openssl/Netware/do_tests.pl

586 lines
18 KiB
Perl
Raw Normal View History

# perl script to run OpenSSL tests
my $base_path = "\\openssl";
my $output_path = "$base_path\\test_out";
my $cert_path = "$base_path\\certs";
my $test_path = "$base_path\\test";
my $app_path = "$base_path\\apps";
my $tmp_cert = "$output_path\\cert.tmp";
my $OpenSSL_config = "$app_path\\openssl.cnf";
my $log_file = "$output_path\\tests.log";
my $pause = 0;
# process the command line args to see if they wanted us to pause
# between executing each command
foreach $i (@ARGV)
{
if ($i =~ /^-p$/)
{ $pause=1; }
}
main();
############################################################################
sub main()
{
# delete all the output files in the output directory
unlink <$output_path\\*.*>;
# open the main log file
open(OUT, ">$log_file") || die "unable to open $log_file\n";
algorithm_tests();
encryption_tests();
pem_tests();
verify_tests();
ssl_tests();
ca_tests();
close(OUT);
print("\nCompleted running tests.\n\n");
print("Check log file for errors: $log_file\n");
}
############################################################################
sub algorithm_tests
{
my $i;
my $outFile;
my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
dhtest, exptest );
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
foreach $i (@tests)
{
$outFile = "$output_path\\$i.out";
system("$i > $outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
}
############################################################################
sub encryption_tests
{
my $i;
my $outFile;
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
"des-ecb", "des-ede", "des-ede3", "des-cbc",
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
"bf-ofb", "bf-cbc" );
my $input = "$base_path\\do_tests.pl";
my $cipher = "$output_path\\cipher.out";
my $clear = "$output_path\\clear.out";
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
foreach $i (@enc_tests)
{
log_desc("Testing: $i");
# do encryption
$outFile = "$output_path\\enc.out";
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
log_output("Encrypting: $input --> $cipher", $outFile);
# do decryption
$outFile = "$output_path\\dec.out";
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
log_output("Decrypting: $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "SUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "ERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
# Now do the same encryption but use Base64
# do encryption B64
$outFile = "$output_path\\B64enc.out";
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
# do decryption B64
$outFile = "$output_path\\B64dec.out";
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "SUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "ERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
# delete the temporary files
unlink($cipher);
unlink($clear);
}
############################################################################
sub pem_tests
{
my $i;
my $tmp_out;
my $outFile = "$output_path\\pem.out";
my %pem_tests = (
"crl" => "testcrl.pem",
"pkcs7" => "testp7.pem",
"req" => "testreq2.pem",
"rsa" => "testrsa.pem",
"x509" => "testx509.pem",
"x509" => "v3-cert1.pem",
"sess_id" => "testsid.pem" );
print( "\nRUNNING PEM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "PEM TESTS:\n\n");
foreach $i (keys(%pem_tests))
{
log_desc( "Testing: $i");
my $input = "$test_path\\$pem_tests{$i}";
$tmp_out = "$output_path\\$pem_tests{$i}";
if ($i ne "req" )
{
system("openssl2 $i -in $input -out $tmp_out > $outFile");
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
}
else
{
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
}
$x = compare_files( $input, $tmp_out);
if ( $x == 0 )
{
print( "SUCCESS - files match: $input, $tmp_out\n");
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
}
else
{
print( "ERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
}
############################################################################
sub verify_tests
{
my $i;
my $outFile = "$output_path\\verify.out";
my @cert_files = <$cert_path\\*.pem>;
print( "\nRUNNING VERIFY TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "VERIFY TESTS:\n\n");
make_tmp_cert_file();
foreach $i (@cert_files)
{
system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
log_desc("Verifying cert: $i");
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
}
}
############################################################################
sub ssl_tests
{
my $outFile = "$output_path\\ssl_tst.out";
print( "\nRUNNING SSL TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "SSL TESTS:\n\n");
make_tmp_cert_file();
system("ssltest -ssl2 >$outFile");
log_desc("Testing sslv2:");
log_output("ssltest -ssl2", $outFile);
system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2 with server authentication:");
log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2 with client authentication:");
log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2 with both client and server authentication:");
log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -ssl3 >$outFile");
log_desc("Testing sslv3:");
log_output("ssltest -ssl3", $outFile);
system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv3 with server authentication:");
log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv3 with client authentication:");
log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv3 with both client and server authentication:");
log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest >$outFile");
log_desc("Testing sslv2/sslv3:");
log_output("ssltest", $outFile);
system("ssltest -server_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2/sslv3 with server authentication:");
log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile);
system("ssltest -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2/sslv3 with client authentication:");
log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -ssl2 >$outFile");
log_desc("Testing sslv2 via BIO pair:");
log_output("ssltest -bio_pair -ssl2", $outFile);
system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2 with server authentication via BIO pair:");
log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2 with client authentication via BIO pair:");
log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -ssl3 >$outFile");
log_desc("Testing sslv3 via BIO pair:");
log_output("ssltest -bio_pair -ssl3", $outFile);
system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv3 with server authentication via BIO pair:");
log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv3 with client authentication via BIO pair:");
log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair >$outFile");
log_desc("Testing sslv2/sslv3 via BIO pair:");
log_output("ssltest -bio_pair", $outFile);
system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile);
system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile);
}
############################################################################
sub ca_tests
{
my $outFile = "$output_path\\ca_tst.out";
my($CAkey) = "$output_path\\keyCA.ss";
my($CAcert) = "$output_path\\certCA.ss";
my($CAserial) = "$output_path\\certCA.srl";
my($CAreq) = "$output_path\\reqCA.ss";
my($CAreq2) = "$output_path\\req2CA.ss";
my($CAconf) = "$test_path\\CAss.cnf";
my($Uconf) = "$test_path\\Uss.cnf";
my($Ukey) = "$output_path\\keyU.ss";
my($Ureq) = "$output_path\\reqU.ss";
my($Ucert) = "$output_path\\certU.ss";
print( "\nRUNNING CA TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CA TESTS:\n");
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
log_desc("Make a certificate request using req:");
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
log_desc("Convert the certificate request into a self signed certificate using x509:");
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
log_desc("Convert a certificate into a certificate request using 'x509':");
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
log_desc("Make another certificate request using req:");
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
log_desc("Sign certificate request with the just created CA via x509:");
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
log_desc("Certificate details");
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
print(OUT "-- \n");
print(OUT "The generated CA certificate is $CAcert\n");
print(OUT "The generated CA private key is $CAkey\n");
print(OUT "The current CA signing serial number is in $CAserial\n");
print(OUT "The generated user certificate is $Ucert\n");
print(OUT "The generated user private key is $Ukey\n");
print(OUT "--\n");
}
############################################################################
sub log_output( $ $ )
{
my( $desc, $file ) = @_;
my($error) = 0;
my($key);
my($msg);
if ($desc)
{
print("$desc\n");
print(OUT "$desc\n");
}
# loop waiting for test program to complete
while ( stat($file) == 0)
{ print(". "); sleep(1); }
# copy test output to log file
open(IN, "<$file");
while (<IN>)
{
print(OUT $_);
if ( $_ =~ /ERROR/ )
{
$error = 1;
}
}
# close and delete the temporary test output file
close(IN);
unlink($file);
if ( $error == 0 )
{
$msg = "Test Succeeded";
}
else
{
$msg = "Test Failed";
}
print(OUT "$msg\n");
if ($pause)
{
print("$msg - press ENTER to continue...");
$key = getc;
print("\n");
}
# Several of the testing scripts run a loop loading the
# same NLM with different options.
# On slow NetWare machines there appears to be some delay in the
# OS actually unloading the test nlms and the OS complains about.
# the NLM already being loaded. This additional pause is to
# to help provide a little more time for unloading before trying to
# load again.
sleep(1);
}
############################################################################
sub log_desc( $ )
{
my( $desc ) = @_;
print("\n");
print("$desc\n");
print(OUT "\n");
print(OUT "$desc\n");
print(OUT "======================================\n");
}
############################################################################
sub compare_files( $ $ $ )
{
my( $file1, $file2, $binary ) = @_;
my( $n1, $n2, $b1, $b2 );
my($ret) = 1;
open(IN0, $file1) || die "\nunable to open $file1\n";
open(IN1, $file2) || die "\nunable to open $file2\n";
if ($binary)
{
binmode IN0;
binmode IN1;
}
for (;;)
{
$n1 = read(IN0, $b1, 512);
$n2 = read(IN1, $b2, 512);
if ($n1 != $n2) {last;}
if ($b1 != $b2) {last;}
if ($n1 == 0)
{
$ret = 0;
last;
}
}
close(IN0);
close(IN1);
return($ret);
}
############################################################################
sub do_wait()
{
my($key);
if ($pause)
{
print("Press ENTER to continue...");
$key = getc;
print("\n");
}
}
############################################################################
sub make_tmp_cert_file()
{
my @cert_files = <$cert_path\\*.pem>;
# delete the file if it already exists
unlink($tmp_cert);
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
print("building temporary cert file\n");
# create a temporary cert file that contains all the certs
foreach $i (@cert_files)
{
open( IN_CERT, $i ) || die "\nunable to open $i\n";
for(;;)
{
$n = sysread(IN_CERT, $data, 1024);
if ($n == 0)
{
close(IN_CERT);
last;
};
syswrite(TMP_CERT, $data, $n);
}
}
close( TMP_CERT );
}