summaryrefslogtreecommitdiff
path: root/src/regress/usr.bin
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2018-11-07 01:08:50 +0000
committercvs2svn <admin@example.com>2018-11-07 01:08:50 +0000
commit2035faf3f8aa95b888d9416c3cc7328c0ea18beb (patch)
treef08a08d357c5d30455c569890f747c1d9b241316 /src/regress/usr.bin
parentbe03b61c1b8f59ccdd34dbe5f6c6b30de697d28b (diff)
downloadopenbsd-bluhm_20181106.tar.gz
openbsd-bluhm_20181106.tar.bz2
openbsd-bluhm_20181106.zip
This commit was manufactured by cvs2git to create tag 'bluhm_20181106'.bluhm_20181106
Diffstat (limited to 'src/regress/usr.bin')
-rw-r--r--src/regress/usr.bin/openssl/Makefile66
-rw-r--r--src/regress/usr.bin/openssl/README7
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh1237
-rw-r--r--src/regress/usr.bin/openssl/openssl.cnf27
-rw-r--r--src/regress/usr.bin/openssl/options/Makefile17
-rw-r--r--src/regress/usr.bin/openssl/options/optionstest.c380
-rw-r--r--src/regress/usr.bin/openssl/test_client.sh12
-rw-r--r--src/regress/usr.bin/openssl/test_server.sh10
-rw-r--r--src/regress/usr.bin/openssl/testdsa.sh30
-rw-r--r--src/regress/usr.bin/openssl/testenc.sh69
-rw-r--r--src/regress/usr.bin/openssl/testrsa.sh30
11 files changed, 0 insertions, 1885 deletions
diff --git a/src/regress/usr.bin/openssl/Makefile b/src/regress/usr.bin/openssl/Makefile
deleted file mode 100644
index 0ef7928ea4..0000000000
--- a/src/regress/usr.bin/openssl/Makefile
+++ /dev/null
@@ -1,66 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2018/03/19 03:41:40 beck Exp $
2
3SUBDIR= options
4
5CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem
6CLEANFILES+= appstest_dir
7
8REGRESS_TARGETS=ssl-enc ssl-dsa ssl-rsa appstest
9
10OPENSSL=/usr/bin/openssl
11CLEAR1=p
12CIPHER=cipher
13CLEAR2=clear
14LIBCRYPTO=-lcrypto
15
16${CLEAR1}: openssl.cnf
17 cat ${.CURDIR}/openssl.cnf > ${CLEAR1}
18
19CLEANFILES+=${CLEAR1}
20
21ENCTARGETS=aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8
22ENCTARGETS+=aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb
23ENCTARGETS+=aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
24ENCTARGETS+=aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8
25ENCTARGETS+=aes-256-ecb aes-256-ofb
26ENCTARGETS+=bf-cbc bf-cfb bf-ecb bf-ofb
27ENCTARGETS+=cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
28ENCTARGETS+=des-cbc des-cfb des-cfb8 des-ecb des-ede
29ENCTARGETS+=des-ede-cbc des-ede-cfb des-ede-ofb des-ede3
30ENCTARGETS+=des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc
31ENCTARGETS+=rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
32ENCTARGETS+=rc4 rc4-40
33
34.for ENC in ${ENCTARGETS}
35${CIPHER}.${ENC}: ${CLEAR1}
36 ${OPENSSL} enc -${ENC} -bufsize 113 -e -k test < ${CLEAR1} > ${CIPHER}.${ENC}
37${CIPHER}.${ENC}.b64: ${CLEAR1}
38 ${OPENSSL} enc -${ENC} -bufsize 113 -a -e -k test < ${CLEAR1} > ${CIPHER}.${ENC}.b64
39
40${CLEAR2}.${ENC}: ${CIPHER}.${ENC}
41 ${OPENSSL} enc -${ENC} -bufsize 157 -d -k test < ${CIPHER}.${ENC} > ${CLEAR2}.${ENC}
42${CLEAR2}.${ENC}.b64: ${CIPHER}.${ENC}.b64
43 ${OPENSSL} enc -${ENC} -bufsize 157 -a -d -k test < ${CIPHER}.${ENC}.b64 > ${CLEAR2}.${ENC}.b64
44
45ssl-enc-${ENC}: ${CLEAR1} ${CLEAR2}.${ENC}
46 cmp ${CLEAR1} ${CLEAR2}.${ENC}
47ssl-enc-${ENC}.b64: ${CLEAR1} ${CLEAR2}.${ENC}.b64
48 cmp ${CLEAR1} ${CLEAR2}.${ENC}.b64
49
50REGRESS_TARGETS+=ssl-enc-${ENC} ssl-enc-${ENC}.b64
51CLEANFILES+=${CIPHER}.${ENC} ${CIPHER}.${ENC}.b64 ${CLEAR2}.${ENC} ${CLEAR2}.${ENC}.b64
52.endfor
53
54ssl-enc:
55 env OPENSSL=${OPENSSL} sh ${.CURDIR}/testenc.sh ${.OBJDIR} ${.CURDIR}
56ssl-dsa:
57 env OPENSSL=${OPENSSL} sh ${.CURDIR}/testdsa.sh ${.OBJDIR} ${.CURDIR}
58ssl-rsa:
59 env OPENSSL=${OPENSSL} sh ${.CURDIR}/testrsa.sh ${.OBJDIR} ${.CURDIR}
60appstest:
61 env OPENSSL=${OPENSSL} sh ${.CURDIR}/appstest.sh -q
62
63clean:
64 rm -rf ${CLEANFILES}
65
66.include <bsd.regress.mk>
diff --git a/src/regress/usr.bin/openssl/README b/src/regress/usr.bin/openssl/README
deleted file mode 100644
index 2682d873e7..0000000000
--- a/src/regress/usr.bin/openssl/README
+++ /dev/null
@@ -1,7 +0,0 @@
1testenc.sh tests encryption routines
2testdsa.sh tests DSA certificate generation
3test_server.sh starts a tls1 server using the above generated certificate
4test_client.sh starts a client to talk to the server.
5testrsa.sh tests RSA certificate generation
6appstest.sh tests openssl command
7
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
deleted file mode 100755
index 788870fab1..0000000000
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ /dev/null
@@ -1,1237 +0,0 @@
1#!/bin/sh
2#
3# $OpenBSD: appstest.sh,v 1.15 2018/09/15 13:26:13 inoguchi Exp $
4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6#
7# Permission to use, copy, modify, and distribute this software for any
8# purpose with or without fee is hereby granted, provided that the above
9# copyright notice and this permission notice appear in all copies.
10#
11# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19#
20# appstest.sh - test script for openssl command according to man OPENSSL(1)
21#
22# input : none
23# output : all files generated by this script go under $ssldir
24#
25
26function section_message {
27 echo ""
28 echo "#---------#---------#---------#---------#---------#---------#---------#--------"
29 echo "==="
30 echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`"
31 echo "==="
32}
33
34function start_message {
35 echo ""
36 echo "[TEST] $1"
37}
38
39function stop_s_server {
40 if [ ! -z "$s_server_pid" ] ; then
41 echo ":-| stop s_server [ $s_server_pid ]"
42 sleep 1
43 kill -TERM $s_server_pid
44 wait $s_server_pid
45 s_server_pid=
46 fi
47}
48
49function check_exit_status {
50 status=$1
51 if [ $status -ne 0 ] ; then
52 stop_s_server
53 echo ":-< error occurs, exit status = [ $status ]"
54 exit $status
55 else
56 echo ":-) success. "
57 fi
58}
59
60function usage {
61 echo "usage: appstest.sh [-iq]"
62}
63
64function test_usage_lists_others {
65 # === COMMAND USAGE ===
66 section_message "COMMAND USAGE"
67
68 start_message "output usages of all commands."
69
70 cmds=`$openssl_bin list-standard-commands`
71 $openssl_bin -help 2>> $user1_dir/usages.out
72 for c in $cmds ; do
73 $openssl_bin $c -help 2>> $user1_dir/usages.out
74 done
75
76 start_message "check all list-* commands."
77
78 lists=""
79 lists="$lists list-standard-commands"
80 lists="$lists list-message-digest-commands list-message-digest-algorithms"
81 lists="$lists list-cipher-commands list-cipher-algorithms"
82 lists="$lists list-public-key-algorithms"
83
84 listsfile=$user1_dir/lists.out
85
86 for l in $lists ; do
87 echo "" >> $listsfile
88 echo "$l" >> $listsfile
89 $openssl_bin $l >> $listsfile
90 done
91
92 start_message "check interactive mode"
93 $openssl_bin <<__EOF__
94help
95quit
96__EOF__
97 check_exit_status $?
98
99 #---------#---------#---------#---------#---------#---------#---------
100
101 # --- listing operations ---
102 section_message "listing operations"
103
104 start_message "ciphers"
105 $openssl_bin ciphers -V
106 check_exit_status $?
107
108 start_message "errstr"
109 $openssl_bin errstr 2606A074
110 check_exit_status $?
111 $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out
112 check_exit_status $?
113
114 #---------#---------#---------#---------#---------#---------#---------
115
116 # --- random number etc. operations ---
117 section_message "random number etc. operations"
118
119 start_message "passwd"
120
121 pass="test-pass-1234"
122
123 echo $pass | $openssl_bin passwd -stdin -1
124 check_exit_status $?
125
126 echo $pass | $openssl_bin passwd -stdin -apr1
127 check_exit_status $?
128
129 echo $pass | $openssl_bin passwd -stdin -crypt
130 check_exit_status $?
131
132 start_message "prime"
133
134 $openssl_bin prime 1
135 check_exit_status $?
136
137 $openssl_bin prime 2
138 check_exit_status $?
139
140 $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5
141 check_exit_status $?
142
143 start_message "rand"
144
145 $openssl_bin rand -base64 100
146 check_exit_status $?
147
148 $openssl_bin rand -hex 100
149 check_exit_status $?
150}
151
152function test_md {
153 # === MESSAGE DIGEST COMMANDS ===
154 section_message "MESSAGE DIGEST COMMANDS"
155
156 start_message "dgst - See [MESSAGE DIGEST COMMANDS] section."
157
158 text="1234567890abcdefghijklmnopqrstuvwxyz"
159 dgstdat=$user1_dir/dgst.dat
160 echo $text > $dgstdat
161 hmac_key="test-hmac-key"
162 cmac_key="1234567890abcde1234567890abcde12"
163
164 digests=`$openssl_bin list-message-digest-commands`
165
166 for d in $digests ; do
167
168 echo -n "$d ... "
169 $openssl_bin dgst -$d -out $dgstdat.$d $dgstdat
170 check_exit_status $?
171
172 echo -n "$d HMAC ... "
173 $openssl_bin dgst -$d -hmac $hmac_key -out $dgstdat.$d.hmac \
174 $dgstdat
175 check_exit_status $?
176
177 echo -n "$d CMAC ... "
178 $openssl_bin dgst -$d -mac cmac -macopt cipher:aes-128-cbc \
179 -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat
180 check_exit_status $?
181 done
182}
183
184function test_encoding_cipher {
185 # === ENCODING AND CIPHER COMMANDS ===
186 section_message "ENCODING AND CIPHER COMMANDS"
187
188 start_message "enc - See [ENCODING AND CIPHER COMMANDS] section."
189
190 text="1234567890abcdefghijklmnopqrstuvwxyz"
191 encfile=$user1_dir/encfile.dat
192 echo $text > $encfile
193 pass="test-pass-1234"
194
195 ciphers=`$openssl_bin list-cipher-commands`
196
197 for c in $ciphers ; do
198 echo -n "$c ... encoding ... "
199 $openssl_bin enc -$c -e -base64 -pass pass:$pass \
200 -in $encfile -out $encfile-$c.enc
201 check_exit_status $?
202
203 echo -n "decoding ... "
204 $openssl_bin enc -$c -d -base64 -pass pass:$pass \
205 -in $encfile-$c.enc -out $encfile-$c.dec
206 check_exit_status $?
207
208 echo -n "cmp ... "
209 cmp $encfile $encfile-$c.dec
210 check_exit_status $?
211 done
212}
213
214function test_key {
215 # === various KEY operations ===
216 section_message "various KEY operations"
217
218 key_pass=test-key-pass
219
220 # DH
221
222 start_message "gendh - Obsoleted by dhparam."
223 gendh2=$key_dir/gendh2.pem
224 $openssl_bin gendh -2 -out $gendh2
225 check_exit_status $?
226
227 start_message "dh - Obsoleted by dhparam."
228 $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out
229 check_exit_status $?
230
231 if [ $no_long_tests = 0 ] ; then
232 start_message "dhparam - Superseded by genpkey and pkeyparam."
233 dhparam2=$key_dir/dhparam2.pem
234 $openssl_bin dhparam -2 -out $dhparam2
235 check_exit_status $?
236 $openssl_bin dhparam -in $dhparam2 -check -text \
237 -out $dhparam2.out
238 check_exit_status $?
239 else
240 start_message "SKIPPING dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
241 fi
242
243 # DSA
244
245 start_message "dsaparam - Superseded by genpkey and pkeyparam."
246 dsaparam512=$key_dir/dsaparam512.pem
247 $openssl_bin dsaparam -genkey -out $dsaparam512 512
248 check_exit_status $?
249
250 start_message "dsa"
251 $openssl_bin dsa -in $dsaparam512 -text -out $dsaparam512.out
252 check_exit_status $?
253
254 start_message "gendsa - Superseded by genpkey and pkey."
255 gendsa_des3=$key_dir/gendsa_des3.pem
256 $openssl_bin gendsa -des3 -out $gendsa_des3 \
257 -passout pass:$key_pass $dsaparam512
258 check_exit_status $?
259
260 # RSA
261
262 start_message "genrsa - Superseded by genpkey."
263 genrsa_aes256=$key_dir/genrsa_aes256.pem
264 $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \
265 -passout pass:$key_pass 2048
266 check_exit_status $?
267
268 start_message "rsa"
269 $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \
270 -check -text -out $genrsa_aes256.out
271 check_exit_status $?
272
273 start_message "rsautl - Superseded by pkeyutl."
274 rsautldat=$key_dir/rsautl.dat
275 rsautlsig=$key_dir/rsautl.sig
276 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat
277
278 $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \
279 -passin pass:$key_pass -out $rsautlsig
280 check_exit_status $?
281
282 $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \
283 -passin pass:$key_pass
284 check_exit_status $?
285
286 # EC
287
288 start_message "ecparam -list-curves"
289 $openssl_bin ecparam -list_curves
290 check_exit_status $?
291
292 # get all EC curves
293 ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1`
294
295 start_message "ecparam and ec"
296
297 for curve in $ec_curves ;
298 do
299 ecparam=$key_dir/ecparam_$curve.pem
300
301 echo -n "ec - $curve ... ecparam ... "
302 $openssl_bin ecparam -out $ecparam -name $curve -genkey \
303 -param_enc explicit -conv_form compressed -C
304 check_exit_status $?
305
306 echo -n "ec ... "
307 $openssl_bin ec -in $ecparam -text \
308 -out $ecparam.out 2> /dev/null
309 check_exit_status $?
310 done
311
312 # PKEY
313
314 start_message "genpkey"
315
316 # DH by GENPKEY
317
318 genpkey_dh_param=$key_dir/genpkey_dh_param.pem
319 $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \
320 -pkeyopt dh_paramgen_prime_len:1024
321 check_exit_status $?
322
323 genpkey_dh=$key_dir/genpkey_dh.pem
324 $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh
325 check_exit_status $?
326
327 # DSA by GENPKEY
328
329 genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem
330 $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \
331 -pkeyopt dsa_paramgen_bits:1024
332 check_exit_status $?
333
334 genpkey_dsa=$key_dir/genpkey_dsa.pem
335 $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa
336 check_exit_status $?
337
338 # RSA by GENPKEY
339
340 genpkey_rsa=$key_dir/genpkey_rsa.pem
341 $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \
342 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
343 check_exit_status $?
344
345 # EC by GENPKEY
346
347 genpkey_ec_param=$key_dir/genpkey_ec_param.pem
348 $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \
349 -pkeyopt ec_paramgen_curve:secp384r1
350 check_exit_status $?
351
352 genpkey_ec=$key_dir/genpkey_ec.pem
353 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec
354 check_exit_status $?
355
356 start_message "pkeyparam"
357
358 $openssl_bin pkeyparam -in $genpkey_dh_param -text \
359 -out $genpkey_dh_param.out
360 check_exit_status $?
361
362 $openssl_bin pkeyparam -in $genpkey_dsa_param -text \
363 -out $genpkey_dsa_param.out
364 check_exit_status $?
365
366 $openssl_bin pkeyparam -in $genpkey_ec_param -text \
367 -out $genpkey_ec_param.out
368 check_exit_status $?
369
370 start_message "pkey"
371
372 $openssl_bin pkey -in $genpkey_dh -text -out $genpkey_dh.out
373 check_exit_status $?
374
375 $openssl_bin pkey -in $genpkey_dsa -text -out $genpkey_dsa.out
376 check_exit_status $?
377
378 $openssl_bin pkey -in $genpkey_rsa -text -out $genpkey_rsa.out
379 check_exit_status $?
380
381 $openssl_bin pkey -in $genpkey_ec -text -out $genpkey_ec.out
382 check_exit_status $?
383
384 start_message "pkeyutl"
385
386 pkeyutldat=$key_dir/pkeyutl.dat
387 pkeyutlsig=$key_dir/pkeyutl.sig
388 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat
389
390 $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \
391 -out $pkeyutlsig
392 check_exit_status $?
393
394 $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \
395 -inkey $genpkey_rsa
396 check_exit_status $?
397
398 $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa
399 check_exit_status $?
400}
401
402function test_pki {
403 section_message "setup local CA"
404
405 #
406 # prepare test openssl.cnf
407 #
408
409 cat << __EOF__ > $ssldir/openssl.cnf
410oid_section = new_oids
411[ new_oids ]
412tsa_policy1 = 1.2.3.4.1
413tsa_policy2 = 1.2.3.4.5.6
414tsa_policy3 = 1.2.3.4.5.7
415[ ca ]
416default_ca = CA_default
417[ CA_default ]
418dir = ./$ca_dir
419crl_dir = \$dir/crl
420database = \$dir/index.txt
421new_certs_dir = \$dir/newcerts
422serial = \$dir/serial
423crlnumber = \$dir/crlnumber
424default_days = 1
425default_md = default
426policy = policy_match
427[ policy_match ]
428countryName = match
429stateOrProvinceName = match
430organizationName = match
431organizationalUnitName = optional
432commonName = supplied
433emailAddress = optional
434[ req ]
435distinguished_name = req_distinguished_name
436[ req_distinguished_name ]
437countryName = Country Name
438countryName_default = JP
439countryName_min = 2
440countryName_max = 2
441stateOrProvinceName = State or Province Name
442stateOrProvinceName_default = Tokyo
443organizationName = Organization Name
444organizationName_default = TEST_DUMMY_COMPANY
445commonName = Common Name
446[ tsa ]
447default_tsa = tsa_config1
448[ tsa_config1 ]
449dir = ./$tsa_dir
450serial = \$dir/serial
451crypto_device = builtin
452digests = sha1, sha256, sha384, sha512
453default_policy = tsa_policy1
454other_policies = tsa_policy2, tsa_policy3
455[ tsa_ext ]
456keyUsage = critical,nonRepudiation
457extendedKeyUsage = critical,timeStamping
458[ ocsp_ext ]
459basicConstraints = CA:FALSE
460keyUsage = nonRepudiation,digitalSignature,keyEncipherment
461extendedKeyUsage = OCSPSigning
462__EOF__
463
464 #---------#---------#---------#---------#---------#---------#---------
465
466 #
467 # setup test CA
468 #
469
470 mkdir -p $ca_dir
471 mkdir -p $tsa_dir
472 mkdir -p $ocsp_dir
473 mkdir -p $server_dir
474
475 mkdir -p $ca_dir/certs
476 mkdir -p $ca_dir/private
477 mkdir -p $ca_dir/crl
478 mkdir -p $ca_dir/newcerts
479 chmod 700 $ca_dir/private
480 echo "01" > $ca_dir/serial
481 touch $ca_dir/index.txt
482 touch $ca_dir/crlnumber
483 echo "01" > $ca_dir/crlnumber
484
485 #
486 # setup test TSA
487 #
488 mkdir -p $tsa_dir/private
489 chmod 700 $tsa_dir/private
490 echo "01" > $tsa_dir/serial
491 touch $tsa_dir/index.txt
492
493 #
494 # setup test OCSP
495 #
496 mkdir -p $ocsp_dir/private
497 chmod 700 $ocsp_dir/private
498
499 #---------#---------#---------#---------#---------#---------#---------
500
501 # --- CA initiate (generate CA key and cert) ---
502
503 start_message "req ... generate CA key and self signed cert"
504
505 ca_cert=$ca_dir/ca_cert.pem
506 ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass
507
508 if [ $mingw = 0 ] ; then
509 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/'
510 else
511 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
512 fi
513
514 $openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert \
515 -keyout $ca_key -days 1 -passout pass:$ca_pass -batch \
516 -subj $subj
517 check_exit_status $?
518
519 #---------#---------#---------#---------#---------#---------#---------
520
521 # --- TSA initiate (generate TSA key and cert) ---
522
523 start_message "req ... generate TSA key and cert"
524
525 # generate CSR for TSA
526
527 tsa_csr=$tsa_dir/tsa_csr.pem
528 tsa_key=$tsa_dir/private/tsa_key.pem
529 tsa_pass=test-tsa-pass
530
531 if [ $mingw = 0 ] ; then
532 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/'
533 else
534 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
535 fi
536
537 $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \
538 -passout pass:$tsa_pass -subj $subj
539 check_exit_status $?
540
541 start_message "ca ... sign by CA with TSA extensions"
542
543 tsa_cert=$tsa_dir/tsa_cert.pem
544
545 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
546 -in $tsa_csr -out $tsa_cert -extensions tsa_ext
547 check_exit_status $?
548
549 #---------#---------#---------#---------#---------#---------#---------
550
551 # --- OCSP initiate (generate OCSP key and cert) ---
552
553 start_message "req ... generate OCSP key and cert"
554
555 # generate CSR for OCSP
556
557 ocsp_csr=$ocsp_dir/ocsp_csr.pem
558 ocsp_key=$ocsp_dir/private/ocsp_key.pem
559
560 if [ $mingw = 0 ] ; then
561 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/'
562 else
563 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\'
564 fi
565
566 $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \
567 -subj $subj
568 check_exit_status $?
569
570 start_message "ca ... sign by CA with OCSP extensions"
571
572 ocsp_cert=$ocsp_dir/ocsp_cert.pem
573
574 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
575 -in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext
576 check_exit_status $?
577
578 #---------#---------#---------#---------#---------#---------#---------
579
580 # --- server-admin operations (generate server key and csr) ---
581 section_message "server-admin operations (generate server key and csr)"
582
583 start_message "req ... generate server csr#1"
584
585 server_key=$server_dir/server_key.pem
586 server_csr=$server_dir/server_csr.pem
587 server_pass=test-server-pass
588
589 if [ $mingw = 0 ] ; then
590 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/'
591 else
592 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\'
593 fi
594
595 $openssl_bin req -new -keyout $server_key -out $server_csr \
596 -passout pass:$server_pass -subj $subj
597 check_exit_status $?
598
599 start_message "req ... generate server csr#2 (interactive mode)"
600
601 revoke_key=$server_dir/revoke_key.pem
602 revoke_csr=$server_dir/revoke_csr.pem
603 revoke_pass=test-revoke-pass
604
605 $openssl_bin req -new -keyout $revoke_key -out $revoke_csr \
606 -passout pass:$revoke_pass <<__EOF__
607JP
608Tokyo
609TEST_DUMMY_COMPANY
610revoke.test_dummy.com
611__EOF__
612 check_exit_status $?
613
614 #---------#---------#---------#---------#---------#---------#---------
615
616 # --- CA operations (issue cert for server) ---
617 section_message "CA operations (issue cert for server)"
618
619 start_message "ca ... issue cert for server csr#1"
620
621 server_cert=$server_dir/server_cert.pem
622 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
623 -in $server_csr -out $server_cert
624 check_exit_status $?
625
626 start_message "x509 ... issue cert for server csr#2"
627
628 revoke_cert=$server_dir/revoke_cert.pem
629 $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAkey $ca_key \
630 -passin pass:$ca_pass -CAcreateserial -out $revoke_cert
631 check_exit_status $?
632
633 #---------#---------#---------#---------#---------#---------#---------
634
635 # --- CA operations (revoke cert and generate crl) ---
636 section_message "CA operations (revoke cert and generate crl)"
637
638 start_message "ca ... revoke server cert#2"
639 crl_file=$ca_dir/crl.pem
640 $openssl_bin ca -gencrl -out $crl_file -crldays 30 \
641 -revoke $revoke_cert \
642 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert
643 check_exit_status $?
644
645 start_message "crl ... CA generates CRL"
646 $openssl_bin crl -in $crl_file -fingerprint
647 check_exit_status $?
648
649 crl_p7=$ca_dir/crl.p7
650 start_message "crl2pkcs7 ... convert CRL to pkcs7"
651 $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7
652 check_exit_status $?
653
654 #---------#---------#---------#---------#---------#---------#---------
655
656 # --- server-admin operations (check csr, verify cert, certhash) ---
657 section_message "server-admin operations (check csr, verify cert, certhash)"
658
659 start_message "asn1parse ... parse server csr#1"
660 $openssl_bin asn1parse -in $server_csr -i -dlimit 100 -length 1000 \
661 -strparse 01 > $server_csr.asn1parse.out
662 check_exit_status $?
663
664 start_message "verify ... server cert#1"
665 $openssl_bin verify -verbose -CAfile $ca_cert $server_cert
666 check_exit_status $?
667
668 start_message "x509 ... get detail info about server cert#1"
669 $openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \
670 -fingerprint -issuer -issuer_hash -issuer_hash_old \
671 -subject -subject_hash -subject_hash_old -ocsp_uri \
672 -ocspid -modulus -pubkey -serial -email > $server_cert.x509.out
673 check_exit_status $?
674
675 if [ $mingw = 0 ] ; then
676 start_message "certhash"
677 $openssl_bin certhash -v $server_dir
678 check_exit_status $?
679 fi
680
681 # self signed
682 start_message "x509 ... generate self signed server cert"
683 server_self_cert=$server_dir/server_self_cert.pem
684 $openssl_bin x509 -in $server_cert -signkey $server_key \
685 -passin pass:$server_pass -out $server_self_cert
686 check_exit_status $?
687
688 #---------#---------#---------#---------#---------#---------#---------
689
690 # --- Netscape SPKAC operations ---
691 section_message "Netscape SPKAC operations"
692
693 # server-admin generates SPKAC
694
695 start_message "spkac"
696 spkacfile=$server_dir/spkac.file
697
698 $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile
699 check_exit_status $?
700
701 $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out
702 check_exit_status $?
703
704 spkacreq=$server_dir/spkac.req
705 cat << __EOF__ > $spkacreq
706countryName = JP
707stateOrProvinceName = Tokyo
708organizationName = TEST_DUMMY_COMPANY
709commonName = spkac.test_dummy.com
710__EOF__
711 cat $spkacfile >> $spkacreq
712
713 # CA signs SPKAC
714 start_message "ca ... CA signs SPKAC csr"
715 spkaccert=$server_dir/spkac.cert
716 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
717 -spkac $spkacreq -out $spkaccert
718 check_exit_status $?
719
720 start_message "x509 ... convert DER format SPKAC cert to PEM"
721 spkacpem=$server_dir/spkac.pem
722 $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM
723 check_exit_status $?
724
725 # server-admin cert verify
726
727 start_message "nseq"
728 $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq
729 check_exit_status $?
730
731 #---------#---------#---------#---------#---------#---------#---------
732
733 # --- user1 operations (generate user1 key and csr) ---
734 section_message "user1 operations (generate user1 key and csr)"
735
736 # trust
737 start_message "x509 ... trust testCA cert"
738 user1_trust=$user1_dir/user1_trust_ca.pem
739 $openssl_bin x509 -in $ca_cert -addtrust clientAuth \
740 -setalias "trusted testCA" -purpose -out $user1_trust
741 check_exit_status $?
742
743 start_message "req ... generate private key and csr for user1"
744
745 user1_key=$user1_dir/user1_key.pem
746 user1_csr=$user1_dir/user1_csr.pem
747 user1_pass=test-user1-pass
748
749 if [ $mingw = 0 ] ; then
750 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/'
751 else
752 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\'
753 fi
754
755 $openssl_bin req -new -keyout $user1_key -out $user1_csr \
756 -passout pass:$user1_pass -subj $subj
757 check_exit_status $?
758
759 #---------#---------#---------#---------#---------#---------#---------
760
761 # --- CA operations (issue cert for user1) ---
762 section_message "CA operations (issue cert for user1)"
763
764 start_message "ca ... issue cert for user1"
765
766 user1_cert=$user1_dir/user1_cert.pem
767 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
768 -in $user1_csr -out $user1_cert
769 check_exit_status $?
770}
771
772function test_tsa {
773 # --- TSA operations ---
774 section_message "TSA operations"
775
776 tsa_dat=$user1_dir/tsa.dat
777 cat << __EOF__ > $tsa_dat
778Hello Bob,
779Sincerely yours
780Alice
781__EOF__
782
783 # Query
784 start_message "ts ... create time stamp request"
785
786 tsa_tsq=$user1_dir/tsa.tsq
787
788 $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq
789 check_exit_status $?
790
791 start_message "ts ... print time stamp request"
792
793 $openssl_bin ts -query -in $tsa_tsq -text
794 check_exit_status $?
795
796 # Reply
797 start_message "ts ... create time stamp response for a request"
798
799 tsa_tsr=$user1_dir/tsa.tsr
800
801 $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \
802 -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \
803 -out $tsa_tsr
804 check_exit_status $?
805
806 # Verify
807 start_message "ts ... verify time stamp response"
808
809 $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \
810 -CAfile $ca_cert -untrusted $tsa_cert
811 check_exit_status $?
812}
813
814function test_smime {
815 # --- S/MIME operations ---
816 section_message "S/MIME operations"
817
818 smime_txt=$user1_dir/smime.txt
819 smime_msg=$user1_dir/smime.msg
820 smime_ver=$user1_dir/smime.ver
821
822 cat << __EOF__ > $smime_txt
823Hello Bob,
824Sincerely yours
825Alice
826__EOF__
827
828 # sign
829 start_message "smime ... sign to message"
830
831 $openssl_bin smime -sign -in $smime_txt -text -out $smime_msg \
832 -signer $user1_cert -inkey $user1_key -passin pass:$user1_pass
833 check_exit_status $?
834
835 # verify
836 start_message "smime ... verify message"
837
838 $openssl_bin smime -verify -in $smime_msg -signer $user1_cert \
839 -CAfile $ca_cert -out $smime_ver
840 check_exit_status $?
841}
842
843function test_ocsp {
844 # --- OCSP operations ---
845 section_message "OCSP operations"
846
847 # request
848 start_message "ocsp ... create OCSP request"
849
850 ocsp_req=$user1_dir/ocsp_req.der
851 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
852 -cert $revoke_cert -CAfile $ca_cert -reqout $ocsp_req
853 check_exit_status $?
854
855 # response
856 start_message "ocsp ... create OCPS response for a request"
857
858 ocsp_res=$user1_dir/ocsp_res.der
859 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
860 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
861 -reqin $ocsp_req -respout $ocsp_res -text > $ocsp_res.out 2>&1
862 check_exit_status $?
863
864 # ocsp server
865 start_message "ocsp ... start OCSP server in background"
866
867 ocsp_port=8888
868
869 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
870 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
871 -port '*:'$ocsp_port -nrequest 1 &
872 check_exit_status $?
873 ocsp_svr_pid=$!
874 echo "ocsp server pid = [ $ocsp_svr_pid ]"
875 sleep 1
876
877 # send query to ocsp server
878 start_message "ocsp ... send OCSP request to server"
879
880 ocsp_qry=$user1_dir/ocsp_qry.der
881 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
882 -cert $revoke_cert -CAfile $ca_cert \
883 -url http://localhost:$ocsp_port -resp_text \
884 -respout $ocsp_qry > $ocsp_qry.out 2>&1
885 check_exit_status $?
886}
887
888function test_pkcs {
889 # --- PKCS operations ---
890 section_message "PKCS operations"
891
892 pkcs_pass=test-pkcs-pass
893
894 start_message "pkcs7 ... output certs in crl(pkcs7)"
895 $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out
896 check_exit_status $?
897
898 start_message "pkcs8 ... convert key to pkcs8"
899 $openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \
900 -passin pass:$user1_pass -passout pass:$user1_pass \
901 -v1 pbeWithSHA1AndDES-CBC -v2 des3
902 check_exit_status $?
903
904 start_message "pkcs8 ... convert pkcs8 to key in DER format"
905 $openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass \
906 -outform DER -out $user1_key.p8.der
907 check_exit_status $?
908
909 start_message "pkcs12 ... create"
910 $openssl_bin pkcs12 -export -in $server_cert -inkey $server_key \
911 -passin pass:$server_pass -certfile $ca_cert -CAfile $ca_cert \
912 -caname "server_p12" -passout pass:$pkcs_pass \
913 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \
914 -out $server_cert.p12
915 check_exit_status $?
916
917 start_message "pkcs12 ... verify"
918 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \
919 -noout
920 check_exit_status $?
921
922 start_message "pkcs12 ... to PEM"
923 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass \
924 -passout pass:$pkcs_pass -out $server_cert.p12.pem
925 check_exit_status $?
926}
927
928function test_server_client {
929 # --- client/server operations (TLS) ---
930 section_message "client/server operations (TLS)"
931
932 s_id="$1"
933 c_id="$2"
934 sc="$1$2"
935
936 test_pause_sec=0.2
937
938 if [ $s_id = "0" ] ; then
939 s_bin=$openssl_bin
940 else
941 s_bin=$other_openssl_bin
942 fi
943
944 if [ $c_id = "0" ] ; then
945 c_bin=$openssl_bin
946 else
947 c_bin=$other_openssl_bin
948 fi
949
950 echo "s_server is [`$s_bin version`]"
951 echo "s_client is [`$c_bin version`]"
952
953 host="localhost"
954 port=4433
955 sess_dat=$user1_dir/s_client_${sc}_sess.dat
956 s_server_out=$server_dir/s_server_${sc}_tls.out
957
958 $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null
959 if [ $? -eq 0 ] ; then
960 extra_opts="-4"
961 else
962 extra_opts=""
963 fi
964
965 start_message "s_server ... start TLS/SSL test server"
966 $s_bin s_server -accept $port -CAfile $ca_cert \
967 -cert $server_cert -key $server_key -pass pass:$server_pass \
968 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
969 -nextprotoneg "http/1.1,spdy/3" -alpn "http/1.1,spdy/3" -www \
970 -cipher ALL $extra_opts \
971 -msg -tlsextdebug > $s_server_out 2>&1 &
972 check_exit_status $?
973 s_server_pid=$!
974 echo "s_server pid = [ $s_server_pid ]"
975 sleep 1
976
977 # protocol = TLSv1
978
979 s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out
980
981 start_message "s_client ... connect to TLS/SSL test server by TLSv1"
982 sleep $test_pause_sec
983 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
984 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
985 check_exit_status $?
986
987 grep 'Protocol : TLSv1$' $s_client_out > /dev/null
988 check_exit_status $?
989
990 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
991 check_exit_status $?
992
993 # protocol = TLSv1.1
994
995 s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out
996
997 start_message "s_client ... connect to TLS/SSL test server by TLSv1.1"
998 sleep $test_pause_sec
999 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1000 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1001 check_exit_status $?
1002
1003 grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null
1004 check_exit_status $?
1005
1006 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1007 check_exit_status $?
1008
1009 # protocol = TLSv1.2
1010
1011 s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out
1012
1013 start_message "s_client ... connect to TLS/SSL test server by TLSv1.2"
1014 sleep $test_pause_sec
1015 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1016 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1017 check_exit_status $?
1018
1019 grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null
1020 check_exit_status $?
1021
1022 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1023 check_exit_status $?
1024
1025 # all available ciphers with random order
1026
1027 s_ciph=$server_dir/s_ciph_${sc}
1028 if [ $s_id = "0" ] ; then
1029 $s_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $s_ciph
1030 else
1031 $s_bin ciphers -v | awk '{print $1}' > $s_ciph
1032 fi
1033
1034 c_ciph=$user1_dir/c_ciph_${sc}
1035 if [ $c_id = "0" ] ; then
1036 $c_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $c_ciph
1037 else
1038 $c_bin ciphers -v | awk '{print $1}' > $c_ciph
1039 fi
1040
1041 ciphers=$user1_dir/ciphers_${sc}
1042 grep -x -f $s_ciph $c_ciph | sort -R > $ciphers
1043
1044 cnum=0
1045 for c in `cat $ciphers` ; do
1046 cnum=`expr $cnum + 1`
1047 cnstr=`printf %03d $cnum`
1048 s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out
1049
1050 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
1051 sleep $test_pause_sec
1052 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1053 -cipher $c \
1054 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1055 check_exit_status $?
1056
1057 grep "Cipher : $c" $s_client_out > /dev/null
1058 check_exit_status $?
1059
1060 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1061 check_exit_status $?
1062 done
1063
1064 # Get session ticket to reuse
1065
1066 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out
1067
1068 start_message "s_client ... connect to TLS/SSL test server to get session id"
1069 sleep $test_pause_sec
1070 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1071 -nextprotoneg "spdy/3,http/1.1" -alpn "spdy/3,http/1.1" \
1072 -sess_out $sess_dat \
1073 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1074 check_exit_status $?
1075
1076 grep '^New, TLS.*$' $s_client_out > /dev/null
1077 check_exit_status $?
1078
1079 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1080 check_exit_status $?
1081
1082 # Reuse session ticket
1083
1084 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out
1085
1086 start_message "s_client ... connect to TLS/SSL test server reusing session id"
1087 sleep $test_pause_sec
1088 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1089 -sess_in $sess_dat \
1090 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1091 check_exit_status $?
1092
1093 grep '^Reused, TLS.*$' $s_client_out > /dev/null
1094 check_exit_status $?
1095
1096 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1097 check_exit_status $?
1098
1099 # invalid verification pattern
1100
1101 s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out
1102
1103 start_message "s_client ... connect to TLS/SSL test server but verify error"
1104 sleep $test_pause_sec
1105 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1106 -showcerts -crl_check -issuer_checks -policy_check \
1107 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1108 check_exit_status $?
1109
1110 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1111 if [ $? -eq 0 ] ; then
1112 check_exit_status 1
1113 else
1114 check_exit_status 0
1115 fi
1116
1117 # s_time
1118 start_message "s_time ... connect to TLS/SSL test server"
1119 $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2
1120 check_exit_status $?
1121
1122 # sess_id
1123 start_message "sess_id"
1124 $c_bin sess_id -in $sess_dat -text -out $sess_dat.out
1125 check_exit_status $?
1126
1127 stop_s_server
1128}
1129
1130function test_speed {
1131 # === PERFORMANCE ===
1132 section_message "PERFORMANCE"
1133
1134 if [ $no_long_tests = 0 ] ; then
1135 start_message "speed"
1136 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
1137 check_exit_status $?
1138 else
1139 start_message "SKIPPING speed (quick mode)"
1140 fi
1141}
1142
1143function test_version {
1144 # --- VERSION INFORMATION ---
1145 section_message "VERSION INFORMATION"
1146
1147 start_message "version"
1148 $openssl_bin version -a
1149 check_exit_status $?
1150}
1151
1152#---------#---------#---------#---------#---------#---------#---------#---------
1153
1154openssl_bin=${OPENSSL:-/usr/bin/openssl}
1155other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl}
1156
1157interop_tests=0
1158no_long_tests=0
1159
1160while [ "$1" != "" ]; do
1161 case $1 in
1162 -i | --interop) shift
1163 interop_tests=1
1164 ;;
1165 -q | --quick ) shift
1166 no_long_tests=1
1167 ;;
1168 * ) usage
1169 exit 1
1170 esac
1171done
1172
1173if [ ! -x $openssl_bin ] ; then
1174 echo ":-< \$OPENSSL [$openssl_bin] is not executable."
1175 exit 1
1176fi
1177
1178if [ $interop_tests = 1 -a ! -x $other_openssl_bin ] ; then
1179 echo ":-< \$OTHER_OPENSSL [$other_openssl_bin] is not executable."
1180 exit 1
1181fi
1182
1183#
1184# create ssldir, and all files generated by this script goes under this dir.
1185#
1186ssldir="appstest_dir"
1187
1188if [ -d $ssldir ] ; then
1189 echo "directory [ $ssldir ] exists, this script deletes this directory ..."
1190 /bin/rm -rf $ssldir
1191fi
1192
1193mkdir -p $ssldir
1194
1195ca_dir=$ssldir/testCA
1196tsa_dir=$ssldir/testTSA
1197ocsp_dir=$ssldir/testOCSP
1198server_dir=$ssldir/server
1199user1_dir=$ssldir/user1
1200mkdir -p $user1_dir
1201key_dir=$ssldir/key
1202mkdir -p $key_dir
1203
1204export OPENSSL_CONF=$ssldir/openssl.cnf
1205touch $OPENSSL_CONF
1206
1207uname_s=`uname -s | grep 'MINGW'`
1208if [ "$uname_s" = "" ] ; then
1209 mingw=0
1210else
1211 mingw=1
1212fi
1213
1214#
1215# process tests
1216#
1217test_usage_lists_others
1218test_md
1219test_encoding_cipher
1220test_key
1221test_pki
1222test_tsa
1223test_smime
1224test_ocsp
1225test_pkcs
1226test_server_client 0 0
1227if [ $interop_tests = 1 ] ; then
1228 test_server_client 0 1
1229 test_server_client 1 0
1230fi
1231test_speed
1232test_version
1233
1234section_message "END"
1235
1236exit 0
1237
diff --git a/src/regress/usr.bin/openssl/openssl.cnf b/src/regress/usr.bin/openssl/openssl.cnf
deleted file mode 100644
index 4490810058..0000000000
--- a/src/regress/usr.bin/openssl/openssl.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1# $OpenBSD: openssl.cnf,v 1.2 2015/09/16 01:39:05 lteo Exp $
2
3#
4# SSLeay example configuration file.
5# This is mostly being used for generation of certificate requests.
6#
7# hacked by iang to do DSA certs - Server
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CA
17countryName_value = CA
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Shake it Vera
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Wastelandus
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Maximus
27
diff --git a/src/regress/usr.bin/openssl/options/Makefile b/src/regress/usr.bin/openssl/options/Makefile
deleted file mode 100644
index ba3857ad39..0000000000
--- a/src/regress/usr.bin/openssl/options/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2014/12/28 14:01:33 jsing Exp $
2
3PROG= optionstest
4SRCS= optionstest.c
5
6LDADD= -lcrypto -lssl
7DPADD= ${LIBCRYPTO} ${LIBSSL}
8
9OSSLSRC= ${.CURDIR}/../../../../usr.bin/openssl/
10CFLAGS+= -I${OSSLSRC}
11
12.PATH: ${OSSLSRC}
13SRCS+= apps.c
14
15CFLAGS+= -Werror
16
17.include <bsd.regress.mk>
diff --git a/src/regress/usr.bin/openssl/options/optionstest.c b/src/regress/usr.bin/openssl/options/optionstest.c
deleted file mode 100644
index 17c2e1af78..0000000000
--- a/src/regress/usr.bin/openssl/options/optionstest.c
+++ /dev/null
@@ -1,380 +0,0 @@
1/* $OpenBSD: optionstest.c,v 1.9 2017/04/16 14:40:47 kettenis Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19#include <stdlib.h>
20#include <string.h>
21
22#include <openssl/bio.h>
23#include <openssl/conf.h>
24
25#include "apps.h"
26
27/* Needed to keep apps.c happy... */
28BIO *bio_err;
29CONF *config;
30
31static int argfunc(char *arg);
32static int defaultarg(int argc, char **argv, int *argsused);
33static int multiarg(int argc, char **argv, int *argsused);
34
35static struct {
36 char *arg;
37 int flag;
38} test_config;
39
40static struct option test_options[] = {
41 {
42 .name = "arg",
43 .argname = "argname",
44 .type = OPTION_ARG,
45 .opt.arg = &test_config.arg,
46 },
47 {
48 .name = "argfunc",
49 .argname = "argname",
50 .type = OPTION_ARG_FUNC,
51 .opt.argfunc = argfunc,
52 },
53 {
54 .name = "flag",
55 .type = OPTION_FLAG,
56 .opt.flag = &test_config.flag,
57 },
58 {
59 .name = "multiarg",
60 .type = OPTION_ARGV_FUNC,
61 .opt.argvfunc = multiarg,
62 },
63 {
64 .name = NULL,
65 .type = OPTION_ARGV_FUNC,
66 .opt.argvfunc = defaultarg,
67 },
68 { NULL },
69};
70
71char *args1[] = { "opts" };
72char *args2[] = { "opts", "-arg", "arg", "-flag" };
73char *args3[] = { "opts", "-arg", "arg", "-flag", "unnamed" };
74char *args4[] = { "opts", "-arg", "arg", "unnamed", "-flag" };
75char *args5[] = { "opts", "unnamed1", "-arg", "arg", "-flag", "unnamed2" };
76char *args6[] = { "opts", "-argfunc", "arg", "-flag" };
77char *args7[] = { "opts", "-arg", "arg", "-flag", "-", "-unnamed" };
78char *args8[] = { "opts", "-arg", "arg", "-flag", "file1", "file2", "file3" };
79char *args9[] = { "opts", "-arg", "arg", "-flag", "file1", "-file2", "file3" };
80char *args10[] = { "opts", "-arg", "arg", "-flag", "-", "file1", "file2" };
81char *args11[] = { "opts", "-arg", "arg", "-flag", "-", "-file1", "-file2" };
82char *args12[] = { "opts", "-multiarg", "arg1", "arg2", "-flag", "unnamed" };
83char *args13[] = { "opts", "-multiargz", "arg1", "arg2", "-flagz", "unnamed" };
84
85struct options_test {
86 int argc;
87 char **argv;
88 enum {
89 OPTIONS_TEST_NONE,
90 OPTIONS_TEST_UNNAMED,
91 OPTIONS_TEST_ARGSUSED,
92 } type;
93 char *unnamed;
94 int used;
95 int want;
96 char *wantarg;
97 int wantflag;
98};
99
100struct options_test options_tests[] = {
101 {
102 /* Test 1 - No arguments (only program name). */
103 .argc = 1,
104 .argv = args1,
105 .type = OPTIONS_TEST_NONE,
106 .want = 0,
107 .wantarg = NULL,
108 .wantflag = 0,
109 },
110 {
111 /* Test 2 - Named arguments (unnamed not permitted). */
112 .argc = 4,
113 .argv = args2,
114 .type = OPTIONS_TEST_NONE,
115 .want = 0,
116 .wantarg = "arg",
117 .wantflag = 1,
118 },
119 {
120 /* Test 3 - Named arguments (unnamed permitted). */
121 .argc = 4,
122 .argv = args2,
123 .type = OPTIONS_TEST_UNNAMED,
124 .unnamed = NULL,
125 .want = 0,
126 .wantarg = "arg",
127 .wantflag = 1,
128 },
129 {
130 /* Test 4 - Named and single unnamed (unnamed not permitted). */
131 .argc = 5,
132 .argv = args3,
133 .type = OPTIONS_TEST_NONE,
134 .want = 1,
135 },
136 {
137 /* Test 5 - Named and single unnamed (unnamed permitted). */
138 .argc = 5,
139 .argv = args3,
140 .type = OPTIONS_TEST_UNNAMED,
141 .unnamed = "unnamed",
142 .want = 0,
143 .wantarg = "arg",
144 .wantflag = 1,
145 },
146 {
147 /* Test 6 - Named and single unnamed (different sequence). */
148 .argc = 5,
149 .argv = args4,
150 .type = OPTIONS_TEST_UNNAMED,
151 .unnamed = "unnamed",
152 .want = 0,
153 .wantarg = "arg",
154 .wantflag = 1,
155 },
156 {
157 /* Test 7 - Multiple unnamed arguments (should fail). */
158 .argc = 6,
159 .argv = args5,
160 .type = OPTIONS_TEST_UNNAMED,
161 .want = 1,
162 },
163 {
164 /* Test 8 - Function. */
165 .argc = 4,
166 .argv = args6,
167 .type = OPTIONS_TEST_NONE,
168 .want = 0,
169 .wantarg = "arg",
170 .wantflag = 1,
171 },
172 {
173 /* Test 9 - Named and single unnamed (hyphen separated). */
174 .argc = 6,
175 .argv = args7,
176 .type = OPTIONS_TEST_UNNAMED,
177 .unnamed = "-unnamed",
178 .want = 0,
179 .wantarg = "arg",
180 .wantflag = 1,
181 },
182 {
183 /* Test 10 - Named and multiple unnamed. */
184 .argc = 7,
185 .argv = args8,
186 .used = 4,
187 .type = OPTIONS_TEST_ARGSUSED,
188 .want = 0,
189 .wantarg = "arg",
190 .wantflag = 1,
191 },
192 {
193 /* Test 11 - Named and multiple unnamed. */
194 .argc = 7,
195 .argv = args9,
196 .used = 4,
197 .type = OPTIONS_TEST_ARGSUSED,
198 .want = 0,
199 .wantarg = "arg",
200 .wantflag = 1,
201 },
202 {
203 /* Test 12 - Named and multiple unnamed. */
204 .argc = 7,
205 .argv = args10,
206 .used = 5,
207 .type = OPTIONS_TEST_ARGSUSED,
208 .want = 0,
209 .wantarg = "arg",
210 .wantflag = 1,
211 },
212 {
213 /* Test 13 - Named and multiple unnamed. */
214 .argc = 7,
215 .argv = args11,
216 .used = 5,
217 .type = OPTIONS_TEST_ARGSUSED,
218 .want = 0,
219 .wantarg = "arg",
220 .wantflag = 1,
221 },
222 {
223 /* Test 14 - Named only. */
224 .argc = 4,
225 .argv = args2,
226 .used = 4,
227 .type = OPTIONS_TEST_ARGSUSED,
228 .want = 0,
229 .wantarg = "arg",
230 .wantflag = 1,
231 },
232 {
233 /* Test 15 - Multiple argument callback. */
234 .argc = 6,
235 .argv = args12,
236 .unnamed = "unnamed",
237 .type = OPTIONS_TEST_UNNAMED,
238 .want = 0,
239 .wantarg = NULL,
240 .wantflag = 1,
241 },
242 {
243 /* Test 16 - Multiple argument callback. */
244 .argc = 6,
245 .argv = args12,
246 .used = 5,
247 .type = OPTIONS_TEST_ARGSUSED,
248 .want = 0,
249 .wantarg = NULL,
250 .wantflag = 1,
251 },
252 {
253 /* Test 17 - Default callback. */
254 .argc = 6,
255 .argv = args13,
256 .unnamed = "unnamed",
257 .type = OPTIONS_TEST_UNNAMED,
258 .want = 0,
259 .wantarg = NULL,
260 .wantflag = 1,
261 },
262 {
263 /* Test 18 - Default callback. */
264 .argc = 6,
265 .argv = args13,
266 .used = 5,
267 .type = OPTIONS_TEST_ARGSUSED,
268 .want = 0,
269 .wantarg = NULL,
270 .wantflag = 1,
271 },
272};
273
274#define N_OPTIONS_TESTS \
275 (sizeof(options_tests) / sizeof(*options_tests))
276
277static int
278argfunc(char *arg)
279{
280 test_config.arg = arg;
281 return (0);
282}
283
284static int
285defaultarg(int argc, char **argv, int *argsused)
286{
287 if (argc < 1)
288 return (1);
289
290 if (strcmp(argv[0], "-multiargz") == 0) {
291 if (argc < 3)
292 return (1);
293 *argsused = 3;
294 return (0);
295 } else if (strcmp(argv[0], "-flagz") == 0) {
296 test_config.flag = 1;
297 *argsused = 1;
298 return (0);
299 }
300
301 return (1);
302}
303
304static int
305multiarg(int argc, char **argv, int *argsused)
306{
307 if (argc < 3)
308 return (1);
309
310 *argsused = 3;
311 return (0);
312}
313
314static int
315do_options_test(int test_no, struct options_test *ot)
316{
317 int *argsused = NULL;
318 char *unnamed = NULL;
319 char **arg = NULL;
320 int used = 0;
321 int ret;
322
323 if (ot->type == OPTIONS_TEST_UNNAMED)
324 arg = &unnamed;
325 else if (ot->type == OPTIONS_TEST_ARGSUSED)
326 argsused = &used;
327
328 memset(&test_config, 0, sizeof(test_config));
329 ret = options_parse(ot->argc, ot->argv, test_options, arg, argsused);
330 if (ret != ot->want) {
331 fprintf(stderr, "FAIL: test %i options_parse() returned %i, "
332 "want %i\n", test_no, ret, ot->want);
333 return (1);
334 }
335 if (ret != 0)
336 return (0);
337
338 if ((test_config.arg != NULL || ot->wantarg != NULL) &&
339 (test_config.arg == NULL || ot->wantarg == NULL ||
340 strcmp(test_config.arg, ot->wantarg) != 0)) {
341 fprintf(stderr, "FAIL: test %i got arg '%s', want '%s'\n",
342 test_no, test_config.arg, ot->wantarg);
343 return (1);
344 }
345 if (test_config.flag != ot->wantflag) {
346 fprintf(stderr, "FAIL: test %i got flag %i, want %i\n",
347 test_no, test_config.flag, ot->wantflag);
348 return (1);
349 }
350 if (ot->type == OPTIONS_TEST_UNNAMED &&
351 (unnamed != NULL || ot->unnamed != NULL) &&
352 (unnamed == NULL || ot->unnamed == NULL ||
353 strcmp(unnamed, ot->unnamed) != 0)) {
354 fprintf(stderr, "FAIL: test %i got unnamed '%s', want '%s'\n",
355 test_no, unnamed, ot->unnamed);
356 return (1);
357 }
358 if (ot->type == OPTIONS_TEST_ARGSUSED && used != ot->used) {
359 fprintf(stderr, "FAIL: test %i got used %i, want %i\n",
360 test_no, used, ot->used);
361 return (1);
362 }
363
364 return (0);
365}
366
367int
368main(int argc, char **argv)
369{
370 int failed = 0;
371 size_t i;
372
373 for (i = 0; i < N_OPTIONS_TESTS; i++) {
374 printf("Test %zu%s\n", (i + 1), options_tests[i].want == 0 ?
375 "" : " is expected to complain");
376 failed += do_options_test(i + 1, &options_tests[i]);
377 }
378
379 return (failed);
380}
diff --git a/src/regress/usr.bin/openssl/test_client.sh b/src/regress/usr.bin/openssl/test_client.sh
deleted file mode 100644
index fed2baace0..0000000000
--- a/src/regress/usr.bin/openssl/test_client.sh
+++ /dev/null
@@ -1,12 +0,0 @@
1#!/bin/sh
2# $OpenBSD: test_client.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4echo
5echo This starts a tls1 mode client to talk to the server run by
6echo ./testserver.sh. You should start the server first.
7echo
8echo type in this window after ssl negotiation and your output should
9echo be echoed by the server.
10echo
11echo
12${OPENSSL:-/usr/bin/openssl} s_client -tls1
diff --git a/src/regress/usr.bin/openssl/test_server.sh b/src/regress/usr.bin/openssl/test_server.sh
deleted file mode 100644
index ec4a78a27a..0000000000
--- a/src/regress/usr.bin/openssl/test_server.sh
+++ /dev/null
@@ -1,10 +0,0 @@
1#!/bin/sh
2# $OpenBSD: test_server.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4echo This starts a tls1 mode server using the DSA certificate in ./server.pem
5echo Run ./testclient.sh in another window and type at it, you should
6echo see the results of the ssl negotiation, and stuff you type in the client
7echo should echo in this window
8echo
9echo
10${OPENSSL:-/usr/bin/openssl} s_server -tls1 -key testdsa.key -cert testdsa.pem
diff --git a/src/regress/usr.bin/openssl/testdsa.sh b/src/regress/usr.bin/openssl/testdsa.sh
deleted file mode 100644
index a04ba171ff..0000000000
--- a/src/regress/usr.bin/openssl/testdsa.sh
+++ /dev/null
@@ -1,30 +0,0 @@
1#!/bin/sh
2# $OpenBSD: testdsa.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4
5#Test DSA certificate generation of openssl
6
7cd $1
8
9# Generate DSA paramter set
10openssl_bin=${OPENSSL:-/usr/bin/openssl}
11$openssl_bin dsaparam 512 -out dsa512.pem
12if [ $? != 0 ]; then
13 exit 1;
14fi
15
16
17# Denerate a DSA certificate
18$openssl_bin req -config $2/openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
19if [ $? != 0 ]; then
20 exit 1;
21fi
22
23
24# Now check the certificate
25$openssl_bin x509 -text -in testdsa.pem
26if [ $? != 0 ]; then
27 exit 1;
28fi
29
30exit 0
diff --git a/src/regress/usr.bin/openssl/testenc.sh b/src/regress/usr.bin/openssl/testenc.sh
deleted file mode 100644
index 89b3068a08..0000000000
--- a/src/regress/usr.bin/openssl/testenc.sh
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2# $OpenBSD: testenc.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4testsrc=$2/openssl.cnf
5test=$1/p
6cmd=${OPENSSL:-/usr/bin/openssl}
7
8cd $1
9
10cat $testsrc >$test;
11
12echo cat
13$cmd enc < $test > $test.cipher
14$cmd enc < $test.cipher >$test.clear
15cmp $test $test.clear
16if [ $? != 0 ]
17then
18 exit 1
19else
20 /bin/rm $test.cipher $test.clear
21fi
22echo base64
23$cmd enc -a -e < $test > $test.cipher
24$cmd enc -a -d < $test.cipher >$test.clear
25cmp $test $test.clear
26if [ $? != 0 ]
27then
28 exit 1
29else
30 /bin/rm $test.cipher $test.clear
31fi
32
33/bin/rm -f $test
34exit 0
35
36# These tests are now done by the makefile.
37
38for i in rc4 \
39 des-cfb des-ede-cfb des-ede3-cfb \
40 des-ofb des-ede-ofb des-ede3-ofb \
41 des-ecb des-ede des-ede3 desx \
42 des-cbc des-ede-cbc des-ede3-cbc \
43 rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
44 bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
45 cast5-ecb cast5-cfb cast5-ofb cast5-cbc
46do
47 echo $i
48 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
49 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
50 cmp $test $test.$i.clear
51 if [ $? != 0 ]
52 then
53 exit 1
54 else
55 /bin/rm $test.$i.cipher $test.$i.clear
56 fi
57
58 echo $i base64
59 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
60 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
61 cmp $test $test.$i.clear
62 if [ $? != 0 ]
63 then
64 exit 1
65 else
66 /bin/rm $test.$i.cipher $test.$i.clear
67 fi
68done
69rm -f $test
diff --git a/src/regress/usr.bin/openssl/testrsa.sh b/src/regress/usr.bin/openssl/testrsa.sh
deleted file mode 100644
index 36f5e639e8..0000000000
--- a/src/regress/usr.bin/openssl/testrsa.sh
+++ /dev/null
@@ -1,30 +0,0 @@
1#!/bin/sh
2# $OpenBSD: testrsa.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4
5#Test RSA certificate generation of openssl
6
7cd $1
8openssl_bin=${OPENSSL:-/usr/bin/openssl}
9
10# Generate RSA private key
11$openssl_bin genrsa -out rsakey.pem
12if [ $? != 0 ]; then
13 exit 1;
14fi
15
16
17# Generate an RSA certificate
18$openssl_bin req -config $2/openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
19if [ $? != 0 ]; then
20 exit 1;
21fi
22
23
24# Now check the certificate
25$openssl_bin x509 -text -in rsacert.pem
26if [ $? != 0 ]; then
27 exit 1;
28fi
29
30exit 0
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 23:45:37 +0000