diff options
| author |   beck <beck@openbsd.org> | 2016-09-03 11:33:34 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2016-09-03 11:33:34 +0000 |
| commit | 8204a9859e29f943f9d45fa3c5bacf005da87a21 (patch) | |
| tree | 3d72799b17122728ed1ce817d171df956c52a633 /lib/libssl/src/test | |
| parent | Remove NULL pointer checks before calls to free(). (diff) | |
| download | wireguard-openbsd-8204a9859e29f943f9d45fa3c5bacf005da87a21.tar.xz wireguard-openbsd-8204a9859e29f943f9d45fa3c5bacf005da87a21.zip | |
Remove the libssl/src directory
Diffstat (limited to 'lib/libssl/src/test')
56 files changed, 0 insertions, 4594 deletions
diff --git a/lib/libssl/src/test/CAss.cnf b/lib/libssl/src/test/CAss.cnf deleted file mode 100644 index 109bc8c10ba..00000000000 --- a/lib/libssl/src/test/CAss.cnf +++ /dev/null @@ -1,76 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha1 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -commonName = Common Name (eg, YOUR name) -commonName_value = Dodgy CA - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several ctificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -x509_extensions = v3_ca # The extentions to add to the cert - -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. -preserve = no # keep passed DN ordering - -policy = policy_anything - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - - -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true,pathlen:1 -keyUsage = cRLSign, keyCertSign -issuerAltName=issuer:copy diff --git a/lib/libssl/src/test/CAssdh.cnf b/lib/libssl/src/test/CAssdh.cnf deleted file mode 100644 index 4e0a908679f..00000000000 --- a/lib/libssl/src/test/CAssdh.cnf +++ /dev/null @@ -1,24 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# hacked by iang to do DH certs - CA - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = CU -countryName_value = CU - -organizationName = Organization Name (eg, company) -organizationName_value = La Junta de la Revolucion - -commonName = Common Name (eg, YOUR name) -commonName_value = Junta - diff --git a/lib/libssl/src/test/CAssdsa.cnf b/lib/libssl/src/test/CAssdsa.cnf deleted file mode 100644 index a6b4d1810c9..00000000000 --- a/lib/libssl/src/test/CAssdsa.cnf +++ /dev/null @@ -1,23 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# hacked by iang to do DSA certs - CA - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Hermanos Locos - -commonName = Common Name (eg, YOUR name) -commonName_value = Hermanos Locos CA diff --git a/lib/libssl/src/test/CAssrsa.cnf b/lib/libssl/src/test/CAssrsa.cnf deleted file mode 100644 index eb24a6dfc0e..00000000000 --- a/lib/libssl/src/test/CAssrsa.cnf +++ /dev/null @@ -1,24 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# create RSA certs - CA - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Hermanos Locos - -commonName = Common Name (eg, YOUR name) -commonName_value = Hermanos Locos CA - diff --git a/lib/libssl/src/test/CAtsa.cnf b/lib/libssl/src/test/CAtsa.cnf deleted file mode 100644 index f5a275bfc23..00000000000 --- a/lib/libssl/src/test/CAtsa.cnf +++ /dev/null @@ -1,163 +0,0 @@ - -# -# This config is used by the Time Stamp Authority tests. -# - -RANDFILE = ./.rnd - -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -TSDNSECT = ts_cert_dn -INDEX = 1 - -[ new_oids ] - -# Policies used by the TSA tests. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -#---------------------------------------------------------------------- -[ ca ] -default_ca = CA_default # The default ca section - -[ CA_default ] - -dir = ./demoCA -certs = $dir/certs # Where the issued certs are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -default_days = 365 # how long to certify for -default_md = sha1 # which md to use. -preserve = no # keep passed DN ordering - -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = supplied -stateOrProvinceName = supplied -organizationName = supplied -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#---------------------------------------------------------------------- -[ req ] -default_bits = 1024 -default_md = sha1 -distinguished_name = $ENV::TSDNSECT -encrypt_rsa_key = no -prompt = no -# attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert - -string_mask = nombstr - -[ ts_ca_dn ] -countryName = HU -stateOrProvinceName = Budapest -localityName = Budapest -organizationName = Gov-CA Ltd. -commonName = ca1 - -[ ts_cert_dn ] -countryName = HU -stateOrProvinceName = Budapest -localityName = Buda -organizationName = Hun-TSA Ltd. -commonName = tsa$ENV::INDEX - -[ tsa_cert ] - -# TSA server cert is not a CA cert. -basicConstraints=CA:FALSE - -# The following key usage flags are needed for TSA server certificates. -keyUsage = nonRepudiation, digitalSignature -extendedKeyUsage = critical,timeStamping - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always - -[ non_tsa_cert ] - -# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) -basicConstraints=CA:FALSE - -# The following key usage flags are needed for TSA server certificates. -keyUsage = nonRepudiation, digitalSignature -# timeStamping is not supported by this certificate -# extendedKeyUsage = critical,timeStamping - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always - -[ v3_req ] - -# Extensions to add to a certificate request -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature - -[ v3_ca ] - -# Extensions for a typical CA - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = critical,CA:true -keyUsage = cRLSign, keyCertSign - -#---------------------------------------------------------------------- -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = . # TSA root directory -serial = $dir/tsa_serial # The current serial number (mandatory) -signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate - # (optional) -certs = $dir/tsaca.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/tsa_key1.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = yes # Must the ESS cert id chain be included? - # (optional, default: no) - -[ tsa_config2 ] - -# This configuration uses a certificate which doesn't have timeStamping usage. -# These are used by the TSA reply generation only. -dir = . # TSA root directory -serial = $dir/tsa_serial # The current serial number (mandatory) -signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate - # (optional) -certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply - # (optional) -signer_key = $dir/tsa_key2.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/lib/libssl/src/test/P1ss.cnf b/lib/libssl/src/test/P1ss.cnf deleted file mode 100644 index 326cce2ba83..00000000000 --- a/lib/libssl/src/test/P1ss.cnf +++ /dev/null @@ -1,37 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = md2 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -2.commonName = Common Name (eg, YOUR name) -2.commonName_value = Proxy 1 - -[ v3_proxy ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB diff --git a/lib/libssl/src/test/P2ss.cnf b/lib/libssl/src/test/P2ss.cnf deleted file mode 100644 index 8b502321b88..00000000000 --- a/lib/libssl/src/test/P2ss.cnf +++ /dev/null @@ -1,45 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = md2 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -2.commonName = Common Name (eg, YOUR name) -2.commonName_value = Proxy 1 - -3.commonName = Common Name (eg, YOUR name) -3.commonName_value = Proxy 2 - -[ v3_proxy ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical,@proxy_ext - -[ proxy_ext ] -language=id-ppl-anyLanguage -pathlen=0 -policy=text:BC diff --git a/lib/libssl/src/test/Sssdsa.cnf b/lib/libssl/src/test/Sssdsa.cnf deleted file mode 100644 index 8e170a28ef5..00000000000 --- a/lib/libssl/src/test/Sssdsa.cnf +++ /dev/null @@ -1,27 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# hacked by iang to do DSA certs - Server - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Tortilleras S.A. - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Torti - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Gordita - diff --git a/lib/libssl/src/test/Sssrsa.cnf b/lib/libssl/src/test/Sssrsa.cnf deleted file mode 100644 index 8c79a03fca8..00000000000 --- a/lib/libssl/src/test/Sssrsa.cnf +++ /dev/null @@ -1,26 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# -# create RSA certs - Server - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -distinguished_name = req_distinguished_name -encrypt_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = ES -countryName_value = ES - -organizationName = Organization Name (eg, company) -organizationName_value = Tortilleras S.A. - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Torti - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Gordita diff --git a/lib/libssl/src/test/Uss.cnf b/lib/libssl/src/test/Uss.cnf deleted file mode 100644 index 58ac0ca54d7..00000000000 --- a/lib/libssl/src/test/Uss.cnf +++ /dev/null @@ -1,36 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha256 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -[ v3_ee ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -basicConstraints = CA:false -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -issuerAltName=issuer:copy - diff --git a/lib/libssl/src/test/VMSca-response.1 b/lib/libssl/src/test/VMSca-response.1 deleted file mode 100644 index 8b137891791..00000000000 --- a/lib/libssl/src/test/VMSca-response.1 +++ /dev/null @@ -1 +0,0 @@ - diff --git a/lib/libssl/src/test/VMSca-response.2 b/lib/libssl/src/test/VMSca-response.2 deleted file mode 100644 index 9b48ee4cf97..00000000000 --- a/lib/libssl/src/test/VMSca-response.2 +++ /dev/null @@ -1,2 +0,0 @@ -y -y diff --git a/lib/libssl/src/test/asn1test.c b/lib/libssl/src/test/asn1test.c deleted file mode 100755 index 6e6f91f81b3..00000000000 --- a/lib/libssl/src/test/asn1test.c +++ /dev/null @@ -1,23 +0,0 @@ -/* $OpenBSD: asn1test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */ -#include <openssl/x509.h> -#include <openssl/asn1_mac.h> - -typedef struct X - { - STACK_OF(X509_EXTENSION) *ext; - } X; - -/* This isn't meant to run particularly, it's just to test type checking */ -int main(int argc, char **argv) - { - X *x = NULL; - unsigned char **pp = NULL; - - M_ASN1_I2D_vars(x); - M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext, - i2d_X509_EXTENSION); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext, - i2d_X509_EXTENSION); - M_ASN1_I2D_finish(); - } diff --git a/lib/libssl/src/test/bctest b/lib/libssl/src/test/bctest deleted file mode 100644 index bdb3218f7ac..00000000000 --- a/lib/libssl/src/test/bctest +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh - -# This script is used by test/Makefile.ssl to check whether a sane 'bc' -# is installed. -# ('make test_bn' should not try to run 'bc' if it does not exist or if -# it is a broken 'bc' version that is known to cause trouble.) -# -# If 'bc' works, we also test if it knows the 'print' command. -# -# In any case, output an appropriate command line for running (or not -# running) bc. - - -IFS=: -try_without_dir=true -# First we try "bc", then "$dir/bc" for each item in $PATH. -for dir in dummy:$PATH; do - if [ "$try_without_dir" = true ]; then - # first iteration - bc=bc - try_without_dir=false - else - # second and later iterations - bc="$dir/bc" - if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix - bc='' - fi - fi - - if [ ! "$bc" = '' ]; then - failure=none - - - # Test for SunOS 5.[78] bc bug - "$bc" >tmp.bctest <<\EOF -obase=16 -ibase=16 -a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ -CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ -10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ -C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ -3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ -4FC3CADF855448B24A9D7640BCF473E -b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ -9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ -8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ -3ED0E2017D60A68775B75481449 -(a/b)*b + (a%b) - a -EOF - if [ 0 != "`cat tmp.bctest`" ]; then - failure=SunOStest - fi - - - if [ "$failure" = none ]; then - # Test for SCO bc bug. - "$bc" >tmp.bctest <<\EOF -obase=16 -ibase=16 --FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ -9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ -11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ -1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ -AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ -F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ -B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ -02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ -85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ -A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ -E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ -8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ -04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ -89C8D71 -AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ -928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ -8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ -37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ -E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ -F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ -9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ -D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ -5296964 -EOF - if [ "0 -0" != "`cat tmp.bctest`" ]; then - failure=SCOtest - fi - fi - - - if [ "$failure" = none ]; then - # bc works; now check if it knows the 'print' command. - if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] - then - echo "$bc" - else - echo "sed 's/print.*//' | $bc" - fi - exit 0 - fi - - echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 - fi -done - -echo "No working bc found. Consider installing GNU bc." >&2 -if [ "$1" = ignore ]; then - echo "cat >/dev/null" - exit 0 -fi -exit 1 diff --git a/lib/libssl/src/test/cms-examples.pl b/lib/libssl/src/test/cms-examples.pl deleted file mode 100644 index 2e95b48ba45..00000000000 --- a/lib/libssl/src/test/cms-examples.pl +++ /dev/null @@ -1,409 +0,0 @@ -# test/cms-examples.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# Perl script to run tests against S/MIME examples in RFC4134 -# Assumes RFC is in current directory and called "rfc4134.txt" - -use MIME::Base64; - -my $badttest = 0; -my $verbose = 1; - -my $cmscmd; -my $exdir = "./"; -my $exfile = "./rfc4134.txt"; - -if (-f "../apps/openssl") - { - $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; - } -elsif (-f "..\\out32dll\\openssl.exe") - { - $cmscmd = "..\\out32dll\\openssl.exe cms"; - } -elsif (-f "..\\out32\\openssl.exe") - { - $cmscmd = "..\\out32\\openssl.exe cms"; - } - -my @test_list = ( - [ "3.1.bin" => "dataout" ], - [ "3.2.bin" => "encode, dataout" ], - [ "4.1.bin" => "encode, verifyder, cont, dss" ], - [ "4.2.bin" => "encode, verifyder, cont, rsa" ], - [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], - [ "4.4.bin" => "encode, verifyder, cont, dss" ], - [ "4.5.bin" => "verifyder, cont, rsa" ], - [ "4.6.bin" => "encode, verifyder, cont, dss" ], - [ "4.7.bin" => "encode, verifyder, cont, dss" ], - [ "4.8.eml" => "verifymime, dss" ], - [ "4.9.eml" => "verifymime, dss" ], - [ "4.10.bin" => "encode, verifyder, cont, dss" ], - [ "4.11.bin" => "encode, certsout" ], - [ "5.1.bin" => "encode, envelopeder, cont" ], - [ "5.2.bin" => "encode, envelopeder, cont" ], - [ "5.3.eml" => "envelopemime, cont" ], - [ "6.0.bin" => "encode, digest, cont" ], - [ "7.1.bin" => "encode, encrypted, cont" ], - [ "7.2.bin" => "encode, encrypted, cont" ] -); - -# Extract examples from RFC4134 text. -# Base64 decode all examples, certificates and -# private keys are converted to PEM format. - -my ( $filename, $data ); - -my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); - -$data = ""; - -open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; - -while (<IN>) { - next unless (/^\|/); - s/^\|//; - next if (/^\*/); - if (/^>(.*)$/) { - $filename = $1; - next; - } - if (/^</) { - $filename = "$exdir/$filename"; - if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) { - $data = decode_base64($data); - open OUT, ">$filename"; - binmode OUT; - print OUT $data; - close OUT; - push @cleanup, $filename; - } - elsif ( $filename =~ /\.cer$/ ) { - write_pem( $filename, "CERTIFICATE", $data ); - } - elsif ( $filename =~ /\.pri$/ ) { - write_pem( $filename, "PRIVATE KEY", $data ); - } - $data = ""; - $filename = ""; - } - else { - $data .= $_; - } - -} - -my $secretkey = - "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; - -foreach (@test_list) { - my ( $file, $tlist ) = @$_; - print "Example file $file:\n"; - if ( $tlist =~ /encode/ ) { - run_reencode_test( $exdir, $file ); - } - if ( $tlist =~ /certsout/ ) { - run_certsout_test( $exdir, $file ); - } - if ( $tlist =~ /dataout/ ) { - run_dataout_test( $exdir, $file ); - } - if ( $tlist =~ /verify/ ) { - run_verify_test( $exdir, $tlist, $file ); - } - if ( $tlist =~ /digest/ ) { - run_digest_test( $exdir, $tlist, $file ); - } - if ( $tlist =~ /encrypted/ ) { - run_encrypted_test( $exdir, $tlist, $file, $secretkey ); - } - if ( $tlist =~ /envelope/ ) { - run_envelope_test( $exdir, $tlist, $file ); - } - -} - -foreach (@cleanup) { - unlink $_; -} - -if ($badtest) { - print "\n$badtest TESTS FAILED!!\n"; -} -else { - print "\n***All tests successful***\n"; -} - -sub write_pem { - my ( $filename, $str, $data ) = @_; - - $filename =~ s/\.[^.]*$/.pem/; - - push @cleanup, $filename; - - open OUT, ">$filename"; - - print OUT "-----BEGIN $str-----\n"; - print OUT $data; - print OUT "-----END $str-----\n"; - - close OUT; -} - -sub run_reencode_test { - my ( $cmsdir, $tfile ) = @_; - unlink "tmp.der"; - - system( "$cmscmd -cmsout -inform DER -outform DER" - . " -in $cmsdir/$tfile -out tmp.der" ); - - if ($?) { - print "\tReencode command FAILED!!\n"; - $badtest++; - } - elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { - print "\tReencode FAILED!!\n"; - $badtest++; - } - else { - print "\tReencode passed\n" if $verbose; - } -} - -sub run_certsout_test { - my ( $cmsdir, $tfile ) = @_; - unlink "tmp.der"; - unlink "tmp.pem"; - - system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" - . " -in $cmsdir/$tfile -out tmp.der" ); - - if ($?) { - print "\tCertificate output command FAILED!!\n"; - $badtest++; - } - else { - print "\tCertificate output passed\n" if $verbose; - } -} - -sub run_dataout_test { - my ( $cmsdir, $tfile ) = @_; - unlink "tmp.txt"; - - system( - "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); - - if ($?) { - print "\tDataout command FAILED!!\n"; - $badtest++; - } - elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { - print "\tDataout compare FAILED!!\n"; - $badtest++; - } - else { - print "\tDataout passed\n" if $verbose; - } -} - -sub run_verify_test { - my ( $cmsdir, $tlist, $tfile ) = @_; - unlink "tmp.txt"; - - $form = "DER" if $tlist =~ /verifyder/; - $form = "SMIME" if $tlist =~ /verifymime/; - $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; - $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; - - $cmd = - "$cmscmd -verify -inform $form" - . " -CAfile $cafile" - . " -in $cmsdir/$tfile -out tmp.txt"; - - $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; - - system("$cmd 2>cms.err 1>cms.out"); - - if ($?) { - print "\tVerify command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tVerify content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tVerify passed\n" if $verbose; - } -} - -sub run_envelope_test { - my ( $cmsdir, $tlist, $tfile ) = @_; - unlink "tmp.txt"; - - $form = "DER" if $tlist =~ /envelopeder/; - $form = "SMIME" if $tlist =~ /envelopemime/; - - $cmd = - "$cmscmd -decrypt -inform $form" - . " -recip $cmsdir/BobRSASignByCarl.pem" - . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" - . " -in $cmsdir/$tfile -out tmp.txt"; - - system("$cmd 2>cms.err 1>cms.out"); - - if ($?) { - print "\tDecrypt command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tDecrypt content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tDecrypt passed\n" if $verbose; - } -} - -sub run_digest_test { - my ( $cmsdir, $tlist, $tfile ) = @_; - unlink "tmp.txt"; - - my $cmd = - "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; - - system("$cmd 2>cms.err 1>cms.out"); - - if ($?) { - print "\tDigest verify command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tDigest verify content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tDigest verify passed\n" if $verbose; - } -} - -sub run_encrypted_test { - my ( $cmsdir, $tlist, $tfile, $key ) = @_; - unlink "tmp.txt"; - - system( "$cmscmd -EncryptedData_decrypt -inform DER" - . " -secretkey $key" - . " -in $cmsdir/$tfile -out tmp.txt" ); - - if ($?) { - print "\tEncrypted Data command FAILED!!\n"; - $badtest++; - } - elsif ( $tlist =~ /cont/ - && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) - { - print "\tEncrypted Data content compare FAILED!!\n"; - $badtest++; - } - else { - print "\tEncryptedData verify passed\n" if $verbose; - } -} - -sub cmp_files { - my ( $f1, $f2 ) = @_; - my ( $fp1, $fp2 ); - - my ( $rd1, $rd2 ); - - if ( !open( $fp1, "<$f1" ) ) { - print STDERR "Can't Open file $f1\n"; - return 0; - } - - if ( !open( $fp2, "<$f2" ) ) { - print STDERR "Can't Open file $f2\n"; - return 0; - } - - binmode $fp1; - binmode $fp2; - - my $ret = 0; - - for ( ; ; ) { - $n1 = sysread $fp1, $rd1, 4096; - $n2 = sysread $fp2, $rd2, 4096; - last if ( $n1 != $n2 ); - last if ( $rd1 ne $rd2 ); - - if ( $n1 == 0 ) { - $ret = 1; - last; - } - - } - - close $fp1; - close $fp2; - - return $ret; - -} - diff --git a/lib/libssl/src/test/cms-test.pl b/lib/libssl/src/test/cms-test.pl deleted file mode 100644 index dfef799be2f..00000000000 --- a/lib/libssl/src/test/cms-test.pl +++ /dev/null @@ -1,459 +0,0 @@ -# test/cms-test.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# CMS, PKCS7 consistency test script. Run extensive tests on -# OpenSSL PKCS#7 and CMS implementations. - -my $ossl_path; -my $redir = " 2> cms.err > cms.out"; -# Make VMS work -if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { - $ossl_path = "pipe mcr OSSLX:openssl"; -} -# Make MSYS work -elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { - $ossl_path = "cmd /c ..\\apps\\openssl"; -} -elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { - $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; -} -elsif ( -f "..\\out32dll\\openssl.exe" ) { - $ossl_path = "..\\out32dll\\openssl.exe"; -} -elsif ( -f "..\\out32\\openssl.exe" ) { - $ossl_path = "..\\out32\\openssl.exe"; -} -else { - die "Can't find OpenSSL executable"; -} - -my $pk7cmd = "$ossl_path smime "; -my $cmscmd = "$ossl_path cms "; -my $smdir = "smime-certs"; -my $halt_err = 1; - -my $badcmd = 0; -my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; - -my @smime_pkcs7_tests = ( - - [ - "signed content DER format, RSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -certfile $smdir/smroot.pem" - . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed detached content DER format, RSA key", - "-sign -in smcont.txt -outform \"DER\"" - . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content DER format, DSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed detached content DER format, DSA key", - "-sign -in smcont.txt -outform \"DER\"" - . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed detached content DER format, add RSA signer", - "-resign -inform \"DER\" -in test.cms -outform \"DER\"" - . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" - ], - - [ - "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform \"DER\" -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ -"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "enveloped content test streaming S/MIME format, 3 recipients", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, 3 recipients, key only used", - "-encrypt -in smcont.txt" - . " -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" - ], - - [ -"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", - "-encrypt -in smcont.txt" - . " -aes256 -stream -out test.cms" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - -); - -my @smime_cms_tests = ( - - [ - "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform \"DER\" " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content test streaming PEM format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform PEM -nodetach" - . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" - . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" - . " -stream -out test.cms", - "-verify -in test.cms -inform PEM " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed content MIME format, RSA key, signed receipt request", - "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" - . " -receipt_request_to test\@openssl.org -receipt_request_all" - . " -out test.cms", - "-verify -in test.cms " - . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" - ], - - [ - "signed receipt MIME format, RSA key", - "-sign_receipt -in test.cms" - . " -signer $smdir/smrsa2.pem" - . " -out test2.cms", - "-verify_receipt test2.cms -in test.cms" - . " \"-CAfile\" $smdir/smroot.pem" - ], - - [ - "enveloped content test streaming S/MIME format, 3 recipients, keyid", - "-encrypt -in smcont.txt" - . " -stream -out test.cms -keyid" - . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", - "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" - ], - - [ - "enveloped content test streaming PEM format, KEK", - "-encrypt -in smcont.txt -outform PEM -aes128" - . " -stream -out test.cms " - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0", - "-decrypt -in test.cms -out smtst.txt -inform PEM" - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0" - ], - - [ - "enveloped content test streaming PEM format, KEK, key only", - "-encrypt -in smcont.txt -outform PEM -aes128" - . " -stream -out test.cms " - . " -secretkey 000102030405060708090A0B0C0D0E0F " - . " -secretkeyid C0FEE0", - "-decrypt -in test.cms -out smtst.txt -inform PEM" - . " -secretkey 000102030405060708090A0B0C0D0E0F " - ], - - [ - "data content test streaming PEM format", - "-data_create -in smcont.txt -outform PEM -nodetach" - . " -stream -out test.cms", - "-data_out -in test.cms -inform PEM -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 128 bit RC2 key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 40 bit RC2 key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -rc2 -secretkey 0001020304" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 0001020304 -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, triple DES key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" - . " -out smtst.txt" - ], - - [ - "encrypted content test streaming PEM format, 128 bit AES key", - "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" - . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" - . " -stream -out test.cms", - "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " - . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" - ], - -); - -my @smime_cms_comp_tests = ( - - [ - "compressed content test streaming PEM format", - "-compress -in smcont.txt -outform PEM -nodetach" - . " -stream -out test.cms", - "-uncompress -in test.cms -inform PEM -out smtst.txt" - ] - -); - -print "CMS => PKCS#7 compatibility tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); - -print "CMS <= PKCS#7 compatibility tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); - -print "CMS <=> CMS consistency tests\n"; - -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); -run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); - -if ( `$ossl_path version -f` =~ /ZLIB/ ) { - run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); -} -else { - print "Zlib not supported: compression tests skipped\n"; -} - -print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); - -if ($badcmd) { - print "$badcmd TESTS FAILED!!\n"; -} -else { - print "ALL TESTS SUCCESSFUL.\n"; -} - -unlink "test.cms"; -unlink "test2.cms"; -unlink "smtst.txt"; -unlink "cms.out"; -unlink "cms.err"; - -sub run_smime_tests { - my ( $rv, $aref, $scmd, $vcmd ) = @_; - - foreach $smtst (@$aref) { - my ( $tnam, $rscmd, $rvcmd ) = @$smtst; - if ($ossl8) - { - # Skip smime resign: 0.9.8 smime doesn't support -resign - next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); - # Disable streaming: option not supported in 0.9.8 - $tnam =~ s/streaming//; - $rscmd =~ s/-stream//; - $rvcmd =~ s/-stream//; - } - system("$scmd$rscmd$redir"); - if ($?) { - print "$tnam: generation error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - system("$vcmd$rvcmd$redir"); - if ($?) { - print "$tnam: verify error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - if (!cmp_files("smtst.txt", "smcont.txt")) { - print "$tnam: content verify error\n"; - $$rv++; - exit 1 if $halt_err; - next; - } - print "$tnam: OK\n"; - } -} - -sub cmp_files { - use FileHandle; - my ( $f1, $f2 ) = @_; - my $fp1 = FileHandle->new(); - my $fp2 = FileHandle->new(); - - my ( $rd1, $rd2 ); - - if ( !open( $fp1, "<$f1" ) ) { - print STDERR "Can't Open file $f1\n"; - return 0; - } - - if ( !open( $fp2, "<$f2" ) ) { - print STDERR "Can't Open file $f2\n"; - return 0; - } - - binmode $fp1; - binmode $fp2; - - my $ret = 0; - - for ( ; ; ) { - $n1 = sysread $fp1, $rd1, 4096; - $n2 = sysread $fp2, $rd2, 4096; - last if ( $n1 != $n2 ); - last if ( $rd1 ne $rd2 ); - - if ( $n1 == 0 ) { - $ret = 1; - last; - } - - } - - close $fp1; - close $fp2; - - return $ret; - -} - diff --git a/lib/libssl/src/test/methtest.c b/lib/libssl/src/test/methtest.c deleted file mode 100644 index 1e65ccf99cc..00000000000 --- a/lib/libssl/src/test/methtest.c +++ /dev/null @@ -1,105 +0,0 @@ -/* $OpenBSD: methtest.c,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <stdio.h> -#include <stdlib.h> -#include <openssl/rsa.h> -#include <openssl/x509.h> -#include "meth.h" -#include <openssl/err.h> - -int main(argc,argv) -int argc; -char *argv[]; - { - METHOD_CTX *top,*tmp1,*tmp2; - - top=METH_new(x509_lookup()); /* get a top level context */ - if (top == NULL) goto err; - - tmp1=METH_new(x509_by_file()); - if (top == NULL) goto err; - METH_arg(tmp1,METH_TYPE_FILE,"cafile1"); - METH_arg(tmp1,METH_TYPE_FILE,"cafile2"); - METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); - - tmp2=METH_new(x509_by_dir()); - METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts"); - METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs"); - METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); - METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); - -/* tmp=METH_new(x509_by_issuer_dir); - METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); - METH_push(top,METH_X509_BY_ISSUER,tmp); - - tmp=METH_new(x509_by_issuer_primary); - METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); - METH_push(top,METH_X509_BY_ISSUER,tmp); -*/ - - METH_init(top); - METH_control(tmp1,METH_CONTROL_DUMP,stdout); - METH_control(tmp2,METH_CONTROL_DUMP,stdout); - EXIT(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - EXIT(1); - return(0); - } diff --git a/lib/libssl/src/test/pkcs7-1.pem b/lib/libssl/src/test/pkcs7-1.pem deleted file mode 100644 index c47b27af889..00000000000 --- a/lib/libssl/src/test/pkcs7-1.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN PKCS7----- -MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG -SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE -AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF -eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 -MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv -bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK -ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB -FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N -9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 -BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w -bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB -BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C -j7Kie1x339mxW/w9VZNTUDQQweHh ------END PKCS7----- diff --git a/lib/libssl/src/test/pkcs7.pem b/lib/libssl/src/test/pkcs7.pem deleted file mode 100644 index d55c60b94e1..00000000000 --- a/lib/libssl/src/test/pkcs7.pem +++ /dev/null @@ -1,54 +0,0 @@ - MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg - AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH - EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl - cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw - ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 - MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh - c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh - bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE - CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl - Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G - CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK - ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 - l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC - HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg - Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 - c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj - YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 - dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx - dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu - LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU - ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln - biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT - IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB - AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t - L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL - HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF - slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 - ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR - /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT - aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp - ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 - OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu - MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz - Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv - qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy - sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb - P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG - A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA - KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 - Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 - Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq - hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp - Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk - dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ - KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 - dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW - I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow - ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W - ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD - ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw - MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK - /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ - DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP - b+xSu/jH0gAAMYAAAAAAAAAAAA== diff --git a/lib/libssl/src/test/pkits-test.pl b/lib/libssl/src/test/pkits-test.pl deleted file mode 100644 index 5c6b89fcdb0..00000000000 --- a/lib/libssl/src/test/pkits-test.pl +++ /dev/null @@ -1,949 +0,0 @@ -# test/pkits-test.pl -# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -# project. -# -# ==================================================================== -# Copyright (c) 2008 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing@OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -# Perl utility to run PKITS tests for RFC3280 compliance. - -my $ossl_path; - -if ( -f "../apps/openssl" ) { - $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; -} -elsif ( -f "..\\out32dll\\openssl.exe" ) { - $ossl_path = "..\\out32dll\\openssl.exe"; -} -elsif ( -f "..\\out32\\openssl.exe" ) { - $ossl_path = "..\\out32\\openssl.exe"; -} -else { - die "Can't find OpenSSL executable"; -} - -my $pkitsdir = "pkits/smime"; -my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; - -die "Can't find PKITS test data" if !-d $pkitsdir; - -my $nist1 = "2.16.840.1.101.3.2.1.48.1"; -my $nist2 = "2.16.840.1.101.3.2.1.48.2"; -my $nist3 = "2.16.840.1.101.3.2.1.48.3"; -my $nist4 = "2.16.840.1.101.3.2.1.48.4"; -my $nist5 = "2.16.840.1.101.3.2.1.48.5"; -my $nist6 = "2.16.840.1.101.3.2.1.48.6"; - -my $apolicy = "X509v3 Any Policy"; - -# This table contains the chapter headings of the accompanying PKITS -# document. They provide useful informational output and their names -# can be converted into the filename to test. - -my @testlists = ( - [ "4.1", "Signature Verification" ], - [ "4.1.1", "Valid Signatures Test1", 0 ], - [ "4.1.2", "Invalid CA Signature Test2", 7 ], - [ "4.1.3", "Invalid EE Signature Test3", 7 ], - [ "4.1.4", "Valid DSA Signatures Test4", 0 ], - [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], - [ "4.1.6", "Invalid DSA Signature Test6", 7 ], - [ "4.2", "Validity Periods" ], - [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], - [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], - [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], - [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], - [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], - [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], - [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], - [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], - [ "4.3", "Verifying Name Chaining" ], - [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], - [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], - [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], - [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], - [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], - [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], - [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], - [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], - [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], - [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], - [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], - [ "4.4", "Basic Certificate Revocation Tests" ], - [ "4.4.1", "Missing CRL Test1", 3 ], - [ "4.4.2", "Invalid Revoked CA Test2", 23 ], - [ "4.4.3", "Invalid Revoked EE Test3", 23 ], - [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], - [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], - [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], - [ "4.4.7", "Valid Two CRLs Test7", 0 ], - - # The test document suggests these should return certificate revoked... - # Subsquent discussion has concluded they should not due to unhandle - # critical CRL extensions. - [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], - [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], - - [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], - [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], - [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], - [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], - [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], - [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], - [ "4.4.16", "Valid Long Serial Number Test16", 0 ], - [ "4.4.17", "Valid Long Serial Number Test17", 0 ], - [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], - [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], - [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], - - # CRL path is revoked so get a CRL path validation error - [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], - [ "4.5", "Verifying Paths with Self-Issued Certificates" ], - [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], - [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], - [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], - [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], - [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], - [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], - [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], - [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], - [ "4.6", "Verifying Basic Constraints" ], - [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], - [ "4.6.2", "Invalid cA False Test2", 24 ], - [ "4.6.3", "Invalid cA False Test3", 24 ], - [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], - [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], - [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], - [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], - [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], - [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], - [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], - [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], - [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], - [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], - [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], - [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], - [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], - [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], - [ "4.7", "Key Usage" ], - [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], - [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], - [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], - [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], - [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], - - # Certificate policy tests need special handling. They can have several - # sub tests and we need to check the outputs are correct. - - [ "4.8", "Certificate Policies" ], - [ - "4.8.1.1", - "All Certificates Same Policy Test1", - "-policy anyPolicy -explicit_policy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.1.2", - "All Certificates Same Policy Test1", - "-policy $nist1 -explicit_policy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.1.3", - "All Certificates Same Policy Test1", - "-policy $nist2 -explicit_policy", - "True", $nist1, "<empty>", 43 - ], - [ - "4.8.1.4", - "All Certificates Same Policy Test1", - "-policy $nist1 -policy $nist2 -explicit_policy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.2.1", - "All Certificates No Policies Test2", - "-policy anyPolicy", - "False", "<empty>", "<empty>", 0 - ], - [ - "4.8.2.2", - "All Certificates No Policies Test2", - "-policy anyPolicy -explicit_policy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.3.1", - "Different Policies Test3", - "-policy anyPolicy", - "False", "<empty>", "<empty>", 0 - ], - [ - "4.8.3.2", - "Different Policies Test3", - "-policy anyPolicy -explicit_policy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.3.3", - "Different Policies Test3", - "-policy $nist1 -policy $nist2 -explicit_policy", - "True", "<empty>", "<empty>", 43 - ], - - [ - "4.8.4", - "Different Policies Test4", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.5", - "Different Policies Test5", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.6.1", - "Overlapping Policies Test6", - "-policy anyPolicy", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.6.2", - "Overlapping Policies Test6", - "-policy $nist1", - "True", $nist1, $nist1, 0 - ], - [ - "4.8.6.3", - "Overlapping Policies Test6", - "-policy $nist2", - "True", $nist1, "<empty>", 43 - ], - [ - "4.8.7", - "Different Policies Test7", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.8", - "Different Policies Test8", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.9", - "Different Policies Test9", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.10.1", - "All Certificates Same Policies Test10", - "-policy $nist1", - "True", "$nist1:$nist2", "$nist1", 0 - ], - [ - "4.8.10.2", - "All Certificates Same Policies Test10", - "-policy $nist2", - "True", "$nist1:$nist2", "$nist2", 0 - ], - [ - "4.8.10.3", - "All Certificates Same Policies Test10", - "-policy anyPolicy", - "True", "$nist1:$nist2", "$nist1:$nist2", 0 - ], - [ - "4.8.11.1", - "All Certificates AnyPolicy Test11", - "-policy anyPolicy", - "True", "$apolicy", "$apolicy", 0 - ], - [ - "4.8.11.2", - "All Certificates AnyPolicy Test11", - "-policy $nist1", - "True", "$apolicy", "$nist1", 0 - ], - [ - "4.8.12", - "Different Policies Test12", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.8.13.1", - "All Certificates Same Policies Test13", - "-policy $nist1", - "True", "$nist1:$nist2:$nist3", "$nist1", 0 - ], - [ - "4.8.13.2", - "All Certificates Same Policies Test13", - "-policy $nist2", - "True", "$nist1:$nist2:$nist3", "$nist2", 0 - ], - [ - "4.8.13.3", - "All Certificates Same Policies Test13", - "-policy $nist3", - "True", "$nist1:$nist2:$nist3", "$nist3", 0 - ], - [ - "4.8.14.1", "AnyPolicy Test14", - "-policy $nist1", "True", - "$nist1", "$nist1", - 0 - ], - [ - "4.8.14.2", "AnyPolicy Test14", - "-policy $nist2", "True", - "$nist1", "<empty>", - 43 - ], - [ - "4.8.15", - "User Notice Qualifier Test15", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.16", - "User Notice Qualifier Test16", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.17", - "User Notice Qualifier Test17", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.18.1", - "User Notice Qualifier Test18", - "-policy $nist1", - "True", "$nist1:$nist2", "$nist1", 0 - ], - [ - "4.8.18.2", - "User Notice Qualifier Test18", - "-policy $nist2", - "True", "$nist1:$nist2", "$nist2", 0 - ], - [ - "4.8.19", - "User Notice Qualifier Test19", - "-policy anyPolicy", - "False", "$nist1", "$nist1", 0 - ], - [ - "4.8.20", - "CPS Pointer Qualifier Test20", - "-policy anyPolicy -explicit_policy", - "True", "$nist1", "$nist1", 0 - ], - [ "4.9", "Require Explicit Policy" ], - [ - "4.9.1", - "Valid RequireExplicitPolicy Test1", - "-policy anyPolicy", - "False", "<empty>", "<empty>", 0 - ], - [ - "4.9.2", - "Valid RequireExplicitPolicy Test2", - "-policy anyPolicy", - "False", "<empty>", "<empty>", 0 - ], - [ - "4.9.3", - "Invalid RequireExplicitPolicy Test3", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.9.4", - "Valid RequireExplicitPolicy Test4", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.9.5", - "Invalid RequireExplicitPolicy Test5", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.9.6", - "Valid Self-Issued requireExplicitPolicy Test6", - "-policy anyPolicy", - "False", "<empty>", "<empty>", 0 - ], - [ - "4.9.7", - "Invalid Self-Issued requireExplicitPolicy Test7", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.9.8", - "Invalid Self-Issued requireExplicitPolicy Test8", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ "4.10", "Policy Mappings" ], - [ - "4.10.1.1", - "Valid Policy Mapping Test1", - "-policy $nist1", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.1.2", - "Valid Policy Mapping Test1", - "-policy $nist2", - "True", "$nist1", "<empty>", 43 - ], - [ - "4.10.1.3", - "Valid Policy Mapping Test1", - "-policy anyPolicy -inhibit_map", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.10.2.1", - "Invalid Policy Mapping Test2", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.10.2.2", - "Invalid Policy Mapping Test2", - "-policy anyPolicy -inhibit_map", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.10.3.1", - "Valid Policy Mapping Test3", - "-policy $nist1", - "True", "$nist2", "<empty>", 43 - ], - [ - "4.10.3.2", - "Valid Policy Mapping Test3", - "-policy $nist2", - "True", "$nist2", "$nist2", 0 - ], - [ - "4.10.4", - "Invalid Policy Mapping Test4", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.10.5.1", - "Valid Policy Mapping Test5", - "-policy $nist1", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.5.2", - "Valid Policy Mapping Test5", - "-policy $nist6", - "True", "$nist1", "<empty>", 43 - ], - [ - "4.10.6.1", - "Valid Policy Mapping Test6", - "-policy $nist1", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.6.2", - "Valid Policy Mapping Test6", - "-policy $nist6", - "True", "$nist1", "<empty>", 43 - ], - [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], - [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], - [ - "4.10.9", - "Valid Policy Mapping Test9", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.10.10", - "Invalid Policy Mapping Test10", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.10.11", - "Valid Policy Mapping Test11", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - - # TODO: check notice display - [ - "4.10.12.1", - "Valid Policy Mapping Test12", - "-policy $nist1", - "True", "$nist1:$nist2", "$nist1", 0 - ], - - # TODO: check notice display - [ - "4.10.12.2", - "Valid Policy Mapping Test12", - "-policy $nist2", - "True", "$nist1:$nist2", "$nist2", 0 - ], - [ - "4.10.13", - "Valid Policy Mapping Test13", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - - # TODO: check notice display - [ - "4.10.14", - "Valid Policy Mapping Test14", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ "4.11", "Inhibit Policy Mapping" ], - [ - "4.11.1", - "Invalid inhibitPolicyMapping Test1", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.2", - "Valid inhibitPolicyMapping Test2", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.11.3", - "Invalid inhibitPolicyMapping Test3", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.4", - "Valid inhibitPolicyMapping Test4", - "-policy anyPolicy", - "True", "$nist2", "$nist2", 0 - ], - [ - "4.11.5", - "Invalid inhibitPolicyMapping Test5", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.6", - "Invalid inhibitPolicyMapping Test6", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.7", - "Valid Self-Issued inhibitPolicyMapping Test7", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.11.8", - "Invalid Self-Issued inhibitPolicyMapping Test8", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.9", - "Invalid Self-Issued inhibitPolicyMapping Test9", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.10", - "Invalid Self-Issued inhibitPolicyMapping Test10", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.11.11", - "Invalid Self-Issued inhibitPolicyMapping Test11", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ "4.12", "Inhibit Any Policy" ], - [ - "4.12.1", - "Invalid inhibitAnyPolicy Test1", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.12.2", - "Valid inhibitAnyPolicy Test2", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.12.3.1", - "inhibitAnyPolicy Test3", - "-policy anyPolicy", - "True", "$nist1", "$nist1", 0 - ], - [ - "4.12.3.2", - "inhibitAnyPolicy Test3", - "-policy anyPolicy -inhibit_any", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.12.4", - "Invalid inhibitAnyPolicy Test4", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.12.5", - "Invalid inhibitAnyPolicy Test5", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ - "4.12.6", - "Invalid inhibitAnyPolicy Test6", - "-policy anyPolicy", - "True", "<empty>", "<empty>", 43 - ], - [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], - [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], - [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], - [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], - [ "4.13", "Name Constraints" ], - [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], - [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], - [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], - [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], - [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], - [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], - [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], - [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], - [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], - [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], - [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], - [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], - [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], - [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], - [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], - [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], - [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], - [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], - [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], - [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], - [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], - [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], - [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], - [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], - [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], - [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], - [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], - [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], - [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], - [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], - [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], - [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], - [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], - [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], - [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], - [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], - [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], - [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], - [ "4.14", "Distribution Points" ], - [ "4.14.1", "Valid distributionPoint Test1", 0 ], - [ "4.14.2", "Invalid distributionPoint Test2", 23 ], - [ "4.14.3", "Invalid distributionPoint Test3", 44 ], - [ "4.14.4", "Valid distributionPoint Test4", 0 ], - [ "4.14.5", "Valid distributionPoint Test5", 0 ], - [ "4.14.6", "Invalid distributionPoint Test6", 23 ], - [ "4.14.7", "Valid distributionPoint Test7", 0 ], - [ "4.14.8", "Invalid distributionPoint Test8", 44 ], - [ "4.14.9", "Invalid distributionPoint Test9", 44 ], - [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], - [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], - [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], - [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], - [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], - [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], - [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], - [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], - [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], - [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], - [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], - [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], - [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], - [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], - [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], - [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], - [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], - [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], - [ "4.14.28", "Valid cRLIssuer Test28", 0 ], - [ "4.14.29", "Valid cRLIssuer Test29", 0 ], - - # Although this test is valid it has a circular dependency. As a result - # an attempt is made to reursively checks a CRL path and rejected due to - # a CRL path validation error. PKITS notes suggest this test does not - # need to be run due to this issue. - [ "4.14.30", "Valid cRLIssuer Test30", 54 ], - [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], - [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], - [ "4.14.33", "Valid cRLIssuer Test33", 0 ], - [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], - [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], - [ "4.15", "Delta-CRLs" ], - [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], - [ "4.15.2", "Valid delta-CRL Test2", 0 ], - [ "4.15.3", "Invalid delta-CRL Test3", 23 ], - [ "4.15.4", "Invalid delta-CRL Test4", 23 ], - [ "4.15.5", "Valid delta-CRL Test5", 0 ], - [ "4.15.6", "Invalid delta-CRL Test6", 23 ], - [ "4.15.7", "Valid delta-CRL Test7", 0 ], - [ "4.15.8", "Valid delta-CRL Test8", 0 ], - [ "4.15.9", "Invalid delta-CRL Test9", 23 ], - [ "4.15.10", "Invalid delta-CRL Test10", 12 ], - [ "4.16", "Private Certificate Extensions" ], - [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], - [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], -); - - -my $verbose = 1; - -my $numtest = 0; -my $numfail = 0; - -my $ossl = "ossl/apps/openssl"; - -my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; -$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; - -# Check for expiry of trust anchor -system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; -if ($? == 256) - { - print STDERR "WARNING: using older expired data\n"; - $ossl_cmd .= "-attime 1291940972 "; - } - -$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; - -system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; - -die "Can't create trust anchor file" if $?; - -print "Running PKITS tests:\n" if $verbose; - -foreach (@testlists) { - my $argnum = @$_; - if ( $argnum == 2 ) { - my ( $tnum, $title ) = @$_; - print "$tnum $title\n" if $verbose; - } - elsif ( $argnum == 3 ) { - my ( $tnum, $title, $exp_ret ) = @$_; - my $filename = $title; - $exp_ret += 32 if $exp_ret; - $filename =~ tr/ -//d; - $filename = "Signed${filename}.eml"; - if ( !-f "$pkitsdir/$filename" ) { - print "\"$filename\" not found\n"; - } - else { - my $ret; - my $test_fail = 0; - my $errmsg = ""; - my $cmd = $ossl_cmd; - $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; - my $cmdout = `$cmd`; - $ret = $? >> 8; - if ( $? & 0xff ) { - $errmsg .= "Abnormal OpenSSL termination\n"; - $test_fail = 1; - } - if ( $exp_ret != $ret ) { - $errmsg .= "Return code:$ret, "; - $errmsg .= "expected $exp_ret\n"; - $test_fail = 1; - } - if ($test_fail) { - print "$tnum $title : Failed!\n"; - print "Filename: $pkitsdir/$filename\n"; - print $errmsg; - print "Command output:\n$cmdout\n"; - $numfail++; - } - $numtest++; - } - } - elsif ( $argnum == 7 ) { - my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) - = @$_; - my $filename = $title; - $exp_ret += 32 if $exp_ret; - $filename =~ tr/ -//d; - $filename = "Signed${filename}.eml"; - if ( !-f "$pkitsdir/$filename" ) { - print "\"$filename\" not found\n"; - } - else { - my $ret; - my $cmdout = ""; - my $errmsg = ""; - my $epol = ""; - my $aset = ""; - my $uset = ""; - my $pol = -1; - my $test_fail = 0; - my $cmd = $ossl_cmd; - $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; - @oparr = `$cmd`; - $ret = $? >> 8; - - if ( $? & 0xff ) { - $errmsg .= "Abnormal OpenSSL termination\n"; - $test_fail = 1; - } - foreach (@oparr) { - my $test_failed = 0; - $cmdout .= $_; - if (/^Require explicit Policy: (.*)$/) { - $epol = $1; - } - if (/^Authority Policies/) { - if (/empty/) { - $aset = "<empty>"; - } - else { - $pol = 1; - } - } - $test_fail = 1 if (/leak/i); - if (/^User Policies/) { - if (/empty/) { - $uset = "<empty>"; - } - else { - $pol = 2; - } - } - if (/\s+Policy: (.*)$/) { - if ( $pol == 1 ) { - $aset .= ":" if $aset ne ""; - $aset .= $1; - } - elsif ( $pol == 2 ) { - $uset .= ":" if $uset ne ""; - $uset .= $1; - } - } - } - - if ( $epol ne $exp_epol ) { - $errmsg .= "Explicit policy:$epol, "; - $errmsg .= "expected $exp_epol\n"; - $test_fail = 1; - } - if ( $aset ne $exp_aset ) { - $errmsg .= "Authority policy set :$aset, "; - $errmsg .= "expected $exp_aset\n"; - $test_fail = 1; - } - if ( $uset ne $exp_uset ) { - $errmsg .= "User policy set :$uset, "; - $errmsg .= "expected $exp_uset\n"; - $test_fail = 1; - } - - if ( $exp_ret != $ret ) { - print "Return code:$ret, expected $exp_ret\n"; - $test_fail = 1; - } - - if ($test_fail) { - print "$tnum $title : Failed!\n"; - print "Filename: $pkitsdir/$filename\n"; - print "Command output:\n$cmdout\n"; - $numfail++; - } - $numtest++; - } - } -} - -if ($numfail) { - print "$numfail tests failed out of $numtest\n"; -} -else { - print "All Tests Successful.\n"; -} - -unlink "pkitsta.pem"; - diff --git a/lib/libssl/src/test/r160test.c b/lib/libssl/src/test/r160test.c deleted file mode 100644 index 0aadcdac161..00000000000 --- a/lib/libssl/src/test/r160test.c +++ /dev/null @@ -1,57 +0,0 @@ -/* $OpenBSD: r160test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ diff --git a/lib/libssl/src/test/smcont.txt b/lib/libssl/src/test/smcont.txt deleted file mode 100644 index e837c0b75b6..00000000000 --- a/lib/libssl/src/test/smcont.txt +++ /dev/null @@ -1 +0,0 @@ -Some test content for OpenSSL CMS
\ No newline at end of file diff --git a/lib/libssl/src/test/smime-certs/smdsa1.pem b/lib/libssl/src/test/smime-certs/smdsa1.pem deleted file mode 100644 index d5677dbfbec..00000000000 --- a/lib/libssl/src/test/smime-certs/smdsa1.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd -YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 -C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx -9fMUZq1v0ePD4Wo0Xkxo ------END DSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN -CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M -7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG -h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU -4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput -aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV -c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO -kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 -phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n -hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/smime-certs/smdsa2.pem b/lib/libssl/src/test/smime-certs/smdsa2.pem deleted file mode 100644 index ef86c115d7f..00000000000 --- a/lib/libssl/src/test/smime-certs/smdsa2.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v -It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ -VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 -Nf8SimTZYB0/CKje6M5ufA== ------END DSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA -g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm -6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs -j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE -FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab -rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB -FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF -FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l -6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 -jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/smime-certs/smdsa3.pem b/lib/libssl/src/test/smime-certs/smdsa3.pem deleted file mode 100644 index eeb848dabc5..00000000000 --- a/lib/libssl/src/test/smime-certs/smdsa3.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 -GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju -TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g -Y+XZd0Sv69CatDIRYWvaIA== ------END DSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj -M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz -aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ -pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU -VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput -aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV -c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m -k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu -rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 -OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/smime-certs/smdsap.pem b/lib/libssl/src/test/smime-certs/smdsap.pem deleted file mode 100644 index 249706c8c77..00000000000 --- a/lib/libssl/src/test/smime-certs/smdsap.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DSA PARAMETERS----- -MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG -Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA -gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d -qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv -Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO -GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB -Qw5z ------END DSA PARAMETERS----- diff --git a/lib/libssl/src/test/smime-certs/smroot.pem b/lib/libssl/src/test/smime-certs/smroot.pem deleted file mode 100644 index a59eb2684ca..00000000000 --- a/lib/libssl/src/test/smime-certs/smroot.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki -9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ -speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB -AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY -JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 -xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ -U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS -Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO -1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 -3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a -3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN -U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 -0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU -ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF -9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk -81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O -BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX -dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG -SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS -l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp -r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/smime-certs/smrsa1.pem b/lib/libssl/src/test/smime-certs/smrsa1.pem deleted file mode 100644 index 2cf3148e334..00000000000 --- a/lib/libssl/src/test/smime-certs/smrsa1.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E -ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 -JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB -AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i -KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl -JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn -xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf -KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY -Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW -h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg -oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f -QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 -SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl -ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ -yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD -VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi -O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj -9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC -I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/smime-certs/smrsa2.pem b/lib/libssl/src/test/smime-certs/smrsa2.pem deleted file mode 100644 index d41f69c82f6..00000000000 --- a/lib/libssl/src/test/smime-certs/smrsa2.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe -59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT -WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB -AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 -+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q -dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx -bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 -QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS -M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY -iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex -A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 -jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG -6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ -eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 -00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD -VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 -rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe -ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 -YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/smime-certs/smrsa3.pem b/lib/libssl/src/test/smime-certs/smrsa3.pem deleted file mode 100644 index c8cbe55151e..00000000000 --- a/lib/libssl/src/test/smime-certs/smrsa3.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy -ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM -h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB -AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi -iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT -/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p -ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC -hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs -OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj -RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T -9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 -GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd -VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z -Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H -Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD -VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE -tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq -jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ -PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/tcrl b/lib/libssl/src/test/tcrl deleted file mode 100644 index 055269eab8d..00000000000 --- a/lib/libssl/src/test/tcrl +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl crl' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testcrl.pem -fi - -echo testing crl conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/test.cnf b/lib/libssl/src/test/test.cnf deleted file mode 100644 index 10834442a18..00000000000 --- a/lib/libssl/src/test/test.cnf +++ /dev/null @@ -1,88 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = ./.rnd - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/new_certs # default place for new certs. - -certificate = $dir/CAcert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/CAkey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = testkey.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Queensland -stateOrProvinceName_value = - -localityName = Locality Name (eg, city) -localityName_value = Brisbane - -organizationName = Organization Name (eg, company) -organizationName_default = -organizationName_value = CryptSoft Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = -organizationalUnitName_value = . - -commonName = Common Name (eg, YOUR name) -commonName_value = Eric Young - -emailAddress = Email Address -emailAddress_value = eay@mincom.oz.au diff --git a/lib/libssl/src/test/test_aesni b/lib/libssl/src/test/test_aesni deleted file mode 100644 index e8fb63ee2bf..00000000000 --- a/lib/libssl/src/test/test_aesni +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if $PROG engine aesni | grep -v no-aesni; then - - HASH=`cat $PROG | $PROG dgst -hex` - - AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ - aes-128-cbc aes-192-cbc aes-256-cbc \ - aes-128-cfb aes-192-cfb aes-256-cfb \ - aes-128-ofb aes-192-ofb aes-256-ofb" - BUFSIZE="16 32 48 64 80 96 128 144 999" - - nerr=0 - - for alg in $AES_ALGS; do - echo $alg - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize encrypt test failed" - nerr=`expr $nerr + 1` - fi - done - for bufsize in $BUFSIZE; do - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg/$bufsize decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -engine aesni | \ - $PROG enc -d -k "$HASH" -$alg -engine aesni | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "AESNI engine test failed." - exit 1; - fi -else - echo "AESNI engine is not available" -fi - -exit 0 diff --git a/lib/libssl/src/test/test_padlock b/lib/libssl/src/test/test_padlock deleted file mode 100755 index 5c0f21043ce..00000000000 --- a/lib/libssl/src/test/test_padlock +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh - -PROG=$1 - -if [ -x $PROG ]; then - if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then - : - else - echo "$PROG is not OpenSSL executable" - exit 1 - fi -else - echo "$PROG is not executable" - exit 1; -fi - -if $PROG engine padlock | grep -v no-ACE; then - - HASH=`cat $PROG | $PROG dgst -hex` - - ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ - aes-128-cbc aes-192-cbc aes-256-cbc \ - aes-128-cfb aes-192-cfb aes-256-cfb \ - aes-128-ofb aes-192-ofb aes-256-ofb" - - nerr=0 - - for alg in $ACE_ALGS; do - echo $alg - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ - $PROG enc -d -k "$HASH" -$alg | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg encrypt test failed" - nerr=`expr $nerr + 1` - fi - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg | \ - $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg decrypt test failed" - nerr=`expr $nerr + 1` - fi - TEST=`( cat $PROG | \ - $PROG enc -e -k "$HASH" -$alg -engine padlock | \ - $PROG enc -d -k "$HASH" -$alg -engine padlock | \ - $PROG dgst -hex ) 2>/dev/null` - if [ "$TEST" != "$HASH" ]; then - echo "-$alg en/decrypt test failed" - nerr=`expr $nerr + 1` - fi - done - - if [ $nerr -gt 0 ]; then - echo "PadLock ACE test failed." - exit 1; - fi -else - echo "PadLock ACE is not available" -fi - -exit 0 diff --git a/lib/libssl/src/test/testca b/lib/libssl/src/test/testca deleted file mode 100644 index b109cfe271f..00000000000 --- a/lib/libssl/src/test/testca +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh - -SH="/bin/sh" -if test "$OSTYPE" = msdosdjgpp; then - PATH="../apps\;$PATH" -else - PATH="../apps:$PATH" -fi -export SH PATH - -SSLEAY_CONFIG="-config CAss.cnf" -export SSLEAY_CONFIG - -OPENSSL="`pwd`/../util/opensslwrap.sh" -export OPENSSL - -/bin/rm -fr demoCA -$SH ../apps/CA.sh -newca <<EOF -EOF - -if [ $? != 0 ]; then - exit 1; -fi - -SSLEAY_CONFIG="-config Uss.cnf" -export SSLEAY_CONFIG -$SH ../apps/CA.sh -newreq -if [ $? != 0 ]; then - exit 1; -fi - - -SSLEAY_CONFIG="-config ../apps/openssl.cnf" -export SSLEAY_CONFIG -$SH ../apps/CA.sh -sign <<EOF -y -y -EOF -if [ $? != 0 ]; then - exit 1; -fi - - -$SH ../apps/CA.sh -verify newcert.pem -if [ $? != 0 ]; then - exit 1; -fi - -/bin/rm -fr demoCA newcert.pem newreq.pem -#usage: CA -newcert|-newreq|-newca|-sign|-verify - diff --git a/lib/libssl/src/test/testcrl.pem b/lib/libssl/src/test/testcrl.pem deleted file mode 100644 index 09897883547..00000000000 --- a/lib/libssl/src/test/testcrl.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN X509 CRL----- -MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT -F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy -IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw -MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw -MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw -MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw -MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw -MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw -MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw -NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw -NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF -AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ -wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt -JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v ------END X509 CRL----- diff --git a/lib/libssl/src/test/testenc b/lib/libssl/src/test/testenc deleted file mode 100644 index f5ce7c0c457..00000000000 --- a/lib/libssl/src/test/testenc +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -testsrc=Makefile -test=./p -cmd="../util/shlib_wrap.sh ../apps/openssl" - -cat $testsrc >$test; - -echo cat -$cmd enc < $test > $test.cipher -$cmd enc < $test.cipher >$test.clear -cmp $test $test.clear -if [ $? != 0 ] -then - exit 1 -else - /bin/rm $test.cipher $test.clear -fi -echo base64 -$cmd enc -a -e < $test > $test.cipher -$cmd enc -a -d < $test.cipher >$test.clear -cmp $test $test.clear -if [ $? != 0 ] -then - exit 1 -else - /bin/rm $test.cipher $test.clear -fi - -for i in `$cmd list-cipher-commands` -do - echo $i - $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher - $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear - cmp $test $test.$i.clear - if [ $? != 0 ] - then - exit 1 - else - /bin/rm $test.$i.cipher $test.$i.clear - fi - - echo $i base64 - $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher - $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear - cmp $test $test.$i.clear - if [ $? != 0 ] - then - exit 1 - else - /bin/rm $test.$i.cipher $test.$i.clear - fi -done -rm -f $test diff --git a/lib/libssl/src/test/testgen b/lib/libssl/src/test/testgen deleted file mode 100644 index 524c0d134c8..00000000000 --- a/lib/libssl/src/test/testgen +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -T=testcert -KEY=512 -CA=../certs/testca.pem - -/bin/rm -f $T.1 $T.2 $T.key - -if test "$OSTYPE" = msdosdjgpp; then - PATH=../apps\;$PATH; -else - PATH=../apps:$PATH; -fi -export PATH - -echo "generating certificate request" - -echo "string to make the random number generator think it has entropy" >> ./.rnd - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - req_new='-newkey dsa:../apps/dsa512.pem' -else - req_new='-new' - echo "There should be a 2 sequences of .'s and some +'s." - echo "There should not be more that at most 80 per line" -fi - -echo "This could take some time." - -rm -f testkey.pem testreq.pem - -../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem -if [ $? != 0 ]; then -echo problems creating request -exit 1 -fi - -../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout -if [ $? != 0 ]; then -echo signature on req is wrong -exit 1 -fi - -exit 0 diff --git a/lib/libssl/src/test/testp7.pem b/lib/libssl/src/test/testp7.pem deleted file mode 100644 index e5b7866c315..00000000000 --- a/lib/libssl/src/test/testp7.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN PKCS7----- -MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE -cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw -DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV -BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw -HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 -ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln -biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E -aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy -aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M -VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq -UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC -AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR -BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 -ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 -IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l -bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t -L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t -OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s -IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 -ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 -cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ -QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC -MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu -AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr -cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC -AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT -MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD -QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu -dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp -Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 -DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES -TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE -AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD -2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU -47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT -MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD -QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB -AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl -ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE -BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW -ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 -MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW -sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 -XfZsaiiIgotQHjEA ------END PKCS7----- diff --git a/lib/libssl/src/test/testreq2.pem b/lib/libssl/src/test/testreq2.pem deleted file mode 100644 index c3cdcffcbc6..00000000000 --- a/lib/libssl/src/test/testreq2.pem +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC -QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG -DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq -hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi -gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= ------END CERTIFICATE REQUEST----- diff --git a/lib/libssl/src/test/testrsa.pem b/lib/libssl/src/test/testrsa.pem deleted file mode 100644 index aad21067a8f..00000000000 --- a/lib/libssl/src/test/testrsa.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I -Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R -rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy -oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S -mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz -rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA -mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= ------END RSA PRIVATE KEY----- diff --git a/lib/libssl/src/test/testsid.pem b/lib/libssl/src/test/testsid.pem deleted file mode 100644 index 7ffd008f666..00000000000 --- a/lib/libssl/src/test/testsid.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN SSL SESSION PARAMETERS----- -MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV -bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw -ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz -YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG -A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk -LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G -CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD -TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI -hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L -CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0 ------END SSL SESSION PARAMETERS----- diff --git a/lib/libssl/src/test/testss b/lib/libssl/src/test/testss deleted file mode 100644 index 1a426857d31..00000000000 --- a/lib/libssl/src/test/testss +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh - -digest='-sha1' -reqcmd="../util/shlib_wrap.sh ../apps/openssl req" -x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" -verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" -dummycnf="../apps/openssl.cnf" - -CAkey="keyCA.ss" -CAcert="certCA.ss" -CAreq="reqCA.ss" -CAconf="CAss.cnf" -CAreq2="req2CA.ss" # temp - -Uconf="Uss.cnf" -Ukey="keyU.ss" -Ureq="reqU.ss" -Ucert="certU.ss" - -P1conf="P1ss.cnf" -P1key="keyP1.ss" -P1req="reqP1.ss" -P1cert="certP1.ss" -P1intermediate="tmp_intP1.ss" - -P2conf="P2ss.cnf" -P2key="keyP2.ss" -P2req="reqP2.ss" -P2cert="certP2.ss" -P2intermediate="tmp_intP2.ss" - -echo -echo "make a certificate request using 'req'" - -echo "string to make the random number generator think it has entropy" >> ./.rnd - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - req_new='-newkey dsa:../apps/dsa512.pem' -else - req_new='-new' -fi - -$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate a certificate request" - exit 1 -fi -echo -echo "convert the certificate request into a self signed certificate using 'x509'" -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to self sign a certificate request" - exit 1 -fi - -echo -echo "convert a certificate into a certificate request using 'x509'" -$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' convert a certificate to a certificate request" - exit 1 -fi - -$reqcmd -config $dummycnf -verify -in $CAreq -noout -if [ $? != 0 ]; then - echo first generated request is invalid - exit 1 -fi - -$reqcmd -config $dummycnf -verify -in $CAreq2 -noout -if [ $? != 0 ]; then - echo second generated request is invalid - exit 1 -fi - -$verifycmd -CAfile $CAcert $CAcert -if [ $? != 0 ]; then - echo first generated cert is invalid - exit 1 -fi - -echo -echo "make a user certificate request using 'req'" -$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate a user certificate request" - exit 1 -fi - -echo -echo "sign user certificate request with the just created CA via 'x509'" -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to sign a user certificate request" - exit 1 -fi - -$verifycmd -CAfile $CAcert $Ucert -echo -echo "Certificate details" -$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert - -echo -echo "make a proxy certificate request using 'req'" -$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate a proxy certificate request" - exit 1 -fi - -echo -echo "sign proxy certificate request with the just created user certificate via 'x509'" -$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to sign a proxy certificate request" - exit 1 -fi - -cat $Ucert > $P1intermediate -$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert -echo -echo "Certificate details" -$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert - -echo -echo "make another proxy certificate request using 'req'" -$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss -if [ $? != 0 ]; then - echo "error using 'req' to generate another proxy certificate request" - exit 1 -fi - -echo -echo "sign second proxy certificate request with the first proxy certificate via 'x509'" -$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss -if [ $? != 0 ]; then - echo "error using 'x509' to sign a second proxy certificate request" - exit 1 -fi - -cat $Ucert $P1cert > $P2intermediate -$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert -echo -echo "Certificate details" -$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert - -echo -echo The generated CA certificate is $CAcert -echo The generated CA private key is $CAkey - -echo The generated user certificate is $Ucert -echo The generated user private key is $Ukey - -echo The first generated proxy certificate is $P1cert -echo The first generated proxy private key is $P1key - -echo The second generated proxy certificate is $P2cert -echo The second generated proxy private key is $P2key - -/bin/rm err.ss -#/bin/rm $P1intermediate -#/bin/rm $P2intermediate -exit 0 diff --git a/lib/libssl/src/test/testssl b/lib/libssl/src/test/testssl deleted file mode 100644 index 4e8542b5568..00000000000 --- a/lib/libssl/src/test/testssl +++ /dev/null @@ -1,178 +0,0 @@ -#!/bin/sh - -if [ "$1" = "" ]; then - key=../apps/server.pem -else - key="$1" -fi -if [ "$2" = "" ]; then - cert=../apps/server.pem -else - cert="$2" -fi -ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" - -if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then - dsa_cert=YES -else - dsa_cert=NO -fi - -if [ "$3" = "" ]; then - CA="-CApath ../certs" -else - CA="-CAfile $3" -fi - -if [ "$4" = "" ]; then - extra="" -else - extra="$4" -fi - -############################################################################# - -echo test sslv2 -$ssltest -ssl2 $extra || exit 1 - -echo test sslv2 with server authentication -$ssltest -ssl2 -server_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo test sslv2 with client authentication - $ssltest -ssl2 -client_auth $CA $extra || exit 1 - - echo test sslv2 with both client and server authentication - $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 -fi - -echo test sslv3 -$ssltest -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication -$ssltest -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication -$ssltest -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication -$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 -$ssltest $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication -$ssltest -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication -$ssltest -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2 via BIO pair -$ssltest -bio_pair -ssl2 $extra || exit 1 - -echo test sslv2 with server authentication via BIO pair -$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo test sslv2 with client authentication via BIO pair - $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 - - echo test sslv2 with both client and server authentication via BIO pair - $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 -fi - -echo test sslv3 via BIO pair -$ssltest -bio_pair -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication via BIO pair -$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 via BIO pair -$ssltest $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' - $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 -fi - -echo test sslv2/sslv3 with 1024bit DHE via BIO pair -$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -bio_pair -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication via BIO pair -$ssltest -bio_pair -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify -$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 - -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do - echo "Testing $cipher" - prot="" - if [ $protocol = "SSLv3" ] ; then - prot="-ssl3" - fi - $ssltest -cipher $cipher $prot - if [ $? -ne 0 ] ; then - echo "Failed $cipher" - exit 1 - fi - done -done - -############################################################################# - -if ../util/shlib_wrap.sh ../apps/openssl no-dh; then - echo skipping anonymous DH tests -else - echo test tls1 with 1024bit anonymous DH, multiple handshakes - $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 -fi - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - echo skipping RSA tests -else - echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' - ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 - - if ../util/shlib_wrap.sh ../apps/openssl no-dh; then - echo skipping RSA+DHE tests - else - echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 - fi -fi - -echo test tls1 with PSK -$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -echo test tls1 with PSK via BIO pair -$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -if ../util/shlib_wrap.sh ../apps/openssl no-srp; then - echo skipping SRP tests -else - echo test tls1 with SRP - $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 - - echo test tls1 with SRP via BIO pair - $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 -fi - -exit 0 diff --git a/lib/libssl/src/test/testsslproxy b/lib/libssl/src/test/testsslproxy deleted file mode 100644 index 58bbda8ab7d..00000000000 --- a/lib/libssl/src/test/testsslproxy +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh - -echo 'Testing a lot of proxy conditions.' -echo 'Some of them may turn out being invalid, which is fine.' -for auth in A B C BC; do - for cond in A B C 'A|B&!C'; do - sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" - if [ $? = 3 ]; then exit 1; fi - done -done diff --git a/lib/libssl/src/test/testtsa b/lib/libssl/src/test/testtsa deleted file mode 100644 index bb653b5f73d..00000000000 --- a/lib/libssl/src/test/testtsa +++ /dev/null @@ -1,238 +0,0 @@ -#!/bin/sh - -# -# A few very basic tests for the 'ts' time stamping authority command. -# - -SH="/bin/sh" -if test "$OSTYPE" = msdosdjgpp; then - PATH="../apps\;$PATH" -else - PATH="../apps:$PATH" -fi -export SH PATH - -OPENSSL_CONF="../CAtsa.cnf" -export OPENSSL_CONF -# Because that's what ../apps/CA.sh really looks at -SSLEAY_CONFIG="-config $OPENSSL_CONF" -export SSLEAY_CONFIG - -OPENSSL="`pwd`/../util/opensslwrap.sh" -export OPENSSL - -error () { - - echo "TSA test failed!" >&2 - exit 1 -} - -setup_dir () { - - rm -rf tsa 2>/dev/null - mkdir tsa - cd ./tsa -} - -clean_up_dir () { - - cd .. - rm -rf tsa -} - -create_ca () { - - echo "Creating a new CA for the TSA tests..." - TSDNSECT=ts_ca_dn - export TSDNSECT - ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ - -out tsaca.pem -keyout tsacakey.pem - test $? != 0 && error -} - -create_tsa_cert () { - - INDEX=$1 - export INDEX - EXT=$2 - TSDNSECT=ts_cert_dn - export TSDNSECT - - ../../util/shlib_wrap.sh ../../apps/openssl req -new \ - -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem - test $? != 0 && error -echo Using extension $EXT - ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ - -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ - -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ - -extfile $OPENSSL_CONF -extensions $EXT - test $? != 0 && error -} - -print_request () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text -} - -create_time_stamp_request1 () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq - test $? != 0 && error -} - -create_time_stamp_request2 () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ - -out req2.tsq - test $? != 0 && error -} - -create_time_stamp_request3 () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq - test $? != 0 && error -} - -print_response () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text - test $? != 0 && error -} - -create_time_stamp_response () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 - test $? != 0 && error -} - -time_stamp_response_token_test () { - - RESPONSE2=$2.copy.tsr - TOKEN_DER=$2.token.der - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 - test $? != 0 && error - cmp $RESPONSE2 $2 - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out - test $? != 0 && error -} - -verify_time_stamp_response () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem - test $? != 0 && error -} - -verify_time_stamp_token () { - - # create the token from the response first - ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ - -CAfile tsaca.pem -untrusted tsa_cert1.pem - test $? != 0 && error - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ - -CAfile tsaca.pem -untrusted tsa_cert1.pem - test $? != 0 && error -} - -verify_time_stamp_response_fail () { - - ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ - -untrusted tsa_cert1.pem - # Checks if the verification failed, as it should have. - test $? = 0 && error - echo Ok -} - -# main functions - -echo "Setting up TSA test directory..." -setup_dir - -echo "Creating CA for TSA tests..." -create_ca - -echo "Creating tsa_cert1.pem TSA server cert..." -create_tsa_cert 1 tsa_cert - -echo "Creating tsa_cert2.pem non-TSA server cert..." -create_tsa_cert 2 non_tsa_cert - -echo "Creating req1.req time stamp request for file testtsa..." -create_time_stamp_request1 - -echo "Printing req1.req..." -print_request req1.tsq - -echo "Generating valid response for req1.req..." -create_time_stamp_response req1.tsq resp1.tsr tsa_config1 - -echo "Printing response..." -print_response resp1.tsr - -echo "Verifying valid response..." -verify_time_stamp_response req1.tsq resp1.tsr ../testtsa - -echo "Verifying valid token..." -verify_time_stamp_token req1.tsq resp1.tsr ../testtsa - -# The tests below are commented out, because invalid signer certificates -# can no longer be specified in the config file. - -# echo "Generating _invalid_ response for req1.req..." -# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 - -# echo "Printing response..." -# print_response resp1_bad.tsr - -# echo "Verifying invalid response, it should fail..." -# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr - -echo "Creating req2.req time stamp request for file testtsa..." -create_time_stamp_request2 - -echo "Printing req2.req..." -print_request req2.tsq - -echo "Generating valid response for req2.req..." -create_time_stamp_response req2.tsq resp2.tsr tsa_config1 - -echo "Checking '-token_in' and '-token_out' options with '-reply'..." -time_stamp_response_token_test req2.tsq resp2.tsr - -echo "Printing response..." -print_response resp2.tsr - -echo "Verifying valid response..." -verify_time_stamp_response req2.tsq resp2.tsr ../testtsa - -echo "Verifying response against wrong request, it should fail..." -verify_time_stamp_response_fail req1.tsq resp2.tsr - -echo "Verifying response against wrong request, it should fail..." -verify_time_stamp_response_fail req2.tsq resp1.tsr - -echo "Creating req3.req time stamp request for file CAtsa.cnf..." -create_time_stamp_request3 - -echo "Printing req3.req..." -print_request req3.tsq - -echo "Verifying response against wrong request, it should fail..." -verify_time_stamp_response_fail req3.tsq resp1.tsr - -echo "Cleaning up..." -clean_up_dir - -exit 0 diff --git a/lib/libssl/src/test/testx509.pem b/lib/libssl/src/test/testx509.pem deleted file mode 100644 index 8a85d14964f..00000000000 --- a/lib/libssl/src/test/testx509.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV -BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz -MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM -RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF -AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO -/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE -Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ -zl9HYIMxATFyqSiD9jsx ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/times b/lib/libssl/src/test/times deleted file mode 100644 index 6b66eb342e6..00000000000 --- a/lib/libssl/src/test/times +++ /dev/null @@ -1,113 +0,0 @@ - -More number for the questions about SSL overheads.... - -The following numbers were generated on a Pentium pro 200, running Linux. -They give an indication of the SSL protocol and encryption overheads. - -The program that generated them is an unreleased version of ssl/ssltest.c -which is the SSLeay ssl protocol testing program. It is a single process that -talks both sides of the SSL protocol via a non-blocking memory buffer -interface. - -How do I read this? The protocol and cipher are reasonable obvious. -The next number is the number of connections being made. The next is the -number of bytes exchanged between the client and server side of the protocol. -This is the number of bytes that the client sends to the server, and then -the server sends back. Because this is all happening in one process, -the data is being encrypted, decrypted, encrypted and then decrypted again. -It is a round trip of that many bytes. Because the one process performs -both the client and server sides of the protocol and it sends this many bytes -each direction, multiply this number by 4 to generate the number -of bytes encrypted/decrypted/MACed. The first time value is how many seconds -elapsed doing a full SSL handshake, the second is the cost of one -full handshake and the rest being session-id reuse. - -SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s -SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s -SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s -SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA -SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s -SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s -SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s - -SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s -SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s -SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA -SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s -SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s -SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s - -SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s -SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s -SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s -SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA -SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s -SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s -SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s - -SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s -SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s -SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s -SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA -SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s -SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s -SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s - -What does this all mean? Well for a server, with no session-id reuse, with -a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, -a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of -about 49 connections a second. Reality will be quite different :-). - -Remember the first number is 1000 full ssl handshakes, the second is -1 full and 999 with session-id reuse. The RSA overheads for each exchange -would be one public and one private operation, but the protocol/MAC/cipher -cost would be quite similar in both the client and server. - -eric (adding numbers to speculation) - ---- Appendix --- -- The time measured is user time but these number a very rough. -- Remember this is the cost of both client and server sides of the protocol. -- The TCP/kernel overhead of connection establishment is normally the - killer in SSL. Often delays in the TCP protocol will make session-id - reuse look slower that new sessions, but this would not be the case on - a loaded server. -- The TCP round trip latencies, while slowing individual connections, - would have minimal impact on throughput. -- Instead of sending one 102400 byte buffer, one 8k buffer is sent until -- the required number of bytes are processed. -- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. -- A 512bit server key was being used except where noted. -- No server key verification was being performed on the client side of the - protocol. This would slow things down very little. -- The library being used is SSLeay 0.8.x. -- The normal measuring system was commands of the form - time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse - This modified version of ssltest should be in the next public release of - SSLeay. - -The general cipher performance number for this platform are - -SSLeay 0.8.2a 04-Sep-1997 -built on Fri Sep 5 17:37:05 EST 1997 -options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) -C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -The 'numbers' are in 1000s of bytes per second processed. -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -md2 131.02k 368.41k 500.57k 549.21k 566.09k -mdc2 535.60k 589.10k 595.88k 595.97k 594.54k -md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k -sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k -sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k -rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k -des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k -des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k -idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k -rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k -blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k - sign verify -rsa 512 bits 0.0100s 0.0011s -rsa 1024 bits 0.0451s 0.0012s -rsa 2048 bits 0.2605s 0.0086s -rsa 4096 bits 1.6883s 0.0302s - diff --git a/lib/libssl/src/test/tpkcs7 b/lib/libssl/src/test/tpkcs7 deleted file mode 100644 index 3e435ffbf9f..00000000000 --- a/lib/libssl/src/test/tpkcs7 +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testp7.pem -fi - -echo testing pkcs7 conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/tpkcs7d b/lib/libssl/src/test/tpkcs7d deleted file mode 100644 index 64fc28e88f0..00000000000 --- a/lib/libssl/src/test/tpkcs7d +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=pkcs7-1.pem -fi - -echo "testing pkcs7 conversions (2)" -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/treq b/lib/libssl/src/test/treq deleted file mode 100644 index 77f37dcf3a9..00000000000 --- a/lib/libssl/src/test/treq +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testreq.pem -fi - -if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then - echo "skipping req conversion test for $t" - exit 0 -fi - -echo testing req conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -verify -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -verify -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/trsa b/lib/libssl/src/test/trsa deleted file mode 100644 index 249ac1ddcc6..00000000000 --- a/lib/libssl/src/test/trsa +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh - -if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then - echo skipping rsa conversion test - exit 0 -fi - -cmd='../util/shlib_wrap.sh ../apps/openssl rsa' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testrsa.pem -fi - -echo testing rsa conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/tsid b/lib/libssl/src/test/tsid deleted file mode 100644 index 6adbd531ce0..00000000000 --- a/lib/libssl/src/test/tsid +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testsid.pem -fi - -echo testing session-id conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in fff.p -inform p -outform t >f.t -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> d" -#$cmd -in f.t -inform t -outform d >ff.d2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -#echo "d -> t" -#$cmd -in f.d -inform d -outform t >ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#echo "t -> t" -#$cmd -in f.t -inform t -outform t >ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#echo "p -> t" -#$cmd -in f.p -inform p -outform t >ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -#echo "t -> p" -#$cmd -in f.t -inform t -outform p >ff.p2 -#if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp fff.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -#cmp f.t ff.t1 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t2 -#if [ $? != 0 ]; then exit 1; fi -#cmp f.t ff.t3 -#if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -#cmp f.p ff.p2 -#if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/tx509 b/lib/libssl/src/test/tx509 deleted file mode 100644 index 4a15b98d17d..00000000000 --- a/lib/libssl/src/test/tx509 +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -cmd='../util/shlib_wrap.sh ../apps/openssl x509' - -if [ "$1"x != "x" ]; then - t=$1 -else - t=testx509.pem -fi - -echo testing X509 conversions -cp $t fff.p - -echo "p -> d" -$cmd -in fff.p -inform p -outform d >f.d -if [ $? != 0 ]; then exit 1; fi -echo "p -> n" -$cmd -in fff.p -inform p -outform n >f.n -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in fff.p -inform p -outform p >f.p -if [ $? != 0 ]; then exit 1; fi - -echo "d -> d" -$cmd -in f.d -inform d -outform d >ff.d1 -if [ $? != 0 ]; then exit 1; fi -echo "n -> d" -$cmd -in f.n -inform n -outform d >ff.d2 -if [ $? != 0 ]; then exit 1; fi -echo "p -> d" -$cmd -in f.p -inform p -outform d >ff.d3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> n" -$cmd -in f.d -inform d -outform n >ff.n1 -if [ $? != 0 ]; then exit 1; fi -echo "n -> n" -$cmd -in f.n -inform n -outform n >ff.n2 -if [ $? != 0 ]; then exit 1; fi -echo "p -> n" -$cmd -in f.p -inform p -outform n >ff.n3 -if [ $? != 0 ]; then exit 1; fi - -echo "d -> p" -$cmd -in f.d -inform d -outform p >ff.p1 -if [ $? != 0 ]; then exit 1; fi -echo "n -> p" -$cmd -in f.n -inform n -outform p >ff.p2 -if [ $? != 0 ]; then exit 1; fi -echo "p -> p" -$cmd -in f.p -inform p -outform p >ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp fff.p f.p -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p2 -if [ $? != 0 ]; then exit 1; fi -cmp fff.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.n ff.n1 -if [ $? != 0 ]; then exit 1; fi -cmp f.n ff.n2 -if [ $? != 0 ]; then exit 1; fi -cmp f.n ff.n3 -if [ $? != 0 ]; then exit 1; fi - -cmp f.p ff.p1 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p2 -if [ $? != 0 ]; then exit 1; fi -cmp f.p ff.p3 -if [ $? != 0 ]; then exit 1; fi - -/bin/rm -f f.* ff.* fff.* -exit 0 diff --git a/lib/libssl/src/test/v3-cert1.pem b/lib/libssl/src/test/v3-cert1.pem deleted file mode 100644 index 0da253d5c34..00000000000 --- a/lib/libssl/src/test/v3-cert1.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx -NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz -dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw -ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu -ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 -ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp -miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C -AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK -Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x -DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR -MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB -AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 -X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 -WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO ------END CERTIFICATE----- diff --git a/lib/libssl/src/test/v3-cert2.pem b/lib/libssl/src/test/v3-cert2.pem deleted file mode 100644 index de0723ff8de..00000000000 --- a/lib/libssl/src/test/v3-cert2.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD -YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 -ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu -dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 -WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV -BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx -FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA -6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT -G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ -YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm -b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc -F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz -lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap -jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= ------END CERTIFICATE----- |