summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2021-02-26 15:15:40 +0000
committertb <>2021-02-26 15:15:40 +0000
commit3f045c3f169355d4b8b237f763dafa09fee95f68 (patch)
tree2ad13a8e3141637e5e5040b49e98e2caf68c5a39
parent7227be70483e3ee10d48bca3182b402fe54a1d4d (diff)
downloadopenbsd-3f045c3f169355d4b8b237f763dafa09fee95f68.tar.gz
openbsd-3f045c3f169355d4b8b237f763dafa09fee95f68.tar.bz2
openbsd-3f045c3f169355d4b8b237f763dafa09fee95f68.zip
zap spades of trailing whitespace
Diffstat
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh532
1 files changed, 266 insertions, 266 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index e90dc989f5..1cc8bacfb1 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $OpenBSD: appstest.sh,v 1.46 2020/08/01 14:31:23 inoguchi Exp $ 3# $OpenBSD: appstest.sh,v 1.47 2021/02/26 15:15:40 tb Exp $
4# 4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> 5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6# 6#
@@ -64,87 +64,87 @@ function usage {
64function test_usage_lists_others { 64function test_usage_lists_others {
65 # === COMMAND USAGE === 65 # === COMMAND USAGE ===
66 section_message "COMMAND USAGE" 66 section_message "COMMAND USAGE"
67 67
68 start_message "output usages of all commands." 68 start_message "output usages of all commands."
69 69
70 cmds=`$openssl_bin list-standard-commands` 70 cmds=`$openssl_bin list-standard-commands`
71 $openssl_bin -help 2>> $user1_dir/usages.out 71 $openssl_bin -help 2>> $user1_dir/usages.out
72 for c in $cmds ; do 72 for c in $cmds ; do
73 $openssl_bin $c -help 2>> $user1_dir/usages.out 73 $openssl_bin $c -help 2>> $user1_dir/usages.out
74 done 74 done
75 75
76 start_message "check all list-* commands." 76 start_message "check all list-* commands."
77 77
78 lists="" 78 lists=""
79 lists="$lists list-standard-commands" 79 lists="$lists list-standard-commands"
80 lists="$lists list-message-digest-commands list-message-digest-algorithms" 80 lists="$lists list-message-digest-commands list-message-digest-algorithms"
81 lists="$lists list-cipher-commands list-cipher-algorithms" 81 lists="$lists list-cipher-commands list-cipher-algorithms"
82 lists="$lists list-public-key-algorithms" 82 lists="$lists list-public-key-algorithms"
83 83
84 listsfile=$user1_dir/lists.out 84 listsfile=$user1_dir/lists.out
85 85
86 for l in $lists ; do 86 for l in $lists ; do
87 echo "" >> $listsfile 87 echo "" >> $listsfile
88 echo "$l" >> $listsfile 88 echo "$l" >> $listsfile
89 $openssl_bin $l >> $listsfile 89 $openssl_bin $l >> $listsfile
90 done 90 done
91 91
92 start_message "check interactive mode" 92 start_message "check interactive mode"
93 $openssl_bin <<__EOF__ 93 $openssl_bin <<__EOF__
94help 94help
95quit 95quit
96__EOF__ 96__EOF__
97 check_exit_status $? 97 check_exit_status $?
98 98
99 #---------#---------#---------#---------#---------#---------#--------- 99 #---------#---------#---------#---------#---------#---------#---------
100 100
101 # --- listing operations --- 101 # --- listing operations ---
102 section_message "listing operations" 102 section_message "listing operations"
103 103
104 start_message "ciphers" 104 start_message "ciphers"
105 $openssl_bin ciphers -V > $user1_dir/ciphers-V.out 105 $openssl_bin ciphers -V > $user1_dir/ciphers-V.out
106 check_exit_status $? 106 check_exit_status $?
107 107
108 start_message "errstr" 108 start_message "errstr"
109 $openssl_bin errstr 2606A074 109 $openssl_bin errstr 2606A074
110 check_exit_status $? 110 check_exit_status $?
111 $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out 111 $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out
112 check_exit_status $? 112 check_exit_status $?
113 113
114 #---------#---------#---------#---------#---------#---------#--------- 114 #---------#---------#---------#---------#---------#---------#---------
115 115
116 # --- random number etc. operations --- 116 # --- random number etc. operations ---
117 section_message "random number etc. operations" 117 section_message "random number etc. operations"
118 118
119 start_message "passwd" 119 start_message "passwd"
120 120
121 pass="test-pass-1234" 121 pass="test-pass-1234"
122 122
123 echo $pass | $openssl_bin passwd -stdin -1 123 echo $pass | $openssl_bin passwd -stdin -1
124 check_exit_status $? 124 check_exit_status $?
125 125
126 echo $pass | $openssl_bin passwd -stdin -apr1 126 echo $pass | $openssl_bin passwd -stdin -apr1
127 check_exit_status $? 127 check_exit_status $?
128 128
129 echo $pass | $openssl_bin passwd -stdin -crypt 129 echo $pass | $openssl_bin passwd -stdin -crypt
130 check_exit_status $? 130 check_exit_status $?
131 131
132 start_message "prime" 132 start_message "prime"
133 133
134 $openssl_bin prime 1 134 $openssl_bin prime 1
135 check_exit_status $? 135 check_exit_status $?
136 136
137 $openssl_bin prime 2 137 $openssl_bin prime 2
138 check_exit_status $? 138 check_exit_status $?
139 139
140 $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5 140 $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5
141 check_exit_status $? 141 check_exit_status $?
142 142
143 start_message "rand" 143 start_message "rand"
144 144
145 $openssl_bin rand -base64 100 145 $openssl_bin rand -base64 100
146 check_exit_status $? 146 check_exit_status $?
147 147
148 $openssl_bin rand -hex 100 148 $openssl_bin rand -hex 100
149 check_exit_status $? 149 check_exit_status $?
150} 150}
@@ -152,9 +152,9 @@ __EOF__
152function test_md { 152function test_md {
153 # === MESSAGE DIGEST COMMANDS === 153 # === MESSAGE DIGEST COMMANDS ===
154 section_message "MESSAGE DIGEST COMMANDS" 154 section_message "MESSAGE DIGEST COMMANDS"
155 155
156 start_message "dgst - See [MESSAGE DIGEST COMMANDS] section." 156 start_message "dgst - See [MESSAGE DIGEST COMMANDS] section."
157 157
158 text="1234567890abcdefghijklmnopqrstuvwxyz" 158 text="1234567890abcdefghijklmnopqrstuvwxyz"
159 dgstdat=$user1_dir/dgst.dat 159 dgstdat=$user1_dir/dgst.dat
160 echo $text > $dgstdat 160 echo $text > $dgstdat
@@ -167,24 +167,24 @@ function test_md {
167 167
168 $openssl_bin genrsa -aes256 -passout pass:$dgstpass -out $dgstkey 168 $openssl_bin genrsa -aes256 -passout pass:$dgstpass -out $dgstkey
169 check_exit_status $? 169 check_exit_status $?
170 170
171 $openssl_bin pkey -in $dgstkey -passin pass:$dgstpass -pubout \ 171 $openssl_bin pkey -in $dgstkey -passin pass:$dgstpass -pubout \
172 -out $dgstpub 172 -out $dgstpub
173 check_exit_status $? 173 check_exit_status $?
174 174
175 digests=`$openssl_bin list-message-digest-commands` 175 digests=`$openssl_bin list-message-digest-commands`
176 176
177 for d in $digests ; do 177 for d in $digests ; do
178 178
179 echo -n "$d ... " 179 echo -n "$d ... "
180 $openssl_bin dgst -$d -hex -out $dgstdat.$d $dgstdat 180 $openssl_bin dgst -$d -hex -out $dgstdat.$d $dgstdat
181 check_exit_status $? 181 check_exit_status $?
182 182
183 echo -n "$d HMAC ... " 183 echo -n "$d HMAC ... "
184 $openssl_bin dgst -$d -c -hmac $hmac_key -out $dgstdat.$d.hmac \ 184 $openssl_bin dgst -$d -c -hmac $hmac_key -out $dgstdat.$d.hmac \
185 $dgstdat 185 $dgstdat
186 check_exit_status $? 186 check_exit_status $?
187 187
188 echo -n "$d CMAC ... " 188 echo -n "$d CMAC ... "
189 $openssl_bin dgst -$d -r -mac cmac -macopt cipher:aes-128-cbc \ 189 $openssl_bin dgst -$d -r -mac cmac -macopt cipher:aes-128-cbc \
190 -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat 190 -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat
@@ -213,27 +213,27 @@ function test_md {
213function test_encoding_cipher { 213function test_encoding_cipher {
214 # === ENCODING AND CIPHER COMMANDS === 214 # === ENCODING AND CIPHER COMMANDS ===
215 section_message "ENCODING AND CIPHER COMMANDS" 215 section_message "ENCODING AND CIPHER COMMANDS"
216 216
217 start_message "enc - See [ENCODING AND CIPHER COMMANDS] section." 217 start_message "enc - See [ENCODING AND CIPHER COMMANDS] section."
218 218
219 text="1234567890abcdefghijklmnopqrstuvwxyz" 219 text="1234567890abcdefghijklmnopqrstuvwxyz"
220 encfile=$user1_dir/encfile.dat 220 encfile=$user1_dir/encfile.dat
221 echo $text > $encfile 221 echo $text > $encfile
222 pass="test-pass-1234" 222 pass="test-pass-1234"
223 223
224 ciphers=`$openssl_bin list-cipher-commands` 224 ciphers=`$openssl_bin list-cipher-commands`
225 225
226 for c in $ciphers ; do 226 for c in $ciphers ; do
227 echo -n "$c ... encoding ... " 227 echo -n "$c ... encoding ... "
228 $openssl_bin enc -$c -e -base64 -pass pass:$pass \ 228 $openssl_bin enc -$c -e -base64 -pass pass:$pass \
229 -in $encfile -out $encfile-$c.enc 229 -in $encfile -out $encfile-$c.enc
230 check_exit_status $? 230 check_exit_status $?
231 231
232 echo -n "decoding ... " 232 echo -n "decoding ... "
233 $openssl_bin enc -$c -d -base64 -pass pass:$pass \ 233 $openssl_bin enc -$c -d -base64 -pass pass:$pass \
234 -in $encfile-$c.enc -out $encfile-$c.dec 234 -in $encfile-$c.enc -out $encfile-$c.dec
235 check_exit_status $? 235 check_exit_status $?
236 236
237 echo -n "cmp ... " 237 echo -n "cmp ... "
238 cmp $encfile $encfile-$c.dec 238 cmp $encfile $encfile-$c.dec
239 check_exit_status $? 239 check_exit_status $?
@@ -243,20 +243,20 @@ function test_encoding_cipher {
243function test_key { 243function test_key {
244 # === various KEY operations === 244 # === various KEY operations ===
245 section_message "various KEY operations" 245 section_message "various KEY operations"
246 246
247 key_pass=test-key-pass 247 key_pass=test-key-pass
248 248
249 # DH 249 # DH
250 250
251 start_message "gendh - Obsoleted by dhparam." 251 start_message "gendh - Obsoleted by dhparam."
252 gendh2=$key_dir/gendh2.pem 252 gendh2=$key_dir/gendh2.pem
253 $openssl_bin gendh -2 -out $gendh2 > $gendh2.log 2>&1 253 $openssl_bin gendh -2 -out $gendh2 > $gendh2.log 2>&1
254 check_exit_status $? 254 check_exit_status $?
255 255
256 start_message "dh - Obsoleted by dhparam." 256 start_message "dh - Obsoleted by dhparam."
257 $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out 257 $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out
258 check_exit_status $? 258 check_exit_status $?
259 259
260 if [ $no_long_tests = 0 ] ; then 260 if [ $no_long_tests = 0 ] ; then
261 start_message "dhparam - Superseded by genpkey and pkeyparam." 261 start_message "dhparam - Superseded by genpkey and pkeyparam."
262 dhparam2=$key_dir/dhparam2.pem 262 dhparam2=$key_dir/dhparam2.pem
@@ -268,111 +268,111 @@ function test_key {
268 else 268 else
269 start_message "SKIPPING dhparam - Superseded by genpkey and pkeyparam. (quick mode)" 269 start_message "SKIPPING dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
270 fi 270 fi
271 271
272 # DSA 272 # DSA
273 273
274 start_message "dsaparam - Superseded by genpkey and pkeyparam." 274 start_message "dsaparam - Superseded by genpkey and pkeyparam."
275 dsaparam512=$key_dir/dsaparam512.pem 275 dsaparam512=$key_dir/dsaparam512.pem
276 $openssl_bin dsaparam -genkey -out $dsaparam512 512 \ 276 $openssl_bin dsaparam -genkey -out $dsaparam512 512 \
277 > $dsaparam512.log 2>&1 277 > $dsaparam512.log 2>&1
278 check_exit_status $? 278 check_exit_status $?
279 279
280 start_message "dsa" 280 start_message "dsa"
281 $openssl_bin dsa -in $dsaparam512 -text -modulus -out $dsaparam512.out 281 $openssl_bin dsa -in $dsaparam512 -text -modulus -out $dsaparam512.out
282 check_exit_status $? 282 check_exit_status $?
283 283
284 start_message "gendsa - Superseded by genpkey and pkey." 284 start_message "gendsa - Superseded by genpkey and pkey."
285 gendsa_des3=$key_dir/gendsa_des3.pem 285 gendsa_des3=$key_dir/gendsa_des3.pem
286 $openssl_bin gendsa -des3 -out $gendsa_des3 \ 286 $openssl_bin gendsa -des3 -out $gendsa_des3 \
287 -passout pass:$key_pass $dsaparam512 287 -passout pass:$key_pass $dsaparam512
288 check_exit_status $? 288 check_exit_status $?
289 289
290 # RSA 290 # RSA
291 291
292 start_message "genrsa - Superseded by genpkey." 292 start_message "genrsa - Superseded by genpkey."
293 genrsa_aes256=$key_dir/genrsa_aes256.pem 293 genrsa_aes256=$key_dir/genrsa_aes256.pem
294 $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \ 294 $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \
295 -passout pass:$key_pass 2048 > $genrsa_aes256.log 2>&1 295 -passout pass:$key_pass 2048 > $genrsa_aes256.log 2>&1
296 check_exit_status $? 296 check_exit_status $?
297 297
298 start_message "rsa" 298 start_message "rsa"
299 $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \ 299 $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \
300 -check -text -out $genrsa_aes256.out 300 -check -text -out $genrsa_aes256.out
301 check_exit_status $? 301 check_exit_status $?
302 302
303 start_message "rsautl - Superseded by pkeyutl." 303 start_message "rsautl - Superseded by pkeyutl."
304 rsautldat=$key_dir/rsautl.dat 304 rsautldat=$key_dir/rsautl.dat
305 rsautlsig=$key_dir/rsautl.sig 305 rsautlsig=$key_dir/rsautl.sig
306 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat 306 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat
307 307
308 $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \ 308 $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \
309 -passin pass:$key_pass -out $rsautlsig 309 -passin pass:$key_pass -out $rsautlsig
310 check_exit_status $? 310 check_exit_status $?
311 311
312 $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \ 312 $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \
313 -passin pass:$key_pass 313 -passin pass:$key_pass
314 check_exit_status $? 314 check_exit_status $?
315 315
316 # EC 316 # EC
317 317
318 start_message "ecparam -list-curves" 318 start_message "ecparam -list-curves"
319 $openssl_bin ecparam -list_curves -out $key_dir/ecparam-list_curves.out 319 $openssl_bin ecparam -list_curves -out $key_dir/ecparam-list_curves.out
320 check_exit_status $? 320 check_exit_status $?
321 321
322 # get all EC curves 322 # get all EC curves
323 ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1` 323 ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1`
324 324
325 start_message "ecparam and ec" 325 start_message "ecparam and ec"
326 326
327 for curve in $ec_curves ; 327 for curve in $ec_curves ;
328 do 328 do
329 ecparam=$key_dir/ecparam_$curve.pem 329 ecparam=$key_dir/ecparam_$curve.pem
330 330
331 echo -n "ec - $curve ... ecparam ... " 331 echo -n "ec - $curve ... ecparam ... "
332 $openssl_bin ecparam -out $ecparam -name $curve -genkey \ 332 $openssl_bin ecparam -out $ecparam -name $curve -genkey \
333 -param_enc explicit -conv_form compressed -C 333 -param_enc explicit -conv_form compressed -C
334 check_exit_status $? 334 check_exit_status $?
335 335
336 echo -n "ec ... " 336 echo -n "ec ... "
337 $openssl_bin ec -in $ecparam -text \ 337 $openssl_bin ec -in $ecparam -text \
338 -out $ecparam.out 2> /dev/null 338 -out $ecparam.out 2> /dev/null
339 check_exit_status $? 339 check_exit_status $?
340 done 340 done
341 341
342 # PKEY 342 # PKEY
343 343
344 start_message "genpkey" 344 start_message "genpkey"
345 345
346 # DH by GENPKEY 346 # DH by GENPKEY
347 347
348 genpkey_dh_param=$key_dir/genpkey_dh_param.pem 348 genpkey_dh_param=$key_dir/genpkey_dh_param.pem
349 $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \ 349 $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \
350 -pkeyopt dh_paramgen_prime_len:1024 > $genpkey_dh_param.log 2>&1 350 -pkeyopt dh_paramgen_prime_len:1024 > $genpkey_dh_param.log 2>&1
351 check_exit_status $? 351 check_exit_status $?
352 352
353 genpkey_dh=$key_dir/genpkey_dh.pem 353 genpkey_dh=$key_dir/genpkey_dh.pem
354 $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh 354 $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh
355 check_exit_status $? 355 check_exit_status $?
356 356
357 # DSA by GENPKEY 357 # DSA by GENPKEY
358 358
359 genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem 359 genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem
360 $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \ 360 $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \
361 -pkeyopt dsa_paramgen_bits:1024 > $genpkey_dsa_param.log 2>&1 361 -pkeyopt dsa_paramgen_bits:1024 > $genpkey_dsa_param.log 2>&1
362 check_exit_status $? 362 check_exit_status $?
363 363
364 genpkey_dsa=$key_dir/genpkey_dsa.pem 364 genpkey_dsa=$key_dir/genpkey_dsa.pem
365 $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa 365 $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa
366 check_exit_status $? 366 check_exit_status $?
367 367
368 # RSA by GENPKEY 368 # RSA by GENPKEY
369 369
370 genpkey_rsa=$key_dir/genpkey_rsa.pem 370 genpkey_rsa=$key_dir/genpkey_rsa.pem
371 $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \ 371 $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \
372 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 \ 372 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 \
373 > $genpkey_rsa.log 2>&1 373 > $genpkey_rsa.log 2>&1
374 check_exit_status $? 374 check_exit_status $?
375 375
376 genpkey_rsa_pss=$key_dir/genpkey_rsa_pss.pem 376 genpkey_rsa_pss=$key_dir/genpkey_rsa_pss.pem
377 $openssl_bin genpkey -algorithm RSA-PSS -out $genpkey_rsa_pss \ 377 $openssl_bin genpkey -algorithm RSA-PSS -out $genpkey_rsa_pss \
378 -pkeyopt rsa_keygen_bits:2048 \ 378 -pkeyopt rsa_keygen_bits:2048 \
@@ -381,72 +381,72 @@ function test_key {
381 -pkeyopt rsa_pss_keygen_saltlen:32 \ 381 -pkeyopt rsa_pss_keygen_saltlen:32 \
382 > $genpkey_rsa_pss.log 2>&1 382 > $genpkey_rsa_pss.log 2>&1
383 check_exit_status $? 383 check_exit_status $?
384 384
385 # EC by GENPKEY 385 # EC by GENPKEY
386 386
387 genpkey_ec_param=$key_dir/genpkey_ec_param.pem 387 genpkey_ec_param=$key_dir/genpkey_ec_param.pem
388 $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \ 388 $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \
389 -pkeyopt ec_paramgen_curve:secp384r1 389 -pkeyopt ec_paramgen_curve:secp384r1
390 check_exit_status $? 390 check_exit_status $?
391 391
392 genpkey_ec=$key_dir/genpkey_ec.pem 392 genpkey_ec=$key_dir/genpkey_ec.pem
393 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec 393 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec
394 check_exit_status $? 394 check_exit_status $?
395 395
396 genpkey_ec_2=$key_dir/genpkey_ec_2.pem 396 genpkey_ec_2=$key_dir/genpkey_ec_2.pem
397 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec_2 397 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec_2
398 check_exit_status $? 398 check_exit_status $?
399 399
400 start_message "pkeyparam" 400 start_message "pkeyparam"
401 401
402 $openssl_bin pkeyparam -in $genpkey_dh_param -text \ 402 $openssl_bin pkeyparam -in $genpkey_dh_param -text \
403 -out $genpkey_dh_param.out 403 -out $genpkey_dh_param.out
404 check_exit_status $? 404 check_exit_status $?
405 405
406 $openssl_bin pkeyparam -in $genpkey_dsa_param -text \ 406 $openssl_bin pkeyparam -in $genpkey_dsa_param -text \
407 -out $genpkey_dsa_param.out 407 -out $genpkey_dsa_param.out
408 check_exit_status $? 408 check_exit_status $?
409 409
410 $openssl_bin pkeyparam -in $genpkey_ec_param -text \ 410 $openssl_bin pkeyparam -in $genpkey_ec_param -text \
411 -out $genpkey_ec_param.out 411 -out $genpkey_ec_param.out
412 check_exit_status $? 412 check_exit_status $?
413 413
414 start_message "pkey" 414 start_message "pkey"
415 415
416 $openssl_bin pkey -in $genpkey_dh -pubout -out $genpkey_dh.pub \ 416 $openssl_bin pkey -in $genpkey_dh -pubout -out $genpkey_dh.pub \
417 -text_pub 417 -text_pub
418 check_exit_status $? 418 check_exit_status $?
419 419
420 $openssl_bin pkey -in $genpkey_dsa -pubout -out $genpkey_dsa.pub \ 420 $openssl_bin pkey -in $genpkey_dsa -pubout -out $genpkey_dsa.pub \
421 -text_pub 421 -text_pub
422 check_exit_status $? 422 check_exit_status $?
423 423
424 $openssl_bin pkey -in $genpkey_rsa -pubout -out $genpkey_rsa.pub \ 424 $openssl_bin pkey -in $genpkey_rsa -pubout -out $genpkey_rsa.pub \
425 -text_pub 425 -text_pub
426 check_exit_status $? 426 check_exit_status $?
427 427
428 $openssl_bin pkey -in $genpkey_ec -pubout -out $genpkey_ec.pub \ 428 $openssl_bin pkey -in $genpkey_ec -pubout -out $genpkey_ec.pub \
429 -text_pub 429 -text_pub
430 check_exit_status $? 430 check_exit_status $?
431 431
432 $openssl_bin pkey -in $genpkey_ec_2 -pubout -out $genpkey_ec_2.pub \ 432 $openssl_bin pkey -in $genpkey_ec_2 -pubout -out $genpkey_ec_2.pub \
433 -text_pub 433 -text_pub
434 check_exit_status $? 434 check_exit_status $?
435 435
436 start_message "pkeyutl" 436 start_message "pkeyutl"
437 437
438 pkeyutldat=$key_dir/pkeyutl.dat 438 pkeyutldat=$key_dir/pkeyutl.dat
439 pkeyutlsig=$key_dir/pkeyutl.sig 439 pkeyutlsig=$key_dir/pkeyutl.sig
440 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat 440 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat
441 441
442 $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \ 442 $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \
443 -out $pkeyutlsig 443 -out $pkeyutlsig
444 check_exit_status $? 444 check_exit_status $?
445 445
446 $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \ 446 $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \
447 -inkey $genpkey_rsa 447 -inkey $genpkey_rsa
448 check_exit_status $? 448 check_exit_status $?
449 449
450 $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa 450 $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa
451 check_exit_status $? 451 check_exit_status $?
452 452
@@ -562,16 +562,16 @@ extendedKeyUsage = OCSPSigning
562__EOF__ 562__EOF__
563 563
564 #---------#---------#---------#---------#---------#---------#--------- 564 #---------#---------#---------#---------#---------#---------#---------
565 565
566 # 566 #
567 # setup test CA 567 # setup test CA
568 # 568 #
569 569
570 mkdir -p $ca_dir 570 mkdir -p $ca_dir
571 mkdir -p $tsa_dir 571 mkdir -p $tsa_dir
572 mkdir -p $ocsp_dir 572 mkdir -p $ocsp_dir
573 mkdir -p $server_dir 573 mkdir -p $server_dir
574 574
575 mkdir -p $ca_dir/certs 575 mkdir -p $ca_dir/certs
576 mkdir -p $ca_dir/private 576 mkdir -p $ca_dir/private
577 mkdir -p $ca_dir/crl 577 mkdir -p $ca_dir/crl
@@ -581,7 +581,7 @@ __EOF__
581 touch $ca_dir/index.txt 581 touch $ca_dir/index.txt
582 touch $ca_dir/crlnumber 582 touch $ca_dir/crlnumber
583 echo "01" > $ca_dir/crlnumber 583 echo "01" > $ca_dir/crlnumber
584 584
585 # 585 #
586 # setup test TSA 586 # setup test TSA
587 # 587 #
@@ -589,28 +589,28 @@ __EOF__
589 chmod 700 $tsa_dir/private 589 chmod 700 $tsa_dir/private
590 echo "01" > $tsa_dir/serial 590 echo "01" > $tsa_dir/serial
591 touch $tsa_dir/index.txt 591 touch $tsa_dir/index.txt
592 592
593 # 593 #
594 # setup test OCSP 594 # setup test OCSP
595 # 595 #
596 mkdir -p $ocsp_dir/private 596 mkdir -p $ocsp_dir/private
597 chmod 700 $ocsp_dir/private 597 chmod 700 $ocsp_dir/private
598 598
599 #---------#---------#---------#---------#---------#---------#--------- 599 #---------#---------#---------#---------#---------#---------#---------
600 600
601 # --- CA initiate (generate CA key and cert) --- 601 # --- CA initiate (generate CA key and cert) ---
602 602
603 start_message "req ... generate CA key and self signed cert" 603 start_message "req ... generate CA key and self signed cert"
604 604
605 ca_cert=$ca_dir/ca_cert.pem 605 ca_cert=$ca_dir/ca_cert.pem
606 ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass 606 ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass
607 607
608 if [ $mingw = 0 ] ; then 608 if [ $mingw = 0 ] ; then
609 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test-dummy.com/' 609 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test-dummy.com/'
610 else 610 else
611 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testCA.test-dummy.com\' 611 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testCA.test-dummy.com\'
612 fi 612 fi
613 613
614 $openssl_bin req -new -x509 -batch -newkey rsa:2048 \ 614 $openssl_bin req -new -x509 -batch -newkey rsa:2048 \
615 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 \ 615 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 \
616 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \ 616 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
@@ -619,33 +619,33 @@ __EOF__
619 -keyout $ca_key -passout pass:$ca_pass \ 619 -keyout $ca_key -passout pass:$ca_pass \
620 -out $ca_cert -outform pem 620 -out $ca_cert -outform pem
621 check_exit_status $? 621 check_exit_status $?
622 622
623 #---------#---------#---------#---------#---------#---------#--------- 623 #---------#---------#---------#---------#---------#---------#---------
624 624
625 # --- TSA initiate (generate TSA key and cert) --- 625 # --- TSA initiate (generate TSA key and cert) ---
626 626
627 start_message "req ... generate TSA key and cert" 627 start_message "req ... generate TSA key and cert"
628 628
629 # generate CSR for TSA 629 # generate CSR for TSA
630 630
631 tsa_csr=$tsa_dir/tsa_csr.pem 631 tsa_csr=$tsa_dir/tsa_csr.pem
632 tsa_key=$tsa_dir/private/tsa_key.pem 632 tsa_key=$tsa_dir/private/tsa_key.pem
633 tsa_pass=test-tsa-pass 633 tsa_pass=test-tsa-pass
634 634
635 if [ $mingw = 0 ] ; then 635 if [ $mingw = 0 ] ; then
636 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test-dummy.com/' 636 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test-dummy.com/'
637 else 637 else
638 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test-dummy.com\' 638 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test-dummy.com\'
639 fi 639 fi
640 640
641 $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \ 641 $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \
642 -passout pass:$tsa_pass -subj $subj -asn1-kludge 642 -passout pass:$tsa_pass -subj $subj -asn1-kludge
643 check_exit_status $? 643 check_exit_status $?
644 644
645 start_message "ca ... sign by CA with TSA extensions" 645 start_message "ca ... sign by CA with TSA extensions"
646 646
647 tsa_cert=$tsa_dir/tsa_cert.pem 647 tsa_cert=$tsa_dir/tsa_cert.pem
648 648
649 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ 649 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \
650 -key $ca_pass -config $ssldir/openssl.cnf -create_serial \ 650 -key $ca_pass -config $ssldir/openssl.cnf -create_serial \
651 -policy policy_match -days 1 -md sha256 -extensions tsa_ext \ 651 -policy policy_match -days 1 -md sha256 -extensions tsa_ext \
@@ -654,55 +654,55 @@ __EOF__
654 -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext \ 654 -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext \
655 > $tsa_cert.log 2>&1 655 > $tsa_cert.log 2>&1
656 check_exit_status $? 656 check_exit_status $?
657 657
658 #---------#---------#---------#---------#---------#---------#--------- 658 #---------#---------#---------#---------#---------#---------#---------
659 659
660 # --- OCSP initiate (generate OCSP key and cert) --- 660 # --- OCSP initiate (generate OCSP key and cert) ---
661 661
662 start_message "req ... generate OCSP key and cert" 662 start_message "req ... generate OCSP key and cert"
663 663
664 # generate CSR for OCSP 664 # generate CSR for OCSP
665 665
666 ocsp_csr=$ocsp_dir/ocsp_csr.pem 666 ocsp_csr=$ocsp_dir/ocsp_csr.pem
667 ocsp_key=$ocsp_dir/private/ocsp_key.pem 667 ocsp_key=$ocsp_dir/private/ocsp_key.pem
668 668
669 if [ $mingw = 0 ] ; then 669 if [ $mingw = 0 ] ; then
670 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test-dummy.com/' 670 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test-dummy.com/'
671 else 671 else
672 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test-dummy.com\' 672 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test-dummy.com\'
673 fi 673 fi
674 674
675 $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \ 675 $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \
676 -subj $subj -no-asn1-kludge 676 -subj $subj -no-asn1-kludge
677 check_exit_status $? 677 check_exit_status $?
678 678
679 start_message "ca ... sign by CA with OCSP extensions" 679 start_message "ca ... sign by CA with OCSP extensions"
680 680
681 ocsp_cert=$ocsp_dir/ocsp_cert.pem 681 ocsp_cert=$ocsp_dir/ocsp_cert.pem
682 682
683 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ 683 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \
684 -key $ca_pass -out $ocsp_cert -extensions ocsp_ext \ 684 -key $ca_pass -out $ocsp_cert -extensions ocsp_ext \
685 -startdate `date -u '+%y%m%d%H%M%SZ'` -enddate 491223235959Z \ 685 -startdate `date -u '+%y%m%d%H%M%SZ'` -enddate 491223235959Z \
686 -subj $subj -infiles $ocsp_csr > $ocsp_cert.log 2>&1 686 -subj $subj -infiles $ocsp_csr > $ocsp_cert.log 2>&1
687 check_exit_status $? 687 check_exit_status $?
688 688
689 #---------#---------#---------#---------#---------#---------#--------- 689 #---------#---------#---------#---------#---------#---------#---------
690 690
691 # --- server-admin operations (generate server key and csr) --- 691 # --- server-admin operations (generate server key and csr) ---
692 section_message "server-admin operations (generate server key and csr)" 692 section_message "server-admin operations (generate server key and csr)"
693 693
694 # RSA certificate 694 # RSA certificate
695 695
696 sv_rsa_key=$server_dir/sv_rsa_key.pem 696 sv_rsa_key=$server_dir/sv_rsa_key.pem
697 sv_rsa_csr=$server_dir/sv_rsa_csr.pem 697 sv_rsa_csr=$server_dir/sv_rsa_csr.pem
698 sv_rsa_pass=test-server-pass 698 sv_rsa_pass=test-server-pass
699 699
700 if [ $mingw = 0 ] ; then 700 if [ $mingw = 0 ] ; then
701 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test-dummy.com/' 701 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test-dummy.com/'
702 else 702 else
703 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test-dummy.com\' 703 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test-dummy.com\'
704 fi 704 fi
705 705
706 start_message "genrsa ... generate server key#1" 706 start_message "genrsa ... generate server key#1"
707 707
708 $openssl_bin genrsa -aes256 -passout pass:$sv_rsa_pass -out $sv_rsa_key 708 $openssl_bin genrsa -aes256 -passout pass:$sv_rsa_pass -out $sv_rsa_key
@@ -715,7 +715,7 @@ __EOF__
715 -addext 'subjectAltName = DNS:localhost.test-dummy.com' \ 715 -addext 'subjectAltName = DNS:localhost.test-dummy.com' \
716 -out $sv_rsa_csr -outform pem 716 -out $sv_rsa_csr -outform pem
717 check_exit_status $? 717 check_exit_status $?
718 718
719 start_message "req ... verify server csr#1" 719 start_message "req ... verify server csr#1"
720 720
721 $openssl_bin req -verify -in $sv_rsa_csr -inform pem \ 721 $openssl_bin req -verify -in $sv_rsa_csr -inform pem \
@@ -725,7 +725,7 @@ __EOF__
725 check_exit_status $? 725 check_exit_status $?
726 726
727 start_message "req ... generate server csr#2 (interactive mode)" 727 start_message "req ... generate server csr#2 (interactive mode)"
728 728
729 # RSA certificate (for revoke test) 729 # RSA certificate (for revoke test)
730 730
731 revoke_key=$server_dir/revoke_key.pem 731 revoke_key=$server_dir/revoke_key.pem
@@ -752,7 +752,7 @@ __EOF__
752 else 752 else
753 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=ecdsa.test-dummy.com\' 753 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=ecdsa.test-dummy.com\'
754 fi 754 fi
755 755
756 start_message "ecparam ... generate server key#3" 756 start_message "ecparam ... generate server key#3"
757 757
758 $openssl_bin ecparam -name prime256v1 -genkey -out $sv_ecdsa_key 758 $openssl_bin ecparam -name prime256v1 -genkey -out $sv_ecdsa_key
@@ -765,7 +765,7 @@ __EOF__
765 -addext 'subjectAltName = DNS:ecdsa.test-dummy.com' \ 765 -addext 'subjectAltName = DNS:ecdsa.test-dummy.com' \
766 -out $sv_ecdsa_csr -outform pem 766 -out $sv_ecdsa_csr -outform pem
767 check_exit_status $? 767 check_exit_status $?
768 768
769 start_message "req ... verify server csr#3" 769 start_message "req ... verify server csr#3"
770 770
771 $openssl_bin req -verify -in $sv_ecdsa_csr -inform pem \ 771 $openssl_bin req -verify -in $sv_ecdsa_csr -inform pem \
@@ -785,7 +785,7 @@ __EOF__
785 else 785 else
786 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=gost.test-dummy.com\' 786 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=gost.test-dummy.com\'
787 fi 787 fi
788 788
789 start_message "genpkey ... generate server key#4" 789 start_message "genpkey ... generate server key#4"
790 790
791 $openssl_bin genpkey -algorithm GOST2001 -pkeyopt paramset:A \ 791 $openssl_bin genpkey -algorithm GOST2001 -pkeyopt paramset:A \
@@ -799,7 +799,7 @@ __EOF__
799 -addext 'subjectAltName = DNS:gost.test-dummy.com' \ 799 -addext 'subjectAltName = DNS:gost.test-dummy.com' \
800 -out $sv_gost_csr -outform pem 800 -out $sv_gost_csr -outform pem
801 check_exit_status $? 801 check_exit_status $?
802 802
803 start_message "req ... verify server csr#4" 803 start_message "req ... verify server csr#4"
804 804
805 $openssl_bin req -verify -in $sv_gost_csr -inform pem \ 805 $openssl_bin req -verify -in $sv_gost_csr -inform pem \
@@ -809,19 +809,19 @@ __EOF__
809 check_exit_status $? 809 check_exit_status $?
810 810
811 #---------#---------#---------#---------#---------#---------#--------- 811 #---------#---------#---------#---------#---------#---------#---------
812 812
813 # --- CA operations (issue cert for server) --- 813 # --- CA operations (issue cert for server) ---
814 section_message "CA operations (issue cert for server)" 814 section_message "CA operations (issue cert for server)"
815 815
816 start_message "ca ... issue cert for server csr#1" 816 start_message "ca ... issue cert for server csr#1"
817 817
818 sv_rsa_cert=$server_dir/sv_rsa_cert.pem 818 sv_rsa_cert=$server_dir/sv_rsa_cert.pem
819 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 819 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
820 -in $sv_rsa_csr -out $sv_rsa_cert > $sv_rsa_cert.log 2>&1 820 -in $sv_rsa_csr -out $sv_rsa_cert > $sv_rsa_cert.log 2>&1
821 check_exit_status $? 821 check_exit_status $?
822 822
823 start_message "x509 ... issue cert for server csr#2" 823 start_message "x509 ... issue cert for server csr#2"
824 824
825 revoke_cert=$server_dir/revoke_cert.pem 825 revoke_cert=$server_dir/revoke_cert.pem
826 $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAform pem \ 826 $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAform pem \
827 -CAkey $ca_key -CAkeyform pem \ 827 -CAkey $ca_key -CAkeyform pem \
@@ -829,26 +829,26 @@ __EOF__
829 -passin pass:$ca_pass -CAcreateserial -out $revoke_cert \ 829 -passin pass:$ca_pass -CAcreateserial -out $revoke_cert \
830 > $revoke_cert.log 2>&1 830 > $revoke_cert.log 2>&1
831 check_exit_status $? 831 check_exit_status $?
832 832
833 start_message "ca ... issue cert for server csr#3" 833 start_message "ca ... issue cert for server csr#3"
834 834
835 sv_ecdsa_cert=$server_dir/sv_ecdsa_cert.pem 835 sv_ecdsa_cert=$server_dir/sv_ecdsa_cert.pem
836 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 836 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
837 -in $sv_ecdsa_csr -out $sv_ecdsa_cert > $sv_ecdsa_cert.log 2>&1 837 -in $sv_ecdsa_csr -out $sv_ecdsa_cert > $sv_ecdsa_cert.log 2>&1
838 check_exit_status $? 838 check_exit_status $?
839 839
840 start_message "ca ... issue cert for server csr#4" 840 start_message "ca ... issue cert for server csr#4"
841 841
842 sv_gost_cert=$server_dir/sv_gost_cert.pem 842 sv_gost_cert=$server_dir/sv_gost_cert.pem
843 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 843 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
844 -in $sv_gost_csr -out $sv_gost_cert > $sv_gost_cert.log 2>&1 844 -in $sv_gost_csr -out $sv_gost_cert > $sv_gost_cert.log 2>&1
845 check_exit_status $? 845 check_exit_status $?
846 846
847 #---------#---------#---------#---------#---------#---------#--------- 847 #---------#---------#---------#---------#---------#---------#---------
848 848
849 # --- CA operations (revoke cert and generate crl) --- 849 # --- CA operations (revoke cert and generate crl) ---
850 section_message "CA operations (revoke cert and generate crl)" 850 section_message "CA operations (revoke cert and generate crl)"
851 851
852 start_message "ca ... revoke server cert#2" 852 start_message "ca ... revoke server cert#2"
853 crl_file=$ca_dir/crl.pem 853 crl_file=$ca_dir/crl.pem
854 $openssl_bin ca -gencrl -out $crl_file -revoke $revoke_cert \ 854 $openssl_bin ca -gencrl -out $crl_file -revoke $revoke_cert \
@@ -860,34 +860,34 @@ __EOF__
860 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert \ 860 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert \
861 > $crl_file.log 2>&1 861 > $crl_file.log 2>&1
862 check_exit_status $? 862 check_exit_status $?
863 863
864 start_message "ca ... show certificate status by serial number" 864 start_message "ca ... show certificate status by serial number"
865 $openssl_bin ca -config $ssldir/openssl.cnf -status 1 865 $openssl_bin ca -config $ssldir/openssl.cnf -status 1
866 866
867 start_message "crl ... CA generates CRL" 867 start_message "crl ... CA generates CRL"
868 $openssl_bin crl -in $crl_file -fingerprint >> $crl_file.log 2>&1 868 $openssl_bin crl -in $crl_file -fingerprint >> $crl_file.log 2>&1
869 check_exit_status $? 869 check_exit_status $?
870 870
871 crl_p7=$ca_dir/crl.p7 871 crl_p7=$ca_dir/crl.p7
872 start_message "crl2pkcs7 ... convert CRL to pkcs7" 872 start_message "crl2pkcs7 ... convert CRL to pkcs7"
873 $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7 873 $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7
874 check_exit_status $? 874 check_exit_status $?
875 875
876 #---------#---------#---------#---------#---------#---------#--------- 876 #---------#---------#---------#---------#---------#---------#---------
877 877
878 # --- server-admin operations (check csr, verify cert, certhash) --- 878 # --- server-admin operations (check csr, verify cert, certhash) ---
879 section_message "server-admin operations (check csr, verify cert, certhash)" 879 section_message "server-admin operations (check csr, verify cert, certhash)"
880 880
881 start_message "asn1parse ... parse server csr#1" 881 start_message "asn1parse ... parse server csr#1"
882 $openssl_bin asn1parse -in $sv_rsa_csr -i -dlimit 100 -length 1000 \ 882 $openssl_bin asn1parse -in $sv_rsa_csr -i -dlimit 100 -length 1000 \
883 -strparse 01 > $sv_rsa_csr.asn1parse.out 883 -strparse 01 > $sv_rsa_csr.asn1parse.out
884 check_exit_status $? 884 check_exit_status $?
885 885
886 start_message "verify ... server cert#1" 886 start_message "verify ... server cert#1"
887 $openssl_bin verify -verbose -CAfile $ca_cert -CRLfile $crl_file \ 887 $openssl_bin verify -verbose -CAfile $ca_cert -CRLfile $crl_file \
888 -crl_check -issuer_checks -purpose sslserver $sv_rsa_cert 888 -crl_check -issuer_checks -purpose sslserver $sv_rsa_cert
889 check_exit_status $? 889 check_exit_status $?
890 890
891 start_message "x509 ... get detail info about server cert#1" 891 start_message "x509 ... get detail info about server cert#1"
892 $openssl_bin x509 -in $sv_rsa_cert -text -C -dates -startdate -enddate \ 892 $openssl_bin x509 -in $sv_rsa_cert -text -C -dates -startdate -enddate \
893 -fingerprint -issuer -issuer_hash -issuer_hash_old \ 893 -fingerprint -issuer -issuer_hash -issuer_hash_old \
@@ -896,14 +896,14 @@ __EOF__
896 -alias -clrtrust -clrreject -next_serial -checkend 3600 \ 896 -alias -clrtrust -clrreject -next_serial -checkend 3600 \
897 -nameopt multiline -certopt compatible > $sv_rsa_cert.x509.out 897 -nameopt multiline -certopt compatible > $sv_rsa_cert.x509.out
898 check_exit_status $? 898 check_exit_status $?
899 899
900 if [ $mingw = 0 ] ; then 900 if [ $mingw = 0 ] ; then
901 start_message "certhash" 901 start_message "certhash"
902 $openssl_bin certhash -v $server_dir \ 902 $openssl_bin certhash -v $server_dir \
903 > $server_dir/certhash.log 2>&1 903 > $server_dir/certhash.log 2>&1
904 check_exit_status $? 904 check_exit_status $?
905 fi 905 fi
906 906
907 # self signed 907 # self signed
908 start_message "x509 ... generate self signed server cert" 908 start_message "x509 ... generate self signed server cert"
909 server_self_cert=$server_dir/server_self_cert.pem 909 server_self_cert=$server_dir/server_self_cert.pem
@@ -911,23 +911,23 @@ __EOF__
911 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \ 911 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
912 -passin pass:$sv_rsa_pass -out $server_self_cert -days 1 912 -passin pass:$sv_rsa_pass -out $server_self_cert -days 1
913 check_exit_status $? 913 check_exit_status $?
914 914
915 #---------#---------#---------#---------#---------#---------#--------- 915 #---------#---------#---------#---------#---------#---------#---------
916 916
917 # --- Netscape SPKAC operations --- 917 # --- Netscape SPKAC operations ---
918 section_message "Netscape SPKAC operations" 918 section_message "Netscape SPKAC operations"
919 919
920 # server-admin generates SPKAC 920 # server-admin generates SPKAC
921 921
922 start_message "spkac" 922 start_message "spkac"
923 spkacfile=$server_dir/spkac.file 923 spkacfile=$server_dir/spkac.file
924 924
925 $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile 925 $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile
926 check_exit_status $? 926 check_exit_status $?
927 927
928 $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out 928 $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out
929 check_exit_status $? 929 check_exit_status $?
930 930
931 spkacreq=$server_dir/spkac.req 931 spkacreq=$server_dir/spkac.req
932 cat << __EOF__ > $spkacreq 932 cat << __EOF__ > $spkacreq
933countryName = JP 933countryName = JP
@@ -936,30 +936,30 @@ organizationName = TEST_DUMMY_COMPANY
936commonName = spkac.test-dummy.com 936commonName = spkac.test-dummy.com
937__EOF__ 937__EOF__
938 cat $spkacfile >> $spkacreq 938 cat $spkacfile >> $spkacreq
939 939
940 # CA signs SPKAC 940 # CA signs SPKAC
941 start_message "ca ... CA signs SPKAC csr" 941 start_message "ca ... CA signs SPKAC csr"
942 spkaccert=$server_dir/spkac.cert 942 spkaccert=$server_dir/spkac.cert
943 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 943 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
944 -spkac $spkacreq -out $spkaccert > $spkaccert.log 2>&1 944 -spkac $spkacreq -out $spkaccert > $spkaccert.log 2>&1
945 check_exit_status $? 945 check_exit_status $?
946 946
947 start_message "x509 ... convert DER format SPKAC cert to PEM" 947 start_message "x509 ... convert DER format SPKAC cert to PEM"
948 spkacpem=$server_dir/spkac.pem 948 spkacpem=$server_dir/spkac.pem
949 $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM 949 $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM
950 check_exit_status $? 950 check_exit_status $?
951 951
952 # server-admin cert verify 952 # server-admin cert verify
953 953
954 start_message "nseq" 954 start_message "nseq"
955 $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq 955 $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq
956 check_exit_status $? 956 check_exit_status $?
957 957
958 #---------#---------#---------#---------#---------#---------#--------- 958 #---------#---------#---------#---------#---------#---------#---------
959 959
960 # --- user1 operations (generate user1 key and csr) --- 960 # --- user1 operations (generate user1 key and csr) ---
961 section_message "user1 operations (generate user1 key and csr)" 961 section_message "user1 operations (generate user1 key and csr)"
962 962
963 # trust 963 # trust
964 start_message "x509 ... trust testCA cert" 964 start_message "x509 ... trust testCA cert"
965 user1_trust=$user1_dir/user1_trust_ca.pem 965 user1_trust=$user1_dir/user1_trust_ca.pem
@@ -967,35 +967,35 @@ __EOF__
967 -setalias "trusted testCA" -purpose -out $user1_trust \ 967 -setalias "trusted testCA" -purpose -out $user1_trust \
968 > $user1_trust.log 2>&1 968 > $user1_trust.log 2>&1
969 check_exit_status $? 969 check_exit_status $?
970 970
971 start_message "req ... generate private key and csr for user1" 971 start_message "req ... generate private key and csr for user1"
972 972
973 cl_rsa_key=$user1_dir/cl_rsa_key.pem 973 cl_rsa_key=$user1_dir/cl_rsa_key.pem
974 cl_rsa_csr=$user1_dir/cl_rsa_csr.pem 974 cl_rsa_csr=$user1_dir/cl_rsa_csr.pem
975 cl_rsa_pass=test-user1-pass 975 cl_rsa_pass=test-user1-pass
976 976
977 if [ $mingw = 0 ] ; then 977 if [ $mingw = 0 ] ; then
978 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test-dummy.com/' 978 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test-dummy.com/'
979 else 979 else
980 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test-dummy.com\' 980 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test-dummy.com\'
981 fi 981 fi
982 982
983 $openssl_bin req -new -keyout $cl_rsa_key -out $cl_rsa_csr \ 983 $openssl_bin req -new -keyout $cl_rsa_key -out $cl_rsa_csr \
984 -passout pass:$cl_rsa_pass -subj $subj > $cl_rsa_csr.log 2>&1 984 -passout pass:$cl_rsa_pass -subj $subj > $cl_rsa_csr.log 2>&1
985 check_exit_status $? 985 check_exit_status $?
986 986
987 start_message "req ... generate private key and csr for user2" 987 start_message "req ... generate private key and csr for user2"
988 988
989 cl_ecdsa_key=$user1_dir/cl_ecdsa_key.pem 989 cl_ecdsa_key=$user1_dir/cl_ecdsa_key.pem
990 cl_ecdsa_csr=$user1_dir/cl_ecdsa_csr.pem 990 cl_ecdsa_csr=$user1_dir/cl_ecdsa_csr.pem
991 cl_ecdsa_pass=test-user1-pass 991 cl_ecdsa_pass=test-user1-pass
992 992
993 if [ $mingw = 0 ] ; then 993 if [ $mingw = 0 ] ; then
994 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user2.test-dummy.com/' 994 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user2.test-dummy.com/'
995 else 995 else
996 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user2.test-dummy.com\' 996 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user2.test-dummy.com\'
997 fi 997 fi
998 998
999 $openssl_bin ecparam -name prime256v1 -genkey -out $cl_ecdsa_key 999 $openssl_bin ecparam -name prime256v1 -genkey -out $cl_ecdsa_key
1000 check_exit_status $? 1000 check_exit_status $?
1001 1001
@@ -1003,19 +1003,19 @@ __EOF__
1003 -key $cl_ecdsa_key -keyform pem -passin pass:$cl_ecdsa_pass \ 1003 -key $cl_ecdsa_key -keyform pem -passin pass:$cl_ecdsa_pass \
1004 -out $cl_ecdsa_csr -outform pem 1004 -out $cl_ecdsa_csr -outform pem
1005 check_exit_status $? 1005 check_exit_status $?
1006 1006
1007 start_message "req ... generate private key and csr for user3" 1007 start_message "req ... generate private key and csr for user3"
1008 1008
1009 cl_gost_key=$user1_dir/cl_gost_key.pem 1009 cl_gost_key=$user1_dir/cl_gost_key.pem
1010 cl_gost_csr=$user1_dir/cl_gost_csr.pem 1010 cl_gost_csr=$user1_dir/cl_gost_csr.pem
1011 cl_gost_pass=test-user1-pass 1011 cl_gost_pass=test-user1-pass
1012 1012
1013 if [ $mingw = 0 ] ; then 1013 if [ $mingw = 0 ] ; then
1014 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user3.test-dummy.com/' 1014 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user3.test-dummy.com/'
1015 else 1015 else
1016 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user3.test-dummy.com\' 1016 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user3.test-dummy.com\'
1017 fi 1017 fi
1018 1018
1019 $openssl_bin genpkey -algorithm GOST2001 -pkeyopt paramset:A \ 1019 $openssl_bin genpkey -algorithm GOST2001 -pkeyopt paramset:A \
1020 -pkeyopt dgst:streebog512 -out $cl_gost_key 1020 -pkeyopt dgst:streebog512 -out $cl_gost_key
1021 check_exit_status $? 1021 check_exit_status $?
@@ -1024,28 +1024,28 @@ __EOF__
1024 -key $cl_gost_key -keyform pem -passin pass:$cl_gost_pass \ 1024 -key $cl_gost_key -keyform pem -passin pass:$cl_gost_pass \
1025 -out $cl_gost_csr -outform pem 1025 -out $cl_gost_csr -outform pem
1026 check_exit_status $? 1026 check_exit_status $?
1027 1027
1028 #---------#---------#---------#---------#---------#---------#--------- 1028 #---------#---------#---------#---------#---------#---------#---------
1029 1029
1030 # --- CA operations (issue cert for user1) --- 1030 # --- CA operations (issue cert for user1) ---
1031 section_message "CA operations (issue cert for user1)" 1031 section_message "CA operations (issue cert for user1)"
1032 1032
1033 start_message "ca ... issue cert for user1" 1033 start_message "ca ... issue cert for user1"
1034 1034
1035 cl_rsa_cert=$user1_dir/cl_rsa_cert.pem 1035 cl_rsa_cert=$user1_dir/cl_rsa_cert.pem
1036 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 1036 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
1037 -in $cl_rsa_csr -out $cl_rsa_cert > $cl_rsa_cert.log 2>&1 1037 -in $cl_rsa_csr -out $cl_rsa_cert > $cl_rsa_cert.log 2>&1
1038 check_exit_status $? 1038 check_exit_status $?
1039 1039
1040 start_message "ca ... issue cert for user2" 1040 start_message "ca ... issue cert for user2"
1041 1041
1042 cl_ecdsa_cert=$user1_dir/cl_ecdsa_cert.pem 1042 cl_ecdsa_cert=$user1_dir/cl_ecdsa_cert.pem
1043 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 1043 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
1044 -in $cl_ecdsa_csr -out $cl_ecdsa_cert > $cl_ecdsa_cert.log 2>&1 1044 -in $cl_ecdsa_csr -out $cl_ecdsa_cert > $cl_ecdsa_cert.log 2>&1
1045 check_exit_status $? 1045 check_exit_status $?
1046 1046
1047 start_message "ca ... issue cert for user3" 1047 start_message "ca ... issue cert for user3"
1048 1048
1049 cl_gost_cert=$user1_dir/cl_gost_cert.pem 1049 cl_gost_cert=$user1_dir/cl_gost_cert.pem
1050 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ 1050 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
1051 -in $cl_gost_csr -out $cl_gost_cert > $cl_gost_cert.log 2>&1 1051 -in $cl_gost_csr -out $cl_gost_cert > $cl_gost_cert.log 2>&1
@@ -1055,7 +1055,7 @@ __EOF__
1055function test_tsa { 1055function test_tsa {
1056 # --- TSA operations --- 1056 # --- TSA operations ---
1057 section_message "TSA operations" 1057 section_message "TSA operations"
1058 1058
1059 tsa_dat=$user1_dir/tsa.dat 1059 tsa_dat=$user1_dir/tsa.dat
1060 cat << __EOF__ > $tsa_dat 1060 cat << __EOF__ > $tsa_dat
1061Hello Bob, 1061Hello Bob,
@@ -1065,31 +1065,31 @@ __EOF__
1065 1065
1066 # Query 1066 # Query
1067 start_message "ts ... create time stamp request" 1067 start_message "ts ... create time stamp request"
1068 1068
1069 tsa_tsq=$user1_dir/tsa.tsq 1069 tsa_tsq=$user1_dir/tsa.tsq
1070 1070
1071 $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq 1071 $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq
1072 check_exit_status $? 1072 check_exit_status $?
1073 1073
1074 start_message "ts ... print time stamp request" 1074 start_message "ts ... print time stamp request"
1075 1075
1076 $openssl_bin ts -query -in $tsa_tsq -text -out $tsa_tsq.log 1076 $openssl_bin ts -query -in $tsa_tsq -text -out $tsa_tsq.log
1077 check_exit_status $? 1077 check_exit_status $?
1078 1078
1079 # Reply 1079 # Reply
1080 start_message "ts ... create time stamp response for a request" 1080 start_message "ts ... create time stamp response for a request"
1081 1081
1082 tsa_tsr=$user1_dir/tsa.tsr 1082 tsa_tsr=$user1_dir/tsa.tsr
1083 1083
1084 $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \ 1084 $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \
1085 -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \ 1085 -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \
1086 -config $ssldir/openssl.cnf -section tsa_config1 -cert \ 1086 -config $ssldir/openssl.cnf -section tsa_config1 -cert \
1087 -policy 1.3.6.1.4.1.4146.2.3 -out $tsa_tsr 1087 -policy 1.3.6.1.4.1.4146.2.3 -out $tsa_tsr
1088 check_exit_status $? 1088 check_exit_status $?
1089 1089
1090 # Verify 1090 # Verify
1091 start_message "ts ... verify time stamp response" 1091 start_message "ts ... verify time stamp response"
1092 1092
1093 $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \ 1093 $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \
1094 -CAfile $ca_cert -untrusted $tsa_cert 1094 -CAfile $ca_cert -untrusted $tsa_cert
1095 check_exit_status $? 1095 check_exit_status $?
@@ -1098,7 +1098,7 @@ __EOF__
1098function test_cms { 1098function test_cms {
1099 # --- CMS operations --- 1099 # --- CMS operations ---
1100 section_message "CMS operations" 1100 section_message "CMS operations"
1101 1101
1102 cms_txt=$user1_dir/cms.txt 1102 cms_txt=$user1_dir/cms.txt
1103 cms_sig=$user1_dir/cms.sig 1103 cms_sig=$user1_dir/cms.sig
1104 cms_enc=$user1_dir/cms.enc 1104 cms_enc=$user1_dir/cms.enc
@@ -1115,16 +1115,16 @@ function test_cms {
1115 cms_srp=$user1_dir/cms.srp 1115 cms_srp=$user1_dir/cms.srp
1116 cms_pwe=$user1_dir/cms.pwe 1116 cms_pwe=$user1_dir/cms.pwe
1117 cms_pwd=$user1_dir/cms.pwd 1117 cms_pwd=$user1_dir/cms.pwd
1118 1118
1119 cat << __EOF__ > $cms_txt 1119 cat << __EOF__ > $cms_txt
1120Hello Bob, 1120Hello Bob,
1121Sincerely yours 1121Sincerely yours
1122Alice 1122Alice
1123__EOF__ 1123__EOF__
1124 1124
1125 # sign 1125 # sign
1126 start_message "cms ... sign to message" 1126 start_message "cms ... sign to message"
1127 1127
1128 $openssl_bin cms -sign -in $cms_txt -text \ 1128 $openssl_bin cms -sign -in $cms_txt -text \
1129 -out $cms_sig -outform smime \ 1129 -out $cms_sig -outform smime \
1130 -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \ 1130 -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \
@@ -1135,7 +1135,7 @@ __EOF__
1135 -receipt_request_from server@test-dummy.com \ 1135 -receipt_request_from server@test-dummy.com \
1136 -receipt_request_to user1@test-dummy.com 1136 -receipt_request_to user1@test-dummy.com
1137 check_exit_status $? 1137 check_exit_status $?
1138 1138
1139 # encrypt 1139 # encrypt
1140 start_message "cms ... encrypt message" 1140 start_message "cms ... encrypt message"
1141 1141
@@ -1153,7 +1153,7 @@ __EOF__
1153 1153
1154 # verify 1154 # verify
1155 start_message "cms ... verify message" 1155 start_message "cms ... verify message"
1156 1156
1157 $openssl_bin cms -verify -in $cms_dec \ 1157 $openssl_bin cms -verify -in $cms_dec \
1158 -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \ 1158 -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \
1159 -check_ss_sig -issuer_checks -policy_check -x509_strict \ 1159 -check_ss_sig -issuer_checks -policy_check -x509_strict \
@@ -1166,31 +1166,31 @@ __EOF__
1166 1166
1167 # cmsout 1167 # cmsout
1168 start_message "cms ... cmsout" 1168 start_message "cms ... cmsout"
1169 1169
1170 $openssl_bin cms -cmsout -in $cms_enc -print -out $cms_out 1170 $openssl_bin cms -cmsout -in $cms_enc -print -out $cms_out
1171 check_exit_status $? 1171 check_exit_status $?
1172 1172
1173 # data_create 1173 # data_create
1174 start_message "cms ... data_create" 1174 start_message "cms ... data_create"
1175 1175
1176 $openssl_bin cms -data_create -in $cms_enc -out $cms_dct 1176 $openssl_bin cms -data_create -in $cms_enc -out $cms_dct
1177 check_exit_status $? 1177 check_exit_status $?
1178 1178
1179 # data_out 1179 # data_out
1180 start_message "cms ... data_out" 1180 start_message "cms ... data_out"
1181 1181
1182 $openssl_bin cms -data_out -in $cms_dct -out $cms_dot 1182 $openssl_bin cms -data_out -in $cms_dct -out $cms_dot
1183 check_exit_status $? 1183 check_exit_status $?
1184 1184
1185 # digest_create 1185 # digest_create
1186 start_message "cms ... digest_create" 1186 start_message "cms ... digest_create"
1187 1187
1188 $openssl_bin cms -digest_create -in $cms_txt -md sha256 -out $cms_dgc 1188 $openssl_bin cms -digest_create -in $cms_txt -md sha256 -out $cms_dgc
1189 check_exit_status $? 1189 check_exit_status $?
1190 1190
1191 # digest_verify 1191 # digest_verify
1192 start_message "cms ... digest_verify" 1192 start_message "cms ... digest_verify"
1193 1193
1194 $openssl_bin cms -digest_verify -in $cms_dgc -md sha256 -out $cms_dgv 1194 $openssl_bin cms -digest_verify -in $cms_dgc -md sha256 -out $cms_dgv
1195 check_exit_status $? 1195 check_exit_status $?
1196 1196
@@ -1203,14 +1203,14 @@ __EOF__
1203 1203
1204 # EncryptedData_encrypt 1204 # EncryptedData_encrypt
1205 start_message "cms ... EncryptedData_encrypt" 1205 start_message "cms ... EncryptedData_encrypt"
1206 1206
1207 $openssl_bin cms -EncryptedData_encrypt -in $cms_sig -out $cms_ede \ 1207 $openssl_bin cms -EncryptedData_encrypt -in $cms_sig -out $cms_ede \
1208 -aes128 -secretkey 00112233445566778899aabbccddeeff 1208 -aes128 -secretkey 00112233445566778899aabbccddeeff
1209 check_exit_status $? 1209 check_exit_status $?
1210 1210
1211 # EncryptedData_decrypt 1211 # EncryptedData_decrypt
1212 start_message "cms ... EncryptedData_decrypt" 1212 start_message "cms ... EncryptedData_decrypt"
1213 1213
1214 $openssl_bin cms -EncryptedData_decrypt -in $cms_ede -out $cms_edd \ 1214 $openssl_bin cms -EncryptedData_decrypt -in $cms_ede -out $cms_edd \
1215 -aes128 -secretkey 00112233445566778899aabbccddeeff 1215 -aes128 -secretkey 00112233445566778899aabbccddeeff
1216 check_exit_status $? 1216 check_exit_status $?
@@ -1220,7 +1220,7 @@ __EOF__
1220 1220
1221 # sign_receipt 1221 # sign_receipt
1222 start_message "cms ... sign to receipt" 1222 start_message "cms ... sign to receipt"
1223 1223
1224 $openssl_bin cms -sign_receipt -in $cms_sig -out $cms_srp \ 1224 $openssl_bin cms -sign_receipt -in $cms_sig -out $cms_srp \
1225 -signer $sv_rsa_cert -inkey $sv_rsa_key \ 1225 -signer $sv_rsa_cert -inkey $sv_rsa_key \
1226 -passin pass:$sv_rsa_pass -md sha256 1226 -passin pass:$sv_rsa_pass -md sha256
@@ -1228,11 +1228,11 @@ __EOF__
1228 1228
1229 # verify_receipt 1229 # verify_receipt
1230 start_message "cms ... verify receipt" 1230 start_message "cms ... verify receipt"
1231 1231
1232 $openssl_bin cms -verify_receipt $cms_srp -rctform smime -in $cms_sig \ 1232 $openssl_bin cms -verify_receipt $cms_srp -rctform smime -in $cms_sig \
1233 -CAfile $ca_cert -certfile $sv_rsa_cert 1233 -CAfile $ca_cert -certfile $sv_rsa_cert
1234 check_exit_status $? 1234 check_exit_status $?
1235 1235
1236 # encrypt with pwri 1236 # encrypt with pwri
1237 start_message "cms ... encrypt with pwri" 1237 start_message "cms ... encrypt with pwri"
1238 1238
@@ -1254,7 +1254,7 @@ __EOF__
1254function test_smime { 1254function test_smime {
1255 # --- S/MIME operations --- 1255 # --- S/MIME operations ---
1256 section_message "S/MIME operations" 1256 section_message "S/MIME operations"
1257 1257
1258 smime_txt=$user1_dir/smime.txt 1258 smime_txt=$user1_dir/smime.txt
1259 smime_enc=$user1_dir/smime.enc 1259 smime_enc=$user1_dir/smime.enc
1260 smime_sig=$user1_dir/smime.sig 1260 smime_sig=$user1_dir/smime.sig
@@ -1262,13 +1262,13 @@ function test_smime {
1262 smime_sgr=$user1_dir/smime.sgr 1262 smime_sgr=$user1_dir/smime.sgr
1263 smime_ver=$user1_dir/smime.ver 1263 smime_ver=$user1_dir/smime.ver
1264 smime_dec=$user1_dir/smime.dec 1264 smime_dec=$user1_dir/smime.dec
1265 1265
1266 cat << __EOF__ > $smime_txt 1266 cat << __EOF__ > $smime_txt
1267Hello Bob, 1267Hello Bob,
1268Sincerely yours 1268Sincerely yours
1269Alice 1269Alice
1270__EOF__ 1270__EOF__
1271 1271
1272 # encrypt 1272 # encrypt
1273 start_message "smime ... encrypt message" 1273 start_message "smime ... encrypt message"
1274 1274
@@ -1278,7 +1278,7 @@ __EOF__
1278 1278
1279 # sign 1279 # sign
1280 start_message "smime ... sign to message" 1280 start_message "smime ... sign to message"
1281 1281
1282 $openssl_bin smime -sign -in $smime_enc -text -inform smime \ 1282 $openssl_bin smime -sign -in $smime_enc -text -inform smime \
1283 -out $smime_sig -outform smime \ 1283 -out $smime_sig -outform smime \
1284 -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \ 1284 -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \
@@ -1286,7 +1286,7 @@ __EOF__
1286 -from user1@test-dummy.com -to server@test-dummy.com \ 1286 -from user1@test-dummy.com -to server@test-dummy.com \
1287 -subject "test openssl smime" 1287 -subject "test openssl smime"
1288 check_exit_status $? 1288 check_exit_status $?
1289 1289
1290 # pk7out 1290 # pk7out
1291 start_message "smime ... pk7out from message" 1291 start_message "smime ... pk7out from message"
1292 1292
@@ -1295,7 +1295,7 @@ __EOF__
1295 1295
1296 # verify 1296 # verify
1297 start_message "smime ... verify message" 1297 start_message "smime ... verify message"
1298 1298
1299 $openssl_bin smime -verify -in $smime_sig \ 1299 $openssl_bin smime -verify -in $smime_sig \
1300 -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \ 1300 -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \
1301 -check_ss_sig -issuer_checks -policy_check -x509_strict \ 1301 -check_ss_sig -issuer_checks -policy_check -x509_strict \
@@ -1316,7 +1316,7 @@ __EOF__
1316function test_ocsp { 1316function test_ocsp {
1317 # --- OCSP operations --- 1317 # --- OCSP operations ---
1318 section_message "OCSP operations" 1318 section_message "OCSP operations"
1319 1319
1320 # get key without pass 1320 # get key without pass
1321 cl_rsa_key_nopass=$user1_dir/cl_rsa_key_nopass.pem 1321 cl_rsa_key_nopass=$user1_dir/cl_rsa_key_nopass.pem
1322 $openssl_bin pkey -in $cl_rsa_key -passin pass:$cl_rsa_pass \ 1322 $openssl_bin pkey -in $cl_rsa_key -passin pass:$cl_rsa_pass \
@@ -1325,7 +1325,7 @@ function test_ocsp {
1325 1325
1326 # request 1326 # request
1327 start_message "ocsp ... create OCSP request" 1327 start_message "ocsp ... create OCSP request"
1328 1328
1329 ocsp_req=$user1_dir/ocsp_req.der 1329 ocsp_req=$user1_dir/ocsp_req.der
1330 $openssl_bin ocsp -issuer $ca_cert -cert $sv_rsa_cert \ 1330 $openssl_bin ocsp -issuer $ca_cert -cert $sv_rsa_cert \
1331 -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \ 1331 -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \
@@ -1333,10 +1333,10 @@ function test_ocsp {
1333 -sign_other $cl_rsa_cert -sha256 \ 1333 -sign_other $cl_rsa_cert -sha256 \
1334 -reqout $ocsp_req -req_text -out $ocsp_req.out 1334 -reqout $ocsp_req -req_text -out $ocsp_req.out
1335 check_exit_status $? 1335 check_exit_status $?
1336 1336
1337 # response 1337 # response
1338 start_message "ocsp ... create OCPS response for a request" 1338 start_message "ocsp ... create OCPS response for a request"
1339 1339
1340 ocsp_res=$user1_dir/ocsp_res.der 1340 ocsp_res=$user1_dir/ocsp_res.der
1341 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ 1341 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
1342 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ 1342 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
@@ -1344,12 +1344,12 @@ function test_ocsp {
1344 -nmin 60 -validity_period 300 -status_age 300 \ 1344 -nmin 60 -validity_period 300 -status_age 300 \
1345 -respout $ocsp_res -resp_text -out $ocsp_res.out 1345 -respout $ocsp_res -resp_text -out $ocsp_res.out
1346 check_exit_status $? 1346 check_exit_status $?
1347 1347
1348 # ocsp server 1348 # ocsp server
1349 start_message "ocsp ... start OCSP server in background" 1349 start_message "ocsp ... start OCSP server in background"
1350 1350
1351 ocsp_port=8888 1351 ocsp_port=8888
1352 1352
1353 ocsp_svr_log=$user1_dir/ocsp_svr.log 1353 ocsp_svr_log=$user1_dir/ocsp_svr.log
1354 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \ 1354 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
1355 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \ 1355 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
@@ -1359,10 +1359,10 @@ function test_ocsp {
1359 ocsp_svr_pid=$! 1359 ocsp_svr_pid=$!
1360 echo "ocsp server pid = [ $ocsp_svr_pid ]" 1360 echo "ocsp server pid = [ $ocsp_svr_pid ]"
1361 sleep 1 1361 sleep 1
1362 1362
1363 # send query to ocsp server 1363 # send query to ocsp server
1364 start_message "ocsp ... send OCSP request to server" 1364 start_message "ocsp ... send OCSP request to server"
1365 1365
1366 ocsp_qry=$user1_dir/ocsp_qry.der 1366 ocsp_qry=$user1_dir/ocsp_qry.der
1367 $openssl_bin ocsp -issuer $ca_cert -cert $sv_rsa_cert \ 1367 $openssl_bin ocsp -issuer $ca_cert -cert $sv_rsa_cert \
1368 -cert $revoke_cert -CAfile $ca_cert -no_nonce \ 1368 -cert $revoke_cert -CAfile $ca_cert -no_nonce \
@@ -1384,24 +1384,24 @@ function test_ocsp {
1384function test_pkcs { 1384function test_pkcs {
1385 # --- PKCS operations --- 1385 # --- PKCS operations ---
1386 section_message "PKCS operations" 1386 section_message "PKCS operations"
1387 1387
1388 pkcs_pass=test-pkcs-pass 1388 pkcs_pass=test-pkcs-pass
1389 1389
1390 start_message "pkcs7 ... output certs in crl(pkcs7)" 1390 start_message "pkcs7 ... output certs in crl(pkcs7)"
1391 $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out 1391 $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out
1392 check_exit_status $? 1392 check_exit_status $?
1393 1393
1394 start_message "pkcs8 ... convert key to pkcs8" 1394 start_message "pkcs8 ... convert key to pkcs8"
1395 $openssl_bin pkcs8 -in $cl_rsa_key -topk8 -out $cl_rsa_key.p8 \ 1395 $openssl_bin pkcs8 -in $cl_rsa_key -topk8 -out $cl_rsa_key.p8 \
1396 -passin pass:$cl_rsa_pass -passout pass:$cl_rsa_pass \ 1396 -passin pass:$cl_rsa_pass -passout pass:$cl_rsa_pass \
1397 -v1 pbeWithSHA1AndDES-CBC -v2 des3 1397 -v1 pbeWithSHA1AndDES-CBC -v2 des3
1398 check_exit_status $? 1398 check_exit_status $?
1399 1399
1400 start_message "pkcs8 ... convert pkcs8 to key in DER format" 1400 start_message "pkcs8 ... convert pkcs8 to key in DER format"
1401 $openssl_bin pkcs8 -in $cl_rsa_key.p8 -passin pass:$cl_rsa_pass \ 1401 $openssl_bin pkcs8 -in $cl_rsa_key.p8 -passin pass:$cl_rsa_pass \
1402 -outform DER -out $cl_rsa_key.p8.der 1402 -outform DER -out $cl_rsa_key.p8.der
1403 check_exit_status $? 1403 check_exit_status $?
1404 1404
1405 start_message "pkcs12 ... create" 1405 start_message "pkcs12 ... create"
1406 $openssl_bin pkcs12 -export -in $sv_rsa_cert -inkey $sv_rsa_key \ 1406 $openssl_bin pkcs12 -export -in $sv_rsa_cert -inkey $sv_rsa_key \
1407 -passin pass:$sv_rsa_pass -certfile $ca_cert -CAfile $ca_cert \ 1407 -passin pass:$sv_rsa_pass -certfile $ca_cert -CAfile $ca_cert \
@@ -1411,12 +1411,12 @@ function test_pkcs {
1411 -CSP "csp_server_p12" -LMK -keyex \ 1411 -CSP "csp_server_p12" -LMK -keyex \
1412 -passout pass:$pkcs_pass -out $sv_rsa_cert.p12 1412 -passout pass:$pkcs_pass -out $sv_rsa_cert.p12
1413 check_exit_status $? 1413 check_exit_status $?
1414 1414
1415 start_message "pkcs12 ... verify" 1415 start_message "pkcs12 ... verify"
1416 $openssl_bin pkcs12 -in $sv_rsa_cert.p12 -passin pass:$pkcs_pass -info \ 1416 $openssl_bin pkcs12 -in $sv_rsa_cert.p12 -passin pass:$pkcs_pass -info \
1417 -noout > $sv_rsa_cert.p12.log 2>&1 1417 -noout > $sv_rsa_cert.p12.log 2>&1
1418 check_exit_status $? 1418 check_exit_status $?
1419 1419
1420 start_message "pkcs12 ... private key to PEM without encryption" 1420 start_message "pkcs12 ... private key to PEM without encryption"
1421 $openssl_bin pkcs12 -in $sv_rsa_cert.p12 -password pass:$pkcs_pass \ 1421 $openssl_bin pkcs12 -in $sv_rsa_cert.p12 -password pass:$pkcs_pass \
1422 -nocerts -nomacver -nodes -out $sv_rsa_cert.p12.pem 1422 -nocerts -nomacver -nodes -out $sv_rsa_cert.p12.pem
@@ -1440,14 +1440,14 @@ function test_sc_by_protocol_version {
1440 fi 1440 fi
1441 1441
1442 s_client_out=$user1_dir/s_client_${sc}_${ver}.out 1442 s_client_out=$user1_dir/s_client_${sc}_${ver}.out
1443 1443
1444 start_message "s_client ... connect to TLS/SSL test server by $ver" 1444 start_message "s_client ... connect to TLS/SSL test server by $ver"
1445 sleep $test_pause_sec 1445 sleep $test_pause_sec
1446 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1446 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1447 -$ver $groups_and_cipher \ 1447 -$ver $groups_and_cipher \
1448 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1448 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1449 check_exit_status $? 1449 check_exit_status $?
1450 1450
1451 # check downgrade bits in SH 1451 # check downgrade bits in SH
1452 if [ $ver = "tls1" -o $ver = "tls1_1" ] ; then 1452 if [ $ver = "tls1" -o $ver = "tls1_1" ] ; then
1453 perl -0ne \ 1453 perl -0ne \
@@ -1480,13 +1480,13 @@ function test_sc_by_protocol_version {
1480 check_exit_status $? 1480 check_exit_status $?
1481 fi 1481 fi
1482 1482
1483 # OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until 1483 # OpenSSL1.1.1 with TLSv1.3 does not call SSL_SESSION_print() until
1484 # NewSessionTicket arrival 1484 # NewSessionTicket arrival
1485 if ! [ $cid = "1" -a $ver = "tls1_3" ] ; then 1485 if ! [ $cid = "1" -a $ver = "tls1_3" ] ; then
1486 grep "$msg" $s_client_out > /dev/null 1486 grep "$msg" $s_client_out > /dev/null
1487 check_exit_status $? 1487 check_exit_status $?
1488 fi 1488 fi
1489 1489
1490 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1490 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1491 check_exit_status $? 1491 check_exit_status $?
1492} 1492}
@@ -1548,17 +1548,17 @@ function test_sc_all_cipher {
1548 cnum=`expr $cnum + 1` 1548 cnum=`expr $cnum + 1`
1549 cnstr=`printf %03d $cnum` 1549 cnstr=`printf %03d $cnum`
1550 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_${cnstr}_${c}.out 1550 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_${cnstr}_${c}.out
1551 1551
1552 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $ver $c" 1552 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $ver $c"
1553 sleep $test_pause_sec 1553 sleep $test_pause_sec
1554 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1554 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1555 -$ver -$copt $c \ 1555 -$ver -$copt $c \
1556 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1556 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1557 check_exit_status $? 1557 check_exit_status $?
1558 1558
1559 grep "Cipher is $c" $s_client_out > /dev/null 1559 grep "Cipher is $c" $s_client_out > /dev/null
1560 check_exit_status $? 1560 check_exit_status $?
1561 1561
1562 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1562 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1563 check_exit_status $? 1563 check_exit_status $?
1564 done 1564 done
@@ -1575,36 +1575,36 @@ function test_sc_session_reuse {
1575 sess_dat=$user1_dir/s_client_${sc}_${ver}_sess.dat 1575 sess_dat=$user1_dir/s_client_${sc}_${ver}_sess.dat
1576 1576
1577 # Get session ticket to reuse 1577 # Get session ticket to reuse
1578 1578
1579 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_1.out 1579 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_1.out
1580 1580
1581 start_message "s_client ... connect to TLS/SSL test server to get session id $ver" 1581 start_message "s_client ... connect to TLS/SSL test server to get session id $ver"
1582 sleep $test_pause_sec 1582 sleep $test_pause_sec
1583 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1583 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1584 -$ver -alpn "spdy/3,http/1.1" -sess_out $sess_dat \ 1584 -$ver -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
1585 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1585 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1586 check_exit_status $? 1586 check_exit_status $?
1587 1587
1588 grep '^New, TLS.*$' $s_client_out > /dev/null 1588 grep '^New, TLS.*$' $s_client_out > /dev/null
1589 check_exit_status $? 1589 check_exit_status $?
1590 1590
1591 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1591 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1592 check_exit_status $? 1592 check_exit_status $?
1593 1593
1594 # Reuse session ticket 1594 # Reuse session ticket
1595 1595
1596 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_2.out 1596 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_reuse_2.out
1597 1597
1598 start_message "s_client ... connect to TLS/SSL test server reusing session id $ver" 1598 start_message "s_client ... connect to TLS/SSL test server reusing session id $ver"
1599 sleep $test_pause_sec 1599 sleep $test_pause_sec
1600 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1600 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1601 -$ver -sess_in $sess_dat \ 1601 -$ver -sess_in $sess_dat \
1602 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1602 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1603 check_exit_status $? 1603 check_exit_status $?
1604 1604
1605 grep '^Reused, TLS.*$' $s_client_out > /dev/null 1605 grep '^Reused, TLS.*$' $s_client_out > /dev/null
1606 check_exit_status $? 1606 check_exit_status $?
1607 1607
1608 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null 1608 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1609 check_exit_status $? 1609 check_exit_status $?
1610 1610
@@ -1624,9 +1624,9 @@ function test_sc_verify {
1624 fi 1624 fi
1625 1625
1626 # invalid verification pattern 1626 # invalid verification pattern
1627 1627
1628 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_invalid.out 1628 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_invalid.out
1629 1629
1630 start_message "s_client ... connect to tls/ssl test server but verify error $ver" 1630 start_message "s_client ... connect to tls/ssl test server but verify error $ver"
1631 sleep $test_pause_sec 1631 sleep $test_pause_sec
1632 $c_bin s_client -connect $host:$port -CAfile $ca_cert \ 1632 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
@@ -1634,7 +1634,7 @@ function test_sc_verify {
1634 -status -servername xyz \ 1634 -status -servername xyz \
1635 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 1635 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1636 check_exit_status $? 1636 check_exit_status $?
1637 1637
1638 grep 'verify return code: 0 (ok)' $s_client_out > /dev/null 1638 grep 'verify return code: 0 (ok)' $s_client_out > /dev/null
1639 if [ $? -eq 0 ] ; then 1639 if [ $? -eq 0 ] ; then
1640 check_exit_status 1 1640 check_exit_status 1
@@ -1643,9 +1643,9 @@ function test_sc_verify {
1643 fi 1643 fi
1644 1644
1645 # client certificate pattern 1645 # client certificate pattern
1646 1646
1647 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_client_cert.out 1647 s_client_out=$user1_dir/s_client_${sc}_${ver}_tls_client_cert.out
1648 1648
1649 start_message "s_client ... connect to tls/ssl test server with client certificate $ver" 1649 start_message "s_client ... connect to tls/ssl test server with client certificate $ver"
1650 1650
1651 if [ $ecdsa_tests = 1 ] ; then 1651 if [ $ecdsa_tests = 1 ] ; then
@@ -1727,7 +1727,7 @@ function test_server_client {
1727 else 1727 else
1728 extra_opts="" 1728 extra_opts=""
1729 fi 1729 fi
1730 1730
1731 start_message "s_server ... start TLS/SSL test server" 1731 start_message "s_server ... start TLS/SSL test server"
1732 $s_bin s_server -accept $port -CAfile $ca_cert \ 1732 $s_bin s_server -accept $port -CAfile $ca_cert \
1733 -cert $crt -key $key -pass pass:$pwd \ 1733 -cert $crt -key $key -pass pass:$pwd \
@@ -1740,24 +1740,24 @@ function test_server_client {
1740 s_server_pid=$! 1740 s_server_pid=$!
1741 echo "s_server pid = [ $s_server_pid ]" 1741 echo "s_server pid = [ $s_server_pid ]"
1742 sleep 1 1742 sleep 1
1743 1743
1744 # test by protocol version 1744 # test by protocol version
1745 test_sc_by_protocol_version $sc tls1 'Protocol : TLSv1$' $c_id 1745 test_sc_by_protocol_version $sc tls1 'Protocol : TLSv1$' $c_id
1746 test_sc_by_protocol_version $sc tls1_1 'Protocol : TLSv1\.1$' $c_id 1746 test_sc_by_protocol_version $sc tls1_1 'Protocol : TLSv1\.1$' $c_id
1747 test_sc_by_protocol_version $sc tls1_2 'Protocol : TLSv1\.2$' $c_id 1747 test_sc_by_protocol_version $sc tls1_2 'Protocol : TLSv1\.2$' $c_id
1748 test_sc_by_protocol_version $sc tls1_3 'Protocol : TLSv1\.3$' $c_id 1748 test_sc_by_protocol_version $sc tls1_3 'Protocol : TLSv1\.3$' $c_id
1749 1749
1750 # all available ciphers with random order 1750 # all available ciphers with random order
1751 test_sc_all_cipher $sc tls1_2 1751 test_sc_all_cipher $sc tls1_2
1752 test_sc_all_cipher $sc tls1_3 1752 test_sc_all_cipher $sc tls1_3
1753 1753
1754 # session resumption 1754 # session resumption
1755 test_sc_session_reuse $sc tls1_2 1755 test_sc_session_reuse $sc tls1_2
1756 1756
1757 # invalid verification pattern 1757 # invalid verification pattern
1758 test_sc_verify $sc tls1_2 1758 test_sc_verify $sc tls1_2
1759 test_sc_verify $sc tls1_3 1759 test_sc_verify $sc tls1_3
1760 1760
1761 # s_time 1761 # s_time
1762 if [ $gost_tests != 1 ] ; then 1762 if [ $gost_tests != 1 ] ; then
1763 start_message "s_time ... connect to TLS/SSL test server" 1763 start_message "s_time ... connect to TLS/SSL test server"
@@ -1765,14 +1765,14 @@ function test_server_client {
1765 > $server_dir/s_time_${sc}.log 1765 > $server_dir/s_time_${sc}.log
1766 check_exit_status $? 1766 check_exit_status $?
1767 fi 1767 fi
1768 1768
1769 stop_s_server 1769 stop_s_server
1770} 1770}
1771 1771
1772function test_speed { 1772function test_speed {
1773 # === PERFORMANCE === 1773 # === PERFORMANCE ===
1774 section_message "PERFORMANCE" 1774 section_message "PERFORMANCE"
1775 1775
1776 if [ $no_long_tests = 0 ] ; then 1776 if [ $no_long_tests = 0 ] ; then
1777 start_message "speed" 1777 start_message "speed"
1778 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed 1778 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
@@ -1785,7 +1785,7 @@ function test_speed {
1785function test_version { 1785function test_version {
1786 # --- VERSION INFORMATION --- 1786 # --- VERSION INFORMATION ---
1787 section_message "VERSION INFORMATION" 1787 section_message "VERSION INFORMATION"
1788 1788
1789 start_message "version" 1789 start_message "version"
1790 $openssl_bin version -a 1790 $openssl_bin version -a
1791 check_exit_status $? 1791 check_exit_status $?
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:18:10 +0000