openssl/test
Kurt Roeckx 5fd72d96a5 Replace apps/server.pem with certificate with a sha256 signature.
It replaces apps/server.pem that used a sha1 signature with a copy of
test/certs/servercert.pem that is uses sha256.

This caused the dtlstest to start failing. It's testing connection
sbetween a dtls client and server. In particular it was checking that if
we drop a record that the handshake recovers and still completes
successfully. The test iterates a number of times. The first time
through it drops the first record. The second time it drops the second
one, and so on. In order to do this it has a hard-coded value for the
expected number of records it should see in a handshake. That's ok
because we completely control both sides of the handshake and know what
records we expect to see. Small changes in message size would be
tolerated because that is unlikely to have an impact on the number of
records. Larger changes in message size however could increase or
decrease the number of records and hence cause the test to fail.

This particular test uses a mem bio which doesn't have all the CTRLs
that the dgram BIO has. When we are using a dgram BIO we query that BIO
to determine the MTU size. The smaller the MTU the more fragmented
handshakes become. Since the mem BIO doesn't report an MTU we use a
rather small default value and get quite a lot of records in our
handshake. This has the tendency to increase the likelihood of the
number of records changing in the test if the message size changes.

It so happens that the new server certificate is smaller than the old
one. AFAICT this is probably because the DNs for the Subject and Issuer
are significantly shorter than previously. The result is that the number
of records used to transmit the Certificate message is one less than it
was before. This actually has a knock on impact for subsequent messages
and how we fragment them resulting in one less ServerKeyExchange record
too (the actual size of the ServerKeyExchange message hasn't changed,
but where in that message it gets fragmented has). In total the number
of records used in the handshake has decreased by 2 with the new
server.pem file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #10784
2020-01-25 14:10:40 +01:00
..
certs Add Restricted PSS certificate and key 2019-08-09 13:19:16 +01:00
ct
d2i-tests
ocsp-tests
ossl_shim Replace BUF_ string function calls with OPENSSL_ ones 2019-10-17 23:19:59 +02:00
recipes Deprecate the low level DES functions. 2020-01-25 09:30:59 +10:00
smime-certs Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
ssl-tests Add TLS tests for RSA-PSS Restricted certificates 2019-08-09 13:19:16 +01:00
testutil testutil_init.c: fix compilation error with enable-trace 2020-01-10 13:28:48 +10:00
aborttest.c
aesgcmtest.c Add EVP_CIPHER_CTX_tag_length() 2019-09-11 17:52:30 +10:00
afalgtest.c
asn1_decode_test.c Update source files for deprecation at 3.0 2019-11-07 11:37:25 +01:00
asn1_dsa_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
asn1_encode_test.c Update source files for deprecation at 3.0 2019-11-07 11:37:25 +01:00
asn1_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
asn1_string_table_test.c
asn1_time_test.c Add duplication APIs to ASN1_TIME and related types 2020-01-17 11:30:33 +08:00
asynciotest.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
asynctest.c Deprecate most of debug-memory 2019-12-14 20:57:35 +01:00
bad_dtls_test.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
bftest.c Deprecate Low Level Blowfish APIs 2020-01-08 11:25:25 +00:00
bio_callback_test.c
bio_enc_test.c
bio_memleak_test.c Deprecate most of debug-memory 2019-12-14 20:57:35 +01:00
bio_prefix_text.c TEST: Add test recipe and help program to test BIO_f_prefix() 2019-12-18 19:42:44 +01:00
bioprinttest.c fix truncation of integers on 32bit AIX 2019-03-11 14:45:18 +01:00
bn_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
bn_rand_range.h Test of uniformity of BN_rand_range output. 2019-05-29 09:54:29 +10:00
bntest.c Fix some typos 2019-12-11 19:04:01 +01:00
bntests.pl
build.info Deprecate the low level DES functions. 2020-01-25 09:30:59 +10:00
CAss.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
CAssdh.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
CAssdsa.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
CAssrsa.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
casttest.c Deprecate the Low Level CAST APIs 2020-01-13 13:44:27 +00:00
CAtsa.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
chacha_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
cipher_overhead_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
cipherbytes_test.c
cipherlist_test.c Ignore cipher suites when setting cipher list 2019-02-14 13:54:56 +00:00
ciphername_test.c
clienthellotest.c Test SSL_set_ciphersuites 2019-08-15 14:33:06 +01:00
cmp_asn_test.c chunk 6 of CMP contribution to OpenSSL 2019-12-12 10:57:25 +00:00
cmp_ctx_test.c chunk 6 of CMP contribution to OpenSSL 2019-12-12 10:57:25 +00:00
cmp_hdr_test.c chunk 6 of CMP contribution to OpenSSL 2019-12-12 10:57:25 +00:00
cmp_msg_test.c fix obsolete error codes in test/cmp_msg_test.c 2020-01-09 09:51:18 +01:00
cmp_protect_test.c chunk 6 of CMP contribution to OpenSSL 2019-12-12 10:57:25 +00:00
cmp_status_test.c chunk 5 of CMP contribution to OpenSSL 2019-10-29 14:17:39 +00:00
cmp_testlib.c add missing load_pkimsg() in test/cmp_testlib.c 2020-01-09 09:51:18 +01:00
cmp_testlib.h add missing load_pkimsg() in test/cmp_testlib.c 2020-01-09 09:51:18 +01:00
cms-examples.pl
cmsapitest.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
conf_include_test.c Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
confdump.c Make sure we free the CONF structure allocated by confdump 2019-11-15 11:08:18 +00:00
constant_time_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
context_internal_test.c Instead of global data store it in an OPENSSL_CTX 2019-05-02 22:42:09 +01:00
crltest.c
ct_test.c Extend tests of SSL_check_chain() 2019-08-09 17:29:39 +01:00
ctype_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
curve448_internal_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
d2i_test.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
danetest.c Adapt two test programs that were using now deprecated functions 2019-11-03 18:38:23 +01:00
danetest.in
danetest.pem
default-and-fips.cnf Add fips module integrity check 2019-09-15 19:55:10 +10:00
default-and-legacy.cnf test/recipes/30-test_evp.t: Modify to test with different providers 2019-07-26 18:14:41 +02:00
default.cnf test/recipes/30-test_evp.t: Modify to test with different providers 2019-07-26 18:14:41 +02:00
destest.c Deprecate the low level DES functions. 2020-01-25 09:30:59 +10:00
dhtest.c Check the DH modulus bit length 2019-09-09 14:43:57 +02:00
drbg_cavs_data_ctr.c
drbg_cavs_data_hash.c
drbg_cavs_data_hmac.c
drbg_cavs_data.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
drbg_cavs_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
drbgtest.c Document "get/set-app-data" macros. 2019-10-23 08:31:21 -04:00
drbgtest.h
dsa_no_digest_size_test.c
dsatest.c
dtls_mtu_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
dtlstest.c Replace apps/server.pem with certificate with a sha256 signature. 2020-01-25 14:10:40 +01:00
dtlsv1listentest.c
ec_internal_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ecdsatest.c EC only uses approved curves in FIPS mode. 2019-06-25 12:00:25 +10:00
ecdsatest.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
ecstresstest.c Remove tab characters from C source files. 2019-07-16 20:24:10 +10:00
ectest.c Add self-test for EC_POINT_hex2point 2019-11-13 18:02:51 +02:00
enginetest.c test/enginetest.c: Make sure no config file is loaded 2019-07-19 20:18:34 +02:00
errtest.c Modernise the ERR functionality further (new functions and deprecations) 2019-09-12 17:59:52 +02:00
evp_extra_test.c APPS & TEST: Eliminate as much use of EVP_PKEY_size() as possible 2020-01-19 02:47:46 +01:00
evp_fetch_prov_test.c Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
evp_kdf_test.c Fix no-cmac and no-camellia 2019-11-14 09:44:18 +00:00
evp_pkey_dparams_test.c EC only uses approved curves in FIPS mode. 2019-06-25 12:00:25 +10:00
evp_pkey_provided_test.c TEST: Adapt test/evp_pkey_provided_test.c to check the key size 2020-01-17 09:04:04 +01:00
evp_test.c mdc2: use evp_test instead of a separate test application. 2020-01-19 11:31:40 +10:00
evp_test.h
exdatatest.c Add CRYPTO_alloc_ex_data() 2019-02-16 00:29:20 +01:00
exptest.c
fatalerrtest.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
fips.cnf Add fips module integrity check 2019-09-15 19:55:10 +10:00
generate_buildtest.pl
generate_ssl_tests.pl Rework the perl fallback functionality 2019-09-12 12:49:31 +02:00
gmdifftest.c
gosttest.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
handshake_helper.c Explicitly test against NULL; do not use !p or similar 2019-10-09 21:32:15 +02:00
handshake_helper.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
hmactest.c Don't store an HMAC key for longer than we need 2020-01-06 10:46:05 +00:00
ideatest.c Deprecate the low level IDEA functions. 2020-01-19 10:38:49 +10:00
igetest.c Deprecate the AES_ige_*() functions 2019-12-04 17:46:38 +00:00
keymgmt_internal_test.c CORE & PROV: make export of key data leaner through callback 2019-11-14 10:53:14 +01:00
legacy.cnf test/recipes/30-test_evp.t: Modify to test with different providers 2019-07-26 18:14:41 +02:00
lhash_test.c
mdc2_internal_test.c Deprecate the low level MDC2 functions. 2020-01-12 12:02:17 +10:00
mdc2test.c Deprecate the low level MDC2 functions. 2020-01-12 12:02:17 +10:00
memleaktest.c test/memleaktest.c: Modify for use with address/leak sanitizer 2019-12-10 14:16:12 +01:00
modes_internal_test.c Deprecate the low level AES functions 2020-01-06 15:09:57 +00:00
namemap_internal_test.c Modify EVP_CIPHER_is_a() and EVP_MD_is_a() to handle legacy methods too 2020-01-17 08:59:41 +01:00
ocspapitest.c OCSP: fix memory leak in OCSP_url_svcloc_new method. 2019-05-27 08:11:50 +10:00
ossl_test_endian.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
P1ss.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
P2ss.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
p_test.c Rename provider and core get_param_types functions 2019-08-15 11:58:25 +02:00
packettest.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
param_build_test.c param_bld: add a padded BN call. 2020-01-19 10:20:06 +10:00
params_api_test.c test/params_api_test.c: Correct the checks of OSSL_PARAM_set_BN() 2019-11-03 11:19:04 +01:00
params_conversion_test.c Change OSSL_PARAM return size to not be a pointer. 2019-06-24 14:43:55 +10:00
params_test.c Fix Typos 2019-07-02 14:22:29 +02:00
pbelutest.c
pemtest.c
pkcs7-1.pem
pkcs7.pem
pkey_meth_kdf_test.c Added new EVP/KDF API. 2019-02-13 12:11:49 +01:00
pkey_meth_test.c
pkits-test.pl
poly1305_internal_test.c Add ChaCha related ciphers to default provider 2019-10-16 16:18:42 +10:00
property_test.c Properties: make query cache reference count aware. 2019-11-18 18:51:26 +10:00
provider_internal_test.c Load the config file by default 2019-08-01 09:59:20 +01:00
provider_internal_test.conf.in Add test for the provider configuration module 2019-04-03 11:42:48 +02:00
provider_test.c Change OSSL_PARAM return size to not be a pointer. 2019-06-24 14:43:55 +10:00
rc2test.c Deprecate the low level RC2 functions 2020-01-16 07:07:27 +10:00
rc4test.c Deprecate the low level SHA functions. 2020-01-19 10:14:39 +10:00
rc5test.c Deprecate the low level RC5 functions 2020-01-16 07:07:27 +10:00
rdrand_sanitytest.c Remove extern declarations of OPENSSL_ia32cap_P 2019-09-01 15:41:58 +02:00
README TEST: Add test recipe and help program to test BIO_f_prefix() 2019-12-18 19:42:44 +01:00
README.external Remove unnecessary trailing whitespace 2019-02-05 16:25:11 +01:00
README.ssltest.md
recordlentest.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
rsa_complex.c
rsa_mp_test.c Added internal functions for easy getting and setting all RSA parameters. 2019-10-17 18:07:45 +02:00
rsa_sp800_56b_test.c RSA generation: Use more bits of 1/sqrt(2) 2019-11-09 16:01:54 +01:00
rsa_test.c FIPS 186-4 RSA Generation & Validation 2019-03-12 12:00:52 +00:00
run_tests.pl Rework test/run_tests.pl to support selective verbosity and TAP copy 2019-09-12 14:38:00 +02:00
sanitytest.c
secmemtest.c
serverinfo2.pem
serverinfo.pem
servername_test.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
session.pem
shibboleth.pfx
shlibloadtest.c Reorganize public header files (part 1) 2019-09-28 20:26:36 +02:00
siphash_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
sm2_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
sm4_internal_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
smcont.txt
sparse_array_test.c Reorganize private crypto header files 2019-09-28 20:26:34 +02:00
srptest.c
ssl_cert_table_internal_test.c Reorganize local header files 2019-09-28 20:26:35 +02:00
ssl_ctx_test.c Add ssl_ctx_test to test suite. 2019-11-08 08:23:15 +01:00
ssl_test_ctx_test.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
ssl_test_ctx_test.conf
ssl_test_ctx.c
ssl_test_ctx.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
ssl_test.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
ssl_test.tmpl
sslapitest.c Add AES_CBC_HMAC_SHA ciphers to providers. 2020-01-06 13:02:16 +10:00
sslbuffertest.c Deprecate most of debug-memory 2019-12-14 20:57:35 +01:00
sslcorrupttest.c Replace BUF_ string function calls with OPENSSL_ ones 2019-10-17 23:19:59 +02:00
ssltest_old.c Deprecate most of debug-memory 2019-12-14 20:57:35 +01:00
ssltestlib.c Fix Typos 2019-07-02 14:22:29 +02:00
ssltestlib.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
Sssdsa.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
Sssrsa.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
stack_test.c
sysdefault.cnf
sysdefaulttest.c
test_test.c Fix --strict-warnings build 2019-08-18 21:45:16 +02:00
test.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p256.pem
testecpub-p256.pem
tested448.pem More testing for CLI usage of Ed25519 and Ed448 keys 2019-12-11 18:37:53 +01:00
tested448pub.pem More testing for CLI usage of Ed25519 and Ed448 keys 2019-12-11 18:37:53 +01:00
tested25519.pem More testing for CLI usage of Ed25519 and Ed448 keys 2019-12-11 18:37:53 +01:00
tested25519pub.pem More testing for CLI usage of Ed25519 and Ed448 keys 2019-12-11 18:37:53 +01:00
testp7.pem
testreq2.pem
testrsa.pem
testrsapub.pem
testsid.pem
testutil.h Fix header file include guard names 2019-09-28 20:26:36 +02:00
testx509.pem
threadstest.c
time_offset_test.c
tls13ccstest.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
tls13encryptiontest.c Reorganize local header files 2019-09-28 20:26:35 +02:00
tls13secretstest.c Reorganize local header files 2019-09-28 20:26:35 +02:00
uitest.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
Uss.cnf Remove RANDFILE settings from configuration files 2019-11-24 08:35:14 +01:00
v3-cert1.pem
v3-cert2.pem
v3ext.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
v3nametest.c
verify_extra_test.c Support SM2 certificate signing 2019-06-28 18:58:19 +08:00
versions.c
wpackettest.c Make the PACKET/WPACKET code available to both libcrypto and libssl 2019-07-12 06:26:46 +10:00
x509_check_cert_pkey_test.c Fix incorrect usage of a test case 2019-06-26 17:36:56 +08:00
x509_dup_cert_test.c Updated test command line parsing to support commmon commands 2019-02-11 15:31:51 +01:00
x509_internal_test.c Join the x509 and x509v3 directories 2019-05-29 09:32:50 +02:00
x509_time_test.c coverity 1456639: fix NULL dereference 2020-01-05 18:05:14 +10:00
x509aux.c constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION 2019-03-06 16:10:09 +00:00

How to add recipes
==================

For any test that you want to perform, you write a script located in
test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and
{name} is a unique name of your choice.

Please note that if a test involves a new testing executable, you will need to
do some additions in test/build.info. Please refer to the section "Changes to 
test/build.info" below.


Naming conventions
=================

A test executable is named test/{name}test.c

A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two
digit number and {name} is a unique name of your choice.

The number {nn} is (somewhat loosely) grouped as follows:

00-04  sanity, internal and essential API tests
05-09  individual symmetric cipher algorithms
10-14  math (bignum)
15-19  individual asymmetric cipher algorithms
20-24  openssl commands (some otherwise not tested)
25-29  certificate forms, generation and verification
30-35  engine and evp
60-79  APIs:
   60  X509 subsystem
   61  BIO subsystem
   65  CMP subsystem
   70  PACKET layer
80-89  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
90-98  misc
99     most time consuming tests [such as test_fuzz]


A recipe that just runs a test executable
=========================================

A script that just runs a program looks like this:

    #! /usr/bin/perl

    use OpenSSL::Test::Simple;

    simple_test("test_{name}", "{name}test", "{name}");

{name} is the unique name you have chosen for your test.

The second argument to `simple_test' is the test executable, and `simple_test'
expects it to be located in test/

For documentation on OpenSSL::Test::Simple, do
`perldoc util/perl/OpenSSL/Test/Simple.pm'.


A recipe that runs a more complex test
======================================

For more complex tests, you will need to read up on Test::More and
OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
documentation.  For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm'.

A script to start from could be this:

    #! /usr/bin/perl

    use strict;
    use warnings;
    use OpenSSL::Test;

    setup("test_{name}");

    plan tests => 2;                # The number of tests being performed

    ok(test1, "test1");
    ok(test2, "test1");

    sub test1
    {
        # test feature 1
    }

    sub test2
    {
        # test feature 2
    }


Changes to test/build.info
==========================

Whenever a new test involves a new test executable you need to do the
following (at all times, replace {NAME} and {name} with the name of your
test):

* add {name} to the list of programs under PROGRAMS_NO_INST

* create a three line description of how to build the test, you will have
to modify the include paths and source files if you don't want to use the
basic test framework:

    SOURCE[{name}]={name}.c
    INCLUDE[{name}]=.. ../include ../apps/include
    DEPEND[{name}]=../libcrypto libtestutil.a

Generic form of C test executables
==================================

    #include "testutil.h"

    static int my_test(void)
    {
        int testresult = 0;                 /* Assume the test will fail    */
        int observed;

        observed = function();              /* Call the code under test     */
        if (!TEST_int_eq(observed, 2))      /* Check the result is correct  */
            goto end;                       /* Exit on failure - optional   */

        testresult = 1;                     /* Mark the test case a success */
    end:
        cleanup();                          /* Any cleanup you require      */
        return testresult;
    }

    int setup_tests(void)
    {
        ADD_TEST(my_test);                  /* Add each test separately     */
        return 1;                           /* Indicate success             */
    }

You should use the TEST_xxx macros provided by testutil.h to test all failure
conditions.  These macros produce an error message in a standard format if the
condition is not met (and nothing if the condition is met).  Additional
information can be presented with the TEST_info macro that takes a printf
format string and arguments.  TEST_error is useful for complicated conditions,
it also takes a printf format string and argument.  In all cases the TEST_xxx
macros are guaranteed to evaluate their arguments exactly once.  This means
that expressions with side effects are allowed as parameters.  Thus,

    if (!TEST_ptr(ptr = OPENSSL_malloc(..)))

works fine and can be used in place of:

    ptr = OPENSSL_malloc(..);
    if (!TEST_ptr(ptr))

The former produces a more meaningful message on failure than the latter.