1 files changed, 91 insertions, 15 deletions
diff --git a/src/regress/lib/libcrypto/CA/Makefile b/src/regress/lib/libcrypto/CA/Makefile
index c31c99c946..3e445d2de0 100644
--- a/src/regress/lib/libcrypto/CA/Makefile
+++ b/src/regress/lib/libcrypto/CA/Makefile
@@ -1,21 +1,97 @@
-#       $OpenBSD: Makefile,v 1.1 2017/01/25 10:29:34 beck Exp $
+#       $OpenBSD: Makefile,v 1.2 2020/12/26 00:48:56 bluhm Exp $
-TESTS = \
+CLEANFILES +=   *.pem *.serial *.txt *.attr *.old
-        doit.sh
-REGRESS_TARGETS= all_tests
+REGRESS_SETUP_ONCE +=   root.serial intermediate.serial
+root.serial intermediate.serial:
+        echo 1000 >$@
-CLEANFILES += \
+REGRESS_SETUP_ONCE +=   root.txt intermediate.txt
-1000.pem client.cert.pem intermediate.cert.pem root.cert.pem  server.csr.pem \
+root.txt intermediate.txt:
-1001.pem client.csr.pem intermediate.csr.pem  root.key.pem  server.key.pem \
+        true >$@
-chain.pem client.key.pem intermediate.key.pem  server.cert.pem \
-int.txt  int.txt.attr int.txt.old int.txt.attr.old  \
-root.txt root.txt.attr root.txt.old root.txt.attr.old \
-intserial rootserial intserial.old rootserial.old
-all_tests: ${TESTS}
+# Vanna Vanna make me a root cert
-        @for test in $>; do \
+root.key.pem:
-                ./$$test; \
+        # generate root rsa 4096 key
-        done
+        openssl genrsa -out root.key.pem 4096
+root.cert.pem: root.cnf root.key.pem
+        # generate root req
+        openssl req -batch -config ${.CURDIR}/root.cnf -key root.key.pem \
+            -new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
+# Make intermediate
+intermediate.key.pem:
+        # generate intermediate rsa 2048 key
+        openssl genrsa -out intermediate.key.pem 2048
+intermediate.csr.pem: intermediate.cnf intermediate.key.pem
+        # generate intermediate req
+        openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \
+          -key intermediate.key.pem -out intermediate.csr.pem
+# Sign intermediate
+intermediate.cert.pem:  root.cnf root.cert.pem intermediate.csr.pem
+        # sign intermediate
+        openssl ca -batch -config ${.CURDIR}/root.cnf \
+            -extensions v3_intermediate_ca -days 10 -notext -md sha256 \
+            -in intermediate.csr.pem -out intermediate.cert.pem
+REGRESS_TARGETS +=      run-verify-intermediate
+# Verify Intermediate
+run-verify-intermediate: root.cert.pem intermediate.cert.pem
+        # validate intermediate CA
+        openssl verify -CAfile root.cert.pem intermediate.cert.pem
+chain.pem: intermediate.cert.pem root.cert.pem
+        cat intermediate.cert.pem root.cert.pem > chain.pem
+# Make a server certificate
+server.key.pem:
+        # genrsa server
+        openssl genrsa -out server.key.pem 2048
+server.csr.pem: intermediate.cnf server.key.pem
+        # server req
+        openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \
+            -subj '/CN=server/O=OpenBSD/OU=So and Sos/C=CA' \
+            -key server.key.pem -out server.csr.pem
+# Sign server key
+server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
+        # server sign
+        openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
+            -extensions server_cert -days 5 -notext -md sha256 \
+            -in server.csr.pem -out server.cert.pem
+# Make a client certificate
+client.key.pem:
+        # genrsa client
+        openssl genrsa -out client.key.pem 2048
+client.csr.pem: intermediate.cnf intermediate.cert.pem client.key.pem
+        # client req
+        openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \
+            -subj '/CN=client/O=OpenBSD/OU=So and Sos/C=CA' \
+            -key client.key.pem -out client.csr.pem
+# Sign client key
+client.cert.pem: intermediate.cnf intermediate.txt client.csr.pem
+        # client sign
+        openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
+            -extensions usr_cert -days 5 -notext -md sha256 \
+            -in client.csr.pem -out client.cert.pem
+REGRESS_TARGETS +=      run-verify-server
+# Verify Intermediate
+run-verify-server: chain.pem server.cert.pem
+        # validate server cert
+        openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
+REGRESS_TARGETS +=      run-verify-client
+# Verify Intermediate
+run-verify-client: chain.pem client.cert.pem
+        # validate client cert
+        openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem
 .include <bsd.regress.mk>

diff --git a/src/regress/lib/libcrypto/CA/Makefile b/src/regress/lib/libcrypto/CA/Makefile index c31c99c946..3e445d2de0 100644 --- a/src/regress/lib/libcrypto/CA/Makefile +++ b/src/regress/lib/libcrypto/CA/Makefile
@@ -1,21 +1,97 @@
1	# $OpenBSD: Makefile,v 1.1 2017/01/25 10:29:34 beck Exp $	1	# $OpenBSD: Makefile,v 1.2 2020/12/26 00:48:56 bluhm Exp $
2		2
3	TESTS = \	3	CLEANFILES += .pem .serial .txt .attr *.old
4	doit.sh
5		4
6	REGRESS_TARGETS= all_tests	5	REGRESS_SETUP_ONCE += root.serial intermediate.serial
		6	root.serial intermediate.serial:
		7	echo 1000 >$@
7		8
8	CLEANFILES += \	9	REGRESS_SETUP_ONCE += root.txt intermediate.txt
9	1000.pem client.cert.pem intermediate.cert.pem root.cert.pem server.csr.pem \	10	root.txt intermediate.txt:
10	1001.pem client.csr.pem intermediate.csr.pem root.key.pem server.key.pem \	11	true >$@
11	chain.pem client.key.pem intermediate.key.pem server.cert.pem \
12	int.txt int.txt.attr int.txt.old int.txt.attr.old \
13	root.txt root.txt.attr root.txt.old root.txt.attr.old \
14	intserial rootserial intserial.old rootserial.old
15		12
16	all_tests: ${TESTS}	13	# Vanna Vanna make me a root cert
17	@for test in $>; do \	14	root.key.pem:
18	./$$test; \	15	# generate root rsa 4096 key
19	done	16	openssl genrsa -out root.key.pem 4096
		17
		18	root.cert.pem: root.cnf root.key.pem
		19	# generate root req
		20	openssl req -batch -config ${.CURDIR}/root.cnf -key root.key.pem \
		21	-new -x509 -days 365 -sha256 -extensions v3_ca -out root.cert.pem
		22
		23	# Make intermediate
		24	intermediate.key.pem:
		25	# generate intermediate rsa 2048 key
		26	openssl genrsa -out intermediate.key.pem 2048
		27
		28	intermediate.csr.pem: intermediate.cnf intermediate.key.pem
		29	# generate intermediate req
		30	openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \
		31	-key intermediate.key.pem -out intermediate.csr.pem
		32
		33	# Sign intermediate
		34	intermediate.cert.pem: root.cnf root.cert.pem intermediate.csr.pem
		35	# sign intermediate
		36	openssl ca -batch -config ${.CURDIR}/root.cnf \
		37	-extensions v3_intermediate_ca -days 10 -notext -md sha256 \
		38	-in intermediate.csr.pem -out intermediate.cert.pem
		39
		40	REGRESS_TARGETS += run-verify-intermediate
		41	# Verify Intermediate
		42	run-verify-intermediate: root.cert.pem intermediate.cert.pem
		43	# validate intermediate CA
		44	openssl verify -CAfile root.cert.pem intermediate.cert.pem
		45
		46	chain.pem: intermediate.cert.pem root.cert.pem
		47	cat intermediate.cert.pem root.cert.pem > chain.pem
		48
		49	# Make a server certificate
		50	server.key.pem:
		51	# genrsa server
		52	openssl genrsa -out server.key.pem 2048
		53
		54	server.csr.pem: intermediate.cnf server.key.pem
		55	# server req
		56	openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \
		57	-subj '/CN=server/O=OpenBSD/OU=So and Sos/C=CA' \
		58	-key server.key.pem -out server.csr.pem
		59
		60	# Sign server key
		61	server.cert.pem: intermediate.cnf intermediate.cert.pem server.csr.pem
		62	# server sign
		63	openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
		64	-extensions server_cert -days 5 -notext -md sha256 \
		65	-in server.csr.pem -out server.cert.pem
		66
		67	# Make a client certificate
		68	client.key.pem:
		69	# genrsa client
		70	openssl genrsa -out client.key.pem 2048
		71
		72	client.csr.pem: intermediate.cnf intermediate.cert.pem client.key.pem
		73	# client req
		74	openssl req -batch -config ${.CURDIR}/intermediate.cnf -new -sha256 \
		75	-subj '/CN=client/O=OpenBSD/OU=So and Sos/C=CA' \
		76	-key client.key.pem -out client.csr.pem
		77
		78	# Sign client key
		79	client.cert.pem: intermediate.cnf intermediate.txt client.csr.pem
		80	# client sign
		81	openssl ca -batch -config ${.CURDIR}/intermediate.cnf \
		82	-extensions usr_cert -days 5 -notext -md sha256 \
		83	-in client.csr.pem -out client.cert.pem
		84
		85	REGRESS_TARGETS += run-verify-server
		86	# Verify Intermediate
		87	run-verify-server: chain.pem server.cert.pem
		88	# validate server cert
		89	openssl verify -purpose sslserver -CAfile chain.pem server.cert.pem
		90
		91	REGRESS_TARGETS += run-verify-client
		92	# Verify Intermediate
		93	run-verify-client: chain.pem client.cert.pem
		94	# validate client cert
		95	openssl verify -purpose sslclient -CAfile chain.pem client.cert.pem
20		96
21	.include <bsd.regress.mk>	97	.include <bsd.regress.mk>