diff options
Diffstat (limited to 'lib/libssl/test')
46 files changed, 2232 insertions, 0 deletions
diff --git a/lib/libssl/test/.rnd b/lib/libssl/test/.rnd Binary files differnew file mode 100644 index 00000000000..234970e2412 --- /dev/null +++ b/lib/libssl/test/.rnd diff --git a/lib/libssl/test/CAss.cnf b/lib/libssl/test/CAss.cnf new file mode 100644 index 00000000000..b941b7ae157 --- /dev/null +++ b/lib/libssl/test/CAss.cnf @@ -0,0 +1,25 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha1 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +commonName = Common Name (eg, YOUR name) +commonName_value = Dodgy CA diff --git a/lib/libssl/test/CAssdh.cnf b/lib/libssl/test/CAssdh.cnf new file mode 100644 index 00000000000..4e0a908679f --- /dev/null +++ b/lib/libssl/test/CAssdh.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DH certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CU +countryName_value = CU + +organizationName = Organization Name (eg, company) +organizationName_value = La Junta de la Revolucion + +commonName = Common Name (eg, YOUR name) +commonName_value = Junta + diff --git a/lib/libssl/test/CAssdsa.cnf b/lib/libssl/test/CAssdsa.cnf new file mode 100644 index 00000000000..a6b4d1810c9 --- /dev/null +++ b/lib/libssl/test/CAssdsa.cnf @@ -0,0 +1,23 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA diff --git a/lib/libssl/test/CAssrsa.cnf b/lib/libssl/test/CAssrsa.cnf new file mode 100644 index 00000000000..eb24a6dfc0e --- /dev/null +++ b/lib/libssl/test/CAssrsa.cnf @@ -0,0 +1,24 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - CA + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Hermanos Locos + +commonName = Common Name (eg, YOUR name) +commonName_value = Hermanos Locos CA + diff --git a/lib/libssl/test/Makefile.ssl b/lib/libssl/test/Makefile.ssl new file mode 100644 index 00000000000..b3de76751e1 --- /dev/null +++ b/lib/libssl/test/Makefile.ssl @@ -0,0 +1,294 @@ +# +# test/Makefile.ssl +# + +DIR= test +TOP= .. +CC= cc +INCLUDES= -I../include +CFLAG= -g +INSTALLTOP= /usr/local/ssl +MAKEFILE= Makefile.ssl +MAKE= make -f $(MAKEFILE) +MAKEDEPEND= makedepend -f$(MAKEFILE) + +PEX_LIBS= +EX_LIBS= #-lnsl -lsocket + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile.ssl + +DLIBCRYPTO= ../libcrypto.a +DLIBSSL= ../libssl.a +LIBCRYPTO= -L.. -lcrypto +LIBSSL= -L.. -lssl + +BNTEST= bntest +EXPTEST= exptest +IDEATEST= ideatest +SHATEST= shatest +SHA1TEST= sha1test +MDC2TEST= mdc2test +RMDTEST= rmdtest +MD2TEST= md2test +MD5TEST= md5test +HMACTEST= hmactest +RC2TEST= rc2test +RC4TEST= rc4test +RC5TEST= rc5test +BFTEST= bftest +CASTTEST= casttest +DESTEST= destest +RANDTEST= randtest +DHTEST= dhtest +DSATEST= dsatest +METHTEST= methtest +SSLTEST= ssltest + +EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(HMACTEST) \ + $(RC2TEST) $(RC4TEST) $(RC5TEST) \ + $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ + $(RANDTEST) $(DHTEST) \ + $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) + +# $(METHTEST) + +OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(HMACTEST).o \ + $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ + $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \ + $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o +SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(HMACTEST).c \ + $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \ + $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ..; $(MAKE) DIRS=$(DIR) all) + +all: exe + +exe: $(EXE) + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + +errors: + +install: + +tags: + ctags $(SRC) + +tests: exe apps \ + test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \ + test_rc2 test_rc4 test_rc5 test_bf test_cast \ + test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \ + test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \ + test_ss test_ssl test_ca + +apps: + @(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all) + +test_des: + #./$(DESTEST) + +test_idea: + ./$(IDEATEST) + +test_sha: + ./$(SHATEST) + ./$(SHA1TEST) + +test_mdc2: + ./$(MDC2TEST) + +test_md5: + ./$(MD5TEST) + +test_hmac: + ./$(HMACTEST) + +test_md2: + ./$(MD2TEST) + +test_rmd: + ./$(RMDTEST) + +test_bf: + ./$(BFTEST) + +test_cast: + ./$(CASTTEST) + +test_rc2: + ./$(RC2TEST) + +test_rc4: + ./$(RC4TEST) + +test_rc5: + ./$(RC5TEST) + +test_rand: + ./$(RANDTEST) + +test_enc: + @sh ./testenc + +test_x509: + echo test normal x509v1 certificate + sh ./tx509 2>/dev/null + echo test first x509v3 certificate + sh ./tx509 v3-cert1.pem 2>/dev/null + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +test_rsa: + @sh ./trsa 2>/dev/null + +test_crl: + @sh ./tcrl 2>/dev/null + +test_sid: + @sh ./tsid 2>/dev/null + +test_req: + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null + +test_pkcs7: + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null + +test_bn: + @echo 'test a^b%c implementations' + ./$(EXPTEST) + @echo starting big number library test, could take a while... + @(./$(BNTEST)|bc) | awk '{ \ +if ($$0 != "0") {print "error"; exit(1); } \ +if (((NR+1)%64) == 0) print NR+1," tests done"; }' + +test_verify: + @echo "The following command should have some OK's and some failures" + @echo "There are definitly a few expired certificates" + ../apps/ssleay verify -CApath ../certs ../certs/*.pem + +test_dh: + @echo "Generate as set of DH parameters" + ./$(DHTEST) + +test_dsa: + @echo "Generate as set of DSA parameters" + ./$(DSATEST) + +test_reqgen: + @echo "Generate and verify a certificate request" + @sh ./testgen + +test_ss: + @echo "Generate and certify a test certificate" + @sh ./testss + +test_ssl: + @echo "test SSL protocol" + @sh ./testssl + +test_ca: + @echo "Generate and certify a test certificate via the 'ca' program" + @sh ./testca + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log + +$(DLIBSSL): + (cd ../ssl; $(MAKE)) + +$(DLIBCRYPTO): + (cd ../crypto; $(MAKE)) + +$(BNTEST): $(BNTEST).o $(DLIBCRYPTO) + $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) + $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) + $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) + $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SHATEST): $(SHATEST).o $(DLIBCRYPTO) + $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) + $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) + $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) + $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) + $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) + $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(BFTEST): $(BFTEST).o $(DLIBCRYPTO) + $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) + $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DESTEST): $(DESTEST).o $(DLIBCRYPTO) + $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) + $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DHTEST): $(DHTEST).o $(DLIBCRYPTO) + $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DSATEST): $(DSATEST).o $(DLIBCRYPTO) + $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(METHTEST): $(METHTEST).o $(DLIBCRYPTO) + $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) + $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libssl/test/Sssdsa.cnf b/lib/libssl/test/Sssdsa.cnf new file mode 100644 index 00000000000..8e170a28ef5 --- /dev/null +++ b/lib/libssl/test/Sssdsa.cnf @@ -0,0 +1,27 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# hacked by iang to do DSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita + diff --git a/lib/libssl/test/Sssrsa.cnf b/lib/libssl/test/Sssrsa.cnf new file mode 100644 index 00000000000..8c79a03fca8 --- /dev/null +++ b/lib/libssl/test/Sssrsa.cnf @@ -0,0 +1,26 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# +# create RSA certs - Server + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +distinguished_name = req_distinguished_name +encrypt_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = ES +countryName_value = ES + +organizationName = Organization Name (eg, company) +organizationName_value = Tortilleras S.A. + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Torti + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Gordita diff --git a/lib/libssl/test/Uss.cnf b/lib/libssl/test/Uss.cnf new file mode 100644 index 00000000000..c89692d5199 --- /dev/null +++ b/lib/libssl/test/Uss.cnf @@ -0,0 +1,28 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = md2 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers + +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 + +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 diff --git a/lib/libssl/test/certCA.srl b/lib/libssl/test/certCA.srl new file mode 100644 index 00000000000..39f5b69311d --- /dev/null +++ b/lib/libssl/test/certCA.srl @@ -0,0 +1 @@ +71 diff --git a/lib/libssl/test/demoCA/index.txt b/lib/libssl/test/demoCA/index.txt new file mode 100644 index 00000000000..e69de29bb2d --- /dev/null +++ b/lib/libssl/test/demoCA/index.txt diff --git a/lib/libssl/test/demoCA/private/cakey.pem b/lib/libssl/test/demoCA/private/cakey.pem new file mode 100644 index 00000000000..edd5a5773f6 --- /dev/null +++ b/lib/libssl/test/demoCA/private/cakey.pem @@ -0,0 +1,2 @@ +-----BEGIN RSA PRIVATE KEY----- +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/test/demoCA/serial b/lib/libssl/test/demoCA/serial new file mode 100644 index 00000000000..8a0f05e166a --- /dev/null +++ b/lib/libssl/test/demoCA/serial @@ -0,0 +1 @@ +01 diff --git a/lib/libssl/test/dsa-ca.pem b/lib/libssl/test/dsa-ca.pem new file mode 100644 index 00000000000..9eb08f3ddd4 --- /dev/null +++ b/lib/libssl/test/dsa-ca.pem @@ -0,0 +1,43 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0 + +svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0 +Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl +Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/ +par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr +zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO +uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5 +rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx +1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4 +HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827 +MVqOsYxGCb+kez0FoDSTgw== +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew +ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW +sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m +rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk +cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo +bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR +CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB +F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH +vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq +AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u +3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v +AhQfeF5BoMMDbX/kidUVpQ6gadPlZA== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE +AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi +ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh +MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD +MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa +C1Q= +-----END CERTIFICATE----- + diff --git a/lib/libssl/test/dsa-pca.pem b/lib/libssl/test/dsa-pca.pem new file mode 100644 index 00000000000..e3641ad47e6 --- /dev/null +++ b/lib/libssl/test/dsa-pca.pem @@ -0,0 +1,49 @@ +-----BEGIN DSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4 + +GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS +mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt +of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr +FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX +RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd +qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1 +diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn +V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h +hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf +dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7 +-----END DSA PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx +ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB +MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G +lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O +Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR +5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl +aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6 +kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als +QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe +6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ +yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0 +z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB +nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w== +-----END CERTIFICATE REQUEST----- +-----BEGIN CERTIFICATE----- +MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK +U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww +CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw +CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww +ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ +R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5 +JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps +BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze +mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO +VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C +uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk +umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A +29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D +AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n +5rKUjNBhSg== +-----END CERTIFICATE----- + diff --git a/lib/libssl/test/methtest.c b/lib/libssl/test/methtest.c new file mode 100644 index 00000000000..630d29dc918 --- /dev/null +++ b/lib/libssl/test/methtest.c @@ -0,0 +1,105 @@ +/* test/methtest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include "rsa.h" +#include "x509.h" +#include "meth.h" +#include "err.h" + +int main(argc,argv) +int argc; +char *argv[]; + { + METHOD_CTX *top,*tmp1,*tmp2; + + top=METH_new(x509_lookup()); /* get a top level context */ + if (top == NULL) goto err; + + tmp1=METH_new(x509_by_file()); + if (top == NULL) goto err; + METH_arg(tmp1,METH_TYPE_FILE,"cafile1"); + METH_arg(tmp1,METH_TYPE_FILE,"cafile2"); + METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); + + tmp2=METH_new(x509_by_dir()); + METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts"); + METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs"); + METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); + METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); + +/* tmp=METH_new(x509_by_issuer_dir); + METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); + METH_push(top,METH_X509_BY_ISSUER,tmp); + + tmp=METH_new(x509_by_issuer_primary); + METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); + METH_push(top,METH_X509_BY_ISSUER,tmp); +*/ + + METH_init(top); + METH_control(tmp1,METH_CONTROL_DUMP,stdout); + METH_control(tmp2,METH_CONTROL_DUMP,stdout); + exit(0); +err: + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + exit(1); + return(0); + } diff --git a/lib/libssl/test/p b/lib/libssl/test/p new file mode 100644 index 00000000000..b3de76751e1 --- /dev/null +++ b/lib/libssl/test/p @@ -0,0 +1,294 @@ +# +# test/Makefile.ssl +# + +DIR= test +TOP= .. +CC= cc +INCLUDES= -I../include +CFLAG= -g +INSTALLTOP= /usr/local/ssl +MAKEFILE= Makefile.ssl +MAKE= make -f $(MAKEFILE) +MAKEDEPEND= makedepend -f$(MAKEFILE) + +PEX_LIBS= +EX_LIBS= #-lnsl -lsocket + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile.ssl + +DLIBCRYPTO= ../libcrypto.a +DLIBSSL= ../libssl.a +LIBCRYPTO= -L.. -lcrypto +LIBSSL= -L.. -lssl + +BNTEST= bntest +EXPTEST= exptest +IDEATEST= ideatest +SHATEST= shatest +SHA1TEST= sha1test +MDC2TEST= mdc2test +RMDTEST= rmdtest +MD2TEST= md2test +MD5TEST= md5test +HMACTEST= hmactest +RC2TEST= rc2test +RC4TEST= rc4test +RC5TEST= rc5test +BFTEST= bftest +CASTTEST= casttest +DESTEST= destest +RANDTEST= randtest +DHTEST= dhtest +DSATEST= dsatest +METHTEST= methtest +SSLTEST= ssltest + +EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(HMACTEST) \ + $(RC2TEST) $(RC4TEST) $(RC5TEST) \ + $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ + $(RANDTEST) $(DHTEST) \ + $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) + +# $(METHTEST) + +OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(HMACTEST).o \ + $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ + $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \ + $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o +SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(HMACTEST).c \ + $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \ + $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ..; $(MAKE) DIRS=$(DIR) all) + +all: exe + +exe: $(EXE) + +files: + perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + /bin/rm -f Makefile + $(TOP)/util/point.sh Makefile.ssl Makefile ; + +errors: + +install: + +tags: + ctags $(SRC) + +tests: exe apps \ + test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \ + test_rc2 test_rc4 test_rc5 test_bf test_cast \ + test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \ + test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \ + test_ss test_ssl test_ca + +apps: + @(cd ../apps; $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all) + +test_des: + #./$(DESTEST) + +test_idea: + ./$(IDEATEST) + +test_sha: + ./$(SHATEST) + ./$(SHA1TEST) + +test_mdc2: + ./$(MDC2TEST) + +test_md5: + ./$(MD5TEST) + +test_hmac: + ./$(HMACTEST) + +test_md2: + ./$(MD2TEST) + +test_rmd: + ./$(RMDTEST) + +test_bf: + ./$(BFTEST) + +test_cast: + ./$(CASTTEST) + +test_rc2: + ./$(RC2TEST) + +test_rc4: + ./$(RC4TEST) + +test_rc5: + ./$(RC5TEST) + +test_rand: + ./$(RANDTEST) + +test_enc: + @sh ./testenc + +test_x509: + echo test normal x509v1 certificate + sh ./tx509 2>/dev/null + echo test first x509v3 certificate + sh ./tx509 v3-cert1.pem 2>/dev/null + echo test second x509v3 certificate + sh ./tx509 v3-cert2.pem 2>/dev/null + +test_rsa: + @sh ./trsa 2>/dev/null + +test_crl: + @sh ./tcrl 2>/dev/null + +test_sid: + @sh ./tsid 2>/dev/null + +test_req: + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null + +test_pkcs7: + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null + +test_bn: + @echo 'test a^b%c implementations' + ./$(EXPTEST) + @echo starting big number library test, could take a while... + @(./$(BNTEST)|bc) | awk '{ \ +if ($$0 != "0") {print "error"; exit(1); } \ +if (((NR+1)%64) == 0) print NR+1," tests done"; }' + +test_verify: + @echo "The following command should have some OK's and some failures" + @echo "There are definitly a few expired certificates" + ../apps/ssleay verify -CApath ../certs ../certs/*.pem + +test_dh: + @echo "Generate as set of DH parameters" + ./$(DHTEST) + +test_dsa: + @echo "Generate as set of DSA parameters" + ./$(DSATEST) + +test_reqgen: + @echo "Generate and verify a certificate request" + @sh ./testgen + +test_ss: + @echo "Generate and certify a test certificate" + @sh ./testss + +test_ssl: + @echo "test SSL protocol" + @sh ./testssl + +test_ca: + @echo "Generate and certify a test certificate via the 'ca' program" + @sh ./testca + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC) + +dclean: + perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log + +$(DLIBSSL): + (cd ../ssl; $(MAKE)) + +$(DLIBCRYPTO): + (cd ../crypto; $(MAKE)) + +$(BNTEST): $(BNTEST).o $(DLIBCRYPTO) + $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) + $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) + $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) + $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SHATEST): $(SHATEST).o $(DLIBCRYPTO) + $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) + $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) + $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) + $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) + $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) + $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(BFTEST): $(BFTEST).o $(DLIBCRYPTO) + $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) + $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) + $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DESTEST): $(DESTEST).o $(DLIBCRYPTO) + $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) + $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DHTEST): $(DHTEST).o $(DLIBCRYPTO) + $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(DSATEST): $(DSATEST).o $(DLIBCRYPTO) + $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(METHTEST): $(METHTEST).o $(DLIBCRYPTO) + $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + +$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) + $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libssl/test/pkcs7-1.pem b/lib/libssl/test/pkcs7-1.pem new file mode 100644 index 00000000000..c47b27af889 --- /dev/null +++ b/lib/libssl/test/pkcs7-1.pem @@ -0,0 +1,15 @@ +-----BEGIN PKCS7----- +MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG +SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE +AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF +eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 +MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv +bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK +ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB +FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N +9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 +BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w +bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB +BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C +j7Kie1x339mxW/w9VZNTUDQQweHh +-----END PKCS7----- diff --git a/lib/libssl/test/pkcs7.pem b/lib/libssl/test/pkcs7.pem new file mode 100644 index 00000000000..d55c60b94e1 --- /dev/null +++ b/lib/libssl/test/pkcs7.pem @@ -0,0 +1,54 @@ + MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg + AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH + EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl + cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw + ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 + MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh + c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh + bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE + CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl + Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G + CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK + ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 + l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC + HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg + Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 + c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj + YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 + dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx + dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu + LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU + ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln + biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT + IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB + AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t + L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL + HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF + slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 + ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR + /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT + aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp + ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 + OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu + MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz + Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv + qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy + sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb + P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG + A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA + KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 + Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 + Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq + hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp + Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk + dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ + KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 + dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW + I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow + ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W + ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD + ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw + MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK + /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ + DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP + b+xSu/jH0gAAMYAAAAAAAAAAAA== diff --git a/lib/libssl/test/r160test.c b/lib/libssl/test/r160test.c new file mode 100644 index 00000000000..a172e393cab --- /dev/null +++ b/lib/libssl/test/r160test.c @@ -0,0 +1,57 @@ +/* test/r160test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ diff --git a/lib/libssl/test/riptest b/lib/libssl/test/riptest Binary files differnew file mode 100644 index 00000000000..8685d0ce53e --- /dev/null +++ b/lib/libssl/test/riptest diff --git a/lib/libssl/test/tcrl b/lib/libssl/test/tcrl new file mode 100644 index 00000000000..859fba452f5 --- /dev/null +++ b/lib/libssl/test/tcrl @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay crl' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testcrl.pem +fi + +echo testing crl conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/test.cnf b/lib/libssl/test/test.cnf new file mode 100644 index 00000000000..faad3914a85 --- /dev/null +++ b/lib/libssl/test/test.cnf @@ -0,0 +1,88 @@ +# +# SSLeay example configuration file. +# This is mostly being used for generation of certificate requests. +# + +RANDFILE = ./.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/new_certs # default place for new certs. + +certificate = $dir/CAcert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/CAkey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 512 +default_keyfile = testkey.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_value = AU + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Queensland +stateOrProvinceName_value = + +localityName = Locality Name (eg, city) +localityName_value = Brisbane + +organizationName = Organization Name (eg, company) +organizationName_default = +organizationName_value = CryptSoft Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = +organizationalUnitName_value = . + +commonName = Common Name (eg, YOUR name) +commonName_value = Eric Young + +emailAddress = Email Address +emailAddress_value = eay@mincom.oz.au diff --git a/lib/libssl/test/test.txt b/lib/libssl/test/test.txt new file mode 100644 index 00000000000..c6d8d50ba9d --- /dev/null +++ b/lib/libssl/test/test.txt @@ -0,0 +1,31 @@ +#!/bin/sh + +test=./test.txt + +cat $0 >$test; + +for i in rc4 des-cfb des-ofb des-ecb des-cbc des-ede des-ede3 \ + des-cbc-ede des-cbc-ede3 idea-ecb idea-cfb idea-ofb idea-cbc +do + echo $i + ../apps/ssleay $i -e -k test < $test > $test.$i.cipher + ../apps/ssleay $i -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi + + echo $i base64 + ../apps/ssleay $i -a -e -k test < $test > $test.$i.cipher + ../apps/ssleay $i -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi +done diff --git a/lib/libssl/test/testca b/lib/libssl/test/testca new file mode 100644 index 00000000000..a28402f9ca7 --- /dev/null +++ b/lib/libssl/test/testca @@ -0,0 +1,44 @@ +#!/bin/sh + +SH="/bin/sh" +PATH=../apps:$PATH +export SH PATH + +SSLEAY_CONFIG="-config CAss.cnf" +export SSLEAY_CONFIG + +/bin/rm -fr demoCA +$SH ../apps/CA.sh -newca <<EOF +EOF + +if [ $? != 0 ]; then + exit 1; +fi + +SSLEAY_CONFIG="-config Uss.cnf" +export SSLEAY_CONFIG +$SH ../apps/CA.sh -newreq +if [ $? != 0 ]; then + exit 1; +fi + + +SSLEAY_CONFIG="-config ../apps/ssleay.cnf" +export SSLEAY_CONFIG +$SH ../apps/CA.sh -sign <<EOF +y +y +EOF +if [ $? != 0 ]; then + exit 1; +fi + + +$SH ../apps/CA.sh -verify newcert.pem +if [ $? != 0 ]; then + exit 1; +fi + +/bin/rm -fr demoCA newcert.pem newreq.pem +#usage: CA -newcert|-newreq|-newca|-sign|-verify + diff --git a/lib/libssl/test/testcrl.pem b/lib/libssl/test/testcrl.pem new file mode 100644 index 00000000000..09897883547 --- /dev/null +++ b/lib/libssl/test/testcrl.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT +F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw +MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw +MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw +MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw +MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw +MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw +MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw +NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw +NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF +AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ +wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt +JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v +-----END X509 CRL----- diff --git a/lib/libssl/test/testenc b/lib/libssl/test/testenc new file mode 100644 index 00000000000..42db56c2bea --- /dev/null +++ b/lib/libssl/test/testenc @@ -0,0 +1,62 @@ +#!/bin/sh + +testsrc=Makefile.ssl +test=./p +cmd=../apps/ssleay + +cat $testsrc >$test; + +echo cat +$cmd enc < $test > $test.cipher +$cmd enc < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi +echo base64 +$cmd enc -a -e < $test > $test.cipher +$cmd enc -a -d < $test.cipher >$test.clear +cmp $test $test.clear +if [ $? != 0 ] +then + exit 1 +else + /bin/rm $test.cipher $test.clear +fi + +for i in rc4 \ + des-cfb des-ede-cfb des-ede3-cfb \ + des-ofb des-ede-ofb des-ede3-ofb \ + des-ecb des-ede des-ede3 desx \ + des-cbc des-ede-cbc des-ede3-cbc \ + idea-ecb idea-cfb idea-ofb idea-cbc \ + rc2-ecb rc2-cfb rc2-ofb rc2-cbc \ + bf-ecb bf-cfb bf-ofb bf-cbc rc4 \ + cast5-ecb cast5-cfb cast5-ofb cast5-cbc +do + echo $i + $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi + + echo $i base64 + $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher + $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear + cmp $test $test.$i.clear + if [ $? != 0 ] + then + exit 1 + else + /bin/rm $test.$i.cipher $test.$i.clear + fi +done +rm -f $test diff --git a/lib/libssl/test/testgen b/lib/libssl/test/testgen new file mode 100644 index 00000000000..12a4ca4cea8 --- /dev/null +++ b/lib/libssl/test/testgen @@ -0,0 +1,30 @@ +#!/bin/sh + +T=testcert +KEY=512 +CA=../certs/testca.pem + +/bin/rm -f $T.1 $T.2 $T.key + +PATH=../apps:$PATH; +export PATH + +echo "generating certificate request" + +echo "There should be a 2 sequences of .'s and some +'s." +echo "There should not be more that at most 80 per line" +echo "This could take some time." + +../apps/ssleay req -config test.cnf -new -out testreq.pem +if [ $? != 0 ]; then +echo problems creating request +exit 1 +fi + +../apps/ssleay req -verify -in testreq.pem -noout +if [ $? != 0 ]; then +echo signature on req is wrong +exit 1 +fi + +exit 0 diff --git a/lib/libssl/test/testkey.pem b/lib/libssl/test/testkey.pem new file mode 100644 index 00000000000..edd5a5773f6 --- /dev/null +++ b/lib/libssl/test/testkey.pem @@ -0,0 +1,2 @@ +-----BEGIN RSA PRIVATE KEY----- +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/test/testp7.pem b/lib/libssl/test/testp7.pem new file mode 100644 index 00000000000..b3b6dba8303 --- /dev/null +++ b/lib/libssl/test/testp7.pem @@ -0,0 +1,46 @@ +-----BEGIN PKCS7----- +MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw +ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G +A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL +EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X +DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy +bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g +Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln +aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz +aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE +KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO +Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB +AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL +YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz +IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0 +bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50 +IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D +UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg +b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN +b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz +MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg +UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC +SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv +MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw +DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf +gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ +fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew +HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl +cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu +IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B +AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h +MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC +AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd +TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2 +UNCaNQ1H26GCAa0wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UEBxMISW50 +ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln +biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3MTcxNzU5 +MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsWsQmste9f ++UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9XfZsaiiI +gotQHjCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVTMRcwFQYDVQQK +Ew5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBDQRcNOTYwNzE3 +MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBAHitA0/xAukC +jHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMlExONA3ju10f7 +owIq3s3wx10xAAAAAAA= +-----END PKCS7----- diff --git a/lib/libssl/test/testreq.pem b/lib/libssl/test/testreq.pem new file mode 100644 index 00000000000..1311fa77854 --- /dev/null +++ b/lib/libssl/test/testreq.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx +ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET +MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v +ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDVKdT5QB2ZojtNQGjA/9J7s2o4 +RNkuSq8l377uWLAyMljtdkcoRsvUy5lZ997UDHFTbVFA038ZBrmw7l5EyHeXAgMB +AAGgADANBgkqhkiG9w0BAQQFAANBAKnaFr4u7PTdfmpjiX/H8Ho4UWGVRWUlvD2R +/D9yoTj7TN3uODx2BD0drErVBe/Zjv81vhH6Yo3cJO/hRS3A7jw= +-----END CERTIFICATE REQUEST----- diff --git a/lib/libssl/test/testreq2.pem b/lib/libssl/test/testreq2.pem new file mode 100644 index 00000000000..c3cdcffcbc6 --- /dev/null +++ b/lib/libssl/test/testreq2.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG +DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq +hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi +gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= +-----END CERTIFICATE REQUEST----- diff --git a/lib/libssl/test/testrsa.pem b/lib/libssl/test/testrsa.pem new file mode 100644 index 00000000000..aad21067a8f --- /dev/null +++ b/lib/libssl/test/testrsa.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I +Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R +rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy +oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S +mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz +rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA +mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= +-----END RSA PRIVATE KEY----- diff --git a/lib/libssl/test/testsid.pem b/lib/libssl/test/testsid.pem new file mode 100644 index 00000000000..cd8617be2e6 --- /dev/null +++ b/lib/libssl/test/testsid.pem @@ -0,0 +1,12 @@ +-----BEGIN SSL SESSION PARAMETERS----- +MIIBxwIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV +bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw +ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz +YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG +A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk +LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G +CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD +TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI +hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L +CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTv +-----END SSL SESSION PARAMETERS----- diff --git a/lib/libssl/test/testss b/lib/libssl/test/testss new file mode 100644 index 00000000000..a5aecf4694d --- /dev/null +++ b/lib/libssl/test/testss @@ -0,0 +1,89 @@ +#!/bin/sh + +digest='-mdc2' +reqcmd="../apps/ssleay req" +x509cmd="../apps/ssleay x509 $digest" +verifycmd="../apps/ssleay verify" + +CAkey="keyCA.ss" +CAcert="certCA.ss" +CAreq="reqCA.ss" +CAconf="CAss.cnf" +CAreq2="req2CA.ss" # temp + +Uconf="Uss.cnf" +Ukey="keyU.ss" +Ureq="reqU.ss" +Ucert="certU.ss" + +echo +echo "make a certificate request using 'req'" +$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a certificate request" + exit 1 +fi +echo +echo "convert the certificate request into a self signed certificate using 'x509'" +$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to self sign a certificate request" + exit 1 +fi + +echo +echo "convert a certificate into a certificate request using 'x509'" +$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' convert a certificate to a certificate request" + exit 1 +fi + +$reqcmd -verify -in $CAreq -noout +if [ $? != 0 ]; then + echo first generated request is invalid + exit 1 +fi + +$reqcmd -verify -in $CAreq2 -noout +if [ $? != 0 ]; then + echo second generated request is invalid + exit 1 +fi + +$verifycmd -CAfile $CAcert $CAcert +if [ $? != 0 ]; then + echo first generated cert is invalid + exit 1 +fi + +echo +echo "make another certificate request using 'req'" +$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss +if [ $? != 0 ]; then + echo "error using 'req' to generate a certificate request" + exit 1 +fi + +echo +echo "sign certificate request with the just created CA via 'x509'" +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey >err.ss +if [ $? != 0 ]; then + echo "error using 'x509' to sign a certificate request" + exit 1 +fi + +$verifycmd -CAfile $CAcert $Ucert +echo +echo "Certificate details" +$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert + +echo +echo The generated CA certificate is $CAcert +echo The generated CA private key is $CAkey + +echo The generated user certificate is $Ucert +echo The generated user private key is $Ukey + +/bin/rm err.ss +exit 0 diff --git a/lib/libssl/test/testssl b/lib/libssl/test/testssl new file mode 100644 index 00000000000..f115adb8e11 --- /dev/null +++ b/lib/libssl/test/testssl @@ -0,0 +1,40 @@ +#!/bin/sh + +echo test sslv2 +./ssltest -ssl2 || exit 1 + +echo test sslv2 with server authentication +./ssltest -ssl2 -server_auth -CApath ../certs || exit 1 + +echo test sslv2 with client authentication +./ssltest -ssl2 -client_auth -CApath ../certs || exit 1 + +echo test sslv2 with both client and server authentication +./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1 + +echo test sslv3 +./ssltest -ssl3 || exit 1 + +echo test sslv3 with server authentication +./ssltest -ssl3 -server_auth -CApath ../certs || exit 1 + +echo test sslv3 with client authentication +./ssltest -ssl3 -client_auth -CApath ../certs || exit 1 + +echo test sslv3 with both client and server authentication +./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1 + +echo test sslv2/sslv3 +./ssltest || exit 1 + +echo test sslv2/sslv3 with server authentication +./ssltest -server_auth -CApath ../certs || exit 1 + +echo test sslv2/sslv3 with client authentication +./ssltest -client_auth -CApath ../certs || exit 1 + +echo test sslv2/sslv3 with both client and server authentication +./ssltest -server_auth -client_auth -CApath ../certs || exit 1 + +exit 0 + diff --git a/lib/libssl/test/testx509.pem b/lib/libssl/test/testx509.pem new file mode 100644 index 00000000000..8a85d14964f --- /dev/null +++ b/lib/libssl/test/testx509.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz +MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF +AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO +/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE +Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ +zl9HYIMxATFyqSiD9jsx +-----END CERTIFICATE----- diff --git a/lib/libssl/test/times b/lib/libssl/test/times new file mode 100644 index 00000000000..49aeebf216e --- /dev/null +++ b/lib/libssl/test/times @@ -0,0 +1,113 @@ + +More number for the questions about SSL overheads.... + +The following numbers were generated on a pentium pro 200, running linux. +They give an indication of the SSL protocol and encryption overheads. + +The program that generated them is an unreleased version of ssl/ssltest.c +which is the SSLeay ssl protocol testing program. It is a single process that +talks both sides of the SSL protocol via a non-blocking memory buffer +interface. + +How do I read this? The protocol and cipher are reasonable obvious. +The next number is the number of connections being made. The next is the +number of bytes exchanged bewteen the client and server side of the protocol. +This is the number of bytes that the client sends to the server, and then +the server sends back. Because this is all happening in one process, +the data is being encrypted, decrypted, encrypted and then decrypted again. +It is a round trip of that many bytes. Because the one process performs +both the client and server sides of the protocol and it sends this many bytes +each direction, multiply this number by 4 to generate the number +of bytes encrypted/decrypted/MACed. The first time value is how many seconds +elapsed doing a full SSL handshake, the second is the cost of one +full handshake and the rest being session-id reuse. + +SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s +SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s +SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s +SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA +SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s +SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s +SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s + +SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s +SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s +SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA +SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s +SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s +SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s + +SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s +SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s +SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s +SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA +SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s +SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s +SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s + +SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s +SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s +SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s +SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA +SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s +SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s +SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s + +What does this all mean? Well for a server, with no session-id reuse, with +a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, +a pentium pro 200 running linux can handle the SSLv3 protocol overheads of +about 49 connections a second. Reality will be quite different :-). + +Remeber the first number is 1000 full ssl handshakes, the second is +1 full and 999 with session-id reuse. The RSA overheads for each exchange +would be one public and one private operation, but the protocol/MAC/cipher +cost would be quite similar in both the client and server. + +eric (adding numbers to speculation) + +--- Appendix --- +- The time measured is user time but these number a very rough. +- Remember this is the cost of both client and server sides of the protocol. +- The TCP/kernal overhead of connection establishment is normally the + killer in SSL. Often delays in the TCP protocol will make session-id + reuse look slower that new sessions, but this would not be the case on + a loaded server. +- The TCP round trip latencies, while slowing indervidual connections, + would have minimal impact on throughput. +- Instead of sending one 102400 byte buffer, one 8k buffer is sent until +- the required number of bytes are processed. +- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. +- A 512bit server key was being used except where noted. +- No server key verification was being performed on the client side of the + protocol. This would slow things down very little. +- The library being used is SSLeay 0.8.x. +- The normal mesauring system was commands of the form + time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse + This modified version of ssltest should be in the next public release of + SSLeay. + +The general cipher performace number for this platform are + +SSLeay 0.8.2a 04-Sep-1997 +built on Fri Sep 5 17:37:05 EST 1997 +options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) +C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized +The 'numbers' are in 1000s of bytes per second processed. +type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes +md2 131.02k 368.41k 500.57k 549.21k 566.09k +mdc2 535.60k 589.10k 595.88k 595.97k 594.54k +md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k +sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k +sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k +rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k +des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k +des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k +idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k +rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k +blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k + sign verify +rsa 512 bits 0.0100s 0.0011s +rsa 1024 bits 0.0451s 0.0012s +rsa 2048 bits 0.2605s 0.0086s +rsa 4096 bits 1.6883s 0.0302s + diff --git a/lib/libssl/test/tpkcs7 b/lib/libssl/test/tpkcs7 new file mode 100644 index 00000000000..ea1f005dacf --- /dev/null +++ b/lib/libssl/test/tpkcs7 @@ -0,0 +1,51 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testp7.pem +fi + +echo testing pkcs7 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/tpkcs7d b/lib/libssl/test/tpkcs7d new file mode 100644 index 00000000000..c8f18fb09c1 --- /dev/null +++ b/lib/libssl/test/tpkcs7d @@ -0,0 +1,44 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay pkcs7' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=pkcs7-1.pem +fi + +echo testing pkcs7 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/treq b/lib/libssl/test/treq new file mode 100644 index 00000000000..e5f1d8cc41f --- /dev/null +++ b/lib/libssl/test/treq @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay req' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testreq.pem +fi + +echo testing req conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -verify -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -verify -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/trsa b/lib/libssl/test/trsa new file mode 100644 index 00000000000..e5b8fe0448e --- /dev/null +++ b/lib/libssl/test/trsa @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay rsa' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testrsa.pem +fi + +echo testing rsa conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/tsid b/lib/libssl/test/tsid new file mode 100644 index 00000000000..8c7e9b1387b --- /dev/null +++ b/lib/libssl/test/tsid @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay sess_id' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testsid.pem +fi + +echo testing session-id conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in fff.p -inform p -outform t >f.t +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> d" +#$cmd -in f.t -inform t -outform d >ff.d2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +#echo "d -> t" +#$cmd -in f.d -inform d -outform t >ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#echo "t -> t" +#$cmd -in f.t -inform t -outform t >ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#echo "p -> t" +#$cmd -in f.p -inform p -outform t >ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +#echo "t -> p" +#$cmd -in f.t -inform t -outform p >ff.p2 +#if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp fff.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +#cmp f.t ff.t1 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t2 +#if [ $? != 0 ]; then exit 1; fi +#cmp f.t ff.t3 +#if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +#cmp f.p ff.p2 +#if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/tx509 b/lib/libssl/test/tx509 new file mode 100644 index 00000000000..f8d1f82cdd2 --- /dev/null +++ b/lib/libssl/test/tx509 @@ -0,0 +1,81 @@ +#!/bin/sh + +PATH=../apps:$PATH +export PATH + +cmd='../apps/ssleay x509' + +if [ "$1"x != "x" ]; then + t=$1 +else + t=testx509.pem +fi + +echo testing X509 conversions +cp $t fff.p + +echo "p -> d" +$cmd -in fff.p -inform p -outform d >f.d +if [ $? != 0 ]; then exit 1; fi +echo "p -> n" +$cmd -in fff.p -inform p -outform n >f.n +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in fff.p -inform p -outform p >f.p +if [ $? != 0 ]; then exit 1; fi + +echo "d -> d" +$cmd -in f.d -inform d -outform d >ff.d1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> d" +$cmd -in f.n -inform n -outform d >ff.d2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> d" +$cmd -in f.p -inform p -outform d >ff.d3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> n" +$cmd -in f.d -inform d -outform n >ff.n1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> n" +$cmd -in f.n -inform n -outform n >ff.n2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> n" +$cmd -in f.p -inform p -outform n >ff.n3 +if [ $? != 0 ]; then exit 1; fi + +echo "d -> p" +$cmd -in f.d -inform d -outform p >ff.p1 +if [ $? != 0 ]; then exit 1; fi +echo "n -> p" +$cmd -in f.n -inform n -outform p >ff.p2 +if [ $? != 0 ]; then exit 1; fi +echo "p -> p" +$cmd -in f.p -inform p -outform p >ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp fff.p f.p +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p2 +if [ $? != 0 ]; then exit 1; fi +cmp fff.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.n ff.n1 +if [ $? != 0 ]; then exit 1; fi +cmp f.n ff.n2 +if [ $? != 0 ]; then exit 1; fi +cmp f.n ff.n3 +if [ $? != 0 ]; then exit 1; fi + +cmp f.p ff.p1 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p2 +if [ $? != 0 ]; then exit 1; fi +cmp f.p ff.p3 +if [ $? != 0 ]; then exit 1; fi + +/bin/rm -f f.* ff.* fff.* +exit 0 diff --git a/lib/libssl/test/v3-cert1.pem b/lib/libssl/test/v3-cert1.pem new file mode 100644 index 00000000000..0da253d5c34 --- /dev/null +++ b/lib/libssl/test/v3-cert1.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx +NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz +dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw +ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu +ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 +ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp +miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C +AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK +Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x +DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR +MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB +AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 +X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 +WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO +-----END CERTIFICATE----- diff --git a/lib/libssl/test/v3-cert2.pem b/lib/libssl/test/v3-cert2.pem new file mode 100644 index 00000000000..de0723ff8de --- /dev/null +++ b/lib/libssl/test/v3-cert2.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD +YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 +ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu +dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 +WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV +BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx +FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA +6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT +G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ +YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm +b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc +F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz +lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap +jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= +-----END CERTIFICATE----- |