mirror of
https://github.com/openssl/openssl.git
synced 2024-12-11 11:04:03 +08:00
45f55f6a5b
The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
593 lines
18 KiB
Perl
593 lines
18 KiB
Perl
# perl script to run OpenSSL tests
|
|
|
|
|
|
my $base_path = "\\openssl";
|
|
|
|
my $output_path = "$base_path\\test_out";
|
|
my $cert_path = "$base_path\\certs";
|
|
my $test_path = "$base_path\\test";
|
|
my $app_path = "$base_path\\apps";
|
|
|
|
my $tmp_cert = "$output_path\\cert.tmp";
|
|
my $OpenSSL_config = "$app_path\\openssl.cnf";
|
|
my $log_file = "$output_path\\tests.log";
|
|
|
|
my $pause = 0;
|
|
|
|
|
|
# process the command line args to see if they wanted us to pause
|
|
# between executing each command
|
|
foreach $i (@ARGV)
|
|
{
|
|
if ($i =~ /^-p$/)
|
|
{ $pause=1; }
|
|
}
|
|
|
|
|
|
|
|
main();
|
|
|
|
|
|
############################################################################
|
|
sub main()
|
|
{
|
|
# delete all the output files in the output directory
|
|
unlink <$output_path\\*.*>;
|
|
|
|
# open the main log file
|
|
open(OUT, ">$log_file") || die "unable to open $log_file\n";
|
|
|
|
print( OUT "========================================================\n");
|
|
my $outFile = "$output_path\\version.out";
|
|
system("openssl2 version (CLIB_OPT)/>$outFile");
|
|
log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
|
|
|
|
algorithm_tests();
|
|
encryption_tests();
|
|
evp_tests();
|
|
pem_tests();
|
|
verify_tests();
|
|
ca_tests();
|
|
ssl_tests();
|
|
|
|
close(OUT);
|
|
|
|
print("\nCompleted running tests.\n\n");
|
|
print("Check log file for errors: $log_file\n");
|
|
}
|
|
|
|
############################################################################
|
|
sub algorithm_tests
|
|
{
|
|
my $i;
|
|
my $outFile;
|
|
my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
|
|
sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
|
|
rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
|
|
ecdsatest, ectest, exptest, casttest, hmactest );
|
|
|
|
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
|
|
|
|
foreach $i (@tests)
|
|
{
|
|
if (-e "$base_path\\$i.nlm")
|
|
{
|
|
$outFile = "$output_path\\$i.out";
|
|
system("$i (CLIB_OPT)/>$outFile");
|
|
log_desc("Test: $i\.nlm:");
|
|
log_output("", $outFile );
|
|
}
|
|
else
|
|
{
|
|
log_desc("Test: $i\.nlm: file not found");
|
|
}
|
|
}
|
|
}
|
|
|
|
############################################################################
|
|
sub encryption_tests
|
|
{
|
|
my $i;
|
|
my $outFile;
|
|
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
|
|
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
|
|
"des-ecb", "des-ede", "des-ede3", "des-cbc",
|
|
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
|
|
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
|
|
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
|
|
"bf-ofb", "bf-cbc" );
|
|
|
|
my $input = "$base_path\\do_tests.pl";
|
|
my $cipher = "$output_path\\cipher.out";
|
|
my $clear = "$output_path\\clear.out";
|
|
|
|
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
|
|
|
|
foreach $i (@enc_tests)
|
|
{
|
|
log_desc("Testing: $i");
|
|
|
|
# do encryption
|
|
$outFile = "$output_path\\enc.out";
|
|
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
|
|
log_output("Encrypting: $input --> $cipher", $outFile);
|
|
|
|
# do decryption
|
|
$outFile = "$output_path\\dec.out";
|
|
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
|
|
log_output("Decrypting: $cipher --> $clear", $outFile);
|
|
|
|
# compare files
|
|
$x = compare_files( $input, $clear, 1);
|
|
if ( $x == 0 )
|
|
{
|
|
print( "\rSUCCESS - files match: $input, $clear\n");
|
|
print( OUT "SUCCESS - files match: $input, $clear\n");
|
|
}
|
|
else
|
|
{
|
|
print( "\rERROR: files don't match\n");
|
|
print( OUT "ERROR: files don't match\n");
|
|
}
|
|
|
|
do_wait();
|
|
|
|
# Now do the same encryption but use Base64
|
|
|
|
# do encryption B64
|
|
$outFile = "$output_path\\B64enc.out";
|
|
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
|
|
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
|
|
|
|
# do decryption B64
|
|
$outFile = "$output_path\\B64dec.out";
|
|
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
|
|
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
|
|
|
|
# compare files
|
|
$x = compare_files( $input, $clear, 1);
|
|
if ( $x == 0 )
|
|
{
|
|
print( "\rSUCCESS - files match: $input, $clear\n");
|
|
print( OUT "SUCCESS - files match: $input, $clear\n");
|
|
}
|
|
else
|
|
{
|
|
print( "\rERROR: files don't match\n");
|
|
print( OUT "ERROR: files don't match\n");
|
|
}
|
|
|
|
do_wait();
|
|
|
|
} # end foreach
|
|
|
|
# delete the temporary files
|
|
unlink($cipher);
|
|
unlink($clear);
|
|
}
|
|
|
|
|
|
############################################################################
|
|
sub pem_tests
|
|
{
|
|
my $i;
|
|
my $tmp_out;
|
|
my $outFile = "$output_path\\pem.out";
|
|
|
|
my %pem_tests = (
|
|
"crl" => "testcrl.pem",
|
|
"pkcs7" => "testp7.pem",
|
|
"req" => "testreq2.pem",
|
|
"rsa" => "testrsa.pem",
|
|
"x509" => "testx509.pem",
|
|
"x509" => "v3-cert1.pem",
|
|
"sess_id" => "testsid.pem" );
|
|
|
|
|
|
print( "\nRUNNING PEM TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "PEM TESTS:\n\n");
|
|
|
|
foreach $i (keys(%pem_tests))
|
|
{
|
|
log_desc( "Testing: $i");
|
|
|
|
my $input = "$test_path\\$pem_tests{$i}";
|
|
|
|
$tmp_out = "$output_path\\$pem_tests{$i}";
|
|
|
|
if ($i ne "req" )
|
|
{
|
|
system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
|
|
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
|
|
}
|
|
else
|
|
{
|
|
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
|
|
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
|
|
}
|
|
|
|
$x = compare_files( $input, $tmp_out);
|
|
if ( $x == 0 )
|
|
{
|
|
print( "\rSUCCESS - files match: $input, $tmp_out\n");
|
|
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
|
|
}
|
|
else
|
|
{
|
|
print( "\rERROR: files don't match\n");
|
|
print( OUT "ERROR: files don't match\n");
|
|
}
|
|
do_wait();
|
|
|
|
} # end foreach
|
|
}
|
|
|
|
|
|
############################################################################
|
|
sub verify_tests
|
|
{
|
|
my $i;
|
|
my $outFile = "$output_path\\verify.out";
|
|
|
|
$cert_path =~ s/\\/\//g;
|
|
my @cert_files = <$cert_path/*.pem>;
|
|
|
|
print( "\nRUNNING VERIFY TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "VERIFY TESTS:\n\n");
|
|
|
|
make_tmp_cert_file();
|
|
|
|
foreach $i (@cert_files)
|
|
{
|
|
system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
|
|
log_desc("Verifying cert: $i");
|
|
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
|
|
}
|
|
}
|
|
|
|
|
|
############################################################################
|
|
sub ssl_tests
|
|
{
|
|
my $outFile = "$output_path\\ssl_tst.out";
|
|
my($CAcert) = "$output_path\\certCA.ss";
|
|
my($Ukey) = "$output_path\\keyU.ss";
|
|
my($Ucert) = "$output_path\\certU.ss";
|
|
my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
|
|
|
|
print( "\nRUNNING SSL TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "SSL TESTS:\n\n");
|
|
|
|
system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3:");
|
|
log_output("ssltest -ssl3", $outFile);
|
|
|
|
system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 with server authentication:");
|
|
log_output("$ssltest -ssl3 -server_auth", $outFile);
|
|
|
|
system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 with client authentication:");
|
|
log_output("$ssltest -ssl3 -client_auth", $outFile);
|
|
|
|
system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 with both client and server authentication:");
|
|
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
|
|
|
|
system("ssltest (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3:");
|
|
log_output("ssltest", $outFile);
|
|
|
|
system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with server authentication:");
|
|
log_output("$ssltest -server_auth", $outFile);
|
|
|
|
system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with client authentication:");
|
|
log_output("$ssltest -client_auth ", $outFile);
|
|
|
|
system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
|
|
log_output("$ssltest -server_auth -client_auth", $outFile);
|
|
|
|
system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
|
|
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
|
|
|
|
system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 via BIO pair:");
|
|
log_output("ssltest -bio_pair -ssl3", $outFile);
|
|
|
|
system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 with server authentication via BIO pair:");
|
|
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
|
|
|
|
system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 with client authentication via BIO pair:");
|
|
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
|
|
|
|
system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
|
|
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
|
|
|
|
system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 via BIO pair:");
|
|
log_output("ssltest -bio_pair", $outFile);
|
|
|
|
system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
|
|
log_output("$ssltest -bio_pair -server_auth", $outFile);
|
|
|
|
system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
|
|
log_output("$ssltest -bio_pair -client_auth", $outFile);
|
|
|
|
system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
|
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
|
|
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
|
|
}
|
|
|
|
|
|
############################################################################
|
|
sub ca_tests
|
|
{
|
|
my $outFile = "$output_path\\ca_tst.out";
|
|
|
|
my($CAkey) = "$output_path\\keyCA.ss";
|
|
my($CAcert) = "$output_path\\certCA.ss";
|
|
my($CAserial) = "$output_path\\certCA.srl";
|
|
my($CAreq) = "$output_path\\reqCA.ss";
|
|
my($CAreq2) = "$output_path\\req2CA.ss";
|
|
|
|
my($CAconf) = "$test_path\\CAss.cnf";
|
|
|
|
my($Uconf) = "$test_path\\Uss.cnf";
|
|
|
|
my($Ukey) = "$output_path\\keyU.ss";
|
|
my($Ureq) = "$output_path\\reqU.ss";
|
|
my($Ucert) = "$output_path\\certU.ss";
|
|
|
|
print( "\nRUNNING CA TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "CA TESTS:\n");
|
|
|
|
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
|
|
log_desc("Make a certificate request using req:");
|
|
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
|
|
|
|
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
|
|
log_desc("Convert the certificate request into a self signed certificate using x509:");
|
|
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
|
|
|
|
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
|
|
log_desc("Convert a certificate into a certificate request using 'x509':");
|
|
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
|
|
|
|
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
|
|
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
|
|
|
|
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
|
|
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
|
|
|
|
system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
|
|
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
|
|
|
|
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
|
|
log_desc("Make another certificate request using req:");
|
|
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
|
|
|
|
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
|
|
log_desc("Sign certificate request with the just created CA via x509:");
|
|
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
|
|
|
|
system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
|
|
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
|
|
|
|
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
|
|
log_desc("Certificate details");
|
|
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
|
|
|
|
print(OUT "--\n");
|
|
print(OUT "The generated CA certificate is $CAcert\n");
|
|
print(OUT "The generated CA private key is $CAkey\n");
|
|
print(OUT "The current CA signing serial number is in $CAserial\n");
|
|
|
|
print(OUT "The generated user certificate is $Ucert\n");
|
|
print(OUT "The generated user private key is $Ukey\n");
|
|
print(OUT "--\n");
|
|
}
|
|
|
|
############################################################################
|
|
sub evp_tests
|
|
{
|
|
my $i = 'evp_test';
|
|
|
|
print( "\nRUNNING EVP TESTS:\n\n");
|
|
|
|
print( OUT "\n========================================================\n");
|
|
print( OUT "EVP TESTS:\n\n");
|
|
|
|
if (-e "$base_path\\$i.nlm")
|
|
{
|
|
my $outFile = "$output_path\\$i.out";
|
|
system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
|
|
log_desc("Test: $i\.nlm:");
|
|
log_output("", $outFile );
|
|
}
|
|
else
|
|
{
|
|
log_desc("Test: $i\.nlm: file not found");
|
|
}
|
|
}
|
|
|
|
############################################################################
|
|
sub log_output( $ $ )
|
|
{
|
|
my( $desc, $file ) = @_;
|
|
my($error) = 0;
|
|
my($key);
|
|
my($msg);
|
|
|
|
if ($desc)
|
|
{
|
|
print("\r$desc\n");
|
|
print(OUT "$desc\n");
|
|
}
|
|
|
|
# loop waiting for test program to complete
|
|
while ( stat($file) == 0)
|
|
{ print(". "); sleep(1); }
|
|
|
|
|
|
# copy test output to log file
|
|
open(IN, "<$file");
|
|
while (<IN>)
|
|
{
|
|
print(OUT $_);
|
|
if ( $_ =~ /ERROR/ )
|
|
{
|
|
$error = 1;
|
|
}
|
|
}
|
|
# close and delete the temporary test output file
|
|
close(IN);
|
|
unlink($file);
|
|
|
|
if ( $error == 0 )
|
|
{
|
|
$msg = "Test Succeeded";
|
|
}
|
|
else
|
|
{
|
|
$msg = "Test Failed";
|
|
}
|
|
|
|
print(OUT "$msg\n");
|
|
|
|
if ($pause)
|
|
{
|
|
print("$msg - press ENTER to continue...");
|
|
$key = getc;
|
|
print("\n");
|
|
}
|
|
|
|
# Several of the testing scripts run a loop loading the
|
|
# same NLM with different options.
|
|
# On slow NetWare machines there appears to be some delay in the
|
|
# OS actually unloading the test nlms and the OS complains about.
|
|
# the NLM already being loaded. This additional pause is to
|
|
# to help provide a little more time for unloading before trying to
|
|
# load again.
|
|
sleep(1);
|
|
}
|
|
|
|
|
|
############################################################################
|
|
sub log_desc( $ )
|
|
{
|
|
my( $desc ) = @_;
|
|
|
|
print("\n");
|
|
print("$desc\n");
|
|
|
|
print(OUT "\n");
|
|
print(OUT "$desc\n");
|
|
print(OUT "======================================\n");
|
|
}
|
|
|
|
############################################################################
|
|
sub compare_files( $ $ $ )
|
|
{
|
|
my( $file1, $file2, $binary ) = @_;
|
|
my( $n1, $n2, $b1, $b2 );
|
|
my($ret) = 1;
|
|
|
|
open(IN0, $file1) || die "\nunable to open $file1\n";
|
|
open(IN1, $file2) || die "\nunable to open $file2\n";
|
|
|
|
if ($binary)
|
|
{
|
|
binmode IN0;
|
|
binmode IN1;
|
|
}
|
|
|
|
for (;;)
|
|
{
|
|
$n1 = read(IN0, $b1, 512);
|
|
$n2 = read(IN1, $b2, 512);
|
|
|
|
if ($n1 != $n2) {last;}
|
|
if ($b1 != $b2) {last;}
|
|
|
|
if ($n1 == 0)
|
|
{
|
|
$ret = 0;
|
|
last;
|
|
}
|
|
}
|
|
close(IN0);
|
|
close(IN1);
|
|
return($ret);
|
|
}
|
|
|
|
############################################################################
|
|
sub do_wait()
|
|
{
|
|
my($key);
|
|
|
|
if ($pause)
|
|
{
|
|
print("Press ENTER to continue...");
|
|
$key = getc;
|
|
print("\n");
|
|
}
|
|
}
|
|
|
|
|
|
############################################################################
|
|
sub make_tmp_cert_file()
|
|
{
|
|
my @cert_files = <$cert_path/*.pem>;
|
|
|
|
# delete the file if it already exists
|
|
unlink($tmp_cert);
|
|
|
|
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
|
|
|
|
print("building temporary cert file\n");
|
|
|
|
# create a temporary cert file that contains all the certs
|
|
foreach $i (@cert_files)
|
|
{
|
|
open( IN_CERT, $i ) || die "\nunable to open $i\n";
|
|
|
|
for(;;)
|
|
{
|
|
$n = sysread(IN_CERT, $data, 1024);
|
|
|
|
if ($n == 0)
|
|
{
|
|
close(IN_CERT);
|
|
last;
|
|
};
|
|
|
|
syswrite(TMP_CERT, $data, $n);
|
|
}
|
|
}
|
|
|
|
close( TMP_CERT );
|
|
}
|