diff options
| author | Richard Levitte <levitte@openssl.org> | 2003-11-28 13:10:58 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2003-11-28 13:10:58 +0000 |
| commit | 4d8743f490a5f96fa26d41985ee12cb6b9815a4c (patch) | |
| tree | 9668a30c8c9bcc3347eddb5b553d8f1c6ccc8524 /Netware | |
| parent | 4c8b4f9d03fb5db99fa22b235369b96039f60706 (diff) | |
Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
Diffstat (limited to 'Netware')
| -rw-r--r-- | Netware/build.bat | 204 | ||||
| -rw-r--r-- | Netware/cpy_tests.bat | 112 | ||||
| -rw-r--r-- | Netware/do_tests.pl | 585 | ||||
| -rw-r--r-- | Netware/globals.txt | 254 | ||||
| -rw-r--r-- | Netware/readme.txt | 19 | ||||
| -rw-r--r-- | Netware/set_env.bat | 90 |
6 files changed, 1264 insertions, 0 deletions
diff --git a/Netware/build.bat b/Netware/build.bat new file mode 100644 index 0000000000..ee73da4dff --- /dev/null +++ b/Netware/build.bat @@ -0,0 +1,204 @@ +@echo off + +rem ======================================================================== +rem Batch file to automate building OpenSSL for NetWare. +rem +rem usage: +rem build [target] [debug opts] [assembly opts] [configure opts] +rem +rem target - "netware-clib" - CLib NetWare build +rem - "netware-libc" - LibC NKS NetWare build +rem +rem debug opts - "debug" - build debug +rem +rem assembly opts - "nw-mwasm" - use Metrowerks assembler +rem "nw-nasm" - use NASM assembler +rem "no-asm" - don't use assembly +rem +rem configure opts- all unrecognized arguments are passed to the +rem perl configure script +rem +rem If no arguments are specified the default is to build non-debug with +rem no assembly. NOTE: there is no default BLD_TARGET. +rem + + + +rem No assembly is the default - Uncomment section below to change +rem the assembler default +set ASM_MODE= +set ASSEMBLER= +set NO_ASM=no-asm + +rem Uncomment to default to the Metrowerks assembler +rem set ASM_MODE=nw-mwasm +rem set ASSEMBLER=Metrowerks +rem set NO_ASM= + +rem Uncomment to default to the NASM assembler +rem set ASM_MODE=nw-nasm +rem set ASSEMBLER=NASM +rem set NO_ASM= + +rem No default Bld target +set BLD_TARGET=no_target +rem set BLD_TARGET=netware-clib +rem set BLD_TARGET=netware-libc + + +rem Default to build non-debug +set DEBUG= + +rem Uncomment to default to debug build +rem set DEBUG=debug + + +set CONFIG_OPTS= +set ARG_PROCESSED=NO + + +rem Process command line args +:opts +if "a%1" == "a" goto endopt +if "%1" == "no-asm" set NO_ASM=no-asm +if "%1" == "no-asm" set ARG_PROCESSED=YES +if "%1" == "debug" set DEBUG=debug +if "%1" == "debug" set ARG_PROCESSED=YES +if "%1" == "nw-nasm" set ASM_MODE=nw-nasm +if "%1" == "nw-nasm" set ASSEMBLER=NASM +if "%1" == "nw-nasm" set NO_ASM= +if "%1" == "nw-nasm" set ARG_PROCESSED=YES +if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm +if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks +if "%1" == "nw-mwasm" set NO_ASM= +if "%1" == "nw-mwasm" set ARG_PROCESSED=YES +if "%1" == "netware-clib" set BLD_TARGET=netware-clib +if "%1" == "netware-clib" set ARG_PROCESSED=YES +if "%1" == "netware-libc" set BLD_TARGET=netware-libc +if "%1" == "netware-libc" set ARG_PROCESSED=YES + +rem If we didn't recognize the argument, consider it an option for config +if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1 +if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO + +shift +goto opts +:endopt + +rem make sure a valid BLD_TARGET was specified +if "%BLD_TARGET%" == "no_target" goto no_target + +rem build the nlm make file name which includes target and debug info +set NLM_MAKE= +if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib +if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc +if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak +if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak + +if "%NO_ASM%" == "no-asm" set ASM_MODE= +if "%NO_ASM%" == "no-asm" set ASSEMBLER= +if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm +if "%NO_ASM%" == "no-asm" goto do_config + + +rem ================================================== +echo Generating x86 for %ASSEMBLER% assembler + +echo Bignum +cd crypto\bn\asm +perl x86.pl %ASM_MODE% > bn-nw.asm +cd ..\..\.. + +echo DES +cd crypto\des\asm +perl des-586.pl %ASM_MODE% > d-nw.asm +cd ..\..\.. + +echo "crypt(3)" + +cd crypto\des\asm +perl crypt586.pl %ASM_MODE% > y-nw.asm +cd ..\..\.. + +echo Blowfish + +cd crypto\bf\asm +perl bf-586.pl %ASM_MODE% > b-nw.asm +cd ..\..\.. + +echo CAST5 +cd crypto\cast\asm +perl cast-586.pl %ASM_MODE% > c-nw.asm +cd ..\..\.. + +echo RC4 +cd crypto\rc4\asm +perl rc4-586.pl %ASM_MODE% > r4-nw.asm +cd ..\..\.. + +echo MD5 +cd crypto\md5\asm +perl md5-586.pl %ASM_MODE% > m5-nw.asm +cd ..\..\.. + +echo SHA1 +cd crypto\sha\asm +perl sha1-586.pl %ASM_MODE% > s1-nw.asm +cd ..\..\.. + +echo RIPEMD160 +cd crypto\ripemd\asm +perl rmd-586.pl %ASM_MODE% > rm-nw.asm +cd ..\..\.. + +echo RC5\32 +cd crypto\rc5\asm +perl rc5-586.pl %ASM_MODE% > r5-nw.asm +cd ..\..\.. + +rem =============================================================== +rem +:do_config + +echo . +echo configure options: %CONFIG_OPTS% %BLD_TARGET% +echo . +perl configure %CONFIG_OPTS% %BLD_TARGET% + +perl util\mkfiles.pl >MINFO + +echo . +echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% +echo . +perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE% + +echo The makefile "%NLM_MAKE%" has been created use your maketool to +echo build (ex: gmake -f %NLM_MAKE%) +goto end + +rem =============================================================== +rem +:no_target +echo . +echo . No build target specified!!! +echo . +echo . usage: build [target] [debug opts] [assembly opts] [configure opts] +echo . +echo . target - "netware-clib" - CLib NetWare build +echo . - "netware-libc" - LibC NKS NetWare build +echo . +echo . debug opts - "debug" - build debug +echo . +echo . assembly opts - "nw-mwasm" - use Metrowerks assembler +echo . "nw-nasm" - use NASM assembler +echo . "no-asm" - don't use assembly +echo . +echo . configure opts- all unrecognized arguments are passed to the +echo . perl configure script +echo . +echo . If no debug or assembly opts are specified the default is to build +echo . non-debug without assembly +echo . + + +:end diff --git a/Netware/cpy_tests.bat b/Netware/cpy_tests.bat new file mode 100644 index 0000000000..c2f07c00c7 --- /dev/null +++ b/Netware/cpy_tests.bat @@ -0,0 +1,112 @@ +@echo off + +rem Batch file to copy OpenSSL stuff to a NetWare server for testing + +rem This batch file will create an "opensssl" directory at the root of the +rem specified NetWare drive and copy the required files to run the tests. +rem It should be run from inside the "openssl\netware" subdirectory. + +rem Usage: +rem cpy_tests.bat <test subdirectory> <NetWare drive> +rem <test subdirectory> - out_nw.dbg | out_nw +rem <NetWare drive> - any mapped drive letter +rem +rem example ( copy from debug build to m: dirve ): +rem cpy_tests.bat out_nw.dbg m: +rem +rem CAUTION: If a directory named OpenSSL exists on the target drive +rem it will be deleted first. + + +if "%1" == "" goto usage +if "%2" == "" goto usage + +rem Assume running in \openssl directory unless cpy_tests.bat exists then +rem it must be the \openssl\netware directory +set loc=. +if exist cpy_tests.bat set loc=.. + +rem make sure the local build subdirectory specified is valid +if not exist %loc%\%1\NUL goto invalid_dir + +rem make sure target drive is valid +if not exist %2\NUL goto invalid_drive + +rem If an OpenSSL directory exists on the target drive, remove it +if exist %2\openssl\NUL goto remove_openssl +goto do_copy + +:remove_openssl +echo . +echo OpenSSL directory exists on %2 - it will be removed! +pause +rmdir %2\openssl /s /q + +:do_copy +rem make an "openssl" directory and others at the root of the NetWare drive +mkdir %2\openssl +mkdir %2\openssl\test_out +mkdir %2\openssl\apps +mkdir %2\openssl\certs +mkdir %2\openssl\test + + +rem copy the test nlms +copy %loc%\%1\*.nlm %2\openssl\ + +rem copy the test perl script +copy %loc%\netware\do_tests.pl %2\openssl\ + +rem copy the certs directory stuff +xcopy %loc%\certs\*.* %2\openssl\certs\ /s + +rem copy the test directory stuff +copy %loc%\test\CAss.cnf %2\openssl\test\ +copy %loc%\test\Uss.cnf %2\openssl\test\ +copy %loc%\test\pkcs7.pem %2\openssl\test\ +copy %loc%\test\pkcs7-1.pem %2\openssl\test\ +copy %loc%\test\testcrl.pem %2\openssl\test\ +copy %loc%\test\testp7.pem %2\openssl\test\ +copy %loc%\test\testreq2.pem %2\openssl\test\ +copy %loc%\test\testrsa.pem %2\openssl\test\ +copy %loc%\test\testsid.pem %2\openssl\test\ +copy %loc%\test\testx509.pem %2\openssl\test\ +copy %loc%\test\v3-cert1.pem %2\openssl\test\ +copy %loc%\test\v3-cert2.pem %2\openssl\test\ + +rem copy the apps directory stuff +copy %loc%\apps\client.pem %2\openssl\apps\ +copy %loc%\apps\server.pem %2\openssl\apps\ +copy %loc%\apps\openssl.cnf %2\openssl\apps\ + +echo . +echo Tests copied +echo Run the test script at the console by typing: +echo "Perl \openssl\do_tests.pl" +echo . +echo Make sure the Search path includes the OpenSSL subdirectory + +goto end + +:invalid_dir +echo. +echo Invalid build directory specified: %1 +echo. +goto usage + +:invalid_drive +echo. +echo Invalid drive: %2 +echo. +goto usage + +:usage +echo. +echo usage: cpy_tests.bat [test subdirectory] [NetWare drive] +echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. +echo [NetWare drive] - any mapped drive letter +echo. +echo example: cpy_test out_nw_clib.dbg M: +echo (copy from clib debug build area to M: drive) + +:end diff --git a/Netware/do_tests.pl b/Netware/do_tests.pl new file mode 100644 index 0000000000..f4e11272d3 --- /dev/null +++ b/Netware/do_tests.pl @@ -0,0 +1,585 @@ +# perl script to run OpenSSL tests + + +my $base_path = "\\openssl"; + +my $output_path = "$base_path\\test_out"; +my $cert_path = "$base_path\\certs"; +my $test_path = "$base_path\\test"; +my $app_path = "$base_path\\apps"; + +my $tmp_cert = "$output_path\\cert.tmp"; +my $OpenSSL_config = "$app_path\\openssl.cnf"; +my $log_file = "$output_path\\tests.log"; + +my $pause = 0; + + +# process the command line args to see if they wanted us to pause +# between executing each command +foreach $i (@ARGV) +{ + if ($i =~ /^-p$/) + { $pause=1; } +} + + + +main(); + + +############################################################################ +sub main() +{ + # delete all the output files in the output directory + unlink <$output_path\\*.*>; + + # open the main log file + open(OUT, ">$log_file") || die "unable to open $log_file\n"; + + + algorithm_tests(); + encryption_tests(); + pem_tests(); + verify_tests(); + ssl_tests(); + ca_tests(); + + close(OUT); + + print("\nCompleted running tests.\n\n"); + print("Check log file for errors: $log_file\n"); +} + +############################################################################ +sub algorithm_tests +{ + my $i; + my $outFile; + my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test, + md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest, + dhtest, exptest ); + + print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "CRYPTO ALGORITHM TESTS:\n\n"); + + foreach $i (@tests) + { + $outFile = "$output_path\\$i.out"; + system("$i > $outFile"); + log_desc("Test: $i\.nlm:"); + log_output("", $outFile ); + } +} + +############################################################################ +sub encryption_tests +{ + my $i; + my $outFile; + my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb", + "des-ofb", "des-ede-ofb", "des-ede3-ofb", + "des-ecb", "des-ede", "des-ede3", "des-cbc", + "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb", + "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb", + "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb", + "bf-ofb", "bf-cbc" ); + + my $input = "$base_path\\do_tests.pl"; + my $cipher = "$output_path\\cipher.out"; + my $clear = "$output_path\\clear.out"; + + print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n"); + + foreach $i (@enc_tests) + { + log_desc("Testing: $i"); + + # do encryption + $outFile = "$output_path\\enc.out"; + system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" ); + log_output("Encrypting: $input --> $cipher", $outFile); + + # do decryption + $outFile = "$output_path\\dec.out"; + system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); + log_output("Decrypting: $cipher --> $clear", $outFile); + + # compare files + $x = compare_files( $input, $clear, 1); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $clear\n"); + print( OUT "SUCCESS - files match: $input, $clear\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + + do_wait(); + + # Now do the same encryption but use Base64 + + # do encryption B64 + $outFile = "$output_path\\B64enc.out"; + system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile"); + log_output("Encrypting(B64): $cipher --> $clear", $outFile); + + # do decryption B64 + $outFile = "$output_path\\B64dec.out"; + system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile"); + log_output("Decrypting(B64): $cipher --> $clear", $outFile); + + # compare files + $x = compare_files( $input, $clear, 1); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $clear\n"); + print( OUT "SUCCESS - files match: $input, $clear\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + + do_wait(); + + } # end foreach + + # delete the temporary files + unlink($cipher); + unlink($clear); +} + + +############################################################################ +sub pem_tests +{ + my $i; + my $tmp_out; + my $outFile = "$output_path\\pem.out"; + + my %pem_tests = ( + "crl" => "testcrl.pem", + "pkcs7" => "testp7.pem", + "req" => "testreq2.pem", + "rsa" => "testrsa.pem", + "x509" => "testx509.pem", + "x509" => "v3-cert1.pem", + "sess_id" => "testsid.pem" ); + + + print( "\nRUNNING PEM TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "PEM TESTS:\n\n"); + + foreach $i (keys(%pem_tests)) + { + log_desc( "Testing: $i"); + + my $input = "$test_path\\$pem_tests{$i}"; + + $tmp_out = "$output_path\\$pem_tests{$i}"; + + if ($i ne "req" ) + { + system("openssl2 $i -in $input -out $tmp_out > $outFile"); + log_output( "openssl2 $i -in $input -out $tmp_out", $outFile); + } + else + { + system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile"); + log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile ); + } + + $x = compare_files( $input, $tmp_out); + if ( $x == 0 ) + { + print( "SUCCESS - files match: $input, $tmp_out\n"); + print( OUT "SUCCESS - files match: $input, $tmp_out\n"); + } + else + { + print( "ERROR: files don't match\n"); + print( OUT "ERROR: files don't match\n"); + } + do_wait(); + + } # end foreach +} + + +############################################################################ +sub verify_tests +{ + my $i; + my $outFile = "$output_path\\verify.out"; + + my @cert_files = <$cert_path\\*.pem>; + + print( "\nRUNNING VERIFY TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "VERIFY TESTS:\n\n"); + + make_tmp_cert_file(); + + foreach $i (@cert_files) + { + system("openssl2 verify -CAfile $tmp_cert $i >$outFile"); + log_desc("Verifying cert: $i"); + log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile); + } +} + + +############################################################################ +sub ssl_tests +{ + my $outFile = "$output_path\\ssl_tst.out"; + + print( "\nRUNNING SSL TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "SSL TESTS:\n\n"); + + make_tmp_cert_file(); + + system("ssltest -ssl2 >$outFile"); + log_desc("Testing sslv2:"); + log_output("ssltest -ssl2", $outFile); + + system("ssltest -ssl2 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with server authentication:"); + log_output("ssltest -ssl2 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl2 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with client authentication:"); + log_output("ssltest -ssl2 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with both client and server authentication:"); + log_output("ssltest -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 >$outFile"); + log_desc("Testing sslv3:"); + log_output("ssltest -ssl3", $outFile); + + system("ssltest -ssl3 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with server authentication:"); + log_output("ssltest -ssl3 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with client authentication:"); + log_output("ssltest -ssl3 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with both client and server authentication:"); + log_output("ssltest -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest >$outFile"); + log_desc("Testing sslv2/sslv3:"); + log_output("ssltest", $outFile); + + system("ssltest -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with server authentication:"); + log_output("ssltest -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with client authentication:"); + log_output("ssltest -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with both client and server authentication:"); + log_output("ssltest -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 >$outFile"); + log_desc("Testing sslv2 via BIO pair:"); + log_output("ssltest -bio_pair -ssl2", $outFile); + + system("ssltest -bio_pair -dhe1024dsa -v >$outFile"); + log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); + log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); + + system("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 >$outFile"); + log_desc("Testing sslv3 via BIO pair:"); + log_output("ssltest -bio_pair -ssl3", $outFile); + + system("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv3 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair >$outFile"); + log_desc("Testing sslv2/sslv3 via BIO pair:"); + log_output("ssltest -bio_pair", $outFile); + + system("ssltest -bio_pair -server_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:"); + log_output("ssltest -bio_pair -server_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:"); + log_output("ssltest -bio_pair -client_auth -CAfile $tmp_cert", $outFile); + + system("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert >$outFile"); + log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:"); + log_output("ssltest -bio_pair -server_auth -client_auth -CAfile $tmp_cert", $outFile); +} + + +############################################################################ +sub ca_tests +{ + my $outFile = "$output_path\\ca_tst.out"; + + my($CAkey) = "$output_path\\keyCA.ss"; + my($CAcert) = "$output_path\\certCA.ss"; + my($CAserial) = "$output_path\\certCA.srl"; + my($CAreq) = "$output_path\\reqCA.ss"; + my($CAreq2) = "$output_path\\req2CA.ss"; + + my($CAconf) = "$test_path\\CAss.cnf"; + + my($Uconf) = "$test_path\\Uss.cnf"; + + my($Ukey) = "$output_path\\keyU.ss"; + my($Ureq) = "$output_path\\reqU.ss"; + my($Ucert) = "$output_path\\certU.ss"; + + print( "\nRUNNING CA TESTS:\n\n"); + + print( OUT "\n========================================================\n"); + print( OUT "CA TESTS:\n"); + + system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile"); + log_desc("Make a certificate request using req:"); + log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile); + + system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile"); + log_desc("Convert the certificate request into a self signed certificate using x509:"); + log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile); + + system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile"); + log_desc("Convert a certificate into a certificate request using 'x509':"); + log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile); + + system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile"); + log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile); + + system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile"); + log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile); + + system("openssl2 verify -CAfile $CAcert $CAcert >$outFile"); + log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile); + + system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile"); + log_desc("Make another certificate request using req:"); + log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile); + + system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile"); + log_desc("Sign certificate request with the just created CA via x509:"); + log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile); + + system("openssl2 verify -CAfile $CAcert $Ucert >$outFile"); + log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile); + + system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile"); + log_desc("Certificate details"); + log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile); + + print(OUT "-- \n"); + print(OUT "The generated CA certificate is $CAcert\n"); + print(OUT "The generated CA private key is $CAkey\n"); + print(OUT "The current CA signing serial number is in $CAserial\n"); + + print(OUT "The generated user certificate is $Ucert\n"); + print(OUT "The generated user private key is $Ukey\n"); + print(OUT "--\n"); +} + +############################################################################ +sub log_output( $ $ ) +{ + my( $desc, $file ) = @_; + my($error) = 0; + my($key); + my($msg); + + if ($desc) + { + print("$desc\n"); + print(OUT "$desc\n"); + } + + # loop waiting for test program to complete + while ( stat($file) == 0) + { print(". "); sleep(1); } + + + # copy test output to log file + open(IN, "<$file"); + while (<IN>) + { + print(OUT $_); + if ( $_ =~ /ERROR/ ) + { + $error = 1; + } + } + # close and delete the temporary test output file + close(IN); + unlink($file); + + if ( $error == 0 ) + { + $msg = "Test Succeeded"; + } + else + { + $msg = "Test Failed"; + } + + print(OUT "$msg\n"); + + if ($pause) + { + print("$msg - press ENTER to continue..."); + $key = getc; + print("\n"); + } + + # Several of the testing scripts run a loop loading the + # same NLM with different options. + # On slow NetWare machines there appears to be some delay in the + # OS actually unloading the test nlms and the OS complains about. + # the NLM already being loaded. This additional pause is to + # to help provide a little more time for unloading before trying to + # load again. + sleep(1); +} + + +############################################################################ +sub log_desc( $ ) +{ + my( $desc ) = @_; + + print("\n"); + print("$desc\n"); + + print(OUT "\n"); + print(OUT "$desc\n"); + print(OUT "======================================\n"); +} + +############################################################################ +sub compare_files( $ $ $ ) +{ + my( $file1, $file2, $binary ) = @_; + my( $n1, $n2, $b1, $b2 ); + my($ret) = 1; + + open(IN0, $file1) || die "\nunable to open $file1\n"; + open(IN1, $file2) || die "\nunable to open $file2\n"; + + if ($binary) + { + binmode IN0; + binmode IN1; + } + + for (;;) + { + $n1 = read(IN0, $b1, 512); + $n2 = read(IN1, $b2, 512); + + if ($n1 != $n2) {last;} + if ($b1 != $b2) {last;} + + if ($n1 == 0) + { + $ret = 0; + last; + } + } + close(IN0); + close(IN1); + return($ret); +} + +############################################################################ +sub do_wait() +{ + my($key); + + if ($pause) + { + print("Press ENTER to continue..."); + $key = getc; + print("\n"); + } +} + + +############################################################################ +sub make_tmp_cert_file() +{ + my @cert_files = <$cert_path\\*.pem>; + + # delete the file if it already exists + unlink($tmp_cert); + + open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n"; + + print("building temporary cert file\n"); + + # create a temporary cert file that contains all the certs + foreach $i (@cert_files) + { + open( IN_CERT, $i ) || die "\nunable to open $i\n"; + + for(;;) + { + $n = sysread(IN_CERT, $data, 1024); + + if ($n == 0) + { + close(IN_CERT); + last; + }; + + syswrite(TMP_CERT, $data, $n); + } + } + + close( TMP_CERT ); +} diff --git a/Netware/globals.txt b/Netware/globals.txt new file mode 100644 index 0000000000..fe05d390cf --- /dev/null +++ b/Netware/globals.txt @@ -0,0 +1,254 @@ +An initial review of the OpenSSL code was done to determine how many +global variables where present. The idea was to determine the amount of +work required to pull the globals into an instance data structure in +order to build a Library NLM for NetWare. This file contains the results +of the review. Each file is listed along with the globals in the file. +The initial review was done very quickly so this list is probably +not a comprehensive list. + + +cryptlib.c +=========================================== + +static STACK *app_locks=NULL; + +static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; + +static void (MS_FAR *locking_callback)(int mode,int type, + const char *file,int line)=NULL; +static int (MS_FAR *add_lock_callback)(int *pointer,int amount, + int type,const char *file,int line)=NULL; +static unsigned long (MS_FAR *id_callback)(void)=NULL; +static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) + (const char *file,int line)=NULL; +static void (MS_FAR *dynlock_lock_callback)(int mode, + struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; +static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, + const char *file,int line)=NULL; + + +mem.c +=========================================== +static int allow_customize = 1; /* we provide flexible functions for */ +static int allow_customize_debug = 1;/* exchanging memory-related functions at + +/* may be changed as long as `allow_customize' is set */ +static void *(*malloc_locked_func)(size_t) = malloc; +static void (*free_locked_func)(void *) = free; +static void *(*malloc_func)(size_t) = malloc; +static void *(*realloc_func)(void *, size_t)= realloc; +static void (*free_func)(void *) = free; + +/* use default functions from mem_dbg.c */ +static void (*malloc_debug_func)(void *,int,const char *,int,int) + = CRYPTO_dbg_malloc; +static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) + = CRYPTO_dbg_realloc; +static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; +static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; +static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; + + +mem_dbg.c +=========================================== +static int mh_mode=CRYPTO_MEM_CHECK_OFF; +static unsigned long order = 0; /* number of memory requests */ +static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ + +static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */ +static long options = /* extra information to be recorded */ +static unsigned long disabling_thread = 0; + + +err.c +=========================================== +static LHASH *error_hash=NULL; +static LHASH *thread_hash=NULL; + +several files have routines with static "init" to track if error strings + have been loaded ( may not want seperate error strings for each process ) + The "init" variable can't be left "global" because the error has is a ptr + that is malloc'ed. The malloc'ed error has is dependant on the "init" + vars. + + files: + pem_err.c + cpt_err.c + pk12err.c + asn1_err.c + bio_err.c + bn_err.c + buf_err.c + comp_err.c + conf_err.c + cpt_err.c + dh_err.c + dsa_err.c + dso_err.c + evp_err.c + obj_err.c + pkcs7err.c + rand_err.c + rsa_err.c + |