diff options
author | Bob Beck <beck@cvs.openbsd.org> | 1999-01-04 07:59:59 +0000 |
---|---|---|
committer | Bob Beck <beck@cvs.openbsd.org> | 1999-01-04 07:59:59 +0000 |
commit | 6d589750366bbaef5cdddaf2434e9e4f7f33e559 (patch) | |
tree | 636750dde4cd0aa781b04aa7c7b6c86dfae77b3e /regress/lib | |
parent | e9b47f4a456840d1b1e0bb387538ff67e43e6593 (diff) |
ssl lib test scripts. Need to be tested so as not to break build process
before this libssl dir is added to the upper level Makefile.
Diffstat (limited to 'regress/lib')
-rw-r--r-- | regress/lib/libssl/Makefile | 11 | ||||
-rw-r--r-- | regress/lib/libssl/README | 8 | ||||
-rw-r--r-- | regress/lib/libssl/ssleay.cnf | 27 | ||||
-rw-r--r-- | regress/lib/libssl/test_client.sh | 11 | ||||
-rw-r--r-- | regress/lib/libssl/test_server.sh | 9 | ||||
-rw-r--r-- | regress/lib/libssl/testdsa.sh | 25 | ||||
-rw-r--r-- | regress/lib/libssl/testenc.sh | 61 | ||||
-rw-r--r-- | regress/lib/libssl/testrsa.sh | 35 |
8 files changed, 187 insertions, 0 deletions
diff --git a/regress/lib/libssl/Makefile b/regress/lib/libssl/Makefile new file mode 100644 index 00000000000..5eb5fc64557 --- /dev/null +++ b/regress/lib/libssl/Makefile @@ -0,0 +1,11 @@ + +CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem + +install: + +regress: + sh ${.CURDIR}/testenc.sh + sh ${.CURDIR}/testdsa.sh +# sh ${.CURDIR}/testrsa.sh + +.include <bsd.prog.mk> diff --git a/regress/lib/libssl/README b/regress/lib/libssl/README new file mode 100644 index 00000000000..b1bab65fd12 --- /dev/null +++ b/regress/lib/libssl/README @@ -0,0 +1,8 @@ +testenc.sh tests encryption routines +testdsa.sh tests DSA certificate generation +test_server.sh starts a tls1 server using the above generated certificate +test_client.sh starts a client to talk to the server. +testrsa.sh tests RSA certificate generation - this SHOULD FAIL with the + version of the library in openbsd because all the RSA routines + are (currently) stubbed. + diff --git a/regress/lib/libssl/ssleay.cnf b/regress/lib/libssl/ssleay.cnf new file mode 100644 index 00000000000..c8439860c3a --- /dev/null +++ b/regress/lib/libssl/ssleay.cnf @@ -0,0 +1,27 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CA +countryName_value = CA + +organizationName = Organization Name (eg, company) +organizationName_value = Shake it Vera + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Wastelandus + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Maximus + diff --git a/regress/lib/libssl/test_client.sh b/regress/lib/libssl/test_client.sh new file mode 100644 index 00000000000..36a8f84532b --- /dev/null +++ b/regress/lib/libssl/test_client.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +echo +echo This starts a tls1 mode client to talk to the server run by +echo ./testserver.sh. You should start the server first. +echo +echo type in this window after ssl negotiation and your output should +echo be echoed by the server. +echo +echo +/usr/sbin/ssleay s_client -tls1 diff --git a/regress/lib/libssl/test_server.sh b/regress/lib/libssl/test_server.sh new file mode 100644 index 00000000000..5467c524590 --- /dev/null +++ b/regress/lib/libssl/test_server.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +echo This starts a tls1 mode server using the DSA certificate in ./server.pem +echo Run ./testclient.sh in another window and type at it, you should +echo see the results of the ssl negotiation, and stuff you type in the client +echo should echo in this window +echo +echo +/usr/sbin/ssleay s_server -tls1 -key testdsa.key -cert testdsa.pem diff --git a/regress/lib/libssl/testdsa.sh b/regress/lib/libssl/testdsa.sh new file mode 100644 index 00000000000..4c9668c906f --- /dev/null +++ b/regress/lib/libssl/testdsa.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +#Test DSA certificate generation of ssleay + +# Generate DSA paramter set +ssleay dsaparam 512 -out dsa512.pem +if [ $? != 0 ]; then + exit 1; +fi + + +# Denerate a DSA certificate +ssleay req -config ssleay.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key +if [ $? != 0 ]; then + exit 1; +fi + + +# Now check the certificate +ssleay x509 -text -in testdsa.pem +if [ $? != 0 ]; then + exit 1; +fi + +exit 0 diff --git a/regress/lib/libssl/testenc.sh b/regress/lib/libssl/testenc.sh new file mode 100644 index 00000000000..ab3278f27e7 --- /dev/null +++ b/regress/lib/libssl/testenc.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +testsrc=./ssleay.cnf +test=./p +cmd=/usr/sbin/ssleay + +cat $testsrc >$test; + +echo cat +$cmd enc < $test > $test.cipher +$cmd enc < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi +echo base64 +$cmd enc -a -e < $test > $test.cipher +$cmd enc -a -d < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi + +for i in rc4 \ + des-cfb des-ede-cfb des-ede3-cfb \ + des-ofb des-ede-ofb des-ede3-ofb \ + des-ecb des-ede des-ede3 desx \ + des-cbc des-ede-cbc des-ede3-cbc \ + rc2-ecb rc2-cfb rc2-ofb rc2-cbc \ + bf-ecb bf-cfb bf-ofb bf-cbc rc4 \ + cast5-ecb cast5-cfb cast5-ofb cast5-cbc +do + echo $i + $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi + + echo $i base64 + $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi +done +rm -f $test diff --git a/regress/lib/libssl/testrsa.sh b/regress/lib/libssl/testrsa.sh new file mode 100644 index 00000000000..79c578834a5 --- /dev/null +++ b/regress/lib/libssl/testrsa.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +#Test RSA certificate generation of ssleay + +echo +echo RSA paramters test - NOTE THAT THIS WILL ONLY WORK IF YOU HAVE +echo compiled libssl with the src-patent tree, currently living in +echo ~ryker/src-patent.tar.gz on cvs. +echo +echo This will *not* work with what\'s in the tree, rsa is not in that. +echo +sleep 3 + + +# Generate RSA private key +ssleay genrsa -out rsakey.pem +if [ $? != 0 ]; then + exit 1; +fi + + +# Denerate an RSA certificate +ssleay req -config ssleay.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem +if [ $? != 0 ]; then + exit 1; +fi + + +# Now check the certificate +ssleay x509 -text -in rsacert.pem +if [ $? != 0 ]; then + exit 1; +fi + +exit 0 |