← Back to branch summary

~andersk/ubuntu/oneiric/openssl/spurious-reboot

« back to all changes in this revision

Viewing changes to test/testtsa.com

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2011-09-14 22:06:03 UTC
  • mfrom: (11.1.23 sid)
  • Revision ID: package-import@ubuntu.com-20110914220603-tsuxw8z3kt4lx9oc
Tags: 1.0.0e-2ubuntu1
https://launchpad.net/bugs/850608
https://launchpad.net/bugs/244250
* Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and
  CVE-2011-3210 (LP: #850608). Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification bubble on libssl1.0.0
      upgrade.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
    http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
    0.9.8 variant.
  - debian/patches/Bsymbolic-functions.patch: Link using
    -Bsymbolic-functions.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building.  Patch from Neil Williams.
    + Don't build for processors no longer supported: i486, i586 (on
      i386), v8 (on sparc).
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
* debian/libssl1.0.0.postinst: only display restart notification on
  servers (LP: #244250)

Show diffs side-by-side

added added

removed removed

Lines of Context:
test/testtsa.com
2
2
$! A few very basic tests for the 'ts' time stamping authority command.
3
3
$!
4
4
$
5
 
$       __arch := VAX
 
5
$       __arch = "VAX"
6
6
$       if f$getsyi("cpu") .ge. 128 then -
7
7
           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
8
 
$       if __arch .eqs. "" then __arch := UNK
9
 
$       exe_dir := sys$disk:[-.'__arch'.exe.apps]
 
8
$       if __arch .eqs. "" then __arch = "UNK"
 
9
$!
 
10
$       if (p4 .eqs. "64") then __arch = __arch+ "_64"
 
11
$!
 
12
$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
10
13
$
11
 
$       openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
12
 
$       OPENSSL_CONF := [-]CAtsa.cnf
 
14
$       openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
 
15
$       OPENSSL_CONF = "[-]CAtsa.cnf"
13
16
$       ! Because that's what ../apps/CA.sh really looks at
14
17
$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
15
18
$
114
117
$ time_stamp_response_token_test:
115
118
$       subroutine
116
119
$
117
 
$               RESPONSE2:='p2'.copy_tsr
118
 
$               TOKEN_DER:='p2'.token_der
 
120
$               RESPONSE2 = p2+ "-copy_tsr"
 
121
$               TOKEN_DER = p2+ "-token_der"
119
122
$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
120
123
$               if $severity .ne. 1 then call error
121
124
$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
145
148
$       subroutine
146
149
$
147
150
$               ! create the token from the response first
148
 
$               openssl ts -reply -in 'p2' -out 'p2'.token -token_out
149
 
$               if $severity .ne. 1 then call error
150
 
$               openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
151
 
                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
152
 
$               if $severity .ne. 1 then call error
153
 
$               openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
154
 
                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
 
151
$               openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
 
152
$               if $severity .ne. 1 then call error
 
153
$               openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
 
154
                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
 
155
$               if $severity .ne. 1 then call error
 
156
$               openssl ts -verify -data "''p3'" -in "''p2'-token" -
 
157
                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
155
158
$               if $severity .ne. 1 then call error
156
159
$       endsubroutine
157
160
$
185
188
$       call create_time_stamp_request1
186
189
$
187
190
$       write sys$output "Printing req1.req..."
188
 
$       call print_request req1.tsq
 
191
$       call print_request "req1.tsq"
189
192
$
190
193
$       write sys$output "Generating valid response for req1.req..."
191
 
$       call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
 
194
$       call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
192
195
$
193
196
$       write sys$output "Printing response..."
194
 
$       call print_response resp1.tsr
 
197
$       call print_response "resp1.tsr"
195
198
$
196
199
$       write sys$output "Verifying valid response..."
197
 
$       call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
 
200
$       call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
198
201
$
199
202
$       write sys$output "Verifying valid token..."
200
 
$       call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
 
203
$       call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
201
204
$
202
205
$       ! The tests below are commented out, because invalid signer certificates
203
206
$       ! can no longer be specified in the config file.
204
207
$
205
208
$       ! write sys$output "Generating _invalid_ response for req1.req..."
206
 
$       ! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
 
209
$       ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
207
210
$
208
211
$       ! write sys$output "Printing response..."
209
 
$       ! call print_response resp1_bad.tsr
 
212
$       ! call print_response "resp1_bad.tsr"
210
213
$
211
214
$       ! write sys$output "Verifying invalid response, it should fail..."
212
 
$       ! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
 
215
$       ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
213
216
$
214
217
$       write sys$output "Creating req2.req time stamp request for file testtsa..."
215
218
$       call create_time_stamp_request2
216
219
$
217
220
$       write sys$output "Printing req2.req..."
218
 
$       call print_request req2.tsq
 
221
$       call print_request "req2.tsq"
219
222
$
220
223
$       write sys$output "Generating valid response for req2.req..."
221
 
$       call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
 
224
$       call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
222
225
$
223
226
$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
224
 
$       call time_stamp_response_token_test req2.tsq resp2.tsr
 
227
$       call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
225
228
$
226
229
$       write sys$output "Printing response..."
227
 
$       call print_response resp2.tsr
 
230
$       call print_response "resp2.tsr"
228
231
$
229
232
$       write sys$output "Verifying valid response..."
230
 
$       call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
231
 
$
232
 
$       write sys$output "Verifying response against wrong request, it should fail..."
233
 
$       call verify_time_stamp_response_fail req1.tsq resp2.tsr
234
 
$
235
 
$       write sys$output "Verifying response against wrong request, it should fail..."
236
 
$       call verify_time_stamp_response_fail req2.tsq resp1.tsr
 
233
$       call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
 
234
$
 
235
$       write sys$output "Verifying response against wrong request, it should fail..."
 
236
$       call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
 
237
$
 
238
$       write sys$output "Verifying response against wrong request, it should fail..."
 
239
$       call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
237
240
$
238
241
$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
239
242
$       call create_time_stamp_request3
240
243
$
241
244
$       write sys$output "Printing req3.req..."
242
 
$       call print_request req3.tsq
 
245
$       call print_request "req3.tsq"
243
246
$
244
247
$       write sys$output "Verifying response against wrong request, it should fail..."
245
 
$       call verify_time_stamp_response_fail req3.tsq resp1.tsr
 
248
$       call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
246
249
$
247
250
$       write sys$output "Cleaning up..."
248
251
$       call clean_up_dir