diff options
Diffstat (limited to 'regress/usr.bin/openssl/appstest.sh')
-rwxr-xr-x | regress/usr.bin/openssl/appstest.sh | 66 |
1 files changed, 38 insertions, 28 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index 9fb143d4293..44b13438f70 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.38 2020/05/17 01:43:27 inoguchi Exp $ +# $OpenBSD: appstest.sh,v 1.39 2020/05/17 04:43:16 inoguchi Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> # @@ -102,7 +102,7 @@ __EOF__ section_message "listing operations" start_message "ciphers" - $openssl_bin ciphers -V + $openssl_bin ciphers -V > $user1_dir/ciphers-V.out check_exit_status $? start_message "errstr" @@ -250,7 +250,7 @@ function test_key { start_message "gendh - Obsoleted by dhparam." gendh2=$key_dir/gendh2.pem - $openssl_bin gendh -2 -out $gendh2 + $openssl_bin gendh -2 -out $gendh2 > $gendh2.log 2>&1 check_exit_status $? start_message "dh - Obsoleted by dhparam." @@ -260,7 +260,7 @@ function test_key { if [ $no_long_tests = 0 ] ; then start_message "dhparam - Superseded by genpkey and pkeyparam." dhparam2=$key_dir/dhparam2.pem - $openssl_bin dhparam -2 -out $dhparam2 + $openssl_bin dhparam -2 -out $dhparam2 > $dhparam2.log 2>&1 check_exit_status $? $openssl_bin dhparam -in $dhparam2 -check -text \ -out $dhparam2.out @@ -273,7 +273,8 @@ function test_key { start_message "dsaparam - Superseded by genpkey and pkeyparam." dsaparam512=$key_dir/dsaparam512.pem - $openssl_bin dsaparam -genkey -out $dsaparam512 512 + $openssl_bin dsaparam -genkey -out $dsaparam512 512 \ + > $dsaparam512.log 2>&1 check_exit_status $? start_message "dsa" @@ -291,7 +292,7 @@ function test_key { start_message "genrsa - Superseded by genpkey." genrsa_aes256=$key_dir/genrsa_aes256.pem $openssl_bin genrsa -f4 -aes256 -out $genrsa_aes256 \ - -passout pass:$key_pass 2048 + -passout pass:$key_pass 2048 > $genrsa_aes256.log 2>&1 check_exit_status $? start_message "rsa" @@ -315,7 +316,7 @@ function test_key { # EC start_message "ecparam -list-curves" - $openssl_bin ecparam -list_curves + $openssl_bin ecparam -list_curves -out $key_dir/ecparam-list_curves.out check_exit_status $? # get all EC curves @@ -346,7 +347,7 @@ function test_key { genpkey_dh_param=$key_dir/genpkey_dh_param.pem $openssl_bin genpkey -genparam -algorithm DH -out $genpkey_dh_param \ - -pkeyopt dh_paramgen_prime_len:1024 + -pkeyopt dh_paramgen_prime_len:1024 > $genpkey_dh_param.log 2>&1 check_exit_status $? genpkey_dh=$key_dir/genpkey_dh.pem @@ -357,7 +358,7 @@ function test_key { genpkey_dsa_param=$key_dir/genpkey_dsa_param.pem $openssl_bin genpkey -genparam -algorithm DSA -out $genpkey_dsa_param \ - -pkeyopt dsa_paramgen_bits:1024 + -pkeyopt dsa_paramgen_bits:1024 > $genpkey_dsa_param.log 2>&1 check_exit_status $? genpkey_dsa=$key_dir/genpkey_dsa.pem @@ -368,7 +369,8 @@ function test_key { genpkey_rsa=$key_dir/genpkey_rsa.pem $openssl_bin genpkey -algorithm RSA -out $genpkey_rsa \ - -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 + -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 \ + > $genpkey_rsa.log 2>&1 check_exit_status $? genpkey_rsa_pss=$key_dir/genpkey_rsa_pss.pem @@ -376,7 +378,8 @@ function test_key { -pkeyopt rsa_keygen_bits:2048 \ -pkeyopt rsa_pss_keygen_mgf1_md:sha256 \ -pkeyopt rsa_pss_keygen_md:sha256 \ - -pkeyopt rsa_pss_keygen_saltlen:32 + -pkeyopt rsa_pss_keygen_saltlen:32 \ + > $genpkey_rsa_pss.log 2>&1 check_exit_status $? # EC by GENPKEY @@ -648,7 +651,8 @@ __EOF__ -policy policy_match -days 1 -md sha256 -extensions tsa_ext \ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \ -multivalue-rdn -preserveDN -noemailDN \ - -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext + -in $tsa_csr -outdir $tsa_dir -out $tsa_cert -verbose -notext \ + > $tsa_cert.log 2>&1 check_exit_status $? #---------#---------#---------#---------#---------#---------#--------- @@ -679,7 +683,7 @@ __EOF__ $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -keyform pem \ -key $ca_pass -out $ocsp_cert -extensions ocsp_ext \ -startdate `date -u '+%y%m%d%H%M%SZ'` -enddate 491223235959Z \ - -subj $subj -infiles $ocsp_csr + -subj $subj -infiles $ocsp_csr > $ocsp_cert.log 2>&1 check_exit_status $? #---------#---------#---------#---------#---------#---------#--------- @@ -752,7 +756,7 @@ __EOF__ $openssl_bin req -new -subj $subj -sha256 \ -key $ecdsa_key -keyform pem -passin pass:$ecdsa_pass \ - -addext 'subjectAltName = DNS:localhost.test_dummy.com' \ + -addext 'subjectAltName = DNS:ecdsa.test_dummy.com' \ -out $ecdsa_csr -outform pem check_exit_status $? @@ -773,7 +777,7 @@ __EOF__ server_cert=$server_dir/server_cert.pem $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ - -in $server_csr -out $server_cert + -in $server_csr -out $server_cert > $server_cert.log 2>&1 check_exit_status $? start_message "x509 ... issue cert for server csr#2" @@ -782,14 +786,15 @@ __EOF__ $openssl_bin x509 -req -in $revoke_csr -CA $ca_cert -CAform pem \ -CAkey $ca_key -CAkeyform pem \ -CAserial $ca_dir/serial -set_serial 10 \ - -passin pass:$ca_pass -CAcreateserial -out $revoke_cert + -passin pass:$ca_pass -CAcreateserial -out $revoke_cert \ + > $revoke_cert.log 2>&1 check_exit_status $? start_message "ca ... issue cert for server csr#3" ecdsa_cert=$server_dir/ecdsa_cert.pem $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ - -in $ecdsa_csr -out $ecdsa_cert + -in $ecdsa_csr -out $ecdsa_cert > $ecdsa_cert 2>&1 check_exit_status $? #---------#---------#---------#---------#---------#---------#--------- @@ -805,14 +810,15 @@ __EOF__ -crl_reason unspecified -crl_hold 1.2.840.10040.2.2 \ -crl_compromise `date -u '+%Y%m%d%H%M%SZ'` \ -crl_CA_compromise `date -u '+%Y%m%d%H%M%SZ'` \ - -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert + -keyfile $ca_key -passin pass:$ca_pass -cert $ca_cert \ + > $crl_file.log 2>&1 check_exit_status $? start_message "ca ... show certificate status by serial number" $openssl_bin ca -config $ssldir/openssl.cnf -status 1 start_message "crl ... CA generates CRL" - $openssl_bin crl -in $crl_file -fingerprint + $openssl_bin crl -in $crl_file -fingerprint >> $crl_file.log 2>&1 check_exit_status $? crl_p7=$ca_dir/crl.p7 @@ -846,7 +852,8 @@ __EOF__ if [ $mingw = 0 ] ; then start_message "certhash" - $openssl_bin certhash -v $server_dir + $openssl_bin certhash -v $server_dir \ + > $server_dir/certhash.log 2>&1 check_exit_status $? fi @@ -887,7 +894,7 @@ __EOF__ start_message "ca ... CA signs SPKAC csr" spkaccert=$server_dir/spkac.cert $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ - -spkac $spkacreq -out $spkaccert + -spkac $spkacreq -out $spkaccert > $spkaccert.log 2>&1 check_exit_status $? start_message "x509 ... convert DER format SPKAC cert to PEM" @@ -910,7 +917,8 @@ __EOF__ start_message "x509 ... trust testCA cert" user1_trust=$user1_dir/user1_trust_ca.pem $openssl_bin x509 -in $ca_cert -addtrust clientAuth \ - -setalias "trusted testCA" -purpose -out $user1_trust + -setalias "trusted testCA" -purpose -out $user1_trust \ + > $user1_trust.log 2>&1 check_exit_status $? start_message "req ... generate private key and csr for user1" @@ -926,7 +934,7 @@ __EOF__ fi $openssl_bin req -new -keyout $user1_key -out $user1_csr \ - -passout pass:$user1_pass -subj $subj + -passout pass:$user1_pass -subj $subj > $user1_csr.log 2>&1 check_exit_status $? #---------#---------#---------#---------#---------#---------#--------- @@ -938,7 +946,7 @@ __EOF__ user1_cert=$user1_dir/user1_cert.pem $openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \ - -in $user1_csr -out $user1_cert + -in $user1_csr -out $user1_cert > $user1_cert.log 2>&1 check_exit_status $? } @@ -963,7 +971,7 @@ __EOF__ start_message "ts ... print time stamp request" - $openssl_bin ts -query -in $tsa_tsq -text + $openssl_bin ts -query -in $tsa_tsq -text -out $tsa_tsq.log check_exit_status $? # Reply @@ -1047,7 +1055,8 @@ __EOF__ $openssl_bin cms -verify -in $cms_dec \ -CAfile $ca_cert -certfile $user1_cert -nointern \ -check_ss_sig -issuer_checks -policy_check -x509_strict \ - -signer $cms_sgr -text -out $cms_ver -receipt_request_print + -signer $cms_sgr -text -out $cms_ver -receipt_request_print \ + > $cms_ver.log 2>&1 check_exit_status $? diff -b $cms_ver $cms_txt @@ -1303,7 +1312,7 @@ function test_pkcs { start_message "pkcs12 ... verify" $openssl_bin pkcs12 -in $server_cert.p12 -passin pass:$pkcs_pass -info \ - -noout + -noout > $server_cert.p12.log 2>&1 check_exit_status $? start_message "pkcs12 ... private key to PEM without encryption" @@ -1548,7 +1557,8 @@ function test_server_client { # s_time start_message "s_time ... connect to TLS/SSL test server" - $c_bin s_time -connect $host:$port -CApath $ca_dir -time 2 + $c_bin s_time -connect $host:$port -CApath $ca_dir -time 1 \ + > $server_dir/s_time_${sc}.log check_exit_status $? stop_s_server |