openssl/Netware/do_tests.pl
Kurt Roeckx 45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00

593 lines
18 KiB
Perl

# perl script to run OpenSSL tests
my $base_path = "\\openssl";
my $output_path = "$base_path\\test_out";
my $cert_path = "$base_path\\certs";
my $test_path = "$base_path\\test";
my $app_path = "$base_path\\apps";
my $tmp_cert = "$output_path\\cert.tmp";
my $OpenSSL_config = "$app_path\\openssl.cnf";
my $log_file = "$output_path\\tests.log";
my $pause = 0;
# process the command line args to see if they wanted us to pause
# between executing each command
foreach $i (@ARGV)
{
if ($i =~ /^-p$/)
{ $pause=1; }
}
main();
############################################################################
sub main()
{
# delete all the output files in the output directory
unlink <$output_path\\*.*>;
# open the main log file
open(OUT, ">$log_file") || die "unable to open $log_file\n";
print( OUT "========================================================\n");
my $outFile = "$output_path\\version.out";
system("openssl2 version (CLIB_OPT)/>$outFile");
log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
algorithm_tests();
encryption_tests();
evp_tests();
pem_tests();
verify_tests();
ca_tests();
ssl_tests();
close(OUT);
print("\nCompleted running tests.\n\n");
print("Check log file for errors: $log_file\n");
}
############################################################################
sub algorithm_tests
{
my $i;
my $outFile;
my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
ecdsatest, ectest, exptest, casttest, hmactest );
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
foreach $i (@tests)
{
if (-e "$base_path\\$i.nlm")
{
$outFile = "$output_path\\$i.out";
system("$i (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
else
{
log_desc("Test: $i\.nlm: file not found");
}
}
}
############################################################################
sub encryption_tests
{
my $i;
my $outFile;
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
"des-ecb", "des-ede", "des-ede3", "des-cbc",
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
"bf-ofb", "bf-cbc" );
my $input = "$base_path\\do_tests.pl";
my $cipher = "$output_path\\cipher.out";
my $clear = "$output_path\\clear.out";
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
foreach $i (@enc_tests)
{
log_desc("Testing: $i");
# do encryption
$outFile = "$output_path\\enc.out";
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
log_output("Encrypting: $input --> $cipher", $outFile);
# do decryption
$outFile = "$output_path\\dec.out";
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting: $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
# Now do the same encryption but use Base64
# do encryption B64
$outFile = "$output_path\\B64enc.out";
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
# do decryption B64
$outFile = "$output_path\\B64dec.out";
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
# delete the temporary files
unlink($cipher);
unlink($clear);
}
############################################################################
sub pem_tests
{
my $i;
my $tmp_out;
my $outFile = "$output_path\\pem.out";
my %pem_tests = (
"crl" => "testcrl.pem",
"pkcs7" => "testp7.pem",
"req" => "testreq2.pem",
"rsa" => "testrsa.pem",
"x509" => "testx509.pem",
"x509" => "v3-cert1.pem",
"sess_id" => "testsid.pem" );
print( "\nRUNNING PEM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "PEM TESTS:\n\n");
foreach $i (keys(%pem_tests))
{
log_desc( "Testing: $i");
my $input = "$test_path\\$pem_tests{$i}";
$tmp_out = "$output_path\\$pem_tests{$i}";
if ($i ne "req" )
{
system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
}
else
{
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
}
$x = compare_files( $input, $tmp_out);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $tmp_out\n");
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
}
############################################################################
sub verify_tests
{
my $i;
my $outFile = "$output_path\\verify.out";
$cert_path =~ s/\\/\//g;
my @cert_files = <$cert_path/*.pem>;
print( "\nRUNNING VERIFY TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "VERIFY TESTS:\n\n");
make_tmp_cert_file();
foreach $i (@cert_files)
{
system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
log_desc("Verifying cert: $i");
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
}
}
############################################################################
sub ssl_tests
{
my $outFile = "$output_path\\ssl_tst.out";
my($CAcert) = "$output_path\\certCA.ss";
my($Ukey) = "$output_path\\keyU.ss";
my($Ucert) = "$output_path\\certU.ss";
my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
print( "\nRUNNING SSL TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "SSL TESTS:\n\n");
system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3:");
log_output("ssltest -ssl3", $outFile);
system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication:");
log_output("$ssltest -ssl3 -server_auth", $outFile);
system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication:");
log_output("$ssltest -ssl3 -client_auth", $outFile);
system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication:");
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
system("ssltest (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3:");
log_output("ssltest", $outFile);
system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication:");
log_output("$ssltest -server_auth", $outFile);
system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication:");
log_output("$ssltest -client_auth ", $outFile);
system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
log_output("$ssltest -server_auth -client_auth", $outFile);
system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 via BIO pair:");
log_output("ssltest -bio_pair -ssl3", $outFile);
system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 via BIO pair:");
log_output("ssltest -bio_pair", $outFile);
system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth", $outFile);
system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -client_auth", $outFile);
system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
}
############################################################################
sub ca_tests
{
my $outFile = "$output_path\\ca_tst.out";
my($CAkey) = "$output_path\\keyCA.ss";
my($CAcert) = "$output_path\\certCA.ss";
my($CAserial) = "$output_path\\certCA.srl";
my($CAreq) = "$output_path\\reqCA.ss";
my($CAreq2) = "$output_path\\req2CA.ss";
my($CAconf) = "$test_path\\CAss.cnf";
my($Uconf) = "$test_path\\Uss.cnf";
my($Ukey) = "$output_path\\keyU.ss";
my($Ureq) = "$output_path\\reqU.ss";
my($Ucert) = "$output_path\\certU.ss";
print( "\nRUNNING CA TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CA TESTS:\n");
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
log_desc("Make a certificate request using req:");
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
log_desc("Convert the certificate request into a self signed certificate using x509:");
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
log_desc("Convert a certificate into a certificate request using 'x509':");
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
log_desc("Make another certificate request using req:");
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
log_desc("Sign certificate request with the just created CA via x509:");
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
log_desc("Certificate details");
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
print(OUT "--\n");
print(OUT "The generated CA certificate is $CAcert\n");
print(OUT "The generated CA private key is $CAkey\n");
print(OUT "The current CA signing serial number is in $CAserial\n");
print(OUT "The generated user certificate is $Ucert\n");
print(OUT "The generated user private key is $Ukey\n");
print(OUT "--\n");
}
############################################################################
sub evp_tests
{
my $i = 'evp_test';
print( "\nRUNNING EVP TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "EVP TESTS:\n\n");
if (-e "$base_path\\$i.nlm")
{
my $outFile = "$output_path\\$i.out";
system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
else
{
log_desc("Test: $i\.nlm: file not found");
}
}
############################################################################
sub log_output( $ $ )
{
my( $desc, $file ) = @_;
my($error) = 0;
my($key);
my($msg);
if ($desc)
{
print("\r$desc\n");
print(OUT "$desc\n");
}
# loop waiting for test program to complete
while ( stat($file) == 0)
{ print(". "); sleep(1); }
# copy test output to log file
open(IN, "<$file");
while (<IN>)
{
print(OUT $_);
if ( $_ =~ /ERROR/ )
{
$error = 1;
}
}
# close and delete the temporary test output file
close(IN);
unlink($file);
if ( $error == 0 )
{
$msg = "Test Succeeded";
}
else
{
$msg = "Test Failed";
}
print(OUT "$msg\n");
if ($pause)
{
print("$msg - press ENTER to continue...");
$key = getc;
print("\n");
}
# Several of the testing scripts run a loop loading the
# same NLM with different options.
# On slow NetWare machines there appears to be some delay in the
# OS actually unloading the test nlms and the OS complains about.
# the NLM already being loaded. This additional pause is to
# to help provide a little more time for unloading before trying to
# load again.
sleep(1);
}
############################################################################
sub log_desc( $ )
{
my( $desc ) = @_;
print("\n");
print("$desc\n");
print(OUT "\n");
print(OUT "$desc\n");
print(OUT "======================================\n");
}
############################################################################
sub compare_files( $ $ $ )
{
my( $file1, $file2, $binary ) = @_;
my( $n1, $n2, $b1, $b2 );
my($ret) = 1;
open(IN0, $file1) || die "\nunable to open $file1\n";
open(IN1, $file2) || die "\nunable to open $file2\n";
if ($binary)
{
binmode IN0;
binmode IN1;
}
for (;;)
{
$n1 = read(IN0, $b1, 512);
$n2 = read(IN1, $b2, 512);
if ($n1 != $n2) {last;}
if ($b1 != $b2) {last;}
if ($n1 == 0)
{
$ret = 0;
last;
}
}
close(IN0);
close(IN1);
return($ret);
}
############################################################################
sub do_wait()
{
my($key);
if ($pause)
{
print("Press ENTER to continue...");
$key = getc;
print("\n");
}
}
############################################################################
sub make_tmp_cert_file()
{
my @cert_files = <$cert_path/*.pem>;
# delete the file if it already exists
unlink($tmp_cert);
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
print("building temporary cert file\n");
# create a temporary cert file that contains all the certs
foreach $i (@cert_files)
{
open( IN_CERT, $i ) || die "\nunable to open $i\n";
for(;;)
{
$n = sysread(IN_CERT, $data, 1024);
if ($n == 0)
{
close(IN_CERT);
last;
};
syswrite(TMP_CERT, $data, $n);
}
}
close( TMP_CERT );
}