openssl/test
Pauli 5c99d57ea3 test: add test for key generation strength > RNG strength
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15472)
2021-05-27 13:01:50 +10:00
..
certs test/certs/setup.sh: Fix two glitches 2021-05-05 09:51:39 +02:00
ct
d2i-tests
helpers Add a test for PKCS5_PBE_keyivgen() 2021-05-24 15:23:37 +10:00
ocsp-tests
recipes test: add test for key generation strength > RNG strength 2021-05-27 13:01:50 +10:00
smime-certs Update copyright year 2021-01-28 13:54:57 +01:00
ssl-tests Update copyright year 2021-05-06 13:03:23 +01:00
testutil Rename the field 'provctx and data' to 'algctx' inside some objects containing 2021-05-24 10:12:18 +10:00
aborttest.c
acvp_test.c Fix compiler error when using config option 'enable-acvp-tests' 2021-05-17 09:24:36 +10:00
acvp_test.inc Drop OPENSSL_NO_RSA everywhere 2020-12-20 12:19:42 +01:00
aesgcmtest.c Update copyright year 2021-01-28 13:54:57 +01:00
afalgtest.c
algorithmid_test.c Rename EVP_PKEY_get0_first_alg_name to EVP_PKEY_get0_type_name 2021-04-15 17:38:19 +02:00
asn1_decode_test.c Update copyright year 2021-05-06 13:03:23 +01:00
asn1_dsa_internal_test.c
asn1_encode_test.c
asn1_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
asn1_string_table_test.c
asn1_time_test.c
asynciotest.c
asynctest.c
bad_dtls_test.c adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change 2021-05-05 08:13:51 -07:00
bftest.c
bio_callback_test.c Deprecate old style BIO callback calls 2021-05-26 17:18:34 +02:00
bio_core_test.c Add the concept of a child OSSL_LIB_CTX 2021-05-11 14:56:55 +01:00
bio_enc_test.c
bio_memleak_test.c
bio_prefix_text.c
bio_readbuffer_test.c Fix DER reading from stdin for BIO_f_readbuffer 2021-03-22 09:07:36 +10:00
bioprinttest.c
bn_internal_test.c Update copyright year 2021-03-11 13:27:36 +00:00
bn_rand_range.h
bntest.c
bntests.pl
build.info Add a test for PKCS5_PBE_keyivgen() 2021-05-24 15:23:37 +10:00
ca-and-certs.cnf
casttest.c
CAtsa.cnf
chacha_internal_test.c
cipher_overhead_test.c Update copyright year 2021-02-18 15:05:17 +00:00
cipherbytes_test.c
cipherlist_test.c Update copyright year 2021-04-08 13:04:41 +01:00
ciphername_test.c
clienthellotest.c Handle set_alpn_protos inputs better. 2021-04-13 12:29:37 +02:00
cmactest.c
cmp_asn_test.c Update copyright year 2021-04-08 13:04:41 +01:00
cmp_client_test.c CMP test server: move apps/{,lib/}cmp_mock_srv.c and apps/{,include/}cmp_mock_srv.h 2021-05-20 16:23:27 +02:00
cmp_ctx_test.c HTTP client: Minimal changes that include the improved API 2021-05-12 15:11:51 +02:00
cmp_hdr_test.c Update copyright year 2021-04-08 13:04:41 +01:00
cmp_msg_test.c Update copyright year 2021-01-28 13:54:57 +01:00
cmp_protect_test.c Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain() 2021-04-20 10:47:24 +02:00
cmp_server_test.c Use adapted test_get_libctx() for simpler test setup and better error reporting 2020-12-10 11:01:26 +01:00
cmp_status_test.c
cmp_vfy_test.c Update copyright year 2021-01-28 13:54:57 +01:00
cms-examples.pl
cmsapitest.c Update copyright year 2021-01-28 13:54:57 +01:00
conf_include_test.c Update copyright year 2021-04-22 14:38:44 +01:00
confdump.c
constant_time_test.c
context_internal_test.c Add the ability for ex_data to have a priority 2021-05-11 14:56:55 +01:00
crltest.c
ct_test.c
ctype_internal_test.c
curve448_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
d2i_test.c
danetest.c danetest.c: Improve code formatting 2021-05-19 20:15:26 +02:00
danetest.in
danetest.pem
data2.bin Remove the external BoringSSL test 2021-03-26 14:24:06 +01:00
data.bin
default-and-fips.cnf
default-and-legacy.cnf
default.cnf
defltfips_test.c
destest.c
dhtest.c test: fix coverity 1473234 & 1473239: argument cannot be negative 2021-04-08 08:49:27 +10:00
drbgtest.c Rename the field 'provctx and data' to 'algctx' inside some objects containing 2021-05-24 10:12:18 +10:00
dsa_no_digest_size_test.c
dsatest.c Add convenience functions and macros for asymmetric key generation 2021-05-11 12:46:42 +02:00
dtls_mtu_test.c
dtlstest.c Update copyright year 2021-05-06 13:03:23 +01:00
dtlsv1listentest.c
ec_internal_test.c Fix external symbols related to ec & sm2 keys 2021-02-26 10:53:01 +10:00
ecdsatest.c Remove the function EVP_PKEY_set_alias_type 2021-04-12 11:47:24 +01:00
ecdsatest.h
ecstresstest.c Update copyright year 2021-05-06 13:03:23 +01:00
ectest.c Use <> for #include openssl/xxx 2021-05-27 09:56:41 +10:00
endecode_test.c Add convenience functions and macros for asymmetric key generation 2021-05-11 12:46:42 +02:00
endecoder_legacy_test.c Add convenience functions and macros for asymmetric key generation 2021-05-11 12:46:42 +02:00
enginetest.c
errtest.c Update copyright year 2021-05-06 13:03:23 +01:00
evp_extra_test2.c Add negative test cases for PEM_read_bio_PrivateKey 2021-05-26 13:04:38 +02:00
evp_extra_test.c seal: make EVP_SealInit() library context aware 2021-05-18 13:24:41 +10:00
evp_fetch_prov_test.c Update copyright year 2021-04-22 14:38:44 +01:00
evp_kdf_test.c Add PBKDF1 to the legacy provider 2021-05-24 15:21:25 +10:00
evp_libctx_test.c Add special case to skip RC4 reinit 2021-05-26 07:27:25 +10:00
evp_pkey_dparams_test.c Add necessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_EC 2020-12-16 11:56:38 +01:00
evp_pkey_provided_test.c Fixes #14662. Return all EC parameters even for named curves 2021-05-07 11:52:07 +02:00
evp_test.c test: add evp_tests for the MAC size and block size 2021-05-25 17:23:50 +10:00
exdatatest.c Update copyright year 2021-04-08 13:04:41 +01:00
exptest.c Update copyright year 2021-04-08 13:04:41 +01:00
fatalerrtest.c
ffc_internal_test.c Update copyright year 2021-03-11 13:27:36 +00:00
filterprov.c provider: add an unquery function to allow providers to clean up. 2021-02-24 21:24:36 +10:00
filterprov.h provider: add an unquery function to allow providers to clean up. 2021-02-24 21:24:36 +10:00
fips-and-base.cnf
fips.cnf
generate_buildtest.pl
generate_ssl_tests.pl
gmdifftest.c Reduce the runtime/output from the gmdiff test 2021-05-11 18:15:06 +10:00
gosttest.c
hexstr_test.c Update copyright year 2021-04-08 13:04:41 +01:00
hmactest.c Update copyright year 2021-05-20 14:22:33 +01:00
http_test.c Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN} 2021-05-14 19:24:42 +02:00
ideatest.c
igetest.c
insta_ca.cert.pem
insta.priv.pem
keymgmt_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
legacy.cnf
lhash_test.c
mdc2_internal_test.c
mdc2test.c
memleaktest.c Update copyright year 2021-05-06 13:03:23 +01:00
modes_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
moduleloadtest.c Update copyright year 2021-04-08 13:04:41 +01:00
namemap_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
ocspapitest.c
ossl_store_test.c Make the -inform option to be respected if possible 2021-05-06 11:43:32 +01:00
p_test.c Ensure mirroring of properties works for subsequent updates 2021-05-20 09:35:41 +01:00
packettest.c
param_build_test.c Use <> for #include openssl/xxx 2021-05-27 09:56:41 +10:00
params_api_test.c Add OSSL_PARAM_dup() and OSSL_PARAM_merge(). 2021-04-12 16:55:29 +10:00
params_conversion_test.c test/params_conversion_test.c: fix the use of strtoumax and strtoimax on VMS 2021-05-22 07:23:47 +02:00
params_test.c Include "internal/numbers.h" in test programs using SIZE_MAX 2021-05-22 07:23:47 +02:00
pbelutest.c
pbetest.c Fix building of test/pbetest.c 2021-05-26 10:20:24 +10:00
pem_read_depr_test.c
pemtest.c
pkcs7-1.pem
pkcs7.pem
pkcs12_format_test.c Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers 2021-05-07 11:00:54 +02:00
pkey_meth_kdf_test.c
pkey_meth_test.c
pkits-test.pl
poly1305_internal_test.c
property_test.c property: convert integers to strings properly. 2021-05-22 15:30:26 +10:00
provider_fallback_test.c
provider_internal_test.c Test that properties are mirrored as we expect 2021-05-20 09:32:42 +01:00
provider_internal_test.cnf.in
provider_status_test.c
provider_test.c Ensure mirroring of properties works for subsequent updates 2021-05-20 09:35:41 +01:00
proxy.cnf
rand_status_test.c
rc2test.c
rc4test.c
rc5test.c
rdrand_sanitytest.c
README-dev.md
README-external.md Remove the external BoringSSL test 2021-03-26 14:24:06 +01:00
README.md test: document the random test ordering env variable 2020-12-15 20:03:07 +10:00
README.ssltest.md
recordlentest.c Update copyright year 2021-02-18 15:05:17 +00:00
rsa_complex.c
rsa_mp_test.c Drop OPENSSL_NO_RSA everywhere 2020-12-20 12:19:42 +01:00
rsa_sp800_56b_test.c Drop OPENSSL_NO_RSA everywhere 2020-12-20 12:19:42 +01:00
rsa_test.c test: update RSA test with current bit strengths 2021-05-26 20:39:38 +10:00
run_tests.pl TEST: Add test specific fipsmodule.cnf, and use it 2021-05-26 15:11:01 +02:00
sanitytest.c
secmemtest.c
serverinfo2.pem
serverinfo.pem
servername_test.c test: fix coverity 1451534: improper use of negative value 2021-03-24 09:12:43 +10:00
session.pem
shibboleth.pfx
shlibloadtest.c Update copyright year 2021-04-08 13:04:41 +01:00
simpledynamic.c
simpledynamic.h Update copyright year 2021-01-28 13:54:57 +01:00
siphash_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
sm2_internal_test.c Update copyright year 2021-03-11 13:27:36 +00:00
sm4_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
smcont_zero.txt
smcont.bin apps/cms.c: Correct -sign output and -verify input with -binary 2021-05-22 14:28:51 +02:00
smcont.txt
sparse_array_test.c Use "" for include internal/xxx 2021-05-27 09:56:41 +10:00
srptest.c Update copyright year 2021-02-18 15:05:17 +00:00
ssl_cert_table_internal_test.c Update copyright year 2021-04-08 13:04:41 +01:00
ssl_ctx_test.c
ssl_old_test.c Stop disabling TLSv1.3 if ec and dh are disabled 2021-02-05 15:22:40 +00:00
ssl_test_ctx_test.c
ssl_test_ctx_test.cnf
ssl_test.c Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION 2021-05-17 10:53:30 +02:00
ssl_test.tmpl
sslapitest.c Test new SSL_new_session_ticket() functionality 2021-05-19 14:56:08 -07:00
sslbuffertest.c
sslcorrupttest.c
stack_test.c Update copyright year 2021-02-18 15:05:17 +00:00
sysdefault.cnf
sysdefaulttest.c
test_test.c
test.cnf
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p256.pem
testecpub-p256.pem
tested448.pem
tested448pub.pem
tested25519.pem
tested25519pub.pem
testp7.pem
testreq2.pem
testrsa2048.pem
testrsa_withattrs.der Tests for creating req from PKCS8 keys with extra attrs 2021-05-11 12:12:32 +02:00
testrsa_withattrs.pem Tests for creating req from PKCS8 keys with extra attrs 2021-05-11 12:12:32 +02:00
testrsa.pem
testrsapss.pem rsa_kmgmt: Return OSSL_PKEY_PARAM_DEFAULT_DIGEST for unrestricted PSS keys 2021-01-29 10:47:02 +01:00
testrsapssmandatory.pem RSA: properly generate algorithm identifier for RSA-PSS signatures 2021-02-05 14:04:59 +01:00
testrsapub.pem
testsid.pem Regenerate testsid.pem 2021-05-15 15:09:07 -07:00
testutil.h APPS and TEST: Make sure prog name is set for usage output 2021-04-14 16:51:11 +02:00
testx509.pem
threadstest_fips.c test: add test case to reliably reproduce RAND leak during POST 2021-05-24 09:39:15 +10:00
threadstest.c test: fix typo in comment in threadstest.c 2021-05-24 09:39:15 +10:00
threadstest.h test: add test case to reliably reproduce RAND leak during POST 2021-05-24 09:39:15 +10:00
time_offset_test.c
tls13ccstest.c
tls13encryptiontest.c
tls13secretstest.c Update copyright year 2021-01-28 13:54:57 +01:00
tls-provider.c Use "" for include internal/xxx 2021-05-27 09:56:41 +10:00
uitest.c
user_property_test.c property: add test case for setting default user properties before fetching 2021-05-12 18:20:03 +10:00
v3_ca_exts.cnf make various test CA certs RFC 5280 compliant w.r.t. X509 extensions 2021-01-20 15:53:47 +01:00
v3-cert1.pem
v3-cert2.pem
v3ext.c
v3nametest.c Update copyright year 2021-05-06 13:03:23 +01:00
verify_extra_test.c Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain() 2021-04-20 10:47:24 +02:00
versions.c
wpackettest.c
x509_check_cert_pkey_test.c Update copyright year 2021-04-22 14:38:44 +01:00
x509_dup_cert_test.c
x509_internal_test.c
x509_time_test.c
x509aux.c Update copyright year 2021-01-28 13:54:57 +01:00

Using OpenSSL Tests

After a successful build, and before installing, the libraries should be tested. Run:

$ make test                                      # Unix
$ mms test                                       ! OpenVMS
$ nmake test                                     # Windows

Warning: you MUST run the tests from an unprivileged account (or disable your privileges temporarily if your platform allows it).

If some tests fail, take a look at the section Test Failures below.

Test Failures

If some tests fail, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). You may want increased verbosity, that can be accomplished like this:

Full verbosity, showing full output of all successful and failed test cases (make macro VERBOSE or V):

$ make V=1 test                                  # Unix
$ mms /macro=(V=1) test                          ! OpenVMS
$ nmake V=1 test                                 # Windows

Verbosity on failed (sub-)tests only (VERBOSE_FAILURE or VF or REPORT_FAILURES):

$ make test VF=1

Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests (VERBOSE_FAILURE_PROGRESS or VFP or REPORT_FAILURES_PROGRESS):

$ make test VFP=1

If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this:

$ make TESTS='test_rsa test_dsa' test            # Unix
$ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
$ nmake TESTS='test_rsa test_dsa' test           # Windows

And of course, you can combine (Unix examples shown):

$ make test TESTS='test_rsa test_dsa' VF=1
$ make test TESTS="test_cmp_*" VFP=1

You can find the list of available tests like this:

$ make list-tests                                # Unix
$ mms list-tests                                 ! OpenVMS
$ nmake list-tests                               # Windows

Have a look at the manual for the perl module Test::Harness to see what other HARNESS_* variables there are.

To report a bug please open an issue on GitHub, at https://github.com/openssl/openssl/issues.

For more details on how the make variables TESTS can be used, see section Running Selected Tests below.

Running Selected Tests

The make variable TESTS supports a versatile set of space separated tokens with which you can specify a set of tests to be performed. With a "current set of tests" in mind, initially being empty, here are the possible tokens:

 alltests      The current set of tests becomes the whole set of available
               tests (as listed when you do 'make list-tests' or similar).

 xxx           Adds the test 'xxx' to the current set of tests.

-xxx           Removes 'xxx' from the current set of tests.  If this is the
               first token in the list, the current set of tests is first
               assigned the whole set of available tests, effectively making
               this token equivalent to TESTS="alltests -xxx".

 nn            Adds the test group 'nn' (which is a number) to the current
               set of tests.

-nn            Removes the test group 'nn' from the current set of tests.
               If this is the first token in the list, the current set of
               tests is first assigned the whole set of available tests,
               effectively making this token equivalent to
               TESTS="alltests -xxx".

Also, all tokens except for "alltests" may have wildcards, such as *. (on Unix and Windows, BSD style wildcards are supported, while on VMS, it's VMS style wildcards)

Examples

Run all tests except for the fuzz tests:

$ make TESTS='-test_fuzz*' test

or, if you want to be explicit:

$ make TESTS='alltests -test_fuzz*' test

Run all tests that have a name starting with "test_ssl" but not those starting with "test_ssl_":

$ make TESTS='test_ssl* -test_ssl_*' test

Run only test group 10:

$ make TESTS='10' test

Run all tests except the slow group (group 99):

$ make TESTS='-99' test

Run all tests in test groups 80 to 99 except for tests in group 90:

$ make TESTS='[89]? -90' test

To run specific fuzz tests you can use for instance:

$ make test TESTS='test_fuzz_cmp test_fuzz_cms'

To stochastically verify that the algorithm that produces uniformly distributed random numbers is operating correctly (with a false positive rate of 0.01%):

$ ./util/wrap.sh test/bntest -stochastic

Running Tests in Parallel

By default the test harness will execute the selected tests sequentially. Depending on the platform characteristics, running more than one test job in parallel may speed up test execution. This can be requested by setting the HARNESS_JOBS environment variable to a positive integer value. This specifies the maximum number of test jobs to run in parallel.

Depending on the Perl version different strategies could be adopted to select which test recipes can be run in parallel. In recent versions of Perl, unless specified otherwise, any task can be run in parallel. Consult the documentation for TAP::Harness to know more.

To run up to four tests in parallel at any given time:

$ make HARNESS_JOBS=4 test

Randomisation of Test Ordering

By default, the test harness will execute tests in the order they were added. By setting the OPENSSL_TEST_RAND_ORDER environment variable to zero, the test ordering will be randomised. If a randomly ordered test fails, the seed value used will be reported. Setting the OPENSSL_TEST_RAND_ORDER environment variable to this value will rerun the tests in the same order. This assures repeatability of randomly ordered test runs. This repeatability is independent of the operating system, processor or platform used.

To randomise the test ordering:

$ make OPENSSL_TEST_RAND_ORDER=0 test

To run the tests using the order defined by the random seed 42:

$ make OPENSSL_TEST_RAND_ORDER=42 test