From 71921b3014df2eeaddfcc6ea8ba8311a55788e2b Mon Sep 17 00:00:00 2001 From: powellda Date: Thu, 3 May 2018 15:36:29 +0100 Subject: [PATCH] Update to version 0.1 to include missing makefiles --- test/CAss.cnf | 76 +++ test/CAssdh.cnf | 24 + test/CAssdsa.cnf | 23 + test/CAssrsa.cnf | 24 + test/CAtsa.cnf | 163 ++++++ test/Makefile | 778 +++++++++++++++++++++++++ test/P1ss.cnf | 37 ++ test/P2ss.cnf | 45 ++ test/Sssdsa.cnf | 27 + test/Sssrsa.cnf | 26 + test/Uss.cnf | 36 ++ test/VMSca-response.1 | 1 + test/VMSca-response.2 | 2 + test/asn1test.c | 22 + test/bctest | 111 ++++ test/bctest.com | 152 +++++ test/bftest.c | 1 + test/bntest.c | 1 + test/bntest.com | 76 +++ test/casttest.c | 1 + test/clean_test.com | 35 ++ test/cms-examples.pl | 409 +++++++++++++ test/cms-test.pl | 459 +++++++++++++++ test/constant_time_test.c | 1 + test/destest.c | 1 + test/dhtest.c | 1 + test/dsatest.c | 1 + test/dummytest.c | 48 ++ test/ecdhtest.c | 1 + test/ecdsatest.c | 1 + test/ectest.c | 1 + test/enginetest.c | 1 + test/evp_test.c | 1 + test/evptests.txt | 334 +++++++++++ test/exptest.c | 1 + test/heartbeat_test.c | 1 + test/hmactest.c | 1 + test/ideatest.c | 1 + test/igetest.c | 503 ++++++++++++++++ test/jpaketest.c | 1 + test/maketests.com | 1090 +++++++++++++++++++++++++++++++++++ test/md2test.c | 1 + test/md4test.c | 1 + test/md5test.c | 1 + test/mdc2test.c | 1 + test/methtest.c | 105 ++++ test/pkcs7-1.pem | 15 + test/pkcs7.pem | 54 ++ test/pkits-test.pl | 949 ++++++++++++++++++++++++++++++ test/r160test.c | 57 ++ test/randtest.c | 1 + test/rc2test.c | 1 + test/rc4test.c | 1 + test/rc5test.c | 1 + test/rmdtest.c | 1 + test/rsa_test.c | 1 + test/sha1test.c | 1 + test/sha256t.c | 1 + test/sha512t.c | 1 + test/shatest.c | 1 + test/smcont.txt | 1 + test/smime-certs/smdsa1.pem | 34 ++ test/smime-certs/smdsa2.pem | 34 ++ test/smime-certs/smdsa3.pem | 34 ++ test/smime-certs/smdsap.pem | 9 + test/smime-certs/smroot.pem | 30 + test/smime-certs/smrsa1.pem | 31 + test/smime-certs/smrsa2.pem | 31 + test/smime-certs/smrsa3.pem | 31 + test/srptest.c | 1 + test/ssltest.c | 1 + test/tcrl | 78 +++ test/tcrl.com | 88 +++ test/test.cnf | 88 +++ test/test_padlock | 64 ++ test/testca | 51 ++ test/testca.com | 52 ++ test/testcrl.pem | 16 + test/testenc | 54 ++ test/testenc.com | 66 +++ test/testfipsssl | 113 ++++ test/testgen | 44 ++ test/testgen.com | 58 ++ test/testp7.pem | 46 ++ test/testreq2.pem | 7 + test/testrsa.pem | 9 + test/tests.com | 387 +++++++++++++ test/testsid.pem | 12 + test/testss | 163 ++++++ test/testss.com | 123 ++++ test/testssl | 184 ++++++ test/testssl.com | 208 +++++++ test/testsslproxy | 10 + test/testtsa | 238 ++++++++ test/testtsa.com | 255 ++++++++ test/testutil.h | 116 ++++ test/testx509.pem | 10 + test/times | 113 ++++ test/tpkcs7 | 48 ++ test/tpkcs7.com | 59 ++ test/tpkcs7d | 41 ++ test/tpkcs7d.com | 52 ++ test/treq | 83 +++ test/treq.com | 88 +++ test/trsa | 83 +++ test/trsa.com | 99 ++++ test/tsid | 78 +++ test/tsid.com | 88 +++ test/tverify.com | 65 +++ test/tx509 | 78 +++ test/tx509.com | 88 +++ test/v3-cert1.pem | 16 + test/v3-cert2.pem | 16 + test/wp_test.c | 1 + 114 files changed, 9585 insertions(+) create mode 100644 test/CAss.cnf create mode 100644 test/CAssdh.cnf create mode 100644 test/CAssdsa.cnf create mode 100644 test/CAssrsa.cnf create mode 100644 test/CAtsa.cnf create mode 100644 test/Makefile create mode 100644 test/P1ss.cnf create mode 100644 test/P2ss.cnf create mode 100644 test/Sssdsa.cnf create mode 100644 test/Sssrsa.cnf create mode 100644 test/Uss.cnf create mode 100644 test/VMSca-response.1 create mode 100644 test/VMSca-response.2 create mode 100755 test/asn1test.c create mode 100755 test/bctest create mode 100644 test/bctest.com create mode 120000 test/bftest.c create mode 120000 test/bntest.c create mode 100644 test/bntest.com create mode 120000 test/casttest.c create mode 100755 test/clean_test.com create mode 100644 test/cms-examples.pl create mode 100644 test/cms-test.pl create mode 120000 test/constant_time_test.c create mode 120000 test/destest.c create mode 120000 test/dhtest.c create mode 120000 test/dsatest.c create mode 100644 test/dummytest.c create mode 120000 test/ecdhtest.c create mode 120000 test/ecdsatest.c create mode 120000 test/ectest.c create mode 120000 test/enginetest.c create mode 120000 test/evp_test.c create mode 100644 test/evptests.txt create mode 120000 test/exptest.c create mode 120000 test/heartbeat_test.c create mode 120000 test/hmactest.c create mode 120000 test/ideatest.c create mode 100644 test/igetest.c create mode 120000 test/jpaketest.c create mode 100644 test/maketests.com create mode 120000 test/md2test.c create mode 120000 test/md4test.c create mode 120000 test/md5test.c create mode 120000 test/mdc2test.c create mode 100644 test/methtest.c create mode 100644 test/pkcs7-1.pem create mode 100644 test/pkcs7.pem create mode 100644 test/pkits-test.pl create mode 100644 test/r160test.c create mode 120000 test/randtest.c create mode 120000 test/rc2test.c create mode 120000 test/rc4test.c create mode 120000 test/rc5test.c create mode 120000 test/rmdtest.c create mode 120000 test/rsa_test.c create mode 120000 test/sha1test.c create mode 120000 test/sha256t.c create mode 120000 test/sha512t.c create mode 120000 test/shatest.c create mode 100644 test/smcont.txt create mode 100644 test/smime-certs/smdsa1.pem create mode 100644 test/smime-certs/smdsa2.pem create mode 100644 test/smime-certs/smdsa3.pem create mode 100644 test/smime-certs/smdsap.pem create mode 100644 test/smime-certs/smroot.pem create mode 100644 test/smime-certs/smrsa1.pem create mode 100644 test/smime-certs/smrsa2.pem create mode 100644 test/smime-certs/smrsa3.pem create mode 120000 test/srptest.c create mode 120000 test/ssltest.c create mode 100644 test/tcrl create mode 100644 test/tcrl.com create mode 100644 test/test.cnf create mode 100755 test/test_padlock create mode 100644 test/testca create mode 100644 test/testca.com create mode 100644 test/testcrl.pem create mode 100644 test/testenc create mode 100644 test/testenc.com create mode 100644 test/testfipsssl create mode 100644 test/testgen create mode 100644 test/testgen.com create mode 100644 test/testp7.pem create mode 100644 test/testreq2.pem create mode 100644 test/testrsa.pem create mode 100644 test/tests.com create mode 100644 test/testsid.pem create mode 100644 test/testss create mode 100644 test/testss.com create mode 100644 test/testssl create mode 100644 test/testssl.com create mode 100644 test/testsslproxy create mode 100644 test/testtsa create mode 100644 test/testtsa.com create mode 100644 test/testutil.h create mode 100644 test/testx509.pem create mode 100644 test/times create mode 100644 test/tpkcs7 create mode 100644 test/tpkcs7.com create mode 100644 test/tpkcs7d create mode 100644 test/tpkcs7d.com create mode 100644 test/treq create mode 100644 test/treq.com create mode 100644 test/trsa create mode 100644 test/trsa.com create mode 100644 test/tsid create mode 100644 test/tsid.com create mode 100644 test/tverify.com create mode 100644 test/tx509 create mode 100644 test/tx509.com create mode 100644 test/v3-cert1.pem create mode 100644 test/v3-cert2.pem create mode 120000 test/wp_test.c diff --git a/test/CAss.cnf b/test/CAss.cnf new file mode 100644 index 0000000..109bc8c --- /dev/null +++ b/test/CAss.cnf @@ -0,0 +1,76 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha1 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +commonName = Common Name (eg, YOUR name) +commonName_value = Dodgy CA + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = v3_ca # The extentions to add to the cert + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true,pathlen:1 +keyUsage = cRLSign, keyCertSign +issuerAltName=issuer:copy diff --git a/test/CAssdh.cnf b/test/CAssdh.cnf new file mode 100644 index 0000000..4e0a908 --- /dev/null +++ b/test/CAssdh.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DH certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CU +countryName_value = CU + +organizationName = Organization Name (eg, company) +organizationName_value = La Junta de la Revolucion + +commonName = Common Name (eg, YOUR name) +commonName_value = Junta + diff --git a/test/CAssdsa.cnf b/test/CAssdsa.cnf new file mode 100644 index 0000000..a6b4d18 --- /dev/null +++ b/test/CAssdsa.cnf @@ -0,0 +1,23 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA diff --git a/test/CAssrsa.cnf b/test/CAssrsa.cnf new file mode 100644 index 0000000..eb24a6d --- /dev/null +++ b/test/CAssrsa.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA + diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf new file mode 100644 index 0000000..f5a275b --- /dev/null +++ b/test/CAtsa.cnf @@ -0,0 +1,163 @@ + +# +# This config is used by the Time Stamp Authority tests. +# + +RANDFILE = ./.rnd + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +TSDNSECT = ts_cert_dn +INDEX = 1 + +[ new_oids ] + +# Policies used by the TSA tests. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#---------------------------------------------------------------------- +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA +certs = $dir/certs # Where the issued certs are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = supplied +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#---------------------------------------------------------------------- +[ req ] +default_bits = 1024 +default_md = sha1 +distinguished_name = $ENV::TSDNSECT +encrypt_rsa_key = no +prompt = no +# attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +string_mask = nombstr + +[ ts_ca_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Budapest +organizationName = Gov-CA Ltd. +commonName = ca1 + +[ ts_cert_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Buda +organizationName = Hun-TSA Ltd. +commonName = tsa$ENV::INDEX + +[ tsa_cert ] + +# TSA server cert is not a CA cert. +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ non_tsa_cert ] + +# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +# timeStamping is not supported by this certificate +# extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3_ca ] + +# Extensions for a typical CA + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = cRLSign, keyCertSign + +#---------------------------------------------------------------------- +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate + # (optional) +certs = $dir/tsaca.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key1.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = yes # Must the ESS cert id chain be included? + # (optional, default: no) + +[ tsa_config2 ] + +# This configuration uses a certificate which doesn't have timeStamping usage. +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key2.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/test/Makefile b/test/Makefile new file mode 100644 index 0000000..685a691 --- /dev/null +++ b/test/Makefile @@ -0,0 +1,778 @@ +# +# test/Makefile +# + +DIR= test +TOP= .. +CC= cc +INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) +CFLAG= -g +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +PERL= perl +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= + +PEX_LIBS= +EX_LIBS= #-lnsl -lsocket + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile maketests.com \ + tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \ + tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \ + testca.com VMSca-response.1 VMSca-response.2 + +DLIBCRYPTO= ../libcrypto.a +DLIBSSL= ../libssl.a +LIBCRYPTO= -L.. -lcrypto +LIBSSL= -L.. -lssl + +BNTEST= bntest +ECTEST= ectest +ECDSATEST= ecdsatest +ECDHTEST= ecdhtest +EXPTEST= exptest +IDEATEST= ideatest +SHATEST= shatest +SHA1TEST= sha1test +SHA256TEST= sha256t +SHA512TEST= sha512t +MDC2TEST= mdc2test +RMDTEST= rmdtest +MD2TEST= md2test +MD4TEST= md4test +MD5TEST= md5test +HMACTEST= hmactest +WPTEST= wp_test +RC2TEST= rc2test +RC4TEST= rc4test +RC5TEST= rc5test +BFTEST= bftest +CASTTEST= casttest +DESTEST= destest +RANDTEST= randtest +DHTEST= dhtest +DSATEST= dsatest +METHTEST= methtest +SSLTEST= ssltest +RSATEST= rsa_test +ENGINETEST= enginetest +EVPTEST= evp_test +IGETEST= igetest +JPAKETEST= jpaketest +SRPTEST= srptest +ASN1TEST= asn1test +HEARTBEATTEST= heartbeat_test +CONSTTIMETEST= constant_time_test + +TESTS= alltests + +EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ + $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \ + $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \ + $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ + $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ + $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ + $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ + $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ + $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) + +# $(METHTEST)$(EXE_EXT) + +OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ + $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ + $(HMACTEST).o $(WPTEST).o \ + $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \ + $(MDC2TEST).o $(RMDTEST).o \ + $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ + $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ + $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ + $(HEARTBEATTEST).o $(CONSTTIMETEST).o + +SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ + $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ + $(HMACTEST).c $(WPTEST).c \ + $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ + $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ + $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ + $(HEARTBEATTEST).c $(CONSTTIMETEST).c + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all) + +all: exe + +exe: $(EXE) dummytest$(EXE_EXT) + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + +generate: $(SRC) +$(SRC): + @sh $(TOP)/util/point.sh dummytest.c $@ + +errors: + +install: + +tags: + ctags $(SRC) + +tests: exe apps $(TESTS) + +apps: + @(cd ..; $(MAKE) DIRS=apps all) + +alltests: \ + test_des test_idea test_sha test_md4 test_md5 test_hmac \ + test_md2 test_mdc2 test_wp \ + test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ + test_rand test_bn test_ec test_ecdsa test_ecdh \ + test_enc test_x509 test_rsa test_crl test_sid \ + test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ + test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ + test_jpake test_srp test_cms test_heartbeat test_constant_time + +test_evp: + ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt + +test_des: + ../util/shlib_wrap.sh ./$(DESTEST) + +test_idea: + ../util/shlib_wrap.sh ./$(IDEATEST) + +test_sha: + ../util/shlib_wrap.sh ./$(SHATEST) + ../util/shlib_wrap.sh ./$(SHA1TEST) + ../util/shlib_wrap.sh ./$(SHA256TEST) + ../util/shlib_wrap.sh ./$(SHA512TEST) + +test_mdc2: + ../util/shlib_wrap.sh ./$(MDC2TEST) + +test_md5: + ../util/shlib_wrap.sh ./$(MD5TEST) + +test_md4: + ../util/shlib_wrap.sh ./$(MD4TEST) + +test_hmac: + ../util/shlib_wrap.sh ./$(HMACTEST) + +test_wp: + ../util/shlib_wrap.sh ./$(WPTEST) + +test_md2: + ../util/shlib_wrap.sh ./$(MD2TEST) + +test_rmd: + ../util/shlib_wrap.sh ./$(RMDTEST) + +test_bf: + ../util/shlib_wrap.sh ./$(BFTEST) + +test_cast: + ../util/shlib_wrap.sh ./$(CASTTEST) + +test_rc2: + ../util/shlib_wrap.sh ./$(RC2TEST) + +test_rc4: + ../util/shlib_wrap.sh ./$(RC4TEST) + +test_rc5: + ../util/shlib_wrap.sh ./$(RC5TEST) + +test_rand: + ../util/shlib_wrap.sh ./$(RANDTEST) + +test_enc: + @sh ./testenc + +test_x509: + echo test normal x509v1 certificate + sh ./tx509 2>/dev/null + echo test first x509v3 certificate + sh ./tx509 v3-cert1.pem 2>/dev/null + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +test_rsa: $(RSATEST)$(EXE_EXT) + @sh ./trsa 2>/dev/null + ../util/shlib_wrap.sh ./$(RSATEST) + +test_crl: + @sh ./tcrl 2>/dev/null + +test_sid: + @sh ./tsid 2>/dev/null + +test_req: + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null + +test_pkcs7: + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null + +test_bn: + @echo starting big number library test, could take a while... + @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest + @echo quit >>tmp.bntest + @echo "running bc" + @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0\r?$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' + @echo 'test a^b%c implementations' + ../util/shlib_wrap.sh ./$(EXPTEST) + +test_ec: + @echo 'test elliptic curves' + ../util/shlib_wrap.sh ./$(ECTEST) + +test_ecdsa: + @echo 'test ecdsa' + ../util/shlib_wrap.sh ./$(ECDSATEST) + +test_ecdh: + @echo 'test ecdh' + ../util/shlib_wrap.sh ./$(ECDHTEST) + +test_verify: + @echo "The following command should have some OK's and some failures" + @echo "There are definitly a few expired certificates" + ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem + +test_dh: + @echo "Generate a set of DH parameters" + ../util/shlib_wrap.sh ./$(DHTEST) + +test_dsa: + @echo "Generate a set of DSA parameters" + ../util/shlib_wrap.sh ./$(DSATEST) + ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 + +test_gen: + @echo "Generate and verify a certificate request" + @sh ./testgen + +test_ss keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ + intP1.ss intP2.ss: testss + @echo "Generate and certify a test certificate" + @sh ./testss + @cat certCA.ss certU.ss > intP1.ss + @cat certCA.ss certU.ss certP1.ss > intP2.ss + +test_engine: + @echo "Manipulate the ENGINE structures" + ../util/shlib_wrap.sh ./$(ENGINETEST) + +test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ + intP1.ss intP2.ss + @echo "test SSL protocol" + @if [ -n "$(FIPSCANLIB)" ]; then \ + sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ + fi + ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist + @sh ./testssl keyU.ss certU.ss certCA.ss + @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss + @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss + +test_ca: + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + echo "skipping CA.sh test -- requires RSA"; \ + else \ + echo "Generate and certify a test certificate via the 'ca' program"; \ + sh ./testca; \ + fi + +test_aes: #$(AESTEST) +# @echo "test Rijndael" +# ../util/shlib_wrap.sh ./$(AESTEST) + +test_tsa: + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + echo "skipping testtsa test -- requires RSA"; \ + else \ + sh ./testtsa; \ + fi + +test_ige: $(IGETEST)$(EXE_EXT) + @echo "Test IGE mode" + ../util/shlib_wrap.sh ./$(IGETEST) + +test_jpake: $(JPAKETEST)$(EXE_EXT) + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./$(JPAKETEST) + +test_cms: + @echo "CMS consistency test" + $(PERL) cms-test.pl + +test_srp: $(SRPTEST)$(EXE_EXT) + @echo "Test SRP" + ../util/shlib_wrap.sh ./srptest + +test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT) + ../util/shlib_wrap.sh ./$(HEARTBEATTEST) + +test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) + @echo "Test constant time utilites" + ../util/shlib_wrap.sh ./$(CONSTTIMETEST) + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @if [ -z "$(THIS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ + else \ + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + fi + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + rm -f $(SRC) $(SHA256TEST).c $(SHA512TEST).c evptests.txt newkey.pem testkey.pem \ + testreq.pem + +clean: + rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest + +$(DLIBSSL): + (cd ..; $(MAKE) DIRS=ssl all) + +$(DLIBCRYPTO): + (cd ..; $(MAKE) DIRS=crypto all) + +BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \ + FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; export CC FIPSLD_CC; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +BUILD_CMD_STATIC=shlib_target=; \ + LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) + @target=$(RSATEST); $(BUILD_CMD) + +$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) + @target=$(BNTEST); $(BUILD_CMD) + +$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) + @target=$(ECTEST); $(BUILD_CMD) + +$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) + @target=$(EXPTEST); $(BUILD_CMD) + +$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) + @target=$(IDEATEST); $(BUILD_CMD) + +$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) + @target=$(MD2TEST); $(BUILD_CMD) + +$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) + @target=$(SHATEST); $(BUILD_CMD) + +$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) + @target=$(SHA1TEST); $(BUILD_CMD) + +$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) + @target=$(SHA256TEST); $(BUILD_CMD) + +$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) + @target=$(SHA512TEST); $(BUILD_CMD) + +$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) + @target=$(RMDTEST); $(BUILD_CMD) + +$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) + @target=$(MDC2TEST); $(BUILD_CMD) + +$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) + @target=$(MD4TEST); $(BUILD_CMD) + +$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) + @target=$(MD5TEST); $(BUILD_CMD) + +$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) + @target=$(HMACTEST); $(BUILD_CMD) + +$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) + @target=$(WPTEST); $(BUILD_CMD) + +$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) + @target=$(RC2TEST); $(BUILD_CMD) + +$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) + @target=$(BFTEST); $(BUILD_CMD) + +$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) + @target=$(CASTTEST); $(BUILD_CMD) + +$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) + @target=$(RC4TEST); $(BUILD_CMD) + +$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) + @target=$(RC5TEST); $(BUILD_CMD) + +$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) + @target=$(DESTEST); $(BUILD_CMD) + +$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) + @target=$(RANDTEST); $(BUILD_CMD) + +$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) + @target=$(DHTEST); $(BUILD_CMD) + +$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) + @target=$(DSATEST); $(BUILD_CMD) + +$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) + @target=$(METHTEST); $(BUILD_CMD) + +$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) + @target=$(SSLTEST); $(FIPS_BUILD_CMD) + +$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) + @target=$(ENGINETEST); $(BUILD_CMD) + +$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) + @target=$(EVPTEST); $(BUILD_CMD) + +$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) + @target=$(ECDSATEST); $(BUILD_CMD) + +$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) + @target=$(ECDHTEST); $(BUILD_CMD) + +$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) + @target=$(IGETEST); $(BUILD_CMD) + +$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) + @target=$(JPAKETEST); $(BUILD_CMD) + +$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) + @target=$(ASN1TEST); $(BUILD_CMD) + +$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) + @target=$(SRPTEST); $(BUILD_CMD) + +$(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO) + @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC) + +$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o + @target=$(CONSTTIMETEST) $(BUILD_CMD) + +#$(AESTEST).o: $(AESTEST).c +# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c + +#$(AESTEST)$(EXE_EXT): $(AESTEST).o $(DLIBCRYPTO) +# if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ +# $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ +# else \ +# $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ +# fi + +dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) + @target=dummytest; $(BUILD_CMD) + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +asn1test.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h +asn1test.o: ../include/openssl/bio.h ../include/openssl/buffer.h +asn1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +asn1test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +asn1test.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h +asn1test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +asn1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +asn1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +asn1test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +asn1test.o: ../include/openssl/sha.h ../include/openssl/stack.h +asn1test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +asn1test.o: ../include/openssl/x509_vfy.h asn1test.c +bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h +bftest.o: ../include/openssl/opensslconf.h bftest.c +bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h +bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c +casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h +casttest.o: ../include/openssl/opensslconf.h casttest.c +constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h +constant_time_test.o: ../include/openssl/e_os2.h +constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c +destest.o: ../include/openssl/des.h ../include/openssl/des_old.h +destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +destest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h destest.c +dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h +dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h +dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h +dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c +dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h +dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h +dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +dsatest.o: ../include/openssl/symhacks.h dsatest.c +ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h +ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h +ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c +ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h +ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ecdsatest.o: ecdsatest.c +ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ectest.o: ../include/openssl/err.h ../include/openssl/evp.h +ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c +enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h +enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h +enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +enginetest.o: enginetest.c +evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h +evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h +evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +evp_test.o: ../include/openssl/x509_vfy.h evp_test.c +exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h +exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h +exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +exptest.o: ../include/openssl/symhacks.h exptest.c +heartbeat_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +heartbeat_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h +heartbeat_test.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +heartbeat_test.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +heartbeat_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +heartbeat_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +heartbeat_test.o: ../include/openssl/evp.h ../include/openssl/hmac.h +heartbeat_test.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +heartbeat_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +heartbeat_test.o: ../include/openssl/opensslconf.h +heartbeat_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +heartbeat_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h +heartbeat_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +heartbeat_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +heartbeat_test.o: ../include/openssl/sha.h ../include/openssl/srtp.h +heartbeat_test.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +heartbeat_test.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +heartbeat_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +heartbeat_test.o: ../include/openssl/tls1.h ../include/openssl/x509.h +heartbeat_test.o: ../include/openssl/x509_vfy.h ../ssl/ssl_locl.h +heartbeat_test.o: ../test/testutil.h heartbeat_test.c +hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h +hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +hmactest.o: ../include/openssl/symhacks.h hmactest.c +ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h +ideatest.o: ../include/openssl/opensslconf.h ideatest.c +igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h +igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h +igetest.o: ../include/openssl/rand.h igetest.c +jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +jpaketest.o: ../include/openssl/symhacks.h jpaketest.c +md2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +md2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +md2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md2test.o: ../include/openssl/symhacks.h md2test.c +md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h +md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c +md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h +md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c +mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h +mdc2test.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h +mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c +randtest.o: ../e_os.h ../include/openssl/e_os2.h +randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h +randtest.o: ../include/openssl/rand.h randtest.c +rc2test.o: ../e_os.h ../include/openssl/e_os2.h +rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c +rc4test.o: ../e_os.h ../include/openssl/e_os2.h +rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h +rc4test.o: ../include/openssl/sha.h rc4test.c +rc5test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +rc5test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +rc5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +rc5test.o: ../include/openssl/symhacks.h rc5test.c +rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h +rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h +rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c +rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h +rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h +rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h +rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h +rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +rsa_test.o: ../include/openssl/symhacks.h rsa_test.c +sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h +sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c +shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h +shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c +srptest.o: ../include/openssl/bio.h ../include/openssl/bn.h +srptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +srptest.o: ../include/openssl/err.h ../include/openssl/lhash.h +srptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +srptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +srptest.o: ../include/openssl/safestack.h ../include/openssl/srp.h +srptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h srptest.c +ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h +ssltest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h +ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssltest.o: ../include/openssl/sha.h ../include/openssl/srp.h +ssltest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssltest.o: ../include/openssl/x509v3.h ssltest.c +wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +wp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +wp_test.o: ../include/openssl/whrlpool.h wp_test.c diff --git a/test/P1ss.cnf b/test/P1ss.cnf new file mode 100644 index 0000000..326cce2 --- /dev/null +++ b/test/P1ss.cnf @@ -0,0 +1,37 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = md2 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +[ v3_proxy ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB diff --git a/test/P2ss.cnf b/test/P2ss.cnf new file mode 100644 index 0000000..8b50232 --- /dev/null +++ b/test/P2ss.cnf @@ -0,0 +1,45 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = md2 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +3.commonName = Common Name (eg, YOUR name) +3.commonName_value = Proxy 2 + +[ v3_proxy ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +proxyCertInfo=critical,@proxy_ext + +[ proxy_ext ] +language=id-ppl-anyLanguage +pathlen=0 +policy=text:BC diff --git a/test/Sssdsa.cnf b/test/Sssdsa.cnf new file mode 100644 index 0000000..8e170a2 --- /dev/null +++ b/test/Sssdsa.cnf @@ -0,0 +1,27 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita + diff --git a/test/Sssrsa.cnf b/test/Sssrsa.cnf new file mode 100644 index 0000000..8c79a03 --- /dev/null +++ b/test/Sssrsa.cnf @@ -0,0 +1,26 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita diff --git a/test/Uss.cnf b/test/Uss.cnf new file mode 100644 index 0000000..58ac0ca --- /dev/null +++ b/test/Uss.cnf @@ -0,0 +1,36 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha256 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 + +[ v3_ee ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +issuerAltName=issuer:copy + diff --git a/test/VMSca-response.1 b/test/VMSca-response.1 new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/test/VMSca-response.1 @@ -0,0 +1 @@ + diff --git a/test/VMSca-response.2 b/test/VMSca-response.2 new file mode 100644 index 0000000..9b48ee4 --- /dev/null +++ b/test/VMSca-response.2 @@ -0,0 +1,2 @@ +y +y diff --git a/test/asn1test.c b/test/asn1test.c new file mode 100755 index 0000000..9f53d80 --- /dev/null +++ b/test/asn1test.c @@ -0,0 +1,22 @@ +#include +#include + +typedef struct X + { + STACK_OF(X509_EXTENSION) *ext; + } X; + +/* This isn't meant to run particularly, it's just to test type checking */ +int main(int argc, char **argv) + { + X *x = NULL; + unsigned char **pp = NULL; + + M_ASN1_I2D_vars(x); + M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext, + i2d_X509_EXTENSION); + M_ASN1_I2D_seq_total(); + M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext, + i2d_X509_EXTENSION); + M_ASN1_I2D_finish(); + } diff --git a/test/bctest b/test/bctest new file mode 100755 index 0000000..bdb3218 --- /dev/null +++ b/test/bctest @@ -0,0 +1,111 @@ +#!/bin/sh + +# This script is used by test/Makefile.ssl to check whether a sane 'bc' +# is installed. +# ('make test_bn' should not try to run 'bc' if it does not exist or if +# it is a broken 'bc' version that is known to cause trouble.) +# +# If 'bc' works, we also test if it knows the 'print' command. +# +# In any case, output an appropriate command line for running (or not +# running) bc. + + +IFS=: +try_without_dir=true +# First we try "bc", then "$dir/bc" for each item in $PATH. +for dir in dummy:$PATH; do + if [ "$try_without_dir" = true ]; then + # first iteration + bc=bc + try_without_dir=false + else + # second and later iterations + bc="$dir/bc" + if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix + bc='' + fi + fi + + if [ ! "$bc" = '' ]; then + failure=none + + + # Test for SunOS 5.[78] bc bug + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +EOF + if [ 0 != "`cat tmp.bctest`" ]; then + failure=SunOStest + fi + + + if [ "$failure" = none ]; then + # Test for SCO bc bug. + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +EOF + if [ "0 +0" != "`cat tmp.bctest`" ]; then + failure=SCOtest + fi + fi + + + if [ "$failure" = none ]; then + # bc works; now check if it knows the 'print' command. + if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] + then + echo "$bc" + else + echo "sed 's/print.*//' | $bc" + fi + exit 0 + fi + + echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 + fi +done + +echo "No working bc found. Consider installing GNU bc." >&2 +if [ "$1" = ignore ]; then + echo "cat >/dev/null" + exit 0 +fi +exit 1 diff --git a/test/bctest.com b/test/bctest.com new file mode 100644 index 0000000..d7e5ec1 --- /dev/null +++ b/test/bctest.com @@ -0,0 +1,152 @@ +$! +$! Check operation of "bc". +$! +$! 2010-04-05 SMS. New. Based (loosely) on "bctest". +$! +$! +$ tmp_file_name = "tmp.bctest" +$ failure = "" +$! +$! Basic command test. +$! +$ on warning then goto bc_fail +$ bc +$ on error then exit +$! +$! Test for SunOS 5.[78] bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +$ status = $status +$ output_expected = "0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SunOStest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for SCO bc bug. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +$ status = $status +$ output_expected = "0\0" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "SCOtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$! Test for working 'print' command. +$! +$ if (failure .eqs. "") +$ then +$! +$ define /user_mode sys$output 'tmp_file_name' +$ bc +print "OK" +$ status = $status +$ output_expected = "OK" +$ gosub check_output +$ if (output .ne. 1) +$ then +$ failure = "printtest" +$ else +$ delete 'f$parse( tmp_file_name)' +$ endif +$ endif +$! +$ if (failure .nes. "") +$ then +$ write sys$output - + "No working bc found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$ endif +$! +$ exit +$! +$! +$! Complete "bc" command failure. +$! +$ bc_fail: +$ write sys$output - + "No ""bc"" program/symbol found. Consider installing GNU bc." +$ exit %X00030000 ! %DCL-W-NORMAL +$! +$! +$! Output check subroutine. +$! +$ check_output: +$ eof = 0 +$ line_nr = 0 +$ open /read tmp_file 'tmp_file_name' +$ c_o_loop: +$ read /error = error_read tmp_file line +$ goto ok_read +$ error_read: +$ eof = 1 +$ ok_read: +$ line_expected = f$element( line_nr, "\", output_expected) +$ line_nr = line_nr+ 1 +$ if ((line_expected .nes. "\") .and. (.not. eof) .and. - + (line_expected .eqs. line)) then goto c_o_loop +$! +$ if ((line_expected .eqs. "\") .and. eof) +$ then +$ output = 1 +$ else +$ output = 0 +$ endif +$ close tmp_file +$ return +$! diff --git a/test/bftest.c b/test/bftest.c new file mode 120000 index 0000000..78b1749 --- /dev/null +++ b/test/bftest.c @@ -0,0 +1 @@ +../crypto/bf/bftest.c \ No newline at end of file diff --git a/test/bntest.c b/test/bntest.c new file mode 120000 index 0000000..03f54a2 --- /dev/null +++ b/test/bntest.c @@ -0,0 +1 @@ +../crypto/bn/bntest.c \ No newline at end of file diff --git a/test/bntest.com b/test/bntest.com new file mode 100644 index 0000000..6545d2e --- /dev/null +++ b/test/bntest.com @@ -0,0 +1,76 @@ +$! +$! Analyze bntest output file. +$! +$! Exit status = 1 (success) if all tests passed, +$! 0 (warning) if any test failed. +$! +$! 2011-02-20 SMS. Added code to skip "#" comments in the input file. +$! +$! 2010-04-05 SMS. New. Based (loosely) on perl code in bntest-vms.sh. +$! +$! Expect data like: +$! test test_name1 +$! 0 +$! [...] +$! test test_name2 +$! 0 +$! [...] +$! [...] +$! +$! Some tests have no following "0" lines. +$! +$ result_file_name = f$edit( p1, "TRIM") +$ if (result_file_name .eqs. "") +$ then +$ result_file_name = "bntest-vms.out" +$ endif +$! +$ fail = 0 +$ passed = 0 +$ tests = 0 +$! +$ on control_c then goto tidy +$ on error then goto tidy +$! +$ open /read result_file 'result_file_name' +$! +$ read_loop: +$ read /end = read_loop_end /error = tidy result_file line +$ t1 = f$element( 0, " ", line) +$! +$! Skip "#" comment lines. +$ if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then - + goto read_loop +$! +$ if (t1 .eqs. "test") +$ then +$ passed = passed+ 1 +$ tests = tests+ 1 +$ fail = 1 +$ t2 = f$extract( 5, 1000, line) +$ write sys$output "verify ''t2'" +$ else +$ if (t1 .nes. "0") +$ then +$ write sys$output "Failed! bc: ''line'" +$ passed = passed- fail +$ fail = 0 +$ endif +$ endif +$ goto read_loop +$ read_loop_end: +$ write sys$output "''passed'/''tests' tests passed" +$! +$ tidy: +$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE") +$ then +$ close result_file +$ endif +$! +$ if ((tests .gt. 0) .and. (tests .eq. passed)) +$ then +$ exit 1 +$ else +$ exit 0 +$ endif +$! diff --git a/test/casttest.c b/test/casttest.c new file mode 120000 index 0000000..ac7ede8 --- /dev/null +++ b/test/casttest.c @@ -0,0 +1 @@ +../crypto/cast/casttest.c \ No newline at end of file diff --git a/test/clean_test.com b/test/clean_test.com new file mode 100755 index 0000000..7df633f --- /dev/null +++ b/test/clean_test.com @@ -0,0 +1,35 @@ +$! +$! Delete various test results files. +$! +$ def_orig = f$environment( "default") +$ proc = f$environment( "procedure") +$ proc_dev_dir = f$parse( "A.;", proc) - "A.;" +$! +$ on control_c then goto tidy +$ on error then goto tidy +$! +$ set default 'proc_dev_dir' +$! +$ files := *.cms;*, *.srl;*, *.ss;*, - + cms.err;*, cms.out;*, newreq.pem;*, - + p.txt-zlib-cipher;*, - + smtst.txt;*, testkey.pem;*, testreq.pem;*, - + test_*.err;*, test_*.out;*, - + .rnd;* +$! +$ delim = "," +$ i = 0 +$ loop: +$ file = f$edit( f$element( i, delim, files), "trim") +$ if (file .eqs. delim) then goto loop_end +$ if (f$search( file) .nes. "") then - + delete 'p1' 'file' +$ i = i+ 1 +$ goto loop +$ loop_end: +$! +$ tidy: +$ +$ if (f$type( def_orig) .nes. "") then - + set default 'def_orig' +$! diff --git a/test/cms-examples.pl b/test/cms-examples.pl new file mode 100644 index 0000000..2e95b48 --- /dev/null +++ b/test/cms-examples.pl @@ -0,0 +1,409 @@ +# test/cms-examples.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl script to run tests against S/MIME examples in RFC4134 +# Assumes RFC is in current directory and called "rfc4134.txt" + +use MIME::Base64; + +my $badttest = 0; +my $verbose = 1; + +my $cmscmd; +my $exdir = "./"; +my $exfile = "./rfc4134.txt"; + +if (-f "../apps/openssl") + { + $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; + } +elsif (-f "..\\out32dll\\openssl.exe") + { + $cmscmd = "..\\out32dll\\openssl.exe cms"; + } +elsif (-f "..\\out32\\openssl.exe") + { + $cmscmd = "..\\out32\\openssl.exe cms"; + } + +my @test_list = ( + [ "3.1.bin" => "dataout" ], + [ "3.2.bin" => "encode, dataout" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], + [ "4.2.bin" => "encode, verifyder, cont, rsa" ], + [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], + [ "4.4.bin" => "encode, verifyder, cont, dss" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], + [ "4.6.bin" => "encode, verifyder, cont, dss" ], + [ "4.7.bin" => "encode, verifyder, cont, dss" ], + [ "4.8.eml" => "verifymime, dss" ], + [ "4.9.eml" => "verifymime, dss" ], + [ "4.10.bin" => "encode, verifyder, cont, dss" ], + [ "4.11.bin" => "encode, certsout" ], + [ "5.1.bin" => "encode, envelopeder, cont" ], + [ "5.2.bin" => "encode, envelopeder, cont" ], + [ "5.3.eml" => "envelopemime, cont" ], + [ "6.0.bin" => "encode, digest, cont" ], + [ "7.1.bin" => "encode, encrypted, cont" ], + [ "7.2.bin" => "encode, encrypted, cont" ] +); + +# Extract examples from RFC4134 text. +# Base64 decode all examples, certificates and +# private keys are converted to PEM format. + +my ( $filename, $data ); + +my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); + +$data = ""; + +open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; + +while () { + next unless (/^\|/); + s/^\|//; + next if (/^\*/); + if (/^>(.*)$/) { + $filename = $1; + next; + } + if (/^$filename"; + binmode OUT; + print OUT $data; + close OUT; + push @cleanup, $filename; + } + elsif ( $filename =~ /\.cer$/ ) { + write_pem( $filename, "CERTIFICATE", $data ); + } + elsif ( $filename =~ /\.pri$/ ) { + write_pem( $filename, "PRIVATE KEY", $data ); + } + $data = ""; + $filename = ""; + } + else { + $data .= $_; + } + +} + +my $secretkey = + "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; + +foreach (@test_list) { + my ( $file, $tlist ) = @$_; + print "Example file $file:\n"; + if ( $tlist =~ /encode/ ) { + run_reencode_test( $exdir, $file ); + } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } + if ( $tlist =~ /dataout/ ) { + run_dataout_test( $exdir, $file ); + } + if ( $tlist =~ /verify/ ) { + run_verify_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /digest/ ) { + run_digest_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /encrypted/ ) { + run_encrypted_test( $exdir, $tlist, $file, $secretkey ); + } + if ( $tlist =~ /envelope/ ) { + run_envelope_test( $exdir, $tlist, $file ); + } + +} + +foreach (@cleanup) { + unlink $_; +} + +if ($badtest) { + print "\n$badtest TESTS FAILED!!\n"; +} +else { + print "\n***All tests successful***\n"; +} + +sub write_pem { + my ( $filename, $str, $data ) = @_; + + $filename =~ s/\.[^.]*$/.pem/; + + push @cleanup, $filename; + + open OUT, ">$filename"; + + print OUT "-----BEGIN $str-----\n"; + print OUT $data; + print OUT "-----END $str-----\n"; + + close OUT; +} + +sub run_reencode_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + + system( "$cmscmd -cmsout -inform DER -outform DER" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tReencode command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { + print "\tReencode FAILED!!\n"; + $badtest++; + } + else { + print "\tReencode passed\n" if $verbose; + } +} + +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + +sub run_dataout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.txt"; + + system( + "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tDataout command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { + print "\tDataout compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDataout passed\n" if $verbose; + } +} + +sub run_verify_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /verifyder/; + $form = "SMIME" if $tlist =~ /verifymime/; + $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; + $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; + + $cmd = + "$cmscmd -verify -inform $form" + . " -CAfile $cafile" + . " -in $cmsdir/$tfile -out tmp.txt"; + + $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tVerify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tVerify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tVerify passed\n" if $verbose; + } +} + +sub run_envelope_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /envelopeder/; + $form = "SMIME" if $tlist =~ /envelopemime/; + + $cmd = + "$cmscmd -decrypt -inform $form" + . " -recip $cmsdir/BobRSASignByCarl.pem" + . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" + . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDecrypt command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDecrypt content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDecrypt passed\n" if $verbose; + } +} + +sub run_digest_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + my $cmd = + "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDigest verify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDigest verify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDigest verify passed\n" if $verbose; + } +} + +sub run_encrypted_test { + my ( $cmsdir, $tlist, $tfile, $key ) = @_; + unlink "tmp.txt"; + + system( "$cmscmd -EncryptedData_decrypt -inform DER" + . " -secretkey $key" + . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tEncrypted Data command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tEncrypted Data content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tEncryptedData verify passed\n" if $verbose; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/cms-test.pl b/test/cms-test.pl new file mode 100644 index 0000000..dfef799 --- /dev/null +++ b/test/cms-test.pl @@ -0,0 +1,459 @@ +# test/cms-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# CMS, PKCS7 consistency test script. Run extensive tests on +# OpenSSL PKCS#7 and CMS implementations. + +my $ossl_path; +my $redir = " 2> cms.err > cms.out"; +# Make VMS work +if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { + $ossl_path = "pipe mcr OSSLX:openssl"; +} +# Make MSYS work +elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { + $ossl_path = "cmd /c ..\\apps\\openssl"; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pk7cmd = "$ossl_path smime "; +my $cmscmd = "$ossl_path cms "; +my $smdir = "smime-certs"; +my $halt_err = 1; + +my $badcmd = 0; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; + +my @smime_pkcs7_tests = ( + + [ + "signed content DER format, RSA key", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -certfile $smdir/smroot.pem" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, RSA key", + "-sign -in smcont.txt -outform \"DER\"" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, RSA", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -stream -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content DER format, DSA key", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, DSA key", + "-sign -in smcont.txt -outform \"DER\"" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed detached content DER format, add RSA signer", + "-resign -inform \"DER\" -in test.cms -outform \"DER\"" + . " -signer $smdir/smrsa1.pem -out test2.cms", + "-verify -in test2.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, DSA key", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -stream -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", + "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, key only used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + "-encrypt -in smcont.txt" + . " -aes256 -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + +); + +my @smime_cms_tests = ( + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", + "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test\@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " \"-CAfile\" $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + ], + + [ + "data content test streaming PEM format", + "-data_create -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-data_out -in test.cms -inform PEM -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit RC2 key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 40 bit RC2 key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -rc2 -secretkey 0001020304" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 0001020304 -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, triple DES key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit AES key", + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" + . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + +); + +my @smime_cms_comp_tests = ( + + [ + "compressed content test streaming PEM format", + "-compress -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-uncompress -in test.cms -inform PEM -out smtst.txt" + ] + +); + +print "CMS => PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); + +print "CMS <= PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); + +print "CMS <=> CMS consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); +run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); + +if ( `$ossl_path version -f` =~ /ZLIB/ ) { + run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); +} +else { + print "Zlib not supported: compression tests skipped\n"; +} + +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + +if ($badcmd) { + print "$badcmd TESTS FAILED!!\n"; +} +else { + print "ALL TESTS SUCCESSFUL.\n"; +} + +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + +sub run_smime_tests { + my ( $rv, $aref, $scmd, $vcmd ) = @_; + + foreach $smtst (@$aref) { + my ( $tnam, $rscmd, $rvcmd ) = @$smtst; + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + system("$scmd$rscmd$redir"); + if ($?) { + print "$tnam: generation error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + system("$vcmd$rvcmd$redir"); + if ($?) { + print "$tnam: verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + print "$tnam: OK\n"; + } +} + +sub cmp_files { + use FileHandle; + my ( $f1, $f2 ) = @_; + my $fp1 = FileHandle->new(); + my $fp2 = FileHandle->new(); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/constant_time_test.c b/test/constant_time_test.c new file mode 120000 index 0000000..519f2f3 --- /dev/null +++ b/test/constant_time_test.c @@ -0,0 +1 @@ +../crypto/constant_time_test.c \ No newline at end of file diff --git a/test/destest.c b/test/destest.c new file mode 120000 index 0000000..5988c73 --- /dev/null +++ b/test/destest.c @@ -0,0 +1 @@ +../crypto/des/destest.c \ No newline at end of file diff --git a/test/dhtest.c b/test/dhtest.c new file mode 120000 index 0000000..9a67f91 --- /dev/null +++ b/test/dhtest.c @@ -0,0 +1 @@ +../crypto/dh/dhtest.c \ No newline at end of file diff --git a/test/dsatest.c b/test/dsatest.c new file mode 120000 index 0000000..16a1b5a --- /dev/null +++ b/test/dsatest.c @@ -0,0 +1 @@ +../crypto/dsa/dsatest.c \ No newline at end of file diff --git a/test/dummytest.c b/test/dummytest.c new file mode 100644 index 0000000..5b4467e --- /dev/null +++ b/test/dummytest.c @@ -0,0 +1,48 @@ +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) + { + char *p, *q = 0, *program; + + p = strrchr(argv[0], '/'); + if (!p) p = strrchr(argv[0], '\\'); +#ifdef OPENSSL_SYS_VMS + if (!p) p = strrchr(argv[0], ']'); + if (p) q = strrchr(p, '>'); + if (q) p = q; + if (!p) p = strrchr(argv[0], ':'); + q = 0; +#endif + if (p) p++; + if (!p) p = argv[0]; + if (p) q = strchr(p, '.'); + if (p && !q) q = p + strlen(p); + + if (!p) + program = BUF_strdup("(unknown)"); + else + { + program = OPENSSL_malloc((q - p) + 1); + strncpy(program, p, q - p); + program[q - p] = '\0'; + } + + for(p = program; *p; p++) + if (islower((unsigned char)(*p))) + *p = toupper((unsigned char)(*p)); + + q = strstr(program, "TEST"); + if (q > p && q[-1] == '_') q--; + *q = '\0'; + + printf("No %s support\n", program); + + OPENSSL_free(program); + return(0); + } diff --git a/test/ecdhtest.c b/test/ecdhtest.c new file mode 120000 index 0000000..206d986 --- /dev/null +++ b/test/ecdhtest.c @@ -0,0 +1 @@ +../crypto/ecdh/ecdhtest.c \ No newline at end of file diff --git a/test/ecdsatest.c b/test/ecdsatest.c new file mode 120000 index 0000000..441082b --- /dev/null +++ b/test/ecdsatest.c @@ -0,0 +1 @@ +../crypto/ecdsa/ecdsatest.c \ No newline at end of file diff --git a/test/ectest.c b/test/ectest.c new file mode 120000 index 0000000..df1831f --- /dev/null +++ b/test/ectest.c @@ -0,0 +1 @@ +../crypto/ec/ectest.c \ No newline at end of file diff --git a/test/enginetest.c b/test/enginetest.c new file mode 120000 index 0000000..5c74a6f --- /dev/null +++ b/test/enginetest.c @@ -0,0 +1 @@ +../crypto/engine/enginetest.c \ No newline at end of file diff --git a/test/evp_test.c b/test/evp_test.c new file mode 120000 index 0000000..0741628 --- /dev/null +++ b/test/evp_test.c @@ -0,0 +1 @@ +../crypto/evp/evp_test.c \ No newline at end of file diff --git a/test/evptests.txt b/test/evptests.txt new file mode 100644 index 0000000..c273707 --- /dev/null +++ b/test/evptests.txt @@ -0,0 +1,334 @@ +#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) +#digest:::input:output + +# SHA(1) tests (from shatest.c) +SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d + +# MD5 tests (from md5test.c) +MD5::::d41d8cd98f00b204e9800998ecf8427e +MD5:::61:0cc175b9c0f1b6a831c399e269772661 +MD5:::616263:900150983cd24fb0d6963f7d28e17f72 +MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0 +MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b +MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f +MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a + +# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) + +AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1 + +# AES 192 ECB tests (from FIPS-197 test vectors, encrypt) + +AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 + +# AES 256 ECB tests (from FIPS-197 test vectors, encrypt) + +AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1 + +# AES 128 ECB tests (from NIST test vectors, encrypt) + +#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1 + +# AES 128 ECB tests (from NIST test vectors, decrypt) + +#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0 + +# AES 192 ECB tests (from NIST test vectors, decrypt) + +#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0 + +# AES 256 ECB tests (from NIST test vectors, decrypt) + +#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0 + +# AES 128 CBC tests (from NIST test vectors, encrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1 + +# AES 192 CBC tests (from NIST test vectors, encrypt) + +#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1 + +# AES 256 CBC tests (from NIST test vectors, encrypt) + +#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1 + +# AES 128 CBC tests (from NIST test vectors, decrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0 + +# AES tests from NIST document SP800-38A +# For all ECB encrypts and decrypts, the transformed sequence is +# AES-bits-ECB:key::plaintext:ciphertext:encdec +# ECB-AES128.Encrypt and ECB-AES128.Decrypt +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97 +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688 +AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4 +# ECB-AES192.Encrypt and ECB-AES192.Decrypt +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E +AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E +# ECB-AES256.Encrypt and ECB-AES256.Decrypt +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8 +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870 +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D +AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7 +# For all CBC encrypts and decrypts, the transformed sequence is +# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-AES128.Encrypt and CBC-AES128.Decrypt +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2 +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516 +AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7 +# CBC-AES192.Encrypt and CBC-AES192.Decrypt +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 +AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD +# CBC-AES256.Encrypt and CBC-AES256.Decrypt +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6 +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 +AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B +# We don't support CFB{1,8}-AESxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-AES128.Encrypt +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1 +# CFB128-AES128.Decrypt +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0 +AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0 +# CFB128-AES192.Encrypt +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1 +# CFB128-AES192.Decrypt +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0 +AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0 +# CFB128-AES256.Encrypt +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1 +# CFB128-AES256.Decrypt +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0 +AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0 +# For all OFB encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-AES128.Encrypt +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 +# OFB-AES128.Decrypt +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 +AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 +# OFB-AES192.Encrypt +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 +# OFB-AES192.Decrypt +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 +AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 +# OFB-AES256.Encrypt +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 +# OFB-AES256.Decrypt +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 +AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 + +# AES Counter test vectors from RFC3686 +aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1 +aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1 +aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1 + +aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1 +aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1 +aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1 + +aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1 +aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1 +aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1 + +# DES ECB tests (from destest) + +DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7 +DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58 +DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B +DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533 +DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D +DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD +DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4 + +# DESX-CBC tests (from destest) +DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 + +# DES EDE3 CBC tests (from destest) +DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + +# RC4 tests (from rc4test) +RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 +RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 +RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a +RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 +RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf +RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 + + +# Camellia tests from RFC3713 +# For all ECB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec +CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43 +CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9 +CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509 + +# ECB-CAMELLIA128.Encrypt +CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1 +CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1 +CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1 + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96 +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636 +CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A + +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3 +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366 +CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26 + +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28 +CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B + +# For all CBC encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887 +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54 +CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980 + +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449 +CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08 + +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50 +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83 +CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F + +# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-CAMELLIA128.Encrypt +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1 + +# CFB128-CAMELLIA128.Decrypt +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0 +CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0 + +# CFB128-CAMELLIA192.Encrypt +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1 + +# CFB128-CAMELLIA192.Decrypt +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0 +CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0 + +# CFB128-CAMELLIA256.Encrypt +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1 + +# CFB128-CAMELLIA256.Decrypt +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0 +CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0 + +# For all OFB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-CAMELLIA128.Encrypt +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1 + +# OFB-CAMELLIA128.Decrypt +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0 +CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0 + +# OFB-CAMELLIA192.Encrypt +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1 + +# OFB-CAMELLIA192.Decrypt +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0 +CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0 + +# OFB-CAMELLIA256.Encrypt +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1 + +# OFB-CAMELLIA256.Decrypt +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 +CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 + +# SEED test vectors from RFC4269 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 +SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 +SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 +SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 +SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 diff --git a/test/exptest.c b/test/exptest.c new file mode 120000 index 0000000..50ccf71 --- /dev/null +++ b/test/exptest.c @@ -0,0 +1 @@ +../crypto/bn/exptest.c \ No newline at end of file diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c new file mode 120000 index 0000000..79576fd --- /dev/null +++ b/test/heartbeat_test.c @@ -0,0 +1 @@ +../ssl/heartbeat_test.c \ No newline at end of file diff --git a/test/hmactest.c b/test/hmactest.c new file mode 120000 index 0000000..353ee2c --- /dev/null +++ b/test/hmactest.c @@ -0,0 +1 @@ +../crypto/hmac/hmactest.c \ No newline at end of file diff --git a/test/ideatest.c b/test/ideatest.c new file mode 120000 index 0000000..a9bfb3d --- /dev/null +++ b/test/ideatest.c @@ -0,0 +1 @@ +../crypto/idea/ideatest.c \ No newline at end of file diff --git a/test/igetest.c b/test/igetest.c new file mode 100644 index 0000000..1ba9002 --- /dev/null +++ b/test/igetest.c @@ -0,0 +1,503 @@ +/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include +#include + +#define TEST_SIZE 128 +#define BIG_TEST_SIZE 10240 + +static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) + { + int n=0; + + fprintf(f,"%s",title); + for( ; n < l ; ++n) + { + if((n%16) == 0) + fprintf(f,"\n%04x",n); + fprintf(f," %02x",s[n]); + } + fprintf(f,"\n"); + } + +#define MAX_VECTOR_SIZE 64 + +struct ige_test + { + const unsigned char key[16]; + const unsigned char iv[32]; + const unsigned char in[MAX_VECTOR_SIZE]; + const unsigned char out[MAX_VECTOR_SIZE]; + const size_t length; + const int encrypt; + }; + +static struct ige_test const ige_test_vectors[] = { +{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */ + { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52, + 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45, + 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3, + 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */ + 32, AES_ENCRYPT }, /* test vector 0 */ + +{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */ + { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45, + 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */ + { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73, + 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65, + 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74, + 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */ + { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13, + 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a, + 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34, + 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */ + 32, AES_DECRYPT }, /* test vector 1 */ +}; + +struct bi_ige_test + { + const unsigned char key1[32]; + const unsigned char key2[32]; + const unsigned char iv[64]; + const unsigned char in[MAX_VECTOR_SIZE]; + const unsigned char out[MAX_VECTOR_SIZE]; + const size_t keysize; + const size_t length; + const int encrypt; + }; + +static struct bi_ige_test const bi_ige_test_vectors[] = { +{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */ + { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */ + { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56, + 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc, + 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16, + 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */ + 16, 32, AES_ENCRYPT }, /* test vector 0 */ +{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c, + 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a, + 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75, + 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */ + { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13, + 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74, + 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21, + 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */ + { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9, + 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70, + 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42, + 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67, + 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a, + 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20, + 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd, + 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */ + { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c, + 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0, + 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f, + 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b, + 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52, + 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a, + 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c, + 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */ + { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23, + 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79, + 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf, + 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92, + 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51, + 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67, + 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76, + 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */ + 32, 64, AES_ENCRYPT }, /* test vector 1 */ + +}; + +static int run_test_vectors(void) + { + unsigned int n; + int errs = 0; + + for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n) + { + const struct ige_test * const v = &ige_test_vectors[n]; + AES_KEY key; + unsigned char buf[MAX_VECTOR_SIZE]; + unsigned char iv[AES_BLOCK_SIZE*2]; + + assert(v->length <= MAX_VECTOR_SIZE); + + if(v->encrypt == AES_ENCRYPT) + AES_set_encrypt_key(v->key, 8*sizeof v->key, &key); + else + AES_set_decrypt_key(v->key, 8*sizeof v->key, &key); + memcpy(iv, v->iv, sizeof iv); + AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("IGE test vector %d failed\n", n); + hexdump(stdout, "key", v->key, sizeof v->key); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + + /* try with in == out */ + memcpy(iv, v->iv, sizeof iv); + memcpy(buf, v->in, v->length); + AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("IGE test vector %d failed (with in == out)\n", n); + hexdump(stdout, "key", v->key, sizeof v->key); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + } + + for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0]) + ; ++n) + { + const struct bi_ige_test * const v = &bi_ige_test_vectors[n]; + AES_KEY key1; + AES_KEY key2; + unsigned char buf[MAX_VECTOR_SIZE]; + + assert(v->length <= MAX_VECTOR_SIZE); + + if(v->encrypt == AES_ENCRYPT) + { + AES_set_encrypt_key(v->key1, 8*v->keysize, &key1); + AES_set_encrypt_key(v->key2, 8*v->keysize, &key2); + } + else + { + AES_set_decrypt_key(v->key1, 8*v->keysize, &key1); + AES_set_decrypt_key(v->key2, 8*v->keysize, &key2); + } + + AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv, + v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("Bidirectional IGE test vector %d failed\n", n); + hexdump(stdout, "key 1", v->key1, sizeof v->key1); + hexdump(stdout, "key 2", v->key2, sizeof v->key2); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + } + + return errs; + } + +int main(int argc, char **argv) + { + unsigned char rkey[16]; + unsigned char rkey2[16]; + AES_KEY key; + AES_KEY key2; + unsigned char plaintext[BIG_TEST_SIZE]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned char iv[AES_BLOCK_SIZE*4]; + unsigned char saved_iv[AES_BLOCK_SIZE*4]; + int err = 0; + unsigned int n; + unsigned matches; + + assert(BIG_TEST_SIZE >= TEST_SIZE); + + RAND_pseudo_bytes(rkey, sizeof rkey); + RAND_pseudo_bytes(plaintext, sizeof plaintext); + RAND_pseudo_bytes(iv, sizeof iv); + memcpy(saved_iv, iv, sizeof saved_iv); + + /* Forward IGE only... */ + + /* Straight encrypt/decrypt */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, + AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* Now check encrypt chaining works */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv, + AES_ENCRYPT); + AES_ige_encrypt(plaintext+TEST_SIZE/2, + ciphertext+TEST_SIZE/2, TEST_SIZE/2, + &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Chained encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* And check decrypt chaining */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv, + AES_ENCRYPT); + AES_ige_encrypt(plaintext+TEST_SIZE/2, + ciphertext+TEST_SIZE/2, TEST_SIZE/2, + &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv, + AES_DECRYPT); + AES_ige_encrypt(ciphertext+TEST_SIZE/2, + checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Chained encrypt+chained decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* make sure garble extends forwards only */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt halfway through */ + ++ciphertext[sizeof ciphertext/2]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/2+sizeof checktext/100) + { + printf("More than 51%% matches after garbling\n"); + ++err; + } + + if(matches < sizeof checktext/2) + { + printf("Garble extends backwards!\n"); + ++err; + } + + /* Bi-directional IGE */ + + /* Note that we don't have to recover the IV, because chaining isn't */ + /* possible with biIGE, so the IV is not updated. */ + + RAND_pseudo_bytes(rkey2, sizeof rkey2); + + /* Straight encrypt/decrypt */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, + AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* make sure garble extends both ways */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt halfway through */ + ++ciphertext[sizeof ciphertext/2]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/100) + { + printf("More than 1%% matches after bidirectional garbling\n"); + ++err; + } + + /* make sure garble extends both ways (2) */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt right at the end */ + ++ciphertext[sizeof ciphertext-1]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/100) + { + printf("More than 1%% matches after bidirectional garbling (2)\n"); + ++err; + } + + /* make sure garble extends both ways (3) */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt right at the start */ + ++ciphertext[0]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/100) + { + printf("More than 1%% matches after bidirectional garbling (3)\n"); + ++err; + } + + err += run_test_vectors(); + + return err; + } diff --git a/test/jpaketest.c b/test/jpaketest.c new file mode 120000 index 0000000..49f44f8 --- /dev/null +++ b/test/jpaketest.c @@ -0,0 +1 @@ +dummytest.c \ No newline at end of file diff --git a/test/maketests.com b/test/maketests.com new file mode 100644 index 0000000..97e0c3b --- /dev/null +++ b/test/maketests.com @@ -0,0 +1,1090 @@ +$! +$! MAKETESTS.COM +$! Written By: Robert Byer +$! Vice-President +$! A-Com Computing, Inc. +$! byer@mail.all-net.net +$! +$! Changes by Richard Levitte +$! Zoltan Arpadffy +$! +$! This command files compiles and creates all the various different +$! "test" programs for the different types of encryption for OpenSSL. +$! It was written so it would try to determine what "C" compiler to +$! use or you can specify which "C" compiler to use. +$! +$! The test "executables" will be placed in a directory called +$! [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending +$! on your machine architecture. +$! +$! Specify DEBUG or NODEBUG P1 to compile with or without debugger +$! information. +$! +$! Specify which compiler at P2 to try to compile under. +$! +$! VAXC For VAX C. +$! DECC For DEC C. +$! GNUC For GNU C. +$! +$! If you don't specify a compiler, it will try to determine which +$! "C" compiler to use. +$! +$! P3, if defined, sets a TCP/IP library to use, through one of the following +$! keywords: +$! +$! UCX for UCX +$! SOCKETSHR for SOCKETSHR+NETLIB +$! +$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! +$! +$! P5, if defined, specifies the C pointer size. Ignored on VAX. +$! ("64=ARGV" gives more efficient code with HP C V7.3 or newer.) +$! Supported values are: +$! +$! "" Compile with default (/NOPOINTER_SIZE) +$! 32 Compile with /POINTER_SIZE=32 (SHORT) +$! 64 Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]) +$! (Automatically select ARGV if compiler supports it.) +$! 64= Compile with /POINTER_SIZE=64 (LONG). +$! 64=ARGV Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV). +$! +$! P6, if defined, specifies a directory where ZLIB files (zlib.h, +$! libz.olb) may be found. Optionally, a non-default object library +$! name may be included ("dev:[dir]libz_64.olb", for example). +$! +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$! Define A TCP/IP Library That We Will Need To Link To. +$! (That is, If We Need To Link To One.) +$! +$ TCPIP_LIB = "" +$ ZLIB_LIB = "" +$! +$! Check Which Architecture We Are Using. +$! +$ if (f$getsyi( "cpu") .lt. 128) +$ then +$ ARCH = "VAX" +$ else +$ ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (ARCH .eqs. "") then ARCH = "UNK" +$ endif +$! +$ ARCHD = ARCH +$ LIB32 = "32" +$ OPT_FILE = "" +$ POINTER_SIZE = "" +$! +$! Check To Make Sure We Have Valid Command Line Parameters. +$! +$ GOSUB CHECK_OPTIONS +$! +$! Define The OBJ and EXE Directories. +$! +$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST] +$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST] +$! +$! Specify the destination directory in any /MAP option. +$! +$ if (LINKMAP .eqs. "MAP") +$ then +$ LINKMAP = LINKMAP+ "=''EXE_DIR'" +$ endif +$! +$! Add the location prefix to the linker options file name. +$! +$ if (OPT_FILE .nes. "") +$ then +$ OPT_FILE = EXE_DIR+ OPT_FILE +$ endif +$! +$! Initialise logical names and such +$! +$ GOSUB INITIALISE +$! +$! Tell The User What Kind of Machine We Run On. +$! +$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'" +$! +$! Define The CRYPTO-LIB We Are To Use. +$! +$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB +$! +$! Define The SSL We Are To Use. +$! +$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB +$! +$! Create the OBJ and EXE Directories, if needed. +$! +$ IF (F$PARSE(OBJ_DIR).EQS."") THEN - + CREATE /DIRECTORY 'OBJ_DIR' +$ IF (F$PARSE(EXE_DIR).EQS."") THEN - + CREATE /DIRECTORY 'EXE_DIR' +$! +$! Check To See If We Have The Proper Libraries. +$! +$ GOSUB LIB_CHECK +$! +$! Check To See If We Have A Linker Option File. +$! +$ GOSUB CHECK_OPT_FILE +$! +$! Define The TEST Files. +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the EXE variable in Makefile as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. +$! +$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - + "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ - + "RC2TEST,RC4TEST,RC5TEST,"+ - + "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - + "MDC2TEST,RMDTEST,"+ - + "RANDTEST,DHTEST,ENGINETEST,"+ - + "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - + "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - + "ASN1TEST,HEARTBEAT_TEST,CONSTANT_TIME_TEST" +$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? +$! +$! Additional directory information. +$ T_D_BNTEST := [-.crypto.bn] +$ T_D_ECTEST := [-.crypto.ec] +$ T_D_ECDSATEST := [-.crypto.ecdsa] +$ T_D_ECDHTEST := [-.crypto.ecdh] +$ T_D_IDEATEST := [-.crypto.idea] +$ T_D_MD2TEST := [-.crypto.md2] +$ T_D_MD4TEST := [-.crypto.md4] +$ T_D_MD5TEST := [-.crypto.md5] +$ T_D_HMACTEST := [-.crypto.hmac] +$ T_D_WP_TEST := [-.crypto.whrlpool] +$ T_D_RC2TEST := [-.crypto.rc2] +$ T_D_RC4TEST := [-.crypto.rc4] +$ T_D_RC5TEST := [-.crypto.rc5] +$ T_D_DESTEST := [-.crypto.des] +$ T_D_SHATEST := [-.crypto.sha] +$ T_D_SHA1TEST := [-.crypto.sha] +$ T_D_SHA256T := [-.crypto.sha] +$ T_D_SHA512T := [-.crypto.sha] +$ T_D_MDC2TEST := [-.crypto.mdc2] +$ T_D_RMDTEST := [-.crypto.ripemd] +$ T_D_RANDTEST := [-.crypto.rand] +$ T_D_DHTEST := [-.crypto.dh] +$ T_D_ENGINETEST := [-.crypto.engine] +$ T_D_BFTEST := [-.crypto.bf] +$ T_D_CASTTEST := [-.crypto.cast] +$ T_D_SSLTEST := [-.ssl] +$ T_D_EXPTEST := [-.crypto.bn] +$ T_D_DSATEST := [-.crypto.dsa] +$ T_D_RSA_TEST := [-.crypto.rsa] +$ T_D_EVP_TEST := [-.crypto.evp] +$ T_D_IGETEST := [-.test] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_SRPTEST := [-.crypto.srp] +$ T_D_ASN1TEST := [-.test] +$ T_D_HEARTBEAT_TEST := [-.ssl] +$ T_D_CONSTANT_TIME_TEST := [-.crypto] +$! +$ TCPIP_PROGRAMS = ",," +$ IF COMPILER .EQS. "VAXC" THEN - + TCPIP_PROGRAMS = ",SSLTEST," +$! +$! Define A File Counter And Set It To "0". +$! +$ FILE_COUNTER = 0 +$! +$! Top Of The File Loop. +$! +$ NEXT_FILE: +$! +$! O.K, Extract The File Name From The File List. +$! +$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES) +$! +$! Check To See If We Are At The End Of The File List. +$! +$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE +$! +$! Increment The Counter. +$! +$ FILE_COUNTER = FILE_COUNTER + 1 +$! +$! Create The Source File Name. +$! +$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C" +$! +$! Create The Object File Name. +$! +$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" +$! +$! Create The Executable File Name. +$! +$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE" +$ ON WARNING THEN GOTO NEXT_FILE +$! +$! Check To See If The File We Want To Compile Actually Exists. +$! +$ IF (F$SEARCH(SOURCE_FILE).EQS."") +$ THEN +$! +$! Tell The User That The File Dosen't Exist. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." +$ WRITE SYS$OUTPUT "" +$! +$! Exit The Build. +$! +$ GOTO EXIT +$ ENDIF +$! +$! Tell The User What We Are Building. +$! +$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program." +$! +$! Compile The File. +$! +$ ON ERROR THEN GOTO NEXT_FILE +$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ ON WARNING THEN GOTO NEXT_FILE +$! +$! Check If What We Are About To Compile Works Without A TCP/IP Library. +$! +$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS)) +$ THEN +$! +$! Inform The User That A TCP/IP Library Is Needed To Compile This Program. +$! +$ WRITE SYS$OUTPUT - + FILE_NAME," Needs A TCP/IP Library. Can't Link. Skipping..." +$ GOTO NEXT_FILE +$! +$! End The TCP/IP Library Check. +$! +$ ENDIF +$! +$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Check To See If We Are To Link With A Specific TCP/IP Library. +$! +$! Don't Link With The RSAREF Routines And TCP/IP Library. +$! +$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' - + 'OBJECT_FILE', - + 'SSL_LIB' /LIBRARY, - + 'CRYPTO_LIB' /LIBRARY - + 'TCPIP_LIB' - + 'ZLIB_LIB' - + ,'OPT_FILE' /OPTIONS +$! +$! Go Back And Do It Again. +$! +$ GOTO NEXT_FILE +$! +$! All Done With This Library Part. +$! +$ FILE_DONE: +$! +$! All Done, Time To Exit. +$! +$ EXIT: +$ GOSUB CLEANUP +$ EXIT +$! +$! Check For The Link Option FIle. +$! +$ CHECK_OPT_FILE: +$! +$! Check To See If We Need To Make A VAX C Option File. +$! +$ IF (COMPILER.EQS."VAXC") +$ THEN +$! +$! Check To See If We Already Have A VAX C Linker Option File. +$! +$ IF (F$SEARCH(OPT_FILE).EQS."") +$ THEN +$! +$! We Need A VAX C Linker Option File. +$! +$ CREATE 'OPT_FILE' +$DECK +! +! Default System Options File To Link Against +! The Sharable VAX C Runtime Library. +! +SYS$SHARE:VAXCRTL.EXE /SHAREABLE +$EOD +$! +$! End The Option File Check. +$! +$ ENDIF +$! +$! End The VAXC Check. +$! +$ ENDIF +$! +$! Check To See If We Need A GNU C Option File. +$! +$ IF (COMPILER.EQS."GNUC") +$ THEN +$! +$! Check To See If We Already Have A GNU C Linker Option File. +$! +$ IF (F$SEARCH(OPT_FILE).EQS."") +$ THEN +$! +$! We Need A GNU C Linker Option File. +$! +$ CREATE 'OPT_FILE' +$DECK +! +! Default System Options File To Link Against +! The Sharable C Runtime Library. +! +GNU_CC:[000000]GCCLIB.OLB /LIBRARY +SYS$SHARE:VAXCRTL.EXE /SHAREABLE +$EOD +$! +$! End The Option File Check. +$! +$ ENDIF +$! +$! End The GNU C Check. +$! +$ ENDIF +$! +$! Check To See If We Need A DEC C Option File. +$! +$ IF (COMPILER.EQS."DECC") +$ THEN +$! +$! Check To See If We Already Have A DEC C Linker Option File. +$! +$ IF (F$SEARCH(OPT_FILE).EQS."") +$ THEN +$! +$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. +$! +$ IF (ARCH.EQS."VAX") +$ THEN +$! +$! We Need A DEC C Linker Option File For VAX. +$! +$ CREATE 'OPT_FILE' +$DECK +! +! Default System Options File To Link Against +! The Sharable DEC C Runtime Library. +! +SYS$SHARE:DECC$SHR.EXE /SHAREABLE +$EOD +$! +$! Else... +$! +$ ELSE +$! +$! Create The non-VAX Linker Option File. +$! +$ CREATE 'OPT_FILE' +$DECK +! +! Default System Options File For non-VAX To Link Against +! The Sharable C Runtime Library. +! +SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE +SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE +$EOD +$! +$! End The DEC C Option File Check. +$! +$ ENDIF +$! +$! End The Option File Search. +$! +$ ENDIF +$! +$! End The DEC C Check. +$! +$ ENDIF +$! +$! Tell The User What Linker Option File We Are Using. +$! +$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." +$! +$! Time To RETURN. +$! +$ RETURN +$! +$! Check To See If We Have The Appropiate Libraries. +$! +$ LIB_CHECK: +$! +$! Look For The Library LIBCRYPTO.OLB. +$! +$ IF (F$SEARCH(CRYPTO_LIB).EQS."") +$ THEN +$! +$! Tell The User We Can't Find The LIBCRYPTO.OLB Library. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"." +$ WRITE SYS$OUTPUT "We Can't Link Without It." +$ WRITE SYS$OUTPUT "" +$! +$! Since We Can't Link Without It, Exit. +$! +$ EXIT +$! +$! End The Crypto Library Check. +$! +$ ENDIF +$! +$! Look For The Library LIBSSL.OLB. +$! +$ IF (F$SEARCH(SSL_LIB).EQS."") +$ THEN +$! +$! Tell The User We Can't Find The LIBSSL.OLB Library. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"." +$ WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It." +$ WRITE SYS$OUTPUT "" +$! +$! Since We Can't Link Without It, Exit. +$! +$ EXIT +$! +$! End The SSL Library Check. +$! +$ ENDIF +$! +$! Time To Return. +$! +$ RETURN +$! +$! Check The User's Options. +$! +$ CHECK_OPTIONS: +$! +$! Set basic C compiler /INCLUDE directories. +$! +$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" +$! +$! Check To See If P1 Is Blank. +$! +$ IF (P1.EQS."NODEBUG") +$ THEN +$! +$! P1 Is NODEBUG, So Compile Without Debugger Information. +$! +$ DEBUGGER = "NODEBUG" +$ LINKMAP = "NOMAP" +$ TRACEBACK = "NOTRACEBACK" +$ GCC_OPTIMIZE = "OPTIMIZE" +$ CC_OPTIMIZE = "OPTIMIZE" +$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." +$! +$! Else... +$! +$ ELSE +$! +$! Check To See If We Are To Compile With Debugger Information. +$! +$ IF (P1.EQS."DEBUG") +$ THEN +$! +$! Compile With Debugger Information. +$! +$ DEBUGGER = "DEBUG" +$ LINKMAP = "MAP" +$ TRACEBACK = "TRACEBACK" +$ GCC_OPTIMIZE = "NOOPTIMIZE" +$ CC_OPTIMIZE = "NOOPTIMIZE" +$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." +$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." +$! +$! Else... +$! +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." +$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$! End The Valid Argument Check. +$! +$ ENDIF +$! +$! End The P1 Check. +$! +$ ENDIF +$! +$! Check P5 (POINTER_SIZE). +$! +$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX") +$ THEN +$! +$ IF (P5 .EQS. "32") +$ THEN +$ POINTER_SIZE = " /POINTER_SIZE=32" +$ ELSE +$ POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE") +$ IF ((POINTER_SIZE .EQS. "64") .OR. - + (POINTER_SIZE .EQS. "64=") .OR. - + (POINTER_SIZE .EQS. "64=ARGV")) +$ THEN +$ ARCHD = ARCH+ "_64" +$ LIB32 = "" +$ IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=") +$ THEN +$! Explicit user choice: "64" or "64=ARGV". +$ IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64" +$ ELSE +$ SET NOON +$ DEFINE /USER_MODE SYS$OUTPUT NL: +$ DEFINE /USER_MODE SYS$ERROR NL: +$ CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL: +$ IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000 +$ THEN +$ ! If we got here, it means DCL complained like this: +$ ! %DCL-W-NOVALU, value not allowed - remove value specification +$ ! \64=\ +$ ! +$ ! If the compiler was run, logicals defined in /USER would +$ ! have been deassigned automatically. However, when DCL +$ ! complains, they aren't, so we do it here (it might be +$ ! unnecessary, but just in case there will be another error +$ ! message further on that we don't want to miss) +$ DEASSIGN /USER_MODE SYS$ERROR +$ DEASSIGN /USER_MODE SYS$OUTPUT +$ ELSE +$ POINTER_SIZE = POINTER_SIZE + "=ARGV" +$ ENDIF +$ SET ON +$ ENDIF +$ POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'" +$ ELSE +$! +$! Tell The User Entered An Invalid Option. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", P5, - + " Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT - + " """" : Compile with default (short) pointers." +$ WRITE SYS$OUTPUT - + " 32 : Compile with 32-bit (short) pointers." +$ WRITE SYS$OUTPUT - + " 64 : Compile with 64-bit (long) pointers (auto ARGV)." +$ WRITE SYS$OUTPUT - + " 64= : Compile with 64-bit (long) pointers (no ARGV)." +$ WRITE SYS$OUTPUT - + " 64=ARGV : Compile with 64-bit (long) pointers (ARGV)." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$ ENDIF +$! +$ ENDIF +$! +$! End The P5 (POINTER_SIZE) Check. +$! +$ ENDIF +$! +$! Check To See If P2 Is Blank. +$! +$ IF (P2.EQS."") +$ THEN +$! +$! O.K., The User Didn't Specify A Compiler, Let's Try To +$! Find Out Which One To Use. +$! +$! Check To See If We Have GNU C. +$! +$ IF (F$TRNLNM("GNU_CC").NES."") +$ THEN +$! +$! Looks Like GNUC, Set To Use GNUC. +$! +$ P2 = "GNUC" +$! +$! End The GNU C Compiler Check. +$! +$ ELSE +$! +$! Check To See If We Have VAXC Or DECC. +$! +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ THEN +$! +$! Looks Like DECC, Set To Use DECC. +$! +$ P2 = "DECC" +$! +$! Else... +$! +$ ELSE +$! +$! Looks Like VAXC, Set To Use VAXC. +$! +$ P2 = "VAXC" +$! +$! End The VAXC Compiler Check. +$! +$ ENDIF +$! +$! End The DECC & VAXC Compiler Check. +$! +$ ENDIF +$! +$! End The Compiler Check. +$! +$ ENDIF +$! +$! Check To See If We Have A Option For P3. +$! +$ IF (P3.EQS."") +$ THEN +$! +$! Find out what socket library we have available +$! +$ IF F$PARSE("SOCKETSHR:") .NES. "" +$ THEN +$! +$! We have SOCKETSHR, and it is my opinion that it's the best to use. +$! +$ P3 = "SOCKETSHR" +$! +$! Tell the user +$! +$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP" +$! +$! Else, let's look for something else +$! +$ ELSE +$! +$! Like UCX (the reason to do this before Multinet is that the UCX +$! emulation is easier to use...) +$! +$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" - + .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" - + .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. "" +$ THEN +$! +$! Last resort: a UCX or UCX-compatible library +$! +$ P3 = "UCX" +$! +$! Tell the user +$! +$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP" +$! +$! That was all... +$! +$ ENDIF +$ ENDIF +$ ENDIF +$! +$! Set Up Initial CC Definitions, Possibly With User Ones +$! +$ CCDEFS = "TCPIP_TYPE_''P3'" +$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS +$ CCEXTRAFLAGS = "" +$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS +$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" +$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - + CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS +$! +$! Check To See If We Have A ZLIB Option. +$! +$ ZLIB = P6 +$ IF (ZLIB .NES. "") +$ THEN +$! +$! Check for expected ZLIB files. +$! +$ err = 0 +$ file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY") +$ if (f$search( file1) .eqs. "") +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ WRITE SYS$OUTPUT " Can't find header: ''file1'" +$ err = 1 +$ endif +$ file1 = f$parse( "A.;", ZLIB)- "A.;" +$! +$ file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY") +$ if (f$search( file2) .eqs. "") +$ then +$ if (err .eq. 0) +$ then +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid." +$ endif +$ WRITE SYS$OUTPUT " Can't find library: ''file2'" +$ WRITE SYS$OUTPUT "" +$ err = err+ 2 +$ endif +$ if (err .eq. 1) +$ then +$ WRITE SYS$OUTPUT "" +$ endif +$! +$ if (err .ne. 0) +$ then +$ GOTO EXIT +$ endif +$! +$ CCDEFS = """ZLIB=1"", "+ CCDEFS +$ CC_INCLUDES = CC_INCLUDES+ ", "+ file1 +$ ZLIB_LIB = ", ''file2' /library" +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "ZLIB library spec: ", file2 +$! +$! End The P8 Check. +$! +$ ENDIF +$! +$! Check To See If The User Entered A Valid Parameter. +$! +$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC") +$ THEN +$! +$! Check To See If The User Wanted DECC. +$! +$ IF (P2.EQS."DECC") +$ THEN +$! +$! Looks Like DECC, Set To Use DECC. +$! +$ COMPILER = "DECC" +$! +$! Tell The User We Are Using DECC. +$! +$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." +$! +$! Use DECC... +$! +$ CC = "CC" +$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - + THEN CC = "CC /DECC" +$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ - + "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + - + " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS +$! +$! Define The Linker Options File Name. +$! +$ OPT_FILE = "VAX_DECC_OPTIONS.OPT" +$! +$! End DECC Check. +$! +$ ENDIF +$! +$! Check To See If We Are To Use VAXC. +$! +$ IF (P2.EQS."VAXC") +$ THEN +$! +$! Looks Like VAXC, Set To Use VAXC. +$! +$ COMPILER = "VAXC" +$! +$! Tell The User We Are Using VAX C. +$! +$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." +$! +$! Compile Using VAXC. +$! +$ CC = "CC" +$ IF ARCH.NES."VAX" +$ THEN +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" +$ EXIT +$ ENDIF +$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC" +$ CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS +$ CCDEFS = CCDEFS + ",""VAXC""" +$! +$! Define As SYS$COMMON:[SYSLIB] +$! +$ DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB] +$! +$! Define The Linker Options File Name. +$! +$ OPT_FILE = "VAX_VAXC_OPTIONS.OPT" +$! +$! End VAXC Check +$! +$ ENDIF +$! +$! Check To See If We Are To Use GNU C. +$! +$ IF (P2.EQS."GNUC") +$ THEN +$! +$! Looks Like GNUC, Set To Use GNUC. +$! +$ COMPILER = "GNUC" +$! +$! Tell The User We Are Using GNUC. +$! +$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." +$! +$! Use GNU C... +$! +$ CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + - + "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS +$! +$! Define The Linker Options File Name. +$! +$ OPT_FILE = "VAX_GNUC_OPTIONS.OPT" +$! +$! End The GNU C Check. +$! +$ ENDIF +$! +$! Set up default defines +$! +$ CCDEFS = """FLAT_INC=1""," + CCDEFS +$! +$! Finish up the definition of CC. +$! +$ IF COMPILER .EQS. "DECC" +$ THEN +$ IF CCDISABLEWARNINGS .EQS. "" +$ THEN +$ CC4DISABLEWARNINGS = "DOLLARID" +$ ELSE +$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" +$ CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" +$ ENDIF +$ CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" +$ ELSE +$ CCDISABLEWARNINGS = "" +$ CC4DISABLEWARNINGS = "" +$ ENDIF +$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS +$! +$! Show user the result +$! +$ WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC +$! +$! Else The User Entered An Invalid Argument. +$! +$ ELSE +$! +$! Tell The User We Don't Know What They Want. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." +$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." +$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$ ENDIF +$! +$! Time to check the contents, and to make sure we get the correct library. +$! +$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" - + .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE" +$ THEN +$! +$! Check to see if SOCKETSHR was chosen +$! +$ IF P3.EQS."SOCKETSHR" +$ THEN +$! +$! Set the library to use SOCKETSHR +$! +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS" +$! +$! Done with SOCKETSHR +$! +$ ENDIF +$! +$! Check to see if MULTINET was chosen +$! +$ IF P3.EQS."MULTINET" +$ THEN +$! +$! Set the library to use UCX emulation. +$! +$ P3 = "UCX" +$! +$! Done with MULTINET +$! +$ ENDIF +$! +$! Check to see if UCX was chosen +$! +$ IF P3.EQS."UCX" +$ THEN +$! +$! Set the library to use UCX. +$! +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS" +$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" +$ THEN +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS" +$ ELSE +$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - + TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS" +$ ENDIF +$! +$! Done with UCX +$! +$ ENDIF +$! +$! Check to see if TCPIP was chosen +$! +$ IF P3.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P3.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Done with NONE +$! +$ ENDIF +$! +$! Print info +$! +$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- "," +$! +$! Else The User Entered An Invalid Argument. +$! +$ ELSE +$! +$! Tell The User We Don't Know What They Want. +$! +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." +$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." +$ WRITE SYS$OUTPUT "" +$! +$! Time To EXIT. +$! +$ EXIT +$! +$! Done with TCP/IP libraries +$! +$ ENDIF +$! +$! Special Threads For OpenVMS v7.1 Or Later +$! +$! Written By: Richard Levitte +$! richard@levitte.org +$! +$! +$! Check To See If We Have A Option For P4. +$! +$ IF (P4.EQS."") +$ THEN +$! +$! Get The Version Of VMS We Are Using. +$! +$ ISSEVEN := +$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) +$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) +$! +$! Check To See If The VMS Version Is v7.1 Or Later. +$! +$ IF (TMP.GE.71) +$ THEN +$! +$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. +$! +$ ISSEVEN := ,PTHREAD_USE_D4 +$! +$! End The VMS Version Check. +$! +$ ENDIF +$! +$! End The P4 Check. +$! +$ ENDIF +$! +$! Time To RETURN... +$! +$ RETURN +$! +$ INITIALISE: +$! +$! Save old value of the logical name OPENSSL +$! +$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE") +$! +$! Save directory information +$! +$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;" +$ __HERE = F$EDIT(__HERE,"UPCASE") +$ __TOP = __HERE - "TEST]" +$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" +$! +$! Set up the logical name OPENSSL to point at the include directory +$! +$ DEFINE OPENSSL /NOLOG '__INCLUDE' +$! +$! Done +$! +$ RETURN +$! +$ CLEANUP: +$! +$! Restore the logical name OPENSSL if it had a value +$! +$ IF __SAVE_OPENSSL .EQS. "" +$ THEN +$ DEASSIGN OPENSSL +$ ELSE +$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' +$ ENDIF +$! +$! Done +$! +$ RETURN diff --git a/test/md2test.c b/test/md2test.c new file mode 120000 index 0000000..49f44f8 --- /dev/null +++ b/test/md2test.c @@ -0,0 +1 @@ +dummytest.c \ No newline at end of file diff --git a/test/md4test.c b/test/md4test.c new file mode 120000 index 0000000..1509be9 --- /dev/null +++ b/test/md4test.c @@ -0,0 +1 @@ +../crypto/md4/md4test.c \ No newline at end of file diff --git a/test/md5test.c b/test/md5test.c new file mode 120000 index 0000000..20f4aaf --- /dev/null +++ b/test/md5test.c @@ -0,0 +1 @@ +../crypto/md5/md5test.c \ No newline at end of file diff --git a/test/mdc2test.c b/test/mdc2test.c new file mode 120000 index 0000000..c4ffe48 --- /dev/null +++ b/test/mdc2test.c @@ -0,0 +1 @@ +../crypto/mdc2/mdc2test.c \ No newline at end of file diff --git a/test/methtest.c b/test/methtest.c new file mode 100644 index 0000000..005c2f4 --- /dev/null +++ b/test/methtest.c @@ -0,0 +1,105 @@ +/* test/methtest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include "meth.h" +#include + +int main(argc,argv) +int argc; +char *argv[]; + { + METHOD_CTX *top,*tmp1,*tmp2; + + top=METH_new(x509_lookup()); /* get a top level context */ + if (top == NULL) goto err; + + tmp1=METH_new(x509_by_file()); + if (top == NULL) goto err; + METH_arg(tmp1,METH_TYPE_FILE,"cafile1"); + METH_arg(tmp1,METH_TYPE_FILE,"cafile2"); + METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); + + tmp2=METH_new(x509_by_dir()); + METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts"); + METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs"); + METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); + METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); + +/* tmp=METH_new(x509_by_issuer_dir); + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); + METH_push(top,METH_X509_BY_ISSUER,tmp); + + tmp=METH_new(x509_by_issuer_primary); + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); + METH_push(top,METH_X509_BY_ISSUER,tmp); +*/ + + METH_init(top); + METH_control(tmp1,METH_CONTROL_DUMP,stdout); + METH_control(tmp2,METH_CONTROL_DUMP,stdout); + EXIT(0); +err: + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + EXIT(1); + return(0); + } diff --git a/test/pkcs7-1.pem b/test/pkcs7-1.pem new file mode 100644 index 0000000..c47b27a --- /dev/null +++ b/test/pkcs7-1.pem @@ -0,0 +1,15 @@ +-----BEGIN PKCS7----- +MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG +SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE +AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF +eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 +MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv +bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK +ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB +FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N +9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 +BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w +bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB +BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C +j7Kie1x339mxW/w9VZNTUDQQweHh +-----END PKCS7----- diff --git a/test/pkcs7.pem b/test/pkcs7.pem new file mode 100644 index 0000000..d55c60b --- /dev/null +++ b/test/pkcs7.pem @@ -0,0 +1,54 @@ + MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg + AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH + EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl + cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw + ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 + MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh + c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh + bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE + CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl + Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G + CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK + ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 + l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC + HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg + Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 + c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj + YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 + dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx + dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu + LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU + ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln + biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT + IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB + AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t + L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL + HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF + slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 + ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR + /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT + aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp + ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 + OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu + MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz + Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv + qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy + sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb + P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG + A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA + KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 + Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 + Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq + hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp + Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk + dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ + KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 + dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW + I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow + ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W + ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD + ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw + MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK + /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ + DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP + b+xSu/jH0gAAMYAAAAAAAAAAAA== diff --git a/test/pkits-test.pl b/test/pkits-test.pl new file mode 100644 index 0000000..5c6b89f --- /dev/null +++ b/test/pkits-test.pl @@ -0,0 +1,949 @@ +# test/pkits-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl utility to run PKITS tests for RFC3280 compliance. + +my $ossl_path; + +if ( -f "../apps/openssl" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pkitsdir = "pkits/smime"; +my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; + +die "Can't find PKITS test data" if !-d $pkitsdir; + +my $nist1 = "2.16.840.1.101.3.2.1.48.1"; +my $nist2 = "2.16.840.1.101.3.2.1.48.2"; +my $nist3 = "2.16.840.1.101.3.2.1.48.3"; +my $nist4 = "2.16.840.1.101.3.2.1.48.4"; +my $nist5 = "2.16.840.1.101.3.2.1.48.5"; +my $nist6 = "2.16.840.1.101.3.2.1.48.6"; + +my $apolicy = "X509v3 Any Policy"; + +# This table contains the chapter headings of the accompanying PKITS +# document. They provide useful informational output and their names +# can be converted into the filename to test. + +my @testlists = ( + [ "4.1", "Signature Verification" ], + [ "4.1.1", "Valid Signatures Test1", 0 ], + [ "4.1.2", "Invalid CA Signature Test2", 7 ], + [ "4.1.3", "Invalid EE Signature Test3", 7 ], + [ "4.1.4", "Valid DSA Signatures Test4", 0 ], + [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], + [ "4.1.6", "Invalid DSA Signature Test6", 7 ], + [ "4.2", "Validity Periods" ], + [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], + [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], + [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], + [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], + [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], + [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], + [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], + [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], + [ "4.3", "Verifying Name Chaining" ], + [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], + [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], + [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], + [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], + [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], + [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], + [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], + [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], + [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], + [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], + [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], + [ "4.4", "Basic Certificate Revocation Tests" ], + [ "4.4.1", "Missing CRL Test1", 3 ], + [ "4.4.2", "Invalid Revoked CA Test2", 23 ], + [ "4.4.3", "Invalid Revoked EE Test3", 23 ], + [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], + [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], + [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], + [ "4.4.7", "Valid Two CRLs Test7", 0 ], + + # The test document suggests these should return certificate revoked... + # Subsquent discussion has concluded they should not due to unhandle + # critical CRL extensions. + [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], + [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], + + [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], + [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], + [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], + [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], + [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], + [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], + [ "4.4.16", "Valid Long Serial Number Test16", 0 ], + [ "4.4.17", "Valid Long Serial Number Test17", 0 ], + [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], + [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], + [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], + + # CRL path is revoked so get a CRL path validation error + [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], + [ "4.5", "Verifying Paths with Self-Issued Certificates" ], + [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], + [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], + [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], + [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], + [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], + [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], + [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], + [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], + [ "4.6", "Verifying Basic Constraints" ], + [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], + [ "4.6.2", "Invalid cA False Test2", 24 ], + [ "4.6.3", "Invalid cA False Test3", 24 ], + [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], + [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], + [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], + [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], + [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], + [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], + [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], + [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], + [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], + [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], + [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], + [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], + [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], + [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], + [ "4.7", "Key Usage" ], + [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], + [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], + [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], + [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], + [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], + + # Certificate policy tests need special handling. They can have several + # sub tests and we need to check the outputs are correct. + + [ "4.8", "Certificate Policies" ], + [ + "4.8.1.1", + "All Certificates Same Policy Test1", + "-policy anyPolicy -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.2", + "All Certificates Same Policy Test1", + "-policy $nist1 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.3", + "All Certificates Same Policy Test1", + "-policy $nist2 -explicit_policy", + "True", $nist1, "", 43 + ], + [ + "4.8.1.4", + "All Certificates Same Policy Test1", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.2.1", + "All Certificates No Policies Test2", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.8.2.2", + "All Certificates No Policies Test2", + "-policy anyPolicy -explicit_policy", + "True", "", "", 43 + ], + [ + "4.8.3.1", + "Different Policies Test3", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.8.3.2", + "Different Policies Test3", + "-policy anyPolicy -explicit_policy", + "True", "", "", 43 + ], + [ + "4.8.3.3", + "Different Policies Test3", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", "", "", 43 + ], + + [ + "4.8.4", + "Different Policies Test4", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.5", + "Different Policies Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.6.1", + "Overlapping Policies Test6", + "-policy anyPolicy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.2", + "Overlapping Policies Test6", + "-policy $nist1", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.3", + "Overlapping Policies Test6", + "-policy $nist2", + "True", $nist1, "", 43 + ], + [ + "4.8.7", + "Different Policies Test7", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.8", + "Different Policies Test8", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.9", + "Different Policies Test9", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.10.1", + "All Certificates Same Policies Test10", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.10.2", + "All Certificates Same Policies Test10", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.10.3", + "All Certificates Same Policies Test10", + "-policy anyPolicy", + "True", "$nist1:$nist2", "$nist1:$nist2", 0 + ], + [ + "4.8.11.1", + "All Certificates AnyPolicy Test11", + "-policy anyPolicy", + "True", "$apolicy", "$apolicy", 0 + ], + [ + "4.8.11.2", + "All Certificates AnyPolicy Test11", + "-policy $nist1", + "True", "$apolicy", "$nist1", 0 + ], + [ + "4.8.12", + "Different Policies Test12", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.8.13.1", + "All Certificates Same Policies Test13", + "-policy $nist1", + "True", "$nist1:$nist2:$nist3", "$nist1", 0 + ], + [ + "4.8.13.2", + "All Certificates Same Policies Test13", + "-policy $nist2", + "True", "$nist1:$nist2:$nist3", "$nist2", 0 + ], + [ + "4.8.13.3", + "All Certificates Same Policies Test13", + "-policy $nist3", + "True", "$nist1:$nist2:$nist3", "$nist3", 0 + ], + [ + "4.8.14.1", "AnyPolicy Test14", + "-policy $nist1", "True", + "$nist1", "$nist1", + 0 + ], + [ + "4.8.14.2", "AnyPolicy Test14", + "-policy $nist2", "True", + "$nist1", "", + 43 + ], + [ + "4.8.15", + "User Notice Qualifier Test15", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.16", + "User Notice Qualifier Test16", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.17", + "User Notice Qualifier Test17", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.18.1", + "User Notice Qualifier Test18", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.18.2", + "User Notice Qualifier Test18", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.19", + "User Notice Qualifier Test19", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.20", + "CPS Pointer Qualifier Test20", + "-policy anyPolicy -explicit_policy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.9", "Require Explicit Policy" ], + [ + "4.9.1", + "Valid RequireExplicitPolicy Test1", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.9.2", + "Valid RequireExplicitPolicy Test2", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.9.3", + "Invalid RequireExplicitPolicy Test3", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.9.4", + "Valid RequireExplicitPolicy Test4", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.9.5", + "Invalid RequireExplicitPolicy Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.9.6", + "Valid Self-Issued requireExplicitPolicy Test6", + "-policy anyPolicy", + "False", "", "", 0 + ], + [ + "4.9.7", + "Invalid Self-Issued requireExplicitPolicy Test7", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.9.8", + "Invalid Self-Issued requireExplicitPolicy Test8", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ "4.10", "Policy Mappings" ], + [ + "4.10.1.1", + "Valid Policy Mapping Test1", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.1.2", + "Valid Policy Mapping Test1", + "-policy $nist2", + "True", "$nist1", "", 43 + ], + [ + "4.10.1.3", + "Valid Policy Mapping Test1", + "-policy anyPolicy -inhibit_map", + "True", "", "", 43 + ], + [ + "4.10.2.1", + "Invalid Policy Mapping Test2", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.10.2.2", + "Invalid Policy Mapping Test2", + "-policy anyPolicy -inhibit_map", + "True", "", "", 43 + ], + [ + "4.10.3.1", + "Valid Policy Mapping Test3", + "-policy $nist1", + "True", "$nist2", "", 43 + ], + [ + "4.10.3.2", + "Valid Policy Mapping Test3", + "-policy $nist2", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.10.4", + "Invalid Policy Mapping Test4", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.10.5.1", + "Valid Policy Mapping Test5", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.5.2", + "Valid Policy Mapping Test5", + "-policy $nist6", + "True", "$nist1", "", 43 + ], + [ + "4.10.6.1", + "Valid Policy Mapping Test6", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.6.2", + "Valid Policy Mapping Test6", + "-policy $nist6", + "True", "$nist1", "", 43 + ], + [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], + [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], + [ + "4.10.9", + "Valid Policy Mapping Test9", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.10", + "Invalid Policy Mapping Test10", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.10.11", + "Valid Policy Mapping Test11", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.1", + "Valid Policy Mapping Test12", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.2", + "Valid Policy Mapping Test12", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.10.13", + "Valid Policy Mapping Test13", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.14", + "Valid Policy Mapping Test14", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.11", "Inhibit Policy Mapping" ], + [ + "4.11.1", + "Invalid inhibitPolicyMapping Test1", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.2", + "Valid inhibitPolicyMapping Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.3", + "Invalid inhibitPolicyMapping Test3", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.4", + "Valid inhibitPolicyMapping Test4", + "-policy anyPolicy", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.11.5", + "Invalid inhibitPolicyMapping Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.6", + "Invalid inhibitPolicyMapping Test6", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.7", + "Valid Self-Issued inhibitPolicyMapping Test7", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.8", + "Invalid Self-Issued inhibitPolicyMapping Test8", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.9", + "Invalid Self-Issued inhibitPolicyMapping Test9", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.10", + "Invalid Self-Issued inhibitPolicyMapping Test10", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.11.11", + "Invalid Self-Issued inhibitPolicyMapping Test11", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ "4.12", "Inhibit Any Policy" ], + [ + "4.12.1", + "Invalid inhibitAnyPolicy Test1", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.12.2", + "Valid inhibitAnyPolicy Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.1", + "inhibitAnyPolicy Test3", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.2", + "inhibitAnyPolicy Test3", + "-policy anyPolicy -inhibit_any", + "True", "", "", 43 + ], + [ + "4.12.4", + "Invalid inhibitAnyPolicy Test4", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.12.5", + "Invalid inhibitAnyPolicy Test5", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ + "4.12.6", + "Invalid inhibitAnyPolicy Test6", + "-policy anyPolicy", + "True", "", "", 43 + ], + [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], + [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], + [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], + [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], + [ "4.13", "Name Constraints" ], + [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], + [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], + [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], + [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], + [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], + [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], + [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], + [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], + [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], + [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], + [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], + [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], + [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], + [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], + [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], + [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], + [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], + [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], + [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], + [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], + [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], + [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], + [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], + [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], + [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], + [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], + [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], + [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], + [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], + [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], + [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], + [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], + [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], + [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], + [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], + [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], + [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], + [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], + [ "4.14", "Distribution Points" ], + [ "4.14.1", "Valid distributionPoint Test1", 0 ], + [ "4.14.2", "Invalid distributionPoint Test2", 23 ], + [ "4.14.3", "Invalid distributionPoint Test3", 44 ], + [ "4.14.4", "Valid distributionPoint Test4", 0 ], + [ "4.14.5", "Valid distributionPoint Test5", 0 ], + [ "4.14.6", "Invalid distributionPoint Test6", 23 ], + [ "4.14.7", "Valid distributionPoint Test7", 0 ], + [ "4.14.8", "Invalid distributionPoint Test8", 44 ], + [ "4.14.9", "Invalid distributionPoint Test9", 44 ], + [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], + [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], + [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], + [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], + [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], + [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], + [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], + [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], + [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], + [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], + [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], + [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], + [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], + [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], + [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], + [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], + [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], + [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], + [ "4.14.28", "Valid cRLIssuer Test28", 0 ], + [ "4.14.29", "Valid cRLIssuer Test29", 0 ], + + # Although this test is valid it has a circular dependency. As a result + # an attempt is made to reursively checks a CRL path and rejected due to + # a CRL path validation error. PKITS notes suggest this test does not + # need to be run due to this issue. + [ "4.14.30", "Valid cRLIssuer Test30", 54 ], + [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], + [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], + [ "4.14.33", "Valid cRLIssuer Test33", 0 ], + [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], + [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], + [ "4.15", "Delta-CRLs" ], + [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], + [ "4.15.2", "Valid delta-CRL Test2", 0 ], + [ "4.15.3", "Invalid delta-CRL Test3", 23 ], + [ "4.15.4", "Invalid delta-CRL Test4", 23 ], + [ "4.15.5", "Valid delta-CRL Test5", 0 ], + [ "4.15.6", "Invalid delta-CRL Test6", 23 ], + [ "4.15.7", "Valid delta-CRL Test7", 0 ], + [ "4.15.8", "Valid delta-CRL Test8", 0 ], + [ "4.15.9", "Invalid delta-CRL Test9", 23 ], + [ "4.15.10", "Invalid delta-CRL Test10", 12 ], + [ "4.16", "Private Certificate Extensions" ], + [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], + [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], +); + + +my $verbose = 1; + +my $numtest = 0; +my $numfail = 0; + +my $ossl = "ossl/apps/openssl"; + +my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; +$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; + +# Check for expiry of trust anchor +system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; +if ($? == 256) + { + print STDERR "WARNING: using older expired data\n"; + $ossl_cmd .= "-attime 1291940972 "; + } + +$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; + +system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; + +die "Can't create trust anchor file" if $?; + +print "Running PKITS tests:\n" if $verbose; + +foreach (@testlists) { + my $argnum = @$_; + if ( $argnum == 2 ) { + my ( $tnum, $title ) = @$_; + print "$tnum $title\n" if $verbose; + } + elsif ( $argnum == 3 ) { + my ( $tnum, $title, $exp_ret ) = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $test_fail = 0; + my $errmsg = ""; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; + my $cmdout = `$cmd`; + $ret = $? >> 8; + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + if ( $exp_ret != $ret ) { + $errmsg .= "Return code:$ret, "; + $errmsg .= "expected $exp_ret\n"; + $test_fail = 1; + } + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print $errmsg; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } + elsif ( $argnum == 7 ) { + my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) + = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $cmdout = ""; + my $errmsg = ""; + my $epol = ""; + my $aset = ""; + my $uset = ""; + my $pol = -1; + my $test_fail = 0; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; + @oparr = `$cmd`; + $ret = $? >> 8; + + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + foreach (@oparr) { + my $test_failed = 0; + $cmdout .= $_; + if (/^Require explicit Policy: (.*)$/) { + $epol = $1; + } + if (/^Authority Policies/) { + if (/empty/) { + $aset = ""; + } + else { + $pol = 1; + } + } + $test_fail = 1 if (/leak/i); + if (/^User Policies/) { + if (/empty/) { + $uset = ""; + } + else { + $pol = 2; + } + } + if (/\s+Policy: (.*)$/) { + if ( $pol == 1 ) { + $aset .= ":" if $aset ne ""; + $aset .= $1; + } + elsif ( $pol == 2 ) { + $uset .= ":" if $uset ne ""; + $uset .= $1; + } + } + } + + if ( $epol ne $exp_epol ) { + $errmsg .= "Explicit policy:$epol, "; + $errmsg .= "expected $exp_epol\n"; + $test_fail = 1; + } + if ( $aset ne $exp_aset ) { + $errmsg .= "Authority policy set :$aset, "; + $errmsg .= "expected $exp_aset\n"; + $test_fail = 1; + } + if ( $uset ne $exp_uset ) { + $errmsg .= "User policy set :$uset, "; + $errmsg .= "expected $exp_uset\n"; + $test_fail = 1; + } + + if ( $exp_ret != $ret ) { + print "Return code:$ret, expected $exp_ret\n"; + $test_fail = 1; + } + + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } +} + +if ($numfail) { + print "$numfail tests failed out of $numtest\n"; +} +else { + print "All Tests Successful.\n"; +} + +unlink "pkitsta.pem"; + diff --git a/test/r160test.c b/test/r160test.c new file mode 100644 index 0000000..a172e39 --- /dev/null +++ b/test/r160test.c @@ -0,0 +1,57 @@ +/* test/r160test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ diff --git a/test/randtest.c b/test/randtest.c new file mode 120000 index 0000000..a2b107a --- /dev/null +++ b/test/randtest.c @@ -0,0 +1 @@ +../crypto/rand/randtest.c \ No newline at end of file diff --git a/test/rc2test.c b/test/rc2test.c new file mode 120000 index 0000000..5c53ad9 --- /dev/null +++ b/test/rc2test.c @@ -0,0 +1 @@ +../crypto/rc2/rc2test.c \ No newline at end of file diff --git a/test/rc4test.c b/test/rc4test.c new file mode 120000 index 0000000..061ac37 --- /dev/null +++ b/test/rc4test.c @@ -0,0 +1 @@ +../crypto/rc4/rc4test.c \ No newline at end of file diff --git a/test/rc5test.c b/test/rc5test.c new file mode 120000 index 0000000..49f44f8 --- /dev/null +++ b/test/rc5test.c @@ -0,0 +1 @@ +dummytest.c \ No newline at end of file diff --git a/test/rmdtest.c b/test/rmdtest.c new file mode 120000 index 0000000..ce66460 --- /dev/null +++ b/test/rmdtest.c @@ -0,0 +1 @@ +../crypto/ripemd/rmdtest.c \ No newline at end of file diff --git a/test/rsa_test.c b/test/rsa_test.c new file mode 120000 index 0000000..aaea20d --- /dev/null +++ b/test/rsa_test.c @@ -0,0 +1 @@ +../crypto/rsa/rsa_test.c \ No newline at end of file diff --git a/test/sha1test.c b/test/sha1test.c new file mode 120000 index 0000000..8d66e9e --- /dev/null +++ b/test/sha1test.c @@ -0,0 +1 @@ +../crypto/sha/sha1test.c \ No newline at end of file diff --git a/test/sha256t.c b/test/sha256t.c new file mode 120000 index 0000000..952a508 --- /dev/null +++ b/test/sha256t.c @@ -0,0 +1 @@ +../crypto/sha/sha256t.c \ No newline at end of file diff --git a/test/sha512t.c b/test/sha512t.c new file mode 120000 index 0000000..c80d152 --- /dev/null +++ b/test/sha512t.c @@ -0,0 +1 @@ +../crypto/sha/sha512t.c \ No newline at end of file diff --git a/test/shatest.c b/test/shatest.c new file mode 120000 index 0000000..43cfda7 --- /dev/null +++ b/test/shatest.c @@ -0,0 +1 @@ +../crypto/sha/shatest.c \ No newline at end of file diff --git a/test/smcont.txt b/test/smcont.txt new file mode 100644 index 0000000..e837c0b --- /dev/null +++ b/test/smcont.txt @@ -0,0 +1 @@ +Some test content for OpenSSL CMS \ No newline at end of file diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem new file mode 100644 index 0000000..d5677db --- /dev/null +++ b/test/smime-certs/smdsa1.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd +YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 +C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx +9fMUZq1v0ePD4Wo0Xkxo +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN +CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M +7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG +h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU +4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput +aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV +c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO +kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 +phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n +hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem new file mode 100644 index 0000000..ef86c11 --- /dev/null +++ b/test/smime-certs/smdsa2.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v +It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ +VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 +Nf8SimTZYB0/CKje6M5ufA== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA +g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm +6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs +j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE +FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab +rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB +FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF +FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l +6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 +jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem new file mode 100644 index 0000000..eeb848d --- /dev/null +++ b/test/smime-certs/smdsa3.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 +GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju +TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g +Y+XZd0Sv69CatDIRYWvaIA== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj +M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz +aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ +pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU +VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput +aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV +c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m +k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu +rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 +OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsap.pem b/test/smime-certs/smdsap.pem new file mode 100644 index 0000000..249706c --- /dev/null +++ b/test/smime-certs/smdsap.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG +Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA +gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d +qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv +Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO +GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB +Qw5z +-----END DSA PARAMETERS----- diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem new file mode 100644 index 0000000..a59eb26 --- /dev/null +++ b/test/smime-certs/smroot.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki +9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ +speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB +AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY +JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 +xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ +U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS +Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO +1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 +3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a +3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN +U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 +0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU +ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF +9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk +81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O +BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX +dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS +l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp +r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem new file mode 100644 index 0000000..2cf3148 --- /dev/null +++ b/test/smime-certs/smrsa1.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E +ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 +JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB +AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i +KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl +JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn +xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf +KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY +Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW +h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg +oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f +QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 +SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl +ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ +yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD +VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi +O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj +9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC +I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem new file mode 100644 index 0000000..d41f69c --- /dev/null +++ b/test/smime-certs/smrsa2.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe +59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT +WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB +AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 ++rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q +dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx +bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 +QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS +M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY +iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex +A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 +jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG +6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ +eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 +00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD +VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 +rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe +ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 +YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem new file mode 100644 index 0000000..c8cbe55 --- /dev/null +++ b/test/smime-certs/smrsa3.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy +ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM +h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB +AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi +iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT +/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p +ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC +hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs +OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj +RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T +9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 +GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd +VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z +Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H +Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD +VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE +tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq +jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ +PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== +-----END CERTIFICATE----- diff --git a/test/srptest.c b/test/srptest.c new file mode 120000 index 0000000..9534868 --- /dev/null +++ b/test/srptest.c @@ -0,0 +1 @@ +../crypto/srp/srptest.c \ No newline at end of file diff --git a/test/ssltest.c b/test/ssltest.c new file mode 120000 index 0000000..40191f0 --- /dev/null +++ b/test/ssltest.c @@ -0,0 +1 @@ +../ssl/ssltest.c \ No newline at end of file diff --git a/test/tcrl b/test/tcrl new file mode 100644 index 0000000..055269e --- /dev/null +++ b/test/tcrl @@ -0,0 +1,78 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl crl' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testcrl.pem +fi + +echo testing crl conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tcrl.com b/test/tcrl.com new file mode 100644 index 0000000..dd96a2b --- /dev/null +++ b/test/tcrl.com @@ -0,0 +1,88 @@ +$! TCRL.COM -- Tests crl keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl crl" +$ +$ t = "testcrl.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing CRL conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/test.cnf b/test/test.cnf new file mode 100644 index 0000000..1083444 --- /dev/null +++ b/test/test.cnf @@ -0,0 +1,88 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/new_certs # default place for new certs. + +certificate = $dir/CAcert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/CAkey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = testkey.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Queensland +stateOrProvinceName_value = + +localityName = Locality Name (eg, city) +localityName_value = Brisbane + +organizationName = Organization Name (eg, company) +organizationName_default = +organizationName_value = CryptSoft Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = +organizationalUnitName_value = . + +commonName = Common Name (eg, YOUR name) +commonName_value = Eric Young + +emailAddress = Email Address +emailAddress_value = eay@mincom.oz.au diff --git a/test/test_padlock b/test/test_padlock new file mode 100755 index 0000000..5c0f210 --- /dev/null +++ b/test/test_padlock @@ -0,0 +1,64 @@ +#!/bin/sh + +PROG=$1 + +if [ -x $PROG ]; then + if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then + : + else + echo "$PROG is not OpenSSL executable" + exit 1 + fi +else + echo "$PROG is not executable" + exit 1; +fi + +if $PROG engine padlock | grep -v no-ACE; then + + HASH=`cat $PROG | $PROG dgst -hex` + + ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ + aes-128-cbc aes-192-cbc aes-256-cbc \ + aes-128-cfb aes-192-cfb aes-256-cfb \ + aes-128-ofb aes-192-ofb aes-256-ofb" + + nerr=0 + + for alg in $ACE_ALGS; do + echo $alg + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ + $PROG enc -d -k "$HASH" -$alg | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg encrypt test failed" + nerr=`expr $nerr + 1` + fi + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg | \ + $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg decrypt test failed" + nerr=`expr $nerr + 1` + fi + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -engine padlock | \ + $PROG enc -d -k "$HASH" -$alg -engine padlock | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg en/decrypt test failed" + nerr=`expr $nerr + 1` + fi + done + + if [ $nerr -gt 0 ]; then + echo "PadLock ACE test failed." + exit 1; + fi +else + echo "PadLock ACE is not available" +fi + +exit 0 diff --git a/test/testca b/test/testca new file mode 100644 index 0000000..b109cfe --- /dev/null +++ b/test/testca @@ -0,0 +1,51 @@ +#!/bin/sh + +SH="/bin/sh" +if test "$OSTYPE" = msdosdjgpp; then + PATH="../apps\;$PATH" +else + PATH="../apps:$PATH" +fi +export SH PATH + +SSLEAY_CONFIG="-config CAss.cnf" +export SSLEAY_CONFIG + +OPENSSL="`pwd`/../util/opensslwrap.sh" +export OPENSSL + +/bin/rm -fr demoCA +$SH ../apps/CA.sh -newca <$test; + +echo cat +$cmd enc < $test > $test.cipher +$cmd enc < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi +echo base64 +$cmd enc -a -e < $test > $test.cipher +$cmd enc -a -d < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi + +for i in `$cmd list-cipher-commands` +do + echo $i + $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi + + echo $i base64 + $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi +done +rm -f $test diff --git a/test/testenc.com b/test/testenc.com new file mode 100644 index 0000000..75acd6f --- /dev/null +++ b/test/testenc.com @@ -0,0 +1,66 @@ +$! TESTENC.COM -- Test encoding and decoding +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" +$ +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ testsrc = "makefile." +$ test = "p.txt" +$ cmd = "mcr ''exe_dir'openssl" +$ +$ if f$search(test) .nes. "" then delete 'test';* +$ convert/fdl=sys$input: 'testsrc' 'test' +RECORD + FORMAT STREAM_LF +$ +$ if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;* +$ if f$search(test+"-clear") .nes. "" then delete 'test'-clear;* +$ +$ write sys$output "cat" +$ 'cmd' enc -in 'test' -out 'test'-cipher +$ 'cmd' enc -in 'test'-cipher -out 'test'-clear +$ backup/compare 'test' 'test'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-cipher;*,'test'-clear;* +$ +$ write sys$output "base64" +$ 'cmd' enc -a -e -in 'test' -out 'test'-cipher +$ 'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear +$ backup/compare 'test' 'test'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-cipher;*,'test'-clear;* +$ +$ define/user sys$output 'test'-cipher-commands +$ 'cmd' list-cipher-commands +$ open/read f 'test'-cipher-commands +$ loop_cipher_commands: +$ read/end=loop_cipher_commands_end f i +$ write sys$output i +$ +$ if f$search(test+"-"+i+"-cipher") .nes. "" then - + delete 'test'-'i'-cipher;* +$ if f$search(test+"-"+i+"-clear") .nes. "" then - + delete 'test'-'i'-clear;* +$ +$ 'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher +$ 'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear +$ backup/compare 'test' 'test'-'i'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* +$ +$ write sys$output i," base64" +$ 'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher +$ 'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear +$ backup/compare 'test' 'test'-'i'-clear +$ if $severity .ne. 1 then exit 3 +$ delete 'test'-'i'-cipher;*,'test'-'i'-clear;* +$ +$ goto loop_cipher_commands +$ loop_cipher_commands_end: +$ close f +$ delete 'test'-cipher-commands;* +$ delete 'test';* diff --git a/test/testfipsssl b/test/testfipsssl new file mode 100644 index 0000000..c4836ed --- /dev/null +++ b/test/testfipsssl @@ -0,0 +1,113 @@ +#!/bin/sh + +if [ "$1" = "" ]; then + key=../apps/server.pem +else + key="$1" +fi +if [ "$2" = "" ]; then + cert=../apps/server.pem +else + cert="$2" +fi + +ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA" + +ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers" + +if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then + dsa_cert=YES +else + dsa_cert=NO +fi + +if [ "$3" = "" ]; then + CA="-CApath ../certs" +else + CA="-CAfile $3" +fi + +if [ "$4" = "" ]; then + extra="" +else + extra="$4" +fi + +############################################################################# + +echo test ssl3 is forbidden in FIPS mode +$ssltest -ssl3 $extra && exit 1 + +echo test ssl2 is forbidden in FIPS mode +$ssltest -ssl2 $extra && exit 1 + +echo test tls1 +$ssltest -tls1 $extra || exit 1 + +echo test tls1 with server authentication +$ssltest -tls1 -server_auth $CA $extra || exit 1 + +echo test tls1 with client authentication +$ssltest -tls1 -client_auth $CA $extra || exit 1 + +echo test tls1 with both client and server authentication +$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1 + +echo test tls1 via BIO pair +$ssltest -bio_pair -tls1 $extra || exit 1 + +echo test tls1 with server authentication via BIO pair +$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1 + +echo test tls1 with client authentication via BIO pair +$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1 + +echo test tls1 with both client and server authentication via BIO pair +$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1 + +# note that all the below actually choose TLS... + +if [ $dsa_cert = NO ]; then + echo test sslv2/sslv3 w/o DHE via BIO pair + $ssltest -bio_pair -no_dhe $extra || exit 1 +fi + +echo test sslv2/sslv3 with 1024bit DHE via BIO pair +$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 + +echo test sslv2/sslv3 with server authentication +$ssltest -bio_pair -server_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with client authentication via BIO pair +$ssltest -bio_pair -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair +$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify +$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 + +############################################################################# + +if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo skipping anonymous DH tests +else + echo test tls1 with 1024bit anonymous DH, multiple handshakes + $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 +fi + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then + echo skipping RSA tests +else + echo test tls1 with 1024bit RSA, no DHE, multiple handshakes + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 + + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo skipping RSA+DHE tests + else + echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + fi +fi + +exit 0 diff --git a/test/testgen b/test/testgen new file mode 100644 index 0000000..524c0d1 --- /dev/null +++ b/test/testgen @@ -0,0 +1,44 @@ +#!/bin/sh + +T=testcert +KEY=512 +CA=../certs/testca.pem + +/bin/rm -f $T.1 $T.2 $T.key + +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH; +else + PATH=../apps:$PATH; +fi +export PATH + +echo "generating certificate request" + +echo "string to make the random number generator think it has entropy" >> ./.rnd + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then + req_new='-newkey dsa:../apps/dsa512.pem' +else + req_new='-new' + echo "There should be a 2 sequences of .'s and some +'s." + echo "There should not be more that at most 80 per line" +fi + +echo "This could take some time." + +rm -f testkey.pem testreq.pem + +../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem +if [ $? != 0 ]; then +echo problems creating request +exit 1 +fi + +../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout +if [ $? != 0 ]; then +echo signature on req is wrong +exit 1 +fi + +exit 0 diff --git a/test/testgen.com b/test/testgen.com new file mode 100644 index 0000000..e076da2 --- /dev/null +++ b/test/testgen.com @@ -0,0 +1,58 @@ +$! TESTGEN.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$ if (p1 .eqs. 64) then __arch = __arch+ "_64" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ T = "testcert" +$ KEY = 512 +$ CA = "[-.certs]testca.pem" +$ +$ set noon +$ if f$search(T+".1;*") .nes. "" then delete 'T'.1;* +$ if f$search(T+".2;*") .nes. "" then delete 'T'.2;* +$ if f$search(T+".key;*") .nes. "" then delete 'T'.key;* +$ set on +$ +$ write sys$output "generating certificate request" +$ +$ append/new nl: .rnd +$ open/append random_file .rnd +$ write random_file - + "string to make the random number generator think it has entropy" +$ close random_file +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ write sys$output - + "There should be a 2 sequences of .'s and some +'s." +$ write sys$output - + "There should not be more that at most 80 per line" +$ endif +$ +$ write sys$output "This could take some time." +$ +$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem +$ if $severity .ne. 1 +$ then +$ write sys$output "problems creating request" +$ exit 3 +$ endif +$ +$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout +$ if $severity .ne. 1 +$ then +$ write sys$output "signature on req is wrong" +$ exit 3 +$ endif diff --git a/test/testp7.pem b/test/testp7.pem new file mode 100644 index 0000000..e5b7866 --- /dev/null +++ b/test/testp7.pem @@ -0,0 +1,46 @@ +-----BEGIN PKCS7----- +MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE +cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw +DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV +BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw +HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 +ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln +biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E +aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy +aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M +VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq +UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC +AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR +BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 +ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 +IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l +bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t +L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t +OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s +IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 +ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 +cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ +QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC +MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu +AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr +cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC +AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD +QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu +dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp +Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES +TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE +AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD +2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU +47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT +MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD +QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB +AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl +ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE +BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW +ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 +MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW +sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 +XfZsaiiIgotQHjEA +-----END PKCS7----- diff --git a/test/testreq2.pem b/test/testreq2.pem new file mode 100644 index 0000000..c3cdcff --- /dev/null +++ b/test/testreq2.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG +DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq +hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi +gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= +-----END CERTIFICATE REQUEST----- diff --git a/test/testrsa.pem b/test/testrsa.pem new file mode 100644 index 0000000..aad2106 --- /dev/null +++ b/test/testrsa.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I +Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R +rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy +oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S +mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz +rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA +mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= +-----END RSA PRIVATE KEY----- diff --git a/test/tests.com b/test/tests.com new file mode 100644 index 0000000..39a7bfa --- /dev/null +++ b/test/tests.com @@ -0,0 +1,387 @@ +$! TESTS.COM -- Performs the necessary tests +$! +$! P1 tests to be performed. Empty means all. +$! P2 Pointer size: "", "32", or "64". +$! +$! Announce/identify. +$! +$ proc = f$environment( "procedure") +$ write sys$output "@@@ "+ - + f$parse( proc, , , "name")+ f$parse( proc, , , "type") +$! +$ __proc = f$element(0,";",f$environment("procedure")) +$ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" +$ __save_default = f$environment("default") +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ __archd = __arch +$ pointer_size = "" +$ if (p2 .eq. "64") +$ then +$ pointer_size = "64" +$ __archd = __arch+ "_64" +$ endif +$! +$ texe_dir := sys$disk:[-.'__archd'.exe.test] +$ exe_dir := sys$disk:[-.'__archd'.exe.apps] +$ +$ set default '__here' +$ +$ ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" +$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") +$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - + - ".][000000" - "[000000." - "][" - "[" - "]" +$ ROOT = ROOT_DEV + "[" + ROOT_DIR +$ DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC +$ openssl_conf := sslroot:[000000]openssl-vms.cnf +$ +$ on control_y then goto exit +$ on error then goto exit +$ +$ if p1 .nes. "" +$ then +$ tests = p1 +$ else +$! NOTE: This list reflects the list of dependencies following the +$! "alltests" target in Makefile. This should make it easy to see +$! if there's a difference that needs to be taken care of. +$ tests := - + test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- + test_md2,test_mdc2,test_wp,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- + test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- + test_enc,test_x509,test_rsa,test_crl,test_sid,- + test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- + test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,- + test_jpake,test_srp,test_cms,test_heartbeat,test_constant_time +$ endif +$ tests = f$edit(tests,"COLLAPSE") +$ +$ BNTEST := bntest +$ ECTEST := ectest +$ ECDSATEST := ecdsatest +$ ECDHTEST := ecdhtest +$ EXPTEST := exptest +$ IDEATEST := ideatest +$ SHATEST := shatest +$ SHA1TEST := sha1test +$ SHA256TEST := sha256t +$ SHA512TEST := sha512t +$ MDC2TEST := mdc2test +$ RMDTEST := rmdtest +$ MD2TEST := md2test +$ MD4TEST := md4test +$ MD5TEST := md5test +$ HMACTEST := hmactest +$ WPTEST := wp_test +$ RC2TEST := rc2test +$ RC4TEST := rc4test +$ RC5TEST := rc5test +$ BFTEST := bftest +$ CASTTEST := casttest +$ DESTEST := destest +$ RANDTEST := randtest +$ DHTEST := dhtest +$ DSATEST := dsatest +$ METHTEST := methtest +$ SSLTEST := ssltest +$ RSATEST := rsa_test +$ ENGINETEST := enginetest +$ EVPTEST := evp_test +$ IGETEST := igetest +$ JPAKETEST := jpaketest +$ SRPTEST := srptest +$ ASN1TEST := asn1test +$ HEARTBEATTEST := heartbeat_test +$ CONSTTIMETEST := constant_time_test +$! +$ tests_i = 0 +$ loop_tests: +$ tests_e = f$element(tests_i,",",tests) +$ tests_i = tests_i + 1 +$ if tests_e .eqs. "," then goto exit +$ write sys$output "---> ''tests_e'" +$ gosub 'tests_e' +$ goto loop_tests +$ +$ test_evp: +$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt +$ return +$ test_des: +$ mcr 'texe_dir''destest' +$ return +$ test_idea: +$ mcr 'texe_dir''ideatest' +$ return +$ test_sha: +$ mcr 'texe_dir''shatest' +$ mcr 'texe_dir''sha1test' +$ mcr 'texe_dir''sha256test' +$ mcr 'texe_dir''sha512test' +$ return +$ test_mdc2: +$ mcr 'texe_dir''mdc2test' +$ return +$ test_md5: +$ mcr 'texe_dir''md5test' +$ return +$ test_md4: +$ mcr 'texe_dir''md4test' +$ return +$ test_hmac: +$ mcr 'texe_dir''hmactest' +$ return +$ test_wp: +$ mcr 'texe_dir''wptest' +$ return +$ test_md2: +$ mcr 'texe_dir''md2test' +$ return +$ test_rmd: +$ mcr 'texe_dir''rmdtest' +$ return +$ test_bf: +$ mcr 'texe_dir''bftest' +$ return +$ test_cast: +$ mcr 'texe_dir''casttest' +$ return +$ test_rc2: +$ mcr 'texe_dir''rc2test' +$ return +$ test_rc4: +$ mcr 'texe_dir''rc4test' +$ return +$ test_rc5: +$ mcr 'texe_dir''rc5test' +$ return +$ test_rand: +$ mcr 'texe_dir''randtest' +$ return +$ test_enc: +$ @testenc.com 'pointer_size' +$ return +$ test_x509: +$ set noon +$ define sys$error test_x509.err +$ write sys$output "test normal x509v1 certificate" +$ @tx509.com "" 'pointer_size' +$ write sys$output "test first x509v3 certificate" +$ @tx509.com v3-cert1.pem 'pointer_size' +$ write sys$output "test second x509v3 certificate" +$ @tx509.com v3-cert2.pem 'pointer_size' +$ deassign sys$error +$ set on +$ return +$ test_rsa: +$ set noon +$ define sys$error test_rsa.err +$ @trsa.com "" 'pointer_size' +$ deassign sys$error +$ mcr 'texe_dir''rsatest' +$ set on +$ return +$ test_crl: +$ set noon +$ define sys$error test_crl.err +$ @tcrl.com "" 'pointer_size' +$ deassign sys$error +$ set on +$ return +$ test_sid: +$ set noon +$ define sys$error test_sid.err +$ @tsid.com "" 'pointer_size' +$ deassign sys$error +$ set on +$ return +$ test_req: +$ set noon +$ define sys$error test_req.err +$ @treq.com "" 'pointer_size' +$ @treq.com testreq2.pem 'pointer_size' +$ deassign sys$error +$ set on +$ return +$ test_pkcs7: +$ set noon +$ define sys$error test_pkcs7.err +$ @tpkcs7.com "" 'pointer_size' +$ @tpkcs7d.com "" 'pointer_size' +$ deassign sys$error +$ set on +$ return +$ test_bn: +$ write sys$output - + "starting big number library test, could take a while..." +$ set noon +$ define sys$error test_bn.err +$ define sys$output test_bn.out +$ @ bctest.com +$ status = $status +$ deassign sys$error +$ deassign sys$output +$ set on +$ if (status) +$ then +$ create /fdl = sys$input bntest-vms.tmp +FILE + ORGANIZATION sequential +RECORD + FORMAT stream_lf +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ define /user_mode sys$input bntest-vms.tmp +$ define /user_mode sys$output bntest-vms.out +$ bc +$ @ bntest.com bntest-vms.out +$ status = $status +$ if (status) +$ then +$ delete bntest-vms.out;* +$ delete bntest-vms.tmp;* +$ endif +$ else +$ create /fdl = sys$input bntest-vms.sh +FILE + ORGANIZATION sequential +RECORD + FORMAT stream_lf +$ open /append bntest_file bntest-vms.sh +$ type /output = bntest_file sys$input: +<< __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while () {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"' +$ define /user_mode sys$output bntest-vms.tmp +$ mcr 'texe_dir''bntest' +$ copy bntest-vms.tmp bntest_file +$ delete bntest-vms.tmp;* +$ type /output = bntest_file sys$input: +__FOO__ +$ close bntest_file +$ write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and" +$ write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations" +$ write sys$output "-- went well." +$ write sys$output "" +$ endif +$ write sys$output "test a^b%c implementations" +$ mcr 'texe_dir''exptest' +$ return +$ test_ec: +$ write sys$output "test elliptic curves" +$ mcr 'texe_dir''ectest' +$ return +$ test_ecdsa: +$ write sys$output "test ecdsa" +$ mcr 'texe_dir''ecdsatest' +$ return +$ test_ecdh: +$ write sys$output "test ecdh" +$ mcr 'texe_dir''ecdhtest' +$ return +$ test_verify: +$ write sys$output "The following command should have some OK's and some failures" +$ write sys$output "There are definitly a few expired certificates" +$ @tverify.com 'pointer_size' +$ return +$ test_dh: +$ write sys$output "Generate a set of DH parameters" +$ mcr 'texe_dir''dhtest' +$ return +$ test_dsa: +$ write sys$output "Generate a set of DSA parameters" +$ mcr 'texe_dir''dsatest' +$ return +$ test_gen: +$ write sys$output "Generate and verify a certificate request" +$ @testgen.com 'pointer_size' +$ return +$ maybe_test_ss: +$ testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT")) +$ if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then - + goto test_ss +$ if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then - + goto test_ss +$ if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then - + goto test_ss +$ return +$ test_ss: +$ write sys$output "Generate and certify a test certificate" +$ @testss.com 'pointer_size' +$ return +$ test_engine: +$ write sys$output "Manipulate the ENGINE structures" +$ mcr 'texe_dir''enginetest' +$ return +$ test_ssl: +$ write sys$output "test SSL protocol" +$ gosub maybe_test_ss +$ @testssl.com keyU.ss certU.ss certCA.ss 'pointer_size' +$ return +$ test_ca: +$ set noon +$ define /user_mode sys$output test_ca.out +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping CA.com test -- requires RSA" +$ else +$ write sys$output "Generate and certify a test certificate via the 'ca' program" +$ @testca.com 'pointer_size' +$ endif +$ return +$ test_aes: +$! write sys$output "test AES" +$! !mcr 'texe_dir''aestest' +$ return +$ test_tsa: +$ set noon +$ define /user_mode sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping testtsa.com test -- requires RSA" +$ else +$ @testtsa.com "" "" "" 'pointer_size' +$ endif +$ return +$ test_ige: +$ write sys$output "Test IGE mode" +$ mcr 'texe_dir''igetest' +$ return +$ test_jpake: +$ write sys$output "Test JPAKE" +$ mcr 'texe_dir''jpaketest' +$ return +$ test_cms: +$ write sys$output "CMS consistency test" +$ ! Define the logical name used to find openssl.exe in the perl script. +$ define /user_mode osslx 'exe_dir' +$ perl CMS-TEST.PL +$ return +$ test_srp: +$ write sys$output "Test SRP" +$ mcr 'texe_dir''srptest' +$ return +$ test_heartbeat: +$ write sys$output "Test HEARTBEAT" +$ mcr 'texe_dir''heartbeattest' +$ return +$ test_constant_time: +$ write sys$output "Test constant time utilities" +$ mcr 'texe_dir''consttimetest' +$ return +$ +$ +$ exit: +$ on error then goto exit2 ! In case openssl.exe didn't build. +$ mcr 'exe_dir'openssl version -a +$ exit2: +$ set default '__save_default' +$ deassign sslroot +$ exit diff --git a/test/testsid.pem b/test/testsid.pem new file mode 100644 index 0000000..7ffd008 --- /dev/null +++ b/test/testsid.pem @@ -0,0 +1,12 @@ +-----BEGIN SSL SESSION PARAMETERS----- +MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV +bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw +ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz +YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG +A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk +LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G +CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD +TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI +hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L +CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0 +-----END SSL SESSION PARAMETERS----- diff --git a/test/testss b/test/testss new file mode 100644 index 0000000..1a42685 --- /dev/null +++ b/test/testss @@ -0,0 +1,163 @@ +#!/bin/sh + +digest='-sha1' +reqcmd="../util/shlib_wrap.sh ../apps/openssl req" +x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" +verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" +dummycnf="../apps/openssl.cnf" + +CAkey="keyCA.ss" +CAcert="certCA.ss" +CAreq="reqCA.ss" +CAconf="CAss.cnf" +CAreq2="req2CA.ss" # temp + +Uconf="Uss.cnf" +Ukey="keyU.ss" +Ureq="reqU.ss" +Ucert="certU.ss" + +P1conf="P1ss.cnf" +P1key="keyP1.ss" +P1req="reqP1.ss" +P1cert="certP1.ss" +P1intermediate="tmp_intP1.ss" + +P2conf="P2ss.cnf" +P2key="keyP2.ss" +P2req="reqP2.ss" +P2cert="certP2.ss" +P2intermediate="tmp_intP2.ss" + +echo +echo "make a certificate request using 'req'" + +echo "string to make the random number generator think it has entropy" >> ./.rnd + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then + req_new='-newkey dsa:../apps/dsa512.pem' +else + req_new='-new' +fi + +$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a certificate request" + exit 1 +fi +echo +echo "convert the certificate request into a self signed certificate using 'x509'" +$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to self sign a certificate request" + exit 1 +fi + +echo +echo "convert a certificate into a certificate request using 'x509'" +$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' convert a certificate to a certificate request" + exit 1 +fi + +$reqcmd -config $dummycnf -verify -in $CAreq -noout +if [ $? != 0 ]; then + echo first generated request is invalid + exit 1 +fi + +$reqcmd -config $dummycnf -verify -in $CAreq2 -noout +if [ $? != 0 ]; then + echo second generated request is invalid + exit 1 +fi + +$verifycmd -CAfile $CAcert $CAcert +if [ $? != 0 ]; then + echo first generated cert is invalid + exit 1 +fi + +echo +echo "make a user certificate request using 'req'" +$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a user certificate request" + exit 1 +fi + +echo +echo "sign user certificate request with the just created CA via 'x509'" +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a user certificate request" + exit 1 +fi + +$verifycmd -CAfile $CAcert $Ucert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert + +echo +echo "make a proxy certificate request using 'req'" +$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a proxy certificate request" + exit 1 +fi + +echo +echo "sign proxy certificate request with the just created user certificate via 'x509'" +$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a proxy certificate request" + exit 1 +fi + +cat $Ucert > $P1intermediate +$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert + +echo +echo "make another proxy certificate request using 'req'" +$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate another proxy certificate request" + exit 1 +fi + +echo +echo "sign second proxy certificate request with the first proxy certificate via 'x509'" +$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a second proxy certificate request" + exit 1 +fi + +cat $Ucert $P1cert > $P2intermediate +$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert + +echo +echo The generated CA certificate is $CAcert +echo The generated CA private key is $CAkey + +echo The generated user certificate is $Ucert +echo The generated user private key is $Ukey + +echo The first generated proxy certificate is $P1cert +echo The first generated proxy private key is $P1key + +echo The second generated proxy certificate is $P2cert +echo The second generated proxy private key is $P2key + +/bin/rm err.ss +#/bin/rm $P1intermediate +#/bin/rm $P2intermediate +exit 0 diff --git a/test/testss.com b/test/testss.com new file mode 100644 index 0000000..32a74d0 --- /dev/null +++ b/test/testss.com @@ -0,0 +1,123 @@ +$! TESTSS.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ digest="-md5" +$ reqcmd = "mcr ''exe_dir'openssl req" +$ x509cmd = "mcr ''exe_dir'openssl x509 ''digest'" +$ verifycmd = "mcr ''exe_dir'openssl verify" +$ dummycnf = "sys$disk:[-.apps]openssl-vms.cnf" +$ +$ CAkey="""keyCA.ss""" +$ CAcert="""certCA.ss""" +$ CAreq="""reqCA.ss""" +$ CAconf="""CAss.cnf""" +$ CAreq2="""req2CA.ss""" ! temp +$ +$ Uconf="""Uss.cnf""" +$ Ukey="""keyU.ss""" +$ Ureq="""reqU.ss""" +$ Ucert="""certU.ss""" +$ +$ write sys$output "" +$ write sys$output "make a certificate request using 'req'" +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ endif +$ +$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'req' to generate a certificate request" +$ exit 3 +$ endif +$ write sys$output "" +$ write sys$output "convert the certificate request into a self signed certificate using 'x509'" +$ define /user sys$output err.ss +$ 'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'x509' to self sign a certificate request" +$ exit 3 +$ endif +$ +$ write sys$output "" +$ write sys$output "convert a certificate into a certificate request using 'x509'" +$ define /user sys$output err.ss +$ 'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'x509' convert a certificate to a certificate request" +$ exit 3 +$ endif +$ +$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout +$ if $severity .ne. 1 +$ then +$ write sys$output "first generated request is invalid" +$ exit 3 +$ endif +$ +$ 'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout +$ if $severity .ne. 1 +$ then +$ write sys$output "second generated request is invalid" +$ exit 3 +$ endif +$ +$ 'verifycmd' "-CAfile" 'CAcert' 'CAcert' +$ if $severity .ne. 1 +$ then +$ write sys$output "first generated cert is invalid" +$ exit 3 +$ endif +$ +$ write sys$output "" +$ write sys$output "make another certificate request using 'req'" +$ define /user sys$output err.ss +$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'req' to generate a certificate request" +$ exit 3 +$ endif +$ +$ write sys$output "" +$ write sys$output "sign certificate request with the just created CA via 'x509'" +$ define /user sys$output err.ss +$ 'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey' +$ if $severity .ne. 1 +$ then +$ write sys$output "error using 'x509' to sign a certificate request" +$ exit 3 +$ endif +$ +$ 'verifycmd' "-CAfile" 'CAcert' 'Ucert' +$ write sys$output "" +$ write sys$output "Certificate details" +$ 'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert' +$ +$ write sys$output "" +$ write sys$output "The generated CA certificate is ",CAcert +$ write sys$output "The generated CA private key is ",CAkey +$ +$ write sys$output "The generated user certificate is ",Ucert +$ write sys$output "The generated user private key is ",Ukey +$ +$ if f$search("err.ss;*") .nes. "" then delete err.ss;* diff --git a/test/testssl b/test/testssl new file mode 100644 index 0000000..9fb89a3 --- /dev/null +++ b/test/testssl @@ -0,0 +1,184 @@ +#!/bin/sh + +if [ "$1" = "" ]; then + key=../apps/server.pem +else + key="$1" +fi +if [ "$2" = "" ]; then + cert=../apps/server.pem +else + cert="$2" +fi +ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" + +if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then + dsa_cert=YES +else + dsa_cert=NO +fi + +if [ "$3" = "" ]; then + CA="-CApath ../certs" +else + CA="-CAfile $3" +fi + +if [ "$4" = "" ]; then + extra="" +else + extra="$4" +fi + +############################################################################# + +echo test sslv2 +$ssltest -ssl2 $extra || exit 1 + +echo test sslv2 with server authentication +$ssltest -ssl2 -server_auth $CA $extra || exit 1 + +if [ $dsa_cert = NO ]; then + echo test sslv2 with client authentication + $ssltest -ssl2 -client_auth $CA $extra || exit 1 + + echo test sslv2 with both client and server authentication + $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 +fi + +echo test sslv3 +$ssltest -ssl3 $extra || exit 1 + +echo test sslv3 with server authentication +$ssltest -ssl3 -server_auth $CA $extra || exit 1 + +echo test sslv3 with client authentication +$ssltest -ssl3 -client_auth $CA $extra || exit 1 + +echo test sslv3 with both client and server authentication +$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 +$ssltest $extra || exit 1 + +echo test sslv2/sslv3 with server authentication +$ssltest -server_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with client authentication +$ssltest -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication +$ssltest -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2 via BIO pair +$ssltest -bio_pair -ssl2 $extra || exit 1 + +echo test sslv2 with server authentication via BIO pair +$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 + +if [ $dsa_cert = NO ]; then + echo test sslv2 with client authentication via BIO pair + $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 + + echo test sslv2 with both client and server authentication via BIO pair + $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 +fi + +echo test sslv3 via BIO pair +$ssltest -bio_pair -ssl3 $extra || exit 1 + +echo test sslv3 with server authentication via BIO pair +$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 + +echo test sslv3 with client authentication via BIO pair +$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 + +echo test sslv3 with both client and server authentication via BIO pair +$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 via BIO pair +$ssltest $extra || exit 1 + +if [ $dsa_cert = NO ]; then + echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' + $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 +fi + +echo test sslv2/sslv3 with 1024bit DHE via BIO pair +$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 + +echo test sslv2/sslv3 with server authentication +$ssltest -bio_pair -server_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with client authentication via BIO pair +$ssltest -bio_pair -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair +$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 + +echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify +$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 + +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + echo "Testing $cipher" + prot="" + if [ $protocol = "SSLv3" ] ; then + prot="-ssl3" + fi + $ssltest -cipher $cipher $prot + if [ $? -ne 0 ] ; then + echo "Failed $cipher" + exit 1 + fi + done +done + +############################################################################# + +if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo skipping anonymous DH tests +else + echo test tls1 with 1024bit anonymous DH, multiple handshakes + $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 +fi + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then + echo skipping RSA tests +else + echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 + + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo skipping RSA+DHE tests + else + echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + fi +fi + +echo test tls1 with PSK +$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 + +echo test tls1 with PSK via BIO pair +$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 + +if ../util/shlib_wrap.sh ../apps/openssl no-srp; then + echo skipping SRP tests +else + echo test tls1 with SRP + $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 + + echo test tls1 with SRP via BIO pair + $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 + + echo test tls1 with SRP auth + $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 + + echo test tls1 with SRP auth via BIO pair + $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 +fi + +exit 0 diff --git a/test/testssl.com b/test/testssl.com new file mode 100644 index 0000000..f19edc4 --- /dev/null +++ b/test/testssl.com @@ -0,0 +1,208 @@ +$! TESTSSL.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ texe_dir = "sys$disk:[-.''__arch'.exe.test]" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ if p1 .eqs. "" +$ then +$ key="[-.apps]server.pem" +$ else +$ key=p1 +$ endif +$ if p2 .eqs. "" +$ then +$ cert="[-.apps]server.pem" +$ else +$ cert=p2 +$ endif +$ ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ - + " -cert ''cert' -c_key ''key' -c_cert ''cert'" +$! +$ set noon +$ define/user sys$output testssl-x509-output. +$ define/user sys$error nla0: +$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout +$ define/user sys$error nla0: +$ search/output=nla0: testssl-x509-output. "DSA Public Key"/exact +$ if $severity .eq. 1 +$ then +$ dsa_cert = "YES" +$ else +$ dsa_cert = "NO" +$ endif +$ delete testssl-x509-output.;* +$ +$ if p3 .eqs. "" +$ then +$ copy/concatenate [-.certs]*.pem certs.tmp +$ CA = """-CAfile"" certs.tmp" +$ else +$ CA = """-CAfile"" "+p3 +$ endif +$ +$!########################################################################### +$ +$ write sys$output "test sslv2" +$ 'ssltest' -ssl2 +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2 with server authentication" +$ 'ssltest' -ssl2 -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2 with client authentication" +$ 'ssltest' -ssl2 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2 with both client and server authentication" +$ 'ssltest' -ssl2 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ write sys$output "test sslv3" +$ 'ssltest' -ssl3 +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with server authentication" +$ 'ssltest' -ssl3 -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with client authentication" +$ 'ssltest' -ssl3 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with both client and server authentication" +$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3" +$ 'ssltest' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with server authentication" +$ 'ssltest' -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with client authentication" +$ 'ssltest' -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with both client and server authentication" +$ 'ssltest' -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2 via BIO pair" +$ 'ssltest' -bio_pair -ssl2 +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2 with server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ write sys$output "test sslv3 via BIO pair" +$ 'ssltest' -bio_pair -ssl3 +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv3 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 + +$ write sys$output "test sslv3 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 via BIO pair" +$ 'ssltest' +$ if $severity .ne. 1 then goto exit3 +$ +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" +$ 'ssltest' -bio_pair -no_dhe +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" +$ 'ssltest' -bio_pair -dhe1024dsa -v +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with server authentication" +$ 'ssltest' -bio_pair -server_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ +$!########################################################################### +$ +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ no_rsa=$SEVERITY +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-dh +$ no_dh=$SEVERITY +$ +$ if no_dh +$ then +$ write sys$output "skipping anonymous DH tests" +$ else +$ write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes" +$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ if no_rsa +$ then +$ write sys$output "skipping RSA tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ +$ if no_dh +$ then +$ write sys$output "skipping RSA+DHE tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ endif +$ +$ RET = 1 +$ goto exit +$ exit3: +$ RET = 3 +$ exit: +$ if p3 .eqs. "" then delete certs.tmp;* +$ set on +$ exit 'RET' diff --git a/test/testsslproxy b/test/testsslproxy new file mode 100644 index 0000000..58bbda8 --- /dev/null +++ b/test/testsslproxy @@ -0,0 +1,10 @@ +#! /bin/sh + +echo 'Testing a lot of proxy conditions.' +echo 'Some of them may turn out being invalid, which is fine.' +for auth in A B C BC; do + for cond in A B C 'A|B&!C'; do + sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" + if [ $? = 3 ]; then exit 1; fi + done +done diff --git a/test/testtsa b/test/testtsa new file mode 100644 index 0000000..bb653b5 --- /dev/null +++ b/test/testtsa @@ -0,0 +1,238 @@ +#!/bin/sh + +# +# A few very basic tests for the 'ts' time stamping authority command. +# + +SH="/bin/sh" +if test "$OSTYPE" = msdosdjgpp; then + PATH="../apps\;$PATH" +else + PATH="../apps:$PATH" +fi +export SH PATH + +OPENSSL_CONF="../CAtsa.cnf" +export OPENSSL_CONF +# Because that's what ../apps/CA.sh really looks at +SSLEAY_CONFIG="-config $OPENSSL_CONF" +export SSLEAY_CONFIG + +OPENSSL="`pwd`/../util/opensslwrap.sh" +export OPENSSL + +error () { + + echo "TSA test failed!" >&2 + exit 1 +} + +setup_dir () { + + rm -rf tsa 2>/dev/null + mkdir tsa + cd ./tsa +} + +clean_up_dir () { + + cd .. + rm -rf tsa +} + +create_ca () { + + echo "Creating a new CA for the TSA tests..." + TSDNSECT=ts_ca_dn + export TSDNSECT + ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ + -out tsaca.pem -keyout tsacakey.pem + test $? != 0 && error +} + +create_tsa_cert () { + + INDEX=$1 + export INDEX + EXT=$2 + TSDNSECT=ts_cert_dn + export TSDNSECT + + ../../util/shlib_wrap.sh ../../apps/openssl req -new \ + -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem + test $? != 0 && error +echo Using extension $EXT + ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ + -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ + -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ + -extfile $OPENSSL_CONF -extensions $EXT + test $? != 0 && error +} + +print_request () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text +} + +create_time_stamp_request1 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq + test $? != 0 && error +} + +create_time_stamp_request2 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ + -out req2.tsq + test $? != 0 && error +} + +create_time_stamp_request3 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq + test $? != 0 && error +} + +print_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text + test $? != 0 && error +} + +create_time_stamp_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 + test $? != 0 && error +} + +time_stamp_response_token_test () { + + RESPONSE2=$2.copy.tsr + TOKEN_DER=$2.token.der + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 + test $? != 0 && error + cmp $RESPONSE2 $2 + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out + test $? != 0 && error +} + +verify_time_stamp_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + test $? != 0 && error +} + +verify_time_stamp_token () { + + # create the token from the response first + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem + test $? != 0 && error +} + +verify_time_stamp_response_fail () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + # Checks if the verification failed, as it should have. + test $? = 0 && error + echo Ok +} + +# main functions + +echo "Setting up TSA test directory..." +setup_dir + +echo "Creating CA for TSA tests..." +create_ca + +echo "Creating tsa_cert1.pem TSA server cert..." +create_tsa_cert 1 tsa_cert + +echo "Creating tsa_cert2.pem non-TSA server cert..." +create_tsa_cert 2 non_tsa_cert + +echo "Creating req1.req time stamp request for file testtsa..." +create_time_stamp_request1 + +echo "Printing req1.req..." +print_request req1.tsq + +echo "Generating valid response for req1.req..." +create_time_stamp_response req1.tsq resp1.tsr tsa_config1 + +echo "Printing response..." +print_response resp1.tsr + +echo "Verifying valid response..." +verify_time_stamp_response req1.tsq resp1.tsr ../testtsa + +echo "Verifying valid token..." +verify_time_stamp_token req1.tsq resp1.tsr ../testtsa + +# The tests below are commented out, because invalid signer certificates +# can no longer be specified in the config file. + +# echo "Generating _invalid_ response for req1.req..." +# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 + +# echo "Printing response..." +# print_response resp1_bad.tsr + +# echo "Verifying invalid response, it should fail..." +# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr + +echo "Creating req2.req time stamp request for file testtsa..." +create_time_stamp_request2 + +echo "Printing req2.req..." +print_request req2.tsq + +echo "Generating valid response for req2.req..." +create_time_stamp_response req2.tsq resp2.tsr tsa_config1 + +echo "Checking '-token_in' and '-token_out' options with '-reply'..." +time_stamp_response_token_test req2.tsq resp2.tsr + +echo "Printing response..." +print_response resp2.tsr + +echo "Verifying valid response..." +verify_time_stamp_response req2.tsq resp2.tsr ../testtsa + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req1.tsq resp2.tsr + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req2.tsq resp1.tsr + +echo "Creating req3.req time stamp request for file CAtsa.cnf..." +create_time_stamp_request3 + +echo "Printing req3.req..." +print_request req3.tsq + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req3.tsq resp1.tsr + +echo "Cleaning up..." +clean_up_dir + +exit 0 diff --git a/test/testtsa.com b/test/testtsa.com new file mode 100644 index 0000000..29fb1d0 --- /dev/null +++ b/test/testtsa.com @@ -0,0 +1,255 @@ +$! +$! A few very basic tests for the 'ts' time stamping authority command. +$! +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p4 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ OPENSSL_CONF = "[-]CAtsa.cnf" +$ ! Because that's what ../apps/CA.sh really looks at +$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF +$ +$ error: +$ subroutine +$ write sys$error "TSA test failed!" +$ exit 3 +$ endsubroutine +$ +$ setup_dir: +$ subroutine +$ +$ if f$search("tsa.dir") .nes "" +$ then +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endif +$ +$ create/dir [.tsa] +$ set default [.tsa] +$ endsubroutine +$ +$ clean_up_dir: +$ subroutine +$ +$ set default [-] +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endsubroutine +$ +$ create_ca: +$ subroutine +$ +$ write sys$output "Creating a new CA for the TSA tests..." +$ TSDNSECT = "ts_ca_dn" +$ openssl req -new -x509 -nodes - + -out tsaca.pem -keyout tsacakey.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_tsa_cert: +$ subroutine +$ +$ INDEX=p1 +$ EXT=p2 +$ TSDNSECT = "ts_cert_dn" +$ +$ openssl req -new - + -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem +$ if $severity .ne. 1 then call error +$ +$ write sys$output "Using extension ''EXT'" +$ openssl x509 -req - + -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - + "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - + -extfile 'OPENSSL_CONF' -extensions "''EXT'" +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_request: +$ subroutine +$ +$ openssl ts -query -in 'p1' -text +$ endsubroutine +$ +$ create_time_stamp_request1: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - + -cert -out req1.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request2: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - + -no_nonce -out req2.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request3: subroutine +$ +$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_response: +$ subroutine +$ +$ openssl ts -reply -in 'p1' -text +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_response: +$ subroutine +$ +$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ time_stamp_response_token_test: +$ subroutine +$ +$ RESPONSE2 = p2+ "-copy_tsr" +$ TOKEN_DER = p2+ "-token_der" +$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' +$ if $severity .ne. 1 then call error +$ backup/compare 'RESPONSE2' 'p2' +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'p2' -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -queryfile 'p1' -text -token_out +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_token: +$ subroutine +$ +$ ! create the token from the response first +$ openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -verify -queryfile "''p1'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data "''p3'" -in "''p2'-token" - + -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response_fail: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ ! Checks if the verification failed, as it should have. +$ if $severity .eq. 1 then call error +$ write sys$output "Ok" +$ endsubroutine +$ +$ ! Main body ---------------------------------------------------------- +$ +$ set noon +$ +$ write sys$output "Setting up TSA test directory..." +$ call setup_dir +$ +$ write sys$output "Creating CA for TSA tests..." +$ call create_ca +$ +$ write sys$output "Creating tsa_cert1.pem TSA server cert..." +$ call create_tsa_cert 1 "tsa_cert" +$ +$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." +$ call create_tsa_cert 2 "non_tsa_cert" +$ +$ write sys$output "Creating req1.req time stamp request for file testtsa..." +$ call create_time_stamp_request1 +$ +$ write sys$output "Printing req1.req..." +$ call print_request "req1.tsq" +$ +$ write sys$output "Generating valid response for req1.req..." +$ call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1" +$ +$ write sys$output "Printing response..." +$ call print_response "resp1.tsr" +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com" +$ +$ write sys$output "Verifying valid token..." +$ call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com" +$ +$ ! The tests below are commented out, because invalid signer certificates +$ ! can no longer be specified in the config file. +$ +$ ! write sys$output "Generating _invalid_ response for req1.req..." +$ ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2" +$ +$ ! write sys$output "Printing response..." +$ ! call print_response "resp1_bad.tsr" +$ +$ ! write sys$output "Verifying invalid response, it should fail..." +$ ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr" +$ +$ write sys$output "Creating req2.req time stamp request for file testtsa..." +$ call create_time_stamp_request2 +$ +$ write sys$output "Printing req2.req..." +$ call print_request "req2.tsq" +$ +$ write sys$output "Generating valid response for req2.req..." +$ call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1" +$ +$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." +$ call time_stamp_response_token_test "req2.tsq" "resp2.tsr" +$ +$ write sys$output "Printing response..." +$ call print_response "resp2.tsr" +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr" +$ +$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." +$ call create_time_stamp_request3 +$ +$ write sys$output "Printing req3.req..." +$ call print_request "req3.tsq" +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr" +$ +$ write sys$output "Cleaning up..." +$ call clean_up_dir +$ +$ set on +$ +$ exit diff --git a/test/testutil.h b/test/testutil.h new file mode 100644 index 0000000..3e9cb84 --- /dev/null +++ b/test/testutil.h @@ -0,0 +1,116 @@ +/* test/testutil.h */ +/* + * Utilities for writing OpenSSL unit tests. + * + * More information: + * http://wiki.openssl.org/index.php/How_To_Write_Unit_Tests_For_OpenSSL + * + * Author: Mike Bland (mbland@acm.org) + * Date: 2014-06-07 + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_TESTUTIL_H +#define HEADER_TESTUTIL_H + +/* SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions. + * + * SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE + * object called "fixture". It will also allocate the "result" variable used + * by EXECUTE_TEST. set_up() should take a const char* specifying the test + * case name and return a TEST_FIXTURE_TYPE by value. + * + * EXECUTE_TEST will pass fixture to execute_func() by value, call + * tear_down(), and return the result of execute_func(). execute_func() should + * take a TEST_FIXTURE_TYPE by value and return zero on success or one on + * failure. + * + * Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST + * variations like so: + * + * #define SETUP_FOOBAR_TEST_FIXTURE()\ + * SETUP_TEST_FIXTURE(FOOBAR_TEST_FIXTURE, set_up_foobar) + * + * #define EXECUTE_FOOBAR_TEST()\ + * EXECUTE_TEST(execute_foobar, tear_down_foobar) + * + * Then test case functions can take the form: + * + * static int test_foobar_feature() + * { + * SETUP_FOOBAR_TEST_FIXTURE(); + * [...set individual members of fixture...] + * EXECUTE_FOOBAR_TEST(); + * } + */ +#define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\ + TEST_FIXTURE_TYPE fixture = set_up(TEST_CASE_NAME);\ + int result = 0 + +#define EXECUTE_TEST(execute_func, tear_down)\ + if (execute_func(fixture) != 0) result = 1;\ + tear_down(fixture);\ + return result + +/* TEST_CASE_NAME is defined as the name of the test case function where + * possible; otherwise we get by with the file name and line number. + */ +#if __STDC_VERSION__ < 199901L +#if defined(_MSC_VER) +#define TEST_CASE_NAME __FUNCTION__ +#else +#define testutil_stringify_helper(s) #s +#define testutil_stringify(s) testutil_stringify_helper(s) +#define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__) +#endif /* _MSC_VER */ +#else +#define TEST_CASE_NAME __func__ +#endif /* __STDC_VERSION__ */ + +#endif /* HEADER_TESTUTIL_H */ diff --git a/test/testx509.pem b/test/testx509.pem new file mode 100644 index 0000000..8a85d14 --- /dev/null +++ b/test/testx509.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz +MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO +/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE +Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ +zl9HYIMxATFyqSiD9jsx +-----END CERTIFICATE----- diff --git a/test/times b/test/times new file mode 100644 index 0000000..6b66eb3 --- /dev/null +++ b/test/times @@ -0,0 +1,113 @@ + +More number for the questions about SSL overheads.... + +The following numbers were generated on a Pentium pro 200, running Linux. +They give an indication of the SSL protocol and encryption overheads. + +The program that generated them is an unreleased version of ssl/ssltest.c +which is the SSLeay ssl protocol testing program. It is a single process that +talks both sides of the SSL protocol via a non-blocking memory buffer +interface. + +How do I read this? The protocol and cipher are reasonable obvious. +The next number is the number of connections being made. The next is the +number of bytes exchanged between the client and server side of the protocol. +This is the number of bytes that the client sends to the server, and then +the server sends back. Because this is all happening in one process, +the data is being encrypted, decrypted, encrypted and then decrypted again. +It is a round trip of that many bytes. Because the one process performs +both the client and server sides of the protocol and it sends this many bytes +each direction, multiply this number by 4 to generate the number +of bytes encrypted/decrypted/MACed. The first time value is how many seconds +elapsed doing a full SSL handshake, the second is the cost of one +full handshake and the rest being session-id reuse. + +SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s +SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s +SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s +SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA +SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s +SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s +SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s + +SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s +SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s +SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA +SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s +SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s +SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s + +SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s +SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s +SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s +SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA +SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s +SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s +SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s + +SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s +SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s +SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s +SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA +SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s +SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s +SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s + +What does this all mean? Well for a server, with no session-id reuse, with +a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, +a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of +about 49 connections a second. Reality will be quite different :-). + +Remember the first number is 1000 full ssl handshakes, the second is +1 full and 999 with session-id reuse. The RSA overheads for each exchange +would be one public and one private operation, but the protocol/MAC/cipher +cost would be quite similar in both the client and server. + +eric (adding numbers to speculation) + +--- Appendix --- +- The time measured is user time but these number a very rough. +- Remember this is the cost of both client and server sides of the protocol. +- The TCP/kernel overhead of connection establishment is normally the + killer in SSL. Often delays in the TCP protocol will make session-id + reuse look slower that new sessions, but this would not be the case on + a loaded server. +- The TCP round trip latencies, while slowing individual connections, + would have minimal impact on throughput. +- Instead of sending one 102400 byte buffer, one 8k buffer is sent until +- the required number of bytes are processed. +- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. +- A 512bit server key was being used except where noted. +- No server key verification was being performed on the client side of the + protocol. This would slow things down very little. +- The library being used is SSLeay 0.8.x. +- The normal measuring system was commands of the form + time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse + This modified version of ssltest should be in the next public release of + SSLeay. + +The general cipher performance number for this platform are + +SSLeay 0.8.2a 04-Sep-1997 +built on Fri Sep 5 17:37:05 EST 1997 +options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) +C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 131.02k 368.41k 500.57k 549.21k 566.09k +mdc2 535.60k 589.10k 595.88k 595.97k 594.54k +md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k +sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k +sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k +rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k +des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k +des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k +idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k +rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k +blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k + sign verify +rsa 512 bits 0.0100s 0.0011s +rsa 1024 bits 0.0451s 0.0012s +rsa 2048 bits 0.2605s 0.0086s +rsa 4096 bits 1.6883s 0.0302s + diff --git a/test/tpkcs7 b/test/tpkcs7 new file mode 100644 index 0000000..3e435ff --- /dev/null +++ b/test/tpkcs7 @@ -0,0 +1,48 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testp7.pem +fi + +echo testing pkcs7 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tpkcs7.com b/test/tpkcs7.com new file mode 100644 index 0000000..3fc4982 --- /dev/null +++ b/test/tpkcs7.com @@ -0,0 +1,59 @@ +$! TPKCS7.COM -- Tests pkcs7 keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl pkcs7" +$ +$ t = "testp7.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing PKCS7 conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/tpkcs7d b/test/tpkcs7d new file mode 100644 index 0000000..64fc28e --- /dev/null +++ b/test/tpkcs7d @@ -0,0 +1,41 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=pkcs7-1.pem +fi + +echo "testing pkcs7 conversions (2)" +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tpkcs7d.com b/test/tpkcs7d.com new file mode 100644 index 0000000..eea8c88 --- /dev/null +++ b/test/tpkcs7d.com @@ -0,0 +1,52 @@ +$! TPKCS7.COM -- Tests pkcs7 keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl pkcs7" +$ +$ t = "pkcs7-1.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing PKCS7 conversions (2)" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/treq b/test/treq new file mode 100644 index 0000000..77f37dc --- /dev/null +++ b/test/treq @@ -0,0 +1,83 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testreq.pem +fi + +if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then + echo "skipping req conversion test for $t" + exit 0 +fi + +echo testing req conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -verify -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -verify -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/treq.com b/test/treq.com new file mode 100644 index 0000000..acf08b7 --- /dev/null +++ b/test/treq.com @@ -0,0 +1,88 @@ +$! TREQ.COM -- Tests req keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf" +$ +$ t = "testreq.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing req conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -verify -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -verify -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -verify -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/trsa b/test/trsa new file mode 100644 index 0000000..249ac1d --- /dev/null +++ b/test/trsa @@ -0,0 +1,83 @@ +#!/bin/sh + +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then + echo skipping rsa conversion test + exit 0 +fi + +cmd='../util/shlib_wrap.sh ../apps/openssl rsa' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testrsa.pem +fi + +echo testing rsa conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/trsa.com b/test/trsa.com new file mode 100644 index 0000000..5418084 --- /dev/null +++ b/test/trsa.com @@ -0,0 +1,99 @@ +$! TRSA.COM -- Tests rsa keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping RSA conversion test" +$ exit +$ endif +$ +$ cmd = "mcr ''exe_dir'openssl rsa" +$ +$ t = "testrsa.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing RSA conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/tsid b/test/tsid new file mode 100644 index 0000000..6adbd53 --- /dev/null +++ b/test/tsid @@ -0,0 +1,78 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testsid.pem +fi + +echo testing session-id conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tsid.com b/test/tsid.com new file mode 100644 index 0000000..b6c4e49 --- /dev/null +++ b/test/tsid.com @@ -0,0 +1,88 @@ +$! TSID.COM -- Tests sid keys +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl sess_id" +$ +$ t = "testsid.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing session-id conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in fff.p -inform p -outform t -out f.t +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> d" +$! 'cmd' -in f.t -inform t -outform d -out ff.d2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$! write sys$output "d -> t" +$! 'cmd' -in f.d -inform d -outform t -out ff.t1 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "t -> t" +$! 'cmd' -in f.t -inform t -outform t -out ff.t2 +$! if $severity .ne. 1 then exit 3 +$! write sys$output "p -> t" +$! 'cmd' -in f.p -inform p -outform t -out ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$! write sys$output "t -> p" +$! 'cmd' -in f.t -inform t -outform p -out ff.p2 +$! if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare fff.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$! backup/compare f.t ff.t1 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t2 +$! if $severity .ne. 1 then exit 3 +$! backup/compare f.t ff.t3 +$! if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$! backup/compare f.p ff.p2 +$! if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/tverify.com b/test/tverify.com new file mode 100644 index 0000000..d888344 --- /dev/null +++ b/test/tverify.com @@ -0,0 +1,65 @@ +$! TVERIFY.COM +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p1 .eqs. "64") then __arch = __arch+ "_64" +$! +$ line_max = 255 ! Could be longer on modern non-VAX. +$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" +$ cmd_len = f$length( cmd) +$ pems = "[-.certs...]*.pem" +$! +$! Concatenate all the certificate files. +$! +$ copy /concatenate 'pems' 'temp_file_name' +$! +$! Loop through all the certificate files. +$! +$ args = "" +$ old_f = "" +$ loop_file: +$ f = f$search( pems) +$ if ((f .nes. "") .and. (f .nes. old_f)) +$ then +$ old_f = f +$! +$! If this file name would over-extend the command line, then +$! run the command now. +$! +$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max) +$ then +$ if (args .eqs. "") then goto disaster +$ 'cmd''args' +$ args = "" +$ endif +$! Add the next file to the argument list. +$ args = args+ " "+ f +$ else +$! No more files in the list +$ goto loop_file_end +$ endif +$ goto loop_file +$ loop_file_end: +$! +$! Run the command for any left-over arguments. +$! +$ if (args .nes. "") +$ then +$ 'cmd''args' +$ endif +$! +$! Delete the temporary file. +$! +$ if (f$search( "''temp_file_name';*") .nes. "") then - + delete 'temp_file_name';* +$! +$ exit +$! +$ disaster: +$ write sys$output " Command line too long. Doomed." +$! diff --git a/test/tx509 b/test/tx509 new file mode 100644 index 0000000..4a15b98 --- /dev/null +++ b/test/tx509 @@ -0,0 +1,78 @@ +#!/bin/sh + +cmd='../util/shlib_wrap.sh ../apps/openssl x509' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testx509.pem +fi + +echo testing X509 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> n" +$cmd -in fff.p -inform p -outform n >f.n +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> d" +$cmd -in f.n -inform n -outform d >ff.d2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> n" +$cmd -in f.d -inform d -outform n >ff.n1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> n" +$cmd -in f.n -inform n -outform n >ff.n2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> n" +$cmd -in f.p -inform p -outform n >ff.n3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> p" +$cmd -in f.n -inform n -outform p >ff.p2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p2 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.n ff.n1 +if [ $? != 0 ]; then exit 1; fi +cmp f.n ff.n2 +if [ $? != 0 ]; then exit 1; fi +cmp f.n ff.n3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p2 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/test/tx509.com b/test/tx509.com new file mode 100644 index 0000000..93ce988 --- /dev/null +++ b/test/tx509.com @@ -0,0 +1,88 @@ +$! TX509.COM -- Tests x509 certificates +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''exe_dir'openssl x509" +$ +$ t = "testx509.pem" +$ if p1 .nes. "" then t = p1 +$ +$ write sys$output "testing X509 conversions" +$ if f$search("fff.*") .nes "" then delete fff.*;* +$ if f$search("ff.*") .nes "" then delete ff.*;* +$ if f$search("f.*") .nes "" then delete f.*;* +$ convert/fdl=sys$input: 't' fff.p +RECORD + FORMAT STREAM_LF +$ +$ write sys$output "p -> d" +$ 'cmd' -in fff.p -inform p -outform d -out f.d +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> n" +$ 'cmd' -in fff.p -inform p -outform n -out f.n +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in fff.p -inform p -outform p -out f.p +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> d" +$ 'cmd' -in f.d -inform d -outform d -out ff.d1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "n -> d" +$ 'cmd' -in f.n -inform n -outform d -out ff.d2 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> d" +$ 'cmd' -in f.p -inform p -outform d -out ff.d3 +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> n" +$ 'cmd' -in f.d -inform d -outform n -out ff.n1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "n -> n" +$ 'cmd' -in f.n -inform n -outform n -out ff.n2 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> n" +$ 'cmd' -in f.p -inform p -outform n -out ff.n3 +$ if $severity .ne. 1 then exit 3 +$ +$ write sys$output "d -> p" +$ 'cmd' -in f.d -inform d -outform p -out ff.p1 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "n -> p" +$ 'cmd' -in f.n -inform n -outform p -out ff.p2 +$ if $severity .ne. 1 then exit 3 +$ write sys$output "p -> p" +$ 'cmd' -in f.p -inform p -outform p -out ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare fff.p f.p +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p2 +$ if $severity .ne. 1 then exit 3 +$ backup/compare fff.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.n ff.n1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.n ff.n2 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.n ff.n3 +$ if $severity .ne. 1 then exit 3 +$ +$ backup/compare f.p ff.p1 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p2 +$ if $severity .ne. 1 then exit 3 +$ backup/compare f.p ff.p3 +$ if $severity .ne. 1 then exit 3 +$ +$ delete f.*;*,ff.*;*,fff.*;* diff --git a/test/v3-cert1.pem b/test/v3-cert1.pem new file mode 100644 index 0000000..0da253d --- /dev/null +++ b/test/v3-cert1.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx +NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz +dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw +ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu +ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 +ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp +miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C +AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK +Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x +DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR +MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB +AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 +X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 +WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO +-----END CERTIFICATE----- diff --git a/test/v3-cert2.pem b/test/v3-cert2.pem new file mode 100644 index 0000000..de0723f --- /dev/null +++ b/test/v3-cert2.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD +YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 +ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu +dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 +WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV +BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx +FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA +6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT +G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ +YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm +b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc +F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz +lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap +jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= +-----END CERTIFICATE----- diff --git a/test/wp_test.c b/test/wp_test.c new file mode 120000 index 0000000..81b2021 --- /dev/null +++ b/test/wp_test.c @@ -0,0 +1 @@ +../crypto/whrlpool/wp_test.c \ No newline at end of file -- GitLab