From 807f310b065312b137e9eb85536bc668e67ee7b9 Mon Sep 17 00:00:00 2001 From: markus <> Date: Tue, 3 Sep 2002 21:43:59 +0000 Subject: sync these files with openssl-0.9.7-beta1, too --- src/lib/libssl/test/maketests.com | 30 +------- src/lib/libssl/test/testgen.com | 24 ++++-- src/lib/libssl/test/testss.com | 19 ++++- src/lib/libssl/test/testssl.com | 155 +++++++++++++++++++++++++++----------- src/lib/libssl/test/trsa.com | 11 +++ 5 files changed, 159 insertions(+), 80 deletions(-) (limited to 'src/lib/libssl/test') diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com index b3bf8bb837..f7ff8fe407 100644 --- a/src/lib/libssl/test/maketests.com +++ b/src/lib/libssl/test/maketests.com @@ -910,8 +910,7 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - - .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -960,32 +959,6 @@ $! Done with UCX $! $ ENDIF $! -$! Check to see if TCPIP was chosen -$! -$ IF P4.EQS."TCPIP" -$ THEN -$! -$! Set the library to use TCPIP (post UCX). -$! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" -$! -$! Done with TCPIP -$! -$ ENDIF -$! -$! Check to see if NONE was chosen -$! -$ IF P4.EQS."NONE" -$ THEN -$! -$! Do not use a TCPIP library. -$! -$ TCPIP_LIB = "" -$! -$! Done with NONE -$! -$ ENDIF -$! $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB @@ -1001,7 +974,6 @@ $ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." -$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. diff --git a/src/lib/libssl/test/testgen.com b/src/lib/libssl/test/testgen.com index 0e9029371a..5d28ebec72 100644 --- a/src/lib/libssl/test/testgen.com +++ b/src/lib/libssl/test/testgen.com @@ -16,23 +16,35 @@ $ set on $ $ write sys$output "generating certificate request" $ -$ write sys$output "There should be a 2 sequences of .'s and some +'s." -$ write sys$output "There should not be more that at most 80 per line" -$ write sys$output "This could take some time." -$ $ append/new nl: .rnd $ open/append random_file .rnd $ write random_file "string to make the random number generator think it has entropy" $ close random_file $ -$ mcr 'exe_dir'openssl req -config test.cnf -new -out testreq.pem +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ write sys$output "There should be a 2 sequences of .'s and some +'s." +$ write sys$output "There should not be more that at most 80 per line" +$ endif +$ +$ write sys$output "This could take some time." +$ +$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem $ if $severity .ne. 1 $ then $ write sys$output "problems creating request" $ exit 3 $ endif $ -$ mcr 'exe_dir'openssl req -verify -in testreq.pem -noout +$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout $ if $severity .ne. 1 $ then $ write sys$output "signature on req is wrong" diff --git a/src/lib/libssl/test/testss.com b/src/lib/libssl/test/testss.com index ce2c4b43f6..685ae5043d 100644 --- a/src/lib/libssl/test/testss.com +++ b/src/lib/libssl/test/testss.com @@ -4,7 +4,7 @@ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ -$ digest="-mdc2" +$ digest="-md5" $ reqcmd := mcr 'exe_dir'openssl req $ x509cmd := mcr 'exe_dir'openssl x509 'digest' $ verifycmd := mcr 'exe_dir'openssl verify @@ -23,7 +23,20 @@ $ Ucert="""certU.ss""" $ $ write sys$output "" $ write sys$output "make a certificate request using 'req'" -$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ endif +$ +$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss $ if $severity .ne. 1 $ then $ write sys$output "error using 'req' to generate a certificate request" @@ -73,7 +86,7 @@ $ $ write sys$output "" $ write sys$output "make another certificate request using 'req'" $ define /user sys$output err.ss -$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new +$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' $ if $severity .ne. 1 $ then $ write sys$output "error using 'req' to generate a certificate request" diff --git a/src/lib/libssl/test/testssl.com b/src/lib/libssl/test/testssl.com index 0b4b0a0ad3..785f262f5a 100644 --- a/src/lib/libssl/test/testssl.com +++ b/src/lib/libssl/test/testssl.com @@ -2,118 +2,189 @@ $! TESTSSL.COM $ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP -$ exe_dir := sys$disk:[-.'__arch'.exe.test] -$ -$ copy/concatenate [-.certs]*.pem certs.tmp +$ texe_dir := sys$disk:[-.'__arch'.exe.test] +$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ +$ if p1 .eqs. "" +$ then +$ key="[-.apps]server.pem" +$ else +$ key=p1 +$ endif +$ if p2 .eqs. "" +$ then +$ cert="[-.apps]server.pem" +$ else +$ cert=p2 +$ endif +$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' +$ +$ define/user sys$output testssl-x509-output. +$ define/user sys$error nla0: +$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout +$ set noon +$ define/user sys$error nla0: +$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact +$ if $severity .eq. 1 +$ then +$ dsa_cert := YES +$ else +$ dsa_cert := NO +$ endif +$ set on +$ delete testssl-x509-output.;* +$ +$ if p3 .eqs. "" +$ then +$ copy/concatenate [-.certs]*.pem certs.tmp +$ CA = """-CAfile"" certs.tmp" +$ else +$ CA = """-CAfile"" "+p3 +$ endif +$ +$!########################################################################### $ $ write sys$output "test sslv2" -$ mcr 'exe_dir'ssltest -ssl2 +$ 'ssltest' -ssl2 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with server authentication" -$ mcr 'exe_dir'ssltest -ssl2 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl2 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with client authentication" -$ mcr 'exe_dir'ssltest -ssl2 -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2 with client authentication" +$ 'ssltest' -ssl2 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with both client and server authentication" -$ mcr 'exe_dir'ssltest -ssl2 -server_auth -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ write sys$output "test sslv2 with both client and server authentication" +$ 'ssltest' -ssl2 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ endif $ $ write sys$output "test sslv3" -$ mcr 'exe_dir'ssltest -ssl3 +$ 'ssltest' -ssl3 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with server authentication" -$ mcr 'exe_dir'ssltest -ssl3 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl3 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with client authentication" -$ mcr 'exe_dir'ssltest -ssl3 -client_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl3 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with both client and server authentication" -$ mcr 'exe_dir'ssltest -ssl3 -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3" -$ mcr 'exe_dir'ssltest +$ 'ssltest' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with server authentication" -$ mcr 'exe_dir'ssltest -server_auth "-CAfile" certs.tmp +$ 'ssltest' -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with client authentication" -$ mcr 'exe_dir'ssltest -client_auth "-CAfile" certs.tmp +$ 'ssltest' -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with both client and server authentication" -$ mcr 'exe_dir'ssltest -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -dhe1024 -v +$ 'ssltest' -bio_pair -ssl2 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with client authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with both client and server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ write sys$output "test sslv2 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ endif $ $ write sys$output "test sslv3 via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 +$ 'ssltest' -bio_pair -ssl3 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with client authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ write sys$output "test sslv3 with both client and server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 via BIO pair" -$ mcr 'exe_dir'ssltest +$ 'ssltest' $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -no_dhe +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" +$ 'ssltest' -bio_pair -no_dhe +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" +$ 'ssltest' -bio_pair -dhe1024dsa -v $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with server authentication" -$ mcr 'exe_dir'ssltest -bio_pair -server_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ +$!########################################################################### +$ +$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" +$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping RSA tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ $ RET = 1 $ goto exit $ exit3: $ RET = 3 $ exit: -$ delete certs.tmp;* +$ if p3 .eqs. "" then delete certs.tmp;* $ exit 'RET' diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com index 28add5eefd..6b6c318e2b 100644 --- a/src/lib/libssl/test/trsa.com +++ b/src/lib/libssl/test/trsa.com @@ -4,6 +4,17 @@ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping RSA conversion test" +$ exit +$ endif +$ $ cmd := mcr 'exe_dir'openssl rsa $ $ t := testrsa.pem -- cgit v1.2.3-55-g6feb