8 files changed, 187 insertions, 0 deletions
diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile
new file mode 100644
index 0000000000..5eb5fc6455
--- /dev/null
+++ b/src/regress/lib/libssl/Makefile
@@ -0,0 +1,11 @@
+CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem
+install:
+regress:
+        sh ${.CURDIR}/testenc.sh
+        sh ${.CURDIR}/testdsa.sh
+#       sh ${.CURDIR}/testrsa.sh
+.include <bsd.prog.mk>
diff --git a/src/regress/lib/libssl/README b/src/regress/lib/libssl/README
new file mode 100644
index 0000000000..b1bab65fd1
--- /dev/null
+++ b/src/regress/lib/libssl/README
@@ -0,0 +1,8 @@
+testenc.sh tests encryption routines
+testdsa.sh tests DSA certificate generation
+test_server.sh starts a tls1 server using the above generated certificate
+test_client.sh starts a client to talk to the server.
+testrsa.sh tests RSA certificate generation - this SHOULD FAIL with the
+           version of the library in openbsd because all the RSA routines 
+           are (currently) stubbed.
diff --git a/src/regress/lib/libssl/ssleay.cnf b/src/regress/lib/libssl/ssleay.cnf
new file mode 100644
index 0000000000..c8439860c3
--- /dev/null
+++ b/src/regress/lib/libssl/ssleay.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+RANDFILE              = ./.rnd
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CA
+countryName_value             = CA
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Shake it Vera 
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Wastelandus
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Maximus
diff --git a/src/regress/lib/libssl/test_client.sh b/src/regress/lib/libssl/test_client.sh
new file mode 100644
index 0000000000..36a8f84532
--- /dev/null
+++ b/src/regress/lib/libssl/test_client.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+echo
+echo This starts a tls1 mode client to talk to the server run by 
+echo ./testserver.sh. You should start the server first. 
+echo
+echo type in this window after ssl negotiation and your output should
+echo be echoed by the server. 
+echo
+echo
+/usr/sbin/ssleay s_client -tls1
diff --git a/src/regress/lib/libssl/test_server.sh b/src/regress/lib/libssl/test_server.sh
new file mode 100644
index 0000000000..5467c52459
--- /dev/null
+++ b/src/regress/lib/libssl/test_server.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+echo This starts a tls1 mode server using the DSA certificate in ./server.pem
+echo Run ./testclient.sh in another window and type at it, you should 
+echo see the results of the ssl negotiation, and stuff you type in the client
+echo should echo in this window
+echo
+echo
+/usr/sbin/ssleay s_server -tls1 -key testdsa.key -cert testdsa.pem
diff --git a/src/regress/lib/libssl/testdsa.sh b/src/regress/lib/libssl/testdsa.sh
new file mode 100644
index 0000000000..4c9668c906
--- /dev/null
+++ b/src/regress/lib/libssl/testdsa.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+#Test DSA certificate generation of ssleay
+# Generate DSA paramter set
+ssleay dsaparam 512 -out dsa512.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+# Denerate a DSA certificate
+ssleay req -config ssleay.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
+if [ $? != 0 ]; then
+        exit 1;
+fi
+# Now check the certificate
+ssleay x509 -text -in testdsa.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+exit 0
diff --git a/src/regress/lib/libssl/testenc.sh b/src/regress/lib/libssl/testenc.sh
new file mode 100644
index 0000000000..ab3278f27e
--- /dev/null
+++ b/src/regress/lib/libssl/testenc.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+testsrc=./ssleay.cnf
+test=./p
+cmd=/usr/sbin/ssleay
+cat $testsrc >$test;
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+        exit 1
+else
+        /bin/rm $test.cipher $test.clear
+fi
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+        exit 1
+else
+        /bin/rm $test.cipher $test.clear
+fi
+for i in rc4 \
+        des-cfb des-ede-cfb des-ede3-cfb \
+        des-ofb des-ede-ofb des-ede3-ofb \
+        des-ecb des-ede des-ede3 desx \
+        des-cbc des-ede-cbc des-ede3-cbc \
+        rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
+        bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+        cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+do
+        echo $i
+        $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+        cmp $test $test.$i.clear
+        if [ $? != 0 ]
+        then
+                exit 1
+        else
+                /bin/rm $test.$i.cipher $test.$i.clear
+        fi
+        echo $i base64
+        $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+        $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+        cmp $test $test.$i.clear
+        if [ $? != 0 ]
+        then
+                exit 1
+        else
+                /bin/rm $test.$i.cipher $test.$i.clear
+        fi
+done
+rm -f $test
diff --git a/src/regress/lib/libssl/testrsa.sh b/src/regress/lib/libssl/testrsa.sh
new file mode 100644
index 0000000000..79c578834a
--- /dev/null
+++ b/src/regress/lib/libssl/testrsa.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+#Test RSA certificate generation of ssleay
+echo 
+echo RSA paramters test - NOTE THAT THIS WILL ONLY WORK IF YOU HAVE
+echo compiled libssl with the src-patent tree, currently living in 
+echo ~ryker/src-patent.tar.gz on cvs. 
+echo
+echo This will *not* work with what\'s in the tree, rsa is not in that.
+echo
+sleep 3
+ 
+# Generate RSA private key
+ssleay genrsa -out rsakey.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+# Denerate an RSA certificate
+ssleay req -config ssleay.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+# Now check the certificate
+ssleay x509 -text -in rsacert.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+exit 0

diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile new file mode 100644 index 0000000000..5eb5fc6455 --- /dev/null +++ b/src/regress/lib/libssl/Makefile
@@ -0,0 +1,11 @@
	1
	2	CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem
	3
	4	install:
	5
	6	regress:
	7	sh ${.CURDIR}/testenc.sh
	8	sh ${.CURDIR}/testdsa.sh
	9	# sh ${.CURDIR}/testrsa.sh
	10
	11	.include <bsd.prog.mk>


diff --git a/src/regress/lib/libssl/README b/src/regress/lib/libssl/README new file mode 100644 index 0000000000..b1bab65fd1 --- /dev/null +++ b/src/regress/lib/libssl/README
@@ -0,0 +1,8 @@
	1	testenc.sh tests encryption routines
	2	testdsa.sh tests DSA certificate generation
	3	test_server.sh starts a tls1 server using the above generated certificate
	4	test_client.sh starts a client to talk to the server.
	5	testrsa.sh tests RSA certificate generation - this SHOULD FAIL with the
	6	version of the library in openbsd because all the RSA routines
	7	are (currently) stubbed.
	8


diff --git a/src/regress/lib/libssl/ssleay.cnf b/src/regress/lib/libssl/ssleay.cnf new file mode 100644 index 0000000000..c8439860c3 --- /dev/null +++ b/src/regress/lib/libssl/ssleay.cnf
@@ -0,0 +1,27 @@
	1	#
	2	# SSLeay example configuration file.
	3	# This is mostly being used for generation of certificate requests.
	4	#
	5	# hacked by iang to do DSA certs - Server
	6
	7	RANDFILE = ./.rnd
	8
	9	####################################################################
	10	[ req ]
	11	distinguished_name = req_distinguished_name
	12	encrypt_rsa_key = no
	13
	14	[ req_distinguished_name ]
	15	countryName = Country Name (2 letter code)
	16	countryName_default = CA
	17	countryName_value = CA
	18
	19	organizationName = Organization Name (eg, company)
	20	organizationName_value = Shake it Vera
	21
	22	0.commonName = Common Name (eg, YOUR name)
	23	0.commonName_value = Wastelandus
	24
	25	1.commonName = Common Name (eg, YOUR name)
	26	1.commonName_value = Maximus
	27


diff --git a/src/regress/lib/libssl/test_client.sh b/src/regress/lib/libssl/test_client.sh new file mode 100644 index 0000000000..36a8f84532 --- /dev/null +++ b/src/regress/lib/libssl/test_client.sh
@@ -0,0 +1,11 @@
	1	#!/bin/sh
	2
	3	echo
	4	echo This starts a tls1 mode client to talk to the server run by
	5	echo ./testserver.sh. You should start the server first.
	6	echo
	7	echo type in this window after ssl negotiation and your output should
	8	echo be echoed by the server.
	9	echo
	10	echo
	11	/usr/sbin/ssleay s_client -tls1


diff --git a/src/regress/lib/libssl/test_server.sh b/src/regress/lib/libssl/test_server.sh new file mode 100644 index 0000000000..5467c52459 --- /dev/null +++ b/src/regress/lib/libssl/test_server.sh
@@ -0,0 +1,9 @@
	1	#!/bin/sh
	2
	3	echo This starts a tls1 mode server using the DSA certificate in ./server.pem
	4	echo Run ./testclient.sh in another window and type at it, you should
	5	echo see the results of the ssl negotiation, and stuff you type in the client
	6	echo should echo in this window
	7	echo
	8	echo
	9	/usr/sbin/ssleay s_server -tls1 -key testdsa.key -cert testdsa.pem


diff --git a/src/regress/lib/libssl/testdsa.sh b/src/regress/lib/libssl/testdsa.sh new file mode 100644 index 0000000000..4c9668c906 --- /dev/null +++ b/src/regress/lib/libssl/testdsa.sh
@@ -0,0 +1,25 @@
	1	#!/bin/sh
	2
	3	#Test DSA certificate generation of ssleay
	4
	5	# Generate DSA paramter set
	6	ssleay dsaparam 512 -out dsa512.pem
	7	if [ $? != 0 ]; then
	8	exit 1;
	9	fi
	10
	11
	12	# Denerate a DSA certificate
	13	ssleay req -config ssleay.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
	14	if [ $? != 0 ]; then
	15	exit 1;
	16	fi
	17
	18
	19	# Now check the certificate
	20	ssleay x509 -text -in testdsa.pem
	21	if [ $? != 0 ]; then
	22	exit 1;
	23	fi
	24
	25	exit 0


diff --git a/src/regress/lib/libssl/testenc.sh b/src/regress/lib/libssl/testenc.sh new file mode 100644 index 0000000000..ab3278f27e --- /dev/null +++ b/src/regress/lib/libssl/testenc.sh
@@ -0,0 +1,61 @@
	1	#!/bin/sh
	2
	3	testsrc=./ssleay.cnf
	4	test=./p
	5	cmd=/usr/sbin/ssleay
	6
	7	cat $testsrc >$test;
	8
	9	echo cat
	10	$cmd enc < $test > $test.cipher
	11	$cmd enc < $test.cipher >$test.clear
	12	cmp $test $test.clear
	13	if [ $? != 0 ]
	14	then
	15	exit 1
	16	else
	17	/bin/rm $test.cipher $test.clear
	18	fi
	19	echo base64
	20	$cmd enc -a -e < $test > $test.cipher
	21	$cmd enc -a -d < $test.cipher >$test.clear
	22	cmp $test $test.clear
	23	if [ $? != 0 ]
	24	then
	25	exit 1
	26	else
	27	/bin/rm $test.cipher $test.clear
	28	fi
	29
	30	for i in rc4 \
	31	des-cfb des-ede-cfb des-ede3-cfb \
	32	des-ofb des-ede-ofb des-ede3-ofb \
	33	des-ecb des-ede des-ede3 desx \
	34	des-cbc des-ede-cbc des-ede3-cbc \
	35	rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
	36	bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
	37	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
	38	do
	39	echo $i
	40	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
	41	$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
	42	cmp $test $test.$i.clear
	43	if [ $? != 0 ]
	44	then
	45	exit 1
	46	else
	47	/bin/rm $test.$i.cipher $test.$i.clear
	48	fi
	49
	50	echo $i base64
	51	$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
	52	$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
	53	cmp $test $test.$i.clear
	54	if [ $? != 0 ]
	55	then
	56	exit 1
	57	else
	58	/bin/rm $test.$i.cipher $test.$i.clear
	59	fi
	60	done
	61	rm -f $test


diff --git a/src/regress/lib/libssl/testrsa.sh b/src/regress/lib/libssl/testrsa.sh new file mode 100644 index 0000000000..79c578834a --- /dev/null +++ b/src/regress/lib/libssl/testrsa.sh
@@ -0,0 +1,35 @@
	1	#!/bin/sh
	2
	3	#Test RSA certificate generation of ssleay
	4
	5	echo
	6	echo RSA paramters test - NOTE THAT THIS WILL ONLY WORK IF YOU HAVE
	7	echo compiled libssl with the src-patent tree, currently living in
	8	echo ~ryker/src-patent.tar.gz on cvs.
	9	echo
	10	echo This will not work with what\'s in the tree, rsa is not in that.
	11	echo
	12	sleep 3
	13
	14
	15	# Generate RSA private key
	16	ssleay genrsa -out rsakey.pem
	17	if [ $? != 0 ]; then
	18	exit 1;
	19	fi
	20
	21
	22	# Denerate an RSA certificate
	23	ssleay req -config ssleay.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
	24	if [ $? != 0 ]; then
	25	exit 1;
	26	fi
	27
	28
	29	# Now check the certificate
	30	ssleay x509 -text -in rsacert.pem
	31	if [ $? != 0 ]; then
	32	exit 1;
	33	fi
	34
	35	exit 0