From 68edd00d9258df93b1366c71ac124e0cadf7bc08 Mon Sep 17 00:00:00 2001
From: djm <>
Date: Fri, 29 Apr 2005 05:39:33 +0000
Subject: resolve conflicts

---
 src/lib/libssl/test/bctest        |  2 +-
 src/lib/libssl/test/maketests.com |  6 +--
 src/lib/libssl/test/tcrl          |  2 +-
 src/lib/libssl/test/testca        |  3 ++
 src/lib/libssl/test/testenc       | 20 ++++-----
 src/lib/libssl/test/testenc.com   |  2 +-
 src/lib/libssl/test/testgen       |  6 +--
 src/lib/libssl/test/testss        | 86 ++++++++++++++++++++++++++++++++++-----
 src/lib/libssl/test/testssl       | 14 +++----
 src/lib/libssl/test/tpkcs7        |  2 +-
 src/lib/libssl/test/tpkcs7d       |  2 +-
 src/lib/libssl/test/treq          |  2 +-
 src/lib/libssl/test/trsa          |  4 +-
 src/lib/libssl/test/tsid          |  2 +-
 src/lib/libssl/test/tverify.com   |  9 ++--
 src/lib/libssl/test/tx509         |  2 +-
 16 files changed, 117 insertions(+), 47 deletions(-)

(limited to 'src/lib/libssl/test')

diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
index bdb3218f7a..e81fc0733a 100644
--- a/src/lib/libssl/test/bctest
+++ b/src/lib/libssl/test/bctest
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# This script is used by test/Makefile.ssl to check whether a sane 'bc'
+# This script is used by test/Makefile to check whether a sane 'bc'
 # is installed.
 # ('make test_bn' should not try to run 'bc' if it does not exist or if
 # it is a broken 'bc' version that is known to cause trouble.)
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index 7c44e4545a..dfbfef7b1b 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -615,7 +615,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
            "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -648,7 +648,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -679,7 +679,7 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
index f71ef7a863..3ffed12a03 100644
--- a/src/lib/libssl/test/tcrl
+++ b/src/lib/libssl/test/tcrl
@@ -7,7 +7,7 @@ else
 fi
 export PATH
 
-cmd='../apps/openssl crl'
+cmd='../util/shlib_wrap.sh ../apps/openssl crl'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
index 8215ebb5d1..5b2faa78f1 100644
--- a/src/lib/libssl/test/testca
+++ b/src/lib/libssl/test/testca
@@ -11,6 +11,9 @@ export SH PATH
 SSLEAY_CONFIG="-config CAss.cnf"
 export SSLEAY_CONFIG
 
+OPENSSL="`pwd`/../util/shlib_wrap.sh openssl"
+export OPENSSL
+
 /bin/rm -fr demoCA
 $SH ../apps/CA.sh -newca <<EOF
 EOF
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
index 0656c7f525..4571ea2875 100644
--- a/src/lib/libssl/test/testenc
+++ b/src/lib/libssl/test/testenc
@@ -1,14 +1,14 @@
 #!/bin/sh
 
-testsrc=Makefile.ssl
+testsrc=Makefile
 test=./p
-cmd=../apps/openssl
+cmd="../util/shlib_wrap.sh ../apps/openssl"
 
 cat $testsrc >$test;
 
 echo cat
-$cmd enc < $test > $test.cipher
-$cmd enc < $test.cipher >$test.clear
+$cmd enc -non-fips-allow < $test > $test.cipher
+$cmd enc -non-fips-allow < $test.cipher >$test.clear
 cmp $test $test.clear
 if [ $? != 0 ]
 then
@@ -17,8 +17,8 @@ else
 	/bin/rm $test.cipher $test.clear
 fi
 echo base64
-$cmd enc -a -e < $test > $test.cipher
-$cmd enc -a -d < $test.cipher >$test.clear
+$cmd enc -non-fips-allow -a -e < $test > $test.cipher
+$cmd enc -non-fips-allow -a -d < $test.cipher >$test.clear
 cmp $test $test.clear
 if [ $? != 0 ]
 then
@@ -30,8 +30,8 @@ fi
 for i in `$cmd list-cipher-commands`
 do
 	echo $i
-	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
-	$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+	$cmd $i -non-fips-allow -bufsize 113 -e -k test < $test > $test.$i.cipher
+	$cmd $i -non-fips-allow -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
 	cmp $test $test.$i.clear
 	if [ $? != 0 ]
 	then
@@ -41,8 +41,8 @@ do
 	fi
 
 	echo $i base64
-	$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
-	$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+	$cmd $i -non-fips-allow -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+	$cmd $i -non-fips-allow -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
 	cmp $test $test.$i.clear
 	if [ $? != 0 ]
 	then
diff --git a/src/lib/libssl/test/testenc.com b/src/lib/libssl/test/testenc.com
index c24fa388c0..5e6f521f9d 100644
--- a/src/lib/libssl/test/testenc.com
+++ b/src/lib/libssl/test/testenc.com
@@ -4,7 +4,7 @@ $	__arch := VAX
 $	if f$getsyi("cpu") .ge. 128 then __arch := AXP
 $	exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
-$	testsrc := makefile.ssl
+$	testsrc := makefile.
 $	test := p.txt
 $	cmd := mcr 'exe_dir'openssl
 $
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
index 3798543e04..524c0d134c 100644
--- a/src/lib/libssl/test/testgen
+++ b/src/lib/libssl/test/testgen
@@ -17,7 +17,7 @@ echo "generating certificate request"
 
 echo "string to make the random number generator think it has entropy" >> ./.rnd
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   req_new='-newkey dsa:../apps/dsa512.pem'
 else
   req_new='-new'
@@ -29,13 +29,13 @@ echo "This could take some time."
 
 rm -f testkey.pem testreq.pem
 
-../apps/openssl req -config test.cnf $req_new -out testreq.pem
+../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
 if [ $? != 0 ]; then
 echo problems creating request
 exit 1
 fi
 
-../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
+../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
 if [ $? != 0 ]; then
 echo signature on req is wrong
 exit 1
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
index 8d3557f356..1a426857d3 100644
--- a/src/lib/libssl/test/testss
+++ b/src/lib/libssl/test/testss
@@ -1,9 +1,9 @@
 #!/bin/sh
 
-digest='-md5'
-reqcmd="../apps/openssl req"
-x509cmd="../apps/openssl x509 $digest"
-verifycmd="../apps/openssl verify"
+digest='-sha1'
+reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
+x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
+verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
 dummycnf="../apps/openssl.cnf"
 
 CAkey="keyCA.ss"
@@ -17,12 +17,24 @@ Ukey="keyU.ss"
 Ureq="reqU.ss"
 Ucert="certU.ss"
 
+P1conf="P1ss.cnf"
+P1key="keyP1.ss"
+P1req="reqP1.ss"
+P1cert="certP1.ss"
+P1intermediate="tmp_intP1.ss"
+
+P2conf="P2ss.cnf"
+P2key="keyP2.ss"
+P2req="reqP2.ss"
+P2cert="certP2.ss"
+P2intermediate="tmp_intP2.ss"
+
 echo
 echo "make a certificate request using 'req'"
 
 echo "string to make the random number generator think it has entropy" >> ./.rnd
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   req_new='-newkey dsa:../apps/dsa512.pem'
 else
   req_new='-new'
@@ -35,7 +47,7 @@ if [ $? != 0 ]; then
 fi
 echo
 echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
 if [ $? != 0 ]; then
 	echo "error using 'x509' to self sign a certificate request"
 	exit 1
@@ -68,18 +80,18 @@ if [ $? != 0 ]; then
 fi
 
 echo
-echo "make another certificate request using 'req'"
+echo "make a user certificate request using 'req'"
 $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
 if [ $? != 0 ]; then
-	echo "error using 'req' to generate a certificate request"
+	echo "error using 'req' to generate a user certificate request"
 	exit 1
 fi
 
 echo
-echo "sign certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss
+echo "sign user certificate request with the just created CA via 'x509'"
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
 if [ $? != 0 ]; then
-	echo "error using 'x509' to sign a certificate request"
+	echo "error using 'x509' to sign a user certificate request"
 	exit 1
 fi
 
@@ -88,6 +100,50 @@ echo
 echo "Certificate details"
 $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
 
+echo
+echo "make a proxy certificate request using 'req'"
+$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'req' to generate a proxy certificate request"
+	exit 1
+fi
+
+echo
+echo "sign proxy certificate request with the just created user certificate via 'x509'"
+$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'x509' to sign a proxy certificate request"
+	exit 1
+fi
+
+cat $Ucert > $P1intermediate
+$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
+
+echo
+echo "make another proxy certificate request using 'req'"
+$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'req' to generate another proxy certificate request"
+	exit 1
+fi
+
+echo
+echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
+$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
+if [ $? != 0 ]; then
+	echo "error using 'x509' to sign a second proxy certificate request"
+	exit 1
+fi
+
+cat $Ucert $P1cert > $P2intermediate
+$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
+echo
+echo "Certificate details"
+$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
+
 echo
 echo The generated CA certificate is $CAcert
 echo The generated CA private key is $CAkey
@@ -95,5 +151,13 @@ echo The generated CA private key is $CAkey
 echo The generated user certificate is $Ucert
 echo The generated user private key is $Ukey
 
+echo The first generated proxy certificate is $P1cert
+echo The first generated proxy private key is $P1key
+
+echo The second generated proxy certificate is $P2cert
+echo The second generated proxy private key is $P2key
+
 /bin/rm err.ss
+#/bin/rm $P1intermediate
+#/bin/rm $P2intermediate
 exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
index ca8e718022..8ac90ae5ee 100644
--- a/src/lib/libssl/test/testssl
+++ b/src/lib/libssl/test/testssl
@@ -10,9 +10,9 @@ if [ "$2" = "" ]; then
 else
   cert="$2"
 fi
-ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
+ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
 
-if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
   dsa_cert=YES
 else
   dsa_cert=NO
@@ -121,24 +121,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
 #############################################################################
 
-if ../apps/openssl no-dh; then
+if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
   echo skipping anonymous DH tests
 else
   echo test tls1 with 1024bit anonymous DH, multiple handshakes
   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
 fi
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   echo skipping RSA tests
 else
   echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
 
-  if ../apps/openssl no-dh; then
+  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
     echo skipping RSA+DHE tests
   else
     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
   fi
 fi
 
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
index cf3bd9fadb..79bb6e0edf 100644
--- a/src/lib/libssl/test/tpkcs7
+++ b/src/lib/libssl/test/tpkcs7
@@ -7,7 +7,7 @@ else
 fi
 export PATH
 
-cmd='../apps/openssl pkcs7'
+cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
index 18f9311b06..20394b34c4 100644
--- a/src/lib/libssl/test/tpkcs7d
+++ b/src/lib/libssl/test/tpkcs7d
@@ -7,7 +7,7 @@ else
 fi
 export PATH
 
-cmd='../apps/openssl pkcs7'
+cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
index 47a8273cde..7e020210a5 100644
--- a/src/lib/libssl/test/treq
+++ b/src/lib/libssl/test/treq
@@ -7,7 +7,7 @@ else
 fi
 export PATH
 
-cmd='../apps/openssl req -config ../apps/openssl.cnf'
+cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
index 413e2ec0a0..67b4a98841 100644
--- a/src/lib/libssl/test/trsa
+++ b/src/lib/libssl/test/trsa
@@ -7,12 +7,12 @@ else
 fi
 export PATH
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   echo skipping rsa conversion test
   exit 0
 fi
 
-cmd='../apps/openssl rsa'
+cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
index 40a1dfa97c..fb4a7213b9 100644
--- a/src/lib/libssl/test/tsid
+++ b/src/lib/libssl/test/tsid
@@ -7,7 +7,7 @@ else
 fi
 export PATH
 
-cmd='../apps/openssl sess_id'
+cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/src/lib/libssl/test/tverify.com b/src/lib/libssl/test/tverify.com
index f97e71478f..2060184d1e 100644
--- a/src/lib/libssl/test/tverify.com
+++ b/src/lib/libssl/test/tverify.com
@@ -15,12 +15,15 @@ $	f = f$search("[-.certs]*.pem")
 $	if f .nes. "" .and. f .nes. old_f
 $	then
 $	    certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
-$	    if f$length(certs) .lt. 180 then goto loop_certs2
 $	    c := YES
+$	    if f$length(certs) .lt. 180 then goto loop_certs2
 $	endif
 $	certs = certs - " "
 $
-$	mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
-$	if c then goto loop_certs
+$	if c
+$	then
+$	    mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$	    goto loop_certs
+$	endif
 $
 $	delete certs.tmp;*
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
index d380963abc..1b9c8661f3 100644
--- a/src/lib/libssl/test/tx509
+++ b/src/lib/libssl/test/tx509
@@ -7,7 +7,7 @@ else
 fi
 export PATH
 
-cmd='../apps/openssl x509'
+cmd='../util/shlib_wrap.sh ../apps/openssl x509'
 
 if [ "$1"x != "x" ]; then
 	t=$1
-- 
cgit v1.2.3-55-g6feb