ssl lib test scripts. Need to be tested so as not to break build process

before this libssl dir is added to the upper level Makefile.

8 files changed, 187 insertions, 0 deletions

diff --git a/regress/lib/libssl/Makefile b/regress/lib/libssl/Makefile
new file mode 100644
index 00000000000..5eb5fc64557
--- /dev/null
+++ b/regress/lib/libssl/Makefile
@@ -0,0 +1,11 @@
+
+CLEANFILES+= testdsa.key testdsa.pem rsakey.pem rsacert.pem dsa512.pem
+
+install:
+
+regress:
+	sh ${.CURDIR}/testenc.sh
+	sh ${.CURDIR}/testdsa.sh
+#	sh ${.CURDIR}/testrsa.sh
+
+.include <bsd.prog.mk>
diff --git a/regress/lib/libssl/README b/regress/lib/libssl/README
new file mode 100644
index 00000000000..b1bab65fd12
--- /dev/null
+++ b/regress/lib/libssl/README
@@ -0,0 +1,8 @@
+testenc.sh tests encryption routines
+testdsa.sh tests DSA certificate generation
+test_server.sh starts a tls1 server using the above generated certificate
+test_client.sh starts a client to talk to the server.
+testrsa.sh tests RSA certificate generation - this SHOULD FAIL with the
+           version of the library in openbsd because all the RSA routines 
+	   are (currently) stubbed.
+
diff --git a/regress/lib/libssl/ssleay.cnf b/regress/lib/libssl/ssleay.cnf
new file mode 100644
index 00000000000..c8439860c3a
--- /dev/null
+++ b/regress/lib/libssl/ssleay.cnf
@@ -0,0 +1,27 @@
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+# hacked by iang to do DSA certs - Server
+
+RANDFILE              = ./.rnd
+
+####################################################################
+[ req ]
+distinguished_name    = req_distinguished_name
+encrypt_rsa_key               = no
+
+[ req_distinguished_name ]
+countryName                   = Country Name (2 letter code)
+countryName_default           = CA
+countryName_value             = CA
+
+organizationName                = Organization Name (eg, company)
+organizationName_value          = Shake it Vera 
+
+0.commonName                  = Common Name (eg, YOUR name)
+0.commonName_value            = Wastelandus
+
+1.commonName                  = Common Name (eg, YOUR name)
+1.commonName_value            = Maximus
+
diff --git a/regress/lib/libssl/test_client.sh b/regress/lib/libssl/test_client.sh
new file mode 100644
index 00000000000..36a8f84532b
--- /dev/null
+++ b/regress/lib/libssl/test_client.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+echo
+echo This starts a tls1 mode client to talk to the server run by 
+echo ./testserver.sh. You should start the server first. 
+echo
+echo type in this window after ssl negotiation and your output should
+echo be echoed by the server. 
+echo
+echo
+/usr/sbin/ssleay s_client -tls1
diff --git a/regress/lib/libssl/test_server.sh b/regress/lib/libssl/test_server.sh
new file mode 100644
index 00000000000..5467c524590
--- /dev/null
+++ b/regress/lib/libssl/test_server.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+echo This starts a tls1 mode server using the DSA certificate in ./server.pem
+echo Run ./testclient.sh in another window and type at it, you should 
+echo see the results of the ssl negotiation, and stuff you type in the client
+echo should echo in this window
+echo
+echo
+/usr/sbin/ssleay s_server -tls1 -key testdsa.key -cert testdsa.pem
diff --git a/regress/lib/libssl/testdsa.sh b/regress/lib/libssl/testdsa.sh
new file mode 100644
index 00000000000..4c9668c906f
--- /dev/null
+++ b/regress/lib/libssl/testdsa.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+#Test DSA certificate generation of ssleay
+
+# Generate DSA paramter set
+ssleay dsaparam 512 -out dsa512.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+
+# Denerate a DSA certificate
+ssleay req -config ssleay.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+
+# Now check the certificate
+ssleay x509 -text -in testdsa.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+exit 0
diff --git a/regress/lib/libssl/testenc.sh b/regress/lib/libssl/testenc.sh
new file mode 100644
index 00000000000..ab3278f27e7
--- /dev/null
+++ b/regress/lib/libssl/testenc.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+testsrc=./ssleay.cnf
+test=./p
+cmd=/usr/sbin/ssleay
+
+cat $testsrc >$test;
+
+echo cat
+$cmd enc < $test > $test.cipher
+$cmd enc < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+	exit 1
+else
+	/bin/rm $test.cipher $test.clear
+fi
+echo base64
+$cmd enc -a -e < $test > $test.cipher
+$cmd enc -a -d < $test.cipher >$test.clear
+cmp $test $test.clear
+if [ $? != 0 ]
+then
+	exit 1
+else
+	/bin/rm $test.cipher $test.clear
+fi
+
+for i in rc4 \
+	des-cfb des-ede-cfb des-ede3-cfb \
+	des-ofb des-ede-ofb des-ede3-ofb \
+	des-ecb des-ede des-ede3 desx \
+	des-cbc des-ede-cbc des-ede3-cbc \
+	rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
+	bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
+	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+do
+	echo $i
+	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
+	$cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
+	cmp $test $test.$i.clear
+	if [ $? != 0 ]
+	then
+		exit 1
+	else
+		/bin/rm $test.$i.cipher $test.$i.clear
+	fi
+
+	echo $i base64
+	$cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
+	$cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
+	cmp $test $test.$i.clear
+	if [ $? != 0 ]
+	then
+		exit 1
+	else
+		/bin/rm $test.$i.cipher $test.$i.clear
+	fi
+done
+rm -f $test
diff --git a/regress/lib/libssl/testrsa.sh b/regress/lib/libssl/testrsa.sh
new file mode 100644
index 00000000000..79c578834a5
--- /dev/null
+++ b/regress/lib/libssl/testrsa.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+#Test RSA certificate generation of ssleay
+
+echo 
+echo RSA paramters test - NOTE THAT THIS WILL ONLY WORK IF YOU HAVE
+echo compiled libssl with the src-patent tree, currently living in 
+echo ~ryker/src-patent.tar.gz on cvs. 
+echo
+echo This will *not* work with what\'s in the tree, rsa is not in that.
+echo
+sleep 3
+ 
+
+# Generate RSA private key
+ssleay genrsa -out rsakey.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+
+# Denerate an RSA certificate
+ssleay req -config ssleay.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+
+# Now check the certificate
+ssleay x509 -text -in rsacert.pem
+if [ $? != 0 ]; then
+        exit 1;
+fi
+
+exit 0