summaryrefslogtreecommitdiff
path: root/regress/lib
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>1999-01-04 07:59:59 +0000
committerBob Beck <beck@cvs.openbsd.org>1999-01-04 07:59:59 +0000
commit6d589750366bbaef5cdddaf2434e9e4f7f33e559 (patch)
tree636750dde4cd0aa781b04aa7c7b6c86dfae77b3e /regress/lib
parente9b47f4a456840d1b1e0bb387538ff67e43e6593 (diff)
ssl lib test scripts. Need to be tested so as not to break build process
before this libssl dir is added to the upper level Makefile.
Diffstat (limited to 'regress/lib')
-rw-r--r--regress/lib/libssl/Makefile11
-rw-r--r--regress/lib/libssl/README8
-rw-r--r--regress/lib/libssl/ssleay.cnf27
-rw-r--r--regress/lib/libssl/test_client.sh11
-rw-r--r--regress/lib/libssl/test_server.sh9
-rw-r--r--regress/lib/libssl/testdsa.sh25
-rw-r--r--regress/lib/libssl/testenc.sh61
-rw-r--r--regress/lib/libssl/testrsa.sh35
8 files changed, 187 insertions, 0 deletions
diff --git a/regress/lib/libssl/Makefile b/regress/lib/libssl/Makefile
new file mode 100644
index 00000000000..5eb5fc64557
--- /dev/null
+++ b/regress/lib/libssl/Makefile
@@ -0,0 +1,11 @@
+
+CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem
+
+install:
+
+regress:
+ sh ${.CURDIR}/testenc.sh
+ sh ${.CURDIR}/testdsa.sh
+# sh ${.CURDIR}/testrsa.sh
+
+.include <bsd.prog.mk>
diff --git a/regress/lib/libssl/README b/regress/lib/libssl/README
new file mode 100644
index 00000000000..b1bab65fd12
--- /dev/null
+++ b/regress/lib/libssl/README
@@ -0,0 +1,8 @@
+testenc.sh tests encryption routines
+testdsa.sh tests DSA certificate generation
+test_server.sh starts a tls1 server using the above generated certificate
+test_client.sh starts a client to talk to the server.
+testrsa.sh tests RSA certificate generation - this SHOULD FAIL with the
+ version of the library in openbsd because all the RSA routines
+ are (currently) stubbed.
+
diff --git a/regress/lib/libssl/ssleay.cnf b/regress/lib/libssl/ssleay.cnf
new file mode 100644
index 00000000000..c8439860c3a
--- /dev/null
+++ b/regress/lib/libssl/ssleay.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name = req_distinguished_name
+encrypt_rsa_key = no
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = CA
+countryName_value = CA
+
+organizationName = Organization Name (eg, company)
+organizationName_value = Shake it Vera
+
+0.commonName = Common Name (eg, YOUR name)
+0.commonName_value = Wastelandus
+
+1.commonName = Common Name (eg, YOUR name)
+1.commonName_value = Maximus
+
diff --git a/regress/lib/libssl/test_client.sh b/regress/lib/libssl/test_client.sh
new file mode 100644
index 00000000000..36a8f84532b
--- /dev/null
+++ b/regress/lib/libssl/test_client.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+echo
+echo This starts a tls1 mode client to talk to the server run by
+echo ./testserver.sh. You should start the server first.
+echo
+echo type in this window after ssl negotiation and your output should
+echo be echoed by the server.
+echo
+echo
+/usr/sbin/ssleay s_client -tls1
diff --git a/regress/lib/libssl/test_server.sh b/regress/lib/libssl/test_server.sh
new file mode 100644
index 00000000000..5467c524590
--- /dev/null
+++ b/regress/lib/libssl/test_server.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+echo This starts a tls1 mode server using the DSA certificate in ./server.pem
+echo Run ./testclient.sh in another window and type at it, you should
+echo see the results of the ssl negotiation, and stuff you type in the client
+echo should echo in this window
+echo
+echo
+/usr/sbin/ssleay s_server -tls1 -key testdsa.key -cert testdsa.pem
diff --git a/regress/lib/libssl/testdsa.sh b/regress/lib/libssl/testdsa.sh
new file mode 100644
index 00000000000..4c9668c906f
--- /dev/null
+++ b/regress/lib/libssl/testdsa.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+#Test DSA certificate generation of ssleay
+
+# Generate DSA paramter set
+ssleay dsaparam 512 -out dsa512.pem
+if [ $? != 0 ]; then
+ exit 1;
+fi
+
+
+# Denerate a DSA certificate
+ssleay req -config ssleay.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
+if [ $? != 0 ]; then
+ exit 1;
+fi
+
+
+# Now check the certificate
+ssleay x509 -text -in testdsa.pem
+if [ $? != 0 ]; then
+ exit 1;
+fi
+
+exit 0
diff --git a/regress/lib/libssl/testenc.sh b/regress/lib/libssl/testenc.sh
new file mode 100644
index 00000000000..ab3278f27e7
--- /dev/null
+++ b/regress/lib/libssl/testenc.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+testsrc=./ssleay.cnf
+test=./p
+cmd=/usr/sbin/ssleay
+
+cat $testsrc >$test;
+
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+ exit 1
+else
+ /bin/rm $test.cipher $test.clear
+fi
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+ exit 1
+else
+ /bin/rm $test.cipher $test.clear
+fi
+
+for i in rc4 \
+ des-cfb des-ede-cfb des-ede3-cfb \
+ des-ofb des-ede-ofb des-ede3-ofb \
+ des-ecb des-ede des-ede3 desx \
+ des-cbc des-ede-cbc des-ede3-cbc \
+ rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
+ bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+ cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+do
+ echo $i
+ $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+ $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+ cmp $test $test.$i.clear
+ if [ $? != 0 ]
+ then
+ exit 1
+ else
+ /bin/rm $test.$i.cipher $test.$i.clear
+ fi
+
+ echo $i base64
+ $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+ $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+ cmp $test $test.$i.clear
+ if [ $? != 0 ]
+ then
+ exit 1
+ else
+ /bin/rm $test.$i.cipher $test.$i.clear
+ fi
+done
+rm -f $test
diff --git a/regress/lib/libssl/testrsa.sh b/regress/lib/libssl/testrsa.sh
new file mode 100644
index 00000000000..79c578834a5
--- /dev/null
+++ b/regress/lib/libssl/testrsa.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+#Test RSA certificate generation of ssleay
+
+echo
+echo RSA paramters test - NOTE THAT THIS WILL ONLY WORK IF YOU HAVE
+echo compiled libssl with the src-patent tree, currently living in
+echo ~ryker/src-patent.tar.gz on cvs.
+echo
+echo This will *not* work with what\'s in the tree, rsa is not in that.
+echo
+sleep 3
+
+
+# Generate RSA private key
+ssleay genrsa -out rsakey.pem
+if [ $? != 0 ]; then
+ exit 1;
+fi
+
+
+# Denerate an RSA certificate
+ssleay req -config ssleay.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
+if [ $? != 0 ]; then
+ exit 1;
+fi
+
+
+# Now check the certificate
+ssleay x509 -text -in rsacert.pem
+if [ $? != 0 ]; then
+ exit 1;
+fi
+
+exit 0