openssl/test
Matt Caswell 6ac1cd10ba Fix safestack issues in ssl.h
We fix 3 problems with safestack:
- Including an openssl header file without linking against libcrypto
  can cause compilation failures (even if the app does not otherwise need
  to link against libcrypto). See issue #8102
- Recent changes means that applications in no-deprecated builds will need
  to include additional macro calls in the source code for all stacks that
  they need to use - which is an API break. This changes avoids that
  necessity.
- It is not possible to write code using stacks that works in both a
  no-deprecated and a normal build of OpenSSL. See issue #12707.

Fixes #12707
Contains a partial fix for #8102. A similar PR will be needed for hash to
fully fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:09:45 +01:00
..
certs apps: make use of OSSL_STORE for generalized certs and CRLs loading 2020-08-20 14:55:34 +02:00
ct
d2i-tests
ocsp-tests
ossl_shim Fix API rename issue in shim layer that calls EVP_MAC_CTX_set_params 2020-07-21 08:51:18 +10:00
recipes NonStop port updates for 3.0.0. 2020-09-12 20:32:11 +02:00
smime-certs Update copyright year 2020-08-06 13:22:30 +01:00
ssl-tests Test mte with stitched ciphersuites in TLSv1.0 2020-08-20 17:02:34 +01:00
testutil testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP 2020-08-21 09:04:09 +02:00
aborttest.c
acvp_test.c Add EVP signature with libctx methods. 2020-08-09 17:34:52 +10:00
acvp_test.inc
aesgcmtest.c Retire EVP_CTRL_GET_IV 2020-08-11 07:07:57 -07:00
afalgtest.c Update copyright year 2020-07-16 14:47:04 +02:00
asn1_decode_test.c
asn1_dsa_internal_test.c
asn1_encode_test.c
asn1_internal_test.c
asn1_string_table_test.c
asn1_time_test.c
asynciotest.c
asynctest.c Update copyright year 2020-07-16 14:47:04 +02:00
bad_dtls_test.c Revert "The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*" 2020-07-16 14:21:07 +02:00
bftest.c
bio_callback_test.c
bio_enc_test.c
bio_memleak_test.c
bio_prefix_text.c
bioprinttest.c
bn_internal_test.c
bn_rand_range.h
bntest.c NonStop port updates for 3.0.0. 2020-09-12 20:32:11 +02:00
bntests.pl
build.info TEST: Add a test of EC key generation with encoding spec 2020-09-12 20:24:52 +02:00
ca-and-certs.cnf
casttest.c
CAtsa.cnf
chacha_internal_test.c
cipher_overhead_test.c
cipherbytes_test.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
cipherlist_test.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
ciphername_test.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
clienthellotest.c
cmactest.c
cmp_asn_test.c
cmp_client_test.c test/cmp_{client,msg}_test.c: minor code cleanup 2020-09-10 07:35:07 +02:00
cmp_ctx_test.c OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 2020-09-05 19:33:33 +02:00
cmp_hdr_test.c Add libctx and propq parameters to OSSL_CMP_{SRV_},CTX_new() and ossl_cmp_mock_srv_new() 2020-08-21 09:04:11 +02:00
cmp_msg_test.c test/cmp_{client,msg}_test.c: minor code cleanup 2020-09-10 07:35:07 +02:00
cmp_protect_test.c Strengthen chain building for CMP 2020-09-05 18:11:12 +02:00
cmp_server_test.c Add libctx/provider support to cmp_server_test 2020-08-21 09:04:11 +02:00
cmp_status_test.c
cmp_testlib.c TEST: Fix CMP tests so they load keys in the current library context 2020-08-24 18:20:29 +02:00
cmp_testlib.h TEST: Fix CMP tests so they load keys in the current library context 2020-08-24 18:20:29 +02:00
cmp_vfy_test.c OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted 2020-09-05 19:33:33 +02:00
cms-examples.pl
cmsapitest.c Add CMS AuthEnvelopedData with AES-GCM support 2020-09-08 15:43:11 +02:00
conf_include_test.c
confdump.c
constant_time_test.c
context_internal_test.c
crltest.c
ct_test.c testutil: Make SETUP_TEST_FIXTURE return 0 on fixture == NULL 2020-08-21 09:04:09 +02:00
ctype_internal_test.c
curve448_internal_test.c
d2i_test.c
danetest.c
danetest.in
danetest.pem
data2.txt Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 2020-07-05 11:29:43 +02:00
data.txt Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 2020-07-05 11:29:43 +02:00
default-and-fips.cnf
default-and-legacy.cnf
default.cnf
defltfips_test.c Test that EVP_default_properties_is_fips_enabled() works early 2020-08-17 11:27:51 +01:00
destest.c
dhtest.c
drbg_cavs_data.h
drbg_extra_test.h
drbgtest.c NonStop port updates for 3.0.0. 2020-09-12 20:32:11 +02:00
drbgtest.h
dsa_no_digest_size_test.c
dsatest.c
dtls_mtu_test.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
dtlstest.c
dtlsv1listentest.c
ec_internal_test.c
ecdsatest.c
ecdsatest.h
ecstresstest.c
ectest.c Add Explicit EC parameter support to providers. 2020-08-22 14:55:41 +10:00
endecode_test.c TEST: modify test/endecode_test.c to not use legacy keys 2020-09-08 16:45:12 +02:00
enginetest.c EVP: deprecate the EVP_X_meth_ functions. 2020-07-22 20:19:01 +10:00
errtest.c TEST: fix test/errtest.c 2020-07-05 21:13:25 +02:00
evp_extra_test2.c TEST: Add test to exercise OPENSSL_CTX_set0_default() 2020-06-28 10:55:51 +02:00
evp_extra_test.c TEST: Add a test of EC key generation with encoding spec 2020-09-12 20:24:52 +02:00
evp_fetch_prov_test.c EVP: deprecate the EVP_X_meth_ functions. 2020-07-22 20:19:01 +10:00
evp_kdf_test.c Revert "kdf: make function naming consistent." 2020-07-16 14:21:07 +02:00
evp_libctx_test.c Add dh_kdf support to provider 2020-08-11 20:39:19 +10:00
evp_pkey_dparams_test.c
evp_pkey_provided_test.c Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE 2020-08-21 09:23:58 +02:00
evp_test.c EC: Remove one error record that shadows another 2020-09-03 17:48:33 +02:00
evp_test.h
exdatatest.c
exptest.c
fatalerrtest.c
ffc_internal_test.c Add multiple fixes for ffc key generation using invalid p,q,g parameters. 2020-07-09 13:43:10 +10:00
filterprov.c Make the naming scheme for dispatched functions more consistent 2020-06-24 22:01:22 +02:00
fips-and-base.cnf Add CLI tests in FIPS configuration 2020-08-24 14:49:03 +03:00
fips.cnf Test that EVP_default_properties_is_fips_enabled() works early 2020-08-17 11:27:51 +01:00
generate_buildtest.pl
generate_ssl_tests.pl
gmdifftest.c
gosttest.c
handshake_helper.c Add SSL_get[01]_peer_certificate() 2020-07-16 09:08:21 +02:00
handshake_helper.h
hexstr_test.c
hmactest.c
http_test.c OSSL_HTTP_parse_url(): add optional port number return parameter and strengthen documentation 2020-09-08 15:36:24 +02:00
ideatest.c
igetest.c
insta_ca.cert.pem
insta.priv.pem
keymgmt_internal_test.c
legacy.cnf
lhash_test.c
mdc2_internal_test.c
mdc2test.c
memleaktest.c
modes_internal_test.c
namemap_internal_test.c
ocspapitest.c
ossl_store_test.c Fix coverity issue: CID 1466482 - Resource leak in OSSL_STORE_SEARCH_by_key_fingerprint() 2020-09-12 15:57:24 +10:00
p_test.c Make the naming scheme for dispatched functions more consistent 2020-06-24 22:01:22 +02:00
packettest.c
param_build_test.c params: add OSSL_PARAM helpers for time_t. 2020-06-24 20:05:41 +10:00
params_api_test.c Add and use internal header that implements endianness check 2020-07-11 10:00:33 +02:00
params_conversion_test.c
params_test.c
pbelutest.c
pemtest.c
pkcs7-1.pem
pkcs7.pem
pkcs12_format_test.c Add new APIs to get PKCS12 secretBag OID and value 2020-08-07 07:59:48 +10:00
pkcs12_helper.c Add new APIs to get PKCS12 secretBag OID and value 2020-08-07 07:59:48 +10:00
pkcs12_helper.h Add new APIs to get PKCS12 secretBag OID and value 2020-08-07 07:59:48 +10:00
pkey_meth_kdf_test.c Extend the EVP_PKEY KDF to KDF provider bridge to also support Scrypt 2020-08-10 14:51:59 +01:00
pkey_meth_test.c Update copyright year 2020-08-06 13:22:30 +01:00
pkits-test.pl
poly1305_internal_test.c
property_test.c
provider_fallback_test.c
provider_internal_test.c
provider_internal_test.cnf.in
provider_status_test.c Add 'on demand self test' and status test to providers 2020-08-09 18:06:52 +10:00
provider_test.c
proxy.cnf
rand_status_test.c rand: instantiate the DRBGs upon first use. 2020-08-28 10:19:56 +10:00
rc2test.c
rc4test.c
rc5test.c
rdrand_sanitytest.c
README-dev.md Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt 2020-07-05 11:29:43 +02:00
README-external.md Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 2020-07-05 11:29:43 +02:00
README.md 99-test_fuzz.t: Clean up and re-organize such that sub-tests could be split easily 2020-07-16 21:44:26 +02:00
README.ssltest.md
recordlentest.c
rsa_complex.c
rsa_mp_test.c
rsa_sp800_56b_test.c
rsa_test.c
run_tests.pl Avoid uninitialised variable warning for jobs 2020-09-02 09:05:31 +03:00
sanitytest.c
secmemtest.c
serverinfo2.pem
serverinfo.pem
servername_test.c
session.pem
shibboleth.pfx
shlibloadtest.c
siphash_internal_test.c
sm2_internal_test.c
sm4_internal_test.c
smcont.txt
sparse_array_test.c
srptest.c
ssl_cert_table_internal_test.c
ssl_ctx_test.c
ssl_test_ctx_test.c testutil: Make SETUP_TEST_FIXTURE return 0 on fixture == NULL 2020-08-21 09:04:09 +02:00
ssl_test_ctx_test.cnf
ssl_test_ctx.c Add X509 related libctx changes. 2020-07-24 22:53:27 +10:00
ssl_test_ctx.h Add X509 related libctx changes. 2020-07-24 22:53:27 +10:00
ssl_test.c testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP 2020-08-21 09:04:09 +02:00
ssl_test.tmpl
sslapitest.c Use global 'libctx' with RAND_bytes_ex to generate sendfile temp data. 2020-08-31 09:34:19 +01:00
sslbuffertest.c
sslcorrupttest.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
ssltest_old.c Fix safestack issues in ssl.h 2020-09-13 11:09:45 +01:00
ssltestlib.c
ssltestlib.h
stack_test.c
sysdefault.cnf
sysdefaulttest.c
test_test.c
test.cnf
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p256.pem
testecpub-p256.pem
tested448.pem
tested448pub.pem
tested25519.pem
tested25519pub.pem
testp7.pem
testreq2.pem
testrsa.pem Support writing RSA keys using the traditional format again 2020-09-09 18:32:10 +02:00
testrsapub.pem
testsid.pem
testutil.h testutil: Add provider.c with test_get_libctx(), to use at least for SSL and CMP 2020-08-21 09:04:09 +02:00
testx509.pem Extend X509 cert checks and error reporting in v3_{purp,crld}.c and x509_{set,vfy}.c 2020-09-11 07:42:22 +02:00
threadstest.c
time_offset_test.c
tls13ccstest.c
tls13encryptiontest.c Move MAC removal responsibility to the various protocol "enc" functions 2020-07-06 09:26:00 +01:00
tls13secretstest.c
tls-provider.c Test that EVP_default_properties_is_fips_enabled() works early 2020-08-17 11:27:51 +01:00
uitest.c apps_ui.c: Improve error handling and return value of setup_ui_method() 2020-09-10 22:01:07 +02:00
v3_ca_exts.cnf Make x509 -force_pubkey test case with self-issued cert more realistic 2020-07-01 11:14:54 +02:00
v3-cert1.pem
v3-cert2.pem
v3ext.c
v3nametest.c
verify_extra_test.c Add X509_self_signed(), extending and improving documenation and tests 2020-07-01 11:14:54 +02:00
versions.c
wpackettest.c
x509_check_cert_pkey_test.c
x509_dup_cert_test.c
x509_internal_test.c
x509_time_test.c
x509aux.c

Using OpenSSL Tests

After a successful build, and before installing, the libraries should be tested. Run:

$ make test                                      # Unix
$ mms test                                       ! OpenVMS
$ nmake test                                     # Windows

Warning: you MUST run the tests from an unprivileged account (or disable your privileges temporarily if your platform allows it).

If some tests fail, take a look at the section Test Failures below.

Test Failures

If some tests fail, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). You may want increased verbosity, that can be accomplished like this:

Full verbosity, showing full output of all successful and failed test cases (make macro VERBOSE or V):

$ make V=1 test                                  # Unix
$ mms /macro=(V=1) test                          ! OpenVMS
$ nmake V=1 test                                 # Windows

Verbosity on failed (sub-)tests only (VERBOSE_FAILURE or VF or REPORT_FAILURES):

$ make test VF=1

Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests (VERBOSE_FAILURE_PROGRESS or VFP or REPORT_FAILURES_PROGRESS):

$ make test VFP=1

If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this:

$ make TESTS='test_rsa test_dsa' test            # Unix
$ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
$ nmake TESTS='test_rsa test_dsa' test           # Windows

And of course, you can combine (Unix examples shown):

$ make test TESTS='test_rsa test_dsa' VF=1
$ make test TESTS="test_cmp_*" VFP=1

You can find the list of available tests like this:

$ make list-tests                                # Unix
$ mms list-tests                                 ! OpenVMS
$ nmake list-tests                               # Windows

Have a look at the manual for the perl module Test::Harness to see what other HARNESS_* variables there are.

To report a bug please open an issue on GitHub, at https://github.com/openssl/openssl/issues.

For more details on how the make variables TESTS can be used, see section Running Selected Tests below.

Running Selected Tests

The make variable TESTS supports a versatile set of space separated tokens with which you can specify a set of tests to be performed. With a "current set of tests" in mind, initially being empty, here are the possible tokens:

 alltests      The current set of tests becomes the whole set of available
               tests (as listed when you do 'make list-tests' or similar).

 xxx           Adds the test 'xxx' to the current set of tests.

-xxx           Removes 'xxx' from the current set of tests.  If this is the
               first token in the list, the current set of tests is first
               assigned the whole set of available tests, effectively making
               this token equivalent to TESTS="alltests -xxx".

 nn            Adds the test group 'nn' (which is a number) to the current
               set of tests.

-nn            Removes the test group 'nn' from the current set of tests.
               If this is the first token in the list, the current set of
               tests is first assigned the whole set of available tests,
               effectively making this token equivalent to
               TESTS="alltests -xxx".

Also, all tokens except for "alltests" may have wildcards, such as *. (on Unix and Windows, BSD style wildcards are supported, while on VMS, it's VMS style wildcards)

Examples

Run all tests except for the fuzz tests:

$ make TESTS=-test_fuzz test

or, if you want to be explicit:

$ make TESTS='alltests -test_fuzz' test

Run all tests that have a name starting with "test_ssl" but not those starting with "test_ssl_":

$ make TESTS='test_ssl* -test_ssl_*' test

Run only test group 10:

$ make TESTS='10' test

Run all tests except the slow group (group 99):

$ make TESTS='-99' test

Run all tests in test groups 80 to 99 except for tests in group 90:

$ make TESTS='[89]? -90' test

To run specific fuzz tests you can use for instance:

$ make test TESTS=test_fuzz FUZZ_TESTS="cmp cms"

To stochastically verify that the algorithm that produces uniformly distributed random numbers is operating correctly (with a false positive rate of 0.01%):

$ ./util/wrap.sh test/bntest -stochastic

Running Tests in Parallel

By default the test harness will execute the selected tests sequentially. Depending on the platform characteristics, running more than one test job in parallel may speed up test execution. This can be requested by setting the HARNESS_JOBS environment variable to a positive integer value. This specifies the maximum number of test jobs to run in parallel.

Depending on the Perl version different strategies could be adopted to select which test recipes can be run in parallel. In recent versions of Perl, unless specified otherwise, any task can be run in parallel. Consult the documentation for TAP::Harness to know more.

To run up to four tests in parallel at any given time:

$ make HARNESS_JOBS=4 test