diff options
| author | Richard Levitte <levitte@openssl.org> | 2010-01-27 11:14:46 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2010-01-27 11:14:46 +0000 |
| commit | e6d8d6a89ae491106ff5860bcd339f1469ca350f (patch) | |
| tree | bf5eb7cff5c855f24213c665470d57d9bc96b969 /test | |
| parent | 0e785e5e093d4c24eaf531dd5ffc655e3a91c6b5 (diff) | |
| download | openssl-new-e6d8d6a89ae491106ff5860bcd339f1469ca350f.tar.gz | |
Merge main -> VMS_64BITBRANCH_VMS_64BIT
Diffstat (limited to 'test')
40 files changed, 3540 insertions, 1165 deletions
diff --git a/test/.cvsignore b/test/.cvsignore index 8d2d623289..8b5997c6dc 100644 --- a/test/.cvsignore +++ b/test/.cvsignore @@ -11,8 +11,24 @@ req2CA.ss keyU.ss reqU.ss certU.ss +certU.srl +intP1.ss +tmp_intP1.ss +keyP1.ss +reqP1.ss +certP1.ss +certP1.srl +intP2.ss +tmp_intP2.ss +keyP2.ss +reqP2.ss +certP2.ss Makefile.save tmp.bntest evptests.txt sha256t sha512t +*.flc +semantic.cache +newkey.pem +*.dll diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf new file mode 100644 index 0000000000..f5a275bfc2 --- /dev/null +++ b/test/CAtsa.cnf @@ -0,0 +1,163 @@ + +# +# This config is used by the Time Stamp Authority tests. +# + +RANDFILE = ./.rnd + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +TSDNSECT = ts_cert_dn +INDEX = 1 + +[ new_oids ] + +# Policies used by the TSA tests. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#---------------------------------------------------------------------- +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA +certs = $dir/certs # Where the issued certs are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = supplied +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#---------------------------------------------------------------------- +[ req ] +default_bits = 1024 +default_md = sha1 +distinguished_name = $ENV::TSDNSECT +encrypt_rsa_key = no +prompt = no +# attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +string_mask = nombstr + +[ ts_ca_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Budapest +organizationName = Gov-CA Ltd. +commonName = ca1 + +[ ts_cert_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Buda +organizationName = Hun-TSA Ltd. +commonName = tsa$ENV::INDEX + +[ tsa_cert ] + +# TSA server cert is not a CA cert. +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ non_tsa_cert ] + +# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +# timeStamping is not supported by this certificate +# extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3_ca ] + +# Extensions for a typical CA + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = cRLSign, keyCertSign + +#---------------------------------------------------------------------- +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate + # (optional) +certs = $dir/tsaca.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key1.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = yes # Must the ESS cert id chain be included? + # (optional, default: no) + +[ tsa_config2 ] + +# This configuration uses a certificate which doesn't have timeStamping usage. +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key2.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/test/Makefile.ssl b/test/Makefile.ssl deleted file mode 100644 index 1e733b3a1a..0000000000 --- a/test/Makefile.ssl +++ /dev/null @@ -1,1045 +0,0 @@ -# -# test/Makefile.ssl -# - -DIR= test -TOP= .. -CC= cc -INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) -CFLAG= -g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP= /usr/local/ssl -MAKEFILE= Makefile.ssl -NEWMAKE= make -MAKE= $(NEWMAKE) -f $(MAKEFILE) -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -PERL= perl -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= - -PEX_LIBS= -EX_LIBS= #-lnsl -lsocket - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile.ssl maketests.com \ - tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \ - tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \ - testca.com VMSca-response.1 VMSca-response.2 - -DLIBCRYPTO= ../libcrypto.a -DLIBSSL= ../libssl.a -LIBCRYPTO= -L.. -lcrypto -LIBSSL= -L.. -lssl - -BNTEST= bntest -ECTEST= ectest -ECDSATEST= ecdsatest -ECDHTEST= ecdhtest -EXPTEST= exptest -IDEATEST= ideatest -SHATEST= shatest -SHA1TEST= sha1test -SHA256TEST= sha256t -SHA512TEST= sha512t -MDC2TEST= mdc2test -RMDTEST= rmdtest -MD2TEST= md2test -MD4TEST= md4test -MD5TEST= md5test -HMACTEST= hmactest -RC2TEST= rc2test -RC4TEST= rc4test -RC5TEST= rc5test -BFTEST= bftest -CASTTEST= casttest -DESTEST= destest -RANDTEST= randtest -DHTEST= dhtest -DSATEST= dsatest -METHTEST= methtest -SSLTEST= ssltest -RSATEST= rsa_test -ENGINETEST= enginetest -EVPTEST= evp_test - -TESTS= alltests - -EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ - $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \ - $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \ - $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ - $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ - $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ - $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) - -# $(METHTEST)$(EXE_EXT) - -OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ - $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ - $(HMACTEST).o \ - $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ - $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \ - $(MDC2TEST).o $(RMDTEST).o \ - $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ - $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o -SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ - $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ - $(HMACTEST).c \ - $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ - $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ - $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ - $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c - -EXHEADER= -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all) - -all: exe - -exe: $(EXE) dummytest$(EXE_EXT) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - -generate: $(SRC) -$(SRC): - @sh $(TOP)/util/point.sh dummytest.c $@ - -errors: - -install: - -tags: - ctags $(SRC) - -tests: exe apps $(TESTS) - -apps: - @(cd ..; $(MAKE) DIRS=apps all) - -alltests: \ - test_des test_idea test_sha test_md4 test_md5 test_hmac \ - test_md2 test_mdc2 \ - test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ - test_rand test_bn test_ec test_ecdsa test_ecdh \ - test_enc test_x509 test_rsa test_crl test_sid \ - test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl - -test_evp: - ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt - -test_des: - ../util/shlib_wrap.sh ./$(DESTEST) - -test_idea: - ../util/shlib_wrap.sh ./$(IDEATEST) - -test_sha: - ../util/shlib_wrap.sh ./$(SHATEST) - ../util/shlib_wrap.sh ./$(SHA1TEST) - ../util/shlib_wrap.sh ./$(SHA256TEST) - ../util/shlib_wrap.sh ./$(SHA512TEST) - -test_mdc2: - ../util/shlib_wrap.sh ./$(MDC2TEST) - -test_md5: - ../util/shlib_wrap.sh ./$(MD5TEST) - -test_md4: - ../util/shlib_wrap.sh ./$(MD4TEST) - -test_hmac: - ../util/shlib_wrap.sh ./$(HMACTEST) - -test_md2: - ../util/shlib_wrap.sh ./$(MD2TEST) - -test_rmd: - ../util/shlib_wrap.sh ./$(RMDTEST) - -test_bf: - ../util/shlib_wrap.sh ./$(BFTEST) - -test_cast: - ../util/shlib_wrap.sh ./$(CASTTEST) - -test_rc2: - ../util/shlib_wrap.sh ./$(RC2TEST) - -test_rc4: - ../util/shlib_wrap.sh ./$(RC4TEST) - -test_rc5: - ../util/shlib_wrap.sh ./$(RC5TEST) - -test_rand: - ../util/shlib_wrap.sh ./$(RANDTEST) - -test_enc: - @sh ./testenc - -test_x509: - echo test normal x509v1 certificate - sh ./tx509 2>/dev/null - echo test first x509v3 certificate - sh ./tx509 v3-cert1.pem 2>/dev/null - echo test second x509v3 certificate - sh ./tx509 v3-cert2.pem 2>/dev/null - -test_rsa: - @sh ./trsa 2>/dev/null - ../util/shlib_wrap.sh ./$(RSATEST) - -test_crl: - @sh ./tcrl 2>/dev/null - -test_sid: - @sh ./tsid 2>/dev/null - -test_req: - @sh ./treq 2>/dev/null - @sh ./treq testreq2.pem 2>/dev/null - -test_pkcs7: - @sh ./tpkcs7 2>/dev/null - @sh ./tpkcs7d 2>/dev/null - -test_bn: - @echo starting big number library test, could take a while... - @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest - @echo quit >>tmp.bntest - @echo "running bc" - @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' - @echo 'test a^b%c implementations' - ../util/shlib_wrap.sh ./$(EXPTEST) - -test_ec: - @echo 'test elliptic curves' - ../util/shlib_wrap.sh ./$(ECTEST) - -test_ecdsa: - @echo 'test ecdsa' - ../util/shlib_wrap.sh ./$(ECDSATEST) - -test_ecdh: - @echo 'test ecdh' - ../util/shlib_wrap.sh ./$(ECDHTEST) - -test_verify: - @echo "The following command should have some OK's and some failures" - @echo "There are definitly a few expired certificates" - ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem - -test_dh: - @echo "Generate a set of DH parameters" - ../util/shlib_wrap.sh ./$(DHTEST) - -test_dsa: - @echo "Generate a set of DSA parameters" - ../util/shlib_wrap.sh ./$(DSATEST) - ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 - -test_gen: - @echo "Generate and verify a certificate request" - @sh ./testgen - -test_ss keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ - intP1.ss intP2.ss: testss - @echo "Generate and certify a test certificate" - @sh ./testss - @cat certCA.ss certU.ss > intP1.ss - @cat certCA.ss certU.ss certP1.ss > intP2.ss - -test_engine: - @echo "Manipulate the ENGINE structures" - ../util/shlib_wrap.sh ./$(ENGINETEST) - -test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ - intP1.ss intP2.ss - @echo "test SSL protocol" - @sh ./testssl keyU.ss certU.ss certCA.ss - @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss - @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss - -test_ca: - @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ - echo "skipping CA.sh test -- requires RSA"; \ - else \ - echo "Generate and certify a test certificate via the 'ca' program"; \ - sh ./testca; \ - fi - -test_aes: #$(AESTEST) -# @echo "test Rijndael" -# ../util/shlib_wrap.sh ./$(AESTEST) - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log - -$(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) - -$(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) - -$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(RSATEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(RSATEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(BNTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(BNTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(ECTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(ECTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(EXPTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(EXPTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(IDEATEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(IDEATEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(MD2TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(MD2TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(SHATEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(SHATEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(SHA1TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(SHA1TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(SHA256TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(SHA256TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(SHA512TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(SHA512TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(RMDTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(RMDTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(MDC2TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(MDC2TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(MD4TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(MD4TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(MD5TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(MD5TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(HMACTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(HMACTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(RC2TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(RC2TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(BFTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(BFTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(CASTTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(CASTTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(RC4TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(RC4TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(RC5TEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(RC5TEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(DESTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(DESTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(RANDTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(RANDTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(DHTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(DHTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(DSATEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(DSATEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(METHTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(METHTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(SSLTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(SSLTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(ENGINETEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(ENGINETEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(EVPTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(EVPTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(ECDSATEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(ECDSATEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=$(ECDHTEST)$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="$(ECDHTEST).o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - -#$(AESTEST).o: $(AESTEST).c -# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c - -#$(AESTEST)$(EXE_EXT): $(AESTEST).o $(DLIBCRYPTO) -# if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ -# $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ -# else \ -# $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ -# fi - -dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - fi; \ - if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ - LIBRARIES="$(DLIBCRYPTO)"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(NEWMAKE) -f $(TOP)/Makefile.shared \ - APPNAME=dummytest$(EXE_EXT) CC="$(CC)" CFLAGS="$(CFLAGS)" \ - LDFLAGS="$(LDFLAGS)" SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ - OBJECTS="dummytest.o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$${shlib_target} - @case "../*.dll" in *\**) ;; *) cp -p ../*.dll .;; esac - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h -bftest.o: ../include/openssl/opensslconf.h bftest.c -bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h -bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c -casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h -casttest.o: ../include/openssl/opensslconf.h casttest.c -destest.o: ../include/openssl/des.h ../include/openssl/des_old.h -destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h -destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -destest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h destest.c -dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h -dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h -dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c -dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h -dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h -dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h -dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -dsatest.o: ../include/openssl/symhacks.h dsatest.c -ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h -ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h -ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c -ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h -ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h -ecdsatest.o: ../include/openssl/store.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/ui.h ../include/openssl/x509.h -ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c -ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ectest.o: ../include/openssl/engine.h ../include/openssl/err.h -ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.c -enginetest.o: ../include/openssl/bio.h ../include/openssl/buffer.h -enginetest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h -enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -enginetest.o: ../include/openssl/symhacks.h enginetest.c -evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h -evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h -evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h evp_test.c -exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h -exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h -exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h -exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -exptest.o: ../include/openssl/symhacks.h exptest.c -hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -hmactest.o: ../include/openssl/symhacks.h hmactest.c -ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h -ideatest.o: ../include/openssl/opensslconf.h ideatest.c -md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h -md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md2test.c -md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h -md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c -md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h -md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c -mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h -mdc2test.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h -mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h -mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c -randtest.o: ../e_os.h ../include/openssl/e_os2.h -randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h -randtest.o: ../include/openssl/rand.h randtest.c -rc2test.o: ../e_os.h ../include/openssl/e_os2.h -rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c -rc4test.o: ../e_os.h ../include/openssl/e_os2.h -rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h -rc4test.o: ../include/openssl/sha.h rc4test.c -rc5test.o: ../e_os.h ../include/openssl/e_os2.h -rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h rc5test.c -rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h -rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c -rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h -rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h -rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h -rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -rsa_test.o: ../include/openssl/symhacks.h rsa_test.c -sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c -shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c -ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h -ssltest.o: ../include/openssl/crypto.h ../include/openssl/dh.h -ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -ssltest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -ssltest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h -ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c diff --git a/test/cms-examples.pl b/test/cms-examples.pl new file mode 100644 index 0000000000..2e95b48ba4 --- /dev/null +++ b/test/cms-examples.pl @@ -0,0 +1,409 @@ +# test/cms-examples.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl script to run tests against S/MIME examples in RFC4134 +# Assumes RFC is in current directory and called "rfc4134.txt" + +use MIME::Base64; + +my $badttest = 0; +my $verbose = 1; + +my $cmscmd; +my $exdir = "./"; +my $exfile = "./rfc4134.txt"; + +if (-f "../apps/openssl") + { + $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; + } +elsif (-f "..\\out32dll\\openssl.exe") + { + $cmscmd = "..\\out32dll\\openssl.exe cms"; + } +elsif (-f "..\\out32\\openssl.exe") + { + $cmscmd = "..\\out32\\openssl.exe cms"; + } + +my @test_list = ( + [ "3.1.bin" => "dataout" ], + [ "3.2.bin" => "encode, dataout" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], + [ "4.2.bin" => "encode, verifyder, cont, rsa" ], + [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], + [ "4.4.bin" => "encode, verifyder, cont, dss" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], + [ "4.6.bin" => "encode, verifyder, cont, dss" ], + [ "4.7.bin" => "encode, verifyder, cont, dss" ], + [ "4.8.eml" => "verifymime, dss" ], + [ "4.9.eml" => "verifymime, dss" ], + [ "4.10.bin" => "encode, verifyder, cont, dss" ], + [ "4.11.bin" => "encode, certsout" ], + [ "5.1.bin" => "encode, envelopeder, cont" ], + [ "5.2.bin" => "encode, envelopeder, cont" ], + [ "5.3.eml" => "envelopemime, cont" ], + [ "6.0.bin" => "encode, digest, cont" ], + [ "7.1.bin" => "encode, encrypted, cont" ], + [ "7.2.bin" => "encode, encrypted, cont" ] +); + +# Extract examples from RFC4134 text. +# Base64 decode all examples, certificates and +# private keys are converted to PEM format. + +my ( $filename, $data ); + +my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); + +$data = ""; + +open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; + +while (<IN>) { + next unless (/^\|/); + s/^\|//; + next if (/^\*/); + if (/^>(.*)$/) { + $filename = $1; + next; + } + if (/^</) { + $filename = "$exdir/$filename"; + if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) { + $data = decode_base64($data); + open OUT, ">$filename"; + binmode OUT; + print OUT $data; + close OUT; + push @cleanup, $filename; + } + elsif ( $filename =~ /\.cer$/ ) { + write_pem( $filename, "CERTIFICATE", $data ); + } + elsif ( $filename =~ /\.pri$/ ) { + write_pem( $filename, "PRIVATE KEY", $data ); + } + $data = ""; + $filename = ""; + } + else { + $data .= $_; + } + +} + +my $secretkey = + "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; + +foreach (@test_list) { + my ( $file, $tlist ) = @$_; + print "Example file $file:\n"; + if ( $tlist =~ /encode/ ) { + run_reencode_test( $exdir, $file ); + } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } + if ( $tlist =~ /dataout/ ) { + run_dataout_test( $exdir, $file ); + } + if ( $tlist =~ /verify/ ) { + run_verify_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /digest/ ) { + run_digest_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /encrypted/ ) { + run_encrypted_test( $exdir, $tlist, $file, $secretkey ); + } + if ( $tlist =~ /envelope/ ) { + run_envelope_test( $exdir, $tlist, $file ); + } + +} + +foreach (@cleanup) { + unlink $_; +} + +if ($badtest) { + print "\n$badtest TESTS FAILED!!\n"; +} +else { + print "\n***All tests successful***\n"; +} + +sub write_pem { + my ( $filename, $str, $data ) = @_; + + $filename =~ s/\.[^.]*$/.pem/; + + push @cleanup, $filename; + + open OUT, ">$filename"; + + print OUT "-----BEGIN $str-----\n"; + print OUT $data; + print OUT "-----END $str-----\n"; + + close OUT; +} + +sub run_reencode_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + + system( "$cmscmd -cmsout -inform DER -outform DER" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tReencode command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { + print "\tReencode FAILED!!\n"; + $badtest++; + } + else { + print "\tReencode passed\n" if $verbose; + } +} + +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + +sub run_dataout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.txt"; + + system( + "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tDataout command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { + print "\tDataout compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDataout passed\n" if $verbose; + } +} + +sub run_verify_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /verifyder/; + $form = "SMIME" if $tlist =~ /verifymime/; + $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; + $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; + + $cmd = + "$cmscmd -verify -inform $form" + . " -CAfile $cafile" + . " -in $cmsdir/$tfile -out tmp.txt"; + + $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tVerify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tVerify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tVerify passed\n" if $verbose; + } +} + +sub run_envelope_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /envelopeder/; + $form = "SMIME" if $tlist =~ /envelopemime/; + + $cmd = + "$cmscmd -decrypt -inform $form" + . " -recip $cmsdir/BobRSASignByCarl.pem" + . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" + . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDecrypt command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDecrypt content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDecrypt passed\n" if $verbose; + } +} + +sub run_digest_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + my $cmd = + "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDigest verify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDigest verify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDigest verify passed\n" if $verbose; + } +} + +sub run_encrypted_test { + my ( $cmsdir, $tlist, $tfile, $key ) = @_; + unlink "tmp.txt"; + + system( "$cmscmd -EncryptedData_decrypt -inform DER" + . " -secretkey $key" + . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tEncrypted Data command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tEncrypted Data content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tEncryptedData verify passed\n" if $verbose; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/cms-test.pl b/test/cms-test.pl new file mode 100644 index 0000000000..6ad7883464 --- /dev/null +++ b/test/cms-test.pl @@ -0,0 +1,449 @@ +# test/cms-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# CMS, PKCS7 consistency test script. Run extensive tests on +# OpenSSL PKCS#7 and CMS implementations. + +my $ossl_path; + +if ( -f "../apps/openssl$ENV{EXE_EXT}" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pk7cmd = "$ossl_path smime "; +my $cmscmd = "$ossl_path cms "; +my $smdir = "smime-certs"; +my $halt_err = 1; + +my $badcmd = 0; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; + +my @smime_pkcs7_tests = ( + + [ + "signed content DER format, RSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -certfile $smdir/smroot.pem" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, RSA key", + "-sign -in smcont.txt -outform DER" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, RSA", + "-sign -in smcont.txt -outform DER -nodetach" + . " -stream -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content DER format, DSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, DSA key", + "-sign -in smcont.txt -outform DER" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed detached content DER format, add RSA signer", + "-resign -inform DER -in test.cms -outform DER" + . " -signer $smdir/smrsa1.pem -out test2.cms", + "-verify -in test2.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, DSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -stream -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", + "-sign -in smcont.txt -outform DER -noattr -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, key only used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + "-encrypt -in smcont.txt" + . " -aes256 -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + +); + +my @smime_cms_tests = ( + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", + "-sign -in smcont.txt -outform DER -nodetach -keyid" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform PEM " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test\@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " -CAfile $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + ], + + [ + "data content test streaming PEM format", + "-data_create -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-data_out -in test.cms -inform PEM -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit RC2 key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 40 bit RC2 key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -rc2 -secretkey 0001020304" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 0001020304 -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, triple DES key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit AES key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + +); + +my @smime_cms_comp_tests = ( + + [ + "compressed content test streaming PEM format", + "-compress -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-uncompress -in test.cms -inform PEM -out smtst.txt" + ] + +); + +print "CMS => PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); + +print "CMS <= PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); + +print "CMS <=> CMS consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); +run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); + +if ( `$ossl_path version -f` =~ /ZLIB/ ) { + run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); +} +else { + print "Zlib not supported: compression tests skipped\n"; +} + +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + +if ($badcmd) { + print "$badcmd TESTS FAILED!!\n"; +} +else { + print "ALL TESTS SUCCESSFUL.\n"; +} + +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + +sub run_smime_tests { + my ( $rv, $aref, $scmd, $vcmd ) = @_; + + foreach $smtst (@$aref) { + my ( $tnam, $rscmd, $rvcmd ) = @$smtst; + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + system("$scmd$rscmd 2>cms.err 1>cms.out"); + if ($?) { + print "$tnam: generation error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + system("$vcmd$rvcmd 2>cms.err 1>cms.out"); + if ($?) { + print "$tnam: verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + print "$tnam: OK\n"; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/igetest.c b/test/igetest.c new file mode 100644 index 0000000000..1ba900244d --- /dev/null +++ b/test/igetest.c @@ -0,0 +1,503 @@ +/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include <openssl/aes.h> +#include <openssl/rand.h> +#include <stdio.h> +#include <string.h> +#include <assert.h> + +#define TEST_SIZE 128 +#define BIG_TEST_SIZE 10240 + +static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) + { + int n=0; + + fprintf(f,"%s",title); + for( ; n < l ; ++n) + { + if((n%16) == 0) + fprintf(f,"\n%04x",n); + fprintf(f," %02x",s[n]); + } + fprintf(f,"\n"); + } + +#define MAX_VECTOR_SIZE 64 + +struct ige_test + { + const unsigned char key[16]; + const unsigned char iv[32]; + const unsigned char in[MAX_VECTOR_SIZE]; + const unsigned char out[MAX_VECTOR_SIZE]; + const size_t length; + const int encrypt; + }; + +static struct ige_test const ige_test_vectors[] = { +{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */ + { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52, + 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45, + 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3, + 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */ + 32, AES_ENCRYPT }, /* test vector 0 */ + +{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */ + { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45, + 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */ + { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73, + 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65, + 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74, + 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */ + { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13, + 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a, + 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34, + 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */ + 32, AES_DECRYPT }, /* test vector 1 */ +}; + +struct bi_ige_test + { + const unsigned char key1[32]; + const unsigned char key2[32]; + const unsigned char iv[64]; + const unsigned char in[MAX_VECTOR_SIZE]; + const unsigned char out[MAX_VECTOR_SIZE]; + const size_t keysize; + const size_t length; + const int encrypt; + }; + +static struct bi_ige_test const bi_ige_test_vectors[] = { +{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */ + { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */ + { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56, + 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc, + 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16, + 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */ + 16, 32, AES_ENCRYPT }, /* test vector 0 */ +{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c, + 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a, + 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75, + 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */ + { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13, + 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74, + 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21, + 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */ + { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9, + 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70, + 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42, + 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67, + 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a, + 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20, + 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd, + 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */ + { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c, + 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0, + 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f, + 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b, + 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52, + 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a, + 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c, + 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */ + { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23, + 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79, + 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf, + 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92, + 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51, + 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67, + 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76, + 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */ + 32, 64, AES_ENCRYPT }, /* test vector 1 */ + +}; + +static int run_test_vectors(void) + { + unsigned int n; + int errs = 0; + + for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n) + { + const struct ige_test * const v = &ige_test_vectors[n]; + AES_KEY key; + unsigned char buf[MAX_VECTOR_SIZE]; + unsigned char iv[AES_BLOCK_SIZE*2]; + + assert(v->length <= MAX_VECTOR_SIZE); + + if(v->encrypt == AES_ENCRYPT) + AES_set_encrypt_key(v->key, 8*sizeof v->key, &key); + else + AES_set_decrypt_key(v->key, 8*sizeof v->key, &key); + memcpy(iv, v->iv, sizeof iv); + AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("IGE test vector %d failed\n", n); + hexdump(stdout, "key", v->key, sizeof v->key); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + + /* try with in == out */ + memcpy(iv, v->iv, sizeof iv); + memcpy(buf, v->in, v->length); + AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("IGE test vector %d failed (with in == out)\n", n); + hexdump(stdout, "key", v->key, sizeof v->key); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + } + + for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0]) + ; ++n) + { + const struct bi_ige_test * const v = &bi_ige_test_vectors[n]; + AES_KEY key1; + AES_KEY key2; + unsigned char buf[MAX_VECTOR_SIZE]; + + assert(v->length <= MAX_VECTOR_SIZE); + + if(v->encrypt == AES_ENCRYPT) + { + AES_set_encrypt_key(v->key1, 8*v->keysize, &key1); + AES_set_encrypt_key(v->key2, 8*v->keysize, &key2); + } + else + { + AES_set_decrypt_key(v->key1, 8*v->keysize, &key1); + AES_set_decrypt_key(v->key2, 8*v->keysize, &key2); + } + + AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv, + v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("Bidirectional IGE test vector %d failed\n", n); + hexdump(stdout, "key 1", v->key1, sizeof v->key1); + hexdump(stdout, "key 2", v->key2, sizeof v->key2); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + + ++errs; + } + } + + return errs; + } + +int main(int argc, char **argv) + { + unsigned char rkey[16]; + unsigned char rkey2[16]; + AES_KEY key; + AES_KEY key2; + unsigned char plaintext[BIG_TEST_SIZE]; + unsigned char ciphertext[BIG_TEST_SIZE]; + unsigned char checktext[BIG_TEST_SIZE]; + unsigned char iv[AES_BLOCK_SIZE*4]; + unsigned char saved_iv[AES_BLOCK_SIZE*4]; + int err = 0; + unsigned int n; + unsigned matches; + + assert(BIG_TEST_SIZE >= TEST_SIZE); + + RAND_pseudo_bytes(rkey, sizeof rkey); + RAND_pseudo_bytes(plaintext, sizeof plaintext); + RAND_pseudo_bytes(iv, sizeof iv); + memcpy(saved_iv, iv, sizeof saved_iv); + + /* Forward IGE only... */ + + /* Straight encrypt/decrypt */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, + AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* Now check encrypt chaining works */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv, + AES_ENCRYPT); + AES_ige_encrypt(plaintext+TEST_SIZE/2, + ciphertext+TEST_SIZE/2, TEST_SIZE/2, + &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Chained encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* And check decrypt chaining */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv, + AES_ENCRYPT); + AES_ige_encrypt(plaintext+TEST_SIZE/2, + ciphertext+TEST_SIZE/2, TEST_SIZE/2, + &key, iv, AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv, + AES_DECRYPT); + AES_ige_encrypt(ciphertext+TEST_SIZE/2, + checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Chained encrypt+chained decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* make sure garble extends forwards only */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt halfway through */ + ++ciphertext[sizeof ciphertext/2]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + memcpy(iv, saved_iv, sizeof iv); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/2+sizeof checktext/100) + { + printf("More than 51%% matches after garbling\n"); + ++err; + } + + if(matches < sizeof checktext/2) + { + printf("Garble extends backwards!\n"); + ++err; + } + + /* Bi-directional IGE */ + + /* Note that we don't have to recover the IV, because chaining isn't */ + /* possible with biIGE, so the IV is not updated. */ + + RAND_pseudo_bytes(rkey2, sizeof rkey2); + + /* Straight encrypt/decrypt */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, + AES_ENCRYPT); + + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, + AES_DECRYPT); + + if(memcmp(checktext, plaintext, TEST_SIZE)) + { + printf("Encrypt+decrypt doesn't match\n"); + hexdump(stdout, "Plaintext", plaintext, TEST_SIZE); + hexdump(stdout, "Checktext", checktext, TEST_SIZE); + ++err; + } + + /* make sure garble extends both ways */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt halfway through */ + ++ciphertext[sizeof ciphertext/2]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/100) + { + printf("More than 1%% matches after bidirectional garbling\n"); + ++err; + } + + /* make sure garble extends both ways (2) */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt right at the end */ + ++ciphertext[sizeof ciphertext-1]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/100) + { + printf("More than 1%% matches after bidirectional garbling (2)\n"); + ++err; + } + + /* make sure garble extends both ways (3) */ + AES_set_encrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_ENCRYPT); + + /* corrupt right at the start */ + ++ciphertext[0]; + AES_set_decrypt_key(rkey, 8*sizeof rkey, &key); + AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_DECRYPT); + + matches=0; + for(n=0 ; n < sizeof checktext ; ++n) + if(checktext[n] == plaintext[n]) + ++matches; + + if(matches > sizeof checktext/100) + { + printf("More than 1%% matches after bidirectional garbling (3)\n"); + ++err; + } + + err += run_test_vectors(); + + return err; + } diff --git a/test/maketests.com b/test/maketests.com index 15482cdbb7..3548f43231 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -12,9 +12,9 @@ $! "test" programs for the different types of encryption for OpenSSL. $! It was written so it would try to determine what "C" compiler to $! use or you can specify which "C" compiler to use. $! -$! The test "executeables" will be placed in a directory called -$! [.xxx.EXE.TEST] where "xxx" denotes AXP or VAX depending on your machines -$! architecture. +$! The test "executables" will be placed in a directory called +$! [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending +$! on your machine architecture. $! $! Specify DEBUG or NODEBUG P1 to compile with or without debugger $! information. @@ -46,27 +46,40 @@ $! (That is, If Wee Need To Link To One.) $! $ TCPIP_LIB = "" $! -$! Check Which Architecture We Are Using. +$! Check What Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").GE.128) +$ IF (F$GETSYI("CPU").LT.128) $ THEN $! -$! The Architecture Is AXP. +$! The Architecture Is VAX. $! -$ ARCH := AXP +$ ARCH := VAX $! $! Else... $! $ ELSE $! -$! The Architecture Is VAX. +$! The Architecture Is Alpha, IA64 or whatever comes in the future. $! -$ ARCH := VAX +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" $! $! End The Architecture Check. $! $ ENDIF $! +$! Define The OBJ Directory. +$! +$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST] +$! +$! Define The LIS Directory. +$! +$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.TEST] +$! +$! Define The EXE Directory. +$! +$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST] +$! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS @@ -89,10 +102,6 @@ $! Define The SSL We Are To Use. $! $ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'FILE_POINTER_SIZE'.OLB $! -$! Define The OBJ Directory. -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST] -$! $! Check To See If The Architecture Specific OBJ Directory Exists. $! $ IF (F$PARSE(OBJ_DIR).EQS."") @@ -106,10 +115,6 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! -$! Define The LIS Directory. -$! -$ LIS_DIR := SYS$DISK:[-.'ARCH'.LIS.TEST] -$! $! Check To See If The Architecture Specific LIS Directory Exists. $! $ IF (F$PARSE(LIS_DIR).EQS."") @@ -123,10 +128,6 @@ $! End The Architecture Specific LIS Directory Check. $! $ ENDIF $! -$! Define The EXE Directory. -$! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST] -$! $! Check To See If The Architecture Specific EXE Directory Exists. $! $ IF (F$PARSE(EXE_DIR).EQS."") @@ -149,15 +150,20 @@ $! $ GOSUB CHECK_OPT_FILE $! $! Define The TEST Files. +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the EXE variable in Makefile as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. $! $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - - "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ - + "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ - "RC2TEST,RC4TEST,RC5TEST,"+ - "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - "MDC2TEST,RMDTEST,"+ - "RANDTEST,DHTEST,ENGINETEST,"+ - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST" + "EVP_TEST,JPAKETEST" +$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? +$ $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - TCPIP_PROGRAMS = ",SSLTEST," @@ -226,7 +232,9 @@ $! $! Compile The File. $! $ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE 'SOURCE_FILE' +$ CC/OBJECT='OBJECT_FILE'/LIST='LIST_FILE'/MACHINE_CODE /PREFIX=ALL - + /INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO],SYS$DISK:[-.CRYPTO.X509V3],SYS$DISK:[-.INCLUDE.OPENSSL]) - + 'SOURCE_FILE' $ ON WARNING THEN GOTO NEXT_FILE $! $! Check If What We Are About To Compile Works Without A TCP/IP Library. @@ -361,7 +369,7 @@ $! $ IF (F$SEARCH(OPT_FILE).EQS."") $ THEN $! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. +$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. $! $ IF (ARCH.EQS."VAX") $ THEN @@ -381,19 +389,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -545,7 +553,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -622,7 +630,7 @@ $ CCDEFS = "TCPIP_TYPE_''P3'" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" +$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR" $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS $! @@ -713,7 +721,7 @@ $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -735,9 +743,9 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" @@ -751,7 +759,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -777,7 +785,7 @@ $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! diff --git a/test/pkits-test.pl b/test/pkits-test.pl new file mode 100644 index 0000000000..69dffa16f9 --- /dev/null +++ b/test/pkits-test.pl @@ -0,0 +1,940 @@ +# test/pkits-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl utility to run PKITS tests for RFC3280 compliance. + +my $ossl_path; + +if ( -f "../apps/openssl" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pkitsdir = "pkits/smime"; +my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; + +die "Can't find PKITS test data" if !-d $pkitsdir; + +my $nist1 = "2.16.840.1.101.3.2.1.48.1"; +my $nist2 = "2.16.840.1.101.3.2.1.48.2"; +my $nist3 = "2.16.840.1.101.3.2.1.48.3"; +my $nist4 = "2.16.840.1.101.3.2.1.48.4"; +my $nist5 = "2.16.840.1.101.3.2.1.48.5"; +my $nist6 = "2.16.840.1.101.3.2.1.48.6"; + +my $apolicy = "X509v3 Any Policy"; + +# This table contains the chapter headings of the accompanying PKITS +# document. They provide useful informational output and their names +# can be converted into the filename to test. + +my @testlists = ( + [ "4.1", "Signature Verification" ], + [ "4.1.1", "Valid Signatures Test1", 0 ], + [ "4.1.2", "Invalid CA Signature Test2", 7 ], + [ "4.1.3", "Invalid EE Signature Test3", 7 ], + [ "4.1.4", "Valid DSA Signatures Test4", 0 ], + [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], + [ "4.1.6", "Invalid DSA Signature Test6", 7 ], + [ "4.2", "Validity Periods" ], + [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], + [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], + [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], + [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], + [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], + [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], + [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], + [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], + [ "4.3", "Verifying Name Chaining" ], + [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], + [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], + [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], + [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], + [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], + [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], + [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], + [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], + [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], + [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], + [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], + [ "4.4", "Basic Certificate Revocation Tests" ], + [ "4.4.1", "Missing CRL Test1", 3 ], + [ "4.4.2", "Invalid Revoked CA Test2", 23 ], + [ "4.4.3", "Invalid Revoked EE Test3", 23 ], + [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], + [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], + [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], + [ "4.4.7", "Valid Two CRLs Test7", 0 ], + + # The test document suggests these should return certificate revoked... + # Subsquent discussion has concluded they should not due to unhandle + # critical CRL extensions. + [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], + [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], + + [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], + [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], + [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], + [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], + [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], + [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], + [ "4.4.16", "Valid Long Serial Number Test16", 0 ], + [ "4.4.17", "Valid Long Serial Number Test17", 0 ], + [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], + [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], + [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], + + # CRL path is revoked so get a CRL path validation error + [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], + [ "4.5", "Verifying Paths with Self-Issued Certificates" ], + [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], + [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], + [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], + [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], + [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], + [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], + [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], + [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], + [ "4.6", "Verifying Basic Constraints" ], + [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], + [ "4.6.2", "Invalid cA False Test2", 24 ], + [ "4.6.3", "Invalid cA False Test3", 24 ], + [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], + [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], + [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], + [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], + [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], + [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], + [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], + [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], + [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], + [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], + [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], + [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], + [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], + [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], + [ "4.7", "Key Usage" ], + [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], + [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], + [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], + [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], + [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], + + # Certificate policy tests need special handling. They can have several + # sub tests and we need to check the outputs are correct. + + [ "4.8", "Certificate Policies" ], + [ + "4.8.1.1", + "All Certificates Same Policy Test1", + "-policy anyPolicy -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.2", + "All Certificates Same Policy Test1", + "-policy $nist1 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.1.3", + "All Certificates Same Policy Test1", + "-policy $nist2 -explicit_policy", + "True", $nist1, "<empty>", 43 + ], + [ + "4.8.1.4", + "All Certificates Same Policy Test1", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.2.1", + "All Certificates No Policies Test2", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.8.2.2", + "All Certificates No Policies Test2", + "-policy anyPolicy -explicit_policy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.3.1", + "Different Policies Test3", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.8.3.2", + "Different Policies Test3", + "-policy anyPolicy -explicit_policy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.3.3", + "Different Policies Test3", + "-policy $nist1 -policy $nist2 -explicit_policy", + "True", "<empty>", "<empty>", 43 + ], + + [ + "4.8.4", + "Different Policies Test4", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.5", + "Different Policies Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.6.1", + "Overlapping Policies Test6", + "-policy anyPolicy", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.2", + "Overlapping Policies Test6", + "-policy $nist1", + "True", $nist1, $nist1, 0 + ], + [ + "4.8.6.3", + "Overlapping Policies Test6", + "-policy $nist2", + "True", $nist1, "<empty>", 43 + ], + [ + "4.8.7", + "Different Policies Test7", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.8", + "Different Policies Test8", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.9", + "Different Policies Test9", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.10.1", + "All Certificates Same Policies Test10", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.10.2", + "All Certificates Same Policies Test10", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.10.3", + "All Certificates Same Policies Test10", + "-policy anyPolicy", + "True", "$nist1:$nist2", "$nist1:$nist2", 0 + ], + [ + "4.8.11.1", + "All Certificates AnyPolicy Test11", + "-policy anyPolicy", + "True", "$apolicy", "$apolicy", 0 + ], + [ + "4.8.11.2", + "All Certificates AnyPolicy Test11", + "-policy $nist1", + "True", "$apolicy", "$nist1", 0 + ], + [ + "4.8.12", + "Different Policies Test12", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.8.13.1", + "All Certificates Same Policies Test13", + "-policy $nist1", + "True", "$nist1:$nist2:$nist3", "$nist1", 0 + ], + [ + "4.8.13.2", + "All Certificates Same Policies Test13", + "-policy $nist2", + "True", "$nist1:$nist2:$nist3", "$nist2", 0 + ], + [ + "4.8.13.3", + "All Certificates Same Policies Test13", + "-policy $nist3", + "True", "$nist1:$nist2:$nist3", "$nist3", 0 + ], + [ + "4.8.14.1", "AnyPolicy Test14", + "-policy $nist1", "True", + "$nist1", "$nist1", + 0 + ], + [ + "4.8.14.2", "AnyPolicy Test14", + "-policy $nist2", "True", + "$nist1", "<empty>", + 43 + ], + [ + "4.8.15", + "User Notice Qualifier Test15", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.16", + "User Notice Qualifier Test16", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.17", + "User Notice Qualifier Test17", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.18.1", + "User Notice Qualifier Test18", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + [ + "4.8.18.2", + "User Notice Qualifier Test18", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.8.19", + "User Notice Qualifier Test19", + "-policy anyPolicy", + "False", "$nist1", "$nist1", 0 + ], + [ + "4.8.20", + "CPS Pointer Qualifier Test20", + "-policy anyPolicy -explicit_policy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.9", "Require Explicit Policy" ], + [ + "4.9.1", + "Valid RequireExplicitPolicy Test1", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.9.2", + "Valid RequireExplicitPolicy Test2", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.9.3", + "Invalid RequireExplicitPolicy Test3", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.9.4", + "Valid RequireExplicitPolicy Test4", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.9.5", + "Invalid RequireExplicitPolicy Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.9.6", + "Valid Self-Issued requireExplicitPolicy Test6", + "-policy anyPolicy", + "False", "<empty>", "<empty>", 0 + ], + [ + "4.9.7", + "Invalid Self-Issued requireExplicitPolicy Test7", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.9.8", + "Invalid Self-Issued requireExplicitPolicy Test8", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ "4.10", "Policy Mappings" ], + [ + "4.10.1.1", + "Valid Policy Mapping Test1", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.1.2", + "Valid Policy Mapping Test1", + "-policy $nist2", + "True", "$nist1", "<empty>", 43 + ], + [ + "4.10.1.3", + "Valid Policy Mapping Test1", + "-policy anyPolicy -inhibit_map", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.2.1", + "Invalid Policy Mapping Test2", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.2.2", + "Invalid Policy Mapping Test2", + "-policy anyPolicy -inhibit_map", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.3.1", + "Valid Policy Mapping Test3", + "-policy $nist1", + "True", "$nist2", "<empty>", 43 + ], + [ + "4.10.3.2", + "Valid Policy Mapping Test3", + "-policy $nist2", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.10.4", + "Invalid Policy Mapping Test4", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.5.1", + "Valid Policy Mapping Test5", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.5.2", + "Valid Policy Mapping Test5", + "-policy $nist6", + "True", "$nist1", "<empty>", 43 + ], + [ + "4.10.6.1", + "Valid Policy Mapping Test6", + "-policy $nist1", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.6.2", + "Valid Policy Mapping Test6", + "-policy $nist6", + "True", "$nist1", "<empty>", 43 + ], + [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], + [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], + [ + "4.10.9", + "Valid Policy Mapping Test9", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.10.10", + "Invalid Policy Mapping Test10", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.10.11", + "Valid Policy Mapping Test11", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.1", + "Valid Policy Mapping Test12", + "-policy $nist1", + "True", "$nist1:$nist2", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.12.2", + "Valid Policy Mapping Test12", + "-policy $nist2", + "True", "$nist1:$nist2", "$nist2", 0 + ], + [ + "4.10.13", + "Valid Policy Mapping Test13", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + + # TODO: check notice display + [ + "4.10.14", + "Valid Policy Mapping Test14", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ "4.11", "Inhibit Policy Mapping" ], + [ + "4.11.1", + "Invalid inhibitPolicyMapping Test1", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.2", + "Valid inhibitPolicyMapping Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.3", + "Invalid inhibitPolicyMapping Test3", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.4", + "Valid inhibitPolicyMapping Test4", + "-policy anyPolicy", + "True", "$nist2", "$nist2", 0 + ], + [ + "4.11.5", + "Invalid inhibitPolicyMapping Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.6", + "Invalid inhibitPolicyMapping Test6", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.7", + "Valid Self-Issued inhibitPolicyMapping Test7", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.11.8", + "Invalid Self-Issued inhibitPolicyMapping Test8", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.9", + "Invalid Self-Issued inhibitPolicyMapping Test9", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.10", + "Invalid Self-Issued inhibitPolicyMapping Test10", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.11.11", + "Invalid Self-Issued inhibitPolicyMapping Test11", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ "4.12", "Inhibit Any Policy" ], + [ + "4.12.1", + "Invalid inhibitAnyPolicy Test1", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.2", + "Valid inhibitAnyPolicy Test2", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.1", + "inhibitAnyPolicy Test3", + "-policy anyPolicy", + "True", "$nist1", "$nist1", 0 + ], + [ + "4.12.3.2", + "inhibitAnyPolicy Test3", + "-policy anyPolicy -inhibit_any", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.4", + "Invalid inhibitAnyPolicy Test4", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.5", + "Invalid inhibitAnyPolicy Test5", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ + "4.12.6", + "Invalid inhibitAnyPolicy Test6", + "-policy anyPolicy", + "True", "<empty>", "<empty>", 43 + ], + [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], + [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], + [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], + [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], + [ "4.13", "Name Constraints" ], + [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], + [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], + [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], + [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], + [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], + [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], + [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], + [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], + [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], + [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], + [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], + [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], + [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], + [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], + [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], + [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], + [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], + [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], + [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], + [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], + [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], + [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], + [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], + [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], + [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], + [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], + [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], + [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], + [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], + [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], + [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], + [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], + [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], + [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], + [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], + [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], + [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], + [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], + [ "4.14", "Distribution Points" ], + [ "4.14.1", "Valid distributionPoint Test1", 0 ], + [ "4.14.2", "Invalid distributionPoint Test2", 23 ], + [ "4.14.3", "Invalid distributionPoint Test3", 44 ], + [ "4.14.4", "Valid distributionPoint Test4", 0 ], + [ "4.14.5", "Valid distributionPoint Test5", 0 ], + [ "4.14.6", "Invalid distributionPoint Test6", 23 ], + [ "4.14.7", "Valid distributionPoint Test7", 0 ], + [ "4.14.8", "Invalid distributionPoint Test8", 44 ], + [ "4.14.9", "Invalid distributionPoint Test9", 44 ], + [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], + [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], + [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], + [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], + [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], + [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], + [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], + [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], + [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], + [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], + [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], + [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], + [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], + [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], + [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], + [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], + [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], + [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], + [ "4.14.28", "Valid cRLIssuer Test28", 0 ], + [ "4.14.29", "Valid cRLIssuer Test29", 0 ], + + # Although this test is valid it has a circular dependency. As a result + # an attempt is made to reursively checks a CRL path and rejected due to + # a CRL path validation error. PKITS notes suggest this test does not + # need to be run due to this issue. + [ "4.14.30", "Valid cRLIssuer Test30", 54 ], + [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], + [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], + [ "4.14.33", "Valid cRLIssuer Test33", 0 ], + [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], + [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], + [ "4.15", "Delta-CRLs" ], + [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], + [ "4.15.2", "Valid delta-CRL Test2", 0 ], + [ "4.15.3", "Invalid delta-CRL Test3", 23 ], + [ "4.15.4", "Invalid delta-CRL Test4", 23 ], + [ "4.15.5", "Valid delta-CRL Test5", 0 ], + [ "4.15.6", "Invalid delta-CRL Test6", 23 ], + [ "4.15.7", "Valid delta-CRL Test7", 0 ], + [ "4.15.8", "Valid delta-CRL Test8", 0 ], + [ "4.15.9", "Invalid delta-CRL Test9", 23 ], + [ "4.15.10", "Invalid delta-CRL Test10", 12 ], + [ "4.16", "Private Certificate Extensions" ], + [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], + [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], +); + + +my $verbose = 1; + +my $numtest = 0; +my $numfail = 0; + +my $ossl = "ossl/apps/openssl"; + +my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; +$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; +$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; + +system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; + +die "Can't create trust anchor file" if $?; + +print "Running PKITS tests:\n" if $verbose; + +foreach (@testlists) { + my $argnum = @$_; + if ( $argnum == 2 ) { + my ( $tnum, $title ) = @$_; + print "$tnum $title\n" if $verbose; + } + elsif ( $argnum == 3 ) { + my ( $tnum, $title, $exp_ret ) = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $test_fail = 0; + my $errmsg = ""; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; + my $cmdout = `$cmd`; + $ret = $? >> 8; + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + if ( $exp_ret != $ret ) { + $errmsg .= "Return code:$ret, "; + $errmsg .= "expected $exp_ret\n"; + $test_fail = 1; + } + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print $errmsg; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } + elsif ( $argnum == 7 ) { + my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) + = @$_; + my $filename = $title; + $exp_ret += 32 if $exp_ret; + $filename =~ tr/ -//d; + $filename = "Signed${filename}.eml"; + if ( !-f "$pkitsdir/$filename" ) { + print "\"$filename\" not found\n"; + } + else { + my $ret; + my $cmdout = ""; + my $errmsg = ""; + my $epol = ""; + my $aset = ""; + my $uset = ""; + my $pol = -1; + my $test_fail = 0; + my $cmd = $ossl_cmd; + $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; + @oparr = `$cmd`; + $ret = $? >> 8; + + if ( $? & 0xff ) { + $errmsg .= "Abnormal OpenSSL termination\n"; + $test_fail = 1; + } + foreach (@oparr) { + my $test_failed = 0; + $cmdout .= $_; + if (/^Require explicit Policy: (.*)$/) { + $epol = $1; + } + if (/^Authority Policies/) { + if (/empty/) { + $aset = "<empty>"; + } + else { + $pol = 1; + } + } + $test_fail = 1 if (/leak/i); + if (/^User Policies/) { + if (/empty/) { + $uset = "<empty>"; + } + else { + $pol = 2; + } + } + if (/\s+Policy: (.*)$/) { + if ( $pol == 1 ) { + $aset .= ":" if $aset ne ""; + $aset .= $1; + } + elsif ( $pol == 2 ) { + $uset .= ":" if $uset ne ""; + $uset .= $1; + } + } + } + + if ( $epol ne $exp_epol ) { + $errmsg .= "Explicit policy:$epol, "; + $errmsg .= "expected $exp_epol\n"; + $test_fail = 1; + } + if ( $aset ne $exp_aset ) { + $errmsg .= "Authority policy set :$aset, "; + $errmsg .= "expected $exp_aset\n"; + $test_fail = 1; + } + if ( $uset ne $exp_uset ) { + $errmsg .= "User policy set :$uset, "; + $errmsg .= "expected $exp_uset\n"; + $test_fail = 1; + } + + if ( $exp_ret != $ret ) { + print "Return code:$ret, expected $exp_ret\n"; + $test_fail = 1; + } + + if ($test_fail) { + print "$tnum $title : Failed!\n"; + print "Filename: $pkitsdir/$filename\n"; + print "Command output:\n$cmdout\n"; + $numfail++; + } + $numtest++; + } + } +} + +if ($numfail) { + print "$numfail tests failed out of $numtest\n"; +} +else { + print "All Tests Successful.\n"; +} + +unlink "pkitsta.pem"; + diff --git a/test/smcont.txt b/test/smcont.txt new file mode 100644 index 0000000000..e837c0b75b --- /dev/null +++ b/test/smcont.txt @@ -0,0 +1 @@ +Some test content for OpenSSL CMS
\ No newline at end of file diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem new file mode 100644 index 0000000000..d5677dbfbe --- /dev/null +++ b/test/smime-certs/smdsa1.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd +YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 +C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx +9fMUZq1v0ePD4Wo0Xkxo +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN +CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M +7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG +h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU +4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput +aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV +c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO +kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 +phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n +hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem new file mode 100644 index 0000000000..ef86c115d7 --- /dev/null +++ b/test/smime-certs/smdsa2.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v +It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ +VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 +Nf8SimTZYB0/CKje6M5ufA== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA +g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm +6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs +j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE +FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab +rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB +FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF +FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l +6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 +jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem new file mode 100644 index 0000000000..eeb848dabc --- /dev/null +++ b/test/smime-certs/smdsa3.pem @@ -0,0 +1,34 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 +OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt +GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J +jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt +wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK ++FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z +SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 +GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju +TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g +Y+XZd0Sv69CatDIRYWvaIA== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 +CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ +mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 +jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB +CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV +kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D +xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj +M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz +aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ +pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU +VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput +aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV +c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m +k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu +rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 +OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x +-----END CERTIFICATE----- diff --git a/test/smime-certs/smdsap.pem b/test/smime-certs/smdsap.pem new file mode 100644 index 0000000000..249706c8c7 --- /dev/null +++ b/test/smime-certs/smdsap.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG +Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA +gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d +qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv +Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO +GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB +Qw5z +-----END DSA PARAMETERS----- diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem new file mode 100644 index 0000000000..a59eb2684c --- /dev/null +++ b/test/smime-certs/smroot.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki +9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ +speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB +AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY +JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 +xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ +U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS +Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO +1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 +3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a +3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN +U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 +0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU +ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF +9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk +81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O +BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX +dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG +SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS +l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp +r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem new file mode 100644 index 0000000000..2cf3148e33 --- /dev/null +++ b/test/smime-certs/smrsa1.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E +ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 +JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB +AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i +KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl +JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn +xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf +KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY +Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW +h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg +oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f +QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 +SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl +ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ +yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD +VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi +O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj +9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC +I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem new file mode 100644 index 0000000000..d41f69c82f --- /dev/null +++ b/test/smime-certs/smrsa2.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe +59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT +WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB +AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 ++rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q +dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx +bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 +QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS +M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY +iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex +A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 +jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG +6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ +eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 +00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD +VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 +rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe +ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 +YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem new file mode 100644 index 0000000000..c8cbe55151 --- /dev/null +++ b/test/smime-certs/smrsa3.pem @@ -0,0 +1,31 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy +ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM +h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB +AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi +iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT +/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p +ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC +hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs +OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj +RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T +9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 +GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd +VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU +ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB +ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z +Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H +Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD +VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z +OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud +EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE +tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq +jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ +PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== +-----END CERTIFICATE----- diff --git a/test/tcrl.com b/test/tcrl.com index 86bf9735aa..1f606eb850 100644 --- a/test/tcrl.com +++ b/test/tcrl.com @@ -1,7 +1,9 @@ $! TCRL.COM -- Tests crl keys $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ cmd := mcr 'exe_dir'openssl crl diff --git a/test/test_aesni b/test/test_aesni new file mode 100755 index 0000000000..e8fb63ee2b --- /dev/null +++ b/test/test_aesni @@ -0,0 +1,69 @@ +#!/bin/sh + +PROG=$1 + +if [ -x $PROG ]; then + if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then + : + else + echo "$PROG is not OpenSSL executable" + exit 1 + fi +else + echo "$PROG is not executable" + exit 1; +fi + +if $PROG engine aesni | grep -v no-aesni; then + + HASH=`cat $PROG | $PROG dgst -hex` + + AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ + aes-128-cbc aes-192-cbc aes-256-cbc \ + aes-128-cfb aes-192-cfb aes-256-cfb \ + aes-128-ofb aes-192-ofb aes-256-ofb" + BUFSIZE="16 32 48 64 80 96 128 144 999" + + nerr=0 + + for alg in $AES_ALGS; do + echo $alg + for bufsize in $BUFSIZE; do + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ + $PROG enc -d -k "$HASH" -$alg | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg/$bufsize encrypt test failed" + nerr=`expr $nerr + 1` + fi + done + for bufsize in $BUFSIZE; do + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg | \ + $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg/$bufsize decrypt test failed" + nerr=`expr $nerr + 1` + fi + done + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -engine aesni | \ + $PROG enc -d -k "$HASH" -$alg -engine aesni | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg en/decrypt test failed" + nerr=`expr $nerr + 1` + fi + done + + if [ $nerr -gt 0 ]; then + echo "AESNI engine test failed." + exit 1; + fi +else + echo "AESNI engine is not available" +fi + +exit 0 diff --git a/test/test_padlock b/test/test_padlock new file mode 100755 index 0000000000..5c0f21043c --- /dev/null +++ b/test/test_padlock @@ -0,0 +1,64 @@ +#!/bin/sh + +PROG=$1 + +if [ -x $PROG ]; then + if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then + : + else + echo "$PROG is not OpenSSL executable" + exit 1 + fi +else + echo "$PROG is not executable" + exit 1; +fi + +if $PROG engine padlock | grep -v no-ACE; then + + HASH=`cat $PROG | $PROG dgst -hex` + + ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ + aes-128-cbc aes-192-cbc aes-256-cbc \ + aes-128-cfb aes-192-cfb aes-256-cfb \ + aes-128-ofb aes-192-ofb aes-256-ofb" + + nerr=0 + + for alg in $ACE_ALGS; do + echo $alg + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ + $PROG enc -d -k "$HASH" -$alg | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg encrypt test failed" + nerr=`expr $nerr + 1` + fi + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg | \ + $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg decrypt test failed" + nerr=`expr $nerr + 1` + fi + TEST=`( cat $PROG | \ + $PROG enc -e -k "$HASH" -$alg -engine padlock | \ + $PROG enc -d -k "$HASH" -$alg -engine padlock | \ + $PROG dgst -hex ) 2>/dev/null` + if [ "$TEST" != "$HASH" ]; then + echo "-$alg en/decrypt test failed" + nerr=`expr $nerr + 1` + fi + done + + if [ $nerr -gt 0 ]; then + echo "PadLock ACE test failed." + exit 1; + fi +else + echo "PadLock ACE is not available" +fi + +exit 0 diff --git a/test/testca.com b/test/testca.com index c670f2bf5f..ec7e56dad6 100644 --- a/test/testca.com +++ b/test/testca.com @@ -1,8 +1,9 @@ $! TESTCA.COM $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ $ openssl := mcr 'exe_dir'openssl $ @@ -11,7 +12,7 @@ $ $ set noon $ if f$search("demoCA.dir") .nes. "" $ then -$ call deltree [.demoCA]*.* +$ @[-.util]deltree [.demoCA]*.* $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;* $ delete demoCA.dir;* $ endif @@ -38,7 +39,7 @@ $ @[-.apps]CA.com -verify newcert.pem $ if $severity .ne. 1 then exit 3 $ $ set noon -$ call deltree [.demoCA]*.* +$ @[-.util]deltree [.demoCA]*.* $ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;* $ delete demoCA.dir;* $ if f$search("newcert.pem") .nes. "" then delete newcert.pem;* @@ -47,32 +48,3 @@ $ set on $! #usage: CA -newcert|-newreq|-newca|-sign|-verify $ $ exit -$ -$ deltree: subroutine ! P1 is a name of a directory -$ on control_y then goto dt_STOP -$ on warning then goto dt_exit -$ _dt_def = f$trnlnm("SYS$DISK")+f$directory() -$ if f$parse(p1) .eqs. "" then exit -$ set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")' -$ p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE") -$ _fp = f$parse(".DIR",p1) -$ dt_loop: -$ _f = f$search(_fp) -$ if _f .eqs. "" then goto dt_loopend -$ call deltree [.'f$parse(_f,,,"NAME")']*.* -$ goto dt_loop -$ dt_loopend: -$ _fp = f$parse(p1,".;*") -$ if f$search(_fp) .eqs. "" then goto dt_exit -$ set noon -$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp' -$ set on -$ delete/nolog '_fp' -$ dt_exit: -$ set default '_dt_def' -$ exit -$ dt_STOP: -$ set default '_dt_def' -$ stop/id="" -$ exit -$ endsubroutine diff --git a/test/testenc b/test/testenc index 23e3f5a376..f5ce7c0c45 100644 --- a/test/testenc +++ b/test/testenc @@ -1,6 +1,6 @@ #!/bin/sh -testsrc=Makefile.ssl +testsrc=Makefile test=./p cmd="../util/shlib_wrap.sh ../apps/openssl" diff --git a/test/testenc.com b/test/testenc.com index c24fa388c0..621d9a2126 100644 --- a/test/testenc.com +++ b/test/testenc.com @@ -1,10 +1,11 @@ $! TESTENC.COM -- Test encoding and decoding $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP -$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ -$ testsrc := makefile.ssl +$ testsrc := makefile. $ test := p.txt $ cmd := mcr 'exe_dir'openssl $ diff --git a/test/testgen.com b/test/testgen.com index 5d28ebec72..a4bc574bec 100644 --- a/test/testgen.com +++ b/test/testgen.com @@ -1,7 +1,9 @@ $! TETSGEN.COM $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ T := testcert diff --git a/test/tests.com b/test/tests.com index 9263c8b843..92984e1195 100644 --- a/test/tests.com +++ b/test/tests.com @@ -6,14 +6,20 @@ $ __proc = f$element(0,";",f$environment("procedure")) $ __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;" $ __save_default = f$environment("default") $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ $ show time $ $ texe_dir := sys$disk:[-.'__arch'.exe.test] $ exe_dir := sys$disk:[-.'__arch'.exe.apps] -$! +$ +$ sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]" +$ define /translation_attributes = concealed sslroot 'sslroot' +$ $ set default '__here' +$ $ on control_y then goto exit $ on error then goto exit $ @@ -21,14 +27,18 @@ $ if p1 .nes. "" $ then $ tests = p1 $ else +$! NOTE: This list reflects the list of dependencies following the +$! "alltests" target in Makefile. This should make it easy to see +$! if there's a difference that needs to be taken care of. $ tests := - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- - test_md2,test_mdc2,- - test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,- + test_md2,test_mdc2,test_wp,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ca,test_engine,test_evp,test_ssl + test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,- + test_jpake,test_cms $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -46,6 +56,7 @@ $ MD2TEST := md2test $ MD4TEST := md4test $ MD5TEST := md5test $ HMACTEST := hmactest +$ WPTEST := wp_test $ RC2TEST := rc2test $ RC4TEST := rc4test $ RC5TEST := rc5test @@ -60,6 +71,8 @@ $ SSLTEST := ssltest $ RSATEST := rsa_test $ ENGINETEST := enginetest $ EVPTEST := evp_test +$ IGETEST := igetest +$ JPAKETEST := jpaketest $ $ tests_i = 0 $ loop_tests: @@ -97,6 +110,9 @@ $ return $ test_hmac: $ mcr 'texe_dir''hmactest' $ return +$ test_wp: +$ mcr 'texe_dir''wptest' +$ return $ test_md2: $ mcr 'texe_dir''md2test' $ return @@ -252,13 +268,39 @@ $ write sys$output "Generate and certify a test certificate via the 'ca' pro $ @testca.com $ endif $ return -$ test_rd: -$ write sys$output "test Rijndael" -$ !mcr 'texe_dir''rdtest' +$ test_aes: +$! write sys$output "test AES" +$! !mcr 'texe_dir''aestest' +$ return +$ test_tsa: +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping testtsa.com test -- requires RSA" +$ else +$ @testtsa.com +$ endif +$ return +$ test_ige: +$ write sys$output "Test IGE mode" +$ mcr 'texe_dir''igetest' +$ return +$ test_jpake: +$ write sys$output "Test JPAKE" +$ mcr 'texe_dir''jpaketest' +$ return +$ test_cms: +$ write sys$output "CMS consistency test" +$ perl CMS-TEST.PL $ return $ $ $ exit: $ set default '__save_default' $ show time +$ deassign sslroot $ exit diff --git a/test/testss.com b/test/testss.com index 685ae5043d..6598106b09 100644 --- a/test/testss.com +++ b/test/testss.com @@ -1,7 +1,9 @@ $! TESTSS.COM $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ digest="-md5" diff --git a/test/testssl b/test/testssl index 8ac90ae5ee..f9d7c5d65f 100644 --- a/test/testssl +++ b/test/testssl @@ -142,4 +142,10 @@ else fi fi +echo test tls1 with PSK +$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 + +echo test tls1 with PSK via BIO pair +$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 + exit 0 diff --git a/test/testssl.com b/test/testssl.com index 26308f7715..9c83afba04 100644 --- a/test/testssl.com +++ b/test/testssl.com @@ -1,7 +1,9 @@ $! TESTSSL.COM $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ texe_dir := sys$disk:[-.'__arch'.exe.test] $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ diff --git a/test/testsslproxy b/test/testsslproxy index 70cf12342d..58bbda8ab7 100644 --- a/test/testsslproxy +++ b/test/testsslproxy @@ -4,7 +4,7 @@ echo 'Testing a lot of proxy conditions.' echo 'Some of them may turn out being invalid, which is fine.' for auth in A B C BC; do for cond in A B C 'A|B&!C'; do - sh ./testssl $1 $2 $3 "-proxy_auth $auth -proxy_cond $cond" + sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" if [ $? = 3 ]; then exit 1; fi done done diff --git a/test/testtsa b/test/testtsa new file mode 100644 index 0000000000..bb653b5f73 --- /dev/null +++ b/test/testtsa @@ -0,0 +1,238 @@ +#!/bin/sh + +# +# A few very basic tests for the 'ts' time stamping authority command. +# + +SH="/bin/sh" +if test "$OSTYPE" = msdosdjgpp; then + PATH="../apps\;$PATH" +else + PATH="../apps:$PATH" +fi +export SH PATH + +OPENSSL_CONF="../CAtsa.cnf" +export OPENSSL_CONF +# Because that's what ../apps/CA.sh really looks at +SSLEAY_CONFIG="-config $OPENSSL_CONF" +export SSLEAY_CONFIG + +OPENSSL="`pwd`/../util/opensslwrap.sh" +export OPENSSL + +error () { + + echo "TSA test failed!" >&2 + exit 1 +} + +setup_dir () { + + rm -rf tsa 2>/dev/null + mkdir tsa + cd ./tsa +} + +clean_up_dir () { + + cd .. + rm -rf tsa +} + +create_ca () { + + echo "Creating a new CA for the TSA tests..." + TSDNSECT=ts_ca_dn + export TSDNSECT + ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ + -out tsaca.pem -keyout tsacakey.pem + test $? != 0 && error +} + +create_tsa_cert () { + + INDEX=$1 + export INDEX + EXT=$2 + TSDNSECT=ts_cert_dn + export TSDNSECT + + ../../util/shlib_wrap.sh ../../apps/openssl req -new \ + -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem + test $? != 0 && error +echo Using extension $EXT + ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ + -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ + -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ + -extfile $OPENSSL_CONF -extensions $EXT + test $? != 0 && error +} + +print_request () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text +} + +create_time_stamp_request1 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq + test $? != 0 && error +} + +create_time_stamp_request2 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ + -out req2.tsq + test $? != 0 && error +} + +create_time_stamp_request3 () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq + test $? != 0 && error +} + +print_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text + test $? != 0 && error +} + +create_time_stamp_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 + test $? != 0 && error +} + +time_stamp_response_token_test () { + + RESPONSE2=$2.copy.tsr + TOKEN_DER=$2.token.der + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 + test $? != 0 && error + cmp $RESPONSE2 $2 + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out + test $? != 0 && error +} + +verify_time_stamp_response () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + test $? != 0 && error +} + +verify_time_stamp_token () { + + # create the token from the response first + ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem + test $? != 0 && error + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ + -CAfile tsaca.pem -untrusted tsa_cert1.pem + test $? != 0 && error +} + +verify_time_stamp_response_fail () { + + ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ + -untrusted tsa_cert1.pem + # Checks if the verification failed, as it should have. + test $? = 0 && error + echo Ok +} + +# main functions + +echo "Setting up TSA test directory..." +setup_dir + +echo "Creating CA for TSA tests..." +create_ca + +echo "Creating tsa_cert1.pem TSA server cert..." +create_tsa_cert 1 tsa_cert + +echo "Creating tsa_cert2.pem non-TSA server cert..." +create_tsa_cert 2 non_tsa_cert + +echo "Creating req1.req time stamp request for file testtsa..." +create_time_stamp_request1 + +echo "Printing req1.req..." +print_request req1.tsq + +echo "Generating valid response for req1.req..." +create_time_stamp_response req1.tsq resp1.tsr tsa_config1 + +echo "Printing response..." +print_response resp1.tsr + +echo "Verifying valid response..." +verify_time_stamp_response req1.tsq resp1.tsr ../testtsa + +echo "Verifying valid token..." +verify_time_stamp_token req1.tsq resp1.tsr ../testtsa + +# The tests below are commented out, because invalid signer certificates +# can no longer be specified in the config file. + +# echo "Generating _invalid_ response for req1.req..." +# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 + +# echo "Printing response..." +# print_response resp1_bad.tsr + +# echo "Verifying invalid response, it should fail..." +# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr + +echo "Creating req2.req time stamp request for file testtsa..." +create_time_stamp_request2 + +echo "Printing req2.req..." +print_request req2.tsq + +echo "Generating valid response for req2.req..." +create_time_stamp_response req2.tsq resp2.tsr tsa_config1 + +echo "Checking '-token_in' and '-token_out' options with '-reply'..." +time_stamp_response_token_test req2.tsq resp2.tsr + +echo "Printing response..." +print_response resp2.tsr + +echo "Verifying valid response..." +verify_time_stamp_response req2.tsq resp2.tsr ../testtsa + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req1.tsq resp2.tsr + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req2.tsq resp1.tsr + +echo "Creating req3.req time stamp request for file CAtsa.cnf..." +create_time_stamp_request3 + +echo "Printing req3.req..." +print_request req3.tsq + +echo "Verifying response against wrong request, it should fail..." +verify_time_stamp_response_fail req3.tsq resp1.tsr + +echo "Cleaning up..." +clean_up_dir + +exit 0 diff --git a/test/testtsa.com b/test/testtsa.com new file mode 100644 index 0000000000..e3c586f14a --- /dev/null +++ b/test/testtsa.com @@ -0,0 +1,248 @@ +$! +$! A few very basic tests for the 'ts' time stamping authority command. +$! +$ +$ __arch := VAX +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK +$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ +$ openssl := mcr 'f$parse(exe_dir+"openssl.exe")' +$ OPENSSL_CONF := [-]CAtsa.cnf +$ ! Because that's what ../apps/CA.sh really looks at +$ SSLEAY_CONFIG = "-config " + OPENSSL_CONF +$ +$ error: +$ subroutine +$ write sys$error "TSA test failed!" +$ exit 3 +$ endsubroutine +$ +$ setup_dir: +$ subroutine +$ +$ if f$search("tsa.dir") .nes "" +$ then +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endif +$ +$ create/dir [.tsa] +$ set default [.tsa] +$ endsubroutine +$ +$ clean_up_dir: +$ subroutine +$ +$ set default [-] +$ @[-.util]deltree [.tsa]*.* +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;* +$ delete tsa.dir;* +$ endsubroutine +$ +$ create_ca: +$ subroutine +$ +$ write sys$output "Creating a new CA for the TSA tests..." +$ TSDNSECT = "ts_ca_dn" +$ openssl req -new -x509 -nodes - + -out tsaca.pem -keyout tsacakey.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_tsa_cert: +$ subroutine +$ +$ INDEX=p1 +$ EXT=p2 +$ TSDNSECT = "ts_cert_dn" +$ +$ openssl req -new - + -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem +$ if $severity .ne. 1 then call error +$ +$ write sys$output "Using extension ''EXT'" +$ openssl x509 -req - + -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem - + "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" - + -extfile 'OPENSSL_CONF' -extensions "''EXT'" +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_request: +$ subroutine +$ +$ openssl ts -query -in 'p1' -text +$ endsubroutine +$ +$ create_time_stamp_request1: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy1 - + -cert -out req1.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request2: subroutine +$ +$ openssl ts -query -data [-]testtsa.com -policy tsa_policy2 - + -no_nonce -out req2.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_request3: subroutine +$ +$ openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ print_response: +$ subroutine +$ +$ openssl ts -reply -in 'p1' -text +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ create_time_stamp_response: +$ subroutine +$ +$ openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2' +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ time_stamp_response_token_test: +$ subroutine +$ +$ RESPONSE2:='p2'.copy_tsr +$ TOKEN_DER:='p2'.token_der +$ openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2' +$ if $severity .ne. 1 then call error +$ backup/compare 'RESPONSE2' 'p2' +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'p2' -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -reply -queryfile 'p1' -text -token_out +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_token: +$ subroutine +$ +$ ! create the token from the response first +$ openssl ts -reply -in 'p2' -out 'p2'.token -token_out +$ if $severity .ne. 1 then call error +$ openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ openssl ts -verify -data 'p3' -in 'p2'.token -token_in - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ if $severity .ne. 1 then call error +$ endsubroutine +$ +$ verify_time_stamp_response_fail: +$ subroutine +$ +$ openssl ts -verify -queryfile 'p1' -in 'p2' - + "-CAfile" tsaca.pem -untrusted tsa_cert1.pem +$ ! Checks if the verification failed, as it should have. +$ if $severity .eq. 1 then call error +$ write sys$output "Ok" +$ endsubroutine +$ +$ ! Main body ---------------------------------------------------------- +$ +$ write sys$output "Setting up TSA test directory..." +$ call setup_dir +$ +$ write sys$output "Creating CA for TSA tests..." +$ call create_ca +$ +$ write sys$output "Creating tsa_cert1.pem TSA server cert..." +$ call create_tsa_cert 1 "tsa_cert" +$ +$ write sys$output "Creating tsa_cert2.pem non-TSA server cert..." +$ call create_tsa_cert 2 "non_tsa_cert" +$ +$ write sys$output "Creating req1.req time stamp request for file testtsa..." +$ call create_time_stamp_request1 +$ +$ write sys$output "Printing req1.req..." +$ call print_request req1.tsq +$ +$ write sys$output "Generating valid response for req1.req..." +$ call create_time_stamp_response req1.tsq resp1.tsr tsa_config1 +$ +$ write sys$output "Printing response..." +$ call print_response resp1.tsr +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com +$ +$ write sys$output "Verifying valid token..." +$ call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com +$ +$ ! The tests below are commented out, because invalid signer certificates +$ ! can no longer be specified in the config file. +$ +$ ! write sys$output "Generating _invalid_ response for req1.req..." +$ ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 +$ +$ ! write sys$output "Printing response..." +$ ! call print_response resp1_bad.tsr +$ +$ ! write sys$output "Verifying invalid response, it should fail..." +$ ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr +$ +$ write sys$output "Creating req2.req time stamp request for file testtsa..." +$ call create_time_stamp_request2 +$ +$ write sys$output "Printing req2.req..." +$ call print_request req2.tsq +$ +$ write sys$output "Generating valid response for req2.req..." +$ call create_time_stamp_response req2.tsq resp2.tsr tsa_config1 +$ +$ write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..." +$ call time_stamp_response_token_test req2.tsq resp2.tsr +$ +$ write sys$output "Printing response..." +$ call print_response resp2.tsr +$ +$ write sys$output "Verifying valid response..." +$ call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail req1.tsq resp2.tsr +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail req2.tsq resp1.tsr +$ +$ write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..." +$ call create_time_stamp_request3 +$ +$ write sys$output "Printing req3.req..." +$ call print_request req3.tsq +$ +$ write sys$output "Verifying response against wrong request, it should fail..." +$ call verify_time_stamp_response_fail req3.tsq resp1.tsr +$ +$ write sys$output "Cleaning up..." +$ call clean_up_dir +$ +$ exit diff --git a/test/times b/test/times index 49aeebf216..6b66eb342e 100644 --- a/test/times +++ b/test/times @@ -1,7 +1,7 @@ More number for the questions about SSL overheads.... -The following numbers were generated on a pentium pro 200, running linux. +The following numbers were generated on a Pentium pro 200, running Linux. They give an indication of the SSL protocol and encryption overheads. The program that generated them is an unreleased version of ssl/ssltest.c @@ -11,7 +11,7 @@ interface. How do I read this? The protocol and cipher are reasonable obvious. The next number is the number of connections being made. The next is the -number of bytes exchanged bewteen the client and server side of the protocol. +number of bytes exchanged between the client and server side of the protocol. This is the number of bytes that the client sends to the server, and then the server sends back. Because this is all happening in one process, the data is being encrypted, decrypted, encrypted and then decrypted again. @@ -55,10 +55,10 @@ SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s What does this all mean? Well for a server, with no session-id reuse, with a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, -a pentium pro 200 running linux can handle the SSLv3 protocol overheads of +a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of about 49 connections a second. Reality will be quite different :-). -Remeber the first number is 1000 full ssl handshakes, the second is +Remember the first number is 1000 full ssl handshakes, the second is 1 full and 999 with session-id reuse. The RSA overheads for each exchange would be one public and one private operation, but the protocol/MAC/cipher cost would be quite similar in both the client and server. @@ -68,25 +68,25 @@ eric (adding numbers to speculation) --- Appendix --- - The time measured is user time but these number a very rough. - Remember this is the cost of both client and server sides of the protocol. -- The TCP/kernal overhead of connection establishment is normally the +- The TCP/kernel overhead of connection establishment is normally the killer in SSL. Often delays in the TCP protocol will make session-id reuse look slower that new sessions, but this would not be the case on a loaded server. -- The TCP round trip latencies, while slowing indervidual connections, +- The TCP round trip latencies, while slowing individual connections, would have minimal impact on throughput. - Instead of sending one 102400 byte buffer, one 8k buffer is sent until - the required number of bytes are processed. -- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. +- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. - A 512bit server key was being used except where noted. - No server key verification was being performed on the client side of the protocol. This would slow things down very little. - The library being used is SSLeay 0.8.x. -- The normal mesauring system was commands of the form +- The normal measuring system was commands of the form time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse This modified version of ssltest should be in the next public release of SSLeay. -The general cipher performace number for this platform are +The general cipher performance number for this platform are SSLeay 0.8.2a 04-Sep-1997 built on Fri Sep 5 17:37:05 EST 1997 diff --git a/test/tpkcs7.com b/test/tpkcs7.com index 047834fba4..e107cc141a 100644 --- a/test/tpkcs7.com +++ b/test/tpkcs7.com @@ -1,7 +1,9 @@ $! TPKCS7.COM -- Tests pkcs7 keys $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ cmd := mcr 'exe_dir'openssl pkcs7 diff --git a/test/tpkcs7d.com b/test/tpkcs7d.com index 193bb72137..5ff653ccee 100644 --- a/test/tpkcs7d.com +++ b/test/tpkcs7d.com @@ -1,7 +1,9 @@ $! TPKCS7.COM -- Tests pkcs7 keys $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ cmd := mcr 'exe_dir'openssl pkcs7 @@ -8,7 +8,7 @@ else t=testreq.pem fi -if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then +if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then echo "skipping req conversion test for $t" exit 0 fi diff --git a/test/treq.com b/test/treq.com index 5524e485ba..d2594be6a7 100644 --- a/test/treq.com +++ b/test/treq.com @@ -1,7 +1,9 @@ $! TREQ.COM -- Tests req keys $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf diff --git a/test/trsa.com b/test/trsa.com index 6dbe59ef64..d3a8a605b7 100644 --- a/test/trsa.com +++ b/test/trsa.com @@ -1,7 +1,9 @@ $! TRSA.COM -- Tests rsa keys $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ set noon diff --git a/test/tsid.com b/test/tsid.com index abd1d4d737..267ace1135 100644 --- a/test/tsid.com +++ b/test/tsid.com @@ -1,7 +1,9 @@ $! TSID.COM -- Tests sid keys $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ cmd := mcr 'exe_dir'openssl sess_id diff --git a/test/tverify.com b/test/tverify.com index f97e71478f..01431f4aac 100644 --- a/test/tverify.com +++ b/test/tverify.com @@ -1,26 +1,63 @@ $! TVERIFY.COM $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK +$! +$ line_max = 255 ! Could be longer on modern non-VAX. +$ temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp" $ exe_dir := sys$disk:[-.'__arch'.exe.apps] -$ -$ copy/concatenate [-.certs]*.pem certs.tmp -$ +$ cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'" +$ cmd_len = f$length( cmd) +$ pems = "[-.certs...]*.pem" +$! +$! Concatenate all the certificate files. +$! +$ copy /concatenate 'pems' 'temp_file_name' +$! +$! Loop through all the certificate files. +$! +$ args = "" $ old_f := -$ loop_certs: -$ c := NO -$ certs := -$ loop_certs2: -$ f = f$search("[-.certs]*.pem") -$ if f .nes. "" .and. f .nes. old_f +$ loop_file: +$ f = f$search( pems) +$ if ((f .nes. "") .and. (f .nes. old_f)) +$ then +$ old_f = f +$! +$! If this file name would over-extend the command line, then +$! run the command now. +$! +$ if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max) +$ then +$ if (args .eqs. "") then goto disaster +$ 'cmd''args' +$ args = "" +$ endif +$! Add the next file to the argument list. +$ args = args+ " "+ f +$ else +$! No more files in the list +$ goto loop_file_end +$ endif +$ goto loop_file +$ loop_file_end: +$! +$! Run the command for any left-over arguments. +$! +$ if (args .nes. "") $ then -$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem" -$ if f$length(certs) .lt. 180 then goto loop_certs2 -$ c := YES +$ 'cmd''args' $ endif -$ certs = certs - " " -$ -$ mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs' -$ if c then goto loop_certs -$ -$ delete certs.tmp;* +$! +$! Delete the temporary file. +$! +$ if (f$search( "''temp_file_name';*") .nes. "") then - + delete 'temp_file_name';* +$! +$ exit +$! +$ disaster: +$ write sys$output " Command line too long. Doomed." +$! diff --git a/test/tx509.com b/test/tx509.com index 7b2592f773..399eb01490 100644 --- a/test/tx509.com +++ b/test/tx509.com @@ -1,7 +1,9 @@ $! TX509.COM -- Tests x509 certificates $ $ __arch := VAX -$ if f$getsyi("cpu") .ge. 128 then __arch := AXP +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch := UNK $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ $ cmd := mcr 'exe_dir'openssl x509 |