From c13ee21492f09ac69a189a3dc5f824ce6c23ecc3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 13 Mar 2000 22:27:52 +0000 Subject: [PATCH 1/1] Synchronise with Unixly tests --- test/testgen.com | 24 ++++++-- test/tests.com | 89 ++++++++++++++++----------- test/testss.com | 19 +++++- test/testssl.com | 153 ++++++++++++++++++++++++++++++++++------------- test/trsa.com | 21 +++---- 5 files changed, 209 insertions(+), 97 deletions(-) diff --git a/test/testgen.com b/test/testgen.com index 0e9029371a..5d28ebec72 100644 --- a/test/testgen.com +++ b/test/testgen.com @@ -16,23 +16,35 @@ $ set on $ $ write sys$output "generating certificate request" $ -$ write sys$output "There should be a 2 sequences of .'s and some +'s." -$ write sys$output "There should not be more that at most 80 per line" -$ write sys$output "This could take some time." -$ $ append/new nl: .rnd $ open/append random_file .rnd $ write random_file "string to make the random number generator think it has entropy" $ close random_file $ -$ mcr 'exe_dir'openssl req -config test.cnf -new -out testreq.pem +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ write sys$output "There should be a 2 sequences of .'s and some +'s." +$ write sys$output "There should not be more that at most 80 per line" +$ endif +$ +$ write sys$output "This could take some time." +$ +$ mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem $ if $severity .ne. 1 $ then $ write sys$output "problems creating request" $ exit 3 $ endif $ -$ mcr 'exe_dir'openssl req -verify -in testreq.pem -noout +$ mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout $ if $severity .ne. 1 $ then $ write sys$output "signature on req is wrong" diff --git a/test/tests.com b/test/tests.com index 040dafab8d..4237b330ba 100644 --- a/test/tests.com +++ b/test/tests.com @@ -23,7 +23,7 @@ $ tests := - test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,- test_rand,test_bn,test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ssl,test_ca + test_ss,test_ca,test_ssl $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -55,54 +55,55 @@ $ loop_tests: $ tests_e = f$element(tests_i,",",tests) $ tests_i = tests_i + 1 $ if tests_e .eqs. "," then goto exit -$ goto 'tests_e' +$ gosub 'tests_e' +$ goto loop_tests $ $ test_des: $ mcr 'texe_dir''destest' -$ goto loop_tests +$ return $ test_idea: $ mcr 'texe_dir''ideatest' -$ goto loop_tests +$ return $ test_sha: $ mcr 'texe_dir''shatest' $ mcr 'texe_dir''sha1test' -$ goto loop_tests +$ return $ test_mdc2: $ mcr 'texe_dir''mdc2test' -$ goto loop_tests +$ return $ test_md5: $ mcr 'texe_dir''md5test' -$ goto loop_tests +$ return $ test_hmac: $ mcr 'texe_dir''hmactest' -$ goto loop_tests +$ return $ test_md2: $ mcr 'texe_dir''md2test' -$ goto loop_tests +$ return $ test_rmd: $ mcr 'texe_dir''rmdtest' -$ goto loop_tests +$ return $ test_bf: $ mcr 'texe_dir''bftest' -$ goto loop_tests +$ return $ test_cast: $ mcr 'texe_dir''casttest' -$ goto loop_tests +$ return $ test_rc2: $ mcr 'texe_dir''rc2test' -$ goto loop_tests +$ return $ test_rc4: $ mcr 'texe_dir''rc4test' -$ goto loop_tests +$ return $ test_rc5: $ mcr 'texe_dir''rc5test' -$ goto loop_tests +$ return $ test_rand: $ mcr 'texe_dir''randtest' -$ goto loop_tests +$ return $ test_enc: $ @testenc.com -$ goto loop_tests +$ return $ test_x509: $ define sys$error nla0: $ write sys$output "test normal x509v1 certificate" @@ -112,35 +113,35 @@ $ @tx509.com v3-cert1.pem $ write sys$output "test second x509v3 certificate" $ @tx509.com v3-cert2.pem $ deassign sys$error -$ goto loop_tests +$ return $ test_rsa: $ define sys$error nla0: $ @trsa.com $ deassign sys$error $ mcr 'texe_dir''rsatest' -$ goto loop_tests +$ return $ test_crl: $ define sys$error nla0: $ @tcrl.com $ deassign sys$error -$ goto loop_tests +$ return $ test_sid: $ define sys$error nla0: $ @tsid.com $ deassign sys$error -$ goto loop_tests +$ return $ test_req: $ define sys$error nla0: $ @treq.com $ @treq.com testreq2.pem $ deassign sys$error -$ goto loop_tests +$ return $ test_pkcs7: $ define sys$error nla0: $ @tpkcs7.com $ @tpkcs7d.com $ deassign sys$error -$ goto loop_tests +$ return $ test_bn: $ write sys$output "starting big number library test, could take a while..." $ create bntest-vms.fdl @@ -164,36 +165,56 @@ $ write sys$output "-- through sh or bash to verify that the bignum operations w $ write sys$output "" $ write sys$output "test a^b%c implementations" $ mcr 'texe_dir''exptest' -$ goto loop_tests +$ return $ test_verify: $ write sys$output "The following command should have some OK's and some failures" $ write sys$output "There are definitly a few expired certificates" $ @tverify.com -$ goto loop_tests +$ return $ test_dh: $ write sys$output "Generate a set of DH parameters" $ mcr 'texe_dir''dhtest' -$ goto loop_tests +$ return $ test_dsa: $ write sys$output "Generate a set of DSA parameters" $ mcr 'texe_dir''dsatest' -$ goto loop_tests +$ return $ test_gen: $ write sys$output "Generate and verify a certificate request" $ @testgen.com -$ goto loop_tests +$ return +$ maybe_test_ss: +$ testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT")) +$ if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then - + goto test_ss +$ if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then - + goto test_ss +$ if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then - + goto test_ss +$ return $ test_ss: $ write sys$output "Generate and certify a test certificate" $ @testss.com -$ goto loop_tests +$ return $ test_ssl: $ write sys$output "test SSL protocol" -$ @testssl.com -$ goto loop_tests +$ gosub maybe_test_ss +$ @testssl.com keyU.ss certU.ss certCA.ss +$ return $ test_ca: -$ write sys$output "Generate and certify a test certificate via the 'ca' program" -$ @testca.com -$ goto loop_tests +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping CA.com test -- requires RSA" +$ else +$ write sys$output "Generate and certify a test certificate via the 'ca' program" +$ @testca.com +$ endif +$ return $ $ $ exit: diff --git a/test/testss.com b/test/testss.com index ce2c4b43f6..685ae5043d 100644 --- a/test/testss.com +++ b/test/testss.com @@ -4,7 +4,7 @@ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ -$ digest="-mdc2" +$ digest="-md5" $ reqcmd := mcr 'exe_dir'openssl req $ x509cmd := mcr 'exe_dir'openssl x509 'digest' $ verifycmd := mcr 'exe_dir'openssl verify @@ -23,7 +23,20 @@ $ Ucert="""certU.ss""" $ $ write sys$output "" $ write sys$output "make a certificate request using 'req'" -$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' -new ! -out err.ss +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ req_new="-newkey dsa:[-.apps]dsa512.pem" +$ else +$ req_new="-new" +$ endif +$ +$ 'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss $ if $severity .ne. 1 $ then $ write sys$output "error using 'req' to generate a certificate request" @@ -73,7 +86,7 @@ $ $ write sys$output "" $ write sys$output "make another certificate request using 'req'" $ define /user sys$output err.ss -$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' -new +$ 'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new' $ if $severity .ne. 1 $ then $ write sys$output "error using 'req' to generate a certificate request" diff --git a/test/testssl.com b/test/testssl.com index 0b4b0a0ad3..ca087773be 100644 --- a/test/testssl.com +++ b/test/testssl.com @@ -2,114 +2,185 @@ $! TESTSSL.COM $ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP -$ exe_dir := sys$disk:[-.'__arch'.exe.test] -$ -$ copy/concatenate [-.certs]*.pem certs.tmp +$ texe_dir := sys$disk:[-.'__arch'.exe.test] +$ exe_dir := sys$disk:[-.'__arch'.exe.apps] +$ +$ if p1 .eqs. "" +$ then +$ key="[-.apps]server.pem" +$ else +$ key=p1 +$ endif +$ if p2 .eqs. "" +$ then +$ cert="[-.apps]server.pem" +$ else +$ cert=p2 +$ endif +$ ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert' +$ +$ define/user sys$output test-ssltest-output. +$ define/user sys$error nla0: +$ mcr 'exe_dir'openssl x509 -in 'cert' -text -noout +$ set noon +$ define/user sys$error nla0: +$ search/output=nla0: testssl-ssltest-output. "DSA Public Key"/exact +$ if $severity .eq. 1 +$ then +$ dsa_cert := YES +$ else +$ dsa_cert := NO +$ endif +$ set on +$ delete testssl-ssltest-output.;* +$ +$ if p3 .eqs. "" +$ then +$ copy/concatenate [-.certs]*.pem certs.tmp +$ CA = """-CAfile"" certs.tmp" +$ else +$ CA = """-CAfile"" "+p3 +$ endif +$ +$!########################################################################### $ $ write sys$output "test sslv2" -$ mcr 'exe_dir'ssltest -ssl2 +$ 'ssltest' -ssl2 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with server authentication" -$ mcr 'exe_dir'ssltest -ssl2 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl2 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with client authentication" -$ mcr 'exe_dir'ssltest -ssl2 -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2 with client authentication" +$ 'ssltest' -ssl2 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with both client and server authentication" -$ mcr 'exe_dir'ssltest -ssl2 -server_auth -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ write sys$output "test sslv2 with both client and server authentication" +$ 'ssltest' -ssl2 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ endif $ $ write sys$output "test sslv3" -$ mcr 'exe_dir'ssltest -ssl3 +$ 'ssltest' -ssl3 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with server authentication" -$ mcr 'exe_dir'ssltest -ssl3 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl3 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with client authentication" -$ mcr 'exe_dir'ssltest -ssl3 -client_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl3 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with both client and server authentication" -$ mcr 'exe_dir'ssltest -ssl3 -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -ssl3 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3" -$ mcr 'exe_dir'ssltest +$ 'ssltest' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with server authentication" -$ mcr 'exe_dir'ssltest -server_auth "-CAfile" certs.tmp +$ 'ssltest' -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with client authentication" -$ mcr 'exe_dir'ssltest -client_auth "-CAfile" certs.tmp +$ 'ssltest' -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with both client and server authentication" -$ mcr 'exe_dir'ssltest -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -$ if $severity .ne. 1 then goto exit3 -$ -$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -dhe1024 -v +$ 'ssltest' -bio_pair -ssl2 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2 with server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl2 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with client authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2 with client authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2 with both client and server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl2 -server_auth -client_auth "-CAfile" certs.tmp -$ if $severity .ne. 1 then goto exit3 +$ write sys$output "test sslv2 with both client and server authentication via BIO pair" +$ 'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' +$ if $severity .ne. 1 then goto exit3 +$ endif $ $ write sys$output "test sslv3 via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 +$ 'ssltest' -bio_pair -ssl3 $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl3 -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv3 with client authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl3 -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ write sys$output "test sslv3 with both client and server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -ssl3 -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 via BIO pair" -$ mcr 'exe_dir'ssltest +$ 'ssltest' $ if $severity .ne. 1 then goto exit3 $ -$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -no_dhe +$ if .not. dsa_cert +$ then +$ write sys$output "test sslv2/sslv3 w/o DHE via BIO pair" +$ 'ssltest' -bio_pair -no_dhe +$ if $severity .ne. 1 then goto exit3 +$ endif +$ +$ write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair" +$ 'ssltest' -bio_pair -dhe1024dsa -v $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with server authentication" -$ mcr 'exe_dir'ssltest -bio_pair -server_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -server_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with client authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ $ write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair" -$ mcr 'exe_dir'ssltest -bio_pair -server_auth -client_auth "-CAfile" certs.tmp +$ 'ssltest' -bio_pair -server_auth -client_auth 'CA' $ if $severity .ne. 1 then goto exit3 $ +$!########################################################################### +$ +$ write sys$output "test tls1 with 1024bti anonymous SH, multiple handshakes" +$ 'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity +$ then +$ write sys$output "skipping RSA tests" +$ else +$ write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ +$ write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes" +$ mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time +$ if $severity .ne. 1 then goto exit3 +$ endif +$ $ RET = 1 $ goto exit $ exit3: diff --git a/test/trsa.com b/test/trsa.com index 7862e902db..6b6c318e2b 100644 --- a/test/trsa.com +++ b/test/trsa.com @@ -4,21 +4,16 @@ $ __arch := VAX $ if f$getsyi("cpu") .ge. 128 then __arch := AXP $ exe_dir := sys$disk:[-.'__arch'.exe.apps] $ -$ found_it := NO -$ define/user sys$output trsa-standard-commands. -$ mcr 'exe_dir'openssl list-standard-commands -$ open/read f trsa-standard-commands. -$ loop_standard_commands: -$ read/end=loop_standard_commands_end f i -$ if f$edit(i,"lowercase") .eqs. "rsa" +$ set noon +$ define/user sys$output nla0: +$ mcr 'exe_dir'openssl no-rsa +$ save_severity=$SEVERITY +$ set on +$ if save_severity $ then -$ found_it := YES -$ goto loop_standard_commands_end +$ write sys$output "skipping RSA conversion test" +$ exit $ endif -$ goto loop_standard_commands -$ loop_standard_commands_end: -$ close f -$ delete trsa-standard-commands.;* $ $ cmd := mcr 'exe_dir'openssl rsa $ -- 2.34.1