From: Richard Levitte Date: Tue, 21 Apr 2015 19:10:01 +0000 (+0200) Subject: Remove old testing scripts out of the way. X-Git-Tag: OpenSSL_1_1_0-pre1~671 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=71a4f2832c3fe02d026af8241767ee80f440e876;p=oweals%2Fopenssl.git Remove old testing scripts out of the way. For now, I'm moving them into Attic/. They will be removed later. Reviewed-by: Rich Salz --- diff --git a/test/Attic/VMSca-response.1 b/test/Attic/VMSca-response.1 new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/test/Attic/VMSca-response.1 @@ -0,0 +1 @@ + diff --git a/test/Attic/VMSca-response.2 b/test/Attic/VMSca-response.2 new file mode 100644 index 0000000000..9b48ee4cf9 --- /dev/null +++ b/test/Attic/VMSca-response.2 @@ -0,0 +1,2 @@ +y +y diff --git a/test/Attic/bctest b/test/Attic/bctest new file mode 100755 index 0000000000..bdb3218f7a --- /dev/null +++ b/test/Attic/bctest @@ -0,0 +1,111 @@ +#!/bin/sh + +# This script is used by test/Makefile.ssl to check whether a sane 'bc' +# is installed. +# ('make test_bn' should not try to run 'bc' if it does not exist or if +# it is a broken 'bc' version that is known to cause trouble.) +# +# If 'bc' works, we also test if it knows the 'print' command. +# +# In any case, output an appropriate command line for running (or not +# running) bc. + + +IFS=: +try_without_dir=true +# First we try "bc", then "$dir/bc" for each item in $PATH. +for dir in dummy:$PATH; do + if [ "$try_without_dir" = true ]; then + # first iteration + bc=bc + try_without_dir=false + else + # second and later iterations + bc="$dir/bc" + if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix + bc='' + fi + fi + + if [ ! "$bc" = '' ]; then + failure=none + + + # Test for SunOS 5.[78] bc bug + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +EOF + if [ 0 != "`cat tmp.bctest`" ]; then + failure=SunOStest + fi + + + if [ "$failure" = none ]; then + # Test for SCO bc bug. + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +EOF + if [ "0 +0" != "`cat tmp.bctest`" ]; then + failure=SCOtest + fi + fi + + + if [ "$failure" = none ]; then + # bc works; now check if it knows the 'print' command. + if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] + then + echo "$bc" + else + echo "sed 's/print.*//' | $bc" + fi + exit 0 + fi + + echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 + fi +done + +echo "No working bc found. Consider installing GNU bc." >&2 +if [ "$1" = ignore ]; then + echo "cat >/dev/null" + exit 0 +fi +exit 1 diff --git a/test/Attic/bctest.com b/test/Attic/bctest.com new file mode 100644 index 0000000000..d7e5ec139e --- /dev/null +++ b/test/Attic/bctest.com @@ -0,0 +1,152 @@ +$! +$! Check operation of "bc". +$! +$! 2010-04-05 SMS. New. Based (loosely) on "bctest". +$! +$! +$ tmp_file_name = "tmp.bctest" +$ failure = "" +$! +$! Basic command test. +$! +$ on warning then goto bc_fail +$ bc +$ on error then exit +$! +$! Test for SunOS 5.[78] bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +$ status = $status +$ output_expected = "0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SunOStest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for SCO bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +$ status = $status +$ output_expected = "0\0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SCOtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for working 'print' command. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +print "OK" +$ status = $status +$ output_expected = "OK" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "printtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$ if (failure .nes. "") +$ then +$ write sys$output - + "No working bc found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$ endif +$! +$ exit +$! +$! +$! Complete "bc" command failure. +$! +$ bc_fail: +$ write sys$output - + "No ""bc"" program/symbol found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$! +$! +$! Output check subroutine. +$! +$ check_output: +$ eof = 0 +$ line_nr = 0 +$ open /read tmp_file 'tmp_file_name' +$ c_o_loop: +$ read /error = error_read tmp_file line +$ goto ok_read +$ error_read: +$ eof = 1 +$ ok_read: +$ line_expected = f$element( line_nr, "\", output_expected) +$ line_nr = line_nr+ 1 +$ if ((line_expected .nes. "\") .and. (.not. eof) .and. - + (line_expected .eqs. line)) then goto c_o_loop +$! +$ if ((line_expected .eqs. "\") .and. eof) +$ then +$ output = 1 +$ else +$ output = 0 +$ endif +$ close tmp_file +$ return +$! diff --git a/test/Attic/bntest.com b/test/Attic/bntest.com new file mode 100644 index 0000000000..6545d2e5a5 --- /dev/null +++ b/test/Attic/bntest.com @@ -0,0 +1,76 @@ +$! +$! Analyze bntest output file. +$! +$! Exit status = 1 (success) if all tests passed, +$! 0 (warning) if any test failed. +$! +$! 2011-02-20 SMS. Added code to skip "#" comments in the input file. +$! +$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh. +$! +$! Expect data like: +$! test test_name1 +$! 0 +$! [...] +$! test test_name2 +$! 0 +$! [...] +$! [...] +$! +$! Some tests have no following "0" lines. +$! +$ result_file_name = f$edit( p1, "TRIM") +$ if (result_file_name .eqs. "") +$ then +$ result_file_name = "bntest-vms.out" +$ endif +$! +$ fail = 0 +$ passed = 0 +$ tests = 0 +$! +$ on control_c then goto tidy +$ on error then goto tidy +$! +$ open /read result_file 'result_file_name' +$! +$ read_loop: +$ read /end = read_loop_end /error = tidy result_file line +$ t1 = f$element( 0, " ", line) +$! +$! Skip "#" comment lines. +$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then - + goto read_loop +$! +$ if (t1 .eqs. "test") +$ then +$ passed = passed+ 1 +$ tests = tests+ 1 +$ fail = 1 +$ t2 = f$extract( 5, 1000, line) +$ write sys$output "verify ''t2'" +$ else +$ if (t1 .nes. "0") +$ then +$ write sys$output "Failed! bc: ''line'" +$ passed = passed- fail +$ fail = 0 +$ endif +$ endif +$ goto read_loop +$ read_loop_end: +$ write sys$output "''passed'/''tests' tests passed" +$! +$ tidy: +$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE") +$ then +$ close result_file +$ endif +$! +$ if ((tests .gt. 0) .and. (tests .eq. passed)) +$ then +$ exit 1 +$ else +$ exit 0 +$ endif +$! diff --git a/test/Attic/cms-test.pl b/test/Attic/cms-test.pl new file mode 100644 index 0000000000..1ee3f02e87 --- /dev/null +++ b/test/Attic/cms-test.pl @@ -0,0 +1,629 @@ +# test/cms-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# CMS, PKCS7 consistency test script. Run extensive tests on +# OpenSSL PKCS#7 and CMS implementations. + +my $ossl_path; +my $redir = " 2> cms.err > cms.out"; +# Make VMS work +if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { + $ossl_path = "pipe mcr OSSLX:openssl"; + $null_path = "NL:"; + # On VMS, the lowest 3 bits of the exit code indicates severity + # 1 is success (perl translates it to 0 for $?), 2 is error + # (perl doesn't translate it) + $failure_code = 512; # 2 << 8 = 512 +} +# Make MSYS work +elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { + $ossl_path = "cmd /c ..\\apps\\openssl"; + $null_path = "NUL"; + $failure_code = 256; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; + $null_path = "/dev/null"; + $failure_code = 256; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; + $null_path = "NUL"; + $failure_code = 256; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; + $null_path = "NUL"; + $failure_code = 256; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pk7cmd = "$ossl_path smime "; +my $cmscmd = "$ossl_path cms "; +my $smdir = "smime-certs"; +my $halt_err = 1; + +my $badcmd = 0; +my $no_ec; +my $no_ec2m; +my $no_ecdh; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; + +system ("$ossl_path no-cms > $null_path"); +if ($? == 0) + { + print "CMS disabled\n"; + exit 0; + } + +system ("$ossl_path no-ec > $null_path"); +if ($? == 0) + { + $no_ec = 1; + } +elsif ($? == $failure_code) + { + $no_ec = 0; + } +else + { + die "Error checking for EC support\n"; + } + +system ("$ossl_path no-ec2m > $null_path"); +if ($? == 0) + { + $no_ec2m = 1; + } +elsif ($? == $failure_code) + { + $no_ec2m = 0; + } +else + { + die "Error checking for EC2M support\n"; + } + +system ("$ossl_path no-ec > $null_path"); +if ($? == 0) + { + $no_ecdh = 1; + } +elsif ($? == $failure_code) + { + $no_ecdh = 0; + } +else + { + die "Error checking for ECDH support\n"; + } + +my @smime_pkcs7_tests = ( + + [ + "signed content DER format, RSA key", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -certfile $smdir/smroot.pem" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, RSA key", + "-sign -in smcont.txt -outform \"DER\"" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, RSA", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -stream -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content DER format, DSA key", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, DSA key", + "-sign -in smcont.txt -outform \"DER\"" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed detached content DER format, add RSA signer", + "-resign -inform \"DER\" -in test.cms -outform \"DER\"" + . " -signer $smdir/smrsa1.pem -out test2.cms", + "-verify -in test2.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, DSA key", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -stream -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", + "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, key only used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + "-encrypt -in smcont.txt" + . " -aes256 -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + +); + +my @smime_cms_tests = ( + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", + "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test\@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " \"-CAfile\" $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + ], + + [ + "data content test streaming PEM format", + "-data_create -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-data_out -in test.cms -inform PEM -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit RC2 key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 40 bit RC2 key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -rc2 -secretkey 0001020304" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 0001020304 -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, triple DES key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit AES key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + +); + +my @smime_cms_comp_tests = ( + + [ + "compressed content test streaming PEM format", + "-compress -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-uncompress -in test.cms -inform PEM -out smtst.txt" + ] + +); + +my @smime_cms_param_tests = ( + [ + "signed content test streaming PEM format, RSA keys, PSS signature", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", + "-sign -in smcont.txt -outform PEM -nodetach -noattr" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -keyopt rsa_mgf1_md:sha384 -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, OAEP default parameters", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, OAEP SHA256", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep" + . " -keyopt rsa_oaep_md:sha256", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec1.pem", + "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH, key identifier", + "-encrypt -keyid -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec1.pem", + "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256", + "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec2.pem -aes128" + . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1", + "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, X9.42 DH", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smdh.pem -aes128", + "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt" + ] +); + +print "CMS => PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); + +print "CMS <= PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); + +print "CMS <=> CMS consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); +run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); + +print "CMS <=> CMS consistency tests, modified key parameters\n"; +run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd ); + +if ( `$ossl_path version -f` =~ /ZLIB/ ) { + run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); +} +else { + print "Zlib not supported: compression tests skipped\n"; +} + +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + +if ($badcmd) { + print "$badcmd TESTS FAILED!!\n"; +} +else { + print "ALL TESTS SUCCESSFUL.\n"; +} + +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + +sub run_smime_tests { + my ( $rv, $aref, $scmd, $vcmd ) = @_; + + foreach $smtst (@$aref) { + my ( $tnam, $rscmd, $rvcmd ) = @$smtst; + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + if ($no_ec && $tnam =~ /ECDH/) + { + print "$tnam: skipped, EC disabled\n"; + next; + } + if ($no_ecdh && $tnam =~ /ECDH/) + { + print "$tnam: skipped, ECDH disabled\n"; + next; + } + if ($no_ec2m && $tnam =~ /K-283/) + { + print "$tnam: skipped, EC2M disabled\n"; + next; + } + system("$scmd$rscmd$redir"); + if ($?) { + print "$tnam: generation error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + system("$vcmd$rvcmd$redir"); + if ($?) { + print "$tnam: verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + print "$tnam: OK\n"; + } +} + +sub cmp_files { + use FileHandle; + my ( $f1, $f2 ) = @_; + my $fp1 = FileHandle->new(); + my $fp2 = FileHandle->new(); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/Attic/tcrl b/test/Attic/tcrl new file mode 100644 index 0000000000..951c9ddc11 --- /dev/null +++ b/test/Attic/tcrl @@ -0,0 +1,37 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl crl' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testcrl.pem +fi + +echo testing crl conversions +cp $t crl-fff.p + +echo "p -> d" +$cmd -in crl-fff.p -inform p -outform d >crl-f.d || exit 1 +echo "p -> p" +$cmd -in crl-fff.p -inform p -outform p >crl-f.p || exit 1 + +echo "d -> d" +$cmd -in crl-f.d -inform d -outform d >crl-ff.d1 || exit 1 +echo "p -> d" +$cmd -in crl-f.p -inform p -outform d >crl-ff.d3 || exit 1 + + +echo "d -> p" +$cmd -in crl-f.d -inform d -outform p >crl-ff.p1 || exit 1 +echo "p -> p" +$cmd -in crl-f.p -inform p -outform p >crl-ff.p3 || exit 1 + +cmp crl-fff.p crl-f.p || exit 1 +cmp crl-fff.p crl-ff.p1 || exit 1 +cmp crl-fff.p crl-ff.p3 || exit 1 +cmp crl-f.p crl-ff.p1 || exit 1 +cmp crl-f.p crl-ff.p3 || exit 1 + +/bin/rm -f crl-f.* crl-ff.* crl-fff.* +exit 0 diff --git a/test/Attic/tcrl.com b/test/Attic/tcrl.com new file mode 100644 index 0000000000..dd96a2b6dd --- /dev/null +++ b/test/Attic/tcrl.com @@ -0,0 +1,88 @@ +$! TCRL.COM -- Tests crl keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl crl" +$ +$ t = "testcrl.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing CRL conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/Attic/testca b/test/Attic/testca new file mode 100644 index 0000000000..452558bfc6 --- /dev/null +++ b/test/Attic/testca @@ -0,0 +1,31 @@ +#!/bin/sh + +set -e + +PERL="$1" + +if test "$OSTYPE" = msdosdjgpp; then + PATH="../apps\;$PATH" +else + PATH="../apps:$PATH" +fi +export PATH + +export SSLEAY_CONFIG OPENSSL + +/bin/rm -fr demoCA + +SSLEAY_CONFIG="-config CAss.cnf" +OPENSSL="`pwd`/../util/opensslwrap.sh" + +$PERL ../apps/CA.pl -newca $test; + +echo cat +$cmd enc < $test > $test.cipher +$cmd enc < $test.cipher >$test.clear +cmp $test $test.clear || exit 1 +/bin/rm $test.cipher $test.clear + +echo base64 +$cmd enc -a -e < $test > $test.cipher +$cmd enc -a -d < $test.cipher >$test.clear +cmp $test $test.clear || exit 1 +/bin/rm $test.cipher $test.clear + +for i in `$cmd list -cipher-commands` +do + echo $i + $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear || exit 1 + /bin/rm $test.$i.cipher $test.$i.clear + + echo $i base64 + $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear || exit 1 + /bin/rm $test.$i.cipher $test.$i.clear +done +rm -f $test diff --git a/test/Attic/testenc.com b/test/Attic/testenc.com new file mode 100644 index 0000000000..fcd66399d6 --- /dev/null +++ b/test/Attic/testenc.com @@ -0,0 +1,66 @@ +$! TESTENC.COM -- Test encoding and decoding +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" +$ +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ testsrc = "makefile." +$ test = "p.txt" +$ cmd = "mcr ''exe_dir'openssl" +$ +$ if f$search(test) .nes. "" then delete 'test';* +$ convert/fdl=sys$input: 'testsrc' 'test' +RECORD + FORMAT STREAM_LF +$ +$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* +$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* +$ +$ write sys$output "cat" +$ 'cmd' enc -in 'test' -out 'test'-cipher +$ 'cmd' enc -in 'test'-cipher -out 'test'-clear +$ backup/compare 'test' 'test'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-cipher;*,'test'-clear;* +$ +$ write sys$output "base64" +$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher +$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear +$ backup/compare 'test' 'test'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-cipher;*,'test'-clear;* +$ +$ define/user sys$output 'test'-cipher-commands +$ 'cmd' list -cipher-commands +$ open/read f 'test'-cipher-commands +$ loop_cipher_commands: +$ read/end=loop_cipher_commands_end f i +$ write sys$output i +$ +$ if f$search(test+"-"+i+"-cipher") .nes. "" then - + delete 'test'-'i'-cipher;* +$ if f$search(test+"-"+i+"-clear") .nes. "" then - + delete 'test'-'i'-clear;* +$ +$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher +$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear +$ backup/compare 'test' 'test'-'i'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* +$ +$ write sys$output i," base64" +$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher +$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear +$ backup/compare 'test' 'test'-'i'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* +$ +$ goto loop_cipher_commands +$ loop_cipher_commands_end: +$ close f +$ delete 'test'-cipher-commands;* +$ delete 'test';* diff --git a/test/Attic/testgen b/test/Attic/testgen new file mode 100644 index 0000000000..1140f8ac96 --- /dev/null +++ b/test/Attic/testgen @@ -0,0 +1,36 @@ +#!/bin/sh + +T=testcert +KEY=512 +CA=../certs/testca.pem + +/bin/rm -f $T.1 $T.2 $T.key + +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH; +else + PATH=../apps:$PATH; +fi +export PATH + +echo "generating certificate request" + +echo "string to make the random number generator think it has entropy" >> ./.rnd + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then + req_new='-newkey dsa:../apps/dsa512.pem' +else + req_new='-new' + echo "There should be a 2 sequences of .'s and some +'s." + echo "There should not be more that at most 80 per line" +fi + +rm -f testkey.pem testreq.pem + +echo Generating request +../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem || exit 1 + +echo Verifying signature on request +../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout || exit 1 + +exit 0 diff --git a/test/Attic/testgen.com b/test/Attic/testgen.com new file mode 100644 index 0000000000..e076da2f30 --- /dev/null +++ b/test/Attic/testgen.com @@ -0,0 +1,58 @@ +$! TESTGEN.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ T = "testcert" +$ KEY = 512 +$ CA = "[-.certs]testca.pem" +$ +$ set noon +$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;* +$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;* +$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;* +$ set on +$ +$ write sys$output "generating certificate request" +$ +$ append/new nl: .rnd +$ open/append random_file .rnd +$ write random_file - + "string to make the random number generator think it has entropy" +$ close random_file +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ write sys$output - + "There should be a 2 sequences of .'s and some +'s." +$ write sys$output - + "There should not be more that at most 80 per line" +$ endif +$ +$ write sys$output "This could take some time." +$ +$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem +$ if $severity .ne. 1 +$ then +$ write sys$output "problems creating request" +$ exit 3 +$ endif +$ +$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout +$ if $severity .ne. 1 +$ then +$ write sys$output "signature on req is wrong" +$ exit 3 +$ endif diff --git a/test/Attic/testss b/test/Attic/testss new file mode 100644 index 0000000000..45aedc859d --- /dev/null +++ b/test/Attic/testss @@ -0,0 +1,143 @@ +#!/bin/sh + +digest='-sha1' +reqcmd="../util/shlib_wrap.sh ../apps/openssl req" +x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" +verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" +dummycnf="../apps/openssl.cnf" + +CAkey="keyCA.ss" +CAcert="certCA.ss" +CAserial="certCA.srl" +CAreq="reqCA.ss" +CAconf="CAss.cnf" +CAreq2="req2CA.ss" # temp + +Uconf="Uss.cnf" +Ukey="keyU.ss" +Ureq="reqU.ss" +Ucert="certU.ss" + +Dkey="keyD.ss" +Dreq="reqD.ss" +Dcert="certD.ss" + +Ekey="keyE.ss" +Ereq="reqE.ss" +Ecert="certE.ss" + +P1conf="P1ss.cnf" +P1key="keyP1.ss" +P1req="reqP1.ss" +P1cert="certP1.ss" +P1intermediate="tmp_intP1.ss" + +P2conf="P2ss.cnf" +P2key="keyP2.ss" +P2req="reqP2.ss" +P2cert="certP2.ss" +P2intermediate="tmp_intP2.ss" + + +echo string to make the random number generator think it has entropy >> ./.rnd + +req_dsa='-newkey dsa:../apps/dsa1024.pem' + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then + req_new=$req_dsa +else + req_new='-new' +fi + +echo make cert request +$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1 + +echo convert request into self-signed cert +$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1 + +echo convert cert into a cert request +$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1 + +echo verify request 1 +$reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1 + +echo verify request 1 +$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1 + +echo verify signature +$verifycmd -CAfile $CAcert $CAcert || exit 1 + +echo make a user cert request +$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1 + +echo sign user cert request +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1 +$verifycmd -CAfile $CAcert $Ucert || exit 1 + +echo Certificate details +$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1 + +if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then + echo skipping DSA certificate creation +else + echo make a DSA user cert request + CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1 + + echo sign DSA user cert request + $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1 + $verifycmd -CAfile $CAcert $Dcert || exit 1 + + echo DSA Certificate details + $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1 + +fi + +if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then + echo skipping ECDSA/ECDH certificate creation +else + echo make an ECDSA/ECDH user cert request + ../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1 + CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1 + + echo sign ECDSA/ECDH user cert request + $x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1 + $verifycmd -CAfile $CAcert $Ecert || exit 1 + + echo ECDSA Certificate details + $x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1 + +fi + +echo make a proxy cert request +$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1 + +echo sign proxy with user cert +$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1 + +cat $Ucert > $P1intermediate +$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert +echo Certificate details +$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert + +echo make another proxy cert request +$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1 + +echo sign second proxy cert request with the first proxy cert +$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1 + +echo Certificate details +cat $Ucert $P1cert > $P2intermediate +$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert +$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert + +echo The generated CA certificate is $CAcert +echo The generated CA private key is $CAkey +echo The generated user certificate is $Ucert +echo The generated user private key is $Ukey +echo The first generated proxy certificate is $P1cert +echo The first generated proxy private key is $P1key +echo The second generated proxy certificate is $P2cert +echo The second generated proxy private key is $P2key + +/bin/rm err.ss +exit 0 diff --git a/test/Attic/testss.com b/test/Attic/testss.com new file mode 100644 index 0000000000..32a74d0fc2 --- /dev/null +++ b/test/Attic/testss.com @@ -0,0 +1,123 @@ +$! TESTSS.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ digest="-md5" +$ reqcmd = "mcr ''exe_dir'openssl req" +$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" +$ verifycmd = "mcr ''exe_dir'openssl verify" +$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" +$ +$ CAkey="""keyCA.ss""" +$ CAcert="""certCA.ss""" +$ CAreq="""reqCA.ss""" +$ CAconf="""CAss.cnf""" +$ CAreq2="""req2CA.ss""" ! temp +$ +$ Uconf="""Uss.cnf""" +$ Ukey="""keyU.ss""" +$ Ureq="""reqU.ss""" +$ Ucert="""certU.ss""" +$ +$ write sys$output "" +$ write sys$output "make a certificate request using 'req'" +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ endif +$ +$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'req' to generate a certificate request" +$ exit 3 +$ endif +$ write sys$output "" +$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" +$ define /user sys$output err.ss +$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'x509' to self sign a certificate request" +$ exit 3 +$ endif +$ +$ write sys$output "" +$ write sys$output "convert a certificate into a certificate request using 'x509'" +$ define /user sys$output err.ss +$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'x509' convert a certificate to a certificate request" +$ exit 3 +$ endif +$ +$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout +$ if $severity .ne. 1 +$ then +$ write sys$output "first generated request is invalid" +$ exit 3 +$ endif +$ +$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout +$ if $severity .ne. 1 +$ then +$ write sys$output "second generated request is invalid" +$ exit 3 +$ endif +$ +$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' +$ if $severity .ne. 1 +$ then +$ write sys$output "first generated cert is invalid" +$ exit 3 +$ endif +$ +$ write sys$output "" +$ write sys$output "make another certificate request using 'req'" +$ define /user sys$output err.ss +$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'req' to generate a certificate request" +$ exit 3 +$ endif +$ +$ write sys$output "" +$ write sys$output "sign certificate request with the just created CA via 'x509'" +$ define /user sys$output err.ss +$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'x509' to sign a certificate request" +$ exit 3 +$ endif +$ +$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' +$ write sys$output "" +$ write sys$output "Certificate details" +$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' +$ +$ write sys$output "" +$ write sys$output "The generated CA certificate is ",CAcert +$ write sys$output "The generated CA private key is ",CAkey +$ +$ write sys$output "The generated user certificate is ",Ucert +$ write sys$output "The generated user private key is ",Ukey +$ +$ if f$search("err.ss;*") .nes. "" then delete err.ss;* diff --git a/test/Attic/testssl b/test/Attic/testssl new file mode 100644 index 0000000000..d41a4bdf63 --- /dev/null +++ b/test/Attic/testssl @@ -0,0 +1,266 @@ +#!/bin/sh + +if [ "$1" = "" ]; then + key=../apps/server.pem +else + key="$1" +fi +if [ "$2" = "" ]; then + cert=../apps/server.pem +else + cert="$2" +fi +ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert" + +if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then + dsa_cert=YES +else + dsa_cert=NO +fi + +if [ "$3" = "" ]; then + CA="-CApath ../certs" +else + CA="-CAfile $3" +fi + +if [ "$4" = "" ]; then + extra="" +else + extra="$4" +fi + +serverinfo="./serverinfo.pem" + +############################################################################# + +echo test sslv3 +$ssltest -ssl3 $extra || exit 1 + +echo test sslv3 with server authentication +$ssltest -ssl3 -server_auth $CA $extra || exit 1 + +echo test sslv3 with client authentication +$ssltest -ssl3 -client_auth $CA $extra || exit 1 + +echo test sslv3 with both client and server authentication +$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 +$ssltest $extra || exit 1 + +echo test sslv2/sslv3 with server authentication +$ssltest -server_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with client authentication +$ssltest -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication +$ssltest -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv3 via BIO pair +$ssltest -bio_pair -ssl3 $extra || exit 1 + +echo test sslv3 with server authentication via BIO pair +$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 + +echo test sslv3 with client authentication via BIO pair +$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 + +echo test sslv3 with both client and server authentication via BIO pair +$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 via BIO pair +$ssltest $extra || exit 1 + +echo test dtlsv1 +$ssltest -dtls1 $extra || exit 1 + +echo test dtlsv1 with server authentication +$ssltest -dtls1 -server_auth $CA $extra || exit 1 + +echo test dtlsv1 with client authentication +$ssltest -dtls1 -client_auth $CA $extra || exit 1 + +echo test dtlsv1 with both client and server authentication +$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 + +echo test dtlsv1.2 +$ssltest -dtls12 $extra || exit 1 + +echo test dtlsv1.2 with server authentication +$ssltest -dtls12 -server_auth $CA $extra || exit 1 + +echo test dtlsv1.2 with client authentication +$ssltest -dtls12 -client_auth $CA $extra || exit 1 + +echo test dtlsv1.2 with both client and server authentication +$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1 + +if [ $dsa_cert = NO ]; then + echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' + $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 +fi + +echo test sslv2/sslv3 with 1024bit DHE via BIO pair +$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 + +echo test sslv2/sslv3 with server authentication +$ssltest -bio_pair -server_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with client authentication via BIO pair +$ssltest -bio_pair -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair +$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify +$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 + +test_cipher() { + _cipher=$1 + echo "Testing $_cipher" + prot="" + if [ $2 = "SSLv3" ] ; then + prot="-ssl3" + fi + _exarg=$3 + $ssltest $_exarg -cipher $_cipher $prot + if [ $? -ne 0 ] ; then + echo "Failed $_cipher" + exit 1 + fi +} + +echo "Testing ciphersuites" +exkeys="" +ciphers="-EXP:-PSK:-SRP:-kDH:-kECDHe" +if ../util/shlib_wrap.sh ../apps/openssl no-dhparam >/dev/null; then + echo "skipping DHE tests" + ciphers="$ciphers:-kDHE" +fi +if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then + echo "skipping DSA tests" + ciphers="$ciphers:-aDSA" +else + exkeys="$exkeys -s_cert certD.ss -s_key keyD.ss" +fi + +if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then + echo "skipping EC tests" + ciphers="$ciphers:!aECDSA:!kECDH" +else + exkeys="$exkeys -s_cert certE.ss -s_key keyE.ss" +fi + +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "$protocol:$ciphers" | tr ':' ' '`; do + test_cipher $cipher $protocol "$exkeys" + done + echo "testing connection with weak DH, expecting failure" + if [ $protocol = "SSLv3" ] ; then + $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3 + else + $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi +done + +############################################################################# + +if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then + echo skipping anonymous DH tests +else + echo test tls1 with 1024bit anonymous DH, multiple handshakes + $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 +fi + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then + echo skipping RSA tests +else + echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 + + if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then + echo skipping RSA+DHE tests + else + echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + fi +fi + +echo test tls1 with PSK +$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 + +echo test tls1 with PSK via BIO pair +$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 + +############################################################################# +# Next Protocol Negotiation Tests + +$ssltest -bio_pair -tls1 -npn_client || exit 1 +$ssltest -bio_pair -tls1 -npn_server || exit 1 +$ssltest -bio_pair -tls1 -npn_server_reject || exit 1 +$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1 +$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1 +$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1 +$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1 + +############################################################################# +# Custom Extension tests + +echo test tls1 with custom extensions +$ssltest -bio_pair -tls1 -custom_ext || exit 1 + +############################################################################# +# Serverinfo tests + +echo test tls1 with serverinfo +$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1 +$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1 +$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1 +$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1 +$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1 + + +############################################################################# +# ALPN tests + +$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1 +$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1 +$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1 +$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1 +$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1 +$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1 +$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1 +$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1 + +if ../util/shlib_wrap.sh ../apps/openssl no-srp; then + echo skipping SRP tests +else + echo test tls1 with SRP + $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 + + echo test tls1 with SRP via BIO pair + $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 + + echo test tls1 with SRP auth + $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 + + echo test tls1 with SRP auth via BIO pair + $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 +fi + +############################################################################# +# Multi-buffer tests + +if [ -z "$extra" -a `uname -m` = "x86_64" ]; then + $ssltest -cipher AES128-SHA -bytes 8m || exit 1 + $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1 +fi + +exit 0 diff --git a/test/Attic/testssl.com b/test/Attic/testssl.com new file mode 100644 index 0000000000..6f9b233e45 --- /dev/null +++ b/test/Attic/testssl.com @@ -0,0 +1,170 @@ +$! TESTSSL.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ texe_dir = "sys$disk:[-.''__arch'.exe.test]" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ if p1 .eqs. "" +$ then +$ key="[-.apps]server.pem" +$ else +$ key=p1 +$ endif +$ if p2 .eqs. "" +$ then +$ cert="[-.apps]server.pem" +$ else +$ cert=p2 +$ endif +$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ - + " -cert ''cert' -c_key ''key' -c_cert ''cert'" +$! +$ set noon +$ define/user sys$output testssl-x509-output. +$ define/user sys$error nla0: +$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout +$ define/user sys$error nla0: +$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact +$ if $severity .eq. 1 +$ then +$ dsa_cert = "YES" +$ else +$ dsa_cert = "NO" +$ endif +$ delete testssl-x509-output.;* +$ +$ if p3 .eqs. "" +$ then +$ copy/concatenate [-.certs]*.pem certs.tmp +$ CA = """-CAfile"" certs.tmp" +$ else +$ CA = """-CAfile"" "+p3 +$ endif +$ +$!########################################################################### +$ +$ write sys$output "test sslv3" +$ 'ssltest' -ssl3 +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with server authentication" +$ 'ssltest' -ssl3 -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with client authentication" +$ 'ssltest' -ssl3 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with both client and server authentication" +$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3" +$ 'ssltest' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with server authentication" +$ 'ssltest' -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with client authentication" +$ 'ssltest' -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with both client and server authentication" +$ 'ssltest' -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 via BIO pair" +$ 'ssltest' -bio_pair -ssl3 +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 + +$ write sys$output "test sslv3 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 via BIO pair" +$ 'ssltest' +$ if $severity .ne. 1 then goto exit3 +$ +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" +$ 'ssltest' -bio_pair -no_dhe +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" +$ 'ssltest' -bio_pair -dhe1024dsa -v +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with server authentication" +$ 'ssltest' -bio_pair -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$!########################################################################### +$ +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ no_rsa=$SEVERITY +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-dhparam +$ no_dh=$SEVERITY +$ +$ if no_dh +$ then +$ write sys$output "skipping anonymous DH tests" +$ else +$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" +$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ if no_rsa +$ then +$ write sys$output "skipping RSA tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ +$ if no_dh +$ then +$ write sys$output "skipping RSA+DHE tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ endif +$ +$ RET = 1 +$ goto exit +$ exit3: +$ RET = 3 +$ exit: +$ if p3 .eqs. "" then delete certs.tmp;* +$ set on +$ exit 'RET' diff --git a/test/Attic/testsslproxy b/test/Attic/testsslproxy new file mode 100644 index 0000000000..58bbda8ab7 --- /dev/null +++ b/test/Attic/testsslproxy @@ -0,0 +1,10 @@ +#! /bin/sh + +echo 'Testing a lot of proxy conditions.' +echo 'Some of them may turn out being invalid, which is fine.' +for auth in A B C BC; do + for cond in A B C 'A|B&!C'; do + sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" + if [ $? = 3 ]; then exit 1; fi + done +done diff --git a/test/Attic/testtsa b/test/Attic/testtsa new file mode 100644 index 0000000000..fc68ff906c --- /dev/null +++ b/test/Attic/testtsa @@ -0,0 +1,147 @@ +#!/bin/sh + +# +# A few very basic tests for the 'ts' time stamping authority command. +# + +SH="/bin/sh" +if test "$OSTYPE" = msdosdjgpp; then + PATH="../apps\;$PATH" +else + PATH="../apps:$PATH" +fi +export SH PATH + +OPENSSL_CONF="../CAtsa.cnf" +export OPENSSL_CONF +# Because that's what ../apps/CA.pl really looks at +SSLEAY_CONFIG="-config $OPENSSL_CONF" +export SSLEAY_CONFIG + +OPENSSL="`pwd`/../util/opensslwrap.sh" +export OPENSSL + +RUN () { + ../../util/shlib_wrap.sh ../../apps/openssl ts $* +} + +create_tsa_cert () { + INDEX=$1 + export INDEX + EXT=$2 + TSDNSECT=ts_cert_dn + export TSDNSECT + + ../../util/shlib_wrap.sh ../../apps/openssl req -new \ + -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1 + echo using extension $EXT + ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ + -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ + -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ + -extfile $OPENSSL_CONF -extensions $EXT || exit 1 +} + +create_time_stamp_response () { + RUN -reply -section $3 -queryfile $1 -out $2 || exit 1 +} + +verify_time_stamp_response () { + RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem || exit 1 + RUN -verify -data $3 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem || exit 1 +} + +verify_time_stamp_response_fail () { + RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem && exit 1 + echo ok +} + +# main functions + +echo setting up TSA test directory +rm -rf tsa 2>/dev/null +mkdir tsa +cd ./tsa + +echo creating a new CA for the TSA tests +TSDNSECT=ts_ca_dn +export TSDNSECT +../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ + -out tsaca.pem -keyout tsacakey.pem || exit 1 + +echo creating tsa_cert1.pem TSA server cert +create_tsa_cert 1 tsa_cert + +echo creating tsa_cert2.pem non-TSA server cert +create_tsa_cert 2 non_tsa_cert + +echo creating req1.req time stamp request for file testtsa +RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1 + +echo printing req1.req +RUN -query -in req1.tsq -text + +echo generating valid response for req1.req +create_time_stamp_response req1.tsq resp1.tsr tsa_config1 + +echo printing response +RUN -reply -in resp1.tsr -text || exit 1 + +echo verifying valid response +verify_time_stamp_response req1.tsq resp1.tsr ../testtsa + +echo verifying valid token +RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1 +RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1 +RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1 + +echo creating req2.req time stamp request for file testtsa +RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \ + -out req2.tsq || exit 1 + +echo printing req2.req +RUN -query -in req2.tsq -text + +echo generating valid response for req2.req +create_time_stamp_response req2.tsq resp2.tsr tsa_config1 + +echo checking -token_in and -token_out options with -reply +RESPONSE2=resp2.tsr.copy.tsr +TOKEN_DER=resp2.tsr.token.der +RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1 +RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1 +cmp $RESPONSE2 resp2.tsr || exit 1 +RUN -reply -in resp2.tsr -text -token_out || exit 1 +RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1 +RUN -reply -queryfile req2.tsq -text -token_out || exit 1 + +echo printing response +RUN -reply -in resp2.tsr -text || exit 1 + +echo verifying valid response +verify_time_stamp_response req2.tsq resp2.tsr ../testtsa + +echo verifying response against wrong request, it should fail +verify_time_stamp_response_fail req1.tsq resp2.tsr + +echo verifying response against wrong request, it should fail +verify_time_stamp_response_fail req2.tsq resp1.tsr + +echo creating req3.req time stamp request for file CAtsa.cnf +RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1 + +echo printing req3.req +RUN -query -in req3.tsq -text + +echo verifying response against wrong request, it should fail +verify_time_stamp_response_fail req3.tsq resp1.tsr + +echo cleaning up +cd .. +rm -rf tsa + +exit 0 diff --git a/test/Attic/testtsa.com b/test/Attic/testtsa.com new file mode 100644 index 0000000000..8503633e86 --- /dev/null +++ b/test/Attic/testtsa.com @@ -0,0 +1,255 @@ +$! +$! A few very basic tests for the 'ts' time stamping authority command. +$! +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ OPENSSL_CONF = "[-]CAtsa.cnf" +$ ! Because that's what ../apps/CA.pl really looks at +$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF +$ +$ error: +$ subroutine +$ write sys$error "TSA test failed!" +$ exit 3 +$ endsubroutine +$ +$ setup_dir: +$ subroutine +$ +$ if f$search("tsa.dir") .nes "" +$ then +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endif +$ +$ create/dir [.tsa] +$ set default [.tsa] +$ endsubroutine +$ +$ clean_up_dir: +$ subroutine +$ +$ set default [-] +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endsubroutine +$ +$ create_ca: +$ subroutine +$ +$ write sys$output "Creating a new CA for the TSA tests..." +$ TSDNSECT = "ts_ca_dn" +$ openssl req -new -x509 -nodes - + -out tsaca.pem -keyout tsacakey.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_tsa_cert: +$ subroutine +$ +$ INDEX=p1 +$ EXT=p2 +$ TSDNSECT = "ts_cert_dn" +$ +$ openssl req -new - + -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem +$ if $severity .ne. 1 then call error +$ +$ write sys$output "Using extension ''EXT'" +$ openssl x509 -req - + -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - + "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - + -extfile 'OPENSSL_CONF' -extensions "''EXT'" +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_request: +$ subroutine +$ +$ openssl ts -query -in 'p1' -text +$ endsubroutine +$ +$ create_time_stamp_request1: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - + -cert -out req1.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request2: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - + -no_nonce -out req2.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request3: subroutine +$ +$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_response: +$ subroutine +$ +$ openssl ts -reply -in 'p1' -text +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_response: +$ subroutine +$ +$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ time_stamp_response_token_test: +$ subroutine +$ +$ RESPONSE2 = p2+ "-copy_tsr" +$ TOKEN_DER = p2+ "-token_der" +$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' +$ if $severity .ne. 1 then call error +$ backup/compare 'RESPONSE2' 'p2' +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'p2' -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -queryfile 'p1' -text -token_out +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_token: +$ subroutine +$ +$ ! create the token from the response first +$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data "''p3'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response_fail: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ ! Checks if the verification failed, as it should have. +$ if $severity .eq. 1 then call error +$ write sys$output "Ok" +$ endsubroutine +$ +$ ! Main body ---------------------------------------------------------- +$ +$ set noon +$ +$ write sys$output "Setting up TSA test directory..." +$ call setup_dir +$ +$ write sys$output "Creating CA for TSA tests..." +$ call create_ca +$ +$ write sys$output "Creating tsa_cert1.pem TSA server cert..." +$ call create_tsa_cert 1 "tsa_cert" +$ +$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." +$ call create_tsa_cert 2 "non_tsa_cert" +$ +$ write sys$output "Creating req1.req time stamp request for file testtsa..." +$ call create_time_stamp_request1 +$ +$ write sys$output "Printing req1.req..." +$ call print_request "req1.tsq" +$ +$ write sys$output "Generating valid response for req1.req..." +$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" +$ +$ write sys$output "Printing response..." +$ call print_response "resp1.tsr" +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" +$ +$ write sys$output "Verifying valid token..." +$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" +$ +$ ! The tests below are commented out, because invalid signer certificates +$ ! can no longer be specified in the config file. +$ +$ ! write sys$output "Generating _invalid_ response for req1.req..." +$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" +$ +$ ! write sys$output "Printing response..." +$ ! call print_response "resp1_bad.tsr" +$ +$ ! write sys$output "Verifying invalid response, it should fail..." +$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" +$ +$ write sys$output "Creating req2.req time stamp request for file testtsa..." +$ call create_time_stamp_request2 +$ +$ write sys$output "Printing req2.req..." +$ call print_request "req2.tsq" +$ +$ write sys$output "Generating valid response for req2.req..." +$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" +$ +$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." +$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" +$ +$ write sys$output "Printing response..." +$ call print_response "resp2.tsr" +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" +$ +$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." +$ call create_time_stamp_request3 +$ +$ write sys$output "Printing req3.req..." +$ call print_request "req3.tsq" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" +$ +$ write sys$output "Cleaning up..." +$ call clean_up_dir +$ +$ set on +$ +$ exit diff --git a/test/Attic/tkey b/test/Attic/tkey new file mode 100644 index 0000000000..47ac1be8fc --- /dev/null +++ b/test/Attic/tkey @@ -0,0 +1,73 @@ +#!/bin/sh + +t=$1 +ktype=$2 +ptype=$3 + +if ../util/shlib_wrap.sh ../apps/openssl no-$ktype; then + echo skipping $ktype $ptype conversion test + exit 0 +fi + +if [ $ptype = "public" ]; then + cmd="../util/shlib_wrap.sh ../apps/openssl $ktype -pubin -pubout" +else + cmd="../util/shlib_wrap.sh ../apps/openssl $ktype" +fi + +echo testing $ktype $ptype conversions +cp $t $ktype-fff.p + +echo "p -> d" +$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1 +echo "p -> p" +$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1 + +echo "d -> d" +$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1 +echo "p -> d" +$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1 +echo "p -> p" +$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1 + +cmp $ktype-fff.p $ktype-f.p || exit 1 +cmp $ktype-fff.p $ktype-ff.p1 || exit 1 +cmp $ktype-fff.p $ktype-ff.p3 || exit 1 +cmp $ktype-f.p $ktype-ff.p1 || exit 1 +cmp $ktype-f.p $ktype-ff.p3 || exit 1 + +/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.* + +[ $ptype = "public" ] && exit 0 + + +echo testing $ktype PKCS#8 conversions +cmd="../util/shlib_wrap.sh ../apps/openssl pkey" + +$cmd -in $t -out $ktype-fff.p + +echo "p -> d" +$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1 +echo "p -> p" +$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1 + +echo "d -> d" +$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1 +echo "p -> d" +$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1 +echo "p -> p" +$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1 + +cmp $ktype-fff.p $ktype-f.p || exit 1 +cmp $ktype-fff.p $ktype-ff.p1 || exit 1 +cmp $ktype-fff.p $ktype-ff.p3 || exit 1 +cmp $ktype-f.p $ktype-ff.p1 || exit 1 +cmp $ktype-f.p $ktype-ff.p3 || exit 1 + +/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.* diff --git a/test/Attic/tocsp b/test/Attic/tocsp new file mode 100644 index 0000000000..5fc291ca6e --- /dev/null +++ b/test/Attic/tocsp @@ -0,0 +1,147 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl' +ocspdir="ocsp-tests" +# 17 December 2012 so we don't get certificate expiry errors. +check_time="-attime 1355875200" + +test_ocsp () { + + $cmd base64 -d -in $ocspdir/$1 | \ + $cmd ocsp -respin - -partial_chain $check_time \ + -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null + [ $? != $3 ] && exit 1 +} + + +echo "=== VALID OCSP RESPONSES ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp ND1.ors ND1_Issuer_ICA.pem 0 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp ND2.ors ND2_Issuer_Root.pem 0 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp ND3.ors ND3_Issuer_Root.pem 0 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp D1.ors D1_Issuer_ICA.pem 0 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp D2.ors D2_Issuer_Root.pem 0 +echo "DELEGATED; Root CA -> EE" +test_ocsp D3.ors D3_Issuer_Root.pem 0 + +echo "=== INVALID SIGNATURE on the OCSP RESPONSE ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1 + +echo "=== WRONG RESPONDERID in the OCSP RESPONSE ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1 + +echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1 + +echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1 + +echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1 + +echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1 + +echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1 + +echo "=== WRONG KEY in the ISSUER CERTIFICATE ===" +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1 +echo "DELEGATED; Root CA -> EE" +test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1 + +echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" +# Expect success, because we're explicitly trusting the issuer certificate. +echo "NON-DELEGATED; Intermediate CA -> EE" +test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0 +echo "NON-DELEGATED; Root CA -> Intermediate CA" +test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0 +echo "NON-DELEGATED; Root CA -> EE" +test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0 +echo "DELEGATED; Intermediate CA -> EE" +test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0 +echo "DELEGATED; Root CA -> Intermediate CA" +test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0 +echo "DELEGATED; Root CA -> EE" +test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0 + +echo "ALL OCSP TESTS SUCCESSFUL" +exit 0 diff --git a/test/Attic/tocsp.com b/test/Attic/tocsp.com new file mode 100644 index 0000000000..97253fe464 --- /dev/null +++ b/test/Attic/tocsp.com @@ -0,0 +1,165 @@ +$! TOCSP.COM -- Test ocsp +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ ocspdir = "ocsp-tests" +$ +$! 17 December 2012 so we don't get certificate expiry errors. +$ check_time="-attime 1355875200" +$ +$ test_ocsp: +$ subroutine +$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin +$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' - + "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0: +$ if $severity .ne. p3+1 +$ then +$ write sys$error "OCSP test failed!" +$ exit 3 +$ endif +$ endsubroutine +$ +$ set noon +$ +$ write sys$output "=== VALID OCSP RESPONSES ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0 +$ +$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" +$! Expect success, because we're explicitly trusting the issuer certificate. +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0 +$ +$ write sys$output "ALL OCSP TESTS SUCCESSFUL" +$ +$ set on +$ +$ exit diff --git a/test/Attic/tpkcs7 b/test/Attic/tpkcs7 new file mode 100644 index 0000000000..91e304bb67 --- /dev/null +++ b/test/Attic/tpkcs7 @@ -0,0 +1,36 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testp7.pem +fi + +echo testing pkcs7 conversions +cp $t p7-fff.p + +echo "p -> d" +$cmd -in p7-fff.p -inform p -outform d >p7-f.d || exit 1 +echo "p -> p" +$cmd -in p7-fff.p -inform p -outform p >p7-f.p || exit 1 + +echo "d -> d" +$cmd -in p7-f.d -inform d -outform d >p7-ff.d1 || exit 1 +echo "p -> d" +$cmd -in p7-f.p -inform p -outform d >p7-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in p7-f.d -inform d -outform p >p7-ff.p1 || exit 1 +echo "p -> p" +$cmd -in p7-f.p -inform p -outform p >p7-ff.p3 || exit 1 + +cmp p7-fff.p p7-f.p || exit 1 +cmp p7-fff.p p7-ff.p1 || exit 1 +cmp p7-fff.p p7-ff.p3 || exit 1 +cmp p7-f.p p7-ff.p1 || exit 1 +cmp p7-f.p p7-ff.p3 || exit 1 + +/bin/rm -f p7-f.* p7-ff.* p7-fff.* +exit 0 diff --git a/test/Attic/tpkcs7.com b/test/Attic/tpkcs7.com new file mode 100644 index 0000000000..3fc4982bb0 --- /dev/null +++ b/test/Attic/tpkcs7.com @@ -0,0 +1,59 @@ +$! TPKCS7.COM -- Tests pkcs7 keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl pkcs7" +$ +$ t = "testp7.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing PKCS7 conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/Attic/tpkcs7d b/test/Attic/tpkcs7d new file mode 100644 index 0000000000..c5077da80f --- /dev/null +++ b/test/Attic/tpkcs7d @@ -0,0 +1,33 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=pkcs7-1.pem +fi + +echo "testing pkcs7 conversions (2)" +cp $t p7d-fff.p + +echo "p -> d" +$cmd -in p7d-fff.p -inform p -outform d >p7d-f.d || exit 1 +echo "p -> p" +$cmd -in p7d-fff.p -inform p -outform p >p7d-f.p || exit 1 + +echo "d -> d" +$cmd -in p7d-f.d -inform d -outform d >p7d-ff.d1 || exit 1 +echo "p -> d" +$cmd -in p7d-f.p -inform p -outform d >p7d-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in p7d-f.d -inform d -outform p >p7d-ff.p1 || exit 1 +echo "p -> p" +$cmd -in p7d-f.p -inform p -outform p >p7d-ff.p3 || exit 1 + +cmp p7d-f.p p7d-ff.p1 || exit 1 +cmp p7d-f.p p7d-ff.p3 || exit 1 + +/bin/rm -f p7d-f.* p7d-ff.* p7d-fff.* +exit 0 diff --git a/test/Attic/tpkcs7d.com b/test/Attic/tpkcs7d.com new file mode 100644 index 0000000000..eea8c888ee --- /dev/null +++ b/test/Attic/tpkcs7d.com @@ -0,0 +1,52 @@ +$! TPKCS7.COM -- Tests pkcs7 keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl pkcs7" +$ +$ t = "pkcs7-1.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing PKCS7 conversions (2)" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/Attic/treq b/test/Attic/treq new file mode 100644 index 0000000000..2062d76fb9 --- /dev/null +++ b/test/Attic/treq @@ -0,0 +1,41 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testreq.pem +fi + +if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then + echo "skipping req conversion test for $t" + exit 0 +fi + +echo testing req conversions +cp $t req-fff.p + +echo "p -> d" +$cmd -in req-fff.p -inform p -outform d >req-f.d || exit 1 +echo "p -> p" +$cmd -in req-fff.p -inform p -outform p >req-f.p || exit 1 + +echo "d -> d" +$cmd -verify -in req-f.d -inform d -outform d >req-ff.d1 || exit 1 +echo "p -> d" +$cmd -verify -in req-f.p -inform p -outform d >req-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in req-f.d -inform d -outform p >req-ff.p1 || exit 1 +echo "p -> p" +$cmd -in req-f.p -inform p -outform p >req-ff.p3 || exit 1 + +cmp req-fff.p req-f.p || exit 1 +cmp req-fff.p req-ff.p1 || exit 1 +cmp req-fff.p req-ff.p3 || exit 1 +cmp req-f.p req-ff.p1 || exit 1 +cmp req-f.p req-ff.p3 || exit 1 + +/bin/rm -f req-f.* req-ff.* req-fff.* +exit 0 diff --git a/test/Attic/treq.com b/test/Attic/treq.com new file mode 100644 index 0000000000..acf08b79ef --- /dev/null +++ b/test/Attic/treq.com @@ -0,0 +1,88 @@ +$! TREQ.COM -- Tests req keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf" +$ +$ t = "testreq.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing req conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/Attic/trsa.com b/test/Attic/trsa.com new file mode 100644 index 0000000000..54180843ee --- /dev/null +++ b/test/Attic/trsa.com @@ -0,0 +1,99 @@ +$! TRSA.COM -- Tests rsa keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping RSA conversion test" +$ exit +$ endif +$ +$ cmd = "mcr ''exe_dir'openssl rsa" +$ +$ t = "testrsa.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing RSA conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/Attic/tsid b/test/Attic/tsid new file mode 100644 index 0000000000..546efb732a --- /dev/null +++ b/test/Attic/tsid @@ -0,0 +1,36 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testsid.pem +fi + +echo testing session-id conversions +cp $t sid-fff.p + +echo "p -> d" +$cmd -in sid-fff.p -inform p -outform d >sid-f.d || exit 1 +echo "p -> p" +$cmd -in sid-fff.p -inform p -outform p >sid-f.p || exit 1 + +echo "d -> d" +$cmd -in sid-f.d -inform d -outform d >sid-ff.d1 || exit 1 +echo "p -> d" +$cmd -in sid-f.p -inform p -outform d >sid-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in sid-f.d -inform d -outform p >sid-ff.p1 || exit 1 +echo "p -> p" +$cmd -in sid-f.p -inform p -outform p >sid-ff.p3 || exit 1 + +cmp sid-fff.p sid-f.p || exit 1 +cmp sid-fff.p sid-ff.p1 || exit 1 +cmp sid-fff.p sid-ff.p3 || exit 1 +cmp sid-f.p sid-ff.p1 || exit 1 +cmp sid-f.p sid-ff.p3 || exit 1 + +/bin/rm -f sid-f.* sid-ff.* sid-fff.* +exit 0 diff --git a/test/Attic/tsid.com b/test/Attic/tsid.com new file mode 100644 index 0000000000..b6c4e49473 --- /dev/null +++ b/test/Attic/tsid.com @@ -0,0 +1,88 @@ +$! TSID.COM -- Tests sid keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl sess_id" +$ +$ t = "testsid.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing session-id conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/Attic/tverify.com b/test/Attic/tverify.com new file mode 100644 index 0000000000..d888344637 --- /dev/null +++ b/test/Attic/tverify.com @@ -0,0 +1,65 @@ +$! TVERIFY.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" +$! +$ line_max = 255 ! Could be longer on modern non-VAX. +$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" +$ cmd_len = f$length( cmd) +$ pems = "[-.certs...]*.pem" +$! +$! Concatenate all the certificate files. +$! +$ copy /concatenate 'pems' 'temp_file_name' +$! +$! Loop through all the certificate files. +$! +$ args = "" +$ old_f = "" +$ loop_file: +$ f = f$search( pems) +$ if ((f .nes. "") .and. (f .nes. old_f)) +$ then +$ old_f = f +$! +$! If this file name would over-extend the command line, then +$! run the command now. +$! +$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max) +$ then +$ if (args .eqs. "") then goto disaster +$ 'cmd''args' +$ args = "" +$ endif +$! Add the next file to the argument list. +$ args = args+ " "+ f +$ else +$! No more files in the list +$ goto loop_file_end +$ endif +$ goto loop_file +$ loop_file_end: +$! +$! Run the command for any left-over arguments. +$! +$ if (args .nes. "") +$ then +$ 'cmd''args' +$ endif +$! +$! Delete the temporary file. +$! +$ if (f$search( "''temp_file_name';*") .nes. "") then - + delete 'temp_file_name';* +$! +$ exit +$! +$ disaster: +$ write sys$output " Command line too long. Doomed." +$! diff --git a/test/Attic/tx509 b/test/Attic/tx509 new file mode 100644 index 0000000000..dc9abc680d --- /dev/null +++ b/test/Attic/tx509 @@ -0,0 +1,37 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl x509' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testx509.pem +fi + +echo testing X509 conversions +cp $t x509-fff.p + +echo "p -> d" +$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1 +echo "p -> p" +$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1 + +echo "d -> d" +$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1 +echo "p -> d" +$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1 + +echo "d -> p" +$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1 +echo "p -> p" +$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1 + +cmp x509-fff.p x509-f.p || exit 1 +cmp x509-fff.p x509-ff.p1 || exit 1 +cmp x509-fff.p x509-ff.p3 || exit 1 + +cmp x509-f.p x509-ff.p1 || exit 1 +cmp x509-f.p x509-ff.p3 || exit 1 + +/bin/rm -f x509-f.* x509-ff.* x509-fff.* +exit 0 diff --git a/test/Attic/tx509.com b/test/Attic/tx509.com new file mode 100644 index 0000000000..93ce988b41 --- /dev/null +++ b/test/Attic/tx509.com @@ -0,0 +1,88 @@ +$! TX509.COM -- Tests x509 certificates +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl x509" +$ +$ t = "testx509.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing X509 conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> n" +$ 'cmd' -in fff.p -inform p -outform n -out f.n +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "n -> d" +$ 'cmd' -in f.n -inform n -outform d -out ff.d2 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> n" +$ 'cmd' -in f.d -inform d -outform n -out ff.n1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "n -> n" +$ 'cmd' -in f.n -inform n -outform n -out ff.n2 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> n" +$ 'cmd' -in f.p -inform p -outform n -out ff.n3 +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "n -> p" +$ 'cmd' -in f.n -inform n -outform p -out ff.p2 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p2 +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.n ff.n1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.n ff.n2 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.n ff.n3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p2 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/VMSca-response.1 b/test/VMSca-response.1 deleted file mode 100644 index 8b13789179..0000000000 --- a/test/VMSca-response.1 +++ /dev/null @@ -1 +0,0 @@ - diff --git a/test/VMSca-response.2 b/test/VMSca-response.2 deleted file mode 100644 index 9b48ee4cf9..0000000000 --- a/test/VMSca-response.2 +++ /dev/null @@ -1,2 +0,0 @@ -y -y diff --git a/test/bctest b/test/bctest deleted file mode 100755 index bdb3218f7a..0000000000 --- a/test/bctest +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -# This script is used by test/Makefile.ssl to check whether a sane 'bc' -# is installed. -# ('make test_bn' should not try to run 'bc' if it does not exist or if -# it is a broken 'bc' version that is known to cause trouble.) -# -# If 'bc' works, we also test if it knows the 'print' command. -# -# In any case, output an appropriate command line for running (or not -# running) bc. - - -IFS=: -try_without_dir=true -# First we try "bc", then "$dir/bc" for each item in $PATH. -for dir in dummy:$PATH; do - if [ "$try_without_dir" = true ]; then - # first iteration - bc=bc - try_without_dir=false - else - # second and later iterations - bc="$dir/bc" - if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix - bc='' - fi - fi - - if [ ! "$bc" = '' ]; then - failure=none - - - # Test for SunOS 5.[78] bc bug - "$bc" >tmp.bctest <<\EOF -obase=16 -ibase=16 -a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ -CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ -10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ -C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ -3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ -4FC3CADF855448B24A9D7640BCF473E -b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ -9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ -8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ -3ED0E2017D60A68775B75481449 -(a/b)*b + (a%b) - a -EOF - if [ 0 != "`cat tmp.bctest`" ]; then - failure=SunOStest - fi - - - if [ "$failure" = none ]; then - # Test for SCO bc bug. - "$bc" >tmp.bctest <<\EOF -obase=16 -ibase=16 --FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ -9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ -11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ -1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ -AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ -F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ -B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ -02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ -85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ -A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ -E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ -8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ -04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ -89C8D71 -AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ -928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ -8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ -37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ -E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ -F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ -9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ -D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ -5296964 -EOF - if [ "0 -0" != "`cat tmp.bctest`" ]; then - failure=SCOtest - fi - fi - - - if [ "$failure" = none ]; then - # bc works; now check if it knows the 'print' command. - if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] - then - echo "$bc" - else - echo "sed 's/print.*//' | $bc" - fi - exit 0 - fi - - echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 - fi -done - -echo "No working bc found. Consider installing GNU bc." >&2 -if [ "$1" = ignore ]; then - echo "cat >/dev/null" - exit 0 -fi -exit 1 diff --git a/test/bctest.com b/test/bctest.com deleted file mode 100644 index d7e5ec139e..0000000000 --- a/test/bctest.com +++ /dev/null @@ -1,152 +0,0 @@ -$! -$! Check operation of "bc". -$! -$! 2010-04-05 SMS. New. Based (loosely) on "bctest". -$! -$! -$ tmp_file_name = "tmp.bctest" -$ failure = "" -$! -$! Basic command test. -$! -$ on warning then goto bc_fail -$ bc -$ on error then exit -$! -$! Test for SunOS 5.[78] bc bug. -$! -$ if (failure .eqs. "") -$ then -$! -$ define /user_mode sys$output 'tmp_file_name' -$ bc -obase=16 -ibase=16 -a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ -CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ -10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ -C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ -3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ -4FC3CADF855448B24A9D7640BCF473E -b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ -9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ -8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ -3ED0E2017D60A68775B75481449 -(a/b)*b + (a%b) - a -$ status = $status -$ output_expected = "0" -$ gosub check_output -$ if (output .ne. 1) -$ then -$ failure = "SunOStest" -$ else -$ delete 'f$parse( tmp_file_name)' -$ endif -$ endif -$! -$! Test for SCO bc bug. -$! -$ if (failure .eqs. "") -$ then -$! -$ define /user_mode sys$output 'tmp_file_name' -$ bc -obase=16 -ibase=16 --FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ -9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ -11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ -1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ -AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ -F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ -B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ -02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ -85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ -A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ -E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ -8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ -04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ -89C8D71 -AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ -928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ -8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ -37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ -E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ -F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ -9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ -D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ -5296964 -$ status = $status -$ output_expected = "0\0" -$ gosub check_output -$ if (output .ne. 1) -$ then -$ failure = "SCOtest" -$ else -$ delete 'f$parse( tmp_file_name)' -$ endif -$ endif -$! -$! Test for working 'print' command. -$! -$ if (failure .eqs. "") -$ then -$! -$ define /user_mode sys$output 'tmp_file_name' -$ bc -print "OK" -$ status = $status -$ output_expected = "OK" -$ gosub check_output -$ if (output .ne. 1) -$ then -$ failure = "printtest" -$ else -$ delete 'f$parse( tmp_file_name)' -$ endif -$ endif -$! -$ if (failure .nes. "") -$ then -$ write sys$output - - "No working bc found. Consider installing GNU bc." -$ exit %X00030000 ! %DCL-W-NORMAL -$ endif -$! -$ exit -$! -$! -$! Complete "bc" command failure. -$! -$ bc_fail: -$ write sys$output - - "No ""bc"" program/symbol found. Consider installing GNU bc." -$ exit %X00030000 ! %DCL-W-NORMAL -$! -$! -$! Output check subroutine. -$! -$ check_output: -$ eof = 0 -$ line_nr = 0 -$ open /read tmp_file 'tmp_file_name' -$ c_o_loop: -$ read /error = error_read tmp_file line -$ goto ok_read -$ error_read: -$ eof = 1 -$ ok_read: -$ line_expected = f$element( line_nr, "\", output_expected) -$ line_nr = line_nr+ 1 -$ if ((line_expected .nes. "\") .and. (.not. eof) .and. - - (line_expected .eqs. line)) then goto c_o_loop -$! -$ if ((line_expected .eqs. "\") .and. eof) -$ then -$ output = 1 -$ else -$ output = 0 -$ endif -$ close tmp_file -$ return -$! diff --git a/test/bntest.com b/test/bntest.com deleted file mode 100644 index 6545d2e5a5..0000000000 --- a/test/bntest.com +++ /dev/null @@ -1,76 +0,0 @@ -$! -$! Analyze bntest output file. -$! -$! Exit status = 1 (success) if all tests passed, -$! 0 (warning) if any test failed. -$! -$! 2011-02-20 SMS. Added code to skip "#" comments in the input file. -$! -$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh. -$! -$! Expect data like: -$! test test_name1 -$! 0 -$! [...] -$! test test_name2 -$! 0 -$! [...] -$! [...] -$! -$! Some tests have no following "0" lines. -$! -$ result_file_name = f$edit( p1, "TRIM") -$ if (result_file_name .eqs. "") -$ then -$ result_file_name = "bntest-vms.out" -$ endif -$! -$ fail = 0 -$ passed = 0 -$ tests = 0 -$! -$ on control_c then goto tidy -$ on error then goto tidy -$! -$ open /read result_file 'result_file_name' -$! -$ read_loop: -$ read /end = read_loop_end /error = tidy result_file line -$ t1 = f$element( 0, " ", line) -$! -$! Skip "#" comment lines. -$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then - - goto read_loop -$! -$ if (t1 .eqs. "test") -$ then -$ passed = passed+ 1 -$ tests = tests+ 1 -$ fail = 1 -$ t2 = f$extract( 5, 1000, line) -$ write sys$output "verify ''t2'" -$ else -$ if (t1 .nes. "0") -$ then -$ write sys$output "Failed! bc: ''line'" -$ passed = passed- fail -$ fail = 0 -$ endif -$ endif -$ goto read_loop -$ read_loop_end: -$ write sys$output "''passed'/''tests' tests passed" -$! -$ tidy: -$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE") -$ then -$ close result_file -$ endif -$! -$ if ((tests .gt. 0) .and. (tests .eq. passed)) -$ then -$ exit 1 -$ else -$ exit 0 -$ endif -$! diff --git a/test/cms-test.pl b/test/cms-test.pl deleted file mode 100644 index 1ee3f02e87..0000000000 --- a/test/cms-test.pl +++ /dev/null @@ -1,629 +0,0 @@ -# test/cms-test.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# CMS, PKCS7 consistency test script. Run extensive tests on -# OpenSSL PKCS#7 and CMS implementations. - -my $ossl_path; -my $redir = " 2> cms.err > cms.out"; -# Make VMS work -if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { - $ossl_path = "pipe mcr OSSLX:openssl"; - $null_path = "NL:"; - # On VMS, the lowest 3 bits of the exit code indicates severity - # 1 is success (perl translates it to 0 for $?), 2 is error - # (perl doesn't translate it) - $failure_code = 512; # 2 << 8 = 512 -} -# Make MSYS work -elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { - $ossl_path = "cmd /c ..\\apps\\openssl"; - $null_path = "NUL"; - $failure_code = 256; -} -elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { - $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; - $null_path = "/dev/null"; - $failure_code = 256; -} -elsif ( -f "..\\out32dll\\openssl.exe" ) { - $ossl_path = "..\\out32dll\\openssl.exe"; - $null_path = "NUL"; - $failure_code = 256; -} -elsif ( -f "..\\out32\\openssl.exe" ) { - $ossl_path = "..\\out32\\openssl.exe"; - $null_path = "NUL"; - $failure_code = 256; -} -else { - die "Can't find OpenSSL executable"; -} - -my $pk7cmd = "$ossl_path smime "; -my $cmscmd = "$ossl_path cms "; -my $smdir = "smime-certs"; -my $halt_err = 1; - -my $badcmd = 0; -my $no_ec; -my $no_ec2m; -my $no_ecdh; -my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; - -system ("$ossl_path no-cms > $null_path"); -if ($? == 0) - { - print "CMS disabled\n"; - exit 0; - } - -system ("$ossl_path no-ec > $null_path"); -if ($? == 0) - { - $no_ec = 1; - } -elsif ($? == $failure_code) - { - $no_ec = 0; - } -else - { - die "Error checking for EC support\n"; - } - -system ("$ossl_path no-ec2m > $null_path"); -if ($? == 0) - { - $no_ec2m = 1; - } -elsif ($? == $failure_code) - { - $no_ec2m = 0; - } -else - { - die "Error checking for EC2M support\n"; - } - -system ("$ossl_path no-ec > $null_path"); -if ($? == 0) - { - $no_ecdh = 1; - } -elsif ($? == $failure_code) - { - $no_ecdh = 0; - } -else - { - die "Error checking for ECDH support\n"; - } - -my @smime_pkcs7_tests = ( - - [ - "signed content DER format, RSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -certfile $smdir/smroot.pem" - . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed detached content DER format, RSA key", - "-sign -in smcont.txt -outform \"DER\"" - . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content DER format, DSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed detached content DER format, DSA key", - "-sign -in smcont.txt -outform \"DER\"" - . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed detached content DER format, add RSA signer", - "-resign -inform \"DER\" -in test.cms -outform \"DER\"" - . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "enveloped content test streaming S/MIME format, 3 recipients", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, 3 recipients, key only used", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", - "-encrypt -in smcont.txt" - . " -aes256 -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - -); - -my @smime_cms_tests = ( - - [ - "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming PEM format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform PEM -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform PEM " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content MIME format, RSA key, signed receipt request", - "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" - . " -receipt_request_to test\@openssl.org -receipt_request_all" - . " -out test.cms", - "-verify -in test.cms " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed receipt MIME format, RSA key", - "-sign_receipt -in test.cms" - . " -signer $smdir/smrsa2.pem" - . " -out test2.cms", - "-verify_receipt test2.cms -in test.cms" - . " \"-CAfile\" $smdir/smroot.pem" - ], - - [ - "enveloped content test streaming S/MIME format, 3 recipients, keyid", - "-encrypt -in smcont.txt" - . " -stream -out test.cms -keyid" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ - "enveloped content test streaming PEM format, KEK", - "-encrypt -in smcont.txt -outform PEM -aes128" - . " -stream -out test.cms " - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0", - "-decrypt -in test.cms -out smtst.txt -inform PEM" - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0" - ], - - [ - "enveloped content test streaming PEM format, KEK, key only", - "-encrypt -in smcont.txt -outform PEM -aes128" - . " -stream -out test.cms " - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0", - "-decrypt -in test.cms -out smtst.txt -inform PEM" - . " -secretkey 000102030405060708090A0B0C0D0E0F " - ], - - [ - "data content test streaming PEM format", - "-data_create -in smcont.txt -outform PEM -nodetach" - . " -stream -out test.cms", - "-data_out -in test.cms -inform PEM -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 128 bit RC2 key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 40 bit RC2 key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -rc2 -secretkey 0001020304" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 0001020304 -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, triple DES key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" - . " -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 128 bit AES key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" - ], - -); - -my @smime_cms_comp_tests = ( - - [ - "compressed content test streaming PEM format", - "-compress -in smcont.txt -outform PEM -nodetach" - . " -stream -out test.cms", - "-uncompress -in test.cms -inform PEM -out smtst.txt" - ] - -); - -my @smime_cms_param_tests = ( - [ - "signed content test streaming PEM format, RSA keys, PSS signature", - "-sign -in smcont.txt -outform PEM -nodetach" - . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" - . " -out test.cms", - "-verify -in test.cms -inform PEM " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", - "-sign -in smcont.txt -outform PEM -nodetach -noattr" - . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" - . " -out test.cms", - "-verify -in test.cms -inform PEM " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", - "-sign -in smcont.txt -outform PEM -nodetach" - . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" - . " -keyopt rsa_mgf1_md:sha384 -out test.cms", - "-verify -in test.cms -inform PEM " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, OAEP default parameters", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, OAEP SHA256", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep" - . " -keyopt rsa_oaep_md:sha256", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, ECDH", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smec1.pem", - "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, ECDH, key identifier", - "-encrypt -keyid -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smec1.pem", - "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256", - "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smec2.pem -aes128" - . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1", - "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, X9.42 DH", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " -recip $smdir/smdh.pem -aes128", - "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt" - ] -); - -print "CMS => PKCS#7 compatibility tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); - -print "CMS <= PKCS#7 compatibility tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); - -print "CMS <=> CMS consistency tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); -run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); - -print "CMS <=> CMS consistency tests, modified key parameters\n"; -run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd ); - -if ( `$ossl_path version -f` =~ /ZLIB/ ) { - run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); -} -else { - print "Zlib not supported: compression tests skipped\n"; -} - -print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); - -if ($badcmd) { - print "$badcmd TESTS FAILED!!\n"; -} -else { - print "ALL TESTS SUCCESSFUL.\n"; -} - -unlink "test.cms"; -unlink "test2.cms"; -unlink "smtst.txt"; -unlink "cms.out"; -unlink "cms.err"; - -sub run_smime_tests { - my ( $rv, $aref, $scmd, $vcmd ) = @_; - - foreach $smtst (@$aref) { - my ( $tnam, $rscmd, $rvcmd ) = @$smtst; - if ($ossl8) - { - # Skip smime resign: 0.9.8 smime doesn't support -resign - next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); - # Disable streaming: option not supported in 0.9.8 - $tnam =~ s/streaming//; - $rscmd =~ s/-stream//; - $rvcmd =~ s/-stream//; - } - if ($no_ec && $tnam =~ /ECDH/) - { - print "$tnam: skipped, EC disabled\n"; - next; - } - if ($no_ecdh && $tnam =~ /ECDH/) - { - print "$tnam: skipped, ECDH disabled\n"; - next; - } - if ($no_ec2m && $tnam =~ /K-283/) - { - print "$tnam: skipped, EC2M disabled\n"; - next; - } - system("$scmd$rscmd$redir"); - if ($?) { - print "$tnam: generation error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - system("$vcmd$rvcmd$redir"); - if ($?) { - print "$tnam: verify error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - if (!cmp_files("smtst.txt", "smcont.txt")) { - print "$tnam: content verify error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - print "$tnam: OK\n"; - } -} - -sub cmp_files { - use FileHandle; - my ( $f1, $f2 ) = @_; - my $fp1 = FileHandle->new(); - my $fp2 = FileHandle->new(); - - my ( $rd1, $rd2 ); - - if ( !open( $fp1, "<$f1" ) ) { - print STDERR "Can't Open file $f1\n"; - return 0; - } - - if ( !open( $fp2, "<$f2" ) ) { - print STDERR "Can't Open file $f2\n"; - return 0; - } - - binmode $fp1; - binmode $fp2; - - my $ret = 0; - - for ( ; ; ) { - $n1 = sysread $fp1, $rd1, 4096; - $n2 = sysread $fp2, $rd2, 4096; - last if ( $n1 != $n2 ); - last if ( $rd1 ne $rd2 ); - - if ( $n1 == 0 ) { - $ret = 1; - last; - } - - } - - close $fp1; - close $fp2; - - return $ret; - -} - diff --git a/test/tcrl b/test/tcrl deleted file mode 100644 index 951c9ddc11..0000000000 --- a/test/tcrl +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl crl' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testcrl.pem -fi - -echo testing crl conversions -cp $t crl-fff.p - -echo "p -> d" -$cmd -in crl-fff.p -inform p -outform d >crl-f.d || exit 1 -echo "p -> p" -$cmd -in crl-fff.p -inform p -outform p >crl-f.p || exit 1 - -echo "d -> d" -$cmd -in crl-f.d -inform d -outform d >crl-ff.d1 || exit 1 -echo "p -> d" -$cmd -in crl-f.p -inform p -outform d >crl-ff.d3 || exit 1 - - -echo "d -> p" -$cmd -in crl-f.d -inform d -outform p >crl-ff.p1 || exit 1 -echo "p -> p" -$cmd -in crl-f.p -inform p -outform p >crl-ff.p3 || exit 1 - -cmp crl-fff.p crl-f.p || exit 1 -cmp crl-fff.p crl-ff.p1 || exit 1 -cmp crl-fff.p crl-ff.p3 || exit 1 -cmp crl-f.p crl-ff.p1 || exit 1 -cmp crl-f.p crl-ff.p3 || exit 1 - -/bin/rm -f crl-f.* crl-ff.* crl-fff.* -exit 0 diff --git a/test/tcrl.com b/test/tcrl.com deleted file mode 100644 index dd96a2b6dd..0000000000 --- a/test/tcrl.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TCRL.COM -- Tests crl keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl crl" -$ -$ t = "testcrl.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing CRL conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/testca b/test/testca deleted file mode 100644 index 452558bfc6..0000000000 --- a/test/testca +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -set -e - -PERL="$1" - -if test "$OSTYPE" = msdosdjgpp; then - PATH="../apps\;$PATH" -else - PATH="../apps:$PATH" -fi -export PATH - -export SSLEAY_CONFIG OPENSSL - -/bin/rm -fr demoCA - -SSLEAY_CONFIG="-config CAss.cnf" -OPENSSL="`pwd`/../util/opensslwrap.sh" - -$PERL ../apps/CA.pl -newca $test; - -echo cat -$cmd enc < $test > $test.cipher -$cmd enc < $test.cipher >$test.clear -cmp $test $test.clear || exit 1 -/bin/rm $test.cipher $test.clear - -echo base64 -$cmd enc -a -e < $test > $test.cipher -$cmd enc -a -d < $test.cipher >$test.clear -cmp $test $test.clear || exit 1 -/bin/rm $test.cipher $test.clear - -for i in `$cmd list -cipher-commands` -do - echo $i - $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher - $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear - cmp $test $test.$i.clear || exit 1 - /bin/rm $test.$i.cipher $test.$i.clear - - echo $i base64 - $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher - $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear - cmp $test $test.$i.clear || exit 1 - /bin/rm $test.$i.cipher $test.$i.clear -done -rm -f $test diff --git a/test/testenc.com b/test/testenc.com deleted file mode 100644 index fcd66399d6..0000000000 --- a/test/testenc.com +++ /dev/null @@ -1,66 +0,0 @@ -$! TESTENC.COM -- Test encoding and decoding -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. 64) then __arch = __arch+ "_64" -$ -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ testsrc = "makefile." -$ test = "p.txt" -$ cmd = "mcr ''exe_dir'openssl" -$ -$ if f$search(test) .nes. "" then delete 'test';* -$ convert/fdl=sys$input: 'testsrc' 'test' -RECORD - FORMAT STREAM_LF -$ -$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* -$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* -$ -$ write sys$output "cat" -$ 'cmd' enc -in 'test' -out 'test'-cipher -$ 'cmd' enc -in 'test'-cipher -out 'test'-clear -$ backup/compare 'test' 'test'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-cipher;*,'test'-clear;* -$ -$ write sys$output "base64" -$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher -$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear -$ backup/compare 'test' 'test'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-cipher;*,'test'-clear;* -$ -$ define/user sys$output 'test'-cipher-commands -$ 'cmd' list -cipher-commands -$ open/read f 'test'-cipher-commands -$ loop_cipher_commands: -$ read/end=loop_cipher_commands_end f i -$ write sys$output i -$ -$ if f$search(test+"-"+i+"-cipher") .nes. "" then - - delete 'test'-'i'-cipher;* -$ if f$search(test+"-"+i+"-clear") .nes. "" then - - delete 'test'-'i'-clear;* -$ -$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher -$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear -$ backup/compare 'test' 'test'-'i'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* -$ -$ write sys$output i," base64" -$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher -$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear -$ backup/compare 'test' 'test'-'i'-clear -$ if $severity .ne. 1 then exit 3 -$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* -$ -$ goto loop_cipher_commands -$ loop_cipher_commands_end: -$ close f -$ delete 'test'-cipher-commands;* -$ delete 'test';* diff --git a/test/testgen b/test/testgen deleted file mode 100644 index 1140f8ac96..0000000000 --- a/test/testgen +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -T=testcert -KEY=512 -CA=../certs/testca.pem - -/bin/rm -f $T.1 $T.2 $T.key - -if test "$OSTYPE" = msdosdjgpp; then - PATH=../apps\;$PATH; -else - PATH=../apps:$PATH; -fi -export PATH - -echo "generating certificate request" - -echo "string to make the random number generator think it has entropy" >> ./.rnd - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then - req_new='-newkey dsa:../apps/dsa512.pem' -else - req_new='-new' - echo "There should be a 2 sequences of .'s and some +'s." - echo "There should not be more that at most 80 per line" -fi - -rm -f testkey.pem testreq.pem - -echo Generating request -../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem || exit 1 - -echo Verifying signature on request -../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout || exit 1 - -exit 0 diff --git a/test/testgen.com b/test/testgen.com deleted file mode 100644 index e076da2f30..0000000000 --- a/test/testgen.com +++ /dev/null @@ -1,58 +0,0 @@ -$! TESTGEN.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$ if (p1 .eqs. 64) then __arch = __arch+ "_64" -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ T = "testcert" -$ KEY = 512 -$ CA = "[-.certs]testca.pem" -$ -$ set noon -$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;* -$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;* -$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;* -$ set on -$ -$ write sys$output "generating certificate request" -$ -$ append/new nl: .rnd -$ open/append random_file .rnd -$ write random_file - - "string to make the random number generator think it has entropy" -$ close random_file -$ -$ set noon -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ req_new="-newkey dsa:[-.apps]dsa512.pem" -$ else -$ req_new="-new" -$ write sys$output - - "There should be a 2 sequences of .'s and some +'s." -$ write sys$output - - "There should not be more that at most 80 per line" -$ endif -$ -$ write sys$output "This could take some time." -$ -$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem -$ if $severity .ne. 1 -$ then -$ write sys$output "problems creating request" -$ exit 3 -$ endif -$ -$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout -$ if $severity .ne. 1 -$ then -$ write sys$output "signature on req is wrong" -$ exit 3 -$ endif diff --git a/test/testss b/test/testss deleted file mode 100644 index 45aedc859d..0000000000 --- a/test/testss +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/sh - -digest='-sha1' -reqcmd="../util/shlib_wrap.sh ../apps/openssl req" -x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" -verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" -dummycnf="../apps/openssl.cnf" - -CAkey="keyCA.ss" -CAcert="certCA.ss" -CAserial="certCA.srl" -CAreq="reqCA.ss" -CAconf="CAss.cnf" -CAreq2="req2CA.ss" # temp - -Uconf="Uss.cnf" -Ukey="keyU.ss" -Ureq="reqU.ss" -Ucert="certU.ss" - -Dkey="keyD.ss" -Dreq="reqD.ss" -Dcert="certD.ss" - -Ekey="keyE.ss" -Ereq="reqE.ss" -Ecert="certE.ss" - -P1conf="P1ss.cnf" -P1key="keyP1.ss" -P1req="reqP1.ss" -P1cert="certP1.ss" -P1intermediate="tmp_intP1.ss" - -P2conf="P2ss.cnf" -P2key="keyP2.ss" -P2req="reqP2.ss" -P2cert="certP2.ss" -P2intermediate="tmp_intP2.ss" - - -echo string to make the random number generator think it has entropy >> ./.rnd - -req_dsa='-newkey dsa:../apps/dsa1024.pem' - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then - req_new=$req_dsa -else - req_new='-new' -fi - -echo make cert request -$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1 - -echo convert request into self-signed cert -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1 - -echo convert cert into a cert request -$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1 - -echo verify request 1 -$reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1 - -echo verify request 1 -$reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1 - -echo verify signature -$verifycmd -CAfile $CAcert $CAcert || exit 1 - -echo make a user cert request -$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1 - -echo sign user cert request -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1 -$verifycmd -CAfile $CAcert $Ucert || exit 1 - -echo Certificate details -$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1 - -if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then - echo skipping DSA certificate creation -else - echo make a DSA user cert request - CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1 - - echo sign DSA user cert request - $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1 - $verifycmd -CAfile $CAcert $Dcert || exit 1 - - echo DSA Certificate details - $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1 - -fi - -if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then - echo skipping ECDSA/ECDH certificate creation -else - echo make an ECDSA/ECDH user cert request - ../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1 - CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1 - - echo sign ECDSA/ECDH user cert request - $x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1 - $verifycmd -CAfile $CAcert $Ecert || exit 1 - - echo ECDSA Certificate details - $x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1 - -fi - -echo make a proxy cert request -$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1 - -echo sign proxy with user cert -$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1 - -cat $Ucert > $P1intermediate -$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert -echo Certificate details -$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert - -echo make another proxy cert request -$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1 - -echo sign second proxy cert request with the first proxy cert -$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1 - -echo Certificate details -cat $Ucert $P1cert > $P2intermediate -$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert -$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert - -echo The generated CA certificate is $CAcert -echo The generated CA private key is $CAkey -echo The generated user certificate is $Ucert -echo The generated user private key is $Ukey -echo The first generated proxy certificate is $P1cert -echo The first generated proxy private key is $P1key -echo The second generated proxy certificate is $P2cert -echo The second generated proxy private key is $P2key - -/bin/rm err.ss -exit 0 diff --git a/test/testss.com b/test/testss.com deleted file mode 100644 index 32a74d0fc2..0000000000 --- a/test/testss.com +++ /dev/null @@ -1,123 +0,0 @@ -$! TESTSS.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ digest="-md5" -$ reqcmd = "mcr ''exe_dir'openssl req" -$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" -$ verifycmd = "mcr ''exe_dir'openssl verify" -$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" -$ -$ CAkey="""keyCA.ss""" -$ CAcert="""certCA.ss""" -$ CAreq="""reqCA.ss""" -$ CAconf="""CAss.cnf""" -$ CAreq2="""req2CA.ss""" ! temp -$ -$ Uconf="""Uss.cnf""" -$ Ukey="""keyU.ss""" -$ Ureq="""reqU.ss""" -$ Ucert="""certU.ss""" -$ -$ write sys$output "" -$ write sys$output "make a certificate request using 'req'" -$ -$ set noon -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ req_new="-newkey dsa:[-.apps]dsa512.pem" -$ else -$ req_new="-new" -$ endif -$ -$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'req' to generate a certificate request" -$ exit 3 -$ endif -$ write sys$output "" -$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" -$ define /user sys$output err.ss -$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'x509' to self sign a certificate request" -$ exit 3 -$ endif -$ -$ write sys$output "" -$ write sys$output "convert a certificate into a certificate request using 'x509'" -$ define /user sys$output err.ss -$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'x509' convert a certificate to a certificate request" -$ exit 3 -$ endif -$ -$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout -$ if $severity .ne. 1 -$ then -$ write sys$output "first generated request is invalid" -$ exit 3 -$ endif -$ -$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout -$ if $severity .ne. 1 -$ then -$ write sys$output "second generated request is invalid" -$ exit 3 -$ endif -$ -$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' -$ if $severity .ne. 1 -$ then -$ write sys$output "first generated cert is invalid" -$ exit 3 -$ endif -$ -$ write sys$output "" -$ write sys$output "make another certificate request using 'req'" -$ define /user sys$output err.ss -$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'req' to generate a certificate request" -$ exit 3 -$ endif -$ -$ write sys$output "" -$ write sys$output "sign certificate request with the just created CA via 'x509'" -$ define /user sys$output err.ss -$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' -$ if $severity .ne. 1 -$ then -$ write sys$output "error using 'x509' to sign a certificate request" -$ exit 3 -$ endif -$ -$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' -$ write sys$output "" -$ write sys$output "Certificate details" -$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' -$ -$ write sys$output "" -$ write sys$output "The generated CA certificate is ",CAcert -$ write sys$output "The generated CA private key is ",CAkey -$ -$ write sys$output "The generated user certificate is ",Ucert -$ write sys$output "The generated user private key is ",Ukey -$ -$ if f$search("err.ss;*") .nes. "" then delete err.ss;* diff --git a/test/testssl b/test/testssl deleted file mode 100644 index d41a4bdf63..0000000000 --- a/test/testssl +++ /dev/null @@ -1,266 +0,0 @@ -#!/bin/sh - -if [ "$1" = "" ]; then - key=../apps/server.pem -else - key="$1" -fi -if [ "$2" = "" ]; then - cert=../apps/server.pem -else - cert="$2" -fi -ssltest="../util/shlib_wrap.sh ./ssltest -s_key $key -s_cert $cert -c_key $key -c_cert $cert" - -if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then - dsa_cert=YES -else - dsa_cert=NO -fi - -if [ "$3" = "" ]; then - CA="-CApath ../certs" -else - CA="-CAfile $3" -fi - -if [ "$4" = "" ]; then - extra="" -else - extra="$4" -fi - -serverinfo="./serverinfo.pem" - -############################################################################# - -echo test sslv3 -$ssltest -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication -$ssltest -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication -$ssltest -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication -$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 -$ssltest $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication -$ssltest -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication -$ssltest -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv3 via BIO pair -$ssltest -bio_pair -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication via BIO pair -$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 via BIO pair -$ssltest $extra || exit 1 - -echo test dtlsv1 -$ssltest -dtls1 $extra || exit 1 - -echo test dtlsv1 with server authentication -$ssltest -dtls1 -server_auth $CA $extra || exit 1 - -echo test dtlsv1 with client authentication -$ssltest -dtls1 -client_auth $CA $extra || exit 1 - -echo test dtlsv1 with both client and server authentication -$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 - -echo test dtlsv1.2 -$ssltest -dtls12 $extra || exit 1 - -echo test dtlsv1.2 with server authentication -$ssltest -dtls12 -server_auth $CA $extra || exit 1 - -echo test dtlsv1.2 with client authentication -$ssltest -dtls12 -client_auth $CA $extra || exit 1 - -echo test dtlsv1.2 with both client and server authentication -$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' - $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 -fi - -echo test sslv2/sslv3 with 1024bit DHE via BIO pair -$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -bio_pair -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication via BIO pair -$ssltest -bio_pair -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify -$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 - -test_cipher() { - _cipher=$1 - echo "Testing $_cipher" - prot="" - if [ $2 = "SSLv3" ] ; then - prot="-ssl3" - fi - _exarg=$3 - $ssltest $_exarg -cipher $_cipher $prot - if [ $? -ne 0 ] ; then - echo "Failed $_cipher" - exit 1 - fi -} - -echo "Testing ciphersuites" -exkeys="" -ciphers="-EXP:-PSK:-SRP:-kDH:-kECDHe" -if ../util/shlib_wrap.sh ../apps/openssl no-dhparam >/dev/null; then - echo "skipping DHE tests" - ciphers="$ciphers:-kDHE" -fi -if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then - echo "skipping DSA tests" - ciphers="$ciphers:-aDSA" -else - exkeys="$exkeys -s_cert certD.ss -s_key keyD.ss" -fi - -if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then - echo "skipping EC tests" - ciphers="$ciphers:!aECDSA:!kECDH" -else - exkeys="$exkeys -s_cert certE.ss -s_key keyE.ss" -fi - -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "$protocol:$ciphers" | tr ':' ' '`; do - test_cipher $cipher $protocol "$exkeys" - done - echo "testing connection with weak DH, expecting failure" - if [ $protocol = "SSLv3" ] ; then - $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3 - else - $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 - fi - if [ $? -eq 0 ]; then - echo "FAIL: connection with weak DH succeeded" - exit 1 - fi -done - -############################################################################# - -if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then - echo skipping anonymous DH tests -else - echo test tls1 with 1024bit anonymous DH, multiple handshakes - $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 -fi - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - echo skipping RSA tests -else - echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' - ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 - - if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then - echo skipping RSA+DHE tests - else - echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -s_cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 - fi -fi - -echo test tls1 with PSK -$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -echo test tls1 with PSK via BIO pair -$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -############################################################################# -# Next Protocol Negotiation Tests - -$ssltest -bio_pair -tls1 -npn_client || exit 1 -$ssltest -bio_pair -tls1 -npn_server || exit 1 -$ssltest -bio_pair -tls1 -npn_server_reject || exit 1 -$ssltest -bio_pair -tls1 -npn_client -npn_server_reject || exit 1 -$ssltest -bio_pair -tls1 -npn_client -npn_server || exit 1 -$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 || exit 1 -$ssltest -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse || exit 1 - -############################################################################# -# Custom Extension tests - -echo test tls1 with custom extensions -$ssltest -bio_pair -tls1 -custom_ext || exit 1 - -############################################################################# -# Serverinfo tests - -echo test tls1 with serverinfo -$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo || exit 1 -$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct || exit 1 -$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_tack || exit 1 -$ssltest -bio_pair -tls1 -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1 -$ssltest -bio_pair -tls1 -custom_ext -serverinfo_file $serverinfo -serverinfo_sct -serverinfo_tack || exit 1 - - -############################################################################# -# ALPN tests - -$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1 -$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo -alpn_expected foo || exit 1 -$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo -alpn_expected foo || exit 1 -$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo -alpn_expected foo || exit 1 -$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar -alpn_expected foo || exit 1 -$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo -alpn_expected bar || exit 1 -$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo -alpn_expected bar || exit 1 -$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1 - -if ../util/shlib_wrap.sh ../apps/openssl no-srp; then - echo skipping SRP tests -else - echo test tls1 with SRP - $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 - - echo test tls1 with SRP via BIO pair - $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 || exit 1 - - echo test tls1 with SRP auth - $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 - - echo test tls1 with SRP auth via BIO pair - $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 || exit 1 -fi - -############################################################################# -# Multi-buffer tests - -if [ -z "$extra" -a `uname -m` = "x86_64" ]; then - $ssltest -cipher AES128-SHA -bytes 8m || exit 1 - $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1 -fi - -exit 0 diff --git a/test/testssl.com b/test/testssl.com deleted file mode 100644 index 6f9b233e45..0000000000 --- a/test/testssl.com +++ /dev/null @@ -1,170 +0,0 @@ -$! TESTSSL.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p4 .eqs. "64") then __arch = __arch+ "_64" -$! -$ texe_dir = "sys$disk:[-.''__arch'.exe.test]" -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ if p1 .eqs. "" -$ then -$ key="[-.apps]server.pem" -$ else -$ key=p1 -$ endif -$ if p2 .eqs. "" -$ then -$ cert="[-.apps]server.pem" -$ else -$ cert=p2 -$ endif -$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ - - " -cert ''cert' -c_key ''key' -c_cert ''cert'" -$! -$ set noon -$ define/user sys$output testssl-x509-output. -$ define/user sys$error nla0: -$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout -$ define/user sys$error nla0: -$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact -$ if $severity .eq. 1 -$ then -$ dsa_cert = "YES" -$ else -$ dsa_cert = "NO" -$ endif -$ delete testssl-x509-output.;* -$ -$ if p3 .eqs. "" -$ then -$ copy/concatenate [-.certs]*.pem certs.tmp -$ CA = """-CAfile"" certs.tmp" -$ else -$ CA = """-CAfile"" "+p3 -$ endif -$ -$!########################################################################### -$ -$ write sys$output "test sslv3" -$ 'ssltest' -ssl3 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with server authentication" -$ 'ssltest' -ssl3 -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with client authentication" -$ 'ssltest' -ssl3 -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with both client and server authentication" -$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3" -$ 'ssltest' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with server authentication" -$ 'ssltest' -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with client authentication" -$ 'ssltest' -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with both client and server authentication" -$ 'ssltest' -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with server authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv3 with client authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 - -$ write sys$output "test sslv3 with both client and server authentication via BIO pair" -$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 via BIO pair" -$ 'ssltest' -$ if $severity .ne. 1 then goto exit3 -$ -$ if .not. dsa_cert -$ then -$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" -$ 'ssltest' -bio_pair -no_dhe -$ if $severity .ne. 1 then goto exit3 -$ endif -$ -$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" -$ 'ssltest' -bio_pair -dhe1024dsa -v -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with server authentication" -$ 'ssltest' -bio_pair -server_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" -$ 'ssltest' -bio_pair -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" -$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' -$ if $severity .ne. 1 then goto exit3 -$ -$!########################################################################### -$ -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ no_rsa=$SEVERITY -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-dhparam -$ no_dh=$SEVERITY -$ -$ if no_dh -$ then -$ write sys$output "skipping anonymous DH tests" -$ else -$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" -$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ endif -$ -$ if no_rsa -$ then -$ write sys$output "skipping RSA tests" -$ else -$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" -$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ -$ if no_dh -$ then -$ write sys$output "skipping RSA+DHE tests" -$ else -$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" -$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time -$ if $severity .ne. 1 then goto exit3 -$ endif -$ endif -$ -$ RET = 1 -$ goto exit -$ exit3: -$ RET = 3 -$ exit: -$ if p3 .eqs. "" then delete certs.tmp;* -$ set on -$ exit 'RET' diff --git a/test/testsslproxy b/test/testsslproxy deleted file mode 100644 index 58bbda8ab7..0000000000 --- a/test/testsslproxy +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh - -echo 'Testing a lot of proxy conditions.' -echo 'Some of them may turn out being invalid, which is fine.' -for auth in A B C BC; do - for cond in A B C 'A|B&!C'; do - sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" - if [ $? = 3 ]; then exit 1; fi - done -done diff --git a/test/testtsa b/test/testtsa deleted file mode 100644 index fc68ff906c..0000000000 --- a/test/testtsa +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/sh - -# -# A few very basic tests for the 'ts' time stamping authority command. -# - -SH="/bin/sh" -if test "$OSTYPE" = msdosdjgpp; then - PATH="../apps\;$PATH" -else - PATH="../apps:$PATH" -fi -export SH PATH - -OPENSSL_CONF="../CAtsa.cnf" -export OPENSSL_CONF -# Because that's what ../apps/CA.pl really looks at -SSLEAY_CONFIG="-config $OPENSSL_CONF" -export SSLEAY_CONFIG - -OPENSSL="`pwd`/../util/opensslwrap.sh" -export OPENSSL - -RUN () { - ../../util/shlib_wrap.sh ../../apps/openssl ts $* -} - -create_tsa_cert () { - INDEX=$1 - export INDEX - EXT=$2 - TSDNSECT=ts_cert_dn - export TSDNSECT - - ../../util/shlib_wrap.sh ../../apps/openssl req -new \ - -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem || exit 1 - echo using extension $EXT - ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ - -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ - -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ - -extfile $OPENSSL_CONF -extensions $EXT || exit 1 -} - -create_time_stamp_response () { - RUN -reply -section $3 -queryfile $1 -out $2 || exit 1 -} - -verify_time_stamp_response () { - RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem || exit 1 - RUN -verify -data $3 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem || exit 1 -} - -verify_time_stamp_response_fail () { - RUN -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem && exit 1 - echo ok -} - -# main functions - -echo setting up TSA test directory -rm -rf tsa 2>/dev/null -mkdir tsa -cd ./tsa - -echo creating a new CA for the TSA tests -TSDNSECT=ts_ca_dn -export TSDNSECT -../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ - -out tsaca.pem -keyout tsacakey.pem || exit 1 - -echo creating tsa_cert1.pem TSA server cert -create_tsa_cert 1 tsa_cert - -echo creating tsa_cert2.pem non-TSA server cert -create_tsa_cert 2 non_tsa_cert - -echo creating req1.req time stamp request for file testtsa -RUN -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq || exit 1 - -echo printing req1.req -RUN -query -in req1.tsq -text - -echo generating valid response for req1.req -create_time_stamp_response req1.tsq resp1.tsr tsa_config1 - -echo printing response -RUN -reply -in resp1.tsr -text || exit 1 - -echo verifying valid response -verify_time_stamp_response req1.tsq resp1.tsr ../testtsa - -echo verifying valid token -RUN -reply -in resp1.tsr -out resp1.tsr.token -token_out || exit 1 -RUN -verify -queryfile req1.tsq -in resp1.tsr.token -token_in \ - -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1 -RUN -verify -data ../testtsa -in resp1.tsr.token -token_in \ - -CAfile tsaca.pem -untrusted tsa_cert1.pem || exit 1 - -echo creating req2.req time stamp request for file testtsa -RUN -query -data ../testtsa -policy tsa_policy2 -no_nonce \ - -out req2.tsq || exit 1 - -echo printing req2.req -RUN -query -in req2.tsq -text - -echo generating valid response for req2.req -create_time_stamp_response req2.tsq resp2.tsr tsa_config1 - -echo checking -token_in and -token_out options with -reply -RESPONSE2=resp2.tsr.copy.tsr -TOKEN_DER=resp2.tsr.token.der -RUN -reply -in resp2.tsr -out $TOKEN_DER -token_out || exit 1 -RUN -reply -in $TOKEN_DER -token_in -out $RESPONSE2 || exit 1 -cmp $RESPONSE2 resp2.tsr || exit 1 -RUN -reply -in resp2.tsr -text -token_out || exit 1 -RUN -reply -in $TOKEN_DER -token_in -text -token_out || exit 1 -RUN -reply -queryfile req2.tsq -text -token_out || exit 1 - -echo printing response -RUN -reply -in resp2.tsr -text || exit 1 - -echo verifying valid response -verify_time_stamp_response req2.tsq resp2.tsr ../testtsa - -echo verifying response against wrong request, it should fail -verify_time_stamp_response_fail req1.tsq resp2.tsr - -echo verifying response against wrong request, it should fail -verify_time_stamp_response_fail req2.tsq resp1.tsr - -echo creating req3.req time stamp request for file CAtsa.cnf -RUN -query -data ../CAtsa.cnf -no_nonce -out req3.tsq || exit 1 - -echo printing req3.req -RUN -query -in req3.tsq -text - -echo verifying response against wrong request, it should fail -verify_time_stamp_response_fail req3.tsq resp1.tsr - -echo cleaning up -cd .. -rm -rf tsa - -exit 0 diff --git a/test/testtsa.com b/test/testtsa.com deleted file mode 100644 index 8503633e86..0000000000 --- a/test/testtsa.com +++ /dev/null @@ -1,255 +0,0 @@ -$! -$! A few very basic tests for the 'ts' time stamping authority command. -$! -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p4 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" -$ OPENSSL_CONF = "[-]CAtsa.cnf" -$ ! Because that's what ../apps/CA.pl really looks at -$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF -$ -$ error: -$ subroutine -$ write sys$error "TSA test failed!" -$ exit 3 -$ endsubroutine -$ -$ setup_dir: -$ subroutine -$ -$ if f$search("tsa.dir") .nes "" -$ then -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* -$ endif -$ -$ create/dir [.tsa] -$ set default [.tsa] -$ endsubroutine -$ -$ clean_up_dir: -$ subroutine -$ -$ set default [-] -$ @[-.util]deltree [.tsa]*.* -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* -$ delete tsa.dir;* -$ endsubroutine -$ -$ create_ca: -$ subroutine -$ -$ write sys$output "Creating a new CA for the TSA tests..." -$ TSDNSECT = "ts_ca_dn" -$ openssl req -new -x509 -nodes - - -out tsaca.pem -keyout tsacakey.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_tsa_cert: -$ subroutine -$ -$ INDEX=p1 -$ EXT=p2 -$ TSDNSECT = "ts_cert_dn" -$ -$ openssl req -new - - -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem -$ if $severity .ne. 1 then call error -$ -$ write sys$output "Using extension ''EXT'" -$ openssl x509 -req - - -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - - "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - - -extfile 'OPENSSL_CONF' -extensions "''EXT'" -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ print_request: -$ subroutine -$ -$ openssl ts -query -in 'p1' -text -$ endsubroutine -$ -$ create_time_stamp_request1: subroutine -$ -$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - - -cert -out req1.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_request2: subroutine -$ -$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - - -no_nonce -out req2.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_request3: subroutine -$ -$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ print_response: -$ subroutine -$ -$ openssl ts -reply -in 'p1' -text -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ create_time_stamp_response: -$ subroutine -$ -$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ time_stamp_response_token_test: -$ subroutine -$ -$ RESPONSE2 = p2+ "-copy_tsr" -$ TOKEN_DER = p2+ "-token_der" -$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' -$ if $severity .ne. 1 then call error -$ backup/compare 'RESPONSE2' 'p2' -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'p2' -text -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -reply -queryfile 'p1' -text -token_out -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_response: -$ subroutine -$ -$ openssl ts -verify -queryfile 'p1' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ openssl ts -verify -data 'p3' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_token: -$ subroutine -$ -$ ! create the token from the response first -$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out -$ if $severity .ne. 1 then call error -$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - - -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ openssl ts -verify -data "''p3'" -in "''p2'-token" - - -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ if $severity .ne. 1 then call error -$ endsubroutine -$ -$ verify_time_stamp_response_fail: -$ subroutine -$ -$ openssl ts -verify -queryfile 'p1' -in 'p2' - - "-CAfile" tsaca.pem -untrusted tsa_cert1.pem -$ ! Checks if the verification failed, as it should have. -$ if $severity .eq. 1 then call error -$ write sys$output "Ok" -$ endsubroutine -$ -$ ! Main body ---------------------------------------------------------- -$ -$ set noon -$ -$ write sys$output "Setting up TSA test directory..." -$ call setup_dir -$ -$ write sys$output "Creating CA for TSA tests..." -$ call create_ca -$ -$ write sys$output "Creating tsa_cert1.pem TSA server cert..." -$ call create_tsa_cert 1 "tsa_cert" -$ -$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." -$ call create_tsa_cert 2 "non_tsa_cert" -$ -$ write sys$output "Creating req1.req time stamp request for file testtsa..." -$ call create_time_stamp_request1 -$ -$ write sys$output "Printing req1.req..." -$ call print_request "req1.tsq" -$ -$ write sys$output "Generating valid response for req1.req..." -$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" -$ -$ write sys$output "Printing response..." -$ call print_response "resp1.tsr" -$ -$ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" -$ -$ write sys$output "Verifying valid token..." -$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" -$ -$ ! The tests below are commented out, because invalid signer certificates -$ ! can no longer be specified in the config file. -$ -$ ! write sys$output "Generating _invalid_ response for req1.req..." -$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" -$ -$ ! write sys$output "Printing response..." -$ ! call print_response "resp1_bad.tsr" -$ -$ ! write sys$output "Verifying invalid response, it should fail..." -$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" -$ -$ write sys$output "Creating req2.req time stamp request for file testtsa..." -$ call create_time_stamp_request2 -$ -$ write sys$output "Printing req2.req..." -$ call print_request "req2.tsq" -$ -$ write sys$output "Generating valid response for req2.req..." -$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" -$ -$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." -$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" -$ -$ write sys$output "Printing response..." -$ call print_response "resp2.tsr" -$ -$ write sys$output "Verifying valid response..." -$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" -$ -$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." -$ call create_time_stamp_request3 -$ -$ write sys$output "Printing req3.req..." -$ call print_request "req3.tsq" -$ -$ write sys$output "Verifying response against wrong request, it should fail..." -$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" -$ -$ write sys$output "Cleaning up..." -$ call clean_up_dir -$ -$ set on -$ -$ exit diff --git a/test/tkey b/test/tkey deleted file mode 100644 index 47ac1be8fc..0000000000 --- a/test/tkey +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh - -t=$1 -ktype=$2 -ptype=$3 - -if ../util/shlib_wrap.sh ../apps/openssl no-$ktype; then - echo skipping $ktype $ptype conversion test - exit 0 -fi - -if [ $ptype = "public" ]; then - cmd="../util/shlib_wrap.sh ../apps/openssl $ktype -pubin -pubout" -else - cmd="../util/shlib_wrap.sh ../apps/openssl $ktype" -fi - -echo testing $ktype $ptype conversions -cp $t $ktype-fff.p - -echo "p -> d" -$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1 -echo "p -> p" -$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1 - -echo "d -> d" -$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1 -echo "p -> d" -$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1 -echo "p -> p" -$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1 - -cmp $ktype-fff.p $ktype-f.p || exit 1 -cmp $ktype-fff.p $ktype-ff.p1 || exit 1 -cmp $ktype-fff.p $ktype-ff.p3 || exit 1 -cmp $ktype-f.p $ktype-ff.p1 || exit 1 -cmp $ktype-f.p $ktype-ff.p3 || exit 1 - -/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.* - -[ $ptype = "public" ] && exit 0 - - -echo testing $ktype PKCS#8 conversions -cmd="../util/shlib_wrap.sh ../apps/openssl pkey" - -$cmd -in $t -out $ktype-fff.p - -echo "p -> d" -$cmd -in $ktype-fff.p -inform p -outform d >$ktype-f.d || exit 1 -echo "p -> p" -$cmd -in $ktype-fff.p -inform p -outform p >$ktype-f.p || exit 1 - -echo "d -> d" -$cmd -in $ktype-f.d -inform d -outform d >$ktype-ff.d1 || exit 1 -echo "p -> d" -$cmd -in $ktype-f.p -inform p -outform d >$ktype-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in $ktype-f.d -inform d -outform p >$ktype-ff.p1 || exit 1 -echo "p -> p" -$cmd -in $ktype-f.p -inform p -outform p >$ktype-ff.p3 || exit 1 - -cmp $ktype-fff.p $ktype-f.p || exit 1 -cmp $ktype-fff.p $ktype-ff.p1 || exit 1 -cmp $ktype-fff.p $ktype-ff.p3 || exit 1 -cmp $ktype-f.p $ktype-ff.p1 || exit 1 -cmp $ktype-f.p $ktype-ff.p3 || exit 1 - -/bin/rm -f $ktype-f.* $ktype-ff.* $ktype-fff.* diff --git a/test/tocsp b/test/tocsp deleted file mode 100644 index 5fc291ca6e..0000000000 --- a/test/tocsp +++ /dev/null @@ -1,147 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl' -ocspdir="ocsp-tests" -# 17 December 2012 so we don't get certificate expiry errors. -check_time="-attime 1355875200" - -test_ocsp () { - - $cmd base64 -d -in $ocspdir/$1 | \ - $cmd ocsp -respin - -partial_chain $check_time \ - -CAfile $ocspdir/$2 -verify_other $ocspdir/$2 -CApath /dev/null - [ $? != $3 ] && exit 1 -} - - -echo "=== VALID OCSP RESPONSES ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp ND1.ors ND1_Issuer_ICA.pem 0 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp ND2.ors ND2_Issuer_Root.pem 0 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp ND3.ors ND3_Issuer_Root.pem 0 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp D1.ors D1_Issuer_ICA.pem 0 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp D2.ors D2_Issuer_Root.pem 0 -echo "DELEGATED; Root CA -> EE" -test_ocsp D3.ors D3_Issuer_Root.pem 0 - -echo "=== INVALID SIGNATURE on the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp ISOP_ND1.ors ND1_Issuer_ICA.pem 1 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp ISOP_ND2.ors ND2_Issuer_Root.pem 1 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp ISOP_ND3.ors ND3_Issuer_Root.pem 1 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp ISOP_D1.ors D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp ISOP_D2.ors D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp ISOP_D3.ors D3_Issuer_Root.pem 1 - -echo "=== WRONG RESPONDERID in the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp WRID_ND1.ors ND1_Issuer_ICA.pem 1 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp WRID_ND2.ors ND2_Issuer_Root.pem 1 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp WRID_ND3.ors ND3_Issuer_Root.pem 1 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp WRID_D1.ors D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp WRID_D2.ors D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp WRID_D3.ors D3_Issuer_Root.pem 1 - -echo "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp WINH_ND1.ors ND1_Issuer_ICA.pem 1 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp WINH_ND2.ors ND2_Issuer_Root.pem 1 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp WINH_ND3.ors ND3_Issuer_Root.pem 1 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp WINH_D1.ors D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp WINH_D2.ors D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp WINH_D3.ors D3_Issuer_Root.pem 1 - -echo "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp WIKH_ND1.ors ND1_Issuer_ICA.pem 1 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp WIKH_ND2.ors ND2_Issuer_Root.pem 1 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp WIKH_ND3.ors ND3_Issuer_Root.pem 1 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp WIKH_D1.ors D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp WIKH_D2.ors D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp WIKH_D3.ors D3_Issuer_Root.pem 1 - -echo "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp WKDOSC_D1.ors D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp WKDOSC_D2.ors D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp WKDOSC_D3.ors D3_Issuer_Root.pem 1 - -echo "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp ISDOSC_D1.ors D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp ISDOSC_D2.ors D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp ISDOSC_D3.ors D3_Issuer_Root.pem 1 - -echo "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp ND1.ors WSNIC_ND1_Issuer_ICA.pem 1 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp ND2.ors WSNIC_ND2_Issuer_Root.pem 1 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp ND3.ors WSNIC_ND3_Issuer_Root.pem 1 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp D1.ors WSNIC_D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp D2.ors WSNIC_D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp D3.ors WSNIC_D3_Issuer_Root.pem 1 - -echo "=== WRONG KEY in the ISSUER CERTIFICATE ===" -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp ND1.ors WKIC_ND1_Issuer_ICA.pem 1 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp ND2.ors WKIC_ND2_Issuer_Root.pem 1 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp ND3.ors WKIC_ND3_Issuer_Root.pem 1 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp D1.ors WKIC_D1_Issuer_ICA.pem 1 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp D2.ors WKIC_D2_Issuer_Root.pem 1 -echo "DELEGATED; Root CA -> EE" -test_ocsp D3.ors WKIC_D3_Issuer_Root.pem 1 - -echo "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" -# Expect success, because we're explicitly trusting the issuer certificate. -echo "NON-DELEGATED; Intermediate CA -> EE" -test_ocsp ND1.ors ISIC_ND1_Issuer_ICA.pem 0 -echo "NON-DELEGATED; Root CA -> Intermediate CA" -test_ocsp ND2.ors ISIC_ND2_Issuer_Root.pem 0 -echo "NON-DELEGATED; Root CA -> EE" -test_ocsp ND3.ors ISIC_ND3_Issuer_Root.pem 0 -echo "DELEGATED; Intermediate CA -> EE" -test_ocsp D1.ors ISIC_D1_Issuer_ICA.pem 0 -echo "DELEGATED; Root CA -> Intermediate CA" -test_ocsp D2.ors ISIC_D2_Issuer_Root.pem 0 -echo "DELEGATED; Root CA -> EE" -test_ocsp D3.ors ISIC_D3_Issuer_Root.pem 0 - -echo "ALL OCSP TESTS SUCCESSFUL" -exit 0 diff --git a/test/tocsp.com b/test/tocsp.com deleted file mode 100644 index 97253fe464..0000000000 --- a/test/tocsp.com +++ /dev/null @@ -1,165 +0,0 @@ -$! TOCSP.COM -- Test ocsp -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'" -$ ocspdir = "ocsp-tests" -$ -$! 17 December 2012 so we don't get certificate expiry errors. -$ check_time="-attime 1355875200" -$ -$ test_ocsp: -$ subroutine -$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin -$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' - - "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0: -$ if $severity .ne. p3+1 -$ then -$ write sys$error "OCSP test failed!" -$ exit 3 -$ endif -$ endsubroutine -$ -$ set noon -$ -$ write sys$output "=== VALID OCSP RESPONSES ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0 -$ -$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ===" -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1 -$ -$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" -$! Expect success, because we're explicitly trusting the issuer certificate. -$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0 -$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0 -$ write sys$output "NON-DELEGATED; Root CA -> EE" -$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0 -$ write sys$output "DELEGATED; Intermediate CA -> EE" -$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0 -$ write sys$output "DELEGATED; Root CA -> Intermediate CA" -$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0 -$ write sys$output "DELEGATED; Root CA -> EE" -$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0 -$ -$ write sys$output "ALL OCSP TESTS SUCCESSFUL" -$ -$ set on -$ -$ exit diff --git a/test/tpkcs7 b/test/tpkcs7 deleted file mode 100644 index 91e304bb67..0000000000 --- a/test/tpkcs7 +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testp7.pem -fi - -echo testing pkcs7 conversions -cp $t p7-fff.p - -echo "p -> d" -$cmd -in p7-fff.p -inform p -outform d >p7-f.d || exit 1 -echo "p -> p" -$cmd -in p7-fff.p -inform p -outform p >p7-f.p || exit 1 - -echo "d -> d" -$cmd -in p7-f.d -inform d -outform d >p7-ff.d1 || exit 1 -echo "p -> d" -$cmd -in p7-f.p -inform p -outform d >p7-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in p7-f.d -inform d -outform p >p7-ff.p1 || exit 1 -echo "p -> p" -$cmd -in p7-f.p -inform p -outform p >p7-ff.p3 || exit 1 - -cmp p7-fff.p p7-f.p || exit 1 -cmp p7-fff.p p7-ff.p1 || exit 1 -cmp p7-fff.p p7-ff.p3 || exit 1 -cmp p7-f.p p7-ff.p1 || exit 1 -cmp p7-f.p p7-ff.p3 || exit 1 - -/bin/rm -f p7-f.* p7-ff.* p7-fff.* -exit 0 diff --git a/test/tpkcs7.com b/test/tpkcs7.com deleted file mode 100644 index 3fc4982bb0..0000000000 --- a/test/tpkcs7.com +++ /dev/null @@ -1,59 +0,0 @@ -$! TPKCS7.COM -- Tests pkcs7 keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl pkcs7" -$ -$ t = "testp7.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing PKCS7 conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/tpkcs7d b/test/tpkcs7d deleted file mode 100644 index c5077da80f..0000000000 --- a/test/tpkcs7d +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=pkcs7-1.pem -fi - -echo "testing pkcs7 conversions (2)" -cp $t p7d-fff.p - -echo "p -> d" -$cmd -in p7d-fff.p -inform p -outform d >p7d-f.d || exit 1 -echo "p -> p" -$cmd -in p7d-fff.p -inform p -outform p >p7d-f.p || exit 1 - -echo "d -> d" -$cmd -in p7d-f.d -inform d -outform d >p7d-ff.d1 || exit 1 -echo "p -> d" -$cmd -in p7d-f.p -inform p -outform d >p7d-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in p7d-f.d -inform d -outform p >p7d-ff.p1 || exit 1 -echo "p -> p" -$cmd -in p7d-f.p -inform p -outform p >p7d-ff.p3 || exit 1 - -cmp p7d-f.p p7d-ff.p1 || exit 1 -cmp p7d-f.p p7d-ff.p3 || exit 1 - -/bin/rm -f p7d-f.* p7d-ff.* p7d-fff.* -exit 0 diff --git a/test/tpkcs7d.com b/test/tpkcs7d.com deleted file mode 100644 index eea8c888ee..0000000000 --- a/test/tpkcs7d.com +++ /dev/null @@ -1,52 +0,0 @@ -$! TPKCS7.COM -- Tests pkcs7 keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl pkcs7" -$ -$ t = "pkcs7-1.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing PKCS7 conversions (2)" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/treq b/test/treq deleted file mode 100644 index 2062d76fb9..0000000000 --- a/test/treq +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testreq.pem -fi - -if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then - echo "skipping req conversion test for $t" - exit 0 -fi - -echo testing req conversions -cp $t req-fff.p - -echo "p -> d" -$cmd -in req-fff.p -inform p -outform d >req-f.d || exit 1 -echo "p -> p" -$cmd -in req-fff.p -inform p -outform p >req-f.p || exit 1 - -echo "d -> d" -$cmd -verify -in req-f.d -inform d -outform d >req-ff.d1 || exit 1 -echo "p -> d" -$cmd -verify -in req-f.p -inform p -outform d >req-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in req-f.d -inform d -outform p >req-ff.p1 || exit 1 -echo "p -> p" -$cmd -in req-f.p -inform p -outform p >req-ff.p3 || exit 1 - -cmp req-fff.p req-f.p || exit 1 -cmp req-fff.p req-ff.p1 || exit 1 -cmp req-fff.p req-ff.p3 || exit 1 -cmp req-f.p req-ff.p1 || exit 1 -cmp req-f.p req-ff.p3 || exit 1 - -/bin/rm -f req-f.* req-ff.* req-fff.* -exit 0 diff --git a/test/treq.com b/test/treq.com deleted file mode 100644 index acf08b79ef..0000000000 --- a/test/treq.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TREQ.COM -- Tests req keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf" -$ -$ t = "testreq.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing req conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/trsa.com b/test/trsa.com deleted file mode 100644 index 54180843ee..0000000000 --- a/test/trsa.com +++ /dev/null @@ -1,99 +0,0 @@ -$! TRSA.COM -- Tests rsa keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ set noon -$ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-rsa -$ save_severity=$SEVERITY -$ set on -$ if save_severity -$ then -$ write sys$output "skipping RSA conversion test" -$ exit -$ endif -$ -$ cmd = "mcr ''exe_dir'openssl rsa" -$ -$ t = "testrsa.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing RSA conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/tsid b/test/tsid deleted file mode 100644 index 546efb732a..0000000000 --- a/test/tsid +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testsid.pem -fi - -echo testing session-id conversions -cp $t sid-fff.p - -echo "p -> d" -$cmd -in sid-fff.p -inform p -outform d >sid-f.d || exit 1 -echo "p -> p" -$cmd -in sid-fff.p -inform p -outform p >sid-f.p || exit 1 - -echo "d -> d" -$cmd -in sid-f.d -inform d -outform d >sid-ff.d1 || exit 1 -echo "p -> d" -$cmd -in sid-f.p -inform p -outform d >sid-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in sid-f.d -inform d -outform p >sid-ff.p1 || exit 1 -echo "p -> p" -$cmd -in sid-f.p -inform p -outform p >sid-ff.p3 || exit 1 - -cmp sid-fff.p sid-f.p || exit 1 -cmp sid-fff.p sid-ff.p1 || exit 1 -cmp sid-fff.p sid-ff.p3 || exit 1 -cmp sid-f.p sid-ff.p1 || exit 1 -cmp sid-f.p sid-ff.p3 || exit 1 - -/bin/rm -f sid-f.* sid-ff.* sid-fff.* -exit 0 diff --git a/test/tsid.com b/test/tsid.com deleted file mode 100644 index b6c4e49473..0000000000 --- a/test/tsid.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TSID.COM -- Tests sid keys -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl sess_id" -$ -$ t = "testsid.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing session-id conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in fff.p -inform p -outform t -out f.t -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> d" -$! 'cmd' -in f.t -inform t -outform d -out ff.d2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$! write sys$output "d -> t" -$! 'cmd' -in f.d -inform d -outform t -out ff.t1 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "t -> t" -$! 'cmd' -in f.t -inform t -outform t -out ff.t2 -$! if $severity .ne. 1 then exit 3 -$! write sys$output "p -> t" -$! 'cmd' -in f.p -inform p -outform t -out ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$! write sys$output "t -> p" -$! 'cmd' -in f.t -inform t -outform p -out ff.p2 -$! if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare fff.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$! backup/compare f.t ff.t1 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t2 -$! if $severity .ne. 1 then exit 3 -$! backup/compare f.t ff.t3 -$! if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$! backup/compare f.p ff.p2 -$! if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/tverify.com b/test/tverify.com deleted file mode 100644 index d888344637..0000000000 --- a/test/tverify.com +++ /dev/null @@ -1,65 +0,0 @@ -$! TVERIFY.COM -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p1 .eqs. "64") then __arch = __arch+ "_64" -$! -$ line_max = 255 ! Could be longer on modern non-VAX. -$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" -$ cmd_len = f$length( cmd) -$ pems = "[-.certs...]*.pem" -$! -$! Concatenate all the certificate files. -$! -$ copy /concatenate 'pems' 'temp_file_name' -$! -$! Loop through all the certificate files. -$! -$ args = "" -$ old_f = "" -$ loop_file: -$ f = f$search( pems) -$ if ((f .nes. "") .and. (f .nes. old_f)) -$ then -$ old_f = f -$! -$! If this file name would over-extend the command line, then -$! run the command now. -$! -$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max) -$ then -$ if (args .eqs. "") then goto disaster -$ 'cmd''args' -$ args = "" -$ endif -$! Add the next file to the argument list. -$ args = args+ " "+ f -$ else -$! No more files in the list -$ goto loop_file_end -$ endif -$ goto loop_file -$ loop_file_end: -$! -$! Run the command for any left-over arguments. -$! -$ if (args .nes. "") -$ then -$ 'cmd''args' -$ endif -$! -$! Delete the temporary file. -$! -$ if (f$search( "''temp_file_name';*") .nes. "") then - - delete 'temp_file_name';* -$! -$ exit -$! -$ disaster: -$ write sys$output " Command line too long. Doomed." -$! diff --git a/test/tx509 b/test/tx509 deleted file mode 100644 index dc9abc680d..0000000000 --- a/test/tx509 +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl x509' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testx509.pem -fi - -echo testing X509 conversions -cp $t x509-fff.p - -echo "p -> d" -$cmd -in x509-fff.p -inform p -outform d >x509-f.d || exit 1 -echo "p -> p" -$cmd -in x509-fff.p -inform p -outform p >x509-f.p || exit 1 - -echo "d -> d" -$cmd -in x509-f.d -inform d -outform d >x509-ff.d1 || exit 1 -echo "p -> d" -$cmd -in x509-f.p -inform p -outform d >x509-ff.d3 || exit 1 - -echo "d -> p" -$cmd -in x509-f.d -inform d -outform p >x509-ff.p1 || exit 1 -echo "p -> p" -$cmd -in x509-f.p -inform p -outform p >x509-ff.p3 || exit 1 - -cmp x509-fff.p x509-f.p || exit 1 -cmp x509-fff.p x509-ff.p1 || exit 1 -cmp x509-fff.p x509-ff.p3 || exit 1 - -cmp x509-f.p x509-ff.p1 || exit 1 -cmp x509-f.p x509-ff.p3 || exit 1 - -/bin/rm -f x509-f.* x509-ff.* x509-fff.* -exit 0 diff --git a/test/tx509.com b/test/tx509.com deleted file mode 100644 index 93ce988b41..0000000000 --- a/test/tx509.com +++ /dev/null @@ -1,88 +0,0 @@ -$! TX509.COM -- Tests x509 certificates -$ -$ __arch = "VAX" -$ if f$getsyi("cpu") .ge. 128 then - - __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") -$ if __arch .eqs. "" then __arch = "UNK" -$! -$ if (p2 .eqs. "64") then __arch = __arch+ "_64" -$! -$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" -$ -$ cmd = "mcr ''exe_dir'openssl x509" -$ -$ t = "testx509.pem" -$ if p1 .nes. "" then t = p1 -$ -$ write sys$output "testing X509 conversions" -$ if f$search("fff.*") .nes "" then delete fff.*;* -$ if f$search("ff.*") .nes "" then delete ff.*;* -$ if f$search("f.*") .nes "" then delete f.*;* -$ convert/fdl=sys$input: 't' fff.p -RECORD - FORMAT STREAM_LF -$ -$ write sys$output "p -> d" -$ 'cmd' -in fff.p -inform p -outform d -out f.d -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> n" -$ 'cmd' -in fff.p -inform p -outform n -out f.n -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in fff.p -inform p -outform p -out f.p -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> d" -$ 'cmd' -in f.d -inform d -outform d -out ff.d1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "n -> d" -$ 'cmd' -in f.n -inform n -outform d -out ff.d2 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> d" -$ 'cmd' -in f.p -inform p -outform d -out ff.d3 -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> n" -$ 'cmd' -in f.d -inform d -outform n -out ff.n1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "n -> n" -$ 'cmd' -in f.n -inform n -outform n -out ff.n2 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> n" -$ 'cmd' -in f.p -inform p -outform n -out ff.n3 -$ if $severity .ne. 1 then exit 3 -$ -$ write sys$output "d -> p" -$ 'cmd' -in f.d -inform d -outform p -out ff.p1 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "n -> p" -$ 'cmd' -in f.n -inform n -outform p -out ff.p2 -$ if $severity .ne. 1 then exit 3 -$ write sys$output "p -> p" -$ 'cmd' -in f.p -inform p -outform p -out ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare fff.p f.p -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p2 -$ if $severity .ne. 1 then exit 3 -$ backup/compare fff.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.n ff.n1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.n ff.n2 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.n ff.n3 -$ if $severity .ne. 1 then exit 3 -$ -$ backup/compare f.p ff.p1 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p2 -$ if $severity .ne. 1 then exit 3 -$ backup/compare f.p ff.p3 -$ if $severity .ne. 1 then exit 3 -$ -$ delete f.*;*,ff.*;*,fff.*;*