From: Ulf Möller Date: Sun, 12 Feb 2006 23:19:25 +0000 (+0000) Subject: time stamp Makefile, test files X-Git-Tag: OpenSSL_0_9_8k^2~1562 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8573552e8c3eed250dfc2031dd794500f343ac94;p=oweals%2Fopenssl.git time stamp Makefile, test files Submitted by: Zoltan Glozik --- diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile new file mode 100644 index 0000000000..5d3162592b --- /dev/null +++ b/crypto/ts/Makefile @@ -0,0 +1,120 @@ +# +# SSLeay/crypto/ts/Makefile +# + +DIR= ts +TOP= ../.. +CC= cc +INCLUDES= -I.. -I../../include +CFLAG = -g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r + +PEX_LIBS= +EX_LIBS= + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL= Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ts_err.c ts_req_utils.c ts_req_print.c ts_resp_utils.c ts_resp_print.c \ + ts_resp_sign.c ts_resp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c \ + ts_asn1.c +LIBOBJ= ts_err.o ts_req_utils.o ts_req_print.o ts_resp_utils.o ts_resp_print.o \ + ts_resp_sign.o ts_resp_verify.o ts_verify_ctx.o ts_lib.o ts_conf.o \ + ts_asn1.o + +SRC= $(LIBSRC) + +EXHEADER= ts.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +test: + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ts_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +ts_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ts_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +ts_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ts_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ts_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ts_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ts_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ts_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ts_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ts_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ts_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ts_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ts.h ts_lib.c +ts_resp_print.o: ../../e_os.h ../../include/openssl/asn1.h +ts_resp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ts_resp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ts_resp_print.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ts_resp_print.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ts_resp_print.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ts_resp_print.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ts_resp_print.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ts_resp_print.o: ../../include/openssl/obj_mac.h +ts_resp_print.o: ../../include/openssl/objects.h +ts_resp_print.o: ../../include/openssl/opensslconf.h +ts_resp_print.o: ../../include/openssl/opensslv.h +ts_resp_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ts_resp_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ts_resp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ts_resp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ts_resp_print.o: ../../include/openssl/x509_vfy.h +ts_resp_print.o: ../../include/openssl/x509v3.h ../cryptlib.h ts.h +ts_resp_print.o: ts_resp_print.c diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf new file mode 100644 index 0000000000..732e9996d6 --- /dev/null +++ b/test/CAtsa.cnf @@ -0,0 +1,172 @@ + +# +# This config is used by the Time Stamp Authority tests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +[ new_oids ] + +# Policies used by the TSA tests. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#---------------------------------------------------------------------- +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA +certs = $dir/certs # Where the issued certs are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = supplied +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#---------------------------------------------------------------------- +[ req ] +default_bits = 1024 +default_md = sha1 +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +# attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +string_mask = nombstr + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = HU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ tsa_cert ] + +# TSA server cert is not a CA cert. +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ non_tsa_cert ] + +# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +# timeStamping is not supported by this certificate +# extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3_ca ] + +# Extensions for a typical CA + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = cRLSign, keyCertSign + +#---------------------------------------------------------------------- +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key1.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = yes # Must the ESS cert id chain be included? + # (optional, default: no) + +[ tsa_config2 ] + +# This configuration uses a certificate which doesn't have timeStamping usage. +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key2.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/test/testtsa b/test/testtsa new file mode 100644 index 0000000000..b135438b7d --- /dev/null +++ b/test/testtsa @@ -0,0 +1,234 @@ +#!/bin/sh + +# +# A few very basic tests for the 'ts' time stamping authority command. +# + +SH="/bin/sh" +PATH=../../apps:$PATH +export SH PATH + +OPENSSL_CONF="../CAtsa.cnf" +export OPENSSL_CONF + +error () { + + echo "ERROR DURING TSA TESTS!!!!!!!!!!!!!!!!" >&2 + exit 1 +} + +setup_dir () { + + rm -rf tsa 2>/dev/null + mkdir tsa + cd ./tsa +} + +clean_up_dir () { + + cd .. + rm -rf tsa +} + +create_ca () { + + echo "Creating a new CA for the TSA tests..." + /bin/rm -fr demoCA + $SH ../../apps/CA.sh -newca <