userapps/opensource/ipsec-tools/src/racoon/eaytest.c

   1 /* $Id: eaytest.c,v 1.20 2004/11/18 15:14:44 ludvigm Exp $ */
   2
   3 /*
   4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  * 3. Neither the name of the project nor the names of its contributors
  16  *    may be used to endorse or promote products derived from this software
  17  *    without specific prior written permission.
  18  *
  19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29  * SUCH DAMAGE.
  30  */
  31
  32 #include "config.h"
  33
  34 #include <sys/types.h>
  35 #include <sys/stat.h>
  36 #include <sys/socket.h>
  37
  38 #include <netinet/in.h>
  39
  40 #include <stdlib.h>
  41 #include <stdio.h>
  42 #include <string.h>
  43 #include <limits.h>
  44 #include <dirent.h>
  45 #include <fcntl.h>
  46 #include <unistd.h>
  47 #include <err.h>
  48
  49 #include <openssl/bio.h>
  50 #include <openssl/pem.h>
  51
  52 #include "var.h"
  53 #include "vmbuf.h"
  54 #include "misc.h"
  55 #include "debug.h"
  56 #include "str2val.h"
  57 #include "plog.h"
  58
  59 #include "oakley.h"
  60 #include "dhgroup.h"
  61 #include "crypto_openssl.h"
  62 #include "gnuc.h"
  63
  64 #include "../../package_version.h"
  65
  66 #define PVDUMP(var) hexdump((var)->v, (var)->l)
  67
  68 /*#define CERTTEST_BROKEN */
  69
  70 /* prototype */
  71
  72 static vchar_t *pem_read_buf __P((char *));
  73 void Usage __P((void));
  74
  75 int rsatest __P((int, char **));
  76 int ciphertest __P((int, char **));
  77 int hmactest __P((int, char **));
  78 int sha1test __P((int, char **));
  79 int md5test __P((int, char **));
  80 int dhtest __P((int, char **));
  81 int bntest __P((int, char **));
  82 #ifndef CERTTEST_BROKEN
  83 static char **getcerts __P((char *));
  84 int certtest __P((int, char **));
  85 #endif
  86
  87 /* test */
  88
  89 static int
  90 rsa_verify_with_pubkey(src, sig, pubkey_txt)
  91         vchar_t *src, *sig;
  92         char *pubkey_txt;
  93 {
  94         BIO *bio;
  95         EVP_PKEY *evp;
  96         int error;
  97
  98         bio = BIO_new_mem_buf(pubkey_txt, strlen(pubkey_txt));
  99         evp = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
 100         if (! evp) {
 101                 printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
 102                 return -1;
 103         }
 104         error = eay_check_rsasign(src, sig, evp->pkey.rsa);
 105
 106         return error;
 107 }
 108
 109 int
 110 rsatest(ac, av)
 111         int ac;
 112         char **av;
 113 {
 114         char *text = "this is test.";
 115         vchar_t src;
 116         vchar_t *priv, *sig;
 117         int loglevel_saved;
 118
 119         char *pkcs1 =
 120 "-----BEGIN RSA PRIVATE KEY-----\n"
 121 "MIICXQIBAAKBgQChe5/Fzk9SA0vCKBOcu9jBcLb9oLv50PeuEfQojhakY+OH8A3Q\n"
 122 "M8A0qIDG6uhTNGPvzCWb/+mKeOB48n5HJpLxlDFyP3kyd2yXHIZ/MN8g1nh4FsB0\n"
 123 "iTkk8QUCJkkan6FCOBrIeLEsGA5AdodzuR+khnCMt8vO+NFHZYKAQeynyQIDAQAB\n"
 124 "AoGAOfDcnCHxjhDGrwyoNNWl6Yqi7hAtQm67YAbrH14UO7nnmxAENM9MyNgpFLaW\n"
 125 "07v5m8IZQIcradcDXAJOUwNBN8E06UflwEYCaScIwndvr5UpVlN3e2NC6Wyg2yC7\n"
 126 "GarxQput3zj35XNR5bK42UneU0H6zDxpHWqI1SwE+ToAHu0CQQDNl9gUJTpg0L09\n"
 127 "HkbE5jeb8bA5I20nKqBOBP0v5tnzpwu41umQwk9I7Ru0ucD7j+DW4k8otadW+FnI\n"
 128 "G1M1MpSjAkEAyRMt4bN8otfpOpsOQWzw4jQtouohOxRFCrQTntHhU20PrQnQLZWs\n"
 129 "pOVzqCjRytYtkPEUA1z8QK5gGcVPcOQsowJBALmt2rwPB1NrEo5Bat7noO+Zb3Ob\n"
 130 "WDiYWeE8xkHd95gDlSWiC53ur9aINo6ZeP556jGIgL+el/yHHecJLrQL84sCQH48\n"
 131 "zUxq/C/cb++8UzneJGlPqusiJNTLiAENR1gpmlZfHT1c8Nb9phMsfu0vG29GAfuC\n"
 132 "bzchVLljALCNQK+2gRMCQQCNIgN+R9mRWZhFAcC1sq++YnuSBlw4VwdL/fd1Yg9e\n"
 133 "Ul+U98yPl/NXt8Rs4TRBFcOZjkFI8xv0hQtevTgTmgz+\n"
 134 "-----END RSA PRIVATE KEY-----\n\n";
 135         char *pubkey =
 136 "-----BEGIN PUBLIC KEY-----\n"
 137 "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChe5/Fzk9SA0vCKBOcu9jBcLb9\n"
 138 "oLv50PeuEfQojhakY+OH8A3QM8A0qIDG6uhTNGPvzCWb/+mKeOB48n5HJpLxlDFy\n"
 139 "P3kyd2yXHIZ/MN8g1nh4FsB0iTkk8QUCJkkan6FCOBrIeLEsGA5AdodzuR+khnCM\n"
 140 "t8vO+NFHZYKAQeynyQIDAQAB\n"
 141 "-----END PUBLIC KEY-----\n\n";
 142         char *pubkey_wrong =
 143 "-----BEGIN PUBLIC KEY-----\n"
 144 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDncG2tSokRBhK8la1mO\n"
 145 "QnUpxg6KvpoFUjEyRiIE1GRap5V6jCCEOmA9ZAz4Oa/97oxewwMWtchIxSBZVCia\n"
 146 "H9oGasbOFzrtSR+MKl6Cb/Ow3Fu+PKbHTsnfTk/nOOWyaQh91PRD7fdwHe8L9P7w\n"
 147 "2kFPmDW6+RNKIR4OErhXf1O0eSShPe0TO3vx43O7dWqhmh3Kgr4Jq7zAGqHtwu0B\n"
 148 "RFZnmsocOnVZb2yAHndp51/Mk1H37ThHwN7qMx7RqrS3ru3XtchpJd9IQJPBIRfY\n"
 149 "VYQ68u5ix/Z80Y6VkRf0qnAvel8B6D3N3Zyq5u7G60PfvvtCybeMn7nVrSMxqMW/\n"
 150 "xwIDAQAB\n"
 151 "-----END PUBLIC KEY-----\n\n";
 152
 153         printf ("%s", pkcs1);
 154         printf ("%s", pubkey);
 155         priv = pem_read_buf(pkcs1);
 156
 157         src.v = text;
 158         src.l = strlen(text);
 159
 160         /* sign */
 161         sig = eay_get_x509sign(&src, priv);
 162         if (sig == NULL) {
 163                 printf("sign failed. %s\n", eay_strerror());
 164                 return -1;
 165         }
 166
 167         printf("RSA signed data.\n");
 168         PVDUMP(sig);
 169
 170         printf("Verification with correct pubkey: ");
 171         if (rsa_verify_with_pubkey (&src, sig, pubkey) != 0) {
 172                 printf ("Failed.\n");
 173                 return -1;
 174         }
 175         else
 176                 printf ("Verified. Good.\n");
 177
 178         loglevel_saved = loglevel;
 179         loglevel = 0;
 180         printf("Verification with wrong pubkey: ");
 181         if (rsa_verify_with_pubkey (&src, sig, pubkey_wrong) != 0)
 182                 printf ("Not verified. Good.\n");
 183         else {
 184                 printf ("Verified. This is bad...\n");
 185                 loglevel = loglevel_saved;
 186                 return -1;
 187         }
 188         loglevel = loglevel_saved;
 189
 190         return 0;
 191 }
 192
 193 static vchar_t *
 194 pem_read_buf(buf)
 195         char *buf;
 196 {
 197         BIO *bio;
 198         char *nm = NULL, *header = NULL;
 199         unsigned char *data = NULL;
 200         long len;
 201         vchar_t *ret;
 202         int error;
 203
 204         bio = BIO_new_mem_buf(buf, strlen(buf));
 205         error = PEM_read_bio(bio, &nm, &header, &data, &len);
 206         if (error == 0)
 207                 errx(1, "%s", eay_strerror());
 208         ret = vmalloc(len);
 209         if (ret == NULL)
 210                 err(1, "vmalloc");
 211         memcpy(ret->v, data, len);
 212
 213         return ret;
 214 }
 215
 216 #ifndef CERTTEST_BROKEN
 217 int
 218 certtest(ac, av)
 219         int ac;
 220         char **av;
 221 {
 222         char *certpath;
 223         char **certs;
 224         int type;
 225         int error;
 226
 227         printf("\n**Test for Certificate.**\n");
 228
 229     {
 230         vchar_t *asn1dn = NULL, asn1dn0;
 231 #ifdef ORIG_DN
 232         char dnstr[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi Sakane/Email=sakane@kame.net";
 233         char *dnstr_w1 = 0;
 234         char *dnstr_w2 = 0;
 235         char dn0[] = {
 236                 0x30,0x81,0x9a,0x31,0x0b,0x30,0x09,0x06,
 237                 0x03,0x55,0x04,0x06,0x13,0x02,0x4a,0x50,
 238                 0x31,0x11,0x30,0x0f,0x06,0x03,0x55,0x04,
 239                 0x08,0x13,0x08,0x4b,0x61,0x6e,0x61,0x67,
 240                 0x61,0x77,0x61,0x31,0x11,0x30,0x0f,0x06,
 241                 0x03,0x55,0x04,0x07,0x13,0x08,0x46,0x75,
 242                 0x6a,0x69,0x73,0x61,0x77,0x61,0x31,0x15,
 243                 0x30,0x13,0x06,0x03,0x55,0x04,0x0a,0x13,
 244                 0x0c,0x57,0x49,0x44,0x45,0x20,0x50,0x72,
 245                 0x6f,0x6a,0x65,0x63,0x74,0x31,0x15,0x30,
 246                 0x13,0x06,0x03,0x55,0x04,0x0b,0x13,0x0c,
 247                 0x4b,0x41,0x4d,0x45,0x20,0x50,0x72,0x6f,
 248                 0x6a,0x65,0x63,0x74,0x31,0x17,0x30,0x15,
 249                 0x06,0x03,0x55,0x04,0x03,0x13,0x0e,0x53,
 250                 0x68,0x6f,0x69,0x63,0x68,0x69,0x20,0x53,
 251                 0x61,0x6b,0x61,0x6e,0x65,0x31,0x1e,0x30,
 252                 0x1c,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
 253                 0x0d,0x01,0x09,0x01,
 254                 0x0c,   /* <== XXX */
 255                 0x0f,0x73,0x61,
 256                 0x6b,0x61,0x6e,0x65,0x40,0x6b,0x61,0x6d,
 257                 0x65,0x2e,0x6e,0x65,0x74,
 258         };
 259 #else /* not ORIG_DN */
 260         char dnstr[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=Shoichi Sakane";
 261         char dnstr_w1[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=*, CN=Shoichi Sakane";
 262         char dnstr_w2[] = "C=JP, ST=Kanagawa, L=Fujisawa, O=WIDE Project, OU=KAME Project, CN=*";
 263         char dn0[] = {
 264                 0x30,0x7a,0x31,0x0b,0x30,0x09,0x06,0x03,
 265                 0x55,0x04,0x06,0x13,0x02,0x4a,0x50,0x31,
 266                 0x11,0x30,0x0f,0x06,0x03,0x55,0x04,0x08,
 267                 0x13,0x08,0x4b,0x61,0x6e,0x61,0x67,0x61,
 268                 0x77,0x61,0x31,0x11,0x30,0x0f,0x06,0x03,
 269                 0x55,0x04,0x07,0x13,0x08,0x46,0x75,0x6a,
 270                 0x69,0x73,0x61,0x77,0x61,0x31,0x15,0x30,
 271                 0x13,0x06,0x03,0x55,0x04,0x0a,0x13,0x0c,
 272                 0x57,0x49,0x44,0x45,0x20,0x50,0x72,0x6f,
 273                 0x6a,0x65,0x63,0x74,0x31,0x15,0x30,0x13,
 274                 0x06,0x03,0x55,0x04,0x0b,0x13,0x0c,0x4b,
 275                 0x41,0x4d,0x45,0x20,0x50,0x72,0x6f,0x6a,
 276                 0x65,0x63,0x74,0x31,0x17,0x30,0x15,0x06,
 277                 0x03,0x55,0x04,0x03,0x13,0x0e,0x53,0x68,
 278                 0x6f,0x69,0x63,0x68,0x69,0x20,0x53,0x61,
 279                 0x6b,0x61,0x6e,0x65,
 280         };
 281 #endif /* ORIG_DN */
 282
 283         printf("check to convert the string into subjectName.\n");
 284         printf("%s\n", dnstr);
 285
 286         asn1dn0.v = dn0;
 287         asn1dn0.l = sizeof(dn0);
 288
 289         asn1dn = eay_str2asn1dn(dnstr, strlen(dnstr));
 290         if (asn1dn == NULL || asn1dn->l != asn1dn0.l)
 291 #ifdef OUTPUT_VALID_ASN1DN
 292         {
 293                 unsigned char *cp; int  i;
 294                 printf("asn1dn length mismatched (%zu != %zu).\n", asn1dn ? asn1dn->l : -1, asn1dn0.l);
 295                 for (cp = asn1dn->v, i = 0; i < asn1dn->l; i++)
 296                     printf ("0x%02x,", *cp++);
 297                 exit (1);
 298         }
 299 #else
 300                 errx(1, "asn1dn length mismatched (%zu != %zu).\n", asn1dn ? asn1dn->l : -1, asn1dn0.l);
 301 #endif
 302
 303         /*
 304          * NOTE: The value pointed by "<==" above is different from the
 305          * return of eay_str2asn1dn().  but eay_cmp_asn1dn() can distinguish
 306          * both of the names are same name.
 307          */
 308         if (eay_cmp_asn1dn(&asn1dn0,  asn1dn))
 309                 errx(1, "asn1dn mismatched.\n");
 310         vfree(asn1dn);
 311
 312         printf("exact match: succeed.\n");
 313
 314         if (dnstr_w1) {
 315                 asn1dn = eay_str2asn1dn(dnstr_w1, strlen(dnstr_w1));
 316                 if (asn1dn == NULL || asn1dn->l == asn1dn0.l)
 317                         errx(1, "asn1dn length wrong for wildcard 1\n");
 318                 if (eay_cmp_asn1dn(&asn1dn0,  asn1dn))
 319                         errx(1, "asn1dn mismatched for wildcard 1.\n");
 320                 vfree(asn1dn);
 321                 printf("wildcard 1 match: succeed.\n");
 322         }
 323
 324         if (dnstr_w1) {
 325                 asn1dn = eay_str2asn1dn(dnstr_w2, strlen(dnstr_w2));
 326                 if (asn1dn == NULL || asn1dn->l == asn1dn0.l)
 327                         errx(1, "asn1dn length wrong for wildcard 2\n");
 328                 if (eay_cmp_asn1dn(&asn1dn0,  asn1dn))
 329                         errx(1, "asn1dn mismatched for wildcard 2.\n");
 330                 vfree(asn1dn);
 331                 printf("wildcard 2 match: succeed.\n");
 332         }
 333
 334     }
 335         eay_init();
 336
 337         /* get certs */
 338         if (ac > 1) {
 339                 certpath = *(av + 1);
 340                 certs = getcerts(certpath);
 341         } else {
 342 #ifdef ORIG_DN
 343                 printf("\nCAUTION: These certificates are probably invalid "
 344                         "on your environment because you don't have their "
 345                         "issuer's certs in your environment.\n\n");
 346
 347                 certpath = "/usr/local/openssl/certs";
 348                 certs = getcerts(NULL);
 349 #else
 350                 printf("\nWARNING: The main certificates are probably invalid "
 351                         "on your environment\nbecause you don't have their "
 352                         "issuer's certs in your environment\nso not doing "
 353                         "this test.\n\n");
 354                 return (0);
 355 #endif
 356         }
 357
 358         while (*certs != NULL) {
 359
 360                 vchar_t c;
 361                 char *str;
 362                 vchar_t *vstr;
 363
 364                 printf("===CERT===\n");
 365
 366                 c.v = *certs;
 367                 c.l = strlen(*certs);
 368
 369                 /* print text */
 370                 str = eay_get_x509text(&c);
 371                 printf("%s", str);
 372                 racoon_free(str);
 373
 374                 /* print ASN.1 of subject name */
 375                 vstr = eay_get_x509asn1subjectname(&c);
 376                 if (!vstr)
 377                         return 0;
 378                 PVDUMP(vstr);
 379                 printf("\n");
 380                 vfree(vstr);
 381
 382                 /* print subject alt name */
 383             {
 384                 int pos;
 385                 for (pos = 1; ; pos++) {
 386                         error = eay_get_x509subjectaltname(&c, &str, &type, pos);
 387                         if (error) {
 388                                 printf("no subjectaltname found.\n");
 389                                 break;
 390                         }
 391                         if (!str)
 392                                 break;
 393                         printf("SubjectAltName: %d: %s\n", type, str);
 394                         racoon_free(str);
 395                 }
 396             }
 397
 398                 /* NULL => name of the certificate file */
 399                 error = eay_check_x509cert(&c, certpath, NULL, 1);
 400                 if (error)
 401                         printf("ERROR: cert is invalid.\n");
 402                 printf("\n");
 403
 404                 certs++;
 405         }
 406         return 0;
 407 }
 408
 409 static char **
 410 getcerts(path)
 411         char *path;
 412 {
 413         char **certs = NULL, **p;
 414         DIR *dirp;
 415         struct dirent *dp;
 416         struct stat sb;
 417         char buf[512];
 418         int len;
 419         int n;
 420         int fd;
 421
 422         static char *samplecerts[] = {
 423 /* self signed */
 424 "-----BEGIN CERTIFICATE-----\n"
 425 "MIICpTCCAg4CAQAwDQYJKoZIhvcNAQEEBQAwgZoxCzAJBgNVBAYTAkpQMREwDwYD\n"
 426 "VQQIEwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUg\n"
 427 "UHJvamVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hp\n"
 428 "IFNha2FuZTEeMBwGCSqGSIb3DQEJARYPc2FrYW5lQGthbWUubmV0MB4XDTAwMDgy\n"
 429 "NDAxMzc0NFoXDTAwMDkyMzAxMzc0NFowgZoxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n"
 430 "EwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJv\n"
 431 "amVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNh\n"
 432 "a2FuZTEeMBwGCSqGSIb3DQEJARYPc2FrYW5lQGthbWUubmV0MIGfMA0GCSqGSIb3\n"
 433 "DQEBAQUAA4GNADCBiQKBgQCpIQG/H3zn4czAmPBcbkDrYxE1A9vcpghpib3Of0Op\n"
 434 "SsiWIBOyIMiVAzK/I/JotWp3Vdn5fzGp/7DGAbWXAALas2xHkNmTMPpu6qhmNQ57\n"
 435 "kJHZHal24mgc1hwbrI9fb5olvIexx9a1riNPnKMRVHzXYizsyMbf+lJJmZ8QFhWN\n"
 436 "twIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACKs6X/BYycuHI3iop403R3XWMHHnNBN\n"
 437 "5XTHVWiWgR1cMWkq/dp51gn+nPftpdAaYGpqGkiHGhZcXLoBaX9uON3p+7av+sQN\n"
 438 "plXwnvUf2Zsgu+fojskS0gKcDlYiq1O8TOaBgJouFZgr1q6PiYjVEJGogAP28+HN\n"
 439 "M4o+GBFbFoqK\n"
 440 "-----END CERTIFICATE-----\n\n",
 441 /* signed by SSH testing CA + CA1 + CA2 */
 442 "-----BEGIN X509 CERTIFICATE-----\n"
 443 "MIICtTCCAj+gAwIBAgIEOaR8NjANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJG\n"
 444 "STEkMCIGA1UEChMbU1NIIENvbW11bmljYXRpb25zIFNlY3VyaXR5MREwDwYDVQQL\n"
 445 "EwhXZWIgdGVzdDEbMBkGA1UEAxMSVGVzdCBDQSAxIHN1YiBjYSAyMB4XDTAwMDgy\n"
 446 "NDAwMDAwMFoXDTAwMTAwMTAwMDAwMFowgZoxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n"
 447 "EwhLYW5hZ2F3YTERMA8GA1UEBxMIRnVqaXNhd2ExFTATBgNVBAoTDFdJREUgUHJv\n"
 448 "amVjdDEVMBMGA1UECxMMS0FNRSBQcm9qZWN0MRcwFQYDVQQDEw5TaG9pY2hpIFNh\n"
 449 "a2FuZTEeMBwGCSqGSIb3DQEJAQwPc2FrYW5lQGthbWUubmV0MIGfMA0GCSqGSIb3\n"
 450 "DQEBAQUAA4GNADCBiQKBgQCpIQG/H3zn4czAmPBcbkDrYxE1A9vcpghpib3Of0Op\n"
 451 "SsiWIBOyIMiVAzK/I/JotWp3Vdn5fzGp/7DGAbWXAALas2xHkNmTMPpu6qhmNQ57\n"
 452 "kJHZHal24mgc1hwbrI9fb5olvIexx9a1riNPnKMRVHzXYizsyMbf+lJJmZ8QFhWN\n"
 453 "twIDAQABo18wXTALBgNVHQ8EBAMCBaAwGgYDVR0RBBMwEYEPc2FrYW5lQGthbWUu\n"
 454 "bmV0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9sZGFwLnNzaC5maS9jcmxzL2Nh\n"
 455 "MS0yLmNybDANBgkqhkiG9w0BAQUFAANhADtaqual41OWshF/rwCTuR6zySBJysGp\n"
 456 "+qjkp5efCiYKhAu1L4WXlMsV/SNdzspui5tHasPBvUw8gzFsU/VW/B2zuQZkimf1\n"
 457 "u6ZPjUb/vt8vLOPScP5MeH7xrTk9iigsqQ==\n"
 458 "-----END X509 CERTIFICATE-----\n\n",
 459 /* VP100 */
 460 "-----BEGIN CERTIFICATE-----\n"
 461 "MIICXzCCAcigAwIBAgIEOXGBIzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJG\n"
 462 "STEkMCIGA1UEChMbU1NIIENvbW11bmljYXRpb25zIFNlY3VyaXR5MREwDwYDVQQL\n"
 463 "EwhXZWIgdGVzdDESMBAGA1UEAxMJVGVzdCBDQSAxMB4XDTAwMDcxNjAwMDAwMFoX\n"
 464 "DTAwMDkwMTAwMDAwMFowNTELMAkGA1UEBhMCanAxETAPBgNVBAoTCHRhaGl0ZXN0\n"
 465 "MRMwEQYDVQQDEwpmdXJ1a2F3YS0xMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKB\n"
 466 "gQDUmI2RaAuoLvtRDbASwRhbkj/Oq0BBIKgAqbFknc/EanJSQwZQu82gD88nf7gG\n"
 467 "VEioWmKPLDuEjz5JCuM+k5f7HYHI1wWmz1KFr7UA+avZm4Kp6YKnhuH7soZp7kBL\n"
 468 "hTiZEpL0jdmCWLW3ZXoro55rmPrBsCd+bt8VU6tRZm5dUwIBKaNZMFcwCwYDVR0P\n"
 469 "BAQDAgWgMBYGA1UdEQQPMA2CBVZQMTAwhwQKFIaFMDAGA1UdHwQpMCcwJaAjoCGG\n"
 470 "H2h0dHA6Ly9sZGFwLnNzaC5maS9jcmxzL2NhMS5jcmwwDQYJKoZIhvcNAQEFBQAD\n"
 471 "gYEAKJ/2Co/KYW65mwpGG3CBvsoRL8xyUMHGt6gQpFLHiiHuAdix1ADTL6uoFuYi\n"
 472 "4sE5omQm1wKVv2ZhS03zDtUfKoVEv0HZ7IY3AU/FZT/M5gQvbt43Dki/ma3ock2I\n"
 473 "PPhbLsvXm+GCVh3jvkYGk1zr7VERVeTPtmT+hW63lcxfFp4=\n"
 474 "-----END CERTIFICATE-----\n\n",
 475 /* IKED */
 476 "-----BEGIN CERTIFICATE-----\n"
 477 "MIIEFTCCA7+gAwIBAgIKYU5X6AAAAAAACTANBgkqhkiG9w0BAQUFADCBljEpMCcG\n"
 478 "CSqGSIb3DQEJARYaeS13YXRhbmFAc2RsLmhpdGFjaGkuY28uanAxCzAJBgNVBAYT\n"
 479 "AkpQMREwDwYDVQQIEwhLQU5BR0FXQTERMA8GA1UEBxMIWW9rb2hhbWExEDAOBgNV\n"
 480 "BAoTB0hJVEFDSEkxDDAKBgNVBAsTA1NETDEWMBQGA1UEAxMNSVBzZWMgVGVzdCBD\n"
 481 "QTAeFw0wMDA3MTUwMjUxNDdaFw0wMTA3MTUwMzAxNDdaMEUxCzAJBgNVBAYTAkpQ\n"
 482 "MREwDwYDVQQIEwhLQU5BR0FXQTEQMA4GA1UEChMHSElUQUNISTERMA8GA1UEAxMI\n"
 483 "V0FUQU5BQkUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA6Wja5A7Ldzrtx+rMWHEB\n"
 484 "Cyt+/ZoG0qdFQbuuUiU1vOSq+1f+ZSCYAdTq13Lrr6Xfz3jDVFEZLPID9PSTFwq+\n"
 485 "yQIDAQABo4ICPTCCAjkwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUF\n"
 486 "CAICMB0GA1UdDgQWBBTkv7/MH5Ra+S1zBAmnUIH5w8ZTUTCB0gYDVR0jBIHKMIHH\n"
 487 "gBQsF2qoaTl5F3GFLKrttaxPJ8j4faGBnKSBmTCBljEpMCcGCSqGSIb3DQEJARYa\n"
 488 "eS13YXRhbmFAc2RsLmhpdGFjaGkuY28uanAxCzAJBgNVBAYTAkpQMREwDwYDVQQI\n"
 489 "EwhLQU5BR0FXQTERMA8GA1UEBxMIWW9rb2hhbWExEDAOBgNVBAoTB0hJVEFDSEkx\n"
 490 "DDAKBgNVBAsTA1NETDEWMBQGA1UEAxMNSVBzZWMgVGVzdCBDQYIQeccIf4GYDIBA\n"
 491 "rS6HSUt8XjB7BgNVHR8EdDByMDagNKAyhjBodHRwOi8vZmxvcmEyMjAvQ2VydEVu\n"
 492 "cm9sbC9JUHNlYyUyMFRlc3QlMjBDQS5jcmwwOKA2oDSGMmZpbGU6Ly9cXGZsb3Jh\n"
 493 "MjIwXENlcnRFbnJvbGxcSVBzZWMlMjBUZXN0JTIwQ0EuY3JsMIGgBggrBgEFBQcB\n"
 494 "AQSBkzCBkDBFBggrBgEFBQcwAoY5aHR0cDovL2Zsb3JhMjIwL0NlcnRFbnJvbGwv\n"
 495 "ZmxvcmEyMjBfSVBzZWMlMjBUZXN0JTIwQ0EuY3J0MEcGCCsGAQUFBzAChjtmaWxl\n"
 496 "Oi8vXFxmbG9yYTIyMFxDZXJ0RW5yb2xsXGZsb3JhMjIwX0lQc2VjJTIwVGVzdCUy\n"
 497 "MENBLmNydDANBgkqhkiG9w0BAQUFAANBAG8yZAWHb6g3zba453Hw5loojVDZO6fD\n"
 498 "9lCsyaxeo9/+7x1JEEcdZ6qL7KKqe7ZBwza+hIN0ITkp2WEWo22gTz4=\n"
 499 "-----END CERTIFICATE-----\n\n",
 500 /* From Entrust */
 501 "-----BEGIN CERTIFICATE-----\n"
 502 "MIIDXTCCAsagAwIBAgIEOb6khTANBgkqhkiG9w0BAQUFADA4MQswCQYDVQQGEwJV\n"
 503 "UzEQMA4GA1UEChMHRW50cnVzdDEXMBUGA1UECxMOVlBOIEludGVyb3AgUk8wHhcN\n"
 504 "MDAwOTE4MjMwMDM3WhcNMDMwOTE4MjMzMDM3WjBTMQswCQYDVQQGEwJVUzEQMA4G\n"
 505 "A1UEChMHRW50cnVzdDEXMBUGA1UECxMOVlBOIEludGVyb3AgUk8xGTAXBgNVBAMT\n"
 506 "EFNob2ljaGkgU2FrYW5lIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKj3\n"
 507 "eXSt1qXxFXzpa265B/NQYk5BZN7pNJg0tlTKBTVV3UgpQ92Bx5DoNfZh11oIv0Sw\n"
 508 "6YnG5p9F9ma36U9HDoD3hVTjAvQKy4ssCsnU1y6v5XOU1QvYQo6UTzgsXUTaIau4\n"
 509 "Lrccl+nyoiNzy3lG51tLR8CxuA+3OOAK9xPjszClAgMBAAGjggFXMIIBUzBABgNV\n"
 510 "HREEOTA3gQ9zYWthbmVAa2FtZS5uZXSHBM6vIHWCHjIwNi0xNzUtMzItMTE3LnZw\n"
 511 "bndvcmtzaG9wLmNvbTATBgNVHSUEDDAKBggrBgEFBQgCAjALBgNVHQ8EBAMCAKAw\n"
 512 "KwYDVR0QBCQwIoAPMjAwMDA5MTgyMzAwMzdagQ8yMDAyMTAyNTExMzAzN1owWgYD\n"
 513 "VR0fBFMwUTBPoE2gS6RJMEcxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFbnRydXN0\n"
 514 "MRcwFQYDVQQLEw5WUE4gSW50ZXJvcCBSTzENMAsGA1UEAxMEQ1JMMTAfBgNVHSME\n"
 515 "GDAWgBTzVmhu0tBoWKwkZE5mXpooE9630DAdBgNVHQ4EFgQUEgBHPtXggJqei5Xz\n"
 516 "92CrWXTJxfAwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNS4wAwIEsDAN\n"
 517 "BgkqhkiG9w0BAQUFAAOBgQCIFriNGMUE8GH5LuDrTJfA8uGx8vLy2seljuo694TR\n"
 518 "et/ojp9QnfOJ1PF9iAdGaEaSLfkwhY4fZNZzxic5HBoHLeo9BXLP7i7FByXjvOZC\n"
 519 "Y8++0dC8NVvendIILcJBM5nbDq1TqIbb8K3SP80XhO5JLVJkoZiQftAMjo0peZPO\n"
 520 "EQ==\n"
 521 "-----END CERTIFICATE-----\n\n",
 522         NULL,
 523         };
 524
 525         if (path == NULL)
 526                 return (char **)&samplecerts;
 527
 528         stat(path, &sb);
 529         if (!(sb.st_mode & S_IFDIR)) {
 530                 printf("ERROR: %s is not directory.\n", path);
 531                 exit(0);
 532         }
 533
 534         dirp = opendir(path);
 535         if (dirp == NULL) {
 536                 printf("opendir failed.\n");
 537                 exit(0);
 538         }
 539
 540         n = 0;
 541         while ((dp = readdir(dirp)) != NULL) {
 542                 if (dp->d_type != DT_REG)
 543                         continue;
 544                 if (strcmp(dp->d_name + strlen(dp->d_name) - 4, "cert"))
 545                         continue;
 546                 snprintf(buf, sizeof(buf), "%s/%s", path, dp->d_name);
 547                 stat(buf, &sb);
 548
 549                 p = (char **)realloc(certs, (n + 1) * sizeof(certs));
 550                 if (p == NULL)
 551                         err(1, "realloc");
 552                 certs = p;
 553
 554                 certs[n] = malloc(sb.st_size + 1);
 555                 if (certs[n] == NULL)
 556                         err(1, "malloc");
 557
 558                 fd = open(buf, O_RDONLY);
 559                 if (fd == -1)
 560                         err(1, "open");
 561                 len = read(fd, certs[n], sb.st_size);
 562                 if (len == -1)
 563                         err(1, "read");
 564                 if (len != sb.st_size)
 565                         errx(1, "read: length mismatch");
 566                 certs[n][sb.st_size] = '\0';
 567                 close(fd);
 568
 569                 printf("%s: %d\n", dp->d_name, (int)sb.st_size);
 570
 571                 n++;
 572         }
 573
 574         p = (char **)realloc(certs, (n + 1) * sizeof(certs));
 575         if (p == NULL)
 576                 err(1, "realloc");
 577         certs = p;
 578         certs[n] = NULL;
 579
 580         return certs;
 581 }
 582 #endif /* CERTTEST_BROKEN */
 583
 584 typedef vchar_t* (eay_func) (vchar_t *, vchar_t *, vchar_t *);
 585
 586 static int
 587 ciphertest_1 (const char *name,
 588               vchar_t *data,
 589               size_t data_align,
 590               vchar_t *key,
 591               size_t min_keysize,
 592               vchar_t *iv0,
 593               size_t iv_length,
 594               eay_func encrypt,
 595               eay_func decrypt)
 596 {
 597         int padlen;
 598         vchar_t *buf, *iv, *res1, *res2;
 599         iv = vmalloc(iv_length);
 600
 601         printf("Test for cipher %s\n", name);
 602         printf("data:\n");
 603         PVDUMP(data);
 604
 605         if (data_align <= 1 || (data->l % data_align) == 0)
 606           padlen = 0;
 607         else
 608           padlen = data_align - data->l % data_align;
 609
 610         buf = vmalloc(data->l + padlen);
 611         memcpy(buf->v, data->v, data->l);
 612
 613         memcpy(iv->v, iv0->v, iv_length);
 614         res1 = (encrypt)(buf, key, iv);
 615         if (res1 == NULL) {
 616                 printf("%s encryption failed.\n", name);
 617                 return -1;
 618         }
 619         printf("encrypted:\n");
 620         PVDUMP(res1);
 621
 622         memcpy(iv->v, iv0->v, iv_length);
 623         res2 = (decrypt)(res1, key, iv);
 624         if (res2 == NULL) {
 625                 printf("%s decryption failed.\n", name);
 626                 return -1;
 627         }
 628         printf("decrypted:\n");
 629         PVDUMP(res2);
 630
 631         if (memcmp(data->v, res2->v, data->l)) {
 632                 printf("XXXX NG (%s) XXXX\n", name);
 633                 return -1;
 634         }
 635         else
 636                 printf("%s cipher verified.\n", name);
 637         vfree(res1);
 638         vfree(res2);
 639         vfree(buf);
 640         vfree(iv);
 641
 642         return 0;
 643 }
 644
 645 int
 646 ciphertest(ac, av)
 647         int ac;
 648         char **av;
 649 {
 650         vchar_t data;
 651         vchar_t key;
 652         vchar_t iv0;
 653
 654         printf("\n**Testing CIPHERS**\n");
 655
 656         data.v = str2val("\
 657 06000017 03000000 73616b61 6e65406b 616d652e 6e657409 0002c104 308202b8 \
 658 04f05a90 \
 659         ", 16, &data.l);
 660         key.v = str2val("f59bd70f 81b9b9cc 2a32c7fd 229a4b37", 16, &key.l);
 661         iv0.v = str2val("26b68c90 9467b4ab 7ec29fa0 0b696b55", 16, &iv0.l);
 662
 663         if (ciphertest_1 ("DES",
 664                           &data, 8,
 665                           &key, 8,
 666                           &iv0, 8,
 667                           eay_des_encrypt, eay_des_decrypt) < 0)
 668           return -1;
 669
 670         if (ciphertest_1 ("3DES",
 671                           &data, 8,
 672                           &key, 24,
 673                           &iv0, 8,
 674                           eay_3des_encrypt, eay_3des_decrypt) < 0)
 675           return -1;
 676
 677         if (ciphertest_1 ("AES",
 678                           &data, 16,
 679                           &key, key.l,
 680                           &iv0, 16,
 681                           eay_aes_encrypt, eay_aes_decrypt) < 0)
 682           return -1;
 683
 684         if (ciphertest_1 ("BLOWFISH",
 685                           &data, 8,
 686                           &key, key.l,
 687                           &iv0, 8,
 688                           eay_bf_encrypt, eay_bf_decrypt) < 0)
 689           return -1;
 690
 691         if (ciphertest_1 ("CAST",
 692                           &data, 8,
 693                           &key, key.l,
 694                           &iv0, 8,
 695                           eay_cast_encrypt, eay_cast_decrypt) < 0)
 696           return -1;
 697
 698 #ifdef HAVE_OPENSSL_IDEA_H
 699         if (ciphertest_1 ("IDEA",
 700                           &data, 8,
 701                           &key, key.l,
 702                           &iv0, 8,
 703                           eay_idea_encrypt, eay_idea_decrypt) < 0)
 704           return -1;
 705 #endif
 706
 707 #ifdef HAVE_OPENSSL_RC5_H
 708         if (ciphertest_1 ("RC5",
 709                           &data, 8,
 710                           &key, key.l,
 711                           &iv0, 8,
 712                           eay_rc5_encrypt, eay_rc5_decrypt) < 0)
 713           return -1;
 714 #endif
 715         return 0;
 716 }
 717
 718 int
 719 hmactest(ac, av)
 720         int ac;
 721         char **av;
 722 {
 723         char *keyword = "hehehe test secret!";
 724         char *object  = "d7e6a6c1876ef0488bb74958b9fee94e";
 725         char *object1 = "d7e6a6c1876ef048";
 726         char *object2 =                 "8bb74958b9fee94e";
 727         char *r_hmd5  = "5702d7d1 fd1bfc7e 210fc9fa cda7d02c";
 728         char *r_hsha1 = "309999aa 9779a43e ebdea839 1b4e7ee1 d8646874";
 729 #ifdef WITH_SHA2
 730         char *r_hsha2 = "d47262d8 a5b6f39d d8686939 411b3e79 ed2e27f9 2c4ea89f dd0a06ae 0c0aa396";
 731 #endif
 732         vchar_t *key, *data, *data1, *data2, *res;
 733         vchar_t mod;
 734         caddr_t ctx;
 735
 736         printf("\n**Test for HMAC MD5 & SHA1.**\n");
 737
 738         key = vmalloc(strlen(keyword));
 739         memcpy(key->v, keyword, key->l);
 740
 741         data = vmalloc(strlen(object));
 742         data1 = vmalloc(strlen(object1));
 743         data2 = vmalloc(strlen(object2));
 744         memcpy(data->v, object, data->l);
 745         memcpy(data1->v, object1, data1->l);
 746         memcpy(data2->v, object2, data2->l);
 747
 748         /* HMAC MD5 */
 749         printf("HMAC MD5 by eay_hmacmd5_one()\n");
 750         res = eay_hmacmd5_one(key, data);
 751         PVDUMP(res);
 752         mod.v = str2val(r_hmd5, 16, &mod.l);
 753         if (memcmp(res->v, mod.v, mod.l)) {
 754                 printf(" XXX NG XXX\n");
 755                 return -1;
 756         }
 757         free(mod.v);
 758         vfree(res);
 759
 760         /* HMAC MD5 */
 761         printf("HMAC MD5 by eay_hmacmd5_xxx()\n");
 762         ctx = eay_hmacmd5_init(key);
 763         eay_hmacmd5_update(ctx, data1);
 764         eay_hmacmd5_update(ctx, data2);
 765         res = eay_hmacmd5_final(ctx);
 766         PVDUMP(res);
 767         mod.v = str2val(r_hmd5, 16, &mod.l);
 768         if (memcmp(res->v, mod.v, mod.l)) {
 769                 printf(" XXX NG XXX\n");
 770                 return -1;
 771         }
 772         free(mod.v);
 773         vfree(res);
 774
 775 #ifdef WITH_SHA2
 776         /* HMAC SHA2 */
 777         printf("HMAC SHA2 by eay_hmacsha2_256_one()\n");
 778         res = eay_hmacsha2_256_one(key, data);
 779         PVDUMP(res);
 780         mod.v = str2val(r_hsha2, 16, &mod.l);
 781         if (memcmp(res->v, mod.v, mod.l)) {
 782                 printf(" XXX NG XXX\n");
 783                 return -1;
 784         }
 785         free(mod.v);
 786         vfree(res);
 787 #endif
 788
 789         /* HMAC SHA1 */
 790         printf("HMAC SHA1 by eay_hmacsha1_one()\n");
 791         res = eay_hmacsha1_one(key, data);
 792         PVDUMP(res);
 793         mod.v = str2val(r_hsha1, 16, &mod.l);
 794         if (memcmp(res->v, mod.v, mod.l)) {
 795                 printf(" XXX NG XXX\n");
 796                 return -1;
 797         }
 798         free(mod.v);
 799         vfree(res);
 800
 801         /* HMAC MD5 */
 802         printf("HMAC SHA1 by eay_hmacsha1_xxx()\n");
 803         ctx = eay_hmacsha1_init(key);
 804         eay_hmacsha1_update(ctx, data1);
 805         eay_hmacsha1_update(ctx, data2);
 806         res = eay_hmacsha1_final(ctx);
 807         PVDUMP(res);
 808         mod.v = str2val(r_hsha1, 16, &mod.l);
 809         if (memcmp(res->v, mod.v, mod.l)) {
 810                 printf(" XXX NG XXX\n");
 811                 return -1;
 812         }
 813         free(mod.v);
 814         vfree(res);
 815
 816         vfree(data);
 817         vfree(data1);
 818         vfree(data2);
 819         vfree(key);
 820
 821         return 0;
 822 }
 823
 824 int
 825 sha1test(ac, av)
 826         int ac;
 827         char **av;
 828 {
 829         char *word1 = "1234567890", *word2 = "12345678901234567890";
 830         caddr_t ctx;
 831         vchar_t *buf, *res;
 832
 833         printf("\n**Test for SHA1.**\n");
 834
 835         ctx = eay_sha1_init();
 836         buf = vmalloc(strlen(word1));
 837         memcpy(buf->v, word1, buf->l);
 838         eay_sha1_update(ctx, buf);
 839         eay_sha1_update(ctx, buf);
 840         res = eay_sha1_final(ctx);
 841         PVDUMP(res);
 842         vfree(res);
 843         vfree(buf);
 844
 845         ctx = eay_sha1_init();
 846         buf = vmalloc(strlen(word2));
 847         memcpy(buf->v, word2, buf->l);
 848         eay_sha1_update(ctx, buf);
 849         res = eay_sha1_final(ctx);
 850         PVDUMP(res);
 851         vfree(res);
 852
 853         res = eay_sha1_one(buf);
 854         PVDUMP(res);
 855         vfree(res);
 856         vfree(buf);
 857
 858         return 0;
 859 }
 860
 861 int
 862 md5test(ac, av)
 863         int ac;
 864         char **av;
 865 {
 866         char *word1 = "1234567890", *word2 = "12345678901234567890";
 867         caddr_t ctx;
 868         vchar_t *buf, *res;
 869
 870         printf("\n**Test for MD5.**\n");
 871
 872         ctx = eay_md5_init();
 873         buf = vmalloc(strlen(word1));
 874         memcpy(buf->v, word1, buf->l);
 875         eay_md5_update(ctx, buf);
 876         eay_md5_update(ctx, buf);
 877         res = eay_md5_final(ctx);
 878         PVDUMP(res);
 879         vfree(res);
 880         vfree(buf);
 881
 882         ctx = eay_md5_init();
 883         buf = vmalloc(strlen(word2));
 884         memcpy(buf->v, word2, buf->l);
 885         eay_md5_update(ctx, buf);
 886         res = eay_md5_final(ctx);
 887         PVDUMP(res);
 888         vfree(res);
 889
 890         res = eay_md5_one(buf);
 891         PVDUMP(res);
 892         vfree(res);
 893         vfree(buf);
 894
 895         return 0;
 896 }
 897
 898 int
 899 dhtest(ac, av)
 900         int ac;
 901         char **av;
 902 {
 903         static struct {
 904                 char *name;
 905                 char *p;
 906         } px[] = {
 907                 { "modp768",    OAKLEY_PRIME_MODP768, },
 908                 { "modp1024",   OAKLEY_PRIME_MODP1024, },
 909                 { "modp1536",   OAKLEY_PRIME_MODP1536, },
 910                 { "modp2048",   OAKLEY_PRIME_MODP2048, },
 911                 { "modp3072",   OAKLEY_PRIME_MODP3072, },
 912                 { "modp4096",   OAKLEY_PRIME_MODP4096, },
 913                 { "modp6144",   OAKLEY_PRIME_MODP6144, },
 914                 { "modp8192",   OAKLEY_PRIME_MODP8192, },
 915         };
 916         vchar_t p1, *pub1, *priv1, *gxy1;
 917         vchar_t p2, *pub2, *priv2, *gxy2;
 918         int i;
 919
 920         printf("\n**Test for DH.**\n");
 921
 922         for (i = 0; i < sizeof(px)/sizeof(px[0]); i++) {
 923                 printf("\n**Test for DH %s.**\n", px[i].name);
 924
 925                 p1.v = str2val(px[i].p, 16, &p1.l);
 926                 p2.v = str2val(px[i].p, 16, &p2.l);
 927                 printf("prime number = \n"); PVDUMP(&p1);
 928
 929                 if (eay_dh_generate(&p1, 2, 96, &pub1, &priv1) < 0) {
 930                         printf("error\n");
 931                         return -1;
 932                 }
 933                 printf("private key for user 1 = \n"); PVDUMP(priv1);
 934                 printf("public key for user 1  = \n"); PVDUMP(pub1);
 935
 936                 if (eay_dh_generate(&p2, 2, 96, &pub2, &priv2) < 0) {
 937                         printf("error\n");
 938                         return -1;
 939                 }
 940                 printf("private key for user 2 = \n"); PVDUMP(priv2);
 941                 printf("public key for user 2  = \n"); PVDUMP(pub2);
 942
 943                 /* process to generate key for user 1 */
 944                 gxy1 = vmalloc(p1.l);
 945                 memset(gxy1->v, 0, gxy1->l);
 946                 eay_dh_compute(&p1, 2, pub1, priv1, pub2, &gxy1);
 947                 printf("sharing gxy1 of user 1 = \n"); PVDUMP(gxy1);
 948
 949                 /* process to generate key for user 2 */
 950                 gxy2 = vmalloc(p1.l);
 951                 memset(gxy2->v, 0, gxy2->l);
 952                 eay_dh_compute(&p2, 2, pub2, priv2, pub1, &gxy2);
 953                 printf("sharing gxy2 of user 2 = \n"); PVDUMP(gxy2);
 954
 955                 if (memcmp(gxy1->v, gxy2->v, gxy1->l)) {
 956                         printf("ERROR: sharing gxy mismatched.\n");
 957                         return -1;
 958                 }
 959
 960                 vfree(pub1);
 961                 vfree(pub2);
 962                 vfree(priv1);
 963                 vfree(priv2);
 964                 vfree(gxy1);
 965                 vfree(gxy2);
 966         }
 967
 968         return 0;
 969 }
 970
 971 int
 972 bntest(ac, av)
 973         int ac;
 974         char **av;
 975 {
 976         vchar_t *rn;
 977
 978         printf("\n**Test for generate a random number.**\n");
 979
 980         rn = eay_set_random((u_int32_t)96);
 981         PVDUMP(rn);
 982         vfree(rn);
 983
 984         return 0;
 985 }
 986
 987 struct {
 988         char *name;
 989         int (*func) __P((int, char **));
 990 } func[] = {
 991         { "random", bntest, },
 992         { "dh", dhtest, },
 993         { "md5", md5test, },
 994         { "sha1", sha1test, },
 995         { "hmac", hmactest, },
 996         { "cipher", ciphertest, },
 997 #ifndef CERTTEST_BROKEN
 998         { "cert", certtest, },
 999 #endif
1000         { "rsa", rsatest, },
1001 };
1002
1003 int
1004 main(ac, av)
1005         int ac;
1006         char **av;
1007 {
1008         int i;
1009         int len = sizeof(func)/sizeof(func[0]);
1010
1011         f_foreground = 1;
1012         ploginit();
1013
1014         printf ("\nTestsuite of the %s\nlinked with %s\n\n", TOP_PACKAGE_STRING, eay_version());
1015
1016         if (strcmp(*av, "-h") == 0)
1017                 Usage();
1018
1019         ac--;
1020         av++;
1021
1022         for (i = 0; i < len; i++) {
1023                 if ((ac == 0) || (strcmp(*av, func[i].name) == 0)) {
1024                         if ((func[i].func)(ac, av) != 0) {
1025                                 printf ("\n!!!!! Test '%s' failed. !!!!!\n\n", func[i].name);
1026                                 exit(1);
1027                         }
1028                         if (ac)
1029                                 break;
1030                 }
1031         }
1032         if (ac && i == len)
1033                 Usage();
1034
1035         printf ("\n===== All tests passed =====\n\n");
1036         exit(0);
1037 }
1038
1039 void
1040 Usage()
1041 {
1042         int i;
1043         int len = sizeof(func)/sizeof(func[0]);
1044
1045         printf("Usage: eaytest [");
1046         for (i = 0; i < len; i++)
1047                 printf("%s%s", func[i].name, (i<len-1)?"|":"");
1048         printf("]\n");
1049 #ifndef CERTTEST_BROKEN
1050         printf("       eaytest cert [cert_directory]\n");
1051 #endif
1052         exit(1);
1053 }
1054