head	1.4;
access;
symbols
	RELENG_8_4:1.4.0.2
	RELENG_9_1_0_RELEASE:1.3
	RELENG_9_1:1.3.0.18
	RELENG_9_1_BP:1.3
	RELENG_8_3_0_RELEASE:1.3
	RELENG_8_3:1.3.0.16
	RELENG_8_3_BP:1.3
	RELENG_9_0_0_RELEASE:1.3
	RELENG_9_0:1.3.0.14
	RELENG_9_0_BP:1.3
	RELENG_9:1.3.0.12
	RELENG_9_BP:1.3
	RELENG_7_4_0_RELEASE:1.3.8.2
	RELENG_8_2_0_RELEASE:1.3
	RELENG_7_4:1.3.8.2.0.2
	RELENG_7_4_BP:1.3.8.2
	RELENG_8_2:1.3.0.10
	RELENG_8_2_BP:1.3
	RELENG_7:1.3.0.8
	RELENG_8_1_0_RELEASE:1.3
	RELENG_8_1:1.3.0.6
	RELENG_8_1_BP:1.3
	RELENG_8_0_0_RELEASE:1.3
	RELENG_8_0:1.3.0.4
	RELENG_8_0_BP:1.3
	RELENG_8:1.3.0.2
	RELENG_8_BP:1.3
	RELENG_6_4_0_RELEASE:1.1.1.1
	RELENG_6_4:1.1.1.1.0.14
	RELENG_6_4_BP:1.1.1.1
	RELENG_6_3_0_RELEASE:1.1.1.1
	RELENG_6_3:1.1.1.1.0.12
	RELENG_6_3_BP:1.1.1.1
	RELENG_6_2_0_RELEASE:1.1.1.1
	RELENG_6_2:1.1.1.1.0.10
	RELENG_6_2_BP:1.1.1.1
	RELENG_5_5_0_RELEASE:1.1.1.1.2.1
	RELENG_5_5:1.1.1.1.2.1.0.4
	RELENG_5_5_BP:1.1.1.1.2.1
	RELENG_6_1_0_RELEASE:1.1.1.1
	RELENG_6_1:1.1.1.1.0.8
	RELENG_6_1_BP:1.1.1.1
	RELENG_6_0_0_RELEASE:1.1.1.1
	RELENG_6_0:1.1.1.1.0.6
	RELENG_6_0_BP:1.1.1.1
	RELENG_6:1.1.1.1.0.4
	RELENG_6_BP:1.1.1.1
	RELENG_5_4_0_RELEASE:1.1.1.1.2.1
	RELENG_5_4:1.1.1.1.2.1.0.2
	RELENG_5_4_BP:1.1.1.1.2.1
	RELENG_5:1.1.1.1.0.2
	v0_9_7e:1.1.1.1
	OPENSSL:1.1.1;
locks; strict;
comment	@# @;


1.4
date	2012.07.12.19.30.53;	author jkim;	state dead;
branches
	1.4.2.1;
next	1.3;

1.3
date	2009.06.14.19.45.16;	author simon;	state Exp;
branches
	1.3.8.1;
next	1.2;

1.2
date	2006.07.29.19.14.50;	author simon;	state dead;
branches;
next	1.1;

1.1
date	2005.02.25.05.38.47;	author nectar;	state Exp;
branches
	1.1.1.1;
next	;

1.4.2.1
date	2012.07.12.19.30.53;	author svnexp;	state dead;
branches;
next	1.4.2.2;

1.4.2.2
date	2013.03.28.13.02.40;	author svnexp;	state Exp;
branches;
next	;

1.3.8.1
date	2010.11.28.13.45.51;	author simon;	state dead;
branches;
next	1.3.8.2;

1.3.8.2
date	2010.11.28.13.45.51;	author simon;	state Exp;
branches;
next	;

1.1.1.1
date	2005.02.25.05.38.47;	author nectar;	state Exp;
branches
	1.1.1.1.2.1;
next	;

1.1.1.1.2.1
date	2005.03.01.16.47.37;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.4
log
@SVN rev 238405 on 2012-07-12 19:30:53Z by jkim

Merge OpenSSL 1.0.1c.

Approved by:	benl (maintainer)
@
text
@#!/bin/sh

if [ "$1" = "" ]; then
  key=../apps/server.pem
else
  key="$1"
fi
if [ "$2" = "" ]; then
  cert=../apps/server.pem
else
  cert="$2"
fi

ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"

ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"

if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  dsa_cert=YES
else
  dsa_cert=NO
fi

if [ "$3" = "" ]; then
  CA="-CApath ../certs"
else
  CA="-CAfile $3"
fi

if [ "$4" = "" ]; then
  extra=""
else
  extra="$4"
fi

#############################################################################

echo test ssl3 is forbidden in FIPS mode
$ssltest -ssl3 $extra && exit 1

echo test ssl2 is forbidden in FIPS mode
$ssltest -ssl2 $extra && exit 1

echo test tls1
$ssltest -tls1 $extra || exit 1

echo test tls1 with server authentication
$ssltest -tls1 -server_auth $CA $extra || exit 1

echo test tls1 with client authentication
$ssltest -tls1 -client_auth $CA $extra || exit 1

echo test tls1 with both client and server authentication
$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1

echo test tls1 via BIO pair
$ssltest -bio_pair -tls1 $extra || exit 1

echo test tls1 with server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1

echo test tls1 with client authentication via BIO pair
$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1

echo test tls1 with both client and server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1

# note that all the below actually choose TLS...

if [ $dsa_cert = NO ]; then
  echo test sslv2/sslv3 w/o DHE via BIO pair
  $ssltest -bio_pair -no_dhe $extra || exit 1
fi

echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1

echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

#############################################################################

if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  echo skipping anonymous DH tests
else
  echo test tls1 with 1024bit anonymous DH, multiple handshakes
  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi

if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
  echo skipping RSA tests
else
  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1

  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
    echo skipping RSA+DHE tests
  else
    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
  fi
fi

exit 0
@


1.4.2.1
log
@file testfipsssl was added on branch RELENG_8_4 on 2013-03-28 13:02:40 +0000
@
text
@d1 113
@


1.4.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 113
#!/bin/sh

if [ "$1" = "" ]; then
  key=../apps/server.pem
else
  key="$1"
fi
if [ "$2" = "" ]; then
  cert=../apps/server.pem
else
  cert="$2"
fi

ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"

ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"

if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  dsa_cert=YES
else
  dsa_cert=NO
fi

if [ "$3" = "" ]; then
  CA="-CApath ../certs"
else
  CA="-CAfile $3"
fi

if [ "$4" = "" ]; then
  extra=""
else
  extra="$4"
fi

#############################################################################

echo test ssl3 is forbidden in FIPS mode
$ssltest -ssl3 $extra && exit 1

echo test ssl2 is forbidden in FIPS mode
$ssltest -ssl2 $extra && exit 1

echo test tls1
$ssltest -tls1 $extra || exit 1

echo test tls1 with server authentication
$ssltest -tls1 -server_auth $CA $extra || exit 1

echo test tls1 with client authentication
$ssltest -tls1 -client_auth $CA $extra || exit 1

echo test tls1 with both client and server authentication
$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1

echo test tls1 via BIO pair
$ssltest -bio_pair -tls1 $extra || exit 1

echo test tls1 with server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1

echo test tls1 with client authentication via BIO pair
$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1

echo test tls1 with both client and server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1

# note that all the below actually choose TLS...

if [ $dsa_cert = NO ]; then
  echo test sslv2/sslv3 w/o DHE via BIO pair
  $ssltest -bio_pair -no_dhe $extra || exit 1
fi

echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1

echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

#############################################################################

if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  echo skipping anonymous DH tests
else
  echo test tls1 with 1024bit anonymous DH, multiple handshakes
  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi

if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
  echo skipping RSA tests
else
  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1

  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
    echo skipping RSA+DHE tests
  else
    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
  fi
fi

exit 0
@


1.3
log
@SVN rev 194206 on 2009-06-14 19:45:16Z by simon

Merge OpenSSL 0.9.8k into head.

Approved by:	re
@
text
@@


1.3.8.1
log
@file testfipsssl was added on branch RELENG_7 on 2010-11-28 20:05:34 +0000
@
text
@d1 113
@


1.3.8.2
log
@SVN rev 215997 on 2010-11-28 13:45:51Z by simon

Merge OpenSSL 0.9.8p into stable/7.

This merges up to and including head/crypto/openssl/ r215697; and
head/secure/lib/libcrypto/, head/secure/lib/libssl/,
head/secure/usr.bin/openssl/ r215698.

To make the merge simpler, a hack was added to set MACHINE_CPUARCH.

A few old OpenSSL security fixes are still the stable/7 tree - these
will be backed out to the vendor version shortly.

Security:	CVE-2010-2939, CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
Security:	FreeBSD-SA-10:10.openssl
Approved by:	re (implicitly - they did not object of the general idea
		of OpenSSL update)
@
text
@a0 113
#!/bin/sh

if [ "$1" = "" ]; then
  key=../apps/server.pem
else
  key="$1"
fi
if [ "$2" = "" ]; then
  cert=../apps/server.pem
else
  cert="$2"
fi

ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"

ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"

if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
  dsa_cert=YES
else
  dsa_cert=NO
fi

if [ "$3" = "" ]; then
  CA="-CApath ../certs"
else
  CA="-CAfile $3"
fi

if [ "$4" = "" ]; then
  extra=""
else
  extra="$4"
fi

#############################################################################

echo test ssl3 is forbidden in FIPS mode
$ssltest -ssl3 $extra && exit 1

echo test ssl2 is forbidden in FIPS mode
$ssltest -ssl2 $extra && exit 1

echo test tls1
$ssltest -tls1 $extra || exit 1

echo test tls1 with server authentication
$ssltest -tls1 -server_auth $CA $extra || exit 1

echo test tls1 with client authentication
$ssltest -tls1 -client_auth $CA $extra || exit 1

echo test tls1 with both client and server authentication
$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1

echo test tls1 via BIO pair
$ssltest -bio_pair -tls1 $extra || exit 1

echo test tls1 with server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1

echo test tls1 with client authentication via BIO pair
$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1

echo test tls1 with both client and server authentication via BIO pair
$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1

# note that all the below actually choose TLS...

if [ $dsa_cert = NO ]; then
  echo test sslv2/sslv3 w/o DHE via BIO pair
  $ssltest -bio_pair -no_dhe $extra || exit 1
fi

echo test sslv2/sslv3 with 1024bit DHE via BIO pair
$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

echo test sslv2/sslv3 with server authentication
$ssltest -bio_pair -server_auth $CA $extra || exit 1

echo test sslv2/sslv3 with client authentication via BIO pair
$ssltest -bio_pair -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

#############################################################################

if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
  echo skipping anonymous DH tests
else
  echo test tls1 with 1024bit anonymous DH, multiple handshakes
  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
fi

if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
  echo skipping RSA tests
else
  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1

  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
    echo skipping RSA+DHE tests
  else
    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
  fi
fi

exit 0
@


1.2
log
@Resolve conflicts after import of OpenSSL 0.9.8b.
@
text
@d16 1
a16 1
ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
d18 1
a18 1
if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
d92 1
a92 1
if ../apps/openssl no-dh; then
d99 1
a99 1
if ../apps/openssl no-rsa; then
d103 1
a103 1
  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
d105 1
a105 1
  if ../apps/openssl no-dh; then
d109 1
a109 1
    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
@


1.1
log
@Initial revision
@
text
@@


1.1.1.1
log
@Vendor import of OpenSSL 0.9.7e.
@
text
@@


1.1.1.1.2.1
log
@MFC update OpenSSL 0.9.7d -> 0.9.7e.
@
text
@@

