VMS adjustments:

$!

$ ENGINES = "," + P6

$ IF ENGINES .EQS. "," THEN -

	ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"

	ENGINES = ",4758cca,padlock,capi,"

$!

$! GOST requires a 64-bit integer type, unavailable on VAX.

$!

$ IF (ARCH .NES. "VAX") THEN -

       ENGINES = ENGINES+ ",ccgost"

       ENGINES = ENGINES+ ",gost"

$!

$! Check options.

$!

$   TV_OBJ = ",''TV_OBJ_NAME'"

$ ENDIF

$ ENGINE_4758CCA = "e_4758cca"

$ ENGINE_aep = "e_aep"

$ ENGINE_atalla = "e_atalla"

$ ENGINE_cswift = "e_cswift"

$ ENGINE_chil = "e_chil"

$ ENGINE_nuron = "e_nuron"

$ ENGINE_sureware = "e_sureware"

$ ENGINE_ubsec = "e_ubsec"

$ ENGINE_padlock = "e_padlock"

$ ENGINE_capi = "e_capi"

$ 

$ ENGINE_ccgost_SUBDIR = "ccgost"

$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -

$ ENGINE_gost_SUBDIR = "ccgost"

$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -

		"gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -

		"gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -

		"gost_sign"

$!

$! Define The Different SSL "library" Files.

$!

$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -

	    "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -

$ LIB_SSL = "s3_meth,  s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ -

	    "s23_meth,s23_srvr,s23_clnt,s23_lib,       s23_pkt,"+ -

	    "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -

	    "t1_meth,  t1_srvr, t1_clnt, t1_lib, t1_enc,       t1_ext,"+ -

	    "d1_meth,  d1_srvr, d1_clnt, d1_lib,        d1_pkt,"+ -

	    "d1_both,d1_enc,d1_srtp,"+ -

	    "d1_both,d1_srtp,"+ -

	    "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -

	    "ssl_ciph,ssl_stat,ssl_rsa,"+ -

	    "ssl_asn1,ssl_txt,ssl_algs,"+ -

	    "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce"

	    "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -

	    "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"

$!

$ COMPILEWITH_CC5 = ""

$!

$!

$! O.K, Extract The File Name From The File List.

$!

$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)

$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM")

$!

$! Check To See If We Are At The End Of The File List.

$!

$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -

	       "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -

	       "RC2TEST,RC4TEST,RC5TEST,"+ -

	       "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -

	       "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -

	       "MDC2TEST,RMDTEST,"+ -

	       "RANDTEST,DHTEST,ENGINETEST,"+ -

	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -

	       "EVP_TEST,IGETEST,JPAKETEST,SRPTEST"

	       "GOST2814789TEST,"+ -

	       "BFTEST,CASTTEST,SSLTEST,"+ -

	       "EXPTEST,DSATEST,RSA_TEST,"+ -

	       "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -

	       "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -

	       "CONSTANT_TIME_TEST"

$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?

$!

$! Additional directory information.

$ T_D_RANDTEST           := [-.crypto.rand]

$ T_D_DHTEST             := [-.crypto.dh]

$ T_D_ENGINETEST         := [-.crypto.engine]

$ T_D_GOST2814789TEST    := [-.engines.ccgost]

$ T_D_BFTEST             := [-.crypto.bf]

$ T_D_CASTTEST           := [-.crypto.cast]

$ T_D_SSLTEST            := [-.ssl]

$ T_D_IGETEST            := [-.test]

$ T_D_JPAKETEST          := [-.crypto.jpake]

$ T_D_SRPTEST            := [-.crypto.srp]

$ T_D_V3NAMETEST         := [-.crypto.x509v3]

$ T_D_HEARTBEAT_TEST     := [-.ssl]

$ T_D_P5_CRPT2_TEST      := [-.crypto.evp]

$ T_D_CONSTANT_TIME_TEST := [-.crypto]

$!

$ TCPIP_PROGRAMS = ",,"

$ IF COMPILER .EQS. "VAXC" THEN -

$!

$! Set basic C compiler /INCLUDE directories.

$!

$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"

$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"

$!

$! Check To See If P1 Is Blank.

$!

$ __HERE = F$EDIT(__HERE,"UPCASE")

$ __TOP = __HERE - "TEST]"

$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"

$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"

$!

$! Set up the logical name OPENSSL to point at the include directory

$!

$ DEFINE OPENSSL /NOLOG '__INCLUDE'

$ DEFINE INTERNAL /NOLOG '__INTERNAL'

$!

$! Done

$!

$ IF __SAVE_OPENSSL .EQS. ""

$ THEN

$   DEASSIGN OPENSSL

$   DEASSIGN INTERNAL

$ ELSE

$   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'

$ ENDIF

$!

$	texe_dir := sys$disk:[-.'__archd'.exe.test]

$	exe_dir := sys$disk:[-.'__archd'.exe.apps]

$	engines_dir := sys$disk:[-.'__archd'.exe.engines]

$

$	set default '__here'

$

$	    tests := -

	test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-

	test_md2,test_mdc2,test_wp,-

	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-

	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-

	test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-

	test_enc,test_x509,test_rsa,test_crl,test_sid,-

	test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-

	test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-

	test_jpake,test_srp,test_cms

	test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-

	test_gost2814789,test_heartbeat,test_p5_crpt2,-

	test_constant_time

$	endif

$	tests = f$edit(tests,"COLLAPSE")

$

$	ECDHTEST :=		ecdhtest

$	EXPTEST :=		exptest

$	IDEATEST :=		ideatest

$	SHATEST :=	shatest

$	SHA1TEST :=		sha1test

$	SHA256TEST :=		sha256t

$	SHA512TEST :=		sha512t

$	MDC2TEST :=		mdc2test

$	RMDTEST :=		rmdtest

$	MD2TEST :=		md2test

$	SSLTEST :=		ssltest

$	RSATEST :=		rsa_test

$	ENGINETEST :=		enginetest

$	GOST2814789TEST :=	gost2814789test

$	EVPTEST :=		evp_test

$	P5_CRPT2_TEST :=	p5_crpt2_test

$	IGETEST :=		igetest

$	JPAKETEST :=		jpaketest

$	SRPTEST :=		srptest

$	V3NAMETEST :=		v3nametest

$	HEARTBEATTEST :=	heartbeat_test

$	CONSTTIMETEST :=	constant_time_test

$!

$	tests_i = 0

$ loop_tests:

$ test_evp:

$	mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt

$	return

$ test_p5_crpt2:

$	mcr 'texe_dir''p5_crpt2_test'

$	return

$ test_des:

$	mcr 'texe_dir''destest'

$	return

$	mcr 'texe_dir''ideatest'

$	return

$ test_sha:

$	mcr 'texe_dir''shatest'

$	mcr 'texe_dir''sha1test'

$	mcr 'texe_dir''sha256test'

$	mcr 'texe_dir''sha512test'

$	return

$ test_mdc2:

$	mcr 'texe_dir''mdc2test'

$ test_rand:

$	mcr 'texe_dir''randtest'

$	return

$ test_gost2814789:

$	define/user OPENSSL_ENGINES 'engines_dir'

$	mcr 'texe_dir''gost2814789test'

$	return

$ test_enc:

$	@testenc.com 'pointer_size'

$	return

$	write sys$output "Test SRP"

$	mcr 'texe_dir''srptest'

$	return

$

$ test_v3name:

$	write sys$output "Test X509v3_check_*"

$	mcr 'texe_dir''v3nametest'

$	return

$ test_ocsp:

$	write sys$output "Test OCSP"

$	@tocsp.com

$	return

$ test_heartbeat:

$	mcr 'texe_dir''heartbeattest'

$	return

$ test_constant_time:

$	write sys$output "Test constant time utilites"

$	mcr 'texe_dir''consttimetest'

$	return

$

$ exit:

$	mcr 'exe_dir'openssl version -a

$! TOCSP.COM  --  Test ocsp

$

$	__arch = "VAX"

$       if f$getsyi("cpu") .ge. 128 then -

           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")

$       if __arch .eqs. "" then __arch = "UNK"

$!

$       if (p2 .eqs. "64") then __arch = __arch+ "_64"

$!

$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"

$

$       cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"

$	ocspdir = "ocsp-tests"

$

$!	17 December 2012 so we don't get certificate expiry errors.

$	check_time="-attime 1355875200"

$

$ test_ocsp:

$	subroutine

$		'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin

$		'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -

		      "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:

$		if $severity .ne. p3+1

$		then

$		    write sys$error "OCSP test failed!"

$		    exit 3

$		endif

$	endsubroutine

$

$	set noon

$

$	write sys$output "=== VALID OCSP RESPONSES ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0

$	

$	write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1

$	

$	write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="

$!	Expect success, because we're explicitly trusting the issuer certificate.

$	write sys$output "NON-DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0

$	write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0

$	write sys$output "NON-DELEGATED; Root CA -> EE"

$	call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0

$	write sys$output "DELEGATED; Intermediate CA -> EE"

$	call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0

$	write sys$output "DELEGATED; Root CA -> Intermediate CA"

$	call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0

$	write sys$output "DELEGATED; Root CA -> EE"

$	call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0

$	

$	write sys$output "ALL OCSP TESTS SUCCESSFUL"

$

$	set on

$	

$	exit