openssl/test
Todd Short 9d75dce3e1 Add TLSv1.3 post-handshake authentication (PHA)
Add SSL_verify_client_post_handshake() for servers to initiate PHA

Add SSL_force_post_handshake_auth() for clients that don't have certificates
initially configured, but use a certificate callback.

Update SSL_CTX_set_verify()/SSL_set_verify() mode:

* Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after
the initial handshake.

* Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless
of when the certificate authentication takes place; either initial handshake,
re-negotiation, or post-handshake authentication.

Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that
add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options

Add support to s_client:
* Enabled automatically when cert is configured
* Can be forced enabled via -force_pha

Add support to s_server:
* Use 'c' to invoke PHA in s_server
* Remove some dead code

Update documentation

Update unit tests:
* Illegal use of PHA extension
* TLSv1.3 certificate tests

DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is
implemented, it's PHA support state machine may need to be different.
Add a TODO and a #error

Update handshake context to deal with PHA.

The handshake context for TLSv1.3 post-handshake auth is up through the
ClientFinish message, plus the CertificateRequest message. Subsequent
Certificate, CertificateVerify, and Finish messages are based on this
handshake context (not the Certificate message per se, but it's included
after the hash). KeyUpdate, NewSessionTicket, and prior Certificate
Request messages are not included in post-handshake authentication.

After the ClientFinished message is processed, save off the digest state
for future post-handshake authentication. When post-handshake auth occurs,
copy over the saved handshake context into the "main" handshake digest.
This effectively discards the any KeyUpdate or NewSessionTicket messages
and any prior post-handshake authentication.

This, of course, assumes that the ID-22 did not mean to include any
previous post-handshake authentication into the new handshake transcript.
This is implied by section 4.4.1 that lists messages only up to the
first ClientFinished.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4964)
2018-02-01 17:07:56 +00:00
..
certs Modify expected output of a CRL to match the changed printout 2017-11-16 01:19:55 +01:00
ct
d2i-tests
ocsp-tests Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL 2017-08-16 14:32:38 -04:00
ossl_shim Get rid of a warning about unused results 2018-01-28 16:22:40 +01:00
recipes Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
smime-certs Add alternative CMS P-256 cert 2017-08-10 16:48:18 +01:00
ssl-tests Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
testutil Add missing \n in some testutil output 2018-01-31 23:49:21 +01:00
aborttest.c
afalgtest.c fix --strict-warnings 2017-12-08 10:39:52 +00:00
asn1_encode_test.c Resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:57 +01:00
asn1_internal_test.c Fix AppVeyor/VC build failure 2017-11-16 14:02:27 +01:00
asn1_string_table_test.c [Win] Fix some test method signatures ... 2017-08-16 10:36:34 -04:00
asn1_time_test.c test/asn1_time_test.c: fix pre-C90 warning. 2018-01-31 22:17:16 +01:00
asynciotest.c Update ServerHello to new draft-22 format 2017-12-14 15:06:37 +00:00
asynctest.c
bad_dtls_test.c Remove unicode characters from source 2017-12-08 11:56:37 +01:00
bftest.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
bio_enc_test.c Fix no-chacha and no-poly1305 2017-08-25 11:34:08 +01:00
bioprinttest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
bntest.c Reduce the use of e_os.h in test programs 2018-01-22 16:21:40 +01:00
bntests.pl
build.info Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
CAss.cnf
CAssdh.cnf
CAssdsa.cnf
CAssrsa.cnf
casttest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
CAtsa.cnf
chacha_internal_test.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
cipher_overhead_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
cipherbytes_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
cipherlist_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
ciphername_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
clienthellotest.c Implement session id TLSv1.3 middlebox compatibility mode 2017-12-14 15:06:37 +00:00
cms-examples.pl
constant_time_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
crltest.c Factorise duplicated code. 2017-11-13 07:52:35 -05:00
ct_test.c Reduce the use of e_os.h in test programs 2018-01-22 16:21:40 +01:00
ctype_internal_test.c e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
d2i_test.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
danetest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
danetest.in
danetest.pem
destest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
dhtest.c Allow DH_set0_key with only private key. 2017-09-26 14:48:51 +02:00
drbgtest.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
drbgtest.h Add DRBG random method 2017-07-19 03:25:16 -04:00
dsatest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
dtls_mtu_test.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
dtlstest.c add callback handler for setting DTLS timer interval 2017-09-06 08:30:00 +02:00
dtlsv1listentest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
ecdsatest.c [Win] Fix some test method signatures ... 2017-08-16 10:36:34 -04:00
ecstresstest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
ectest.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
enginetest.c Add EVP_PKEY_METHOD redirection test 2017-10-12 00:03:32 +01:00
evp_extra_test.c Fix no-ec 2017-12-08 08:29:17 -06:00
evp_test.c Don't assume shared key length matches expected length 2017-10-12 02:40:30 +01:00
evp_test.h Add support for multiple update calls in evp_test 2017-05-19 21:02:24 +01:00
exdatatest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
exptest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
fatalerrtest.c Fix the buffer sizing in the fatalerrtest 2017-12-07 14:35:30 +00:00
generate_buildtest.pl
generate_ssl_tests.pl Consolidate the locations where we have our internal perl modules 2017-08-15 11:30:47 +02:00
gmdifftest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
handshake_helper.c Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
handshake_helper.h Use ChaCha only if prioritized by clnt 2017-11-30 07:13:08 +10:00
hmactest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
ideatest.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
igetest.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
lhash_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
md2test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
mdc2_internal_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
mdc2test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
memleaktest.c
modes_internal_test.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
ocspapitest.c Wrap more of ocspapitest.c in OPENSSL_NO_OCSP 2017-12-08 09:16:36 -06:00
P1ss.cnf
P2ss.cnf
packettest.c Resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:57 +01:00
pbelutest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
pemtest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
pkcs7-1.pem
pkcs7.pem
pkey_meth_kdf_test.c Add PKEY_CTX setter tests for TLS1-PRF 2017-08-21 10:05:14 +01:00
pkey_meth_test.c [Win] Fix some test method signatures ... 2017-08-16 10:36:34 -04:00
pkits-test.pl Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
poly1305_internal_test.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
rc2test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
rc4test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
rc5test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
README Fix test documentation. 2017-09-08 13:58:59 -05:00
README.external Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
README.ssltest.md Session resume broken switching contexts 2017-10-04 10:21:08 +10:00
recordlentest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
rsa_mp_test.c rsa/rsa_gen.c: harmonize keygen's ability with RSA_security_bits. 2017-11-28 20:05:48 +01:00
rsa_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
run_tests.pl test/run_tests.pl: don't use Module::Load::Conditional. 2017-09-02 20:20:51 +02:00
sanitytest.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
secmemtest.c Fix some Typos and indents 2017-08-11 10:16:33 -04:00
serverinfo2.pem
serverinfo.pem
servername_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
session.pem Update the test/session.pem to have a tick_nonce value 2017-07-07 15:02:09 +01:00
shibboleth.pfx
shlibloadtest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
siphash_internal_test.c Create a prototype for OPENSSL_rdtsc 2017-11-25 14:30:11 +01:00
sm4_internal_test.c SM4: Add SM4 block cipher to EVP 2017-10-31 15:19:14 +10:00
smcont.txt
srptest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
ssl_cert_table_internal_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
ssl_test_ctx_test.c Use ChaCha only if prioritized by clnt 2017-11-30 07:13:08 +10:00
ssl_test_ctx_test.conf Implement Maximum Fragment Length TLS extension. 2017-11-05 17:46:48 +01:00
ssl_test_ctx.c Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
ssl_test_ctx.h Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
ssl_test.c Use ChaCha only if prioritized by clnt 2017-11-30 07:13:08 +10:00
ssl_test.tmpl
sslapitest.c Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
sslbuffertest.c Fix some typo and comments 2017-08-12 20:07:17 +02:00
sslcorrupttest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
ssltest_old.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
ssltestlib.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
ssltestlib.h Add some tests for the new TLSv1.3 PSK code 2017-06-21 14:45:36 +01:00
Sssdsa.cnf
Sssrsa.cnf
stack_test.c Add a reserve call to the stack data structure. 2017-09-28 06:53:40 +10:00
test_test.c Test support for time_t comparisons. 2017-11-28 08:56:45 +10:00
test.cnf
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p256.pem
testecpub-p256.pem
testp7.pem
testreq2.pem
testrsa.pem
testrsapub.pem
testsid.pem
testutil.h Test support for time_t comparisons. 2017-11-28 08:56:45 +10:00
testx509.pem
threadstest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
time_offset_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
tls13ccstest.c Fix some clang compilation errors 2017-12-14 15:06:38 +00:00
tls13encryptiontest.c e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
tls13secretstest.c Convert the state machine code to use SSLfatal() 2017-12-04 13:31:48 +00:00
uitest.c [Win] Fix some test method signatures ... 2017-08-16 10:36:34 -04:00
Uss.cnf
v3-cert1.pem
v3-cert2.pem
v3ext.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
v3nametest.c Reduce the use of e_os.h in test programs 2018-01-22 16:21:40 +01:00
verify_extra_test.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
wpackettest.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
x509_check_cert_pkey_test.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
x509_dup_cert_test.c Update the test framework so that the need for test_main is removed. Everything 2017-07-27 07:53:08 +10:00
x509_internal_test.c Iron out /WX errors in VC-WIN32. 2017-11-17 21:22:26 +01:00
x509_time_test.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00
x509aux.c Use "" not <> for internal/ includes 2017-08-22 09:54:20 -04:00

How to add recipes
==================

For any test that you want to perform, you write a script located in
test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and
{name} is a unique name of your choice.

Please note that if a test involves a new testing executable, you will need to
do some additions in test/Makefile.  More on this later.


Naming conventions
=================

A test executable is named test/{name}test.c

A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two
digit number and {name} is a unique name of your choice.

The number {nn} is (somewhat loosely) grouped as follows:

00-04  sanity, internal and essential API tests
05-09  individual symmetric cipher algorithms
10-14  math (bignum)
15-19  individual asymmetric cipher algorithms
20-24  openssl commands (some otherwise not tested)
25-29  certificate forms, generation and verification
30-35  engine and evp
60-79  APIs
   70  PACKET layer
80-89  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
90-98  misc
99     most time consuming tests [such as test_fuzz]


A recipe that just runs a test executable
=========================================

A script that just runs a program looks like this:

    #! /usr/bin/perl

    use OpenSSL::Test::Simple;

    simple_test("test_{name}", "{name}test", "{name}");

{name} is the unique name you have chosen for your test.

The second argument to `simple_test' is the test executable, and `simple_test'
expects it to be located in test/

For documentation on OpenSSL::Test::Simple, do
`perldoc util/perl/OpenSSL/Test/Simple.pm'.


A recipe that runs a more complex test
======================================

For more complex tests, you will need to read up on Test::More and
OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
documentation.  For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm'.

A script to start from could be this:

    #! /usr/bin/perl

    use strict;
    use warnings;
    use OpenSSL::Test;

    setup("test_{name}");

    plan tests => 2;                # The number of tests being performed

    ok(test1, "test1");
    ok(test2, "test1");

    sub test1
    {
        # test feature 1
    }

    sub test2
    {
        # test feature 2
    }


Changes to test/build.info
==========================

Whenever a new test involves a new test executable you need to do the
following (at all times, replace {NAME} and {name} with the name of your
test):

* add {name} to the list of programs under PROGRAMS_NO_INST

* create a three line description of how to build the test, you will have
to modify the include paths and source files if you don't want to use the
basic test framework:

    SOURCE[{name}]={name}.c
    INCLUDE[{name}]=.. ../include
    DEPEND[{name}]=../libcrypto libtestutil.a

Generic form of C test executables
==================================

    #include "testutil.h"

    static int my_test(void)
    {
        int testresult = 0;                 /* Assume the test will fail    */
        int observed;

        observed = function();              /* Call the code under test     */
        if (!TEST_int_equal(observed, 2))   /* Check the result is correct  */
            goto end;                       /* Exit on failure - optional   */

        testresult = 1;                     /* Mark the test case a success */
    end:
        cleanup();                          /* Any cleanup you require      */
        return testresult;
    }

    int setup_tests(void)
    {
        ADD_TEST(my_test);                  /* Add each test separately     */
        return 1;                           /* Indicate success             */
    }

You should use the TEST_xxx macros provided by testutil.h to test all failure
conditions.  These macros produce an error message in a standard format if the
condition is not met (and nothing if the condition is met).  Additional
information can be presented with the TEST_info macro that takes a printf
format string and arguments.  TEST_error is useful for complicated conditions,
it also takes a printf format string and argument.  In all cases the TEST_xxx
macros are guaranteed to evaluate their arguments exactly once.  This means
that expressions with side effects are allowed as parameters.  Thus,

    if (!TEST_ptr(ptr = OPENSSL_malloc(..)))

works fine and can be used in place of:

    ptr = OPENSSL_malloc(..);
    if (!TEST_ptr(ptr))

The former produces a more meaningful message on failure than the latter.