summaryrefslogtreecommitdiff
path: root/src/regress/usr.bin
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2019-11-19 19:57:05 +0000
committercvs2svn <admin@example.com>2019-11-19 19:57:05 +0000
commite9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
treeb5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/usr.bin
parentab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
downloadopenbsd-bluhm_20191119.tar.gz
openbsd-bluhm_20191119.tar.bz2
openbsd-bluhm_20191119.zip
This commit was manufactured by cvs2git to create tag 'bluhm_20191119'.bluhm_20191119
Diffstat (limited to 'src/regress/usr.bin')
-rw-r--r--src/regress/usr.bin/openssl/Makefile66
-rw-r--r--src/regress/usr.bin/openssl/README7
-rwxr-xr-xsrc/regress/usr.bin/openssl/appstest.sh1485
-rw-r--r--src/regress/usr.bin/openssl/openssl.cnf27
-rw-r--r--src/regress/usr.bin/openssl/options/Makefile17
-rw-r--r--src/regress/usr.bin/openssl/options/optionstest.c380
-rw-r--r--src/regress/usr.bin/openssl/test_client.sh12
-rw-r--r--src/regress/usr.bin/openssl/test_server.sh10
-rw-r--r--src/regress/usr.bin/openssl/testdsa.sh30
-rw-r--r--src/regress/usr.bin/openssl/testenc.sh69
-rw-r--r--src/regress/usr.bin/openssl/testrsa.sh30
11 files changed, 0 insertions, 2133 deletions
diff --git a/src/regress/usr.bin/openssl/Makefile b/src/regress/usr.bin/openssl/Makefile
deleted file mode 100644
index 0ef7928ea4..0000000000
--- a/src/regress/usr.bin/openssl/Makefile
+++ /dev/null
@@ -1,66 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2018/03/19 03:41:40 beck Exp $
2
3SUBDIR= options
4
5CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem
6CLEANFILES+= appstest_dir
7
8REGRESS_TARGETS=ssl-enc ssl-dsa ssl-rsa appstest
9
10OPENSSL=/usr/bin/openssl
11CLEAR1=p
12CIPHER=cipher
13CLEAR2=clear
14LIBCRYPTO=-lcrypto
15
16${CLEAR1}: openssl.cnf
17 cat ${.CURDIR}/openssl.cnf > ${CLEAR1}
18
19CLEANFILES+=${CLEAR1}
20
21ENCTARGETS=aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8
22ENCTARGETS+=aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb
23ENCTARGETS+=aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
24ENCTARGETS+=aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8
25ENCTARGETS+=aes-256-ecb aes-256-ofb
26ENCTARGETS+=bf-cbc bf-cfb bf-ecb bf-ofb
27ENCTARGETS+=cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
28ENCTARGETS+=des-cbc des-cfb des-cfb8 des-ecb des-ede
29ENCTARGETS+=des-ede-cbc des-ede-cfb des-ede-ofb des-ede3
30ENCTARGETS+=des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc
31ENCTARGETS+=rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
32ENCTARGETS+=rc4 rc4-40
33
34.for ENC in ${ENCTARGETS}
35${CIPHER}.${ENC}: ${CLEAR1}
36 ${OPENSSL} enc -${ENC} -bufsize 113 -e -k test < ${CLEAR1} > ${CIPHER}.${ENC}
37${CIPHER}.${ENC}.b64: ${CLEAR1}
38 ${OPENSSL} enc -${ENC} -bufsize 113 -a -e -k test < ${CLEAR1} > ${CIPHER}.${ENC}.b64
39
40${CLEAR2}.${ENC}: ${CIPHER}.${ENC}
41 ${OPENSSL} enc -${ENC} -bufsize 157 -d -k test < ${CIPHER}.${ENC} > ${CLEAR2}.${ENC}
42${CLEAR2}.${ENC}.b64: ${CIPHER}.${ENC}.b64
43 ${OPENSSL} enc -${ENC} -bufsize 157 -a -d -k test < ${CIPHER}.${ENC}.b64 > ${CLEAR2}.${ENC}.b64
44
45ssl-enc-${ENC}: ${CLEAR1} ${CLEAR2}.${ENC}
46 cmp ${CLEAR1} ${CLEAR2}.${ENC}
47ssl-enc-${ENC}.b64: ${CLEAR1} ${CLEAR2}.${ENC}.b64
48 cmp ${CLEAR1} ${CLEAR2}.${ENC}.b64
49
50REGRESS_TARGETS+=ssl-enc-${ENC} ssl-enc-${ENC}.b64
51CLEANFILES+=${CIPHER}.${ENC} ${CIPHER}.${ENC}.b64 ${CLEAR2}.${ENC} ${CLEAR2}.${ENC}.b64
52.endfor
53
54ssl-enc:
55 env OPENSSL=${OPENSSL} sh ${.CURDIR}/testenc.sh ${.OBJDIR} ${.CURDIR}
56ssl-dsa:
57 env OPENSSL=${OPENSSL} sh ${.CURDIR}/testdsa.sh ${.OBJDIR} ${.CURDIR}
58ssl-rsa:
59 env OPENSSL=${OPENSSL} sh ${.CURDIR}/testrsa.sh ${.OBJDIR} ${.CURDIR}
60appstest:
61 env OPENSSL=${OPENSSL} sh ${.CURDIR}/appstest.sh -q
62
63clean:
64 rm -rf ${CLEANFILES}
65
66.include <bsd.regress.mk>
diff --git a/src/regress/usr.bin/openssl/README b/src/regress/usr.bin/openssl/README
deleted file mode 100644
index 2682d873e7..0000000000
--- a/src/regress/usr.bin/openssl/README
+++ /dev/null
@@ -1,7 +0,0 @@
1testenc.sh tests encryption routines
2testdsa.sh tests DSA certificate generation
3test_server.sh starts a tls1 server using the above generated certificate
4test_client.sh starts a client to talk to the server.
5testrsa.sh tests RSA certificate generation
6appstest.sh tests openssl command
7
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
deleted file mode 100755
index 97c4a6e4a5..0000000000
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ /dev/null
@@ -1,1485 +0,0 @@
1#!/bin/sh
2#
3# $OpenBSD: appstest.sh,v 1.28 2019/11/09 14:49:31 inoguchi Exp $
4#
5# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
6#
7# Permission to use, copy, modify, and distribute this software for any
8# purpose with or without fee is hereby granted, provided that the above
9# copyright notice and this permission notice appear in all copies.
10#
11# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19#
20# appstest.sh - test script for openssl command according to man OPENSSL(1)
21#
22# input : none
23# output : all files generated by this script go under $ssldir
24#
25
26function section_message {
27 echo ""
28 echo "#---------#---------#---------#---------#---------#---------#---------#--------"
29 echo "==="
30 echo "=== (Section) $1 `date +'%Y/%m/%d %H:%M:%S'`"
31 echo "==="
32}
33
34function start_message {
35 echo ""
36 echo "[TEST] $1"
37}
38
39function stop_s_server {
40 if [ ! -z "$s_server_pid" ] ; then
41 echo ":-| stop s_server [ $s_server_pid ]"
42 sleep 1
43 kill -TERM $s_server_pid
44 wait $s_server_pid
45 s_server_pid=
46 fi
47}
48
49function check_exit_status {
50 status=$1
51 if [ $status -ne 0 ] ; then
52 stop_s_server
53 echo ":-< error occurs, exit status = [ $status ]"
54 exit $status
55 else
56 echo ":-) success. "
57 fi
58}
59
60function usage {
61 echo "usage: appstest.sh [-iq]"
62}
63
64function test_usage_lists_others {
65 # === COMMAND USAGE ===
66 section_message "COMMAND USAGE"
67
68 start_message "output usages of all commands."
69
70 cmds=`$openssl_bin list-standard-commands`
71 $openssl_bin -help 2>> $user1_dir/usages.out
72 for c in $cmds ; do
73 $openssl_bin $c -help 2>> $user1_dir/usages.out
74 done
75
76 start_message "check all list-* commands."
77
78 lists=""
79 lists="$lists list-standard-commands"
80 lists="$lists list-message-digest-commands list-message-digest-algorithms"
81 lists="$lists list-cipher-commands list-cipher-algorithms"
82 lists="$lists list-public-key-algorithms"
83
84 listsfile=$user1_dir/lists.out
85
86 for l in $lists ; do
87 echo "" >> $listsfile
88 echo "$l" >> $listsfile
89 $openssl_bin $l >> $listsfile
90 done
91
92 start_message "check interactive mode"
93 $openssl_bin <<__EOF__
94help
95quit
96__EOF__
97 check_exit_status $?
98
99 #---------#---------#---------#---------#---------#---------#---------
100
101 # --- listing operations ---
102 section_message "listing operations"
103
104 start_message "ciphers"
105 $openssl_bin ciphers -V
106 check_exit_status $?
107
108 start_message "errstr"
109 $openssl_bin errstr 2606A074
110 check_exit_status $?
111 $openssl_bin errstr -stats 2606A074 > $user1_dir/errstr-stats.out
112 check_exit_status $?
113
114 #---------#---------#---------#---------#---------#---------#---------
115
116 # --- random number etc. operations ---
117 section_message "random number etc. operations"
118
119 start_message "passwd"
120
121 pass="test-pass-1234"
122
123 echo $pass | $openssl_bin passwd -stdin -1
124 check_exit_status $?
125
126 echo $pass | $openssl_bin passwd -stdin -apr1
127 check_exit_status $?
128
129 echo $pass | $openssl_bin passwd -stdin -crypt
130 check_exit_status $?
131
132 start_message "prime"
133
134 $openssl_bin prime 1
135 check_exit_status $?
136
137 $openssl_bin prime 2
138 check_exit_status $?
139
140 $openssl_bin prime -bits 64 -checks 3 -generate -hex -safe 5
141 check_exit_status $?
142
143 start_message "rand"
144
145 $openssl_bin rand -base64 100
146 check_exit_status $?
147
148 $openssl_bin rand -hex 100
149 check_exit_status $?
150}
151
152function test_md {
153 # === MESSAGE DIGEST COMMANDS ===
154 section_message "MESSAGE DIGEST COMMANDS"
155
156 start_message "dgst - See [MESSAGE DIGEST COMMANDS] section."
157
158 text="1234567890abcdefghijklmnopqrstuvwxyz"
159 dgstdat=$user1_dir/dgst.dat
160 echo $text > $dgstdat
161 hmac_key="test-hmac-key"
162 cmac_key="1234567890abcde1234567890abcde12"
163 dgstkey=$user1_dir/dgstkey.pem
164 dgstpass=test-dgst-pass
165 dgstpub=$user1_dir/dgstpub.pem
166 dgstsig=$user1_dir/dgst.sig
167
168 $openssl_bin genrsa -aes256 -passout pass:$dgstpass -out $dgstkey
169 check_exit_status $?
170
171 $openssl_bin pkey -in $dgstkey -passin pass:$dgstpass -pubout \
172 -out $dgstpub
173 check_exit_status $?
174
175 digests=`$openssl_bin list-message-digest-commands`
176
177 for d in $digests ; do
178
179 echo -n "$d ... "
180 $openssl_bin dgst -$d -hex -out $dgstdat.$d $dgstdat
181 check_exit_status $?
182
183 echo -n "$d HMAC ... "
184 $openssl_bin dgst -$d -c -hmac $hmac_key -out $dgstdat.$d.hmac \
185 $dgstdat
186 check_exit_status $?
187
188 echo -n "$d CMAC ... "
189 $openssl_bin dgst -$d -r -mac cmac -macopt cipher:aes-128-cbc \
190 -macopt hexkey:$cmac_key -out $dgstdat.$d.cmac $dgstdat
191 check_exit_status $?
192
193 echo -n "$d sign ... "
194 $openssl_bin dgst -sign $dgstkey -keyform pem \
195 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
196 -passin pass:$dgstpass -binary -out $dgstsig.$d $dgstdat
197 check_exit_status $?
198
199 echo -n "$d verify ... "
200 $openssl_bin dgst -verify $dgstpub \
201 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
202 -signature $dgstsig.$d $dgstdat
203 check_exit_status $?
204
205 echo -n "$d prverify ... "
206 $openssl_bin dgst -prverify $dgstkey -passin pass:$dgstpass \
207 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
208 -signature $dgstsig.$d $dgstdat
209 check_exit_status $?
210 done
211}
212
213function test_encoding_cipher {
214 # === ENCODING AND CIPHER COMMANDS ===
215 section_message "ENCODING AND CIPHER COMMANDS"
216
217 start_message "enc - See [ENCODING AND CIPHER COMMANDS] section."
218
219 text="1234567890abcdefghijklmnopqrstuvwxyz"
220 encfile=$user1_dir/encfile.dat
221 echo $text > $encfile
222 pass="test-pass-1234"
223
224 ciphers=`$openssl_bin list-cipher-commands`
225
226 for c in $ciphers ; do
227 echo -n "$c ... encoding ... "
228 $openssl_bin enc -$c -e -base64 -pass pass:$pass \
229 -in $encfile -out $encfile-$c.enc
230 check_exit_status $?
231
232 echo -n "decoding ... "
233 $openssl_bin enc -$c -d -base64 -pass pass:$pass \
234 -in $encfile-$c.enc -out $encfile-$c.dec
235 check_exit_status $?
236
237 echo -n "cmp ... "
238 cmp $encfile $encfile-$c.dec
239 check_exit_status $?
240 done
241}
242
243function test_key {
244 # === various KEY operations ===
245 section_message "various KEY operations"
246
247 key_pass=test-key-pass
248
249 # DH
250
251 start_message "gendh - Obsoleted by dhparam."
252 gendh2=$key_dir/gendh2.pem
253 $openssl_bin gendh -2 -out $gendh2
254 check_exit_status $?
255
256 start_message "dh - Obsoleted by dhparam."
257 $openssl_bin dh -in $gendh2 -check -text -out $gendh2.out
258 check_exit_status $?
259
260 if [ $no_long_tests = 0 ] ; then
261 start_message "dhparam - Superseded by genpkey and pkeyparam."
262 dhparam2=$key_dir/dhparam2.pem
263 $openssl_bin dhparam -2 -out $dhparam2
264 check_exit_status $?
265 $openssl_bin dhparam -in $dhparam2 -check -text \
266 -out $dhparam2.out
267 check_exit_status $?
268 else
269 start_message "SKIPPING dhparam - Superseded by genpkey and pkeyparam. (quick mode)"
270 fi
271
272 # DSA
273
274 start_message "dsaparam - Superseded by genpkey and pkeyparam."
275 dsaparam512=$key_dir/dsaparam512.pem
276 $openssl_bin dsaparam -genkey -out $dsaparam512 512
277 check_exit_status $?
278
279 start_message "dsa"
280 $openssl_bin dsa -in $dsaparam512 -text -modulus -out $dsaparam512.out
281 check_exit_status $?
282
283 start_message "gendsa - Superseded by genpkey and pkey."
284 gendsa_des3=$key_dir/gendsa_des3.pem
285 $openssl_bin gendsa -des3 -out $gendsa_des3 \
286 -passout pass:$key_pass $dsaparam512
287 check_exit_status $?
288
289 # RSA
290
291 start_message "genrsa - Superseded by genpkey."
292 genrsa_aes256=$key_dir/genrsa_aes256.pem
293 $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \
294 -passout pass:$key_pass 2048
295 check_exit_status $?
296
297 start_message "rsa"
298 $openssl_bin rsa -in $genrsa_aes256 -passin pass:$key_pass \
299 -check -text -out $genrsa_aes256.out
300 check_exit_status $?
301
302 start_message "rsautl - Superseded by pkeyutl."
303 rsautldat=$key_dir/rsautl.dat
304 rsautlsig=$key_dir/rsautl.sig
305 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $rsautldat
306
307 $openssl_bin rsautl -sign -in $rsautldat -inkey $genrsa_aes256 \
308 -passin pass:$key_pass -out $rsautlsig
309 check_exit_status $?
310
311 $openssl_bin rsautl -verify -in $rsautlsig -inkey $genrsa_aes256 \
312 -passin pass:$key_pass
313 check_exit_status $?
314
315 # EC
316
317 start_message "ecparam -list-curves"
318 $openssl_bin ecparam -list_curves
319 check_exit_status $?
320
321 # get all EC curves
322 ec_curves=`$openssl_bin ecparam -list_curves | grep ':' | cut -d ':' -f 1`
323
324 start_message "ecparam and ec"
325
326 for curve in $ec_curves ;
327 do
328 ecparam=$key_dir/ecparam_$curve.pem
329
330 echo -n "ec - $curve ... ecparam ... "
331 $openssl_bin ecparam -out $ecparam -name $curve -genkey \
332 -param_enc explicit -conv_form compressed -C
333 check_exit_status $?
334
335 echo -n "ec ... "
336 $openssl_bin ec -in $ecparam -text \
337 -out $ecparam.out 2> /dev/null
338 check_exit_status $?
339 done
340
341 # PKEY
342
343 start_message "genpkey"
344
345 # DH by GENPKEY
346
347 genpkey_dh_param=$key_dir/genpkey_dh_param.pem
348 $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \
349 -pkeyopt dh_paramgen_prime_len:1024
350 check_exit_status $?
351
352 genpkey_dh=$key_dir/genpkey_dh.pem
353 $openssl_bin genpkey -paramfile $genpkey_dh_param -out $genpkey_dh
354 check_exit_status $?
355
356 # DSA by GENPKEY
357
358 genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem
359 $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \
360 -pkeyopt dsa_paramgen_bits:1024
361 check_exit_status $?
362
363 genpkey_dsa=$key_dir/genpkey_dsa.pem
364 $openssl_bin genpkey -paramfile $genpkey_dsa_param -out $genpkey_dsa
365 check_exit_status $?
366
367 # RSA by GENPKEY
368
369 genpkey_rsa=$key_dir/genpkey_rsa.pem
370 $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \
371 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
372 check_exit_status $?
373
374 genpkey_rsa_pss=$key_dir/genpkey_rsa_pss.pem
375 $openssl_bin genpkey -algorithm RSA-PSS -out $genpkey_rsa_pss \
376 -pkeyopt rsa_keygen_bits:2048 \
377 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 \
378 -pkeyopt rsa_pss_keygen_md:sha256 \
379 -pkeyopt rsa_pss_keygen_saltlen:32
380 check_exit_status $?
381
382 # EC by GENPKEY
383
384 genpkey_ec_param=$key_dir/genpkey_ec_param.pem
385 $openssl_bin genpkey -genparam -algorithm EC -out $genpkey_ec_param \
386 -pkeyopt ec_paramgen_curve:secp384r1
387 check_exit_status $?
388
389 genpkey_ec=$key_dir/genpkey_ec.pem
390 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec
391 check_exit_status $?
392
393 genpkey_ec_2=$key_dir/genpkey_ec_2.pem
394 $openssl_bin genpkey -paramfile $genpkey_ec_param -out $genpkey_ec_2
395 check_exit_status $?
396
397 start_message "pkeyparam"
398
399 $openssl_bin pkeyparam -in $genpkey_dh_param -text \
400 -out $genpkey_dh_param.out
401 check_exit_status $?
402
403 $openssl_bin pkeyparam -in $genpkey_dsa_param -text \
404 -out $genpkey_dsa_param.out
405 check_exit_status $?
406
407 $openssl_bin pkeyparam -in $genpkey_ec_param -text \
408 -out $genpkey_ec_param.out
409 check_exit_status $?
410
411 start_message "pkey"
412
413 $openssl_bin pkey -in $genpkey_dh -pubout -out $genpkey_dh.pub \
414 -text_pub
415 check_exit_status $?
416
417 $openssl_bin pkey -in $genpkey_dsa -pubout -out $genpkey_dsa.pub \
418 -text_pub
419 check_exit_status $?
420
421 $openssl_bin pkey -in $genpkey_rsa -pubout -out $genpkey_rsa.pub \
422 -text_pub
423 check_exit_status $?
424
425 $openssl_bin pkey -in $genpkey_ec -pubout -out $genpkey_ec.pub \
426 -text_pub
427 check_exit_status $?
428
429 $openssl_bin pkey -in $genpkey_ec_2 -pubout -out $genpkey_ec_2.pub \
430 -text_pub
431 check_exit_status $?
432
433 start_message "pkeyutl"
434
435 pkeyutldat=$key_dir/pkeyutl.dat
436 pkeyutlsig=$key_dir/pkeyutl.sig
437 echo "abcdefghijklmnopqrstuvwxyz1234567890" > $pkeyutldat
438
439 $openssl_bin pkeyutl -sign -in $pkeyutldat -inkey $genpkey_rsa \
440 -out $pkeyutlsig
441 check_exit_status $?
442
443 $openssl_bin pkeyutl -verify -in $pkeyutldat -sigfile $pkeyutlsig \
444 -inkey $genpkey_rsa
445 check_exit_status $?
446
447 $openssl_bin pkeyutl -verifyrecover -in $pkeyutlsig -inkey $genpkey_rsa
448 check_exit_status $?
449
450 pkeyutlenc=$key_dir/pkeyutl.enc
451 pkeyutldec=$key_dir/pkeyutl.dec
452
453 $openssl_bin pkeyutl -encrypt -in $pkeyutldat \
454 -pubin -inkey $genpkey_rsa.pub -out $pkeyutlenc
455 check_exit_status $?
456
457 $openssl_bin pkeyutl -decrypt -in $pkeyutlenc \
458 -inkey $genpkey_rsa -out $pkeyutldec
459 check_exit_status $?
460
461 diff $pkeyutldat $pkeyutldec
462 check_exit_status $?
463
464 pkeyutl_rsa_oaep_enc=$key_dir/pkeyutl_rsa_oaep.enc
465 pkeyutl_rsa_oaep_dec=$key_dir/pkeyutl_rsa_oaep.dec
466
467 $openssl_bin pkeyutl -encrypt -in $pkeyutldat \
468 -inkey $genpkey_rsa \
469 -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 \
470 -pkeyopt rsa_oaep_label:0011223344556677 \
471 -out $pkeyutl_rsa_oaep_enc
472 check_exit_status $?
473
474 $openssl_bin pkeyutl -decrypt -in $pkeyutl_rsa_oaep_enc \
475 -inkey $genpkey_rsa \
476 -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 \
477 -pkeyopt rsa_oaep_label:0011223344556677 \
478 -out $pkeyutl_rsa_oaep_dec
479 check_exit_status $?
480
481 diff $pkeyutldat $pkeyutl_rsa_oaep_dec
482 check_exit_status $?
483
484 pkeyutlsc1=$key_dir/pkeyutl.sc1
485 pkeyutlsc2=$key_dir/pkeyutl.sc2
486
487 $openssl_bin pkeyutl -derive -inkey $genpkey_ec \
488 -peerkey $genpkey_ec_2.pub -out $pkeyutlsc1 -hexdump
489 check_exit_status $?
490
491 $openssl_bin pkeyutl -derive -inkey $genpkey_ec_2 \
492 -peerkey $genpkey_ec.pub -out $pkeyutlsc2 -hexdump
493 check_exit_status $?
494
495 diff $pkeyutlsc1 $pkeyutlsc2
496 check_exit_status $?
497}
498
499function test_pki {
500 section_message "setup local CA"
501
502 #
503 # prepare test openssl.cnf
504 #
505
506 cat << __EOF__ > $ssldir/openssl.cnf
507oid_section = new_oids
508[ new_oids ]
509tsa_policy1 = 1.2.3.4.1
510tsa_policy2 = 1.2.3.4.5.6
511tsa_policy3 = 1.2.3.4.5.7
512[ ca ]
513default_ca = CA_default
514[ CA_default ]
515dir = ./$ca_dir
516crl_dir = \$dir/crl
517database = \$dir/index.txt
518new_certs_dir = \$dir/newcerts
519serial = \$dir/serial
520crlnumber = \$dir/crlnumber
521default_days = 1
522default_md = default
523policy = policy_match
524[ policy_match ]
525countryName = match
526stateOrProvinceName = match
527organizationName = match
528organizationalUnitName = optional
529commonName = supplied
530emailAddress = optional
531[ req ]
532distinguished_name = req_distinguished_name
533[ req_distinguished_name ]
534countryName = Country Name
535countryName_default = JP
536countryName_min = 2
537countryName_max = 2
538stateOrProvinceName = State or Province Name
539stateOrProvinceName_default = Tokyo
540organizationName = Organization Name
541organizationName_default = TEST_DUMMY_COMPANY
542commonName = Common Name
543[ tsa ]
544default_tsa = tsa_config1
545[ tsa_config1 ]
546dir = ./$tsa_dir
547serial = \$dir/serial
548crypto_device = builtin
549digests = sha1, sha256, sha384, sha512
550default_policy = tsa_policy1
551other_policies = tsa_policy2, tsa_policy3
552[ tsa_ext ]
553keyUsage = critical,nonRepudiation
554extendedKeyUsage = critical,timeStamping
555[ ocsp_ext ]
556basicConstraints = CA:FALSE
557keyUsage = nonRepudiation,digitalSignature,keyEncipherment
558extendedKeyUsage = OCSPSigning
559__EOF__
560
561 #---------#---------#---------#---------#---------#---------#---------
562
563 #
564 # setup test CA
565 #
566
567 mkdir -p $ca_dir
568 mkdir -p $tsa_dir
569 mkdir -p $ocsp_dir
570 mkdir -p $server_dir
571
572 mkdir -p $ca_dir/certs
573 mkdir -p $ca_dir/private
574 mkdir -p $ca_dir/crl
575 mkdir -p $ca_dir/newcerts
576 chmod 700 $ca_dir/private
577 echo "01" > $ca_dir/serial
578 touch $ca_dir/index.txt
579 touch $ca_dir/crlnumber
580 echo "01" > $ca_dir/crlnumber
581
582 #
583 # setup test TSA
584 #
585 mkdir -p $tsa_dir/private
586 chmod 700 $tsa_dir/private
587 echo "01" > $tsa_dir/serial
588 touch $tsa_dir/index.txt
589
590 #
591 # setup test OCSP
592 #
593 mkdir -p $ocsp_dir/private
594 chmod 700 $ocsp_dir/private
595
596 #---------#---------#---------#---------#---------#---------#---------
597
598 # --- CA initiate (generate CA key and cert) ---
599
600 start_message "req ... generate CA key and self signed cert"
601
602 ca_cert=$ca_dir/ca_cert.pem
603 ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass
604
605 if [ $mingw = 0 ] ; then
606 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testCA.test_dummy.com/'
607 else
608 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testCA.test_dummy.com\'
609 fi
610
611 $openssl_bin req -new -x509 -batch -newkey rsa:2048 \
612 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 \
613 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
614 -config $ssldir/openssl.cnf -verbose \
615 -subj $subj -days 1 -set_serial 1 -multivalue-rdn \
616 -keyout $ca_key -passout pass:$ca_pass \
617 -out $ca_cert -outform pem
618 check_exit_status $?
619
620 #---------#---------#---------#---------#---------#---------#---------
621
622 # --- TSA initiate (generate TSA key and cert) ---
623
624 start_message "req ... generate TSA key and cert"
625
626 # generate CSR for TSA
627
628 tsa_csr=$tsa_dir/tsa_csr.pem
629 tsa_key=$tsa_dir/private/tsa_key.pem
630 tsa_pass=test-tsa-pass
631
632 if [ $mingw = 0 ] ; then
633 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testTSA.test_dummy.com/'
634 else
635 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
636 fi
637
638 $openssl_bin req -new -keyout $tsa_key -out $tsa_csr \
639 -passout pass:$tsa_pass -subj $subj -asn1-kludge
640 check_exit_status $?
641
642 start_message "ca ... sign by CA with TSA extensions"
643
644 tsa_cert=$tsa_dir/tsa_cert.pem
645
646 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \
647 -key $ca_pass -config $ssldir/openssl.cnf -create_serial \
648 -policy policy_match -days 1 -md sha256 -extensions tsa_ext \
649 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
650 -multivalue-rdn -preserveDN -noemailDN \
651 -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext
652 check_exit_status $?
653
654 #---------#---------#---------#---------#---------#---------#---------
655
656 # --- OCSP initiate (generate OCSP key and cert) ---
657
658 start_message "req ... generate OCSP key and cert"
659
660 # generate CSR for OCSP
661
662 ocsp_csr=$ocsp_dir/ocsp_csr.pem
663 ocsp_key=$ocsp_dir/private/ocsp_key.pem
664
665 if [ $mingw = 0 ] ; then
666 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=testOCSP.test_dummy.com/'
667 else
668 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\'
669 fi
670
671 $openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \
672 -subj $subj -no-asn1-kludge
673 check_exit_status $?
674
675 start_message "ca ... sign by CA with OCSP extensions"
676
677 ocsp_cert=$ocsp_dir/ocsp_cert.pem
678
679 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \
680 -key $ca_pass -out $ocsp_cert -extensions ocsp_ext \
681 -startdate `date -u '+%y%m%d%H%M%SZ'` -enddate 491223235959Z \
682 -subj $subj -infiles $ocsp_csr
683 check_exit_status $?
684
685 #---------#---------#---------#---------#---------#---------#---------
686
687 # --- server-admin operations (generate server key and csr) ---
688 section_message "server-admin operations (generate server key and csr)"
689
690 server_key=$server_dir/server_key.pem
691 server_csr=$server_dir/server_csr.pem
692 server_pass=test-server-pass
693
694 if [ $mingw = 0 ] ; then
695 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=localhost.test_dummy.com/'
696 else
697 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=localhost.test_dummy.com\'
698 fi
699
700 start_message "genrsa ... generate server key#1"
701
702 $openssl_bin genrsa -aes256 -passout pass:$server_pass -out $server_key
703 check_exit_status $?
704
705 start_message "req ... generate server csr#1"
706
707 $openssl_bin req -new -subj $subj -sha256 \
708 -key $server_key -keyform pem -passin pass:$server_pass \
709 -addext 'subjectAltName = DNS:localhost.test_dummy.com' \
710 -out $server_csr -outform pem
711 check_exit_status $?
712
713 start_message "req ... verify server csr#1"
714
715 $openssl_bin req -verify -in $server_csr -inform pem \
716 -newhdr -noout -pubkey -subject -modulus -text \
717 -nameopt multiline -reqopt compatible \
718 -out $server_csr.verify.out
719 check_exit_status $?
720
721 start_message "req ... generate server csr#2 (interactive mode)"
722
723 revoke_key=$server_dir/revoke_key.pem
724 revoke_csr=$server_dir/revoke_csr.pem
725 revoke_pass=test-revoke-pass
726
727 $openssl_bin req -new -keyout $revoke_key -out $revoke_csr \
728 -passout pass:$revoke_pass <<__EOF__
729JP
730Tokyo
731TEST_DUMMY_COMPANY
732revoke.test_dummy.com
733__EOF__
734 check_exit_status $?
735
736 #---------#---------#---------#---------#---------#---------#---------
737
738 # --- CA operations (issue cert for server) ---
739 section_message "CA operations (issue cert for server)"
740
741 start_message "ca ... issue cert for server csr#1"
742
743 server_cert=$server_dir/server_cert.pem
744 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
745 -in $server_csr -out $server_cert
746 check_exit_status $?
747
748 start_message "x509 ... issue cert for server csr#2"
749
750 revoke_cert=$server_dir/revoke_cert.pem
751 $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAform pem \
752 -CAkey $ca_key -CAkeyform pem \
753 -CAserial $ca_dir/serial -set_serial 10 \
754 -passin pass:$ca_pass -CAcreateserial -out $revoke_cert
755 check_exit_status $?
756
757 #---------#---------#---------#---------#---------#---------#---------
758
759 # --- CA operations (revoke cert and generate crl) ---
760 section_message "CA operations (revoke cert and generate crl)"
761
762 start_message "ca ... revoke server cert#2"
763 crl_file=$ca_dir/crl.pem
764 $openssl_bin ca -gencrl -out $crl_file -revoke $revoke_cert \
765 -config $ssldir/openssl.cnf -name CA_default \
766 -crldays 30 -crlhours 12 -crlsec 30 -updatedb \
767 -crl_reason unspecified -crl_hold 1.2.840.10040.2.2 \
768 -crl_compromise `date -u '+%Y%m%d%H%M%SZ'` \
769 -crl_CA_compromise `date -u '+%Y%m%d%H%M%SZ'` \
770 -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert
771 check_exit_status $?
772
773 start_message "ca ... show certificate status by serial number"
774 $openssl_bin ca -config $ssldir/openssl.cnf -status 1
775
776 start_message "crl ... CA generates CRL"
777 $openssl_bin crl -in $crl_file -fingerprint
778 check_exit_status $?
779
780 crl_p7=$ca_dir/crl.p7
781 start_message "crl2pkcs7 ... convert CRL to pkcs7"
782 $openssl_bin crl2pkcs7 -in $crl_file -certfile $ca_cert -out $crl_p7
783 check_exit_status $?
784
785 #---------#---------#---------#---------#---------#---------#---------
786
787 # --- server-admin operations (check csr, verify cert, certhash) ---
788 section_message "server-admin operations (check csr, verify cert, certhash)"
789
790 start_message "asn1parse ... parse server csr#1"
791 $openssl_bin asn1parse -in $server_csr -i -dlimit 100 -length 1000 \
792 -strparse 01 > $server_csr.asn1parse.out
793 check_exit_status $?
794
795 start_message "verify ... server cert#1"
796 $openssl_bin verify -verbose -CAfile $ca_cert -CRLfile $crl_file \
797 -crl_check -issuer_checks -purpose sslserver $server_cert
798 check_exit_status $?
799
800 start_message "x509 ... get detail info about server cert#1"
801 $openssl_bin x509 -in $server_cert -text -C -dates -startdate -enddate \
802 -fingerprint -issuer -issuer_hash -issuer_hash_old \
803 -subject -hash -subject_hash -subject_hash_old -ocsp_uri \
804 -ocspid -modulus -pubkey -serial -email -noout -trustout \
805 -alias -clrtrust -clrreject -next_serial -checkend 3600 \
806 -nameopt multiline -certopt compatible > $server_cert.x509.out
807 check_exit_status $?
808
809 if [ $mingw = 0 ] ; then
810 start_message "certhash"
811 $openssl_bin certhash -v $server_dir
812 check_exit_status $?
813 fi
814
815 # self signed
816 start_message "x509 ... generate self signed server cert"
817 server_self_cert=$server_dir/server_self_cert.pem
818 $openssl_bin x509 -in $server_cert -signkey $server_key -keyform pem \
819 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:8 \
820 -passin pass:$server_pass -out $server_self_cert -days 1
821 check_exit_status $?
822
823 #---------#---------#---------#---------#---------#---------#---------
824
825 # --- Netscape SPKAC operations ---
826 section_message "Netscape SPKAC operations"
827
828 # server-admin generates SPKAC
829
830 start_message "spkac"
831 spkacfile=$server_dir/spkac.file
832
833 $openssl_bin spkac -key $genpkey_rsa -challenge hello -out $spkacfile
834 check_exit_status $?
835
836 $openssl_bin spkac -in $spkacfile -verify -out $spkacfile.out
837 check_exit_status $?
838
839 spkacreq=$server_dir/spkac.req
840 cat << __EOF__ > $spkacreq
841countryName = JP
842stateOrProvinceName = Tokyo
843organizationName = TEST_DUMMY_COMPANY
844commonName = spkac.test_dummy.com
845__EOF__
846 cat $spkacfile >> $spkacreq
847
848 # CA signs SPKAC
849 start_message "ca ... CA signs SPKAC csr"
850 spkaccert=$server_dir/spkac.cert
851 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
852 -spkac $spkacreq -out $spkaccert
853 check_exit_status $?
854
855 start_message "x509 ... convert DER format SPKAC cert to PEM"
856 spkacpem=$server_dir/spkac.pem
857 $openssl_bin x509 -in $spkaccert -inform DER -out $spkacpem -outform PEM
858 check_exit_status $?
859
860 # server-admin cert verify
861
862 start_message "nseq"
863 $openssl_bin nseq -in $spkacpem -toseq -out $spkacpem.nseq
864 check_exit_status $?
865
866 #---------#---------#---------#---------#---------#---------#---------
867
868 # --- user1 operations (generate user1 key and csr) ---
869 section_message "user1 operations (generate user1 key and csr)"
870
871 # trust
872 start_message "x509 ... trust testCA cert"
873 user1_trust=$user1_dir/user1_trust_ca.pem
874 $openssl_bin x509 -in $ca_cert -addtrust clientAuth \
875 -setalias "trusted testCA" -purpose -out $user1_trust
876 check_exit_status $?
877
878 start_message "req ... generate private key and csr for user1"
879
880 user1_key=$user1_dir/user1_key.pem
881 user1_csr=$user1_dir/user1_csr.pem
882 user1_pass=test-user1-pass
883
884 if [ $mingw = 0 ] ; then
885 subj='/C=JP/ST=Tokyo/O=TEST_DUMMY_COMPANY/CN=user1.test_dummy.com/'
886 else
887 subj='//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=user1.test_dummy.com\'
888 fi
889
890 $openssl_bin req -new -keyout $user1_key -out $user1_csr \
891 -passout pass:$user1_pass -subj $subj
892 check_exit_status $?
893
894 #---------#---------#---------#---------#---------#---------#---------
895
896 # --- CA operations (issue cert for user1) ---
897 section_message "CA operations (issue cert for user1)"
898
899 start_message "ca ... issue cert for user1"
900
901 user1_cert=$user1_dir/user1_cert.pem
902 $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
903 -in $user1_csr -out $user1_cert
904 check_exit_status $?
905}
906
907function test_tsa {
908 # --- TSA operations ---
909 section_message "TSA operations"
910
911 tsa_dat=$user1_dir/tsa.dat
912 cat << __EOF__ > $tsa_dat
913Hello Bob,
914Sincerely yours
915Alice
916__EOF__
917
918 # Query
919 start_message "ts ... create time stamp request"
920
921 tsa_tsq=$user1_dir/tsa.tsq
922
923 $openssl_bin ts -query -sha1 -data $tsa_dat -no_nonce -out $tsa_tsq
924 check_exit_status $?
925
926 start_message "ts ... print time stamp request"
927
928 $openssl_bin ts -query -in $tsa_tsq -text
929 check_exit_status $?
930
931 # Reply
932 start_message "ts ... create time stamp response for a request"
933
934 tsa_tsr=$user1_dir/tsa.tsr
935
936 $openssl_bin ts -reply -queryfile $tsa_tsq -inkey $tsa_key \
937 -passin pass:$tsa_pass -signer $tsa_cert -chain $ca_cert \
938 -config $ssldir/openssl.cnf -section tsa_config1 -cert \
939 -policy 1.3.6.1.4.1.4146.2.3 -out $tsa_tsr
940 check_exit_status $?
941
942 # Verify
943 start_message "ts ... verify time stamp response"
944
945 $openssl_bin ts -verify -queryfile $tsa_tsq -in $tsa_tsr \
946 -CAfile $ca_cert -untrusted $tsa_cert
947 check_exit_status $?
948}
949
950function test_cms {
951 # --- CMS operations ---
952 section_message "CMS operations"
953
954 cms_txt=$user1_dir/cms.txt
955 cms_sig=$user1_dir/cms.sig
956 cms_enc=$user1_dir/cms.enc
957 cms_dec=$user1_dir/cms.dec
958 cms_sgr=$user1_dir/cms.sgr
959 cms_ver=$user1_dir/cms.ver
960
961 cat << __EOF__ > $cms_txt
962Hello Bob,
963Sincerely yours
964Alice
965__EOF__
966
967 # sign
968 start_message "cms ... sign to message"
969
970 $openssl_bin cms -sign -in $cms_txt -text \
971 -out $cms_sig -outform smime \
972 -signer $user1_cert -inkey $user1_key -keyform pem \
973 -passin pass:$user1_pass -md sha256 \
974 -from user1@test_dummy.com -to server@test_dummy.com \
975 -subject "test openssl cms"
976 check_exit_status $?
977
978 # encrypt
979 start_message "cms ... encrypt message"
980
981 $openssl_bin cms -encrypt -aes256 -binary -in $cms_sig -inform smime \
982 -out $cms_enc $server_cert
983 check_exit_status $?
984
985 # decrypt
986 start_message "cms ... decrypt message"
987
988 $openssl_bin cms -decrypt -in $cms_enc -out $cms_dec \
989 -recip $server_cert -inkey $server_key -passin pass:$server_pass
990 check_exit_status $?
991
992 # verify
993 start_message "cms ... verify message"
994
995 $openssl_bin cms -verify -in $cms_dec \
996 -CAfile $ca_cert -certfile $user1_cert -nointern \
997 -check_ss_sig -issuer_checks -policy_check -x509_strict \
998 -signer $cms_sgr -text -out $cms_ver
999 check_exit_status $?
1000
1001 diff -b $cms_ver $cms_txt
1002 check_exit_status $?
1003}
1004
1005function test_smime {
1006 # --- S/MIME operations ---
1007 section_message "S/MIME operations"
1008
1009 smime_txt=$user1_dir/smime.txt
1010 smime_enc=$user1_dir/smime.enc
1011 smime_sig=$user1_dir/smime.sig
1012 smime_p7o=$user1_dir/smime.p7o
1013 smime_sgr=$user1_dir/smime.sgr
1014 smime_ver=$user1_dir/smime.ver
1015 smime_dec=$user1_dir/smime.dec
1016
1017 cat << __EOF__ > $smime_txt
1018Hello Bob,
1019Sincerely yours
1020Alice
1021__EOF__
1022
1023 # encrypt
1024 start_message "smime ... encrypt message"
1025
1026 $openssl_bin smime -encrypt -aes256 -binary -in $smime_txt \
1027 -out $smime_enc $server_cert
1028 check_exit_status $?
1029
1030 # sign
1031 start_message "smime ... sign to message"
1032
1033 $openssl_bin smime -sign -in $smime_enc -text -inform smime \
1034 -out $smime_sig -outform smime \
1035 -signer $user1_cert -inkey $user1_key -keyform pem \
1036 -passin pass:$user1_pass -md sha256 \
1037 -from user1@test_dummy.com -to server@test_dummy.com \
1038 -subject "test openssl smime"
1039 check_exit_status $?
1040
1041 # pk7out
1042 start_message "smime ... pk7out from message"
1043
1044 $openssl_bin smime -pk7out -in $smime_sig -out $smime_p7o
1045 check_exit_status $?
1046
1047 # verify
1048 start_message "smime ... verify message"
1049
1050 $openssl_bin smime -verify -in $smime_sig \
1051 -CAfile $ca_cert -certfile $user1_cert -nointern \
1052 -check_ss_sig -issuer_checks -policy_check -x509_strict \
1053 -signer $smime_sgr -text -out $smime_ver
1054 check_exit_status $?
1055
1056 # decrypt
1057 start_message "smime ... decrypt message"
1058
1059 $openssl_bin smime -decrypt -in $smime_ver -out $smime_dec \
1060 -recip $server_cert -inkey $server_key -passin pass:$server_pass
1061 check_exit_status $?
1062
1063 diff $smime_dec $smime_txt
1064 check_exit_status $?
1065}
1066
1067function test_ocsp {
1068 # --- OCSP operations ---
1069 section_message "OCSP operations"
1070
1071 # get key without pass
1072 user1_key_nopass=$user1_dir/user1_key_nopass.pem
1073 $openssl_bin pkey -in $user1_key -passin pass:$user1_pass \
1074 -out $user1_key_nopass
1075 check_exit_status $?
1076
1077 # request
1078 start_message "ocsp ... create OCSP request"
1079
1080 ocsp_req=$user1_dir/ocsp_req.der
1081 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
1082 -cert $revoke_cert -serial 1 -nonce -no_certs -CAfile $ca_cert \
1083 -signer $user1_cert -signkey $user1_key_nopass \
1084 -sign_other $user1_cert -sha256 \
1085 -reqout $ocsp_req -req_text -out $ocsp_req.out
1086 check_exit_status $?
1087
1088 # response
1089 start_message "ocsp ... create OCPS response for a request"
1090
1091 ocsp_res=$user1_dir/ocsp_res.der
1092 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
1093 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
1094 -reqin $ocsp_req -rother $ocsp_cert -resp_no_certs -noverify \
1095 -nmin 60 -validity_period 300 -status_age 300 \
1096 -respout $ocsp_res -resp_text -out $ocsp_res.out
1097 check_exit_status $?
1098
1099 # ocsp server
1100 start_message "ocsp ... start OCSP server in background"
1101
1102 ocsp_port=8888
1103
1104 ocsp_svr_log=$user1_dir/ocsp_svr.log
1105 $openssl_bin ocsp -index $ca_dir/index.txt -CA $ca_cert \
1106 -CAfile $ca_cert -rsigner $ocsp_cert -rkey $ocsp_key \
1107 -host localhost -port $ocsp_port -path / -ndays 1 -nrequest 1 \
1108 -resp_key_id -text -out $ocsp_svr_log &
1109 check_exit_status $?
1110 ocsp_svr_pid=$!
1111 echo "ocsp server pid = [ $ocsp_svr_pid ]"
1112 sleep 1
1113
1114 # send query to ocsp server
1115 start_message "ocsp ... send OCSP request to server"
1116
1117 ocsp_qry=$user1_dir/ocsp_qry.der
1118 $openssl_bin ocsp -issuer $ca_cert -cert $server_cert \
1119 -cert $revoke_cert -CAfile $ca_cert -no_nonce \
1120 -url http://localhost:$ocsp_port -timeout 10 -text \
1121 -header Host localhost \
1122 -respout $ocsp_qry -out $ocsp_qry.out
1123 check_exit_status $?
1124
1125 # verify response from server
1126 start_message "ocsp ... verify OCSP response from server"
1127
1128 $openssl_bin ocsp -respin $ocsp_qry -CAfile $ca_cert \
1129 -ignore_err -no_signature_verify -no_cert_verify -no_chain \
1130 -no_cert_checks -no_explicit -trust_other -no_intern \
1131 -verify_other $ocsp_cert -VAfile $ocsp_cert
1132 check_exit_status $?
1133}
1134
1135function test_pkcs {
1136 # --- PKCS operations ---
1137 section_message "PKCS operations"
1138
1139 pkcs_pass=test-pkcs-pass
1140
1141 start_message "pkcs7 ... output certs in crl(pkcs7)"
1142 $openssl_bin pkcs7 -in $crl_p7 -print_certs -text -out $crl_p7.out
1143 check_exit_status $?
1144
1145 start_message "pkcs8 ... convert key to pkcs8"
1146 $openssl_bin pkcs8 -in $user1_key -topk8 -out $user1_key.p8 \
1147 -passin pass:$user1_pass -passout pass:$user1_pass \
1148 -v1 pbeWithSHA1AndDES-CBC -v2 des3
1149 check_exit_status $?
1150
1151 start_message "pkcs8 ... convert pkcs8 to key in DER format"
1152 $openssl_bin pkcs8 -in $user1_key.p8 -passin pass:$user1_pass \
1153 -outform DER -out $user1_key.p8.der
1154 check_exit_status $?
1155
1156 start_message "pkcs12 ... create"
1157 $openssl_bin pkcs12 -export -in $server_cert -inkey $server_key \
1158 -passin pass:$server_pass -certfile $ca_cert -CAfile $ca_cert \
1159 -caname "caname_server_p12" \
1160 -certpbe AES-256-CBC -keypbe AES-256-CBC -chain \
1161 -name "name_server_p12" -des3 -maciter -macalg sha256 \
1162 -CSP "csp_server_p12" -LMK -keyex \
1163 -passout pass:$pkcs_pass -out $server_cert.p12
1164 check_exit_status $?
1165
1166 start_message "pkcs12 ... verify"
1167 $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \
1168 -noout
1169 check_exit_status $?
1170
1171 start_message "pkcs12 ... private key to PEM without encryption"
1172 $openssl_bin pkcs12 -in $server_cert.p12 -password pass:$pkcs_pass \
1173 -nocerts -nomacver -nodes -out $server_cert.p12.pem
1174 check_exit_status $?
1175}
1176
1177function test_server_client {
1178 # --- client/server operations (TLS) ---
1179 section_message "client/server operations (TLS)"
1180
1181 s_id="$1"
1182 c_id="$2"
1183 sc="$1$2"
1184
1185 test_pause_sec=0.2
1186
1187 if [ $s_id = "0" ] ; then
1188 s_bin=$openssl_bin
1189 else
1190 s_bin=$other_openssl_bin
1191 fi
1192
1193 if [ $c_id = "0" ] ; then
1194 c_bin=$openssl_bin
1195 else
1196 c_bin=$other_openssl_bin
1197 fi
1198
1199 echo "s_server is [`$s_bin version`]"
1200 echo "s_client is [`$c_bin version`]"
1201
1202 host="localhost"
1203 port=4433
1204 sess_dat=$user1_dir/s_client_${sc}_sess.dat
1205 s_server_out=$server_dir/s_server_${sc}_tls.out
1206
1207 $s_bin version | grep 'OpenSSL 1.1.1' > /dev/null
1208 if [ $? -eq 0 ] ; then
1209 extra_opts="-4"
1210 else
1211 extra_opts=""
1212 fi
1213
1214 start_message "s_server ... start TLS/SSL test server"
1215 $s_bin s_server -accept $port -CAfile $ca_cert \
1216 -cert $server_cert -key $server_key -pass pass:$server_pass \
1217 -context "appstest.sh" -id_prefix "APPSTEST.SH" -crl_check \
1218 -alpn "http/1.1,spdy/3" -www -cipher ALL $extra_opts \
1219 -msg -tlsextdebug > $s_server_out 2>&1 &
1220 check_exit_status $?
1221 s_server_pid=$!
1222 echo "s_server pid = [ $s_server_pid ]"
1223 sleep 1
1224
1225 # protocol = TLSv1
1226
1227 s_client_out=$user1_dir/s_client_${sc}_tls_1_0.out
1228
1229 start_message "s_client ... connect to TLS/SSL test server by TLSv1"
1230 sleep $test_pause_sec
1231 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1232 -tls1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1233 check_exit_status $?
1234
1235 grep 'Protocol : TLSv1$' $s_client_out > /dev/null
1236 check_exit_status $?
1237
1238 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1239 check_exit_status $?
1240
1241 # protocol = TLSv1.1
1242
1243 s_client_out=$user1_dir/s_client_${sc}_tls_1_1.out
1244
1245 start_message "s_client ... connect to TLS/SSL test server by TLSv1.1"
1246 sleep $test_pause_sec
1247 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1248 -tls1_1 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1249 check_exit_status $?
1250
1251 grep 'Protocol : TLSv1\.1$' $s_client_out > /dev/null
1252 check_exit_status $?
1253
1254 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1255 check_exit_status $?
1256
1257 # protocol = TLSv1.2
1258
1259 s_client_out=$user1_dir/s_client_${sc}_tls_1_2.out
1260
1261 start_message "s_client ... connect to TLS/SSL test server by TLSv1.2"
1262 sleep $test_pause_sec
1263 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1264 -tls1_2 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1265 check_exit_status $?
1266
1267 grep 'Protocol : TLSv1\.2$' $s_client_out > /dev/null
1268 check_exit_status $?
1269
1270 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1271 check_exit_status $?
1272
1273 # all available ciphers with random order
1274
1275 s_ciph=$server_dir/s_ciph_${sc}
1276 if [ $s_id = "0" ] ; then
1277 $s_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $s_ciph
1278 else
1279 $s_bin ciphers -v | awk '{print $1}' > $s_ciph
1280 fi
1281
1282 c_ciph=$user1_dir/c_ciph_${sc}
1283 if [ $c_id = "0" ] ; then
1284 $c_bin ciphers -v ALL:!ECDSA:!kGOST | awk '{print $1}' > $c_ciph
1285 else
1286 $c_bin ciphers -v | awk '{print $1}' > $c_ciph
1287 fi
1288
1289 ciphers=$user1_dir/ciphers_${sc}
1290 grep -x -f $s_ciph $c_ciph | sort -R > $ciphers
1291
1292 cnum=0
1293 for c in `cat $ciphers` ; do
1294 cnum=`expr $cnum + 1`
1295 cnstr=`printf %03d $cnum`
1296 s_client_out=$user1_dir/s_client_${sc}_tls_${cnstr}_${c}.out
1297
1298 start_message "s_client ... connect to TLS/SSL test server with [ $cnstr ] $c"
1299 sleep $test_pause_sec
1300 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1301 -cipher $c \
1302 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1303 check_exit_status $?
1304
1305 grep "Cipher : $c" $s_client_out > /dev/null
1306 check_exit_status $?
1307
1308 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1309 check_exit_status $?
1310 done
1311
1312 # Get session ticket to reuse
1313
1314 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_1.out
1315
1316 start_message "s_client ... connect to TLS/SSL test server to get session id"
1317 sleep $test_pause_sec
1318 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1319 -alpn "spdy/3,http/1.1" -sess_out $sess_dat \
1320 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1321 check_exit_status $?
1322
1323 grep '^New, TLS.*$' $s_client_out > /dev/null
1324 check_exit_status $?
1325
1326 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1327 check_exit_status $?
1328
1329 # Reuse session ticket
1330
1331 s_client_out=$user1_dir/s_client_${sc}_tls_reuse_2.out
1332
1333 start_message "s_client ... connect to TLS/SSL test server reusing session id"
1334 sleep $test_pause_sec
1335 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1336 -sess_in $sess_dat \
1337 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1338 check_exit_status $?
1339
1340 grep '^Reused, TLS.*$' $s_client_out > /dev/null
1341 check_exit_status $?
1342
1343 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1344 check_exit_status $?
1345
1346 # invalid verification pattern
1347
1348 s_client_out=$user1_dir/s_client_${sc}_tls_invalid.out
1349
1350 start_message "s_client ... connect to TLS/SSL test server but verify error"
1351 sleep $test_pause_sec
1352 $c_bin s_client -connect $host:$port -CAfile $ca_cert \
1353 -showcerts -crl_check -issuer_checks -policy_check \
1354 -msg -tlsextdebug < /dev/null > $s_client_out 2>&1
1355 check_exit_status $?
1356
1357 grep 'Verify return code: 0 (ok)' $s_client_out > /dev/null
1358 if [ $? -eq 0 ] ; then
1359 check_exit_status 1
1360 else
1361 check_exit_status 0
1362 fi
1363
1364 # s_time
1365 start_message "s_time ... connect to TLS/SSL test server"
1366 $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2
1367 check_exit_status $?
1368
1369 # sess_id
1370 start_message "sess_id"
1371 $c_bin sess_id -in $sess_dat -text -out $sess_dat.out
1372 check_exit_status $?
1373
1374 stop_s_server
1375}
1376
1377function test_speed {
1378 # === PERFORMANCE ===
1379 section_message "PERFORMANCE"
1380
1381 if [ $no_long_tests = 0 ] ; then
1382 start_message "speed"
1383 $openssl_bin speed sha512 rsa2048 -multi 2 -elapsed
1384 check_exit_status $?
1385 else
1386 start_message "SKIPPING speed (quick mode)"
1387 fi
1388}
1389
1390function test_version {
1391 # --- VERSION INFORMATION ---
1392 section_message "VERSION INFORMATION"
1393
1394 start_message "version"
1395 $openssl_bin version -a
1396 check_exit_status $?
1397}
1398
1399#---------#---------#---------#---------#---------#---------#---------#---------
1400
1401openssl_bin=${OPENSSL:-/usr/bin/openssl}
1402other_openssl_bin=${OTHER_OPENSSL:-/usr/local/bin/eopenssl}
1403
1404interop_tests=0
1405no_long_tests=0
1406
1407while [ "$1" != "" ]; do
1408 case $1 in
1409 -i | --interop) shift
1410 interop_tests=1
1411 ;;
1412 -q | --quick ) shift
1413 no_long_tests=1
1414 ;;
1415 * ) usage
1416 exit 1
1417 esac
1418done
1419
1420if [ ! -x $openssl_bin ] ; then
1421 echo ":-< \$OPENSSL [$openssl_bin] is not executable."
1422 exit 1
1423fi
1424
1425if [ $interop_tests = 1 -a ! -x $other_openssl_bin ] ; then
1426 echo ":-< \$OTHER_OPENSSL [$other_openssl_bin] is not executable."
1427 exit 1
1428fi
1429
1430#
1431# create ssldir, and all files generated by this script goes under this dir.
1432#
1433ssldir="appstest_dir"
1434
1435if [ -d $ssldir ] ; then
1436 echo "directory [ $ssldir ] exists, this script deletes this directory ..."
1437 /bin/rm -rf $ssldir
1438fi
1439
1440mkdir -p $ssldir
1441
1442ca_dir=$ssldir/testCA
1443tsa_dir=$ssldir/testTSA
1444ocsp_dir=$ssldir/testOCSP
1445server_dir=$ssldir/server
1446user1_dir=$ssldir/user1
1447mkdir -p $user1_dir
1448key_dir=$ssldir/key
1449mkdir -p $key_dir
1450
1451export OPENSSL_CONF=$ssldir/openssl.cnf
1452touch $OPENSSL_CONF
1453
1454uname_s=`uname -s | grep 'MINGW'`
1455if [ "$uname_s" = "" ] ; then
1456 mingw=0
1457else
1458 mingw=1
1459fi
1460
1461#
1462# process tests
1463#
1464test_usage_lists_others
1465test_md
1466test_encoding_cipher
1467test_key
1468test_pki
1469test_tsa
1470test_cms
1471test_smime
1472test_ocsp
1473test_pkcs
1474test_server_client 0 0
1475if [ $interop_tests = 1 ] ; then
1476 test_server_client 0 1
1477 test_server_client 1 0
1478fi
1479test_speed
1480test_version
1481
1482section_message "END"
1483
1484exit 0
1485
diff --git a/src/regress/usr.bin/openssl/openssl.cnf b/src/regress/usr.bin/openssl/openssl.cnf
deleted file mode 100644
index 4490810058..0000000000
--- a/src/regress/usr.bin/openssl/openssl.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1# $OpenBSD: openssl.cnf,v 1.2 2015/09/16 01:39:05 lteo Exp $
2
3#
4# SSLeay example configuration file.
5# This is mostly being used for generation of certificate requests.
6#
7# hacked by iang to do DSA certs - Server
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CA
17countryName_value = CA
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Shake it Vera
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Wastelandus
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Maximus
27
diff --git a/src/regress/usr.bin/openssl/options/Makefile b/src/regress/usr.bin/openssl/options/Makefile
deleted file mode 100644
index ba3857ad39..0000000000
--- a/src/regress/usr.bin/openssl/options/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2014/12/28 14:01:33 jsing Exp $
2
3PROG= optionstest
4SRCS= optionstest.c
5
6LDADD= -lcrypto -lssl
7DPADD= ${LIBCRYPTO} ${LIBSSL}
8
9OSSLSRC= ${.CURDIR}/../../../../usr.bin/openssl/
10CFLAGS+= -I${OSSLSRC}
11
12.PATH: ${OSSLSRC}
13SRCS+= apps.c
14
15CFLAGS+= -Werror
16
17.include <bsd.regress.mk>
diff --git a/src/regress/usr.bin/openssl/options/optionstest.c b/src/regress/usr.bin/openssl/options/optionstest.c
deleted file mode 100644
index 17c2e1af78..0000000000
--- a/src/regress/usr.bin/openssl/options/optionstest.c
+++ /dev/null
@@ -1,380 +0,0 @@
1/* $OpenBSD: optionstest.c,v 1.9 2017/04/16 14:40:47 kettenis Exp $ */
2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19#include <stdlib.h>
20#include <string.h>
21
22#include <openssl/bio.h>
23#include <openssl/conf.h>
24
25#include "apps.h"
26
27/* Needed to keep apps.c happy... */
28BIO *bio_err;
29CONF *config;
30
31static int argfunc(char *arg);
32static int defaultarg(int argc, char **argv, int *argsused);
33static int multiarg(int argc, char **argv, int *argsused);
34
35static struct {
36 char *arg;
37 int flag;
38} test_config;
39
40static struct option test_options[] = {
41 {
42 .name = "arg",
43 .argname = "argname",
44 .type = OPTION_ARG,
45 .opt.arg = &test_config.arg,
46 },
47 {
48 .name = "argfunc",
49 .argname = "argname",
50 .type = OPTION_ARG_FUNC,
51 .opt.argfunc = argfunc,
52 },
53 {
54 .name = "flag",
55 .type = OPTION_FLAG,
56 .opt.flag = &test_config.flag,
57 },
58 {
59 .name = "multiarg",
60 .type = OPTION_ARGV_FUNC,
61 .opt.argvfunc = multiarg,
62 },
63 {
64 .name = NULL,
65 .type = OPTION_ARGV_FUNC,
66 .opt.argvfunc = defaultarg,
67 },
68 { NULL },
69};
70
71char *args1[] = { "opts" };
72char *args2[] = { "opts", "-arg", "arg", "-flag" };
73char *args3[] = { "opts", "-arg", "arg", "-flag", "unnamed" };
74char *args4[] = { "opts", "-arg", "arg", "unnamed", "-flag" };
75char *args5[] = { "opts", "unnamed1", "-arg", "arg", "-flag", "unnamed2" };
76char *args6[] = { "opts", "-argfunc", "arg", "-flag" };
77char *args7[] = { "opts", "-arg", "arg", "-flag", "-", "-unnamed" };
78char *args8[] = { "opts", "-arg", "arg", "-flag", "file1", "file2", "file3" };
79char *args9[] = { "opts", "-arg", "arg", "-flag", "file1", "-file2", "file3" };
80char *args10[] = { "opts", "-arg", "arg", "-flag", "-", "file1", "file2" };
81char *args11[] = { "opts", "-arg", "arg", "-flag", "-", "-file1", "-file2" };
82char *args12[] = { "opts", "-multiarg", "arg1", "arg2", "-flag", "unnamed" };
83char *args13[] = { "opts", "-multiargz", "arg1", "arg2", "-flagz", "unnamed" };
84
85struct options_test {
86 int argc;
87 char **argv;
88 enum {
89 OPTIONS_TEST_NONE,
90 OPTIONS_TEST_UNNAMED,
91 OPTIONS_TEST_ARGSUSED,
92 } type;
93 char *unnamed;
94 int used;
95 int want;
96 char *wantarg;
97 int wantflag;
98};
99
100struct options_test options_tests[] = {
101 {
102 /* Test 1 - No arguments (only program name). */
103 .argc = 1,
104 .argv = args1,
105 .type = OPTIONS_TEST_NONE,
106 .want = 0,
107 .wantarg = NULL,
108 .wantflag = 0,
109 },
110 {
111 /* Test 2 - Named arguments (unnamed not permitted). */
112 .argc = 4,
113 .argv = args2,
114 .type = OPTIONS_TEST_NONE,
115 .want = 0,
116 .wantarg = "arg",
117 .wantflag = 1,
118 },
119 {
120 /* Test 3 - Named arguments (unnamed permitted). */
121 .argc = 4,
122 .argv = args2,
123 .type = OPTIONS_TEST_UNNAMED,
124 .unnamed = NULL,
125 .want = 0,
126 .wantarg = "arg",
127 .wantflag = 1,
128 },
129 {
130 /* Test 4 - Named and single unnamed (unnamed not permitted). */
131 .argc = 5,
132 .argv = args3,
133 .type = OPTIONS_TEST_NONE,
134 .want = 1,
135 },
136 {
137 /* Test 5 - Named and single unnamed (unnamed permitted). */
138 .argc = 5,
139 .argv = args3,
140 .type = OPTIONS_TEST_UNNAMED,
141 .unnamed = "unnamed",
142 .want = 0,
143 .wantarg = "arg",
144 .wantflag = 1,
145 },
146 {
147 /* Test 6 - Named and single unnamed (different sequence). */
148 .argc = 5,
149 .argv = args4,
150 .type = OPTIONS_TEST_UNNAMED,
151 .unnamed = "unnamed",
152 .want = 0,
153 .wantarg = "arg",
154 .wantflag = 1,
155 },
156 {
157 /* Test 7 - Multiple unnamed arguments (should fail). */
158 .argc = 6,
159 .argv = args5,
160 .type = OPTIONS_TEST_UNNAMED,
161 .want = 1,
162 },
163 {
164 /* Test 8 - Function. */
165 .argc = 4,
166 .argv = args6,
167 .type = OPTIONS_TEST_NONE,
168 .want = 0,
169 .wantarg = "arg",
170 .wantflag = 1,
171 },
172 {
173 /* Test 9 - Named and single unnamed (hyphen separated). */
174 .argc = 6,
175 .argv = args7,
176 .type = OPTIONS_TEST_UNNAMED,
177 .unnamed = "-unnamed",
178 .want = 0,
179 .wantarg = "arg",
180 .wantflag = 1,
181 },
182 {
183 /* Test 10 - Named and multiple unnamed. */
184 .argc = 7,
185 .argv = args8,
186 .used = 4,
187 .type = OPTIONS_TEST_ARGSUSED,
188 .want = 0,
189 .wantarg = "arg",
190 .wantflag = 1,
191 },
192 {
193 /* Test 11 - Named and multiple unnamed. */
194 .argc = 7,
195 .argv = args9,
196 .used = 4,
197 .type = OPTIONS_TEST_ARGSUSED,
198 .want = 0,
199 .wantarg = "arg",
200 .wantflag = 1,
201 },
202 {
203 /* Test 12 - Named and multiple unnamed. */
204 .argc = 7,
205 .argv = args10,
206 .used = 5,
207 .type = OPTIONS_TEST_ARGSUSED,
208 .want = 0,
209 .wantarg = "arg",
210 .wantflag = 1,
211 },
212 {
213 /* Test 13 - Named and multiple unnamed. */
214 .argc = 7,
215 .argv = args11,
216 .used = 5,
217 .type = OPTIONS_TEST_ARGSUSED,
218 .want = 0,
219 .wantarg = "arg",
220 .wantflag = 1,
221 },
222 {
223 /* Test 14 - Named only. */
224 .argc = 4,
225 .argv = args2,
226 .used = 4,
227 .type = OPTIONS_TEST_ARGSUSED,
228 .want = 0,
229 .wantarg = "arg",
230 .wantflag = 1,
231 },
232 {
233 /* Test 15 - Multiple argument callback. */
234 .argc = 6,
235 .argv = args12,
236 .unnamed = "unnamed",
237 .type = OPTIONS_TEST_UNNAMED,
238 .want = 0,
239 .wantarg = NULL,
240 .wantflag = 1,
241 },
242 {
243 /* Test 16 - Multiple argument callback. */
244 .argc = 6,
245 .argv = args12,
246 .used = 5,
247 .type = OPTIONS_TEST_ARGSUSED,
248 .want = 0,
249 .wantarg = NULL,
250 .wantflag = 1,
251 },
252 {
253 /* Test 17 - Default callback. */
254 .argc = 6,
255 .argv = args13,
256 .unnamed = "unnamed",
257 .type = OPTIONS_TEST_UNNAMED,
258 .want = 0,
259 .wantarg = NULL,
260 .wantflag = 1,
261 },
262 {
263 /* Test 18 - Default callback. */
264 .argc = 6,
265 .argv = args13,
266 .used = 5,
267 .type = OPTIONS_TEST_ARGSUSED,
268 .want = 0,
269 .wantarg = NULL,
270 .wantflag = 1,
271 },
272};
273
274#define N_OPTIONS_TESTS \
275 (sizeof(options_tests) / sizeof(*options_tests))
276
277static int
278argfunc(char *arg)
279{
280 test_config.arg = arg;
281 return (0);
282}
283
284static int
285defaultarg(int argc, char **argv, int *argsused)
286{
287 if (argc < 1)
288 return (1);
289
290 if (strcmp(argv[0], "-multiargz") == 0) {
291 if (argc < 3)
292 return (1);
293 *argsused = 3;
294 return (0);
295 } else if (strcmp(argv[0], "-flagz") == 0) {
296 test_config.flag = 1;
297 *argsused = 1;
298 return (0);
299 }
300
301 return (1);
302}
303
304static int
305multiarg(int argc, char **argv, int *argsused)
306{
307 if (argc < 3)
308 return (1);
309
310 *argsused = 3;
311 return (0);
312}
313
314static int
315do_options_test(int test_no, struct options_test *ot)
316{
317 int *argsused = NULL;
318 char *unnamed = NULL;
319 char **arg = NULL;
320 int used = 0;
321 int ret;
322
323 if (ot->type == OPTIONS_TEST_UNNAMED)
324 arg = &unnamed;
325 else if (ot->type == OPTIONS_TEST_ARGSUSED)
326 argsused = &used;
327
328 memset(&test_config, 0, sizeof(test_config));
329 ret = options_parse(ot->argc, ot->argv, test_options, arg, argsused);
330 if (ret != ot->want) {
331 fprintf(stderr, "FAIL: test %i options_parse() returned %i, "
332 "want %i\n", test_no, ret, ot->want);
333 return (1);
334 }
335 if (ret != 0)
336 return (0);
337
338 if ((test_config.arg != NULL || ot->wantarg != NULL) &&
339 (test_config.arg == NULL || ot->wantarg == NULL ||
340 strcmp(test_config.arg, ot->wantarg) != 0)) {
341 fprintf(stderr, "FAIL: test %i got arg '%s', want '%s'\n",
342 test_no, test_config.arg, ot->wantarg);
343 return (1);
344 }
345 if (test_config.flag != ot->wantflag) {
346 fprintf(stderr, "FAIL: test %i got flag %i, want %i\n",
347 test_no, test_config.flag, ot->wantflag);
348 return (1);
349 }
350 if (ot->type == OPTIONS_TEST_UNNAMED &&
351 (unnamed != NULL || ot->unnamed != NULL) &&
352 (unnamed == NULL || ot->unnamed == NULL ||
353 strcmp(unnamed, ot->unnamed) != 0)) {
354 fprintf(stderr, "FAIL: test %i got unnamed '%s', want '%s'\n",
355 test_no, unnamed, ot->unnamed);
356 return (1);
357 }
358 if (ot->type == OPTIONS_TEST_ARGSUSED && used != ot->used) {
359 fprintf(stderr, "FAIL: test %i got used %i, want %i\n",
360 test_no, used, ot->used);
361 return (1);
362 }
363
364 return (0);
365}
366
367int
368main(int argc, char **argv)
369{
370 int failed = 0;
371 size_t i;
372
373 for (i = 0; i < N_OPTIONS_TESTS; i++) {
374 printf("Test %zu%s\n", (i + 1), options_tests[i].want == 0 ?
375 "" : " is expected to complain");
376 failed += do_options_test(i + 1, &options_tests[i]);
377 }
378
379 return (failed);
380}
diff --git a/src/regress/usr.bin/openssl/test_client.sh b/src/regress/usr.bin/openssl/test_client.sh
deleted file mode 100644
index fed2baace0..0000000000
--- a/src/regress/usr.bin/openssl/test_client.sh
+++ /dev/null
@@ -1,12 +0,0 @@
1#!/bin/sh
2# $OpenBSD: test_client.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4echo
5echo This starts a tls1 mode client to talk to the server run by
6echo ./testserver.sh. You should start the server first.
7echo
8echo type in this window after ssl negotiation and your output should
9echo be echoed by the server.
10echo
11echo
12${OPENSSL:-/usr/bin/openssl} s_client -tls1
diff --git a/src/regress/usr.bin/openssl/test_server.sh b/src/regress/usr.bin/openssl/test_server.sh
deleted file mode 100644
index ec4a78a27a..0000000000
--- a/src/regress/usr.bin/openssl/test_server.sh
+++ /dev/null
@@ -1,10 +0,0 @@
1#!/bin/sh
2# $OpenBSD: test_server.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4echo This starts a tls1 mode server using the DSA certificate in ./server.pem
5echo Run ./testclient.sh in another window and type at it, you should
6echo see the results of the ssl negotiation, and stuff you type in the client
7echo should echo in this window
8echo
9echo
10${OPENSSL:-/usr/bin/openssl} s_server -tls1 -key testdsa.key -cert testdsa.pem
diff --git a/src/regress/usr.bin/openssl/testdsa.sh b/src/regress/usr.bin/openssl/testdsa.sh
deleted file mode 100644
index a04ba171ff..0000000000
--- a/src/regress/usr.bin/openssl/testdsa.sh
+++ /dev/null
@@ -1,30 +0,0 @@
1#!/bin/sh
2# $OpenBSD: testdsa.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4
5#Test DSA certificate generation of openssl
6
7cd $1
8
9# Generate DSA paramter set
10openssl_bin=${OPENSSL:-/usr/bin/openssl}
11$openssl_bin dsaparam 512 -out dsa512.pem
12if [ $? != 0 ]; then
13 exit 1;
14fi
15
16
17# Denerate a DSA certificate
18$openssl_bin req -config $2/openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
19if [ $? != 0 ]; then
20 exit 1;
21fi
22
23
24# Now check the certificate
25$openssl_bin x509 -text -in testdsa.pem
26if [ $? != 0 ]; then
27 exit 1;
28fi
29
30exit 0
diff --git a/src/regress/usr.bin/openssl/testenc.sh b/src/regress/usr.bin/openssl/testenc.sh
deleted file mode 100644
index 89b3068a08..0000000000
--- a/src/regress/usr.bin/openssl/testenc.sh
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2# $OpenBSD: testenc.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4testsrc=$2/openssl.cnf
5test=$1/p
6cmd=${OPENSSL:-/usr/bin/openssl}
7
8cd $1
9
10cat $testsrc >$test;
11
12echo cat
13$cmd enc < $test > $test.cipher
14$cmd enc < $test.cipher >$test.clear
15cmp $test $test.clear
16if [ $? != 0 ]
17then
18 exit 1
19else
20 /bin/rm $test.cipher $test.clear
21fi
22echo base64
23$cmd enc -a -e < $test > $test.cipher
24$cmd enc -a -d < $test.cipher >$test.clear
25cmp $test $test.clear
26if [ $? != 0 ]
27then
28 exit 1
29else
30 /bin/rm $test.cipher $test.clear
31fi
32
33/bin/rm -f $test
34exit 0
35
36# These tests are now done by the makefile.
37
38for i in rc4 \
39 des-cfb des-ede-cfb des-ede3-cfb \
40 des-ofb des-ede-ofb des-ede3-ofb \
41 des-ecb des-ede des-ede3 desx \
42 des-cbc des-ede-cbc des-ede3-cbc \
43 rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
44 bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
45 cast5-ecb cast5-cfb cast5-ofb cast5-cbc
46do
47 echo $i
48 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
49 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
50 cmp $test $test.$i.clear
51 if [ $? != 0 ]
52 then
53 exit 1
54 else
55 /bin/rm $test.$i.cipher $test.$i.clear
56 fi
57
58 echo $i base64
59 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
60 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
61 cmp $test $test.$i.clear
62 if [ $? != 0 ]
63 then
64 exit 1
65 else
66 /bin/rm $test.$i.cipher $test.$i.clear
67 fi
68done
69rm -f $test
diff --git a/src/regress/usr.bin/openssl/testrsa.sh b/src/regress/usr.bin/openssl/testrsa.sh
deleted file mode 100644
index 36f5e639e8..0000000000
--- a/src/regress/usr.bin/openssl/testrsa.sh
+++ /dev/null
@@ -1,30 +0,0 @@
1#!/bin/sh
2# $OpenBSD: testrsa.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
3
4
5#Test RSA certificate generation of openssl
6
7cd $1
8openssl_bin=${OPENSSL:-/usr/bin/openssl}
9
10# Generate RSA private key
11$openssl_bin genrsa -out rsakey.pem
12if [ $? != 0 ]; then
13 exit 1;
14fi
15
16
17# Generate an RSA certificate
18$openssl_bin req -config $2/openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
19if [ $? != 0 ]; then
20 exit 1;
21fi
22
23
24# Now check the certificate
25$openssl_bin x509 -text -in rsacert.pem
26if [ $? != 0 ]; then
27 exit 1;
28fi
29
30exit 0
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 14:04:33 +0000