ssltest.c 55 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /*
  31. * The testing of the crypto and ssl stuff goes here. Keeps the individual code
  32. * modules from being uncluttered with test code.
  33. *
  34. * This is test code - I make no apologies for the quality!
  35. */
  36. #include <stdio.h>
  37. #include <stdlib.h>
  38. #include <signal.h>
  39. #include <string.h>
  40. #include <errno.h>
  41. #include <sys/stat.h>
  42. #include <fcntl.h>
  43. #ifndef WIN32
  44. #include <pthread.h>
  45. #endif
  46. #include "ssl.h"
  47. #define DEFAULT_CERT "../ssl/test/axTLS.x509_512.cer"
  48. #define DEFAULT_KEY "../ssl/test/axTLS.key_512"
  49. //#define DEFAULT_SVR_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
  50. #define DEFAULT_SVR_OPTION 0
  51. #define DEFAULT_CLNT_OPTION 0
  52. //#define DEFAULT_CLNT_OPTION SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
  53. static int g_port = 19001;
  54. /**************************************************************************
  55. * AES tests
  56. *
  57. * Run through a couple of the RFC3602 tests to verify that AES is correct.
  58. **************************************************************************/
  59. #define TEST1_SIZE 16
  60. #define TEST2_SIZE 32
  61. static int AES_test(BI_CTX *bi_ctx)
  62. {
  63. AES_CTX aes_key;
  64. int res = 1;
  65. uint8_t key[TEST1_SIZE];
  66. uint8_t iv[TEST1_SIZE];
  67. {
  68. /*
  69. Case #1: Encrypting 16 bytes (1 block) using AES-CBC
  70. Key : 0x06a9214036b8a15b512e03d534120006
  71. IV : 0x3dafba429d9eb430b422da802c9fac41
  72. Plaintext : "Single block msg"
  73. Ciphertext: 0xe353779c1079aeb82708942dbe77181a
  74. */
  75. char *in_str = "Single block msg";
  76. uint8_t ct[TEST1_SIZE];
  77. uint8_t enc_data[TEST1_SIZE];
  78. uint8_t dec_data[TEST1_SIZE];
  79. bigint *key_bi = bi_str_import(
  80. bi_ctx, "06A9214036B8A15B512E03D534120006");
  81. bigint *iv_bi = bi_str_import(
  82. bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
  83. bigint *ct_bi = bi_str_import(
  84. bi_ctx, "E353779C1079AEB82708942DBE77181A");
  85. bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
  86. bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
  87. bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
  88. AES_set_key(&aes_key, key, iv, AES_MODE_128);
  89. AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str,
  90. enc_data, sizeof(enc_data));
  91. if (memcmp(enc_data, ct, sizeof(ct)))
  92. {
  93. printf("Error: AES ENCRYPT #1 failed\n");
  94. goto end;
  95. }
  96. AES_set_key(&aes_key, key, iv, AES_MODE_128);
  97. AES_convert_key(&aes_key);
  98. AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
  99. if (memcmp(dec_data, in_str, sizeof(dec_data)))
  100. {
  101. printf("Error: AES DECRYPT #1 failed\n");
  102. goto end;
  103. }
  104. }
  105. {
  106. /*
  107. Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC
  108. Key : 0xc286696d887c9aa0611bbb3e2025a45a
  109. IV : 0x562e17996d093d28ddb3ba695a2e6f58
  110. Plaintext : 0x000102030405060708090a0b0c0d0e0f
  111. 101112131415161718191a1b1c1d1e1f
  112. Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
  113. 7586602d253cfff91b8266bea6d61ab1
  114. */
  115. uint8_t in_data[TEST2_SIZE];
  116. uint8_t ct[TEST2_SIZE];
  117. uint8_t enc_data[TEST2_SIZE];
  118. uint8_t dec_data[TEST2_SIZE];
  119. bigint *in_bi = bi_str_import(bi_ctx,
  120. "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
  121. bigint *key_bi = bi_str_import(
  122. bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
  123. bigint *iv_bi = bi_str_import(
  124. bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
  125. bigint *ct_bi = bi_str_import(bi_ctx,
  126. "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
  127. bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
  128. bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
  129. bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
  130. bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
  131. AES_set_key(&aes_key, key, iv, AES_MODE_128);
  132. AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data,
  133. enc_data, sizeof(enc_data));
  134. if (memcmp(enc_data, ct, sizeof(ct)))
  135. {
  136. printf("Error: ENCRYPT #2 failed\n");
  137. goto end;
  138. }
  139. AES_set_key(&aes_key, key, iv, AES_MODE_128);
  140. AES_convert_key(&aes_key);
  141. AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
  142. if (memcmp(dec_data, in_data, sizeof(dec_data)))
  143. {
  144. printf("Error: DECRYPT #2 failed\n");
  145. goto end;
  146. }
  147. }
  148. res = 0;
  149. printf("All AES tests passed\n");
  150. end:
  151. return res;
  152. }
  153. /**************************************************************************
  154. * RC4 tests
  155. *
  156. * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
  157. **************************************************************************/
  158. static const uint8_t keys[7][30]=
  159. {
  160. {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
  161. {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
  162. {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
  163. {4,0xef,0x01,0x23,0x45},
  164. {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
  165. {4,0xef,0x01,0x23,0x45},
  166. };
  167. static const uint8_t data_len[7]={8,8,8,20,28,10};
  168. static uint8_t data[7][30]=
  169. {
  170. {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
  171. {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
  172. {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
  173. {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  174. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  175. 0x00,0x00,0x00,0x00,0xff},
  176. {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
  177. 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
  178. 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
  179. 0x12,0x34,0x56,0x78,0xff},
  180. {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
  181. {0},
  182. };
  183. static const uint8_t output[7][30]=
  184. {
  185. {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
  186. {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
  187. {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
  188. {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
  189. 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
  190. 0x36,0xb6,0x78,0x58,0x00},
  191. {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
  192. 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
  193. 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
  194. 0x40,0x01,0x1e,0xcf,0x00},
  195. {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
  196. {0},
  197. };
  198. static int RC4_test(BI_CTX *bi_ctx)
  199. {
  200. int i, res = 1;
  201. RC4_CTX s;
  202. for (i = 0; i < 6; i++)
  203. {
  204. RC4_setup(&s, &keys[i][1], keys[i][0]);
  205. RC4_crypt(&s, data[i], data[i], data_len[i]);
  206. if (memcmp(data[i], output[i], data_len[i]))
  207. {
  208. printf("Error: RC4 CRYPT #%d failed\n", i);
  209. goto end;
  210. }
  211. }
  212. res = 0;
  213. printf("All RC4 tests passed\n");
  214. end:
  215. return res;
  216. }
  217. /**************************************************************************
  218. * SHA1 tests
  219. *
  220. * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
  221. **************************************************************************/
  222. static int SHA1_test(BI_CTX *bi_ctx)
  223. {
  224. SHA1_CTX ctx;
  225. uint8_t ct[SHA1_SIZE];
  226. uint8_t digest[SHA1_SIZE];
  227. int res = 1;
  228. {
  229. const char *in_str = "abc";
  230. bigint *ct_bi = bi_str_import(bi_ctx,
  231. "A9993E364706816ABA3E25717850C26C9CD0D89D");
  232. bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
  233. SHA1_Init(&ctx);
  234. SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
  235. SHA1_Final(digest, &ctx);
  236. if (memcmp(digest, ct, sizeof(ct)))
  237. {
  238. printf("Error: SHA1 #1 failed\n");
  239. goto end;
  240. }
  241. }
  242. {
  243. const char *in_str =
  244. "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  245. bigint *ct_bi = bi_str_import(bi_ctx,
  246. "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
  247. bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
  248. SHA1_Init(&ctx);
  249. SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
  250. SHA1_Final(digest, &ctx);
  251. if (memcmp(digest, ct, sizeof(ct)))
  252. {
  253. printf("Error: SHA1 #2 failed\n");
  254. goto end;
  255. }
  256. }
  257. res = 0;
  258. printf("All SHA1 tests passed\n");
  259. end:
  260. return res;
  261. }
  262. /**************************************************************************
  263. * MD5 tests
  264. *
  265. * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
  266. **************************************************************************/
  267. static int MD5_test(BI_CTX *bi_ctx)
  268. {
  269. MD5_CTX ctx;
  270. uint8_t ct[MD5_SIZE];
  271. uint8_t digest[MD5_SIZE];
  272. int res = 1;
  273. {
  274. const char *in_str = "abc";
  275. bigint *ct_bi = bi_str_import(bi_ctx,
  276. "900150983CD24FB0D6963F7D28E17F72");
  277. bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
  278. MD5_Init(&ctx);
  279. MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
  280. MD5_Final(digest, &ctx);
  281. if (memcmp(digest, ct, sizeof(ct)))
  282. {
  283. printf("Error: MD5 #1 failed\n");
  284. goto end;
  285. }
  286. }
  287. {
  288. const char *in_str =
  289. "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
  290. bigint *ct_bi = bi_str_import(
  291. bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
  292. bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
  293. MD5_Init(&ctx);
  294. MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
  295. MD5_Final(digest, &ctx);
  296. if (memcmp(digest, ct, sizeof(ct)))
  297. {
  298. printf("Error: MD5 #2 failed\n");
  299. goto end;
  300. }
  301. }
  302. res = 0;
  303. printf("All MD5 tests passed\n");
  304. end:
  305. return res;
  306. }
  307. /**************************************************************************
  308. * HMAC tests
  309. *
  310. * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
  311. **************************************************************************/
  312. static int HMAC_test(BI_CTX *bi_ctx)
  313. {
  314. uint8_t key[SHA1_SIZE];
  315. uint8_t ct[SHA1_SIZE];
  316. uint8_t dgst[SHA1_SIZE];
  317. int res = 1;
  318. const char *key_str;
  319. const char *data_str = "Hi There";
  320. bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
  321. bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
  322. bi_export(bi_ctx, key_bi, key, MD5_SIZE);
  323. bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
  324. hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
  325. if (memcmp(dgst, ct, MD5_SIZE))
  326. {
  327. printf("HMAC MD5 #1 failed\n");
  328. goto end;
  329. }
  330. data_str = "what do ya want for nothing?";
  331. key_str = "Jefe";
  332. ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
  333. bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
  334. hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
  335. if (memcmp(dgst, ct, MD5_SIZE))
  336. {
  337. printf("HMAC MD5 #2 failed\n");
  338. goto end;
  339. }
  340. data_str = "Hi There";
  341. key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
  342. bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
  343. ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
  344. bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
  345. hmac_sha1((const uint8_t *)data_str, 8,
  346. (const uint8_t *)key, SHA1_SIZE, dgst);
  347. if (memcmp(dgst, ct, SHA1_SIZE))
  348. {
  349. printf("HMAC SHA1 #1 failed\n");
  350. goto end;
  351. }
  352. data_str = "what do ya want for nothing?";
  353. key_str = "Jefe";
  354. ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
  355. bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
  356. hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
  357. if (memcmp(dgst, ct, SHA1_SIZE))
  358. {
  359. printf("HMAC SHA1 failed\n");
  360. exit(1);
  361. }
  362. res = 0;
  363. printf("All HMAC tests passed\n");
  364. end:
  365. return res;
  366. }
  367. /**************************************************************************
  368. * BIGINT tests
  369. *
  370. **************************************************************************/
  371. static int BIGINT_test(BI_CTX *ctx)
  372. {
  373. int res = 1;
  374. bigint *bi_data, *bi_exp, *bi_res;
  375. const char *expnt, *plaintext, *mod;
  376. uint8_t compare[MAX_KEY_BYTE_SIZE];
  377. /**
  378. * 512 bit key
  379. */
  380. plaintext = /* 64 byte number */
  381. "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
  382. mod = "C30773C8ABE09FCC279EE0E5343370DE"
  383. "8B2FFDB6059271E3005A7CEEF0D35E0A"
  384. "1F9915D95E63560836CC2EB2C289270D"
  385. "BCAE8CAF6F5E907FC2759EE220071E1B";
  386. expnt = "A1E556CD1738E10DF539E35101334E97"
  387. "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
  388. "F3140F5091CC535CBAA47CEC4159EE1F"
  389. "B6A3661AFF1AB758426EAB158452A9B9";
  390. bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
  391. bi_exp = int_to_bi(ctx, 0x10001);
  392. bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
  393. bi_res = bi_mod_power(ctx, bi_data, bi_exp);
  394. bi_data = bi_res; /* resuse again - see if we get the original */
  395. bi_exp = bi_str_import(ctx, expnt);
  396. bi_res = bi_mod_power(ctx, bi_data, bi_exp);
  397. bi_free_mod(ctx, 0);
  398. bi_export(ctx, bi_res, compare, 64);
  399. if (memcmp(plaintext, compare, 64) != 0)
  400. goto end;
  401. printf("All BIGINT tests passed\n");
  402. res = 0;
  403. end:
  404. return res;
  405. }
  406. /**************************************************************************
  407. * RSA tests
  408. *
  409. * Use the results from openssl to verify PKCS1 etc
  410. **************************************************************************/
  411. static int RSA_test(void)
  412. {
  413. int res = 1;
  414. const char *plaintext = /* 128 byte hex number */
  415. "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
  416. "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
  417. uint8_t enc_data[128], dec_data[128];
  418. RSA_CTX *rsa_ctx = NULL;
  419. BI_CTX *bi_ctx;
  420. bigint *plaintext_bi;
  421. bigint *enc_data_bi, *dec_data_bi;
  422. uint8_t enc_data2[128], dec_data2[128];
  423. int size;
  424. int len;
  425. uint8_t *buf;
  426. /* extract the private key elements */
  427. len = get_file("../ssl/test/axTLS.key_1024", &buf);
  428. if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
  429. {
  430. goto end;
  431. }
  432. free(buf);
  433. bi_ctx = rsa_ctx->bi_ctx;
  434. plaintext_bi = bi_import(bi_ctx,
  435. (const uint8_t *)plaintext, strlen(plaintext));
  436. /* basic rsa encrypt */
  437. enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
  438. bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
  439. /* basic rsa decrypt */
  440. dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
  441. bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
  442. if (memcmp(dec_data, plaintext, strlen(plaintext)))
  443. {
  444. printf("Error: DECRYPT #1 failed\n");
  445. goto end;
  446. }
  447. RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
  448. size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
  449. if (memcmp("abc", dec_data2, 3))
  450. {
  451. printf("Error: ENCRYPT/DECRYPT #2 failed\n");
  452. goto end;
  453. }
  454. RSA_free(rsa_ctx);
  455. res = 0;
  456. printf("All RSA tests passed\n");
  457. end:
  458. return res;
  459. }
  460. /**************************************************************************
  461. * Cert Testing
  462. *
  463. **************************************************************************/
  464. static int cert_tests(void)
  465. {
  466. int res = -1, len;
  467. X509_CTX *x509_ctx;
  468. SSL_CTX *ssl_ctx;
  469. uint8_t *buf;
  470. /* check a bunch of 3rd party certificates */
  471. ssl_ctx = ssl_ctx_new(0, 0);
  472. len = get_file("../ssl/test/microsoft.x509_ca", &buf);
  473. if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
  474. {
  475. printf("Cert #1\n");
  476. ssl_display_error(res);
  477. goto bad_cert;
  478. }
  479. ssl_ctx_free(ssl_ctx);
  480. free(buf);
  481. ssl_ctx = ssl_ctx_new(0, 0);
  482. len = get_file("../ssl/test/thawte.x509_ca", &buf);
  483. if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
  484. {
  485. printf("Cert #2\n");
  486. ssl_display_error(res);
  487. goto bad_cert;
  488. }
  489. ssl_ctx_free(ssl_ctx);
  490. free(buf);
  491. ssl_ctx = ssl_ctx_new(0, 0);
  492. len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
  493. if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
  494. {
  495. printf("Cert #3\n");
  496. ssl_display_error(res);
  497. goto bad_cert;
  498. }
  499. ssl_ctx_free(ssl_ctx);
  500. free(buf);
  501. ssl_ctx = ssl_ctx_new(0, 0);
  502. len = get_file("../ssl/test/equifax.x509_ca", &buf);
  503. if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
  504. {
  505. printf("Cert #4\n");
  506. ssl_display_error(res);
  507. goto bad_cert;
  508. }
  509. ssl_ctx_free(ssl_ctx);
  510. free(buf);
  511. ssl_ctx = ssl_ctx_new(0, 0);
  512. len = get_file("../ssl/test/gnutls.cer", &buf);
  513. if ((res = add_cert(ssl_ctx, buf, len)) < 0)
  514. {
  515. printf("Cert #5\n");
  516. ssl_display_error(res);
  517. goto bad_cert;
  518. }
  519. ssl_ctx_free(ssl_ctx);
  520. free(buf);
  521. ssl_ctx = ssl_ctx_new(0, 0);
  522. len = get_file("../ssl/test/socgen.cer", &buf);
  523. if ((res = add_cert(ssl_ctx, buf, len)) < 0)
  524. {
  525. printf("Cert #6\n");
  526. ssl_display_error(res);
  527. goto bad_cert;
  528. }
  529. ssl_ctx_free(ssl_ctx);
  530. free(buf);
  531. ssl_ctx = ssl_ctx_new(0, 0);
  532. len = get_file("../ssl/test/verisign.x509_ca", &buf);
  533. if ((res = add_cert_auth(ssl_ctx, buf, len)) <0)
  534. {
  535. printf("Cert #7\n");
  536. ssl_display_error(res);
  537. goto bad_cert;
  538. }
  539. ssl_ctx_free(ssl_ctx);
  540. free(buf);
  541. if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
  542. x509_new(buf, &len, &x509_ctx))
  543. {
  544. printf("Cert #8\n");
  545. ssl_display_error(res);
  546. goto bad_cert;
  547. }
  548. x509_free(x509_ctx);
  549. free(buf);
  550. ssl_ctx = ssl_ctx_new(0, 0);
  551. if ((res = ssl_obj_load(ssl_ctx,
  552. SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
  553. {
  554. ssl_display_error(res);
  555. goto bad_cert;
  556. }
  557. ssl_ctx_free(ssl_ctx);
  558. res = 0; /* all ok */
  559. printf("All Certificate tests passed\n");
  560. bad_cert:
  561. if (res)
  562. printf("Error: A certificate test failed\n");
  563. return res;
  564. }
  565. /**
  566. * init a server socket.
  567. */
  568. static int server_socket_init(int *port)
  569. {
  570. struct sockaddr_in serv_addr;
  571. int server_fd;
  572. char yes = 1;
  573. /* Create socket for incoming connections */
  574. if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
  575. {
  576. return -1;
  577. }
  578. setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
  579. go_again:
  580. /* Construct local address structure */
  581. memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */
  582. serv_addr.sin_family = AF_INET; /* Internet address family */
  583. serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
  584. serv_addr.sin_port = htons(*port); /* Local port */
  585. /* Bind to the local address */
  586. if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
  587. {
  588. (*port)++;
  589. goto go_again;
  590. }
  591. /* Mark the socket so it will listen for incoming connections */
  592. if (listen(server_fd, 3000) < 0)
  593. {
  594. return -1;
  595. }
  596. return server_fd;
  597. }
  598. /**
  599. * init a client socket.
  600. */
  601. static int client_socket_init(uint16_t port)
  602. {
  603. struct sockaddr_in address;
  604. int client_fd;
  605. address.sin_family = AF_INET;
  606. address.sin_port = htons(port);
  607. address.sin_addr.s_addr = inet_addr("127.0.0.1");
  608. client_fd = socket(AF_INET, SOCK_STREAM, 0);
  609. if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
  610. {
  611. perror("socket");
  612. SOCKET_CLOSE(client_fd);
  613. client_fd = -1;
  614. }
  615. return client_fd;
  616. }
  617. /**************************************************************************
  618. * SSL Server Testing
  619. *
  620. **************************************************************************/
  621. typedef struct
  622. {
  623. /* not used as yet */
  624. int dummy;
  625. } SVR_CTX;
  626. typedef struct
  627. {
  628. const char *testname;
  629. const char *openssl_option;
  630. } client_t;
  631. static void do_client(client_t *clnt)
  632. {
  633. char openssl_buf[2048];
  634. /* make sure the main thread goes first */
  635. sleep(0);
  636. /* show the session ids in the reconnect test */
  637. if (strcmp(clnt->testname, "Session Reuse") == 0)
  638. {
  639. sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
  640. "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"",
  641. g_port, clnt->openssl_option);
  642. }
  643. else
  644. {
  645. sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
  646. #ifdef WIN32
  647. "-connect localhost:%d -quiet %s",
  648. #else
  649. "-connect localhost:%d -quiet %s > /dev/null 2>&1",
  650. #endif
  651. g_port, clnt->openssl_option);
  652. }
  653. system(openssl_buf);
  654. }
  655. static int SSL_server_test(
  656. const char *testname,
  657. const char *openssl_option,
  658. const char *device_cert,
  659. const char *product_cert,
  660. const char *private_key,
  661. const char *ca_cert,
  662. const char *password,
  663. int axtls_option)
  664. {
  665. int server_fd, ret = 0;
  666. SSL_CTX *ssl_ctx = NULL;
  667. struct sockaddr_in client_addr;
  668. uint8_t *read_buf;
  669. socklen_t clnt_len = sizeof(client_addr);
  670. client_t client_data;
  671. #ifndef WIN32
  672. pthread_t thread;
  673. #endif
  674. g_port++;
  675. client_data.testname = testname;
  676. client_data.openssl_option = openssl_option;
  677. if ((server_fd = server_socket_init(&g_port)) < 0)
  678. goto error;
  679. if (private_key)
  680. {
  681. axtls_option |= SSL_NO_DEFAULT_KEY;
  682. }
  683. if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
  684. {
  685. ret = SSL_ERROR_INVALID_KEY;
  686. goto error;
  687. }
  688. if (private_key)
  689. {
  690. int obj_type = SSL_OBJ_RSA_KEY;
  691. if (strstr(private_key, ".p8"))
  692. obj_type = SSL_OBJ_PKCS8;
  693. else if (strstr(private_key, ".p12"))
  694. obj_type = SSL_OBJ_PKCS12;
  695. if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
  696. {
  697. ret = SSL_ERROR_INVALID_KEY;
  698. goto error;
  699. }
  700. }
  701. if (device_cert) /* test chaining */
  702. {
  703. if ((ret = ssl_obj_load(ssl_ctx,
  704. SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
  705. goto error;
  706. }
  707. if (product_cert) /* test chaining */
  708. {
  709. if ((ret = ssl_obj_load(ssl_ctx,
  710. SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
  711. goto error;
  712. }
  713. if (ca_cert) /* test adding certificate authorities */
  714. {
  715. if ((ret = ssl_obj_load(ssl_ctx,
  716. SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
  717. goto error;
  718. }
  719. #ifndef WIN32
  720. pthread_create(&thread, NULL,
  721. (void *(*)(void *))do_client, (void *)&client_data);
  722. pthread_detach(thread);
  723. #else
  724. CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client,
  725. (LPVOID)&client_data, 0, NULL);
  726. #endif
  727. for (;;)
  728. {
  729. int client_fd, size = 0;
  730. SSL *ssl;
  731. /* Wait for a client to connect */
  732. if ((client_fd = accept(server_fd,
  733. (struct sockaddr *)&client_addr, &clnt_len)) < 0)
  734. {
  735. ret = SSL_ERROR_SOCK_SETUP_FAILURE;
  736. goto error;
  737. }
  738. /* we are ready to go */
  739. ssl = ssl_server_new(ssl_ctx, client_fd);
  740. while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
  741. SOCKET_CLOSE(client_fd);
  742. if (size < SSL_OK) /* got some alert or something nasty */
  743. {
  744. ret = size;
  745. if (ret == SSL_ERROR_CONN_LOST)
  746. {
  747. ret = SSL_OK;
  748. continue;
  749. }
  750. break; /* we've got a problem */
  751. }
  752. else /* looks more promising */
  753. {
  754. if (strstr("hello client", (char *)read_buf) == NULL)
  755. {
  756. printf("SSL server test \"%s\" passed\n", testname);
  757. TTY_FLUSH();
  758. ret = 0;
  759. break;
  760. }
  761. }
  762. ssl_free(ssl);
  763. }
  764. SOCKET_CLOSE(server_fd);
  765. error:
  766. ssl_ctx_free(ssl_ctx);
  767. return ret;
  768. }
  769. int SSL_server_tests(void)
  770. {
  771. int ret = -1;
  772. struct stat stat_buf;
  773. SVR_CTX svr_test_ctx;
  774. memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
  775. printf("### starting server tests\n"); TTY_FLUSH();
  776. /* Go through the algorithms */
  777. /*
  778. * TLS1 client hello
  779. */
  780. if ((ret = SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1",
  781. NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
  782. goto cleanup;
  783. /*
  784. * AES128-SHA
  785. */
  786. if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
  787. DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
  788. DEFAULT_SVR_OPTION)))
  789. goto cleanup;
  790. /*
  791. * AES256-SHA
  792. */
  793. if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA",
  794. DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
  795. DEFAULT_SVR_OPTION)))
  796. goto cleanup;
  797. /*
  798. * RC4-SHA
  799. */
  800. if ((ret = SSL_server_test("RC4-SHA", "-cipher RC4-SHA",
  801. DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
  802. DEFAULT_SVR_OPTION)))
  803. goto cleanup;
  804. /*
  805. * RC4-MD5
  806. */
  807. if ((ret = SSL_server_test("RC4-MD5", "-cipher RC4-MD5",
  808. DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
  809. DEFAULT_SVR_OPTION)))
  810. goto cleanup;
  811. /*
  812. * Session Reuse
  813. * all the session id's should match for session resumption.
  814. */
  815. if ((ret = SSL_server_test("Session Reuse",
  816. "-cipher RC4-SHA -reconnect",
  817. DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
  818. DEFAULT_SVR_OPTION)))
  819. goto cleanup;
  820. /*
  821. * 512 bit RSA key
  822. */
  823. if ((ret = SSL_server_test("512 bit key", "-cipher RC4-SHA",
  824. "../ssl/test/axTLS.x509_512.cer", NULL,
  825. "../ssl/test/axTLS.key_512",
  826. NULL, NULL, DEFAULT_SVR_OPTION)))
  827. goto cleanup;
  828. /*
  829. * 1024 bit RSA key (check certificate chaining)
  830. */
  831. if ((ret = SSL_server_test("1024 bit key",
  832. "-cipher RC4-SHA",
  833. "../ssl/test/axTLS.x509_device.cer",
  834. "../ssl/test/axTLS.x509_512.cer",
  835. "../ssl/test/axTLS.device_key",
  836. NULL, NULL, DEFAULT_SVR_OPTION)))
  837. goto cleanup;
  838. /*
  839. * 2048 bit RSA key
  840. */
  841. if ((ret = SSL_server_test("2048 bit key",
  842. "-cipher RC4-SHA",
  843. "../ssl/test/axTLS.x509_2048.cer", NULL,
  844. "../ssl/test/axTLS.key_2048",
  845. NULL, NULL, DEFAULT_SVR_OPTION)))
  846. goto cleanup;
  847. /*
  848. * 4096 bit RSA key
  849. */
  850. if ((ret = SSL_server_test("4096 bit key",
  851. "-cipher RC4-SHA",
  852. "../ssl/test/axTLS.x509_4096.cer", NULL,
  853. "../ssl/test/axTLS.key_4096",
  854. NULL, NULL, DEFAULT_SVR_OPTION)))
  855. goto cleanup;
  856. /*
  857. * Client Verification
  858. */
  859. if ((ret = SSL_server_test("Client Verification",
  860. "-cipher RC4-SHA -tls1 "
  861. "-cert ../ssl/test/axTLS.x509_2048.pem "
  862. "-key ../ssl/test/axTLS.key_2048.pem ",
  863. NULL, NULL, NULL,
  864. "../ssl/test/axTLS.ca_x509.cer", NULL,
  865. DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
  866. goto cleanup;
  867. /* this test should fail */
  868. if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
  869. {
  870. if ((ret = SSL_server_test("Error: Bad Before Cert",
  871. "-cipher RC4-SHA -tls1 "
  872. "-cert ../ssl/test/axTLS.x509_bad_before.pem "
  873. "-key ../ssl/test/axTLS.key_512.pem ",
  874. NULL, NULL, NULL,
  875. "../ssl/test/axTLS.ca_x509.cer", NULL,
  876. DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
  877. SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
  878. goto cleanup;
  879. printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
  880. TTY_FLUSH();
  881. ret = 0; /* is ok */
  882. }
  883. /* this test should fail */
  884. if ((ret = SSL_server_test("Error: Bad After Cert",
  885. "-cipher RC4-SHA -tls1 "
  886. "-cert ../ssl/test/axTLS.x509_bad_after.pem "
  887. "-key ../ssl/test/axTLS.key_512.pem ",
  888. NULL, NULL, NULL,
  889. "../ssl/test/axTLS.ca_x509.cer", NULL,
  890. DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
  891. SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
  892. goto cleanup;
  893. printf("SSL server test \"%s\" passed\n", "Bad After Cert");
  894. TTY_FLUSH();
  895. /*
  896. * No trusted cert
  897. */
  898. if ((ret = SSL_server_test("Error: No trusted certificate",
  899. "-cipher RC4-SHA -tls1 "
  900. "-cert ../ssl/test/axTLS.x509_512.pem "
  901. "-key ../ssl/test/axTLS.key_512.pem ",
  902. NULL, NULL, NULL,
  903. NULL, NULL,
  904. DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
  905. SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
  906. goto cleanup;
  907. printf("SSL server test \"%s\" passed\n", "No trusted certificate");
  908. TTY_FLUSH();
  909. /*
  910. * Self-signed (from the server)
  911. */
  912. if ((ret = SSL_server_test("Error: Self-signed certificate (from server)",
  913. "-cipher RC4-SHA -tls1 "
  914. "-cert ../ssl/test/axTLS.x509_512.pem "
  915. "-key ../ssl/test/axTLS.key_512.pem "
  916. "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
  917. NULL, NULL, NULL,
  918. NULL, NULL,
  919. DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
  920. SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
  921. goto cleanup;
  922. printf("SSL server test \"%s\" passed\n",
  923. "Self-signed certificate (from server)");
  924. TTY_FLUSH();
  925. /*
  926. * Self-signed (from the client)
  927. */
  928. if ((ret = SSL_server_test("Self-signed certificate (from client)",
  929. "-cipher RC4-SHA -tls1 "
  930. "-cert ../ssl/test/axTLS.x509_512.pem "
  931. "-key ../ssl/test/axTLS.key_512.pem ",
  932. NULL, NULL, NULL,
  933. "../ssl/test/axTLS.ca_x509.cer",
  934. NULL,
  935. DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
  936. goto cleanup;
  937. /*
  938. * Key in PEM format
  939. */
  940. if ((ret = SSL_server_test("Key in PEM format",
  941. "-cipher RC4-SHA",
  942. "../ssl/test/axTLS.x509_512.cer", NULL,
  943. "../ssl/test/axTLS.key_512.pem", NULL,
  944. NULL, DEFAULT_SVR_OPTION)))
  945. goto cleanup;
  946. /*
  947. * Cert in PEM format
  948. */
  949. if ((ret = SSL_server_test("Cert in PEM format",
  950. "-cipher RC4-SHA",
  951. "../ssl/test/axTLS.x509_512.pem", NULL,
  952. "../ssl/test/axTLS.key_512.pem", NULL,
  953. NULL, DEFAULT_SVR_OPTION)))
  954. goto cleanup;
  955. /*
  956. * Cert chain in PEM format
  957. */
  958. if ((ret = SSL_server_test("Cert chain in PEM format",
  959. "-cipher RC4-SHA",
  960. "../ssl/test/axTLS.x509_device.pem",
  961. NULL, "../ssl/test/axTLS.device_key.pem",
  962. "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
  963. goto cleanup;
  964. /*
  965. * AES128 Encrypted key
  966. */
  967. if ((ret = SSL_server_test("AES128 encrypted key",
  968. "-cipher RC4-SHA",
  969. "../ssl/test/axTLS.x509_aes128.pem", NULL,
  970. "../ssl/test/axTLS.key_aes128.pem",
  971. NULL, "abcd", DEFAULT_SVR_OPTION)))
  972. goto cleanup;
  973. /*
  974. * AES256 Encrypted key
  975. */
  976. if ((ret = SSL_server_test("AES256 encrypted key",
  977. "-cipher RC4-SHA",
  978. "../ssl/test/axTLS.x509_aes256.pem", NULL,
  979. "../ssl/test/axTLS.key_aes256.pem",
  980. NULL, "abcd", DEFAULT_SVR_OPTION)))
  981. goto cleanup;
  982. /*
  983. * AES128 Encrypted invalid key
  984. */
  985. if ((ret = SSL_server_test("AES128 encrypted invalid key",
  986. "-cipher RC4-SHA",
  987. "../ssl/test/axTLS.x509_aes128.pem", NULL,
  988. "../ssl/test/axTLS.key_aes128.pem",
  989. NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
  990. goto cleanup;
  991. printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
  992. TTY_FLUSH();
  993. /*
  994. * PKCS#8 key (encrypted)
  995. */
  996. if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA",
  997. DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8",
  998. NULL, "abcd", DEFAULT_SVR_OPTION)))
  999. goto cleanup;
  1000. /*
  1001. * PKCS#8 key (unencrypted)
  1002. */
  1003. if ((ret = SSL_server_test("pkcs#8 unencrypted", "-cipher RC4-SHA",
  1004. DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8",
  1005. NULL, NULL, DEFAULT_SVR_OPTION)))
  1006. goto cleanup;
  1007. /*
  1008. * PKCS#12 key/certificate
  1009. */
  1010. if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA",
  1011. NULL, NULL, "../ssl/test/axTLS.withCA.p12",
  1012. NULL, "abcd", DEFAULT_SVR_OPTION)))
  1013. goto cleanup;
  1014. if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA",
  1015. DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12",
  1016. NULL, "abcd", DEFAULT_SVR_OPTION)))
  1017. goto cleanup;
  1018. ret = 0;
  1019. cleanup:
  1020. if (ret)
  1021. {
  1022. printf("Error: A server test failed\n");
  1023. ssl_display_error(ret);
  1024. exit(1);
  1025. }
  1026. else
  1027. {
  1028. printf("All server tests passed\n"); TTY_FLUSH();
  1029. }
  1030. return ret;
  1031. }
  1032. /**************************************************************************
  1033. * SSL Client Testing
  1034. *
  1035. **************************************************************************/
  1036. typedef struct
  1037. {
  1038. uint8_t session_id[SSL_SESSION_ID_SIZE];
  1039. #ifndef WIN32
  1040. pthread_t server_thread;
  1041. #endif
  1042. int start_server;
  1043. int stop_server;
  1044. int do_reneg;
  1045. } CLNT_SESSION_RESUME_CTX;
  1046. typedef struct
  1047. {
  1048. const char *testname;
  1049. const char *openssl_option;
  1050. } server_t;
  1051. static void do_server(server_t *svr)
  1052. {
  1053. char openssl_buf[2048];
  1054. #ifndef WIN32
  1055. pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
  1056. #endif
  1057. sprintf(openssl_buf, "openssl s_server -tls1 "
  1058. "-accept %d -quiet %s ", g_port, svr->openssl_option);
  1059. system(openssl_buf);
  1060. }
  1061. static int SSL_client_test(
  1062. const char *test,
  1063. SSL_CTX **ssl_ctx,
  1064. const char *openssl_option,
  1065. CLNT_SESSION_RESUME_CTX *sess_resume,
  1066. uint32_t client_options,
  1067. const char *private_key,
  1068. const char *password,
  1069. const char *cert)
  1070. {
  1071. server_t server_data;
  1072. SSL *ssl = NULL;
  1073. int client_fd = -1;
  1074. uint8_t *session_id = NULL;
  1075. int ret = 1;
  1076. #ifndef WIN32
  1077. pthread_t thread;
  1078. #endif
  1079. if (sess_resume == NULL || sess_resume->start_server)
  1080. {
  1081. g_port++;
  1082. server_data.openssl_option = openssl_option;
  1083. #ifndef WIN32
  1084. pthread_create(&thread, NULL,
  1085. (void *(*)(void *))do_server, (void *)&server_data);
  1086. pthread_detach(thread);
  1087. #else
  1088. CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server,
  1089. (LPVOID)&server_data, 0, NULL);
  1090. #endif
  1091. }
  1092. usleep(200000); /* allow server to start */
  1093. if (*ssl_ctx == NULL)
  1094. {
  1095. if (private_key)
  1096. {
  1097. client_options |= SSL_NO_DEFAULT_KEY;
  1098. }
  1099. if ((*ssl_ctx = ssl_ctx_new(
  1100. client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
  1101. {
  1102. ret = SSL_ERROR_INVALID_KEY;
  1103. goto client_test_exit;
  1104. }
  1105. if (private_key)
  1106. {
  1107. int obj_type = SSL_OBJ_RSA_KEY;
  1108. if (strstr(private_key, ".p8"))
  1109. obj_type = SSL_OBJ_PKCS8;
  1110. else if (strstr(private_key, ".p12"))
  1111. obj_type = SSL_OBJ_PKCS12;
  1112. if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
  1113. {
  1114. ret = SSL_ERROR_INVALID_KEY;
  1115. goto client_test_exit;
  1116. }
  1117. }
  1118. if (cert)
  1119. {
  1120. if ((ret = ssl_obj_load(*ssl_ctx,
  1121. SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
  1122. {
  1123. printf("could not add cert %s (%d)\n", cert, ret);
  1124. TTY_FLUSH();
  1125. goto client_test_exit;
  1126. }
  1127. }
  1128. if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT,
  1129. "../ssl/test/axTLS.ca_x509.cer", NULL))
  1130. {
  1131. printf("could not add cert auth\n"); TTY_FLUSH();
  1132. goto client_test_exit;
  1133. }
  1134. }
  1135. if (sess_resume && !sess_resume->start_server)
  1136. {
  1137. session_id = sess_resume->session_id;
  1138. }
  1139. if ((client_fd = client_socket_init(g_port)) < 0)
  1140. {
  1141. printf("could not start socket on %d\n", g_port); TTY_FLUSH();
  1142. goto client_test_exit;
  1143. }
  1144. ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
  1145. /* check the return status */
  1146. if ((ret = ssl_handshake_status(ssl)))
  1147. goto client_test_exit;
  1148. /* renegotiate client */
  1149. if (sess_resume && sess_resume->do_reneg)
  1150. {
  1151. if (ssl_renegotiate(ssl) < 0)
  1152. goto client_test_exit;
  1153. }
  1154. if (sess_resume)
  1155. {
  1156. memcpy(sess_resume->session_id,
  1157. ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
  1158. }
  1159. if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) &&
  1160. (ret = ssl_verify_cert(ssl)))
  1161. {
  1162. goto client_test_exit;
  1163. }
  1164. ssl_write(ssl, (uint8_t *)"hello world\n", 13);
  1165. if (sess_resume)
  1166. {
  1167. const uint8_t *sess_id = ssl_get_session_id(ssl);
  1168. int i;
  1169. printf(" Session-ID: ");
  1170. for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
  1171. {
  1172. printf("%02X", sess_id[i]);
  1173. }
  1174. printf("\n");
  1175. TTY_FLUSH();
  1176. }
  1177. ret = 0;
  1178. client_test_exit:
  1179. ssl_free(ssl);
  1180. SOCKET_CLOSE(client_fd);
  1181. usleep(200000); /* allow openssl to say something */
  1182. if (sess_resume)
  1183. {
  1184. if (sess_resume->stop_server)
  1185. {
  1186. ssl_ctx_free(*ssl_ctx);
  1187. *ssl_ctx = NULL;
  1188. #ifndef WIN32
  1189. pthread_cancel(sess_resume->server_thread);
  1190. #endif
  1191. }
  1192. else if (sess_resume->start_server)
  1193. {
  1194. #ifndef WIN32
  1195. sess_resume->server_thread = thread;
  1196. #endif
  1197. }
  1198. }
  1199. else
  1200. {
  1201. ssl_ctx_free(*ssl_ctx);
  1202. *ssl_ctx = NULL;
  1203. #ifndef WIN32
  1204. pthread_cancel(thread);
  1205. #endif
  1206. }
  1207. if (ret == 0)
  1208. {
  1209. printf("SSL client test \"%s\" passed\n", test);
  1210. TTY_FLUSH();
  1211. }
  1212. return ret;
  1213. }
  1214. int SSL_client_tests(void)
  1215. {
  1216. int ret = -1;
  1217. SSL_CTX *ssl_ctx = NULL;
  1218. CLNT_SESSION_RESUME_CTX sess_resume;
  1219. memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
  1220. sess_resume.start_server = 1;
  1221. printf("### starting client tests\n");
  1222. if ((ret = SSL_client_test("512 bit key",
  1223. &ssl_ctx,
  1224. "-cert ../ssl/test/axTLS.x509_512.pem "
  1225. "-key ../ssl/test/axTLS.key_512.pem", &sess_resume,
  1226. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1227. goto cleanup;
  1228. /* all the session id's should match for session resumption */
  1229. sess_resume.start_server = 0;
  1230. if ((ret = SSL_client_test("Client session resumption #1",
  1231. &ssl_ctx, NULL, &sess_resume,
  1232. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1233. goto cleanup;
  1234. sess_resume.do_reneg = 1;
  1235. if ((ret = SSL_client_test("Client renegotiation",
  1236. &ssl_ctx, NULL, &sess_resume,
  1237. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1238. goto cleanup;
  1239. sess_resume.do_reneg = 0;
  1240. sess_resume.stop_server = 1;
  1241. if ((ret = SSL_client_test("Client session resumption #2",
  1242. &ssl_ctx, NULL, &sess_resume,
  1243. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1244. goto cleanup;
  1245. if ((ret = SSL_client_test("1024 bit key",
  1246. &ssl_ctx,
  1247. "-cert ../ssl/test/axTLS.x509_1024.pem "
  1248. "-key ../ssl/test/axTLS.key_1024.pem", NULL,
  1249. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1250. goto cleanup;
  1251. if ((ret = SSL_client_test("2048 bit key",
  1252. &ssl_ctx,
  1253. "-cert ../ssl/test/axTLS.x509_2048.pem "
  1254. "-key ../ssl/test/axTLS.key_2048.pem", NULL,
  1255. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1256. goto cleanup;
  1257. if ((ret = SSL_client_test("4096 bit key",
  1258. &ssl_ctx,
  1259. "-cert ../ssl/test/axTLS.x509_4096.pem "
  1260. "-key ../ssl/test/axTLS.key_4096.pem", NULL,
  1261. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1262. goto cleanup;
  1263. if ((ret = SSL_client_test("Server cert chaining",
  1264. &ssl_ctx,
  1265. "-cert ../ssl/test/axTLS.x509_device.pem "
  1266. "-key ../ssl/test/axTLS.device_key.pem "
  1267. "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL,
  1268. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
  1269. goto cleanup;
  1270. /* Check the server can verify the client */
  1271. if ((ret = SSL_client_test("Client peer authentication",
  1272. &ssl_ctx,
  1273. "-cert ../ssl/test/axTLS.x509_2048.pem "
  1274. "-key ../ssl/test/axTLS.key_2048.pem "
  1275. "-CAfile ../ssl/test/axTLS.ca_x509.pem "
  1276. "-verify 1 ", NULL, DEFAULT_CLNT_OPTION,
  1277. "../ssl/test/axTLS.key_1024", NULL,
  1278. "../ssl/test/axTLS.x509_1024.cer")))
  1279. goto cleanup;
  1280. /* Should get an "ERROR" from openssl (as the handshake fails as soon as
  1281. * the certificate verification fails) */
  1282. if ((ret = SSL_client_test("Error: Expired cert (verify now)",
  1283. &ssl_ctx,
  1284. "-cert ../ssl/test/axTLS.x509_bad_after.pem "
  1285. "-key ../ssl/test/axTLS.key_512.pem", NULL,
  1286. DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
  1287. SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
  1288. {
  1289. printf("*** Error: %d\n", ret);
  1290. goto cleanup;
  1291. }
  1292. printf("SSL client test \"Expired cert (verify now)\" passed\n");
  1293. /* There is no "ERROR" from openssl */
  1294. if ((ret = SSL_client_test("Error: Expired cert (verify later)",
  1295. &ssl_ctx,
  1296. "-cert ../ssl/test/axTLS.x509_bad_after.pem "
  1297. "-key ../ssl/test/axTLS.key_512.pem", NULL,
  1298. DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL,
  1299. NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
  1300. {
  1301. printf("*** Error: %d\n", ret);
  1302. goto cleanup;
  1303. }
  1304. printf("SSL client test \"Expired cert (verify later)\" passed\n");
  1305. ret = 0;
  1306. cleanup:
  1307. if (ret)
  1308. {
  1309. ssl_display_error(ret);
  1310. printf("Error: A client test failed\n");
  1311. exit(1);
  1312. }
  1313. else
  1314. {
  1315. printf("All client tests passed\n"); TTY_FLUSH();
  1316. }
  1317. return ret;
  1318. }
  1319. /**************************************************************************
  1320. * SSL Basic Testing (test a big packet handshake)
  1321. *
  1322. **************************************************************************/
  1323. static uint8_t basic_buf[256*1024];
  1324. static void do_basic(void)
  1325. {
  1326. int client_fd;
  1327. SSL *ssl_clnt;
  1328. SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
  1329. DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
  1330. usleep(200000); /* allow server to start */
  1331. if ((client_fd = client_socket_init(g_port)) < 0)
  1332. goto error;
  1333. if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
  1334. "../ssl/test/axTLS.ca_x509.cer", NULL))
  1335. goto error;
  1336. ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
  1337. /* check the return status */
  1338. if (ssl_handshake_status(ssl_clnt) < 0)
  1339. {
  1340. printf("YA YA\n");
  1341. ssl_display_error(ssl_handshake_status(ssl_clnt));
  1342. goto error;
  1343. }
  1344. ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
  1345. ssl_free(ssl_clnt);
  1346. error:
  1347. ssl_ctx_free(ssl_clnt_ctx);
  1348. SOCKET_CLOSE(client_fd);
  1349. /* exit this thread */
  1350. }
  1351. static int SSL_basic_test(void)
  1352. {
  1353. int server_fd, client_fd, ret = 0, size = 0, offset = 0;
  1354. SSL_CTX *ssl_svr_ctx = NULL;
  1355. struct sockaddr_in client_addr;
  1356. uint8_t *read_buf;
  1357. socklen_t clnt_len = sizeof(client_addr);
  1358. SSL *ssl_svr;
  1359. #ifndef WIN32
  1360. pthread_t thread;
  1361. #endif
  1362. memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
  1363. memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
  1364. if ((server_fd = server_socket_init(&g_port)) < 0)
  1365. goto error;
  1366. ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
  1367. #ifndef WIN32
  1368. pthread_create(&thread, NULL,
  1369. (void *(*)(void *))do_basic, NULL);
  1370. pthread_detach(thread);
  1371. #else
  1372. CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
  1373. #endif
  1374. /* Wait for a client to connect */
  1375. if ((client_fd = accept(server_fd,
  1376. (struct sockaddr *) &client_addr, &clnt_len)) < 0)
  1377. {
  1378. ret = SSL_ERROR_SOCK_SETUP_FAILURE;
  1379. goto error;
  1380. }
  1381. /* we are ready to go */
  1382. ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
  1383. do
  1384. {
  1385. while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
  1386. if (size < SSL_OK) /* got some alert or something nasty */
  1387. {
  1388. printf("Server ");
  1389. ssl_display_error(size);
  1390. ret = size;
  1391. break;
  1392. }
  1393. else /* looks more promising */
  1394. {
  1395. if (memcmp(read_buf, &basic_buf[offset], size) != 0)
  1396. {
  1397. ret = SSL_NOT_OK;
  1398. break;
  1399. }
  1400. }
  1401. offset += size;
  1402. } while (offset < sizeof(basic_buf));
  1403. printf(ret == SSL_OK && offset == sizeof(basic_buf) ?
  1404. "SSL basic test passed\n" :
  1405. "SSL basic test failed\n");
  1406. TTY_FLUSH();
  1407. ssl_free(ssl_svr);
  1408. SOCKET_CLOSE(server_fd);
  1409. SOCKET_CLOSE(client_fd);
  1410. error:
  1411. ssl_ctx_free(ssl_svr_ctx);
  1412. return ret;
  1413. }
  1414. #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
  1415. /**************************************************************************
  1416. * Multi-Threading Tests
  1417. *
  1418. **************************************************************************/
  1419. #define NUM_THREADS 100
  1420. typedef struct
  1421. {
  1422. SSL_CTX *ssl_clnt_ctx;
  1423. int port;
  1424. int thread_id;
  1425. } multi_t;
  1426. void do_multi_clnt(multi_t *multi_data)
  1427. {
  1428. int res = 1, client_fd, i;
  1429. SSL *ssl = NULL;
  1430. char tmp[5];
  1431. if ((client_fd = client_socket_init(multi_data->port)) < 0)
  1432. goto client_test_exit;
  1433. sleep(1);
  1434. ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
  1435. if ((res = ssl_handshake_status(ssl)))
  1436. {
  1437. printf("Client ");
  1438. ssl_display_error(res);
  1439. goto client_test_exit;
  1440. }
  1441. sprintf(tmp, "%d\n", multi_data->thread_id);
  1442. for (i = 0; i < 10; i++)
  1443. ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
  1444. client_test_exit:
  1445. ssl_free(ssl);
  1446. SOCKET_CLOSE(client_fd);
  1447. free(multi_data);
  1448. }
  1449. void do_multi_svr(SSL *ssl)
  1450. {
  1451. uint8_t *read_buf;
  1452. int *res_ptr = malloc(sizeof(int));
  1453. int res;
  1454. for (;;)
  1455. {
  1456. res = ssl_read(ssl, &read_buf);
  1457. /* kill the client */
  1458. if (res != SSL_OK)
  1459. {
  1460. if (res == SSL_ERROR_CONN_LOST)
  1461. {
  1462. SOCKET_CLOSE(ssl->client_fd);
  1463. ssl_free(ssl);
  1464. break;
  1465. }
  1466. else if (res > 0)
  1467. {
  1468. /* do nothing */
  1469. }
  1470. else /* some problem */
  1471. {
  1472. printf("Server ");
  1473. ssl_display_error(res);
  1474. goto error;
  1475. }
  1476. }
  1477. }
  1478. res = SSL_OK;
  1479. error:
  1480. *res_ptr = res;
  1481. pthread_exit(res_ptr);
  1482. }
  1483. int multi_thread_test(void)
  1484. {
  1485. int server_fd = -1;
  1486. SSL_CTX *ssl_server_ctx;
  1487. SSL_CTX *ssl_clnt_ctx;
  1488. pthread_t clnt_threads[NUM_THREADS];
  1489. pthread_t svr_threads[NUM_THREADS];
  1490. int i, res = 0;
  1491. struct sockaddr_in client_addr;
  1492. socklen_t clnt_len = sizeof(client_addr);
  1493. printf("Do multi-threading test (takes a minute)\n");
  1494. ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
  1495. ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
  1496. if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT,
  1497. "../ssl/test/axTLS.ca_x509.cer", NULL))
  1498. goto error;
  1499. if ((server_fd = server_socket_init(&g_port)) < 0)
  1500. goto error;
  1501. for (i = 0; i < NUM_THREADS; i++)
  1502. {
  1503. multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
  1504. multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
  1505. multi_data->port = g_port;
  1506. multi_data->thread_id = i+1;
  1507. pthread_create(&clnt_threads[i], NULL,
  1508. (void *(*)(void *))do_multi_clnt, (void *)multi_data);
  1509. pthread_detach(clnt_threads[i]);
  1510. }
  1511. for (i = 0; i < NUM_THREADS; i++)
  1512. {
  1513. SSL *ssl_svr;
  1514. int client_fd = accept(server_fd,
  1515. (struct sockaddr *)&client_addr, &clnt_len);
  1516. if (client_fd < 0)
  1517. goto error;
  1518. ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
  1519. pthread_create(&svr_threads[i], NULL,
  1520. (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
  1521. }
  1522. /* make sure we've run all of the threads */
  1523. for (i = 0; i < NUM_THREADS; i++)
  1524. {
  1525. void *thread_res;
  1526. pthread_join(svr_threads[i], &thread_res);
  1527. if (*((int *)thread_res) != 0)
  1528. res = 1;
  1529. free(thread_res);
  1530. }
  1531. if (res)
  1532. goto error;
  1533. printf("Multi-thread test passed (%d)\n", NUM_THREADS);
  1534. error:
  1535. ssl_ctx_free(ssl_server_ctx);
  1536. ssl_ctx_free(ssl_clnt_ctx);
  1537. SOCKET_CLOSE(server_fd);
  1538. return res;
  1539. }
  1540. #endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */
  1541. /**************************************************************************
  1542. * Header issue
  1543. *
  1544. **************************************************************************/
  1545. static void do_header_issue(void)
  1546. {
  1547. char axtls_buf[2048];
  1548. #ifndef WIN32
  1549. pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
  1550. #endif
  1551. sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
  1552. system(axtls_buf);
  1553. }
  1554. static int header_issue(void)
  1555. {
  1556. FILE *f = fopen("../ssl/test/header_issue.dat", "r");
  1557. int server_fd = -1, client_fd = -1, ret = 1;
  1558. uint8_t buf[2048];
  1559. int size = 0;
  1560. struct sockaddr_in client_addr;
  1561. socklen_t clnt_len = sizeof(client_addr);
  1562. #ifndef WIN32
  1563. pthread_t thread;
  1564. #endif
  1565. if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
  1566. goto error;
  1567. #ifndef WIN32
  1568. pthread_create(&thread, NULL,
  1569. (void *(*)(void *))do_header_issue, NULL);
  1570. pthread_detach(thread);
  1571. #else
  1572. CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue,
  1573. NULL, 0, NULL);
  1574. #endif
  1575. if ((client_fd = accept(server_fd,
  1576. (struct sockaddr *) &client_addr, &clnt_len)) < 0)
  1577. {
  1578. ret = SSL_ERROR_SOCK_SETUP_FAILURE;
  1579. goto error;
  1580. }
  1581. size = fread(buf, 1, sizeof(buf), f);
  1582. SOCKET_WRITE(client_fd, buf, size);
  1583. usleep(200000);
  1584. ret = 0;
  1585. error:
  1586. fclose(f);
  1587. SOCKET_CLOSE(client_fd);
  1588. SOCKET_CLOSE(server_fd);
  1589. TTY_FLUSH();
  1590. system("killall axssl");
  1591. return ret;
  1592. }
  1593. /**************************************************************************
  1594. * main()
  1595. *
  1596. **************************************************************************/
  1597. int main(int argc, char *argv[])
  1598. {
  1599. int ret = 1;
  1600. BI_CTX *bi_ctx;
  1601. int fd;
  1602. #ifdef WIN32
  1603. WSADATA wsaData;
  1604. WORD wVersionRequested = MAKEWORD(2, 2);
  1605. WSAStartup(wVersionRequested, &wsaData);
  1606. fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
  1607. dup2(fd, 2); /* write stderr to this file */
  1608. #else
  1609. fd = open("/dev/null", O_WRONLY); /* write stderr to /dev/null */
  1610. signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */
  1611. dup2(fd, 2);
  1612. #endif
  1613. /* can't do testing in this mode */
  1614. #if defined CONFIG_SSL_GENERATE_X509_CERT
  1615. printf("Error: Must compile with default key/certificates\n");
  1616. exit(1);
  1617. #endif
  1618. bi_ctx = bi_initialize();
  1619. if (AES_test(bi_ctx))
  1620. {
  1621. printf("AES tests failed\n");
  1622. goto cleanup;
  1623. }
  1624. TTY_FLUSH();
  1625. if (RC4_test(bi_ctx))
  1626. {
  1627. printf("RC4 tests failed\n");
  1628. goto cleanup;
  1629. }
  1630. TTY_FLUSH();
  1631. if (MD5_test(bi_ctx))
  1632. {
  1633. printf("MD5 tests failed\n");
  1634. goto cleanup;
  1635. }
  1636. TTY_FLUSH();
  1637. if (SHA1_test(bi_ctx))
  1638. {
  1639. printf("SHA1 tests failed\n");
  1640. goto cleanup;
  1641. }
  1642. TTY_FLUSH();
  1643. if (HMAC_test(bi_ctx))
  1644. {
  1645. printf("HMAC tests failed\n");
  1646. goto cleanup;
  1647. }
  1648. TTY_FLUSH();
  1649. if (BIGINT_test(bi_ctx))
  1650. {
  1651. printf("BigInt tests failed!\n");
  1652. goto cleanup;
  1653. }
  1654. TTY_FLUSH();
  1655. bi_terminate(bi_ctx);
  1656. if (RSA_test())
  1657. {
  1658. printf("RSA tests failed\n");
  1659. goto cleanup;
  1660. }
  1661. TTY_FLUSH();
  1662. if (cert_tests())
  1663. {
  1664. printf("CERT tests failed\n");
  1665. goto cleanup;
  1666. }
  1667. TTY_FLUSH();
  1668. #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
  1669. if (multi_thread_test())
  1670. goto cleanup;
  1671. #endif
  1672. if (SSL_basic_test())
  1673. goto cleanup;
  1674. system("sh ../ssl/test/killopenssl.sh");
  1675. if (SSL_client_tests())
  1676. goto cleanup;
  1677. system("sh ../ssl/test/killopenssl.sh");
  1678. if (SSL_server_tests())
  1679. goto cleanup;
  1680. system("sh ../ssl/test/killopenssl.sh");
  1681. if (header_issue())
  1682. {
  1683. printf("Header tests failed\n"); TTY_FLUSH();
  1684. goto cleanup;
  1685. }
  1686. ret = 0; /* all ok */
  1687. printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
  1688. cleanup:
  1689. if (ret)
  1690. printf("Error: Some tests failed!\n");
  1691. close(fd);
  1692. return ret;
  1693. }