: $outFile = "$output_path\\dec.out"; 117: system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); 118: log_output("Decrypting: $cipher --> $clear", $outFile); 119: 120: # compare files 121: $x = compare_files( $input, $clear, 1); 122: if ( $x == 0 ) 123: { 124: print( "SUCCESS - files match: $input, $clear\n"); 125: print( OUT "SUCCESS - files match: $input, $clear\n"); 126: } 127: else 128: { 129: print( "ERROR: files don't match\n"); 130: print( OUT "ERROR: files don't match\n"); 131: } 132: 133: do_wait(); 134: 135: # Now do the same encryption but use Base64 136: 137: # do encryption B64 138: $outFile = "$output_path\\B64enc.out"; 139: system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile"); 140: log_output("Encrypting(B64): $cipher --> $clear", $outFile); 141: 142: # do decryption B64 143: $outFile = "$output_path\\B64dec.out"; 144: system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); 145: log_output("Decrypting(B64): $cipher --> $clear", $outFile); 146: 147: # compare files 148: $x = compare_files( $input, $clear, 1); 149: if ( $x == 0 ) 150: { 151: print( "SUCCESS - files match: $input, $clear\n"); 152: print( OUT "SUCCESS - files match: $input, $clear\n"); 153: } 154: else 155: { 156: print( "ERROR: files don't match\n"); 157: print( OUT "ERROR: files don't match\n"); 158: } 159: 160: do_wait(); 161: 162: } # end foreach 163: 164: # delete the temporary files 165: unlink($cipher); 166: unlink($clear); 167: } 168: 169: 170: ############################################################################ 171: sub pem_tests 172: { 173: my $i; 174: my $tmp_out; 175: my $outFile = "$output_path\\pem.out"; 176: 177: my %pem_tests = ( 178: "crl" => "testcrl.pem", 179: "pkcs7" => "testp7.pem", 180: "req" => "testreq2.pem", 181: "rsa" => "testrsa.pem", 182: "x509" => "testx509.pem", 183: "x509" => "v3-cert1.pem", 184: "sess_id" => "testsid.pem" ); 185: 186: 187: print( "\nRUNNING PEM TESTS:\n\n"); 188: 189: print( OUT "\n========================================================\n"); 190: print( OUT "PEM TESTS:\n\n"); 191: 192: foreach $i (keys(%pem_tests)) 193: { 194: log_desc( "Testing: $i"); 195: 196: my $input = "$test_path\\$pem_tests{$i}"; 197: 198: $tmp_out = "$output_path\\$pem_tests{$i}"; 199: 200: if ($i ne "req" ) 201: { 202: system("openssl2 $i -in $input -out $tmp_out > $outFile"); 203: log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); 204: } 205: else 206: { 207: system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile"); 208: log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); 209: } 210: 211: $x = compare_files( $input, $tmp_out); 212: if ( $x == 0 ) 213: { 214: print( "SUCCESS - files match: $input, $tmp_out\n"); 215: print( OUT "SUCCESS - files match: $input, $tmp_out\n"); 216: } 217: else 218: { 219: print( "ERROR: files don't match\n"); 220: print( OUT "ERROR: files don't match\n"); 221: } 222: do_wait(); 223: 224: } # end foreach 225: } 226: 227: 228: ############################################################################ 229: sub verify_tests 230: { 231: my $i; 232: my $outFile = "$output_path\\verify.out"; 233: 234: my @cert_files = <$cert_path\\*.pem>; 235: 236: print( "\nRUNNING VERIFY TESTS:\n\n"); 237: 238: print( OUT "\n========================================================\n"); 239: print( OUT "VERIFY TESTS:\n\n"); 240: 241: make_tmp_cert_file(); 242: 243: foreach $i (@cert_files) 244: { 245: system("openssl2 verify -CAfile $tmp_cert $i >$outFile"); 246: log_desc("Verifying cert: $i"); 247: log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); 248: } 249: } 250: 251: 252: ############################################################################ 253: sub ssl_tests 254: { 255: my $outFile = "$output_path\\ssl_tst.out"; 256: my($CAcert) = "$output_path\\certCA.ss"; 257: my($Ukey) = "$output_path\\keyU.ss"; 258: my($Ucert) = "$output_path\\certU.ss"; 259: my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert"; 260: 261: print( "\nRUNNING SSL TESTS:\n\n"); 262: 263: print( OUT "\n========================================================\n"); 264: print( OUT "SSL TESTS:\n\n"); 265: 266: system("ssltest -ssl2 >$outFile"); 267: log_desc("Testing sslv2:"); 268: log_output("ssltest -ssl2", $outFile); 269: 270: system("$ssltest -ssl2 -server_auth >$outFile"); 271: log_desc("Testing sslv2 with server authentication:"); 272: log_output("$ssltest -ssl2 -server_auth", $outFile); 273: 274: system("$ssltest -ssl2 -client_auth >$outFile"); 275: log_desc("Testing sslv2 with client authentication:"); 276: log_output("$ssltest -ssl2 -client_auth", $outFile); 277: 278: system("$ssltest -ssl2 -server_auth -client_auth >$outFile"); 279: log_desc("Testing sslv2 with both client and server authentication:"); 280: log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile); 281: 282: system("ssltest -ssl3 >$outFile"); 283: log_desc("Testing sslv3:"); 284: log_output("ssltest -ssl3", $outFile); 285: 286: system("$ssltest -ssl3 -server_auth >$outFile"); 287: log_desc("Testing sslv3 with server authentication:"); 288: log_output("$ssltest -ssl3 -server_auth", $outFile); 289: 290: system("$ssltest -ssl3 -client_auth >$outFile"); 291: log_desc("Testing sslv3 with client authentication:"); 292: log_output("$ssltest -ssl3 -client_auth", $outFile); 293: 294: system("$ssltest -ssl3 -server_auth -client_auth >$outFile"); 295: log_desc("Testing sslv3 with both client and server authentication:"); 296: log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile); 297: 298: system("ssltest >$outFile"); 299: log_desc("Testing sslv2/sslv3:"); 300: log_output("ssltest", $outFile); 301: 302: system("$ssltest -server_auth >$outFile"); 303: log_desc("Testing sslv2/sslv3 with server authentication:"); 304: log_output("$ssltest -server_auth", $outFile); 305: 306: system("$ssltest -client_auth >$outFile"); 307: log_desc("Testing sslv2/sslv3 with client authentication:"); 308: log_output("$ssltest -client_auth ", $outFile); 309: 310: system("$ssltest -server_auth -client_auth >$outFile"); 311: log_desc("Testing sslv2/sslv3 with both client and server authentication:"); 312: log_output("$ssltest -server_auth -client_auth", $outFile); 313: 314: system("ssltest -bio_pair -ssl2 >$outFile"); 315: log_desc("Testing sslv2 via BIO pair:"); 316: log_output("ssltest -bio_pair -ssl2", $outFile); 317: 318: system("ssltest -bio_pair -dhe1024dsa -v >$outFile"); 319: log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); 320: log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); 321: 322: system("$ssltest -bio_pair -ssl2 -server_auth >$outFile"); 323: log_desc("Testing sslv2 with server authentication via BIO pair:"); 324: log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile); 325: 326: system("$ssltest -bio_pair -ssl2 -client_auth >$outFile"); 327: log_desc("Testing sslv2 with client authentication via BIO pair:"); 328: log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile); 329: 330: system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile"); 331: log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); 332: log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile); 333: 334: system("ssltest -bio_pair -ssl3 >$outFile"); 335: log_desc("Testing sslv3 via BIO pair:"); 336: log_output("ssltest -bio_pair -ssl3", $outFile); 337: 338: system("$ssltest -bio_pair -ssl3 -server_auth >$outFile"); 339: log_desc("Testing sslv3 with server authentication via BIO pair:"); 340: log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile); 341: 342: system("$ssltest -bio_pair -ssl3 -client_auth >$outFile"); 343: log_desc("Testing sslv3 with client authentication via BIO pair:"); 344: log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile); 345: 346: system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile"); 347: log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); 348: log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile); 349: 350: system("ssltest -bio_pair >$outFile"); 351: log_desc("Testing sslv2/sslv3 via BIO pair:"); 352: log_output("ssltest -bio_pair", $outFile); 353: 354: system("$ssltest -bio_pair -server_auth >$outFile"); 355: log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); 356: log_output("$ssltest -bio_pair -server_auth", $outFile); 357: 358: system("$ssltest -bio_pair -client_auth >$outFile"); 359: log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); 360: log_output("$ssltest -bio_pair -client_auth", $outFile); 361: 362: system("$ssltest -bio_pair -server_auth -client_auth >$outFile"); 363: log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); 364: log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile); 365: } 366: 367: 368: ############################################################################ 369: sub ca_tests 370: { 371: my $outFile = "$output_path\\ca_tst.out"; 372: 373: my($CAkey) = "$output_path\\keyCA.ss"; 374: my($CAcert) = "$output_path\\certCA.ss"; 375: my($CAserial) = "$output_path\\certCA.srl"; 376: my($CAreq) = "$output_path\\reqCA.ss"; 377: my($CAreq2) = "$output_path\\req2CA.ss"; 378: 379: my($CAconf) = "$test_path\\CAss.cnf"; 380: 381: my($Uconf) = "$test_path\\Uss.cnf"; 382: 383: my($Ukey) = "$output_path\\keyU.ss"; 384: my($Ureq) = "$output_path\\reqU.ss"; 385: my($Ucert) = "$output_path\\certU.ss"; 386: 387: print( "\nRUNNING CA TESTS:\n\n"); 388: 389: print( OUT "\n========================================================\n"); 390: print( OUT "CA TESTS:\n"); 391: 392: system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile"); 393: log_desc("Make a certificate request using req:"); 394: log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); 395: 396: system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile"); 397: log_desc("Convert the certificate request into a self signed certificate using x509:"); 398: log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); 399: 400: system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile"); 401: log_desc("Convert a certificate into a certificate request using 'x509':"); 402: log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); 403: 404: system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile"); 405: log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); 406: 407: system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile"); 408: log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); 409: 410: system("openssl2 verify -CAfile $CAcert $CAcert >$outFile"); 411: log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); 412: 413: system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile"); 414: log_desc("Make another certificate request using req:"); 415: log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); 416: 417: system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile"); 418: log_desc("Sign certificate request with the just created CA via x509:"); 419: log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); 420: 421: system("openssl2 verify -CAfile $CAcert $Ucert >$outFile"); 422: log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); 423: 424: system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile"); 425: log_desc("Certificate details"); 426: log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); 427: 428: print(OUT "-- \n"); 429: print(OUT "The generated CA certificate is $CAcert\n"); 430: print(OUT "The generated CA private key is $CAkey\n"); 431: print(OUT "The current CA signing serial number is in $CAserial\n"); 432: 433: print(OUT "The generated user certificate is $Ucert\n"); 434: print(OUT "The generated user private key is $Ukey\n"); 435: print(OUT "--\n"); 436: } 437: 438: ############################################################################ 439: sub log_output( $ $ ) 440: { 441: my( $desc, $file ) = @_; 442: my($error) = 0; 443: my($key); 444: my($msg); 445: 446: if ($desc) 447: { 448: print("$desc\n"); 449: print(OUT "$desc\n"); 450: } 451: 452: # loop waiting for test program to complete 453: while ( stat($file) == 0) 454: { print(". "); sleep(1); } 455: 456: 457: # copy test output to log file 458: open(IN, "<$file"); 459: while (<IN>) 460: { 461: print(OUT $_); 462: if ( $_ =~ /ERROR/ ) 463: { 464: $error = 1; 465: } 466: } 467: # close and delete the temporary test output file 468: close(IN); 469: unlink($file); 470: 471: if ( $error == 0 ) 472: { 473: $msg = "Test Succeeded"; 474: } 475: else 476: { 477: $msg = "Test Failed"; 478: } 479: 480: print(OUT "$msg\n"); 481: 482: if ($pause) 483: { 484: print("$msg - press ENTER to continue..."); 485: $key = getc; 486: print("\n"); 487: } 488: 489: # Several of the testing scripts run a loop loading the 490: # same NLM with different options. 491: # On slow NetWare machines there appears to be some delay in the 492: # OS actually unloading the test nlms and the OS complains about. 493: # the NLM already being loaded. This additional pause is to 494: # to help provide a little more time for unloading before trying to 495: # load again. 496: sleep(1); 497: } 498: 499: 500: ############################################################################ 501: sub log_desc( $ ) 502: { 503: my( $desc ) = @_; 504: 505: print("\n"); 506: print("$desc\n"); 507: 508: print(OUT "\n"); 509: print(OUT "$desc\n"); 510: print(OUT "======================================\n"); 511: } 512: 513: ############################################################################ 514: sub compare_files( $ $ $ ) 515: { 516: my( $file1, $file2, $binary ) = @_; 517: my( $n1, $n2, $b1, $b2 ); 518: my($ret) = 1; 519: 520: open(IN0, $file1) || die "\nunable to open $file1\n"; 521: open(IN1, $file2) || die "\nunable to open $file2\n"; 522: 523: if ($binary) 524: { 525: binmode IN0; 526: binmode IN1; 527: } 528: 529: for (;;) 530: { 531: $n1 = read(IN0, $b1, 512); 532: $n2 = read(IN1, $b2, 512); 533: 534: if ($n1 != $n2) {last;} 535: if ($b1 != $b2) {last;} 536: 537: if ($n1 == 0) 538: { 539: $ret = 0; 540: last; 541: } 542: } 543: close(IN0); 544: close(IN1); 545: return($ret); 546: } 547: 548: ############################################################################ 549: sub do_wait() 550: { 551: my($key); 552: 553: if ($pause) 554: { 555: print("Press ENTER to continue..."); 556: $key = getc; 557: print("\n"); 558: } 559: } 560: 561: 562: ############################################################################ 563: sub make_tmp_cert_file() 564: { 565: my @cert_files = <$cert_path\\*.pem>; 566: 567: # delete the file if it already exists 568: unlink($tmp_cert); 569: 570: open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; 571: 572: print("building temporary cert file\n"); 573: 574: # create a temporary cert file that contains all the certs 575: foreach $i (@cert_files) 576: { 577: open( IN_CERT, $i ) || die "\nunable to open $i\n"; 578: 579: for(;;) 580: { 581: $n = sysread(IN_CERT, $data, 1024); 582: 583: if ($n == 0) 584: { 585: close(IN_CERT); 586: last; 587: }; 588: 589: syswrite(TMP_CERT, $data, $n); 590: } 591: } 592: 593: close( TMP_CERT ); 594: }