For now, I'm moving them into Attic/. They will be removed later.
Reviewed-by: Rich Salz <rsalz@openssl.org>
--- /dev/null
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'bc'
+# is installed.
+# ('make test_bn' should not try to run 'bc' if it does not exist or if
+# it is a broken 'bc' version that is known to cause trouble.)
+#
+# If 'bc' works, we also test if it knows the 'print' command.
+#
+# In any case, output an appropriate command line for running (or not
+# running) bc.
+
+
+IFS=:
+try_without_dir=true
+# First we try "bc", then "$dir/bc" for each item in $PATH.
+for dir in dummy:$PATH; do
+ if [ "$try_without_dir" = true ]; then
+ # first iteration
+ bc=bc
+ try_without_dir=false
+ else
+ # second and later iterations
+ bc="$dir/bc"
+ if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
+ bc=''
+ fi
+ fi
+
+ if [ ! "$bc" = '' ]; then
+ failure=none
+
+
+ # Test for SunOS 5.[78] bc bug
+ "$bc" >tmp.bctest <<\EOF
+obase=16
+ibase=16
+a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
+CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
+10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
+C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
+3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
+4FC3CADF855448B24A9D7640BCF473E
+b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
+9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
+8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
+3ED0E2017D60A68775B75481449
+(a/b)*b + (a%b) - a
+EOF
+ if [ 0 != "`cat tmp.bctest`" ]; then
+ failure=SunOStest
+ fi
+
+
+ if [ "$failure" = none ]; then
+ # Test for SCO bc bug.
+ "$bc" >tmp.bctest <<\EOF
+obase=16
+ibase=16
+-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
+9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
+11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
+1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
+AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
+F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
+B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
+02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
+85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
+A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
+E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
+8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
+04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
+89C8D71
+AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
+928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
+8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
+37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
+E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
+F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
+9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
+D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
+5296964
+EOF
+ if [ "0
+0" != "`cat tmp.bctest`" ]; then
+ failure=SCOtest
+ fi
+ fi
+
+
+ if [ "$failure" = none ]; then
+ # bc works; now check if it knows the 'print' command.
+ if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
+ then
+ echo "$bc"
+ else
+ echo "sed 's/print.*//' | $bc"
+ fi
+ exit 0
+ fi
+
+ echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
+ fi
+done
+
+echo "No working bc found. Consider installing GNU bc." >&2
+if [ "$1" = ignore ]; then
+ echo "cat >/dev/null"
+ exit 0
+fi
+exit 1
--- /dev/null
+$!
+$! Check operation of "bc".
+$!
+$! 2010-04-05 SMS. New. Based (loosely) on "bctest".
+$!
+$!
+$ tmp_file_name = "tmp.bctest"
+$ failure = ""
+$!
+$! Basic command test.
+$!
+$ on warning then goto bc_fail
+$ bc
+$ on error then exit
+$!
+$! Test for SunOS 5.[78] bc bug.
+$!
+$ if (failure .eqs. "")
+$ then
+$!
+$ define /user_mode sys$output 'tmp_file_name'
+$ bc
+obase=16
+ibase=16
+a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
+CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
+10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
+C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
+3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
+4FC3CADF855448B24A9D7640BCF473E
+b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
+9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
+8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
+3ED0E2017D60A68775B75481449
+(a/b)*b + (a%b) - a
+$ status = $status
+$ output_expected = "0"
+$ gosub check_output
+$ if (output .ne. 1)
+$ then
+$ failure = "SunOStest"
+$ else
+$ delete 'f$parse( tmp_file_name)'
+$ endif
+$ endif
+$!
+$! Test for SCO bc bug.
+$!
+$ if (failure .eqs. "")
+$ then
+$!
+$ define /user_mode sys$output 'tmp_file_name'
+$ bc
+obase=16
+ibase=16
+-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
+9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
+11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
+1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
+AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
+F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
+B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
+02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
+85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
+A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
+E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
+8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
+04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
+89C8D71
+AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
+928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
+8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
+37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
+E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
+F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
+9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
+D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
+5296964
+$ status = $status
+$ output_expected = "0\0"
+$ gosub check_output
+$ if (output .ne. 1)
+$ then
+$ failure = "SCOtest"
+$ else
+$ delete 'f$parse( tmp_file_name)'
+$ endif
+$ endif
+$!
+$! Test for working 'print' command.
+$!
+$ if (failure .eqs. "")
+$ then
+$!
+$ define /user_mode sys$output 'tmp_file_name'
+$ bc
+print "OK"
+$ status = $status
+$ output_expected = "OK"
+$ gosub check_output
+$ if (output .ne. 1)
+$ then
+$ failure = "printtest"
+$ else
+$ delete 'f$parse( tmp_file_name)'
+$ endif
+$ endif
+$!
+$ if (failure .nes. "")
+$ then
+$ write sys$output -
+ "No working bc found. Consider installing GNU bc."
+$ exit %X00030000 ! %DCL-W-NORMAL
+$ endif
+$!
+$ exit
+$!
+$!
+$! Complete "bc" command failure.
+$!
+$ bc_fail:
+$ write sys$output -
+ "No ""bc"" program/symbol found. Consider installing GNU bc."
+$ exit %X00030000 ! %DCL-W-NORMAL
+$!
+$!
+$! Output check subroutine.
+$!
+$ check_output:
+$ eof = 0
+$ line_nr = 0
+$ open /read tmp_file 'tmp_file_name'
+$ c_o_loop:
+$ read /error = error_read tmp_file line
+$ goto ok_read
+$ error_read:
+$ eof = 1
+$ ok_read:
+$ line_expected = f$element( line_nr, "\", output_expected)
+$ line_nr = line_nr+ 1
+$ if ((line_expected .nes. "\") .and. (.not. eof) .and. -
+ (line_expected .eqs. line)) then goto c_o_loop
+$!
+$ if ((line_expected .eqs. "\") .and. eof)
+$ then
+$ output = 1
+$ else
+$ output = 0
+$ endif
+$ close tmp_file
+$ return
+$!
--- /dev/null
+$!
+$! Analyze bntest output file.
+$!
+$! Exit status = 1 (success) if all tests passed,
+$! 0 (warning) if any test failed.
+$!
+$! 2011-02-20 SMS. Added code to skip "#" comments in the input file.
+$!
+$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh.
+$!
+$! Expect data like:
+$! test test_name1
+$! 0
+$! [...]
+$! test test_name2
+$! 0
+$! [...]
+$! [...]
+$!
+$! Some tests have no following "0" lines.
+$!
+$ result_file_name = f$edit( p1, "TRIM")
+$ if (result_file_name .eqs. "")
+$ then
+$ result_file_name = "bntest-vms.out"
+$ endif
+$!
+$ fail = 0
+$ passed = 0
+$ tests = 0
+$!
+$ on control_c then goto tidy
+$ on error then goto tidy
+$!
+$ open /read result_file 'result_file_name'
+$!
+$ read_loop:
+$ read /end = read_loop_end /error = tidy result_file line
+$ t1 = f$element( 0, " ", line)
+$!
+$! Skip "#" comment lines.
+$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then -
+ goto read_loop
+$!
+$ if (t1 .eqs. "test")
+$ then
+$ passed = passed+ 1
+$ tests = tests+ 1
+$ fail = 1
+$ t2 = f$extract( 5, 1000, line)
+$ write sys$output "verify ''t2'"
+$ else
+$ if (t1 .nes. "0")
+$ then
+$ write sys$output "Failed! bc: ''line'"
+$ passed = passed- fail
+$ fail = 0
+$ endif
+$ endif
+$ goto read_loop
+$ read_loop_end:
+$ write sys$output "''passed'/''tests' tests passed"
+$!
+$ tidy:
+$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE")
+$ then
+$ close result_file
+$ endif
+$!
+$ if ((tests .gt. 0) .and. (tests .eq. passed))
+$ then
+$ exit 1
+$ else
+$ exit 0
+$ endif
+$!
--- /dev/null
+# test/cms-test.pl
+# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+# project.
+#
+# ====================================================================
+# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# licensing@OpenSSL.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+
+# CMS, PKCS7 consistency test script. Run extensive tests on
+# OpenSSL PKCS#7 and CMS implementations.
+
+my $ossl_path;
+my $redir = " 2> cms.err > cms.out";
+# Make VMS work
+if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
+ $ossl_path = "pipe mcr OSSLX:openssl";
+ $null_path = "NL:";
+ # On VMS, the lowest 3 bits of the exit code indicates severity
+ # 1 is success (perl translates it to 0 for $?), 2 is error
+ # (perl doesn't translate it)
+ $failure_code = 512; # 2 << 8 = 512
+}
+# Make MSYS work
+elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
+ $ossl_path = "cmd /c ..\\apps\\openssl";
+ $null_path = "NUL";
+ $failure_code = 256;
+}
+elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
+ $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
+ $null_path = "/dev/null";
+ $failure_code = 256;
+}
+elsif ( -f "..\\out32dll\\openssl.exe" ) {
+ $ossl_path = "..\\out32dll\\openssl.exe";
+ $null_path = "NUL";
+ $failure_code = 256;
+}
+elsif ( -f "..\\out32\\openssl.exe" ) {
+ $ossl_path = "..\\out32\\openssl.exe";
+ $null_path = "NUL";
+ $failure_code = 256;
+}
+else {
+ die "Can't find OpenSSL executable";
+}
+
+my $pk7cmd = "$ossl_path smime ";
+my $cmscmd = "$ossl_path cms ";
+my $smdir = "smime-certs";
+my $halt_err = 1;
+
+my $badcmd = 0;
+my $no_ec;
+my $no_ec2m;
+my $no_ecdh;
+my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
+
+system ("$ossl_path no-cms > $null_path");
+if ($? == 0)
+ {
+ print "CMS disabled\n";
+ exit 0;
+ }
+
+system ("$ossl_path no-ec > $null_path");
+if ($? == 0)
+ {
+ $no_ec = 1;
+ }
+elsif ($? == $failure_code)
+ {
+ $no_ec = 0;
+ }
+else
+ {
+ die "Error checking for EC support\n";
+ }
+
+system ("$ossl_path no-ec2m > $null_path");
+if ($? == 0)
+ {
+ $no_ec2m = 1;
+ }
+elsif ($? == $failure_code)
+ {
+ $no_ec2m = 0;
+ }
+else
+ {
+ die "Error checking for EC2M support\n";
+ }
+
+system ("$ossl_path no-ec > $null_path");
+if ($? == 0)
+ {
+ $no_ecdh = 1;
+ }
+elsif ($? == $failure_code)
+ {
+ $no_ecdh = 0;
+ }
+else
+ {
+ die "Error checking for ECDH support\n";
+ }
+
+my @smime_pkcs7_tests = (
+
+ [
+ "signed content DER format, RSA key",
+ "-sign -in smcont.txt -outform \"DER\" -nodetach"
+ . " -certfile $smdir/smroot.pem"
+ . " -signer $smdir/smrsa1.pem -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed detached content DER format, RSA key",
+ "-sign -in smcont.txt -outform \"DER\""
+ . " -signer $smdir/smrsa1.pem -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+ ],
+
+ [
+ "signed content test streaming BER format, RSA",
+ "-sign -in smcont.txt -outform \"DER\" -nodetach"
+ . " -stream -signer $smdir/smrsa1.pem -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content DER format, DSA key",
+ "-sign -in smcont.txt -outform \"DER\" -nodetach"
+ . " -signer $smdir/smdsa1.pem -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed detached content DER format, DSA key",
+ "-sign -in smcont.txt -outform \"DER\""
+ . " -signer $smdir/smdsa1.pem -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+ ],
+
+ [
+ "signed detached content DER format, add RSA signer",
+ "-resign -inform \"DER\" -in test.cms -outform \"DER\""
+ . " -signer $smdir/smrsa1.pem -out test2.cms",
+ "-verify -in test2.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+ ],
+
+ [
+ "signed content test streaming BER format, DSA key",
+ "-sign -in smcont.txt -outform \"DER\" -nodetach"
+ . " -stream -signer $smdir/smdsa1.pem -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
+ "-sign -in smcont.txt -outform \"DER\" -nodetach"
+ . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+ . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+ . " -stream -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
+ "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
+ . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+ . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+ . " -stream -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
+ "-sign -in smcont.txt -nodetach"
+ . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+ . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+ . " -stream -out test.cms",
+ "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
+ "-sign -in smcont.txt"
+ . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+ . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+ . " -stream -out test.cms",
+ "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "enveloped content test streaming S/MIME format, 3 recipients",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+ "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+ "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, 3 recipients, key only used",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+ "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+ "-encrypt -in smcont.txt"
+ . " -aes256 -stream -out test.cms"
+ . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+ "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+ ],
+
+);
+
+my @smime_cms_tests = (
+
+ [
+ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
+ "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
+ . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+ . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+ . " -stream -out test.cms",
+ "-verify -in test.cms -inform \"DER\" "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
+ "-sign -in smcont.txt -outform PEM -nodetach"
+ . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
+ . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
+ . " -stream -out test.cms",
+ "-verify -in test.cms -inform PEM "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content MIME format, RSA key, signed receipt request",
+ "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
+ . " -receipt_request_to test\@openssl.org -receipt_request_all"
+ . " -out test.cms",
+ "-verify -in test.cms "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed receipt MIME format, RSA key",
+ "-sign_receipt -in test.cms"
+ . " -signer $smdir/smrsa2.pem"
+ . " -out test2.cms",
+ "-verify_receipt test2.cms -in test.cms"
+ . " \"-CAfile\" $smdir/smroot.pem"
+ ],
+
+ [
+ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms -keyid"
+ . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
+ "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+ "enveloped content test streaming PEM format, KEK",
+ "-encrypt -in smcont.txt -outform PEM -aes128"
+ . " -stream -out test.cms "
+ . " -secretkey 000102030405060708090A0B0C0D0E0F "
+ . " -secretkeyid C0FEE0",
+ "-decrypt -in test.cms -out smtst.txt -inform PEM"
+ . " -secretkey 000102030405060708090A0B0C0D0E0F "
+ . " -secretkeyid C0FEE0"
+ ],
+
+ [
+ "enveloped content test streaming PEM format, KEK, key only",
+ "-encrypt -in smcont.txt -outform PEM -aes128"
+ . " -stream -out test.cms "
+ . " -secretkey 000102030405060708090A0B0C0D0E0F "
+ . " -secretkeyid C0FEE0",
+ "-decrypt -in test.cms -out smtst.txt -inform PEM"
+ . " -secretkey 000102030405060708090A0B0C0D0E0F "
+ ],
+
+ [
+ "data content test streaming PEM format",
+ "-data_create -in smcont.txt -outform PEM -nodetach"
+ . " -stream -out test.cms",
+ "-data_out -in test.cms -inform PEM -out smtst.txt"
+ ],
+
+ [
+ "encrypted content test streaming PEM format, 128 bit RC2 key",
+ "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
+ . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
+ . " -stream -out test.cms",
+ "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
+ . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
+ ],
+
+ [
+ "encrypted content test streaming PEM format, 40 bit RC2 key",
+ "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
+ . " -rc2 -secretkey 0001020304"
+ . " -stream -out test.cms",
+ "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
+ . " -secretkey 0001020304 -out smtst.txt"
+ ],
+
+ [
+ "encrypted content test streaming PEM format, triple DES key",
+ "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
+ . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
+ . " -stream -out test.cms",
+ "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
+ . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
+ . " -out smtst.txt"
+ ],
+
+ [
+ "encrypted content test streaming PEM format, 128 bit AES key",
+ "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
+ . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
+ . " -stream -out test.cms",
+ "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
+ . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
+ ],
+
+);
+
+my @smime_cms_comp_tests = (
+
+ [
+ "compressed content test streaming PEM format",
+ "-compress -in smcont.txt -outform PEM -nodetach"
+ . " -stream -out test.cms",
+ "-uncompress -in test.cms -inform PEM -out smtst.txt"
+ ]
+
+);
+
+my @smime_cms_param_tests = (
+ [
+ "signed content test streaming PEM format, RSA keys, PSS signature",
+ "-sign -in smcont.txt -outform PEM -nodetach"
+ . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
+ . " -out test.cms",
+ "-verify -in test.cms -inform PEM "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
+ "-sign -in smcont.txt -outform PEM -nodetach -noattr"
+ . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
+ . " -out test.cms",
+ "-verify -in test.cms -inform PEM "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
+ "-sign -in smcont.txt -outform PEM -nodetach"
+ . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
+ . " -keyopt rsa_mgf1_md:sha384 -out test.cms",
+ "-verify -in test.cms -inform PEM "
+ . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, OAEP default parameters",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep",
+ "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, OAEP SHA256",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep"
+ . " -keyopt rsa_oaep_md:sha256",
+ "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, ECDH",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smec1.pem",
+ "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, ECDH, key identifier",
+ "-encrypt -keyid -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smec1.pem",
+ "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256",
+ "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smec2.pem -aes128"
+ . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1",
+ "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt"
+ ],
+
+ [
+"enveloped content test streaming S/MIME format, X9.42 DH",
+ "-encrypt -in smcont.txt"
+ . " -stream -out test.cms"
+ . " -recip $smdir/smdh.pem -aes128",
+ "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt"
+ ]
+);
+
+print "CMS => PKCS#7 compatibility tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
+
+print "CMS <= PKCS#7 compatibility tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
+
+print "CMS <=> CMS consistency tests\n";
+
+run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
+run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
+
+print "CMS <=> CMS consistency tests, modified key parameters\n";
+run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd );
+
+if ( `$ossl_path version -f` =~ /ZLIB/ ) {
+ run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
+}
+else {
+ print "Zlib not supported: compression tests skipped\n";
+}
+
+print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
+
+if ($badcmd) {
+ print "$badcmd TESTS FAILED!!\n";
+}
+else {
+ print "ALL TESTS SUCCESSFUL.\n";
+}
+
+unlink "test.cms";
+unlink "test2.cms";
+unlink "smtst.txt";
+unlink "cms.out";
+unlink "cms.err";
+
+sub run_smime_tests {
+ my ( $rv, $aref, $scmd, $vcmd ) = @_;
+
+ foreach $smtst (@$aref) {
+ my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
+ if ($ossl8)
+ {
+ # Skip smime resign: 0.9.8 smime doesn't support -resign
+ next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
+ # Disable streaming: option not supported in 0.9.8
+ $tnam =~ s/streaming//;
+ $rscmd =~ s/-stream//;
+ $rvcmd =~ s/-stream//;
+ }
+ if ($no_ec && $tnam =~ /ECDH/)
+ {
+ print "$tnam: skipped, EC disabled\n";
+ next;
+ }
+ if ($no_ecdh && $tnam =~ /ECDH/)
+ {
+ print "$tnam: skipped, ECDH disabled\n";
+ next;
+ }
+ if ($no_ec2m && $tnam =~ /K-283/)
+ {
+ print "$tnam: skipped, EC2M disabled\n";
+ next;
+ }
+ system("$scmd$rscmd$redir");
+ if ($?) {
+ print "$tnam: generation error\n";
+ $$rv++;
+ exit 1 if $halt_err;
+ next;
+ }
+ system("$vcmd$rvcmd$redir");
+ if ($?) {
+ print "$tnam: verify error\n";
+ $$rv++;
+ exit 1 if $halt_err;
+ next;
+ }
+ if (!cmp_files("smtst.txt", "smcont.txt")) {
+ print "$tnam: content verify error\n";
+ $$rv++;
+ exit 1 if $halt_err;
+ next;
+ }
+ print "$tnam: OK\n";
+ }
+}
+
+sub cmp_files {
+ use FileHandle;
+ my ( $f1, $f2 ) = @_;
+ my $fp1 = FileHandle->new();
+ my $fp2 = FileHandle->new();
+
+ my ( $rd1, $rd2 );
+
+ if ( !open( $fp1, "<$f1" ) ) {
+ print STDERR "Can't Open file $f1\n";
+ return 0;
+ }
+
+ if ( !open( $fp2, "<$f2" ) ) {
+ print STDERR "Can't Open file $f2\n";
+ return 0;
+ }
+
+ binmode $fp1;
+ binmode $fp2;
+
+ my $ret = 0;
+
+ for ( ; ; ) {
+ $n1 = sysread $fp1, $rd1, 4096;
+ $n2 = sysread $fp2, $rd2, 4096;
+ last if ( $n1 != $n2 );
+ last if ( $rd1 ne $rd2 );
+
+ if ( $n1 == 0 ) {
+ $ret = 1;
+ last;
+ }
+
+ }
+
+ close $fp1;
+ close $fp2;
+
+ return $ret;
+
+}
+
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl crl'
+
+if [ "$1"x != "x" ]; then
+ t=$1
+else
+ t=testcrl.pem
+fi
+
+echo testing crl conversions
+cp $t crl-fff.p
+
+echo "p -> d"
+$cmd -in crl-fff.p -inform p -outform d >crl-f.d || exit 1
+echo "p -> p"
+$cmd -in crl-fff.p -inform p -outform p >crl-f.p || exit 1
+
+echo "d -> d"
+$cmd -in crl-f.d -inform d -outform d >crl-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in crl-f.p -inform p -outform d >crl-ff.d3 || exit 1
+
+
+echo "d -> p"
+$cmd -in crl-f.d -inform d -outform p >crl-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in crl-f.p -inform p -outform p >crl-ff.p3 || exit 1
+
+cmp crl-fff.p crl-f.p || exit 1
+cmp crl-fff.p crl-ff.p1 || exit 1
+cmp crl-fff.p crl-ff.p3 || exit 1
+cmp crl-f.p crl-ff.p1 || exit 1
+cmp crl-f.p crl-ff.p3 || exit 1
+
+/bin/rm -f crl-f.* crl-ff.* crl-fff.*
+exit 0
--- /dev/null
+$! TCRL.COM -- Tests crl keys
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''exe_dir'openssl crl"
+$
+$ t = "testcrl.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing CRL conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
--- /dev/null
+#!/bin/sh
+
+set -e
+
+PERL="$1"
+
+if test "$OSTYPE" = msdosdjgpp; then
+ PATH="../apps\;$PATH"
+else
+ PATH="../apps:$PATH"
+fi
+export PATH
+
+export SSLEAY_CONFIG OPENSSL
+
+/bin/rm -fr demoCA
+
+SSLEAY_CONFIG="-config CAss.cnf"
+OPENSSL="`pwd`/../util/opensslwrap.sh"
+
+$PERL ../apps/CA.pl -newca </dev/null
+
+SSLEAY_CONFIG="-config Uss.cnf"
+$PERL ../apps/CA.pl -newreq
+
+SSLEAY_CONFIG="-config ../apps/openssl.cnf"
+yes | $PERL ../apps/CA.pl -sign
+
+$PERL ../apps/CA.pl -verify newcert.pem
+
+/bin/rm -fr demoCA newcert.pem newreq.pem
--- /dev/null
+$! TESTCA.COM
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
+$
+$ openssl = "mcr ''exe_dir'openssl"
+$
+$ SSLEAY_CONFIG="-config ""CAss.cnf"""
+$
+$ set noon
+$ if f$search("demoCA.dir") .nes. ""
+$ then
+$ @[-.util]deltree [.demoCA]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$ delete demoCA.dir;*
+$ endif
+$ set on
+$ open/read sys$ca_input VMSca-response.1
+$ @[-.apps]CA.com -input sys$ca_input -newca
+$ close sys$ca_input
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ SSLEAY_CONFIG="-config ""Uss.cnf"""
+$ @[-.apps]CA.com -newreq
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
+$ open/read sys$ca_input VMSca-response.2
+$ @[-.apps]CA.com -input sys$ca_input -sign
+$ close sys$ca_input
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ @[-.apps]CA.com -verify newcert.pem
+$ if $severity .ne. 1 then exit 3
+$
+$ set noon
+$ @[-.util]deltree [.demoCA]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$ delete demoCA.dir;*
+$ if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
+$ if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
+$ set on
+$! #usage: CA -newcert|-newreq|-newca|-sign|-verify
+$
+$ exit
--- /dev/null
+#!/bin/sh
+
+testsrc=testenc
+test=./p
+
+cmd="../util/shlib_wrap.sh ../apps/openssl"
+
+cat $testsrc >$test;
+
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear || exit 1
+/bin/rm $test.cipher $test.clear
+
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear || exit 1
+/bin/rm $test.cipher $test.clear
+
+for i in `$cmd list -cipher-commands`
+do
+ echo $i
+ $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+ $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+ cmp $test $test.$i.clear || exit 1
+ /bin/rm $test.$i.cipher $test.$i.clear
+
+ echo $i base64
+ $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+ $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+ cmp $test $test.$i.clear || exit 1
+ /bin/rm $test.$i.cipher $test.$i.clear
+done
+rm -f $test
--- /dev/null
+$! TESTENC.COM -- Test encoding and decoding
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p1 .eqs. 64) then __arch = __arch+ "_64"
+$
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$ testsrc = "makefile."
+$ test = "p.txt"
+$ cmd = "mcr ''exe_dir'openssl"
+$
+$ if f$search(test) .nes. "" then delete 'test';*
+$ convert/fdl=sys$input: 'testsrc' 'test'
+RECORD
+ FORMAT STREAM_LF
+$
+$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
+$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
+$
+$ write sys$output "cat"
+$ 'cmd' enc -in 'test' -out 'test'-cipher
+$ 'cmd' enc -in 'test'-cipher -out 'test'-clear
+$ backup/compare 'test' 'test'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-cipher;*,'test'-clear;*
+$
+$ write sys$output "base64"
+$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher
+$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
+$ backup/compare 'test' 'test'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-cipher;*,'test'-clear;*
+$
+$ define/user sys$output 'test'-cipher-commands
+$ 'cmd' list -cipher-commands
+$ open/read f 'test'-cipher-commands
+$ loop_cipher_commands:
+$ read/end=loop_cipher_commands_end f i
+$ write sys$output i
+$
+$ if f$search(test+"-"+i+"-cipher") .nes. "" then -
+ delete 'test'-'i'-cipher;*
+$ if f$search(test+"-"+i+"-clear") .nes. "" then -
+ delete 'test'-'i'-clear;*
+$
+$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
+$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$ backup/compare 'test' 'test'-'i'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$ write sys$output i," base64"
+$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
+$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$ backup/compare 'test' 'test'-'i'-clear
+$ if $severity .ne. 1 then exit 3
+$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$ goto loop_cipher_commands
+$ loop_cipher_commands_end:
+$ close f
+$ delete 'test'-cipher-commands;*
+$ delete 'test';*
--- /dev/null
+#!/bin/sh
+
+T=testcert
+KEY=512
+CA=../certs/testca.pem
+
+/bin/rm -f $T.1 $T.2 $T.key
+
+if test "$OSTYPE" = msdosdjgpp; then
+ PATH=../apps\;$PATH;
+else
+ PATH=../apps:$PATH;
+fi
+export PATH
+
+echo "generating certificate request"
+
+echo "string to make the random number generator think it has entropy" >> ./.rnd
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
+ req_new='-newkey dsa:../apps/dsa512.pem'
+else
+ req_new='-new'
+ echo "There should be a 2 sequences of .'s and some +'s."
+ echo "There should not be more that at most 80 per line"
+fi
+
+rm -f testkey.pem testreq.pem
+
+echo Generating request
+../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem || exit 1
+
+echo Verifying signature on request
+../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout || exit 1
+
+exit 0
--- /dev/null
+$! TESTGEN.COM
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$ if (p1 .eqs. 64) then __arch = __arch+ "_64"
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ T = "testcert"
+$ KEY = 512
+$ CA = "[-.certs]testca.pem"
+$
+$ set noon
+$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
+$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
+$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
+$ set on
+$
+$ write sys$output "generating certificate request"
+$
+$ append/new nl: .rnd
+$ open/append random_file .rnd
+$ write random_file -
+ "string to make the random number generator think it has entropy"
+$ close random_file
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ req_new="-newkey dsa:[-.apps]dsa512.pem"
+$ else
+$ req_new="-new"
+$ write sys$output -
+ "There should be a 2 sequences of .'s and some +'s."
+$ write sys$output -
+ "There should not be more that at most 80 per line"
+$ endif
+$
+$ write sys$output "This could take some time."
+$
+$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
+$ if $severity .ne. 1
+$ then
+$ write sys$output "problems creating request"
+$ exit 3
+$ endif
+$
+$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
+$ if $severity .ne. 1
+$ then
+$ write sys$output "signature on req is wrong"
+$ exit 3
+$ endif
--- /dev/null
+#!/bin/sh
+
+digest='-sha1'
+reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
+x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
+verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
+dummycnf="../apps/openssl.cnf"
+
+CAkey="keyCA.ss"
+CAcert="certCA.ss"
+CAserial="certCA.srl"
+CAreq="reqCA.ss"
+CAconf="CAss.cnf"
+CAreq2="req2CA.ss" # temp
+
+Uconf="Uss.cnf"
+Ukey="keyU.ss"
+Ureq="reqU.ss"
+Ucert="certU.ss"
+
+Dkey="keyD.ss"
+Dreq="reqD.ss"
+Dcert="certD.ss"
+
+Ekey="keyE.ss"
+Ereq="reqE.ss"
+Ecert="certE.ss"
+
+P1conf="P1ss.cnf"
+P1key="keyP1.ss"
+P1req="reqP1.ss"
+P1cert="certP1.ss"
+P1intermediate="tmp_intP1.ss"
+
+P2conf="P2ss.cnf"
+P2key="keyP2.ss"
+P2req="reqP2.ss"
+P2cert="certP2.ss"
+P2intermediate="tmp_intP2.ss"
+
+
+echo string to make the random number generator think it has entropy >> ./.rnd
+
+req_dsa='-newkey dsa:../apps/dsa1024.pem'
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
+ req_new=$req_dsa
+else
+ req_new='-new'
+fi
+
+echo make cert request
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1
+
+echo convert request into self-signed cert
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1
+
+echo convert cert into a cert request
+$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1
+
+echo verify request 1
+$reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1
+
+echo verify request 1
+$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1
+
+echo verify signature
+$verifycmd -CAfile $CAcert $CAcert || exit 1
+
+echo make a user cert request
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1
+
+echo sign user cert request
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1
+$verifycmd -CAfile $CAcert $Ucert || exit 1
+
+echo Certificate details
+$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1
+
+if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
+ echo skipping DSA certificate creation
+else
+ echo make a DSA user cert request
+ CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1
+
+ echo sign DSA user cert request
+ $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1
+ $verifycmd -CAfile $CAcert $Dcert || exit 1
+
+ echo DSA Certificate details
+ $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1
+
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
+ echo skipping ECDSA/ECDH certificate creation
+else
+ echo make an ECDSA/ECDH user cert request
+ ../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1
+ CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1
+
+ echo sign ECDSA/ECDH user cert request
+ $x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1
+ $verifycmd -CAfile $CAcert $Ecert || exit 1
+
+ echo ECDSA Certificate details
+ $x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1
+
+fi
+
+echo make a proxy cert request
+$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1
+
+echo sign proxy with user cert
+$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1
+
+cat $Ucert > $P1intermediate
+$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
+echo Certificate details
+$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
+
+echo make another proxy cert request
+$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1
+
+echo sign second proxy cert request with the first proxy cert
+$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1
+
+echo Certificate details
+cat $Ucert $P1cert > $P2intermediate
+$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
+$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
+
+echo The generated CA certificate is $CAcert
+echo The generated CA private key is $CAkey
+echo The generated user certificate is $Ucert
+echo The generated user private key is $Ukey
+echo The first generated proxy certificate is $P1cert
+echo The first generated proxy private key is $P1key
+echo The second generated proxy certificate is $P2cert
+echo The second generated proxy private key is $P2key
+
+/bin/rm err.ss
+exit 0
--- /dev/null
+$! TESTSS.COM
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ digest="-md5"
+$ reqcmd = "mcr ''exe_dir'openssl req"
+$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
+$ verifycmd = "mcr ''exe_dir'openssl verify"
+$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
+$
+$ CAkey="""keyCA.ss"""
+$ CAcert="""certCA.ss"""
+$ CAreq="""reqCA.ss"""
+$ CAconf="""CAss.cnf"""
+$ CAreq2="""req2CA.ss""" ! temp
+$
+$ Uconf="""Uss.cnf"""
+$ Ukey="""keyU.ss"""
+$ Ureq="""reqU.ss"""
+$ Ucert="""certU.ss"""
+$
+$ write sys$output ""
+$ write sys$output "make a certificate request using 'req'"
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ req_new="-newkey dsa:[-.apps]dsa512.pem"
+$ else
+$ req_new="-new"
+$ endif
+$
+$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'req' to generate a certificate request"
+$ exit 3
+$ endif
+$ write sys$output ""
+$ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
+$ define /user sys$output err.ss
+$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'x509' to self sign a certificate request"
+$ exit 3
+$ endif
+$
+$ write sys$output ""
+$ write sys$output "convert a certificate into a certificate request using 'x509'"
+$ define /user sys$output err.ss
+$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'x509' convert a certificate to a certificate request"
+$ exit 3
+$ endif
+$
+$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
+$ if $severity .ne. 1
+$ then
+$ write sys$output "first generated request is invalid"
+$ exit 3
+$ endif
+$
+$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
+$ if $severity .ne. 1
+$ then
+$ write sys$output "second generated request is invalid"
+$ exit 3
+$ endif
+$
+$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "first generated cert is invalid"
+$ exit 3
+$ endif
+$
+$ write sys$output ""
+$ write sys$output "make another certificate request using 'req'"
+$ define /user sys$output err.ss
+$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'req' to generate a certificate request"
+$ exit 3
+$ endif
+$
+$ write sys$output ""
+$ write sys$output "sign certificate request with the just created CA via 'x509'"
+$ define /user sys$output err.ss
+$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
+$ if $severity .ne. 1
+$ then
+$ write sys$output "error using 'x509' to sign a certificate request"
+$ exit 3
+$ endif
+$
+$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
+$ write sys$output ""
+$ write sys$output "Certificate details"
+$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
+$
+$ write sys$output ""
+$ write sys$output "The generated CA certificate is ",CAcert
+$ write sys$output "The generated CA private key is ",CAkey
+$
+$ write sys$output "The generated user certificate is ",Ucert
+$ write sys$output "The generated user private key is ",Ukey
+$
+$ if f$search("err.ss;*") .nes. "" then delete err.ss;*
--- /dev/null
+#!/bin/sh
+
+if [ "$1" = "" ]; then
+ key=../apps/server.pem
+else
+ key="$1"
+fi
+if [ "$2" = "" ]; then
+ cert=../apps/server.pem
+else
+ cert="$2"
+fi
+ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert"
+
+if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+ dsa_cert=YES
+else
+ dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+ CA="-CApath ../certs"
+else
+ CA="-CAfile $3"
+fi
+
+if [ "$4" = "" ]; then
+ extra=""
+else
+ extra="$4"
+fi
+
+serverinfo="./serverinfo.pem"
+
+#############################################################################
+
+echo test sslv3
+$ssltest -ssl3 $extra || exit 1
+
+echo test sslv3 with server authentication
+$ssltest -ssl3 -server_auth $CA $extra || exit 1
+
+echo test sslv3 with client authentication
+$ssltest -ssl3 -client_auth $CA $extra || exit 1
+
+echo test sslv3 with both client and server authentication
+$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3
+$ssltest $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication
+$ssltest -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication
+$ssltest -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv3 via BIO pair
+$ssltest -bio_pair -ssl3 $extra || exit 1
+
+echo test sslv3 with server authentication via BIO pair
+$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
+
+echo test sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
+
+echo test sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 via BIO pair
+$ssltest $extra || exit 1
+
+echo test dtlsv1
+$ssltest -dtls1 $extra || exit 1
+
+echo test dtlsv1 with server authentication
+$ssltest -dtls1 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1 with client authentication
+$ssltest -dtls1 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1 with both client and server authentication
+$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2
+$ssltest -dtls12 $extra || exit 1
+
+echo test dtlsv1.2 with server authentication
+$ssltest -dtls12 -server_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with client authentication
+$ssltest -dtls12 -client_auth $CA $extra || exit 1
+
+echo test dtlsv1.2 with both client and server authentication
+$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
+
+if [ $dsa_cert = NO ]; then
+ echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
+ $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
+fi
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
+test_cipher() {
+ _cipher=$1
+ echo "Testing $_cipher"
+ prot=""
+ if [ $2 = "SSLv3" ] ; then
+ prot="-ssl3"
+ fi
+ _exarg=$3
+ $ssltest $_exarg -cipher $_cipher $prot
+ if [ $? -ne 0 ] ; then
+ echo "Failed $_cipher"
+ exit 1
+ fi
+}
+
+echo "Testing ciphersuites"
+exkeys=""
+ciphers="-EXP:-PSK:-SRP:-kDH:-kECDHe"
+if ../util/shlib_wrap.sh ../apps/openssl no-dhparam >/dev/null; then
+ echo "skipping DHE tests"
+ ciphers="$ciphers:-kDHE"
+fi
+if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
+ echo "skipping DSA tests"
+ ciphers="$ciphers:-aDSA"
+else
+ exkeys="$exkeys -s_cert certD.ss -s_key keyD.ss"
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
+ echo "skipping EC tests"
+ ciphers="$ciphers:!aECDSA:!kECDH"
+else
+ exkeys="$exkeys -s_cert certE.ss -s_key keyE.ss"
+fi
+
+for protocol in TLSv1.2 SSLv3; do
+ echo "Testing ciphersuites for $protocol"
+ for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "$protocol:$ciphers" | tr ':' ' '`; do
+ test_cipher $cipher $protocol "$exkeys"
+ done
+ echo "testing connection with weak DH, expecting failure"
+ if [ $protocol = "SSLv3" ] ; then
+ $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
+ else
+ $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
+ fi
+ if [ $? -eq 0 ]; then
+ echo "FAIL: connection with weak DH succeeded"
+ exit 1
+ fi
+done
+
+#############################################################################
+
+if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
+ echo skipping anonymous DH tests
+else
+ echo test tls1 with 1024bit anonymous DH, multiple handshakes
+ $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
+ echo skipping RSA tests
+else
+ echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
+
+ if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
+ echo skipping RSA+DHE tests
+ else
+ echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+ ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+ fi
+fi
+
+echo test tls1 with PSK
+$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
+
+echo test tls1 with PSK via BIO pair
+$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
+
+#############################################################################
+# Next Protocol Negotiation Tests
+
+$ssltest -bio_pair -tls1 -npn_client || exit 1
+$ssltest -bio_pair -tls1 -npn_server || exit 1
+$ssltest -bio_pair -tls1 -npn_server_reject || exit 1
+$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1
+$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1
+$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1
+$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1
+
+#############################################################################
+# Custom Extension tests
+
+echo test tls1 with custom extensions
+$ssltest -bio_pair -tls1 -custom_ext || exit 1
+
+#############################################################################
+# Serverinfo tests
+
+echo test tls1 with serverinfo
+$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1
+$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1
+$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1
+$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
+$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
+
+
+#############################################################################
+# ALPN tests
+
+$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
+$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1
+$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1
+$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1
+$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1
+$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1
+$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1
+$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
+
+if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
+ echo skipping SRP tests
+else
+ echo test tls1 with SRP
+ $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
+
+ echo test tls1 with SRP via BIO pair
+ $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
+
+ echo test tls1 with SRP auth
+ $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
+
+ echo test tls1 with SRP auth via BIO pair
+ $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
+fi
+
+#############################################################################
+# Multi-buffer tests
+
+if [ -z "$extra" -a `uname -m` = "x86_64" ]; then
+ $ssltest -cipher AES128-SHA -bytes 8m || exit 1
+ $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1
+fi
+
+exit 0
--- /dev/null
+$! TESTSSL.COM
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ texe_dir = "sys$disk:[-.''__arch'.exe.test]"
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ if p1 .eqs. ""
+$ then
+$ key="[-.apps]server.pem"
+$ else
+$ key=p1
+$ endif
+$ if p2 .eqs. ""
+$ then
+$ cert="[-.apps]server.pem"
+$ else
+$ cert=p2
+$ endif
+$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
+ " -cert ''cert' -c_key ''key' -c_cert ''cert'"
+$!
+$ set noon
+$ define/user sys$output testssl-x509-output.
+$ define/user sys$error nla0:
+$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
+$ define/user sys$error nla0:
+$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
+$ if $severity .eq. 1
+$ then
+$ dsa_cert = "YES"
+$ else
+$ dsa_cert = "NO"
+$ endif
+$ delete testssl-x509-output.;*
+$
+$ if p3 .eqs. ""
+$ then
+$ copy/concatenate [-.certs]*.pem certs.tmp
+$ CA = """-CAfile"" certs.tmp"
+$ else
+$ CA = """-CAfile"" "+p3
+$ endif
+$
+$!###########################################################################
+$
+$ write sys$output "test sslv3"
+$ 'ssltest' -ssl3
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with server authentication"
+$ 'ssltest' -ssl3 -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with client authentication"
+$ 'ssltest' -ssl3 -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with both client and server authentication"
+$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3"
+$ 'ssltest'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with server authentication"
+$ 'ssltest' -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with client authentication"
+$ 'ssltest' -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with both client and server authentication"
+$ 'ssltest' -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 via BIO pair"
+$ 'ssltest' -bio_pair -ssl3
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with server authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv3 with client authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+
+$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
+$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 via BIO pair"
+$ 'ssltest'
+$ if $severity .ne. 1 then goto exit3
+$
+$ if .not. dsa_cert
+$ then
+$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
+$ 'ssltest' -bio_pair -no_dhe
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$
+$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
+$ 'ssltest' -bio_pair -dhe1024dsa -v
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with server authentication"
+$ 'ssltest' -bio_pair -server_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
+$ 'ssltest' -bio_pair -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
+$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
+$ if $severity .ne. 1 then goto exit3
+$
+$!###########################################################################
+$
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ no_rsa=$SEVERITY
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-dhparam
+$ no_dh=$SEVERITY
+$
+$ if no_dh
+$ then
+$ write sys$output "skipping anonymous DH tests"
+$ else
+$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
+$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$
+$ if no_rsa
+$ then
+$ write sys$output "skipping RSA tests"
+$ else
+$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
+$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
+$ if $severity .ne. 1 then goto exit3
+$
+$ if no_dh
+$ then
+$ write sys$output "skipping RSA+DHE tests"
+$ else
+$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
+$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
+$ if $severity .ne. 1 then goto exit3
+$ endif
+$ endif
+$
+$ RET = 1
+$ goto exit
+$ exit3:
+$ RET = 3
+$ exit:
+$ if p3 .eqs. "" then delete certs.tmp;*
+$ set on
+$ exit 'RET'
--- /dev/null
+#! /bin/sh
+
+echo 'Testing a lot of proxy conditions.'
+echo 'Some of them may turn out being invalid, which is fine.'
+for auth in A B C BC; do
+ for cond in A B C 'A|B&!C'; do
+ sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
+ if [ $? = 3 ]; then exit 1; fi
+ done
+done
--- /dev/null
+#!/bin/sh
+
+#
+# A few very basic tests for the 'ts' time stamping authority command.
+#
+
+SH="/bin/sh"
+if test "$OSTYPE" = msdosdjgpp; then
+ PATH="../apps\;$PATH"
+else
+ PATH="../apps:$PATH"
+fi
+export SH PATH
+
+OPENSSL_CONF="../CAtsa.cnf"
+export OPENSSL_CONF
+# Because that's what ../apps/CA.pl really looks at
+SSLEAY_CONFIG="-config $OPENSSL_CONF"
+export SSLEAY_CONFIG
+
+OPENSSL="`pwd`/../util/opensslwrap.sh"
+export OPENSSL
+
+RUN () {
+ ../../util/shlib_wrap.sh ../../apps/openssl ts $*
+}
+
+create_tsa_cert () {
+ INDEX=$1
+ export INDEX
+ EXT=$2
+ TSDNSECT=ts_cert_dn
+ export TSDNSECT
+
+ ../../util/shlib_wrap.sh ../../apps/openssl req -new \
+ -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
+ echo using extension $EXT
+ ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
+ -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
+ -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
+ -extfile $OPENSSL_CONF -extensions $EXT || exit 1
+}
+
+create_time_stamp_response () {
+ RUN -reply -section $3 -queryfile $1 -out $2 || exit 1
+}
+
+verify_time_stamp_response () {
+ RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
+ -untrusted tsa_cert1.pem || exit 1
+ RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
+ -untrusted tsa_cert1.pem || exit 1
+}
+
+verify_time_stamp_response_fail () {
+ RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
+ -untrusted tsa_cert1.pem && exit 1
+ echo ok
+}
+
+# main functions
+
+echo setting up TSA test directory
+rm -rf tsa 2>/dev/null
+mkdir tsa
+cd ./tsa
+
+echo creating a new CA for the TSA tests
+TSDNSECT=ts_ca_dn
+export TSDNSECT
+../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
+ -out tsaca.pem -keyout tsacakey.pem || exit 1
+
+echo creating tsa_cert1.pem TSA server cert
+create_tsa_cert 1 tsa_cert
+
+echo creating tsa_cert2.pem non-TSA server cert
+create_tsa_cert 2 non_tsa_cert
+
+echo creating req1.req time stamp request for file testtsa
+RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
+
+echo printing req1.req
+RUN -query -in req1.tsq -text
+
+echo generating valid response for req1.req
+create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+
+echo printing response
+RUN -reply -in resp1.tsr -text || exit 1
+
+echo verifying valid response
+verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
+
+echo verifying valid token
+RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1
+RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
+ -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
+RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
+ -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
+
+echo creating req2.req time stamp request for file testtsa
+RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
+ -out req2.tsq || exit 1
+
+echo printing req2.req
+RUN -query -in req2.tsq -text
+
+echo generating valid response for req2.req
+create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+
+echo checking -token_in and -token_out options with -reply
+RESPONSE2=resp2.tsr.copy.tsr
+TOKEN_DER=resp2.tsr.token.der
+RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1
+RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
+cmp $RESPONSE2 resp2.tsr || exit 1
+RUN -reply -in resp2.tsr -text -token_out || exit 1
+RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
+RUN -reply -queryfile req2.tsq -text -token_out || exit 1
+
+echo printing response
+RUN -reply -in resp2.tsr -text || exit 1
+
+echo verifying valid response
+verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
+
+echo verifying response against wrong request, it should fail
+verify_time_stamp_response_fail req1.tsq resp2.tsr
+
+echo verifying response against wrong request, it should fail
+verify_time_stamp_response_fail req2.tsq resp1.tsr
+
+echo creating req3.req time stamp request for file CAtsa.cnf
+RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
+
+echo printing req3.req
+RUN -query -in req3.tsq -text
+
+echo verifying response against wrong request, it should fail
+verify_time_stamp_response_fail req3.tsq resp1.tsr
+
+echo cleaning up
+cd ..
+rm -rf tsa
+
+exit 0
--- /dev/null
+$!
+$! A few very basic tests for the 'ts' time stamping authority command.
+$!
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$ OPENSSL_CONF = "[-]CAtsa.cnf"
+$ ! Because that's what ../apps/CA.pl really looks at
+$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
+$
+$ error:
+$ subroutine
+$ write sys$error "TSA test failed!"
+$ exit 3
+$ endsubroutine
+$
+$ setup_dir:
+$ subroutine
+$
+$ if f$search("tsa.dir") .nes ""
+$ then
+$ @[-.util]deltree [.tsa]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$ delete tsa.dir;*
+$ endif
+$
+$ create/dir [.tsa]
+$ set default [.tsa]
+$ endsubroutine
+$
+$ clean_up_dir:
+$ subroutine
+$
+$ set default [-]
+$ @[-.util]deltree [.tsa]*.*
+$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
+$ delete tsa.dir;*
+$ endsubroutine
+$
+$ create_ca:
+$ subroutine
+$
+$ write sys$output "Creating a new CA for the TSA tests..."
+$ TSDNSECT = "ts_ca_dn"
+$ openssl req -new -x509 -nodes -
+ -out tsaca.pem -keyout tsacakey.pem
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ create_tsa_cert:
+$ subroutine
+$
+$ INDEX=p1
+$ EXT=p2
+$ TSDNSECT = "ts_cert_dn"
+$
+$ openssl req -new -
+ -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
+$ if $severity .ne. 1 then call error
+$
+$ write sys$output "Using extension ''EXT'"
+$ openssl x509 -req -
+ -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
+ "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
+ -extfile 'OPENSSL_CONF' -extensions "''EXT'"
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ print_request:
+$ subroutine
+$
+$ openssl ts -query -in 'p1' -text
+$ endsubroutine
+$
+$ create_time_stamp_request1: subroutine
+$
+$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
+ -cert -out req1.tsq
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ create_time_stamp_request2: subroutine
+$
+$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
+ -no_nonce -out req2.tsq
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ create_time_stamp_request3: subroutine
+$
+$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ print_response:
+$ subroutine
+$
+$ openssl ts -reply -in 'p1' -text
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ create_time_stamp_response:
+$ subroutine
+$
+$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ time_stamp_response_token_test:
+$ subroutine
+$
+$ RESPONSE2 = p2+ "-copy_tsr"
+$ TOKEN_DER = p2+ "-token_der"
+$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
+$ if $severity .ne. 1 then call error
+$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
+$ if $severity .ne. 1 then call error
+$ backup/compare 'RESPONSE2' 'p2'
+$ if $severity .ne. 1 then call error
+$ openssl ts -reply -in 'p2' -text -token_out
+$ if $severity .ne. 1 then call error
+$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
+$ if $severity .ne. 1 then call error
+$ openssl ts -reply -queryfile 'p1' -text -token_out
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ verify_time_stamp_response:
+$ subroutine
+$
+$ openssl ts -verify -queryfile 'p1' -in 'p2' -
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$ if $severity .ne. 1 then call error
+$ openssl ts -verify -data 'p3' -in 'p2' -
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ verify_time_stamp_token:
+$ subroutine
+$
+$ ! create the token from the response first
+$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
+$ if $severity .ne. 1 then call error
+$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
+ -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$ if $severity .ne. 1 then call error
+$ openssl ts -verify -data "''p3'" -in "''p2'-token" -
+ -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$ if $severity .ne. 1 then call error
+$ endsubroutine
+$
+$ verify_time_stamp_response_fail:
+$ subroutine
+$
+$ openssl ts -verify -queryfile 'p1' -in 'p2' -
+ "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$ ! Checks if the verification failed, as it should have.
+$ if $severity .eq. 1 then call error
+$ write sys$output "Ok"
+$ endsubroutine
+$
+$ ! Main body ----------------------------------------------------------
+$
+$ set noon
+$
+$ write sys$output "Setting up TSA test directory..."
+$ call setup_dir
+$
+$ write sys$output "Creating CA for TSA tests..."
+$ call create_ca
+$
+$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
+$ call create_tsa_cert 1 "tsa_cert"
+$
+$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
+$ call create_tsa_cert 2 "non_tsa_cert"
+$
+$ write sys$output "Creating req1.req time stamp request for file testtsa..."
+$ call create_time_stamp_request1
+$
+$ write sys$output "Printing req1.req..."
+$ call print_request "req1.tsq"
+$
+$ write sys$output "Generating valid response for req1.req..."
+$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
+$
+$ write sys$output "Printing response..."
+$ call print_response "resp1.tsr"
+$
+$ write sys$output "Verifying valid response..."
+$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
+$
+$ write sys$output "Verifying valid token..."
+$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
+$
+$ ! The tests below are commented out, because invalid signer certificates
+$ ! can no longer be specified in the config file.
+$
+$ ! write sys$output "Generating _invalid_ response for req1.req..."
+$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
+$
+$ ! write sys$output "Printing response..."
+$ ! call print_response "resp1_bad.tsr"
+$
+$ ! write sys$output "Verifying invalid response, it should fail..."
+$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
+$
+$ write sys$output "Creating req2.req time stamp request for file testtsa..."
+$ call create_time_stamp_request2
+$
+$ write sys$output "Printing req2.req..."
+$ call print_request "req2.tsq"
+$
+$ write sys$output "Generating valid response for req2.req..."
+$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
+$
+$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
+$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
+$
+$ write sys$output "Printing response..."
+$ call print_response "resp2.tsr"
+$
+$ write sys$output "Verifying valid response..."
+$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
+$
+$ write sys$output "Verifying response against wrong request, it should fail..."
+$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
+$
+$ write sys$output "Verifying response against wrong request, it should fail..."
+$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
+$
+$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
+$ call create_time_stamp_request3
+$
+$ write sys$output "Printing req3.req..."
+$ call print_request "req3.tsq"
+$
+$ write sys$output "Verifying response against wrong request, it should fail..."
+$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
+$
+$ write sys$output "Cleaning up..."
+$ call clean_up_dir
+$
+$ set on
+$
+$ exit
--- /dev/null
+#!/bin/sh
+
+t=$1
+ktype=$2
+ptype=$3
+
+if ../util/shlib_wrap.sh ../apps/openssl no-$ktype; then
+ echo skipping $ktype $ptype conversion test
+ exit 0
+fi
+
+if [ $ptype = "public" ]; then
+ cmd="../util/shlib_wrap.sh ../apps/openssl $ktype -pubin -pubout"
+else
+ cmd="../util/shlib_wrap.sh ../apps/openssl $ktype"
+fi
+
+echo testing $ktype $ptype conversions
+cp $t $ktype-fff.p
+
+echo "p -> d"
+$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1
+echo "p -> p"
+$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1
+
+echo "d -> d"
+$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1
+
+cmp $ktype-fff.p $ktype-f.p || exit 1
+cmp $ktype-fff.p $ktype-ff.p1 || exit 1
+cmp $ktype-fff.p $ktype-ff.p3 || exit 1
+cmp $ktype-f.p $ktype-ff.p1 || exit 1
+cmp $ktype-f.p $ktype-ff.p3 || exit 1
+
+/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.*
+
+[ $ptype = "public" ] && exit 0
+
+
+echo testing $ktype PKCS#8 conversions
+cmd="../util/shlib_wrap.sh ../apps/openssl pkey"
+
+$cmd -in $t -out $ktype-fff.p
+
+echo "p -> d"
+$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1
+echo "p -> p"
+$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1
+
+echo "d -> d"
+$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1
+
+cmp $ktype-fff.p $ktype-f.p || exit 1
+cmp $ktype-fff.p $ktype-ff.p1 || exit 1
+cmp $ktype-fff.p $ktype-ff.p3 || exit 1
+cmp $ktype-f.p $ktype-ff.p1 || exit 1
+cmp $ktype-f.p $ktype-ff.p3 || exit 1
+
+/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.*
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl'
+ocspdir="ocsp-tests"
+# 17 December 2012 so we don't get certificate expiry errors.
+check_time="-attime 1355875200"
+
+test_ocsp () {
+
+ $cmd base64 -d -in $ocspdir/$1 | \
+ $cmd ocsp -respin - -partial_chain $check_time \
+ -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null
+ [ $? != $3 ] && exit 1
+}
+
+
+echo "=== VALID OCSP RESPONSES ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp ND1.ors ND1_Issuer_ICA.pem 0
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ND2.ors ND2_Issuer_Root.pem 0
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp ND3.ors ND3_Issuer_Root.pem 0
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp D1.ors D1_Issuer_ICA.pem 0
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp D2.ors D2_Issuer_Root.pem 0
+echo "DELEGATED; Root CA -> EE"
+test_ocsp D3.ors D3_Issuer_Root.pem 0
+
+echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1
+
+echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1
+
+echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1
+
+echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1
+
+echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1
+
+echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1
+
+echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1
+
+echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1
+echo "DELEGATED; Root CA -> EE"
+test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1
+
+echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
+# Expect success, because we're explicitly trusting the issuer certificate.
+echo "NON-DELEGATED; Intermediate CA -> EE"
+test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0
+echo "NON-DELEGATED; Root CA -> Intermediate CA"
+test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0
+echo "NON-DELEGATED; Root CA -> EE"
+test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0
+echo "DELEGATED; Intermediate CA -> EE"
+test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0
+echo "DELEGATED; Root CA -> Intermediate CA"
+test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0
+echo "DELEGATED; Root CA -> EE"
+test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0
+
+echo "ALL OCSP TESTS SUCCESSFUL"
+exit 0
--- /dev/null
+$! TOCSP.COM -- Test ocsp
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$ ocspdir = "ocsp-tests"
+$
+$! 17 December 2012 so we don't get certificate expiry errors.
+$ check_time="-attime 1355875200"
+$
+$ test_ocsp:
+$ subroutine
+$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
+$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
+ "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
+$ if $severity .ne. p3+1
+$ then
+$ write sys$error "OCSP test failed!"
+$ exit 3
+$ endif
+$ endsubroutine
+$
+$ set noon
+$
+$ write sys$output "=== VALID OCSP RESPONSES ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
+$
+$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
+$! Expect success, because we're explicitly trusting the issuer certificate.
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
+$
+$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
+$
+$ set on
+$
+$ exit
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
+
+if [ "$1"x != "x" ]; then
+ t=$1
+else
+ t=testp7.pem
+fi
+
+echo testing pkcs7 conversions
+cp $t p7-fff.p
+
+echo "p -> d"
+$cmd -in p7-fff.p -inform p -outform d >p7-f.d || exit 1
+echo "p -> p"
+$cmd -in p7-fff.p -inform p -outform p >p7-f.p || exit 1
+
+echo "d -> d"
+$cmd -in p7-f.d -inform d -outform d >p7-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in p7-f.p -inform p -outform d >p7-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in p7-f.d -inform d -outform p >p7-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in p7-f.p -inform p -outform p >p7-ff.p3 || exit 1
+
+cmp p7-fff.p p7-f.p || exit 1
+cmp p7-fff.p p7-ff.p1 || exit 1
+cmp p7-fff.p p7-ff.p3 || exit 1
+cmp p7-f.p p7-ff.p1 || exit 1
+cmp p7-f.p p7-ff.p3 || exit 1
+
+/bin/rm -f p7-f.* p7-ff.* p7-fff.*
+exit 0
--- /dev/null
+$! TPKCS7.COM -- Tests pkcs7 keys
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''exe_dir'openssl pkcs7"
+$
+$ t = "testp7.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing PKCS7 conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
+
+if [ "$1"x != "x" ]; then
+ t=$1
+else
+ t=pkcs7-1.pem
+fi
+
+echo "testing pkcs7 conversions (2)"
+cp $t p7d-fff.p
+
+echo "p -> d"
+$cmd -in p7d-fff.p -inform p -outform d >p7d-f.d || exit 1
+echo "p -> p"
+$cmd -in p7d-fff.p -inform p -outform p >p7d-f.p || exit 1
+
+echo "d -> d"
+$cmd -in p7d-f.d -inform d -outform d >p7d-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in p7d-f.p -inform p -outform d >p7d-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in p7d-f.d -inform d -outform p >p7d-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in p7d-f.p -inform p -outform p >p7d-ff.p3 || exit 1
+
+cmp p7d-f.p p7d-ff.p1 || exit 1
+cmp p7d-f.p p7d-ff.p3 || exit 1
+
+/bin/rm -f p7d-f.* p7d-ff.* p7d-fff.*
+exit 0
--- /dev/null
+$! TPKCS7.COM -- Tests pkcs7 keys
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''exe_dir'openssl pkcs7"
+$
+$ t = "pkcs7-1.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing PKCS7 conversions (2)"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
+
+if [ "$1"x != "x" ]; then
+ t=$1
+else
+ t=testreq.pem
+fi
+
+if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
+ echo "skipping req conversion test for $t"
+ exit 0
+fi
+
+echo testing req conversions
+cp $t req-fff.p
+
+echo "p -> d"
+$cmd -in req-fff.p -inform p -outform d >req-f.d || exit 1
+echo "p -> p"
+$cmd -in req-fff.p -inform p -outform p >req-f.p || exit 1
+
+echo "d -> d"
+$cmd -verify -in req-f.d -inform d -outform d >req-ff.d1 || exit 1
+echo "p -> d"
+$cmd -verify -in req-f.p -inform p -outform d >req-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in req-f.d -inform d -outform p >req-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in req-f.p -inform p -outform p >req-ff.p3 || exit 1
+
+cmp req-fff.p req-f.p || exit 1
+cmp req-fff.p req-ff.p1 || exit 1
+cmp req-fff.p req-ff.p3 || exit 1
+cmp req-f.p req-ff.p1 || exit 1
+cmp req-f.p req-ff.p3 || exit 1
+
+/bin/rm -f req-f.* req-ff.* req-fff.*
+exit 0
--- /dev/null
+$! TREQ.COM -- Tests req keys
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf"
+$
+$ t = "testreq.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing req conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
--- /dev/null
+$! TRSA.COM -- Tests rsa keys
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ set noon
+$ define/user sys$output nla0:
+$ mcr 'exe_dir'openssl no-rsa
+$ save_severity=$SEVERITY
+$ set on
+$ if save_severity
+$ then
+$ write sys$output "skipping RSA conversion test"
+$ exit
+$ endif
+$
+$ cmd = "mcr ''exe_dir'openssl rsa"
+$
+$ t = "testrsa.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing RSA conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
+
+if [ "$1"x != "x" ]; then
+ t=$1
+else
+ t=testsid.pem
+fi
+
+echo testing session-id conversions
+cp $t sid-fff.p
+
+echo "p -> d"
+$cmd -in sid-fff.p -inform p -outform d >sid-f.d || exit 1
+echo "p -> p"
+$cmd -in sid-fff.p -inform p -outform p >sid-f.p || exit 1
+
+echo "d -> d"
+$cmd -in sid-f.d -inform d -outform d >sid-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in sid-f.p -inform p -outform d >sid-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in sid-f.d -inform d -outform p >sid-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in sid-f.p -inform p -outform p >sid-ff.p3 || exit 1
+
+cmp sid-fff.p sid-f.p || exit 1
+cmp sid-fff.p sid-ff.p1 || exit 1
+cmp sid-fff.p sid-ff.p3 || exit 1
+cmp sid-f.p sid-ff.p1 || exit 1
+cmp sid-f.p sid-ff.p3 || exit 1
+
+/bin/rm -f sid-f.* sid-ff.* sid-fff.*
+exit 0
--- /dev/null
+$! TSID.COM -- Tests sid keys
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''exe_dir'openssl sess_id"
+$
+$ t = "testsid.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing session-id conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in fff.p -inform p -outform t -out f.t
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> d"
+$! 'cmd' -in f.t -inform t -outform d -out ff.d2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$! write sys$output "d -> t"
+$! 'cmd' -in f.d -inform d -outform t -out ff.t1
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "t -> t"
+$! 'cmd' -in f.t -inform t -outform t -out ff.t2
+$! if $severity .ne. 1 then exit 3
+$! write sys$output "p -> t"
+$! 'cmd' -in f.p -inform p -outform t -out ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$! write sys$output "t -> p"
+$! 'cmd' -in f.t -inform t -outform p -out ff.p2
+$! if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare fff.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$! backup/compare f.t ff.t1
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t2
+$! if $severity .ne. 1 then exit 3
+$! backup/compare f.t ff.t3
+$! if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$! backup/compare f.p ff.p2
+$! if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
--- /dev/null
+$! TVERIFY.COM
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ line_max = 255 ! Could be longer on modern non-VAX.
+$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
+$ cmd_len = f$length( cmd)
+$ pems = "[-.certs...]*.pem"
+$!
+$! Concatenate all the certificate files.
+$!
+$ copy /concatenate 'pems' 'temp_file_name'
+$!
+$! Loop through all the certificate files.
+$!
+$ args = ""
+$ old_f = ""
+$ loop_file:
+$ f = f$search( pems)
+$ if ((f .nes. "") .and. (f .nes. old_f))
+$ then
+$ old_f = f
+$!
+$! If this file name would over-extend the command line, then
+$! run the command now.
+$!
+$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
+$ then
+$ if (args .eqs. "") then goto disaster
+$ 'cmd''args'
+$ args = ""
+$ endif
+$! Add the next file to the argument list.
+$ args = args+ " "+ f
+$ else
+$! No more files in the list
+$ goto loop_file_end
+$ endif
+$ goto loop_file
+$ loop_file_end:
+$!
+$! Run the command for any left-over arguments.
+$!
+$ if (args .nes. "")
+$ then
+$ 'cmd''args'
+$ endif
+$!
+$! Delete the temporary file.
+$!
+$ if (f$search( "''temp_file_name';*") .nes. "") then -
+ delete 'temp_file_name';*
+$!
+$ exit
+$!
+$ disaster:
+$ write sys$output " Command line too long. Doomed."
+$!
--- /dev/null
+#!/bin/sh
+
+cmd='../util/shlib_wrap.sh ../apps/openssl x509'
+
+if [ "$1"x != "x" ]; then
+ t=$1
+else
+ t=testx509.pem
+fi
+
+echo testing X509 conversions
+cp $t x509-fff.p
+
+echo "p -> d"
+$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
+echo "p -> p"
+$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1
+
+echo "d -> d"
+$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
+echo "p -> d"
+$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1
+
+echo "d -> p"
+$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
+echo "p -> p"
+$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1
+
+cmp x509-fff.p x509-f.p || exit 1
+cmp x509-fff.p x509-ff.p1 || exit 1
+cmp x509-fff.p x509-ff.p3 || exit 1
+
+cmp x509-f.p x509-ff.p1 || exit 1
+cmp x509-f.p x509-ff.p3 || exit 1
+
+/bin/rm -f x509-f.* x509-ff.* x509-fff.*
+exit 0
--- /dev/null
+$! TX509.COM -- Tests x509 certificates
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''exe_dir'openssl x509"
+$
+$ t = "testx509.pem"
+$ if p1 .nes. "" then t = p1
+$
+$ write sys$output "testing X509 conversions"
+$ if f$search("fff.*") .nes "" then delete fff.*;*
+$ if f$search("ff.*") .nes "" then delete ff.*;*
+$ if f$search("f.*") .nes "" then delete f.*;*
+$ convert/fdl=sys$input: 't' fff.p
+RECORD
+ FORMAT STREAM_LF
+$
+$ write sys$output "p -> d"
+$ 'cmd' -in fff.p -inform p -outform d -out f.d
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> n"
+$ 'cmd' -in fff.p -inform p -outform n -out f.n
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in fff.p -inform p -outform p -out f.p
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> d"
+$ 'cmd' -in f.d -inform d -outform d -out ff.d1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "n -> d"
+$ 'cmd' -in f.n -inform n -outform d -out ff.d2
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> d"
+$ 'cmd' -in f.p -inform p -outform d -out ff.d3
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> n"
+$ 'cmd' -in f.d -inform d -outform n -out ff.n1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "n -> n"
+$ 'cmd' -in f.n -inform n -outform n -out ff.n2
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> n"
+$ 'cmd' -in f.p -inform p -outform n -out ff.n3
+$ if $severity .ne. 1 then exit 3
+$
+$ write sys$output "d -> p"
+$ 'cmd' -in f.d -inform d -outform p -out ff.p1
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "n -> p"
+$ 'cmd' -in f.n -inform n -outform p -out ff.p2
+$ if $severity .ne. 1 then exit 3
+$ write sys$output "p -> p"
+$ 'cmd' -in f.p -inform p -outform p -out ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare fff.p f.p
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p2
+$ if $severity .ne. 1 then exit 3
+$ backup/compare fff.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.n ff.n1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.n ff.n2
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.n ff.n3
+$ if $severity .ne. 1 then exit 3
+$
+$ backup/compare f.p ff.p1
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p2
+$ if $severity .ne. 1 then exit 3
+$ backup/compare f.p ff.p3
+$ if $severity .ne. 1 then exit 3
+$
+$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-#!/bin/sh
-
-# This script is used by test/Makefile.ssl to check whether a sane 'bc'
-# is installed.
-# ('make test_bn' should not try to run 'bc' if it does not exist or if
-# it is a broken 'bc' version that is known to cause trouble.)
-#
-# If 'bc' works, we also test if it knows the 'print' command.
-#
-# In any case, output an appropriate command line for running (or not
-# running) bc.
-
-
-IFS=:
-try_without_dir=true
-# First we try "bc", then "$dir/bc" for each item in $PATH.
-for dir in dummy:$PATH; do
- if [ "$try_without_dir" = true ]; then
- # first iteration
- bc=bc
- try_without_dir=false
- else
- # second and later iterations
- bc="$dir/bc"
- if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
- bc=''
- fi
- fi
-
- if [ ! "$bc" = '' ]; then
- failure=none
-
-
- # Test for SunOS 5.[78] bc bug
- "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-EOF
- if [ 0 != "`cat tmp.bctest`" ]; then
- failure=SunOStest
- fi
-
-
- if [ "$failure" = none ]; then
- # Test for SCO bc bug.
- "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-EOF
- if [ "0
-0" != "`cat tmp.bctest`" ]; then
- failure=SCOtest
- fi
- fi
-
-
- if [ "$failure" = none ]; then
- # bc works; now check if it knows the 'print' command.
- if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
- then
- echo "$bc"
- else
- echo "sed 's/print.*//' | $bc"
- fi
- exit 0
- fi
-
- echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
- fi
-done
-
-echo "No working bc found. Consider installing GNU bc." >&2
-if [ "$1" = ignore ]; then
- echo "cat >/dev/null"
- exit 0
-fi
-exit 1
+++ /dev/null
-$!
-$! Check operation of "bc".
-$!
-$! 2010-04-05 SMS. New. Based (loosely) on "bctest".
-$!
-$!
-$ tmp_file_name = "tmp.bctest"
-$ failure = ""
-$!
-$! Basic command test.
-$!
-$ on warning then goto bc_fail
-$ bc
-$ on error then exit
-$!
-$! Test for SunOS 5.[78] bc bug.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$ define /user_mode sys$output 'tmp_file_name'
-$ bc
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-$ status = $status
-$ output_expected = "0"
-$ gosub check_output
-$ if (output .ne. 1)
-$ then
-$ failure = "SunOStest"
-$ else
-$ delete 'f$parse( tmp_file_name)'
-$ endif
-$ endif
-$!
-$! Test for SCO bc bug.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$ define /user_mode sys$output 'tmp_file_name'
-$ bc
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-$ status = $status
-$ output_expected = "0\0"
-$ gosub check_output
-$ if (output .ne. 1)
-$ then
-$ failure = "SCOtest"
-$ else
-$ delete 'f$parse( tmp_file_name)'
-$ endif
-$ endif
-$!
-$! Test for working 'print' command.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$ define /user_mode sys$output 'tmp_file_name'
-$ bc
-print "OK"
-$ status = $status
-$ output_expected = "OK"
-$ gosub check_output
-$ if (output .ne. 1)
-$ then
-$ failure = "printtest"
-$ else
-$ delete 'f$parse( tmp_file_name)'
-$ endif
-$ endif
-$!
-$ if (failure .nes. "")
-$ then
-$ write sys$output -
- "No working bc found. Consider installing GNU bc."
-$ exit %X00030000 ! %DCL-W-NORMAL
-$ endif
-$!
-$ exit
-$!
-$!
-$! Complete "bc" command failure.
-$!
-$ bc_fail:
-$ write sys$output -
- "No ""bc"" program/symbol found. Consider installing GNU bc."
-$ exit %X00030000 ! %DCL-W-NORMAL
-$!
-$!
-$! Output check subroutine.
-$!
-$ check_output:
-$ eof = 0
-$ line_nr = 0
-$ open /read tmp_file 'tmp_file_name'
-$ c_o_loop:
-$ read /error = error_read tmp_file line
-$ goto ok_read
-$ error_read:
-$ eof = 1
-$ ok_read:
-$ line_expected = f$element( line_nr, "\", output_expected)
-$ line_nr = line_nr+ 1
-$ if ((line_expected .nes. "\") .and. (.not. eof) .and. -
- (line_expected .eqs. line)) then goto c_o_loop
-$!
-$ if ((line_expected .eqs. "\") .and. eof)
-$ then
-$ output = 1
-$ else
-$ output = 0
-$ endif
-$ close tmp_file
-$ return
-$!
+++ /dev/null
-$!
-$! Analyze bntest output file.
-$!
-$! Exit status = 1 (success) if all tests passed,
-$! 0 (warning) if any test failed.
-$!
-$! 2011-02-20 SMS. Added code to skip "#" comments in the input file.
-$!
-$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh.
-$!
-$! Expect data like:
-$! test test_name1
-$! 0
-$! [...]
-$! test test_name2
-$! 0
-$! [...]
-$! [...]
-$!
-$! Some tests have no following "0" lines.
-$!
-$ result_file_name = f$edit( p1, "TRIM")
-$ if (result_file_name .eqs. "")
-$ then
-$ result_file_name = "bntest-vms.out"
-$ endif
-$!
-$ fail = 0
-$ passed = 0
-$ tests = 0
-$!
-$ on control_c then goto tidy
-$ on error then goto tidy
-$!
-$ open /read result_file 'result_file_name'
-$!
-$ read_loop:
-$ read /end = read_loop_end /error = tidy result_file line
-$ t1 = f$element( 0, " ", line)
-$!
-$! Skip "#" comment lines.
-$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then -
- goto read_loop
-$!
-$ if (t1 .eqs. "test")
-$ then
-$ passed = passed+ 1
-$ tests = tests+ 1
-$ fail = 1
-$ t2 = f$extract( 5, 1000, line)
-$ write sys$output "verify ''t2'"
-$ else
-$ if (t1 .nes. "0")
-$ then
-$ write sys$output "Failed! bc: ''line'"
-$ passed = passed- fail
-$ fail = 0
-$ endif
-$ endif
-$ goto read_loop
-$ read_loop_end:
-$ write sys$output "''passed'/''tests' tests passed"
-$!
-$ tidy:
-$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE")
-$ then
-$ close result_file
-$ endif
-$!
-$ if ((tests .gt. 0) .and. (tests .eq. passed))
-$ then
-$ exit 1
-$ else
-$ exit 0
-$ endif
-$!
+++ /dev/null
-# test/cms-test.pl
-# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-# project.
-#
-# ====================================================================
-# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-# software must display the following acknowledgment:
-# "This product includes software developed by the OpenSSL Project
-# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-#
-# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-# endorse or promote products derived from this software without
-# prior written permission. For written permission, please contact
-# licensing@OpenSSL.org.
-#
-# 5. Products derived from this software may not be called "OpenSSL"
-# nor may "OpenSSL" appear in their names without prior written
-# permission of the OpenSSL Project.
-#
-# 6. Redistributions of any form whatsoever must retain the following
-# acknowledgment:
-# "This product includes software developed by the OpenSSL Project
-# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-#
-# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-
-# CMS, PKCS7 consistency test script. Run extensive tests on
-# OpenSSL PKCS#7 and CMS implementations.
-
-my $ossl_path;
-my $redir = " 2> cms.err > cms.out";
-# Make VMS work
-if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
- $ossl_path = "pipe mcr OSSLX:openssl";
- $null_path = "NL:";
- # On VMS, the lowest 3 bits of the exit code indicates severity
- # 1 is success (perl translates it to 0 for $?), 2 is error
- # (perl doesn't translate it)
- $failure_code = 512; # 2 << 8 = 512
-}
-# Make MSYS work
-elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
- $ossl_path = "cmd /c ..\\apps\\openssl";
- $null_path = "NUL";
- $failure_code = 256;
-}
-elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
- $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
- $null_path = "/dev/null";
- $failure_code = 256;
-}
-elsif ( -f "..\\out32dll\\openssl.exe" ) {
- $ossl_path = "..\\out32dll\\openssl.exe";
- $null_path = "NUL";
- $failure_code = 256;
-}
-elsif ( -f "..\\out32\\openssl.exe" ) {
- $ossl_path = "..\\out32\\openssl.exe";
- $null_path = "NUL";
- $failure_code = 256;
-}
-else {
- die "Can't find OpenSSL executable";
-}
-
-my $pk7cmd = "$ossl_path smime ";
-my $cmscmd = "$ossl_path cms ";
-my $smdir = "smime-certs";
-my $halt_err = 1;
-
-my $badcmd = 0;
-my $no_ec;
-my $no_ec2m;
-my $no_ecdh;
-my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
-
-system ("$ossl_path no-cms > $null_path");
-if ($? == 0)
- {
- print "CMS disabled\n";
- exit 0;
- }
-
-system ("$ossl_path no-ec > $null_path");
-if ($? == 0)
- {
- $no_ec = 1;
- }
-elsif ($? == $failure_code)
- {
- $no_ec = 0;
- }
-else
- {
- die "Error checking for EC support\n";
- }
-
-system ("$ossl_path no-ec2m > $null_path");
-if ($? == 0)
- {
- $no_ec2m = 1;
- }
-elsif ($? == $failure_code)
- {
- $no_ec2m = 0;
- }
-else
- {
- die "Error checking for EC2M support\n";
- }
-
-system ("$ossl_path no-ec > $null_path");
-if ($? == 0)
- {
- $no_ecdh = 1;
- }
-elsif ($? == $failure_code)
- {
- $no_ecdh = 0;
- }
-else
- {
- die "Error checking for ECDH support\n";
- }
-
-my @smime_pkcs7_tests = (
-
- [
- "signed content DER format, RSA key",
- "-sign -in smcont.txt -outform \"DER\" -nodetach"
- . " -certfile $smdir/smroot.pem"
- . " -signer $smdir/smrsa1.pem -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed detached content DER format, RSA key",
- "-sign -in smcont.txt -outform \"DER\""
- . " -signer $smdir/smrsa1.pem -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
- ],
-
- [
- "signed content test streaming BER format, RSA",
- "-sign -in smcont.txt -outform \"DER\" -nodetach"
- . " -stream -signer $smdir/smrsa1.pem -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content DER format, DSA key",
- "-sign -in smcont.txt -outform \"DER\" -nodetach"
- . " -signer $smdir/smdsa1.pem -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed detached content DER format, DSA key",
- "-sign -in smcont.txt -outform \"DER\""
- . " -signer $smdir/smdsa1.pem -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
- ],
-
- [
- "signed detached content DER format, add RSA signer",
- "-resign -inform \"DER\" -in test.cms -outform \"DER\""
- . " -signer $smdir/smrsa1.pem -out test2.cms",
- "-verify -in test2.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
- ],
-
- [
- "signed content test streaming BER format, DSA key",
- "-sign -in smcont.txt -outform \"DER\" -nodetach"
- . " -stream -signer $smdir/smdsa1.pem -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content test streaming BER format, 2 DSA and 2 RSA keys",
- "-sign -in smcont.txt -outform \"DER\" -nodetach"
- . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
- . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
- . " -stream -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
-"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
- "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
- . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
- . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
- . " -stream -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
- "-sign -in smcont.txt -nodetach"
- . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
- . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
- . " -stream -out test.cms",
- "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
-"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
- "-sign -in smcont.txt"
- . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
- . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
- . " -stream -out test.cms",
- "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "enveloped content test streaming S/MIME format, 3 recipients",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
- "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
- "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, 3 recipients, key only used",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
- "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
- "-encrypt -in smcont.txt"
- . " -aes256 -stream -out test.cms"
- . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
- "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
- ],
-
-);
-
-my @smime_cms_tests = (
-
- [
- "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
- "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
- . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
- . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
- . " -stream -out test.cms",
- "-verify -in test.cms -inform \"DER\" "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
- "-sign -in smcont.txt -outform PEM -nodetach"
- . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
- . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
- . " -stream -out test.cms",
- "-verify -in test.cms -inform PEM "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content MIME format, RSA key, signed receipt request",
- "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
- . " -receipt_request_to test\@openssl.org -receipt_request_all"
- . " -out test.cms",
- "-verify -in test.cms "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed receipt MIME format, RSA key",
- "-sign_receipt -in test.cms"
- . " -signer $smdir/smrsa2.pem"
- . " -out test2.cms",
- "-verify_receipt test2.cms -in test.cms"
- . " \"-CAfile\" $smdir/smroot.pem"
- ],
-
- [
- "enveloped content test streaming S/MIME format, 3 recipients, keyid",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms -keyid"
- . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
- "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
- ],
-
- [
- "enveloped content test streaming PEM format, KEK",
- "-encrypt -in smcont.txt -outform PEM -aes128"
- . " -stream -out test.cms "
- . " -secretkey 000102030405060708090A0B0C0D0E0F "
- . " -secretkeyid C0FEE0",
- "-decrypt -in test.cms -out smtst.txt -inform PEM"
- . " -secretkey 000102030405060708090A0B0C0D0E0F "
- . " -secretkeyid C0FEE0"
- ],
-
- [
- "enveloped content test streaming PEM format, KEK, key only",
- "-encrypt -in smcont.txt -outform PEM -aes128"
- . " -stream -out test.cms "
- . " -secretkey 000102030405060708090A0B0C0D0E0F "
- . " -secretkeyid C0FEE0",
- "-decrypt -in test.cms -out smtst.txt -inform PEM"
- . " -secretkey 000102030405060708090A0B0C0D0E0F "
- ],
-
- [
- "data content test streaming PEM format",
- "-data_create -in smcont.txt -outform PEM -nodetach"
- . " -stream -out test.cms",
- "-data_out -in test.cms -inform PEM -out smtst.txt"
- ],
-
- [
- "encrypted content test streaming PEM format, 128 bit RC2 key",
- "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
- . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
- . " -stream -out test.cms",
- "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
- . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
- ],
-
- [
- "encrypted content test streaming PEM format, 40 bit RC2 key",
- "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
- . " -rc2 -secretkey 0001020304"
- . " -stream -out test.cms",
- "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
- . " -secretkey 0001020304 -out smtst.txt"
- ],
-
- [
- "encrypted content test streaming PEM format, triple DES key",
- "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
- . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
- . " -stream -out test.cms",
- "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
- . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
- . " -out smtst.txt"
- ],
-
- [
- "encrypted content test streaming PEM format, 128 bit AES key",
- "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
- . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
- . " -stream -out test.cms",
- "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
- . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
- ],
-
-);
-
-my @smime_cms_comp_tests = (
-
- [
- "compressed content test streaming PEM format",
- "-compress -in smcont.txt -outform PEM -nodetach"
- . " -stream -out test.cms",
- "-uncompress -in test.cms -inform PEM -out smtst.txt"
- ]
-
-);
-
-my @smime_cms_param_tests = (
- [
- "signed content test streaming PEM format, RSA keys, PSS signature",
- "-sign -in smcont.txt -outform PEM -nodetach"
- . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
- . " -out test.cms",
- "-verify -in test.cms -inform PEM "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
- "-sign -in smcont.txt -outform PEM -nodetach -noattr"
- . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
- . " -out test.cms",
- "-verify -in test.cms -inform PEM "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
- "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
- "-sign -in smcont.txt -outform PEM -nodetach"
- . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
- . " -keyopt rsa_mgf1_md:sha384 -out test.cms",
- "-verify -in test.cms -inform PEM "
- . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, OAEP default parameters",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep",
- "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, OAEP SHA256",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep"
- . " -keyopt rsa_oaep_md:sha256",
- "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, ECDH",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smec1.pem",
- "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, ECDH, key identifier",
- "-encrypt -keyid -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smec1.pem",
- "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256",
- "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smec2.pem -aes128"
- . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1",
- "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt"
- ],
-
- [
-"enveloped content test streaming S/MIME format, X9.42 DH",
- "-encrypt -in smcont.txt"
- . " -stream -out test.cms"
- . " -recip $smdir/smdh.pem -aes128",
- "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt"
- ]
-);
-
-print "CMS => PKCS#7 compatibility tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
-
-print "CMS <= PKCS#7 compatibility tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
-
-print "CMS <=> CMS consistency tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
-run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
-
-print "CMS <=> CMS consistency tests, modified key parameters\n";
-run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd );
-
-if ( `$ossl_path version -f` =~ /ZLIB/ ) {
- run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
-}
-else {
- print "Zlib not supported: compression tests skipped\n";
-}
-
-print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
-
-if ($badcmd) {
- print "$badcmd TESTS FAILED!!\n";
-}
-else {
- print "ALL TESTS SUCCESSFUL.\n";
-}
-
-unlink "test.cms";
-unlink "test2.cms";
-unlink "smtst.txt";
-unlink "cms.out";
-unlink "cms.err";
-
-sub run_smime_tests {
- my ( $rv, $aref, $scmd, $vcmd ) = @_;
-
- foreach $smtst (@$aref) {
- my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
- if ($ossl8)
- {
- # Skip smime resign: 0.9.8 smime doesn't support -resign
- next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
- # Disable streaming: option not supported in 0.9.8
- $tnam =~ s/streaming//;
- $rscmd =~ s/-stream//;
- $rvcmd =~ s/-stream//;
- }
- if ($no_ec && $tnam =~ /ECDH/)
- {
- print "$tnam: skipped, EC disabled\n";
- next;
- }
- if ($no_ecdh && $tnam =~ /ECDH/)
- {
- print "$tnam: skipped, ECDH disabled\n";
- next;
- }
- if ($no_ec2m && $tnam =~ /K-283/)
- {
- print "$tnam: skipped, EC2M disabled\n";
- next;
- }
- system("$scmd$rscmd$redir");
- if ($?) {
- print "$tnam: generation error\n";
- $$rv++;
- exit 1 if $halt_err;
- next;
- }
- system("$vcmd$rvcmd$redir");
- if ($?) {
- print "$tnam: verify error\n";
- $$rv++;
- exit 1 if $halt_err;
- next;
- }
- if (!cmp_files("smtst.txt", "smcont.txt")) {
- print "$tnam: content verify error\n";
- $$rv++;
- exit 1 if $halt_err;
- next;
- }
- print "$tnam: OK\n";
- }
-}
-
-sub cmp_files {
- use FileHandle;
- my ( $f1, $f2 ) = @_;
- my $fp1 = FileHandle->new();
- my $fp2 = FileHandle->new();
-
- my ( $rd1, $rd2 );
-
- if ( !open( $fp1, "<$f1" ) ) {
- print STDERR "Can't Open file $f1\n";
- return 0;
- }
-
- if ( !open( $fp2, "<$f2" ) ) {
- print STDERR "Can't Open file $f2\n";
- return 0;
- }
-
- binmode $fp1;
- binmode $fp2;
-
- my $ret = 0;
-
- for ( ; ; ) {
- $n1 = sysread $fp1, $rd1, 4096;
- $n2 = sysread $fp2, $rd2, 4096;
- last if ( $n1 != $n2 );
- last if ( $rd1 ne $rd2 );
-
- if ( $n1 == 0 ) {
- $ret = 1;
- last;
- }
-
- }
-
- close $fp1;
- close $fp2;
-
- return $ret;
-
-}
-
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl crl'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testcrl.pem
-fi
-
-echo testing crl conversions
-cp $t crl-fff.p
-
-echo "p -> d"
-$cmd -in crl-fff.p -inform p -outform d >crl-f.d || exit 1
-echo "p -> p"
-$cmd -in crl-fff.p -inform p -outform p >crl-f.p || exit 1
-
-echo "d -> d"
-$cmd -in crl-f.d -inform d -outform d >crl-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in crl-f.p -inform p -outform d >crl-ff.d3 || exit 1
-
-
-echo "d -> p"
-$cmd -in crl-f.d -inform d -outform p >crl-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in crl-f.p -inform p -outform p >crl-ff.p3 || exit 1
-
-cmp crl-fff.p crl-f.p || exit 1
-cmp crl-fff.p crl-ff.p1 || exit 1
-cmp crl-fff.p crl-ff.p3 || exit 1
-cmp crl-f.p crl-ff.p1 || exit 1
-cmp crl-f.p crl-ff.p3 || exit 1
-
-/bin/rm -f crl-f.* crl-ff.* crl-fff.*
-exit 0
+++ /dev/null
-$! TCRL.COM -- Tests crl keys
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''exe_dir'openssl crl"
-$
-$ t = "testcrl.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing CRL conversions"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in fff.p -inform p -outform t -out f.t
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> d"
-$! 'cmd' -in f.t -inform t -outform d -out ff.d2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$! write sys$output "d -> t"
-$! 'cmd' -in f.d -inform d -outform t -out ff.t1
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "t -> t"
-$! 'cmd' -in f.t -inform t -outform t -out ff.t2
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in f.p -inform p -outform t -out ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> p"
-$! 'cmd' -in f.t -inform t -outform p -out ff.p2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare fff.p f.p
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare fff.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$! backup/compare f.t ff.t1
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t2
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare f.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-#!/bin/sh
-
-set -e
-
-PERL="$1"
-
-if test "$OSTYPE" = msdosdjgpp; then
- PATH="../apps\;$PATH"
-else
- PATH="../apps:$PATH"
-fi
-export PATH
-
-export SSLEAY_CONFIG OPENSSL
-
-/bin/rm -fr demoCA
-
-SSLEAY_CONFIG="-config CAss.cnf"
-OPENSSL="`pwd`/../util/opensslwrap.sh"
-
-$PERL ../apps/CA.pl -newca </dev/null
-
-SSLEAY_CONFIG="-config Uss.cnf"
-$PERL ../apps/CA.pl -newreq
-
-SSLEAY_CONFIG="-config ../apps/openssl.cnf"
-yes | $PERL ../apps/CA.pl -sign
-
-$PERL ../apps/CA.pl -verify newcert.pem
-
-/bin/rm -fr demoCA newcert.pem newreq.pem
+++ /dev/null
-$! TESTCA.COM
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$
-$ openssl = "mcr ''exe_dir'openssl"
-$
-$ SSLEAY_CONFIG="-config ""CAss.cnf"""
-$
-$ set noon
-$ if f$search("demoCA.dir") .nes. ""
-$ then
-$ @[-.util]deltree [.demoCA]*.*
-$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
-$ delete demoCA.dir;*
-$ endif
-$ set on
-$ open/read sys$ca_input VMSca-response.1
-$ @[-.apps]CA.com -input sys$ca_input -newca
-$ close sys$ca_input
-$ if $severity .ne. 1 then exit 3
-$
-$
-$ SSLEAY_CONFIG="-config ""Uss.cnf"""
-$ @[-.apps]CA.com -newreq
-$ if $severity .ne. 1 then exit 3
-$
-$
-$ SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
-$ open/read sys$ca_input VMSca-response.2
-$ @[-.apps]CA.com -input sys$ca_input -sign
-$ close sys$ca_input
-$ if $severity .ne. 1 then exit 3
-$
-$
-$ @[-.apps]CA.com -verify newcert.pem
-$ if $severity .ne. 1 then exit 3
-$
-$ set noon
-$ @[-.util]deltree [.demoCA]*.*
-$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
-$ delete demoCA.dir;*
-$ if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
-$ if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
-$ set on
-$! #usage: CA -newcert|-newreq|-newca|-sign|-verify
-$
-$ exit
+++ /dev/null
-#!/bin/sh
-
-testsrc=testenc
-test=./p
-
-cmd="../util/shlib_wrap.sh ../apps/openssl"
-
-cat $testsrc >$test;
-
-echo cat
-$cmd enc < $test > $test.cipher
-$cmd enc < $test.cipher >$test.clear
-cmp $test $test.clear || exit 1
-/bin/rm $test.cipher $test.clear
-
-echo base64
-$cmd enc -a -e < $test > $test.cipher
-$cmd enc -a -d < $test.cipher >$test.clear
-cmp $test $test.clear || exit 1
-/bin/rm $test.cipher $test.clear
-
-for i in `$cmd list -cipher-commands`
-do
- echo $i
- $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
- $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
- cmp $test $test.$i.clear || exit 1
- /bin/rm $test.$i.cipher $test.$i.clear
-
- echo $i base64
- $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
- $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
- cmp $test $test.$i.clear || exit 1
- /bin/rm $test.$i.cipher $test.$i.clear
-done
-rm -f $test
+++ /dev/null
-$! TESTENC.COM -- Test encoding and decoding
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p1 .eqs. 64) then __arch = __arch+ "_64"
-$
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$ testsrc = "makefile."
-$ test = "p.txt"
-$ cmd = "mcr ''exe_dir'openssl"
-$
-$ if f$search(test) .nes. "" then delete 'test';*
-$ convert/fdl=sys$input: 'testsrc' 'test'
-RECORD
- FORMAT STREAM_LF
-$
-$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
-$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
-$
-$ write sys$output "cat"
-$ 'cmd' enc -in 'test' -out 'test'-cipher
-$ 'cmd' enc -in 'test'-cipher -out 'test'-clear
-$ backup/compare 'test' 'test'-clear
-$ if $severity .ne. 1 then exit 3
-$ delete 'test'-cipher;*,'test'-clear;*
-$
-$ write sys$output "base64"
-$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher
-$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
-$ backup/compare 'test' 'test'-clear
-$ if $severity .ne. 1 then exit 3
-$ delete 'test'-cipher;*,'test'-clear;*
-$
-$ define/user sys$output 'test'-cipher-commands
-$ 'cmd' list -cipher-commands
-$ open/read f 'test'-cipher-commands
-$ loop_cipher_commands:
-$ read/end=loop_cipher_commands_end f i
-$ write sys$output i
-$
-$ if f$search(test+"-"+i+"-cipher") .nes. "" then -
- delete 'test'-'i'-cipher;*
-$ if f$search(test+"-"+i+"-clear") .nes. "" then -
- delete 'test'-'i'-clear;*
-$
-$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
-$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
-$ backup/compare 'test' 'test'-'i'-clear
-$ if $severity .ne. 1 then exit 3
-$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
-$
-$ write sys$output i," base64"
-$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
-$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
-$ backup/compare 'test' 'test'-'i'-clear
-$ if $severity .ne. 1 then exit 3
-$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
-$
-$ goto loop_cipher_commands
-$ loop_cipher_commands_end:
-$ close f
-$ delete 'test'-cipher-commands;*
-$ delete 'test';*
+++ /dev/null
-#!/bin/sh
-
-T=testcert
-KEY=512
-CA=../certs/testca.pem
-
-/bin/rm -f $T.1 $T.2 $T.key
-
-if test "$OSTYPE" = msdosdjgpp; then
- PATH=../apps\;$PATH;
-else
- PATH=../apps:$PATH;
-fi
-export PATH
-
-echo "generating certificate request"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
- req_new='-newkey dsa:../apps/dsa512.pem'
-else
- req_new='-new'
- echo "There should be a 2 sequences of .'s and some +'s."
- echo "There should not be more that at most 80 per line"
-fi
-
-rm -f testkey.pem testreq.pem
-
-echo Generating request
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem || exit 1
-
-echo Verifying signature on request
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout || exit 1
-
-exit 0
+++ /dev/null
-$! TESTGEN.COM
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$ if (p1 .eqs. 64) then __arch = __arch+ "_64"
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ T = "testcert"
-$ KEY = 512
-$ CA = "[-.certs]testca.pem"
-$
-$ set noon
-$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
-$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
-$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
-$ set on
-$
-$ write sys$output "generating certificate request"
-$
-$ append/new nl: .rnd
-$ open/append random_file .rnd
-$ write random_file -
- "string to make the random number generator think it has entropy"
-$ close random_file
-$
-$ set noon
-$ define/user sys$output nla0:
-$ mcr 'exe_dir'openssl no-rsa
-$ save_severity=$SEVERITY
-$ set on
-$ if save_severity
-$ then
-$ req_new="-newkey dsa:[-.apps]dsa512.pem"
-$ else
-$ req_new="-new"
-$ write sys$output -
- "There should be a 2 sequences of .'s and some +'s."
-$ write sys$output -
- "There should not be more that at most 80 per line"
-$ endif
-$
-$ write sys$output "This could take some time."
-$
-$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
-$ if $severity .ne. 1
-$ then
-$ write sys$output "problems creating request"
-$ exit 3
-$ endif
-$
-$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
-$ if $severity .ne. 1
-$ then
-$ write sys$output "signature on req is wrong"
-$ exit 3
-$ endif
+++ /dev/null
-#!/bin/sh
-
-digest='-sha1'
-reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
-x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
-verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
-dummycnf="../apps/openssl.cnf"
-
-CAkey="keyCA.ss"
-CAcert="certCA.ss"
-CAserial="certCA.srl"
-CAreq="reqCA.ss"
-CAconf="CAss.cnf"
-CAreq2="req2CA.ss" # temp
-
-Uconf="Uss.cnf"
-Ukey="keyU.ss"
-Ureq="reqU.ss"
-Ucert="certU.ss"
-
-Dkey="keyD.ss"
-Dreq="reqD.ss"
-Dcert="certD.ss"
-
-Ekey="keyE.ss"
-Ereq="reqE.ss"
-Ecert="certE.ss"
-
-P1conf="P1ss.cnf"
-P1key="keyP1.ss"
-P1req="reqP1.ss"
-P1cert="certP1.ss"
-P1intermediate="tmp_intP1.ss"
-
-P2conf="P2ss.cnf"
-P2key="keyP2.ss"
-P2req="reqP2.ss"
-P2cert="certP2.ss"
-P2intermediate="tmp_intP2.ss"
-
-
-echo string to make the random number generator think it has entropy >> ./.rnd
-
-req_dsa='-newkey dsa:../apps/dsa1024.pem'
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
- req_new=$req_dsa
-else
- req_new='-new'
-fi
-
-echo make cert request
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1
-
-echo convert request into self-signed cert
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1
-
-echo convert cert into a cert request
-$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1
-
-echo verify request 1
-$reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1
-
-echo verify request 1
-$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1
-
-echo verify signature
-$verifycmd -CAfile $CAcert $CAcert || exit 1
-
-echo make a user cert request
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1
-
-echo sign user cert request
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1
-$verifycmd -CAfile $CAcert $Ucert || exit 1
-
-echo Certificate details
-$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1
-
-if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
- echo skipping DSA certificate creation
-else
- echo make a DSA user cert request
- CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1
-
- echo sign DSA user cert request
- $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1
- $verifycmd -CAfile $CAcert $Dcert || exit 1
-
- echo DSA Certificate details
- $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1
-
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
- echo skipping ECDSA/ECDH certificate creation
-else
- echo make an ECDSA/ECDH user cert request
- ../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1
- CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1
-
- echo sign ECDSA/ECDH user cert request
- $x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1
- $verifycmd -CAfile $CAcert $Ecert || exit 1
-
- echo ECDSA Certificate details
- $x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1
-
-fi
-
-echo make a proxy cert request
-$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1
-
-echo sign proxy with user cert
-$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1
-
-cat $Ucert > $P1intermediate
-$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
-echo Certificate details
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
-
-echo make another proxy cert request
-$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1
-
-echo sign second proxy cert request with the first proxy cert
-$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1
-
-echo Certificate details
-cat $Ucert $P1cert > $P2intermediate
-$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
-
-echo The generated CA certificate is $CAcert
-echo The generated CA private key is $CAkey
-echo The generated user certificate is $Ucert
-echo The generated user private key is $Ukey
-echo The first generated proxy certificate is $P1cert
-echo The first generated proxy private key is $P1key
-echo The second generated proxy certificate is $P2cert
-echo The second generated proxy private key is $P2key
-
-/bin/rm err.ss
-exit 0
+++ /dev/null
-$! TESTSS.COM
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ digest="-md5"
-$ reqcmd = "mcr ''exe_dir'openssl req"
-$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
-$ verifycmd = "mcr ''exe_dir'openssl verify"
-$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
-$
-$ CAkey="""keyCA.ss"""
-$ CAcert="""certCA.ss"""
-$ CAreq="""reqCA.ss"""
-$ CAconf="""CAss.cnf"""
-$ CAreq2="""req2CA.ss""" ! temp
-$
-$ Uconf="""Uss.cnf"""
-$ Ukey="""keyU.ss"""
-$ Ureq="""reqU.ss"""
-$ Ucert="""certU.ss"""
-$
-$ write sys$output ""
-$ write sys$output "make a certificate request using 'req'"
-$
-$ set noon
-$ define/user sys$output nla0:
-$ mcr 'exe_dir'openssl no-rsa
-$ save_severity=$SEVERITY
-$ set on
-$ if save_severity
-$ then
-$ req_new="-newkey dsa:[-.apps]dsa512.pem"
-$ else
-$ req_new="-new"
-$ endif
-$
-$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
-$ if $severity .ne. 1
-$ then
-$ write sys$output "error using 'req' to generate a certificate request"
-$ exit 3
-$ endif
-$ write sys$output ""
-$ write sys$output "convert the certificate request into a self signed certificate using 'x509'"
-$ define /user sys$output err.ss
-$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
-$ if $severity .ne. 1
-$ then
-$ write sys$output "error using 'x509' to self sign a certificate request"
-$ exit 3
-$ endif
-$
-$ write sys$output ""
-$ write sys$output "convert a certificate into a certificate request using 'x509'"
-$ define /user sys$output err.ss
-$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
-$ if $severity .ne. 1
-$ then
-$ write sys$output "error using 'x509' convert a certificate to a certificate request"
-$ exit 3
-$ endif
-$
-$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
-$ if $severity .ne. 1
-$ then
-$ write sys$output "first generated request is invalid"
-$ exit 3
-$ endif
-$
-$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
-$ if $severity .ne. 1
-$ then
-$ write sys$output "second generated request is invalid"
-$ exit 3
-$ endif
-$
-$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert'
-$ if $severity .ne. 1
-$ then
-$ write sys$output "first generated cert is invalid"
-$ exit 3
-$ endif
-$
-$ write sys$output ""
-$ write sys$output "make another certificate request using 'req'"
-$ define /user sys$output err.ss
-$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
-$ if $severity .ne. 1
-$ then
-$ write sys$output "error using 'req' to generate a certificate request"
-$ exit 3
-$ endif
-$
-$ write sys$output ""
-$ write sys$output "sign certificate request with the just created CA via 'x509'"
-$ define /user sys$output err.ss
-$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
-$ if $severity .ne. 1
-$ then
-$ write sys$output "error using 'x509' to sign a certificate request"
-$ exit 3
-$ endif
-$
-$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert'
-$ write sys$output ""
-$ write sys$output "Certificate details"
-$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
-$
-$ write sys$output ""
-$ write sys$output "The generated CA certificate is ",CAcert
-$ write sys$output "The generated CA private key is ",CAkey
-$
-$ write sys$output "The generated user certificate is ",Ucert
-$ write sys$output "The generated user private key is ",Ukey
-$
-$ if f$search("err.ss;*") .nes. "" then delete err.ss;*
+++ /dev/null
-#!/bin/sh
-
-if [ "$1" = "" ]; then
- key=../apps/server.pem
-else
- key="$1"
-fi
-if [ "$2" = "" ]; then
- cert=../apps/server.pem
-else
- cert="$2"
-fi
-ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert"
-
-if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
- dsa_cert=YES
-else
- dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
- CA="-CApath ../certs"
-else
- CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
- extra=""
-else
- extra="$4"
-fi
-
-serverinfo="./serverinfo.pem"
-
-#############################################################################
-
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3
-$ssltest $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication
-$ssltest -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication
-$ssltest -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 via BIO pair
-$ssltest $extra || exit 1
-
-echo test dtlsv1
-$ssltest -dtls1 $extra || exit 1
-
-echo test dtlsv1 with server authentication
-$ssltest -dtls1 -server_auth $CA $extra || exit 1
-
-echo test dtlsv1 with client authentication
-$ssltest -dtls1 -client_auth $CA $extra || exit 1
-
-echo test dtlsv1 with both client and server authentication
-$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
-
-echo test dtlsv1.2
-$ssltest -dtls12 $extra || exit 1
-
-echo test dtlsv1.2 with server authentication
-$ssltest -dtls12 -server_auth $CA $extra || exit 1
-
-echo test dtlsv1.2 with client authentication
-$ssltest -dtls12 -client_auth $CA $extra || exit 1
-
-echo test dtlsv1.2 with both client and server authentication
-$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
- echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
- $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-test_cipher() {
- _cipher=$1
- echo "Testing $_cipher"
- prot=""
- if [ $2 = "SSLv3" ] ; then
- prot="-ssl3"
- fi
- _exarg=$3
- $ssltest $_exarg -cipher $_cipher $prot
- if [ $? -ne 0 ] ; then
- echo "Failed $_cipher"
- exit 1
- fi
-}
-
-echo "Testing ciphersuites"
-exkeys=""
-ciphers="-EXP:-PSK:-SRP:-kDH:-kECDHe"
-if ../util/shlib_wrap.sh ../apps/openssl no-dhparam >/dev/null; then
- echo "skipping DHE tests"
- ciphers="$ciphers:-kDHE"
-fi
-if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
- echo "skipping DSA tests"
- ciphers="$ciphers:-aDSA"
-else
- exkeys="$exkeys -s_cert certD.ss -s_key keyD.ss"
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
- echo "skipping EC tests"
- ciphers="$ciphers:!aECDSA:!kECDH"
-else
- exkeys="$exkeys -s_cert certE.ss -s_key keyE.ss"
-fi
-
-for protocol in TLSv1.2 SSLv3; do
- echo "Testing ciphersuites for $protocol"
- for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "$protocol:$ciphers" | tr ':' ' '`; do
- test_cipher $cipher $protocol "$exkeys"
- done
- echo "testing connection with weak DH, expecting failure"
- if [ $protocol = "SSLv3" ] ; then
- $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3
- else
- $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512
- fi
- if [ $? -eq 0 ]; then
- echo "FAIL: connection with weak DH succeeded"
- exit 1
- fi
-done
-
-#############################################################################
-
-if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
- echo skipping anonymous DH tests
-else
- echo test tls1 with 1024bit anonymous DH, multiple handshakes
- $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
- echo skipping RSA tests
-else
- echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
-
- if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then
- echo skipping RSA+DHE tests
- else
- echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
- fi
-fi
-
-echo test tls1 with PSK
-$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-echo test tls1 with PSK via BIO pair
-$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-#############################################################################
-# Next Protocol Negotiation Tests
-
-$ssltest -bio_pair -tls1 -npn_client || exit 1
-$ssltest -bio_pair -tls1 -npn_server || exit 1
-$ssltest -bio_pair -tls1 -npn_server_reject || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1
-$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1
-
-#############################################################################
-# Custom Extension tests
-
-echo test tls1 with custom extensions
-$ssltest -bio_pair -tls1 -custom_ext || exit 1
-
-#############################################################################
-# Serverinfo tests
-
-echo test tls1 with serverinfo
-$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1
-$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1
-$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1
-$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
-$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1
-
-
-#############################################################################
-# ALPN tests
-
-$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
-$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1
-$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1
-$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1
-$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1
-$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1
-$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1
-$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
-
-if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
- echo skipping SRP tests
-else
- echo test tls1 with SRP
- $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
-
- echo test tls1 with SRP via BIO pair
- $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1
-
- echo test tls1 with SRP auth
- $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
-
- echo test tls1 with SRP auth via BIO pair
- $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1
-fi
-
-#############################################################################
-# Multi-buffer tests
-
-if [ -z "$extra" -a `uname -m` = "x86_64" ]; then
- $ssltest -cipher AES128-SHA -bytes 8m || exit 1
- $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1
-fi
-
-exit 0
+++ /dev/null
-$! TESTSSL.COM
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ texe_dir = "sys$disk:[-.''__arch'.exe.test]"
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ if p1 .eqs. ""
-$ then
-$ key="[-.apps]server.pem"
-$ else
-$ key=p1
-$ endif
-$ if p2 .eqs. ""
-$ then
-$ cert="[-.apps]server.pem"
-$ else
-$ cert=p2
-$ endif
-$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
- " -cert ''cert' -c_key ''key' -c_cert ''cert'"
-$!
-$ set noon
-$ define/user sys$output testssl-x509-output.
-$ define/user sys$error nla0:
-$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
-$ define/user sys$error nla0:
-$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
-$ if $severity .eq. 1
-$ then
-$ dsa_cert = "YES"
-$ else
-$ dsa_cert = "NO"
-$ endif
-$ delete testssl-x509-output.;*
-$
-$ if p3 .eqs. ""
-$ then
-$ copy/concatenate [-.certs]*.pem certs.tmp
-$ CA = """-CAfile"" certs.tmp"
-$ else
-$ CA = """-CAfile"" "+p3
-$ endif
-$
-$!###########################################################################
-$
-$ write sys$output "test sslv3"
-$ 'ssltest' -ssl3
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv3 with server authentication"
-$ 'ssltest' -ssl3 -server_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv3 with client authentication"
-$ 'ssltest' -ssl3 -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv3 with both client and server authentication"
-$ 'ssltest' -ssl3 -server_auth -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3"
-$ 'ssltest'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 with server authentication"
-$ 'ssltest' -server_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 with client authentication"
-$ 'ssltest' -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 with both client and server authentication"
-$ 'ssltest' -server_auth -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv3 via BIO pair"
-$ 'ssltest' -bio_pair -ssl3
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv3 with server authentication via BIO pair"
-$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv3 with client authentication via BIO pair"
-$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-
-$ write sys$output "test sslv3 with both client and server authentication via BIO pair"
-$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 via BIO pair"
-$ 'ssltest'
-$ if $severity .ne. 1 then goto exit3
-$
-$ if .not. dsa_cert
-$ then
-$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
-$ 'ssltest' -bio_pair -no_dhe
-$ if $severity .ne. 1 then goto exit3
-$ endif
-$
-$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
-$ 'ssltest' -bio_pair -dhe1024dsa -v
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 with server authentication"
-$ 'ssltest' -bio_pair -server_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
-$ 'ssltest' -bio_pair -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
-$ 'ssltest' -bio_pair -server_auth -client_auth 'CA'
-$ if $severity .ne. 1 then goto exit3
-$
-$!###########################################################################
-$
-$ define/user sys$output nla0:
-$ mcr 'exe_dir'openssl no-rsa
-$ no_rsa=$SEVERITY
-$ define/user sys$output nla0:
-$ mcr 'exe_dir'openssl no-dhparam
-$ no_dh=$SEVERITY
-$
-$ if no_dh
-$ then
-$ write sys$output "skipping anonymous DH tests"
-$ else
-$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
-$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
-$ if $severity .ne. 1 then goto exit3
-$ endif
-$
-$ if no_rsa
-$ then
-$ write sys$output "skipping RSA tests"
-$ else
-$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
-$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
-$ if $severity .ne. 1 then goto exit3
-$
-$ if no_dh
-$ then
-$ write sys$output "skipping RSA+DHE tests"
-$ else
-$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
-$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
-$ if $severity .ne. 1 then goto exit3
-$ endif
-$ endif
-$
-$ RET = 1
-$ goto exit
-$ exit3:
-$ RET = 3
-$ exit:
-$ if p3 .eqs. "" then delete certs.tmp;*
-$ set on
-$ exit 'RET'
+++ /dev/null
-#! /bin/sh
-
-echo 'Testing a lot of proxy conditions.'
-echo 'Some of them may turn out being invalid, which is fine.'
-for auth in A B C BC; do
- for cond in A B C 'A|B&!C'; do
- sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
- if [ $? = 3 ]; then exit 1; fi
- done
-done
+++ /dev/null
-#!/bin/sh
-
-#
-# A few very basic tests for the 'ts' time stamping authority command.
-#
-
-SH="/bin/sh"
-if test "$OSTYPE" = msdosdjgpp; then
- PATH="../apps\;$PATH"
-else
- PATH="../apps:$PATH"
-fi
-export SH PATH
-
-OPENSSL_CONF="../CAtsa.cnf"
-export OPENSSL_CONF
-# Because that's what ../apps/CA.pl really looks at
-SSLEAY_CONFIG="-config $OPENSSL_CONF"
-export SSLEAY_CONFIG
-
-OPENSSL="`pwd`/../util/opensslwrap.sh"
-export OPENSSL
-
-RUN () {
- ../../util/shlib_wrap.sh ../../apps/openssl ts $*
-}
-
-create_tsa_cert () {
- INDEX=$1
- export INDEX
- EXT=$2
- TSDNSECT=ts_cert_dn
- export TSDNSECT
-
- ../../util/shlib_wrap.sh ../../apps/openssl req -new \
- -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1
- echo using extension $EXT
- ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
- -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
- -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
- -extfile $OPENSSL_CONF -extensions $EXT || exit 1
-}
-
-create_time_stamp_response () {
- RUN -reply -section $3 -queryfile $1 -out $2 || exit 1
-}
-
-verify_time_stamp_response () {
- RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
- -untrusted tsa_cert1.pem || exit 1
- RUN -verify -data $3 -in $2 -CAfile tsaca.pem \
- -untrusted tsa_cert1.pem || exit 1
-}
-
-verify_time_stamp_response_fail () {
- RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
- -untrusted tsa_cert1.pem && exit 1
- echo ok
-}
-
-# main functions
-
-echo setting up TSA test directory
-rm -rf tsa 2>/dev/null
-mkdir tsa
-cd ./tsa
-
-echo creating a new CA for the TSA tests
-TSDNSECT=ts_ca_dn
-export TSDNSECT
-../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
- -out tsaca.pem -keyout tsacakey.pem || exit 1
-
-echo creating tsa_cert1.pem TSA server cert
-create_tsa_cert 1 tsa_cert
-
-echo creating tsa_cert2.pem non-TSA server cert
-create_tsa_cert 2 non_tsa_cert
-
-echo creating req1.req time stamp request for file testtsa
-RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1
-
-echo printing req1.req
-RUN -query -in req1.tsq -text
-
-echo generating valid response for req1.req
-create_time_stamp_response req1.tsq resp1.tsr tsa_config1
-
-echo printing response
-RUN -reply -in resp1.tsr -text || exit 1
-
-echo verifying valid response
-verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
-
-echo verifying valid token
-RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1
-RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \
- -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
-RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \
- -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1
-
-echo creating req2.req time stamp request for file testtsa
-RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \
- -out req2.tsq || exit 1
-
-echo printing req2.req
-RUN -query -in req2.tsq -text
-
-echo generating valid response for req2.req
-create_time_stamp_response req2.tsq resp2.tsr tsa_config1
-
-echo checking -token_in and -token_out options with -reply
-RESPONSE2=resp2.tsr.copy.tsr
-TOKEN_DER=resp2.tsr.token.der
-RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1
-RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1
-cmp $RESPONSE2 resp2.tsr || exit 1
-RUN -reply -in resp2.tsr -text -token_out || exit 1
-RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1
-RUN -reply -queryfile req2.tsq -text -token_out || exit 1
-
-echo printing response
-RUN -reply -in resp2.tsr -text || exit 1
-
-echo verifying valid response
-verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
-
-echo verifying response against wrong request, it should fail
-verify_time_stamp_response_fail req1.tsq resp2.tsr
-
-echo verifying response against wrong request, it should fail
-verify_time_stamp_response_fail req2.tsq resp1.tsr
-
-echo creating req3.req time stamp request for file CAtsa.cnf
-RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1
-
-echo printing req3.req
-RUN -query -in req3.tsq -text
-
-echo verifying response against wrong request, it should fail
-verify_time_stamp_response_fail req3.tsq resp1.tsr
-
-echo cleaning up
-cd ..
-rm -rf tsa
-
-exit 0
+++ /dev/null
-$!
-$! A few very basic tests for the 'ts' time stamping authority command.
-$!
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
-$ OPENSSL_CONF = "[-]CAtsa.cnf"
-$ ! Because that's what ../apps/CA.pl really looks at
-$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF
-$
-$ error:
-$ subroutine
-$ write sys$error "TSA test failed!"
-$ exit 3
-$ endsubroutine
-$
-$ setup_dir:
-$ subroutine
-$
-$ if f$search("tsa.dir") .nes ""
-$ then
-$ @[-.util]deltree [.tsa]*.*
-$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$ delete tsa.dir;*
-$ endif
-$
-$ create/dir [.tsa]
-$ set default [.tsa]
-$ endsubroutine
-$
-$ clean_up_dir:
-$ subroutine
-$
-$ set default [-]
-$ @[-.util]deltree [.tsa]*.*
-$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$ delete tsa.dir;*
-$ endsubroutine
-$
-$ create_ca:
-$ subroutine
-$
-$ write sys$output "Creating a new CA for the TSA tests..."
-$ TSDNSECT = "ts_ca_dn"
-$ openssl req -new -x509 -nodes -
- -out tsaca.pem -keyout tsacakey.pem
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ create_tsa_cert:
-$ subroutine
-$
-$ INDEX=p1
-$ EXT=p2
-$ TSDNSECT = "ts_cert_dn"
-$
-$ openssl req -new -
- -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
-$ if $severity .ne. 1 then call error
-$
-$ write sys$output "Using extension ''EXT'"
-$ openssl x509 -req -
- -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
- "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
- -extfile 'OPENSSL_CONF' -extensions "''EXT'"
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ print_request:
-$ subroutine
-$
-$ openssl ts -query -in 'p1' -text
-$ endsubroutine
-$
-$ create_time_stamp_request1: subroutine
-$
-$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
- -cert -out req1.tsq
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ create_time_stamp_request2: subroutine
-$
-$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
- -no_nonce -out req2.tsq
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ create_time_stamp_request3: subroutine
-$
-$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ print_response:
-$ subroutine
-$
-$ openssl ts -reply -in 'p1' -text
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ create_time_stamp_response:
-$ subroutine
-$
-$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ time_stamp_response_token_test:
-$ subroutine
-$
-$ RESPONSE2 = p2+ "-copy_tsr"
-$ TOKEN_DER = p2+ "-token_der"
-$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
-$ if $severity .ne. 1 then call error
-$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
-$ if $severity .ne. 1 then call error
-$ backup/compare 'RESPONSE2' 'p2'
-$ if $severity .ne. 1 then call error
-$ openssl ts -reply -in 'p2' -text -token_out
-$ if $severity .ne. 1 then call error
-$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
-$ if $severity .ne. 1 then call error
-$ openssl ts -reply -queryfile 'p1' -text -token_out
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ verify_time_stamp_response:
-$ subroutine
-$
-$ openssl ts -verify -queryfile 'p1' -in 'p2' -
- "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$ if $severity .ne. 1 then call error
-$ openssl ts -verify -data 'p3' -in 'p2' -
- "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ verify_time_stamp_token:
-$ subroutine
-$
-$ ! create the token from the response first
-$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
-$ if $severity .ne. 1 then call error
-$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
- -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$ if $severity .ne. 1 then call error
-$ openssl ts -verify -data "''p3'" -in "''p2'-token" -
- -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$ if $severity .ne. 1 then call error
-$ endsubroutine
-$
-$ verify_time_stamp_response_fail:
-$ subroutine
-$
-$ openssl ts -verify -queryfile 'p1' -in 'p2' -
- "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$ ! Checks if the verification failed, as it should have.
-$ if $severity .eq. 1 then call error
-$ write sys$output "Ok"
-$ endsubroutine
-$
-$ ! Main body ----------------------------------------------------------
-$
-$ set noon
-$
-$ write sys$output "Setting up TSA test directory..."
-$ call setup_dir
-$
-$ write sys$output "Creating CA for TSA tests..."
-$ call create_ca
-$
-$ write sys$output "Creating tsa_cert1.pem TSA server cert..."
-$ call create_tsa_cert 1 "tsa_cert"
-$
-$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
-$ call create_tsa_cert 2 "non_tsa_cert"
-$
-$ write sys$output "Creating req1.req time stamp request for file testtsa..."
-$ call create_time_stamp_request1
-$
-$ write sys$output "Printing req1.req..."
-$ call print_request "req1.tsq"
-$
-$ write sys$output "Generating valid response for req1.req..."
-$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
-$
-$ write sys$output "Printing response..."
-$ call print_response "resp1.tsr"
-$
-$ write sys$output "Verifying valid response..."
-$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$ write sys$output "Verifying valid token..."
-$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$ ! The tests below are commented out, because invalid signer certificates
-$ ! can no longer be specified in the config file.
-$
-$ ! write sys$output "Generating _invalid_ response for req1.req..."
-$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
-$
-$ ! write sys$output "Printing response..."
-$ ! call print_response "resp1_bad.tsr"
-$
-$ ! write sys$output "Verifying invalid response, it should fail..."
-$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
-$
-$ write sys$output "Creating req2.req time stamp request for file testtsa..."
-$ call create_time_stamp_request2
-$
-$ write sys$output "Printing req2.req..."
-$ call print_request "req2.tsq"
-$
-$ write sys$output "Generating valid response for req2.req..."
-$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
-$
-$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
-$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
-$
-$ write sys$output "Printing response..."
-$ call print_response "resp2.tsr"
-$
-$ write sys$output "Verifying valid response..."
-$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
-$
-$ write sys$output "Verifying response against wrong request, it should fail..."
-$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
-$
-$ write sys$output "Verifying response against wrong request, it should fail..."
-$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
-$
-$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
-$ call create_time_stamp_request3
-$
-$ write sys$output "Printing req3.req..."
-$ call print_request "req3.tsq"
-$
-$ write sys$output "Verifying response against wrong request, it should fail..."
-$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
-$
-$ write sys$output "Cleaning up..."
-$ call clean_up_dir
-$
-$ set on
-$
-$ exit
+++ /dev/null
-#!/bin/sh
-
-t=$1
-ktype=$2
-ptype=$3
-
-if ../util/shlib_wrap.sh ../apps/openssl no-$ktype; then
- echo skipping $ktype $ptype conversion test
- exit 0
-fi
-
-if [ $ptype = "public" ]; then
- cmd="../util/shlib_wrap.sh ../apps/openssl $ktype -pubin -pubout"
-else
- cmd="../util/shlib_wrap.sh ../apps/openssl $ktype"
-fi
-
-echo testing $ktype $ptype conversions
-cp $t $ktype-fff.p
-
-echo "p -> d"
-$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1
-echo "p -> p"
-$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1
-
-echo "d -> d"
-$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1
-
-cmp $ktype-fff.p $ktype-f.p || exit 1
-cmp $ktype-fff.p $ktype-ff.p1 || exit 1
-cmp $ktype-fff.p $ktype-ff.p3 || exit 1
-cmp $ktype-f.p $ktype-ff.p1 || exit 1
-cmp $ktype-f.p $ktype-ff.p3 || exit 1
-
-/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.*
-
-[ $ptype = "public" ] && exit 0
-
-
-echo testing $ktype PKCS#8 conversions
-cmd="../util/shlib_wrap.sh ../apps/openssl pkey"
-
-$cmd -in $t -out $ktype-fff.p
-
-echo "p -> d"
-$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1
-echo "p -> p"
-$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1
-
-echo "d -> d"
-$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1
-
-cmp $ktype-fff.p $ktype-f.p || exit 1
-cmp $ktype-fff.p $ktype-ff.p1 || exit 1
-cmp $ktype-fff.p $ktype-ff.p3 || exit 1
-cmp $ktype-f.p $ktype-ff.p1 || exit 1
-cmp $ktype-f.p $ktype-ff.p3 || exit 1
-
-/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.*
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl'
-ocspdir="ocsp-tests"
-# 17 December 2012 so we don't get certificate expiry errors.
-check_time="-attime 1355875200"
-
-test_ocsp () {
-
- $cmd base64 -d -in $ocspdir/$1 | \
- $cmd ocsp -respin - -partial_chain $check_time \
- -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null
- [ $? != $3 ] && exit 1
-}
-
-
-echo "=== VALID OCSP RESPONSES ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp ND1.ors ND1_Issuer_ICA.pem 0
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ND2.ors ND2_Issuer_Root.pem 0
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp ND3.ors ND3_Issuer_Root.pem 0
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp D1.ors D1_Issuer_ICA.pem 0
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp D2.ors D2_Issuer_Root.pem 0
-echo "DELEGATED; Root CA -> EE"
-test_ocsp D3.ors D3_Issuer_Root.pem 0
-
-echo "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1
-
-echo "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1
-
-echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1
-
-echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1
-
-echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1
-
-echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1
-
-echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1
-
-echo "=== WRONG KEY in the ISSUER CERTIFICATE ==="
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1
-echo "DELEGATED; Root CA -> EE"
-test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1
-
-echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
-# Expect success, because we're explicitly trusting the issuer certificate.
-echo "NON-DELEGATED; Intermediate CA -> EE"
-test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0
-echo "NON-DELEGATED; Root CA -> Intermediate CA"
-test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0
-echo "NON-DELEGATED; Root CA -> EE"
-test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0
-echo "DELEGATED; Intermediate CA -> EE"
-test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0
-echo "DELEGATED; Root CA -> Intermediate CA"
-test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0
-echo "DELEGATED; Root CA -> EE"
-test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0
-
-echo "ALL OCSP TESTS SUCCESSFUL"
-exit 0
+++ /dev/null
-$! TOCSP.COM -- Test ocsp
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
-$ ocspdir = "ocsp-tests"
-$
-$! 17 December 2012 so we don't get certificate expiry errors.
-$ check_time="-attime 1355875200"
-$
-$ test_ocsp:
-$ subroutine
-$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
-$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
- "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
-$ if $severity .ne. p3+1
-$ then
-$ write sys$error "OCSP test failed!"
-$ exit 3
-$ endif
-$ endsubroutine
-$
-$ set noon
-$
-$ write sys$output "=== VALID OCSP RESPONSES ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
-$
-$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
-$
-$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
-$! Expect success, because we're explicitly trusting the issuer certificate.
-$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
-$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
-$ write sys$output "NON-DELEGATED; Root CA -> EE"
-$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
-$ write sys$output "DELEGATED; Intermediate CA -> EE"
-$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
-$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
-$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
-$ write sys$output "DELEGATED; Root CA -> EE"
-$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
-$
-$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
-$
-$ set on
-$
-$ exit
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testp7.pem
-fi
-
-echo testing pkcs7 conversions
-cp $t p7-fff.p
-
-echo "p -> d"
-$cmd -in p7-fff.p -inform p -outform d >p7-f.d || exit 1
-echo "p -> p"
-$cmd -in p7-fff.p -inform p -outform p >p7-f.p || exit 1
-
-echo "d -> d"
-$cmd -in p7-f.d -inform d -outform d >p7-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in p7-f.p -inform p -outform d >p7-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in p7-f.d -inform d -outform p >p7-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in p7-f.p -inform p -outform p >p7-ff.p3 || exit 1
-
-cmp p7-fff.p p7-f.p || exit 1
-cmp p7-fff.p p7-ff.p1 || exit 1
-cmp p7-fff.p p7-ff.p3 || exit 1
-cmp p7-f.p p7-ff.p1 || exit 1
-cmp p7-f.p p7-ff.p3 || exit 1
-
-/bin/rm -f p7-f.* p7-ff.* p7-fff.*
-exit 0
+++ /dev/null
-$! TPKCS7.COM -- Tests pkcs7 keys
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''exe_dir'openssl pkcs7"
-$
-$ t = "testp7.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing PKCS7 conversions"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare fff.p f.p
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=pkcs7-1.pem
-fi
-
-echo "testing pkcs7 conversions (2)"
-cp $t p7d-fff.p
-
-echo "p -> d"
-$cmd -in p7d-fff.p -inform p -outform d >p7d-f.d || exit 1
-echo "p -> p"
-$cmd -in p7d-fff.p -inform p -outform p >p7d-f.p || exit 1
-
-echo "d -> d"
-$cmd -in p7d-f.d -inform d -outform d >p7d-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in p7d-f.p -inform p -outform d >p7d-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in p7d-f.d -inform d -outform p >p7d-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in p7d-f.p -inform p -outform p >p7d-ff.p3 || exit 1
-
-cmp p7d-f.p p7d-ff.p1 || exit 1
-cmp p7d-f.p p7d-ff.p3 || exit 1
-
-/bin/rm -f p7d-f.* p7d-ff.* p7d-fff.*
-exit 0
+++ /dev/null
-$! TPKCS7.COM -- Tests pkcs7 keys
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''exe_dir'openssl pkcs7"
-$
-$ t = "pkcs7-1.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing PKCS7 conversions (2)"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testreq.pem
-fi
-
-if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
- echo "skipping req conversion test for $t"
- exit 0
-fi
-
-echo testing req conversions
-cp $t req-fff.p
-
-echo "p -> d"
-$cmd -in req-fff.p -inform p -outform d >req-f.d || exit 1
-echo "p -> p"
-$cmd -in req-fff.p -inform p -outform p >req-f.p || exit 1
-
-echo "d -> d"
-$cmd -verify -in req-f.d -inform d -outform d >req-ff.d1 || exit 1
-echo "p -> d"
-$cmd -verify -in req-f.p -inform p -outform d >req-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in req-f.d -inform d -outform p >req-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in req-f.p -inform p -outform p >req-ff.p3 || exit 1
-
-cmp req-fff.p req-f.p || exit 1
-cmp req-fff.p req-ff.p1 || exit 1
-cmp req-fff.p req-ff.p3 || exit 1
-cmp req-f.p req-ff.p1 || exit 1
-cmp req-f.p req-ff.p3 || exit 1
-
-/bin/rm -f req-f.* req-ff.* req-fff.*
-exit 0
+++ /dev/null
-$! TREQ.COM -- Tests req keys
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf"
-$
-$ t = "testreq.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing req conversions"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in fff.p -inform p -outform t -out f.t
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> d"
-$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$! write sys$output "d -> t"
-$! 'cmd' -in f.d -inform d -outform t -out ff.t1
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "t -> t"
-$! 'cmd' -in f.t -inform t -outform t -out ff.t2
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in f.p -inform p -outform t -out ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> p"
-$! 'cmd' -in f.t -inform t -outform p -out ff.p2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare fff.p f.p
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare fff.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$! backup/compare f.t ff.t1
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t2
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare f.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-$! TRSA.COM -- Tests rsa keys
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ set noon
-$ define/user sys$output nla0:
-$ mcr 'exe_dir'openssl no-rsa
-$ save_severity=$SEVERITY
-$ set on
-$ if save_severity
-$ then
-$ write sys$output "skipping RSA conversion test"
-$ exit
-$ endif
-$
-$ cmd = "mcr ''exe_dir'openssl rsa"
-$
-$ t = "testrsa.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing RSA conversions"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in fff.p -inform p -outform t -out f.t
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> d"
-$! 'cmd' -in f.t -inform t -outform d -out ff.d2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$! write sys$output "d -> t"
-$! 'cmd' -in f.d -inform d -outform t -out ff.t1
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "t -> t"
-$! 'cmd' -in f.t -inform t -outform t -out ff.t2
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in f.p -inform p -outform t -out ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> p"
-$! 'cmd' -in f.t -inform t -outform p -out ff.p2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare fff.p f.p
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare fff.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$! backup/compare f.t ff.t1
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t2
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare f.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testsid.pem
-fi
-
-echo testing session-id conversions
-cp $t sid-fff.p
-
-echo "p -> d"
-$cmd -in sid-fff.p -inform p -outform d >sid-f.d || exit 1
-echo "p -> p"
-$cmd -in sid-fff.p -inform p -outform p >sid-f.p || exit 1
-
-echo "d -> d"
-$cmd -in sid-f.d -inform d -outform d >sid-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in sid-f.p -inform p -outform d >sid-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in sid-f.d -inform d -outform p >sid-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in sid-f.p -inform p -outform p >sid-ff.p3 || exit 1
-
-cmp sid-fff.p sid-f.p || exit 1
-cmp sid-fff.p sid-ff.p1 || exit 1
-cmp sid-fff.p sid-ff.p3 || exit 1
-cmp sid-f.p sid-ff.p1 || exit 1
-cmp sid-f.p sid-ff.p3 || exit 1
-
-/bin/rm -f sid-f.* sid-ff.* sid-fff.*
-exit 0
+++ /dev/null
-$! TSID.COM -- Tests sid keys
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''exe_dir'openssl sess_id"
-$
-$ t = "testsid.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing session-id conversions"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in fff.p -inform p -outform t -out f.t
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> d"
-$! 'cmd' -in f.t -inform t -outform d -out ff.d2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$! write sys$output "d -> t"
-$! 'cmd' -in f.d -inform d -outform t -out ff.t1
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "t -> t"
-$! 'cmd' -in f.t -inform t -outform t -out ff.t2
-$! if $severity .ne. 1 then exit 3
-$! write sys$output "p -> t"
-$! 'cmd' -in f.p -inform p -outform t -out ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$! write sys$output "t -> p"
-$! 'cmd' -in f.t -inform t -outform p -out ff.p2
-$! if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare fff.p f.p
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare fff.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$! backup/compare f.t ff.t1
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t2
-$! if $severity .ne. 1 then exit 3
-$! backup/compare f.t ff.t3
-$! if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$! backup/compare f.p ff.p2
-$! if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
+++ /dev/null
-$! TVERIFY.COM
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ line_max = 255 ! Could be longer on modern non-VAX.
-$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
-$ cmd_len = f$length( cmd)
-$ pems = "[-.certs...]*.pem"
-$!
-$! Concatenate all the certificate files.
-$!
-$ copy /concatenate 'pems' 'temp_file_name'
-$!
-$! Loop through all the certificate files.
-$!
-$ args = ""
-$ old_f = ""
-$ loop_file:
-$ f = f$search( pems)
-$ if ((f .nes. "") .and. (f .nes. old_f))
-$ then
-$ old_f = f
-$!
-$! If this file name would over-extend the command line, then
-$! run the command now.
-$!
-$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
-$ then
-$ if (args .eqs. "") then goto disaster
-$ 'cmd''args'
-$ args = ""
-$ endif
-$! Add the next file to the argument list.
-$ args = args+ " "+ f
-$ else
-$! No more files in the list
-$ goto loop_file_end
-$ endif
-$ goto loop_file
-$ loop_file_end:
-$!
-$! Run the command for any left-over arguments.
-$!
-$ if (args .nes. "")
-$ then
-$ 'cmd''args'
-$ endif
-$!
-$! Delete the temporary file.
-$!
-$ if (f$search( "''temp_file_name';*") .nes. "") then -
- delete 'temp_file_name';*
-$!
-$ exit
-$!
-$ disaster:
-$ write sys$output " Command line too long. Doomed."
-$!
+++ /dev/null
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl x509'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testx509.pem
-fi
-
-echo testing X509 conversions
-cp $t x509-fff.p
-
-echo "p -> d"
-$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1
-echo "p -> p"
-$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1
-
-echo "d -> d"
-$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1
-echo "p -> d"
-$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1
-
-echo "d -> p"
-$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1
-echo "p -> p"
-$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1
-
-cmp x509-fff.p x509-f.p || exit 1
-cmp x509-fff.p x509-ff.p1 || exit 1
-cmp x509-fff.p x509-ff.p3 || exit 1
-
-cmp x509-f.p x509-ff.p1 || exit 1
-cmp x509-f.p x509-ff.p3 || exit 1
-
-/bin/rm -f x509-f.* x509-ff.* x509-fff.*
-exit 0
+++ /dev/null
-$! TX509.COM -- Tests x509 certificates
-$
-$ __arch = "VAX"
-$ if f$getsyi("cpu") .ge. 128 then -
- __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$ if __arch .eqs. "" then __arch = "UNK"
-$!
-$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$ cmd = "mcr ''exe_dir'openssl x509"
-$
-$ t = "testx509.pem"
-$ if p1 .nes. "" then t = p1
-$
-$ write sys$output "testing X509 conversions"
-$ if f$search("fff.*") .nes "" then delete fff.*;*
-$ if f$search("ff.*") .nes "" then delete ff.*;*
-$ if f$search("f.*") .nes "" then delete f.*;*
-$ convert/fdl=sys$input: 't' fff.p
-RECORD
- FORMAT STREAM_LF
-$
-$ write sys$output "p -> d"
-$ 'cmd' -in fff.p -inform p -outform d -out f.d
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> n"
-$ 'cmd' -in fff.p -inform p -outform n -out f.n
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in fff.p -inform p -outform p -out f.p
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> d"
-$ 'cmd' -in f.d -inform d -outform d -out ff.d1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "n -> d"
-$ 'cmd' -in f.n -inform n -outform d -out ff.d2
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> d"
-$ 'cmd' -in f.p -inform p -outform d -out ff.d3
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> n"
-$ 'cmd' -in f.d -inform d -outform n -out ff.n1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "n -> n"
-$ 'cmd' -in f.n -inform n -outform n -out ff.n2
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> n"
-$ 'cmd' -in f.p -inform p -outform n -out ff.n3
-$ if $severity .ne. 1 then exit 3
-$
-$ write sys$output "d -> p"
-$ 'cmd' -in f.d -inform d -outform p -out ff.p1
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "n -> p"
-$ 'cmd' -in f.n -inform n -outform p -out ff.p2
-$ if $severity .ne. 1 then exit 3
-$ write sys$output "p -> p"
-$ 'cmd' -in f.p -inform p -outform p -out ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare fff.p f.p
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p2
-$ if $severity .ne. 1 then exit 3
-$ backup/compare fff.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.n ff.n1
-$ if $severity .ne. 1 then exit 3
-$ backup/compare f.n ff.n2
-$ if $severity .ne. 1 then exit 3
-$ backup/compare f.n ff.n3
-$ if $severity .ne. 1 then exit 3
-$
-$ backup/compare f.p ff.p1
-$ if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p2
-$ if $severity .ne. 1 then exit 3
-$ backup/compare f.p ff.p3
-$ if $severity .ne. 1 then exit 3
-$
-$ delete f.*;*,ff.*;*,fff.*;*
projects / oweals / openssl.git / commitdiff