openssl/test
Matt Caswell 33219939c7 Fix the RC4-MD5 cipher
A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS
AAD data as the MAC key.

CVE-2022-1434

Fixes #18112

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2022-05-03 10:46:49 +01:00
..
certs Test that PEM_BUFSIZE is passed into pem_password_cb 2022-01-03 10:35:36 +01:00
ct
d2i-tests
helpers str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
ocsp-tests
recipes Fix the RC4-MD5 cipher 2022-05-03 10:46:49 +01:00
smime-certs
ssl-tests Fix typos 2022-01-05 12:37:20 +01:00
testutil add OSSL_STACK_OF_X509_free() for commonly used pattern 2021-12-21 12:11:49 +01:00
aborttest.c
acvp_test.c get_ecdsa_sig_rs_bytes: free value of d2i_ECDSA_SIG() before return 2021-12-17 08:58:19 +01:00
acvp_test.inc
aesgcmtest.c
afalgtest.c
algorithmid_test.c Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
asn1_decode_test.c
asn1_dsa_internal_test.c
asn1_encode_test.c
asn1_internal_test.c
asn1_string_table_test.c
asn1_time_test.c Add tests for do_updatedb 2022-02-14 10:18:46 +01:00
asynciotest.c
asynctest.c async_posix: Allow custom stack allocation functions to be specified for POSIX contexts 2022-03-10 13:54:07 +00:00
bad_dtls_test.c
bftest.c
bio_callback_test.c
bio_core_test.c
bio_enc_test.c bio_enc.c: add check for BIO_new_mem_buf 2022-02-24 11:23:31 +11:00
bio_memleak_test.c
bio_prefix_text.c BIO_set_indent: fix return check 2021-11-22 14:43:44 +01:00
bio_readbuffer_test.c
bio_tfo_test.c Add TFO support to socket BIO and s_client/s_server 2022-03-10 10:42:43 -05:00
bioprinttest.c
bn_internal_test.c
bn_rand_range.h
bntest.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
bntests.pl
build.info Testing the EVP_PKEY_CTX_new_from_name without preliminary init 2022-04-29 14:13:02 +02:00
ca_internals_test.c Add tests for do_updatedb 2022-02-14 10:18:46 +01:00
ca-and-certs.cnf
casttest.c
CAtsa.cnf
chacha_internal_test.c
cipher_overhead_test.c
cipherbytes_test.c
cipherlist_test.c
ciphername_test.c
clienthellotest.c
cmactest.c
cmp_asn_test.c
cmp_client_test.c CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert() 2022-01-04 17:04:56 +01:00
cmp_ctx_test.c OSSL_CMP_CTX: rename get/set function for trustedStore 2021-12-30 09:37:05 +01:00
cmp_hdr_test.c
cmp_msg_test.c
cmp_protect_test.c add OSSL_STACK_OF_X509_free() for commonly used pattern 2021-12-21 12:11:49 +01:00
cmp_server_test.c
cmp_status_test.c
cmp_vfy_test.c Fix typos 2022-01-05 12:37:20 +01:00
cms-examples.pl
cmsapitest.c Clear incorrectly reported errors in cms_io. 2022-04-21 08:38:13 +02:00
conf_include_test.c
confdump.c
constant_time_test.c
context_internal_test.c Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA 2022-04-01 10:49:19 +11:00
crltest.c test/crltest.c: Add check for glue2bio 2022-02-24 11:24:51 +11:00
ct_test.c test/ct_test.c: Add the missing check after calling sk_SCT_new_null 2022-01-25 18:15:22 +01:00
ctype_internal_test.c
curve448_internal_test.c
d2i_test.c
dane-cross.in Apply the correct Apache v2 license 2022-02-14 10:08:21 +01:00
danetest.c add OSSL_STACK_OF_X509_free() for commonly used pattern 2021-12-21 12:11:49 +01:00
danetest.in
danetest.pem
data2.bin
data.bin
default-and-fips.cnf
default-and-legacy.cnf
default.cnf
defltfips_test.c Fix copyrights 2022-02-03 13:56:38 +01:00
destest.c
dhtest.c dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid 2022-01-17 16:20:57 +01:00
drbgtest.c
dsa_no_digest_size_test.c
dsatest.c
dtls_mtu_test.c Fix an assertion in the DTLS server code 2022-04-14 16:16:47 +02:00
dtlstest.c
dtlsv1listentest.c
ec_internal_test.c
ecdsatest.c
ecdsatest.h
ecstresstest.c
ectest.c d2i_PublicKey: Make it work with EC parameters in a provided key 2021-11-22 10:50:10 +01:00
endecode_test.c endecode_test: Handle expected failures for non-fips ec keys 2022-04-14 08:51:18 +02:00
endecoder_legacy_test.c
enginetest.c Fix an enginetest failure when compiled with no-deprecated --api=1.1.1 2022-02-09 10:43:29 +11:00
errtest.c
evp_extra_test2.c Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY. 2022-02-03 13:48:42 +01:00
evp_extra_test.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
evp_fetch_prov_test.c Fix Coverity 1498610 & 1498609: uninitised value 2022-03-23 11:05:30 +11:00
evp_kdf_test.c Support different R_BITS lengths for KBKDF 2021-11-24 11:02:53 +10:00
evp_libctx_test.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
evp_pkey_ctx_new_from_name.c Testing the EVP_PKEY_CTX_new_from_name without preliminary init 2022-04-29 14:13:02 +02:00
evp_pkey_dparams_test.c Add testcases for EVP_PKEY_set1_encoded_public_key() 2022-02-07 16:32:40 +01:00
evp_pkey_provided_test.c test: change pkey kdf dup fail test to a pkey kdf dup success test 2022-02-01 16:17:24 +11:00
evp_test.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
exdatatest.c
exptest.c Dual 1536/2048-bit exponentiation optimization for Intel IceLake CPU 2021-11-19 12:50:34 +10:00
fake_rsaprov.c
fake_rsaprov.h
fatalerrtest.c
ffc_internal_test.c
filterprov.c
filterprov.h
fips-alt.cnf
fips-and-base.cnf
fips.cnf
generate_buildtest.pl
generate_ssl_tests.pl
gmdifftest.c
hexstr_test.c
hmactest.c Add test case to verify that the use after free issue is fixed. 2021-12-17 14:39:20 +11:00
http_test.c http_test.c: Simplify constant init of 'server_args' struct for gcc-4.8.x 2021-12-21 12:18:04 +01:00
ideatest.c
igetest.c
insta_ca.cert.pem
insta.priv.pem
keymgmt_internal_test.c
legacy.cnf
lhash_test.c
localetest.c Improving locale test 2022-05-02 12:53:19 +02:00
mdc2_internal_test.c
mdc2test.c test/mdc2test.c: Add check for OSSL_PROVIDER_load 2022-02-20 12:56:41 +01:00
memleaktest.c
modes_internal_test.c
moduleloadtest.c
namemap_internal_test.c
ocspapitest.c
ossl_store_test.c
p_test.c Move e_os.h to include/internal 2022-02-05 05:31:09 +01:00
packettest.c
param_build_test.c TEST: Add addition OSSL_PARAM tests for signed BIGNUMs 2022-01-26 21:35:40 +01:00
params_api_test.c Fix endianness problem in params_api_test 2022-02-01 14:01:51 +11:00
params_conversion_test.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
params_test.c Fix typos 2022-01-05 12:37:20 +01:00
pbelutest.c
pbetest.c Fix copyrights 2022-02-03 13:56:38 +01:00
pem_read_depr_test.c
pemtest.c
pkcs7_test.c
pkcs7-1.pem
pkcs7.pem
pkcs12_api_test.c Add support for mac-less password-base PKCS12 files to PKCS12_parse API. 2022-03-24 08:54:39 +01:00
pkcs12_format_test.c
pkey_meth_kdf_test.c
pkey_meth_test.c
pkits-test.pl
poly1305_internal_test.c
property_test.c test: add some unit tests for the property to string functions 2022-01-01 12:23:38 +11:00
prov_config_test.c
provfetchtest.c Ensure we test fetching encoder/decoder/store loader with a query string 2022-01-12 10:55:15 +11:00
provider_fallback_test.c
provider_internal_test.c
provider_internal_test.cnf.in
provider_pkey_test.c
provider_status_test.c
provider_test.c Fix memleak in test/provider_test.c 2022-04-29 13:20:18 +02:00
proxy.cnf
rand_status_test.c
rand_test.c
rc2test.c
rc4test.c
rc5test.c
rdcpu_sanitytest.c Fix compile error when building with no-asm 2022-01-04 13:08:45 +01:00
README-dev.md
README-external.md Add external testing with oqsprovider 2022-03-09 17:57:37 +01:00
README.md
README.ssltest.md
recordlentest.c
rsa_complex.c
rsa_mp_test.c
rsa_sp800_56b_test.c
rsa_test.c
run_tests.pl Fix test failure when testing with Test::Harness 2022-03-09 09:46:09 +01:00
safe_math_test.c Add a divide rounding up safe math function. 2022-03-30 10:10:25 +11:00
sanitytest.c Fix signed integer overflow in evp_enc 2022-03-15 13:05:40 +01:00
secmemtest.c Move e_os.h to include/internal 2022-02-05 05:31:09 +01:00
serverinfo2.pem
serverinfo.pem
servername_test.c
session.pem
sha_test.c
shibboleth.pfx
shlibloadtest.c
simpledynamic.c
simpledynamic.h
siphash_internal_test.c Test that SipHash_Final() fails on uninited context 2022-04-27 10:05:03 +02:00
sm2_internal_test.c
sm3_internal_test.c Apply the correct Apache v2 license 2022-02-14 10:08:21 +01:00
sm4_internal_test.c
smcont_zero.txt
smcont.bin
smcont.txt
sparse_array_test.c
srptest.c
ssl_cert_table_internal_test.c
ssl_ctx_test.c
ssl_old_test.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
ssl_test_ctx_test.c
ssl_test_ctx_test.cnf
ssl_test.c
ssl_test.tmpl
sslapitest.c SSL_conf_cmd: Allow DH Parameters at any position. 2022-04-12 10:39:09 +02:00
sslbuffertest.c
sslcorrupttest.c
stack_test.c
sysdefault.cnf
sysdefaulttest.c
test_test.c
test.cnf
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p256.pem
testecpub-p256.pem
tested448.pem
tested448pub.pem
tested25519.pem
tested25519pub.pem
testp7.pem
testreq2.pem
testrsa2048.pem
testrsa_withattrs.der
testrsa_withattrs.pem
testrsa.pem
testrsapss.pem
testrsapssmandatory.pem
testrsapub.pem
testsid.pem
testutil.h Move more general parts of internal/cryptlib.h to new internal/common.h 2021-11-17 15:48:37 +01:00
testx509.pem
threadstest_fips.c
threadstest.c threadstest: use locking for tsan operations if required 2022-01-13 21:46:34 +11:00
threadstest.h
time_offset_test.c
tls13ccstest.c
tls13encryptiontest.c
tls13secretstest.c
tls-provider.c check *libctx which is allocated by OSSL_LIB_CTX_new() 2022-02-23 10:23:10 +11:00
uitest.c
upcallstest.c Add testing of OBJ_find_sigid_by_algs() 2022-03-03 13:32:48 +01:00
user_property_test.c
v3_ca_exts.cnf
v3-cert1.pem
v3-cert2.pem
v3ext.c
v3nametest.c str[n]casecmp => OPENSSL_strncasecmp 2022-04-22 11:34:41 +02:00
verify_extra_test.c Add a test for X509_STORE_CTX_set_purpose() 2022-01-27 15:30:04 +00:00
versions.c
wpackettest.c
x509_check_cert_pkey_test.c
x509_dup_cert_test.c
x509_internal_test.c
x509_time_test.c
x509aux.c

Using OpenSSL Tests

After a successful build, and before installing, the libraries should be tested. Run:

$ make test                                      # Unix
$ mms test                                       ! OpenVMS
$ nmake test                                     # Windows

Warning: you MUST run the tests from an unprivileged account (or disable your privileges temporarily if your platform allows it).

If some tests fail, take a look at the section Test Failures below.

Test Failures

If some tests fail, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). You may want increased verbosity, that can be accomplished like this:

Full verbosity, showing full output of all successful and failed test cases (make macro VERBOSE or V):

$ make V=1 test                                  # Unix
$ mms /macro=(V=1) test                          ! OpenVMS
$ nmake V=1 test                                 # Windows

Verbosity on failed (sub-)tests only (VERBOSE_FAILURE or VF or REPORT_FAILURES):

$ make test VF=1

Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests (VERBOSE_FAILURE_PROGRESS or VFP or REPORT_FAILURES_PROGRESS):

$ make test VFP=1

If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this:

$ make TESTS='test_rsa test_dsa' test            # Unix
$ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
$ nmake TESTS='test_rsa test_dsa' test           # Windows

And of course, you can combine (Unix examples shown):

$ make test TESTS='test_rsa test_dsa' VF=1
$ make test TESTS="test_cmp_*" VFP=1

You can find the list of available tests like this:

$ make list-tests                                # Unix
$ mms list-tests                                 ! OpenVMS
$ nmake list-tests                               # Windows

Have a look at the manual for the perl module Test::Harness to see what other HARNESS_* variables there are.

To report a bug please open an issue on GitHub, at https://github.com/openssl/openssl/issues.

For more details on how the make variables TESTS can be used, see section Running Selected Tests below.

Running Selected Tests

The make variable TESTS supports a versatile set of space separated tokens with which you can specify a set of tests to be performed. With a "current set of tests" in mind, initially being empty, here are the possible tokens:

 alltests      The current set of tests becomes the whole set of available
               tests (as listed when you do 'make list-tests' or similar).

 xxx           Adds the test 'xxx' to the current set of tests.

-xxx           Removes 'xxx' from the current set of tests.  If this is the
               first token in the list, the current set of tests is first
               assigned the whole set of available tests, effectively making
               this token equivalent to TESTS="alltests -xxx".

 nn            Adds the test group 'nn' (which is a number) to the current
               set of tests.

-nn            Removes the test group 'nn' from the current set of tests.
               If this is the first token in the list, the current set of
               tests is first assigned the whole set of available tests,
               effectively making this token equivalent to
               TESTS="alltests -xxx".

Also, all tokens except for "alltests" may have wildcards, such as *. (on Unix and Windows, BSD style wildcards are supported, while on VMS, it's VMS style wildcards)

Examples

Run all tests except for the fuzz tests:

$ make TESTS='-test_fuzz*' test

or, if you want to be explicit:

$ make TESTS='alltests -test_fuzz*' test

Run all tests that have a name starting with "test_ssl" but not those starting with "test_ssl_":

$ make TESTS='test_ssl* -test_ssl_*' test

Run only test group 10:

$ make TESTS='10' test

Run all tests except the slow group (group 99):

$ make TESTS='-99' test

Run all tests in test groups 80 to 99 except for tests in group 90:

$ make TESTS='[89]? -90' test

To run specific fuzz tests you can use for instance:

$ make test TESTS='test_fuzz_cmp test_fuzz_cms'

To stochastically verify that the algorithm that produces uniformly distributed random numbers is operating correctly (with a false positive rate of 0.01%):

$ ./util/wrap.sh test/bntest -stochastic

Running Tests in Parallel

By default the test harness will execute the selected tests sequentially. Depending on the platform characteristics, running more than one test job in parallel may speed up test execution. This can be requested by setting the HARNESS_JOBS environment variable to a positive integer value. This specifies the maximum number of test jobs to run in parallel.

Depending on the Perl version different strategies could be adopted to select which test recipes can be run in parallel. In recent versions of Perl, unless specified otherwise, any task can be run in parallel. Consult the documentation for TAP::Harness to know more.

To run up to four tests in parallel at any given time:

$ make HARNESS_JOBS=4 test

Randomisation of Test Ordering

By default, the test harness will execute tests in the order they were added. By setting the OPENSSL_TEST_RAND_ORDER environment variable to zero, the test ordering will be randomised. If a randomly ordered test fails, the seed value used will be reported. Setting the OPENSSL_TEST_RAND_ORDER environment variable to this value will rerun the tests in the same order. This assures repeatability of randomly ordered test runs. This repeatability is independent of the operating system, processor or platform used.

To randomise the test ordering:

$ make OPENSSL_TEST_RAND_ORDER=0 test

To run the tests using the order defined by the random seed 42:

$ make OPENSSL_TEST_RAND_ORDER=42 test