openssl/test
Kurt Roeckx a9e6100bc9 Add decoder fuzzer
This found CVE-2023-0217

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20269)
2023-06-23 15:54:54 +02:00
..
certs Generate some certificates with the certificatePolicies extension 2023-03-28 13:31:17 +02:00
ct
d2i-tests
helpers Fix typos found by codespell 2023-06-15 10:11:46 +10:00
ocsp-tests
recipes Add decoder fuzzer 2023-06-23 15:54:54 +02:00
smime-certs apps/x509 etc.: allow private key input when public key is expected 2023-03-14 17:26:49 +01:00
smime-eml test: add test case for deadlock reported in #19643 2022-12-08 11:11:11 +01:00
ssl-tests configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
testutil Cast the argument to unsigned char when calling isspace() 2023-06-09 17:30:28 +02:00
aborttest.c
acvp_test.c
acvp_test.inc
aesgcmtest.c Remove FIPS condition on IV gen test. 2022-09-21 17:02:59 +10:00
afalgtest.c
algorithmid_test.c
asn1_decode_test.c
asn1_dsa_internal_test.c
asn1_encode_test.c
asn1_internal_test.c OBJ_nid2obj(): Return UNDEF object instead of NULL for NID_undef 2023-03-23 15:33:47 +01:00
asn1_string_table_test.c
asn1_time_test.c Cast values to match printf format strings. 2022-11-14 07:47:53 +00:00
asynciotest.c
asynctest.c test: Fix memory leak of asynctest 2022-09-23 14:30:09 +01:00
bad_dtls_test.c
bftest.c
bio_callback_test.c
bio_comp_test.c Fix a compilation failure in bio_comp_test.c 2022-10-24 14:15:15 +01:00
bio_core_test.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
bio_dgram_test.c test//bio_dgram_test.c: Skip test when BIO_bind() fails 2023-03-07 15:24:54 +01:00
bio_enc_test.c
bio_memleak_test.c Fix SMIME_crlf_copy() to properly report an error 2022-12-22 11:01:06 +01:00
bio_prefix_text.c
bio_readbuffer_test.c
bio_tfo_test.c Fix asan finding in bio_tfo_test 2022-08-12 16:13:13 +01:00
bioprinttest.c
bn_internal_test.c
bn_rand_range.h
bntest.c bn2bin(): Don't accept len < 0 2023-01-20 07:38:40 +00:00
bntests.pl
build_wincrypt_test.c build_wincrypt_test.c: Fix compilation with MSVC 2023-04-28 20:09:08 +02:00
build.info configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
ca_internals_test.c libcrypto and test: rename asn1_string_to_time_t to ossl_asn1_string_to_time_t 2022-07-19 08:44:19 +02:00
ca-and-certs.cnf APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given 2023-01-24 15:16:47 +01:00
casttest.c
CAtsa.cnf
cc_dummy.c QUIC CC: Use OSSL_PARAM 2023-05-01 11:03:54 +01:00
cert_comp_test.c Fix coverity 1516095 deadcode 2022-10-21 10:34:55 +11:00
chacha_internal_test.c
cipher_overhead_test.c
cipherbytes_test.c
cipherlist_test.c
ciphername_test.c
clienthellotest.c
cmactest.c Fix new typos found by codespell 2023-06-18 16:53:09 +10:00
cmp_asn_test.c coverity 1520506: error handling 2023-01-30 08:34:16 +11:00
cmp_client_test.c CMP client: fix checking new cert enrolled with oldcert and without private key 2023-05-12 10:46:27 +02:00
cmp_ctx_test.c allow to disable http 2023-06-06 11:05:02 +10:00
cmp_hdr_test.c coverity 1520505: error handling 2023-01-30 08:34:16 +11:00
cmp_msg_test.c CMP client: fix checking new cert enrolled with oldcert and without private key 2023-05-12 10:46:27 +02:00
cmp_protect_test.c adding provider_unload functions for cmp_ tests 2023-04-16 22:23:24 +10:00
cmp_server_test.c
cmp_status_test.c CMP+CRMF: fix formatting nits in crypto/, include/, and test/ 2022-11-24 13:45:06 +01:00
cmp_vfy_test.c adding provider_unload functions for cmp_ tests 2023-04-16 22:23:24 +10:00
cms-examples.pl
cmsapitest.c CMS_add0_cert: if cert already present, do not throw error but ignore it 2023-02-24 08:49:26 +01:00
conf_include_test.c
confdump.c
constant_time_test.c
context_internal_test.c
crltest.c
ct_test.c
ctype_internal_test.c
curve448_internal_test.c Support all five EdDSA instances from RFC 8032 2023-01-13 07:09:09 +00:00
d2i_test.c
dane-cross.in
danetest.c
danetest.in
danetest.pem
data2.bin
data.bin
default-and-fips.cnf
default-and-legacy.cnf
default.cnf
defltfips_test.c
destest.c des: prevent error when using two key triple DES with a random key 2023-02-08 21:54:24 +11:00
dhkem_test.inc configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
dhtest.c
drbgtest.c Workaround egd rand source deficiencies 2022-10-24 12:02:16 +02:00
dsa_no_digest_size_test.c
dsatest.c Make DSA_sign() test for negative p,q,g values. 2023-03-31 15:17:27 -04:00
dtls_mtu_test.c SSL object refactoring using SSL_CONNECTION object 2022-07-28 10:04:28 +01:00
dtlstest.c DLTS → DTLS 2023-05-10 18:26:03 +01:00
dtlsv1listentest.c
ec_internal_test.c Add test for EC_KEY_set_private_key() 2022-08-04 12:17:08 +03:00
ecdsatest.c Fix mem leak in ECDSA_sign(). 2023-03-31 14:57:47 -04:00
ecdsatest.h
ecstresstest.c
ectest.c New function EC_GROUP_to_params to convert an EC_GROUP to an array of OSSL_PARAM. 2023-02-08 10:27:07 -05:00
endecode_test.c With fips provider 3.0.0 skip tests related to explicit curves handling 2022-09-16 08:34:53 +10:00
endecoder_legacy_test.c
enginetest.c
errtest.c
event_queue_test.c Make OSSL_TIME a structure 2022-08-12 15:44:01 +01:00
evp_extra_test2.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
evp_extra_test.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
evp_fetch_prov_test.c
evp_kdf_test.c SSKDF with KMAC should return SIZE_MAX when EVP_KDF_CTX_get_kdf_size() 2023-01-12 12:13:47 +01:00
evp_libctx_test.c Revert "Remove conditional FIPS dependence for 3DES" 2022-11-10 12:25:04 +01:00
evp_pkey_ctx_new_from_name.c
evp_pkey_dhkem_test.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
evp_pkey_dparams_test.c
evp_pkey_provided_test.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
evp_test.c Cast the argument to unsigned char when calling isspace() 2023-06-09 17:30:28 +02:00
exdatatest.c
exptest.c Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime 2023-01-14 11:37:18 +01:00
ext_internal_test.c RFC7250 (RPK) support 2023-03-28 13:49:54 -04:00
fake_rsaprov.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
fake_rsaprov.h Add test for EVP_PKEY_eq 2022-11-15 12:04:12 +01:00
fatalerrtest.c
ffc_internal_test.c Fix typos found by codespell 2023-06-15 10:11:46 +10:00
filterprov.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
filterprov.h
fips_version_test.c With fips provider 3.0.0 skip tests related to explicit curves handling 2022-09-16 08:34:53 +10:00
fips-alt.cnf
fips-and-base.cnf test: note that a default property query must be included for FIPS validity 2023-01-24 12:35:37 +00:00
fips.cnf
generate_buildtest.pl
generate_ssl_tests.pl
gmdifftest.c
hexstr_test.c
hmactest.c
hpke_test.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
http_test.c
ideatest.c
igetest.c
insta_ca.cert.pem
insta.priv.pem
keymgmt_internal_test.c Replace "a RSA" with "an RSA" 2022-12-07 09:37:25 +11:00
legacy.cnf
lhash_test.c
list_test.c list: add debug sanity checks 2022-11-16 18:02:02 +11:00
localetest.c
mdc2_internal_test.c
mdc2test.c Cleanup : directly include of internal/nelem.h when required. 2022-11-23 18:08:25 +01:00
membio_test.c Fix typos found by codespell 2023-06-15 10:11:46 +10:00
memleaktest.c
modes_internal_test.c
moduleloadtest.c
namemap_internal_test.c
nodefltctxtest.c Add a test for no initialisation of the default config file 2023-02-22 10:03:14 +11:00
null.cnf Add a test for no initialisation of the default config file 2023-02-22 10:03:14 +11:00
ocspapitest.c
ossl_store_test.c
p_test.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
packettest.c Rationalize FIPS sources 2023-02-08 16:20:55 +01:00
pairwise_fail_test.c Add tests for FIPS keygen self test failures. 2023-02-08 17:00:55 +01:00
param_build_test.c test/param_build_test.c: test zero BIGNUM 2023-01-11 23:38:13 +01:00
params_api_test.c
params_conversion_test.c
params_test.c
pbelutest.c
pbetest.c
pem_read_depr_test.c
pemtest.c Add a test for CVE-2022-4450 2023-02-07 17:05:10 +01:00
pkcs7_test.c
pkcs7-1.pem
pkcs7.pem
pkcs12_api_test.c Fix PKCS12_newpass() to work with PBES2. 2023-03-15 08:49:03 +11:00
pkcs12_format_test.c Cleanup : directly include of internal/nelem.h when required. 2022-11-23 18:08:25 +01:00
pkey_meth_kdf_test.c
pkey_meth_test.c
pkits-test.pl
poly1305_internal_test.c
priority_queue_test.c
property_test.c Add negative test for unquoted property string 2023-01-20 10:15:53 +11:00
prov_config_test.c
provfetchtest.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
provider_default_search_path_test.c Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests. 2022-12-06 18:24:06 +01:00
provider_fallback_test.c
provider_internal_test.c
provider_internal_test.cnf.in
provider_pkey_test.c Add test for EVP_PKEY_eq 2022-11-15 12:04:12 +01:00
provider_status_test.c
provider_test.c
proxy.cnf
punycode_test.c Add more punycode tests and remove ossl_a2ucompare() 2023-02-08 16:17:37 +01:00
quic_ackm_test.c QUIC CC: Major revisions to CC abstract interface 2023-05-01 11:03:54 +01:00
quic_cc_test.c Minor fixups 2023-05-01 11:03:54 +01:00
quic_cfq_test.c QUIC CFQ Fixes 2022-11-07 18:18:34 +00:00
quic_client_test.c QUIC: Rename SSL_tick, SSL_get_tick_timeout 2023-05-29 08:51:12 +02:00
quic_fc_test.c QUIC Flow Control 2022-09-26 08:01:55 +01:00
quic_fifd_test.c QUIC FIFD: Add support for callback on frame ACK 2023-05-12 14:47:13 +01:00
quic_multistream_test.c QUIC: Allow application to trigger TXKU 2023-06-16 09:26:48 +10:00
quic_newcid_test.c QUIC: Rename SSL_tick etc. in man(7) docs 2023-05-29 08:51:12 +02:00
quic_record_test_util.h QUIC Wire Encoding: Support Retry Integrity Tag Calculation 2023-01-13 13:20:10 +00:00
quic_record_test.c QUIC RX: Support reporting the key epoch a packet was received with 2023-06-16 09:26:28 +10:00
quic_stream_test.c Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams 2023-06-23 14:31:45 +02:00
quic_tserver_test.c QUIC APL: Correct implementation of time callback override 2023-06-16 09:26:28 +10:00
quic_txp_test.c QUIC TXP: Refactor status output to use an extensible structure 2023-06-16 09:26:27 +10:00
quic_txpim_test.c QUIC TXPIM 2022-11-07 18:18:04 +00:00
quic_wire_test.c Properly handling stream/crypto frames while tracing 2023-05-24 12:18:33 +01:00
quicapitest.c QUIC: Rename SSL_tick, SSL_get_tick_timeout 2023-05-29 08:51:12 +02:00
quicfaultstest.c Fix typos found by codespell 2023-06-15 10:11:46 +10:00
rand_status_test.c
rand_test.c
rc2test.c
rc4test.c
rc5test.c
rdcpu_sanitytest.c
README-dev.md
README-external.md updated (lib+)oqsprovider to latest releases 2023-06-15 08:39:10 +10:00
README.md
README.ssltest.md
recordlentest.c tests: clear error queue before executing a testcase 2022-10-27 18:39:29 +02:00
rpktest.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
rsa_complex.c djgpp: Skip test/rsa_complex.c 2022-09-29 12:48:23 +02:00
rsa_mp_test.c Make RSA_generate_multi_prime_key() not segfault if e is NULL. 2023-01-12 10:46:22 -05:00
rsa_sp800_56b_test.c Add coverage test for ossl_rsa_sp800_56b_derive_params_from_pq 2023-02-08 10:31:01 -05:00
rsa_test.c Add Tests for RSA_sign_ASN1_OCTET_STRING & RSA_verify_ASN1_OCTET_STRING 2023-02-08 16:19:02 +01:00
rsa_x931_test.c Add libctx to x931 keygen. 2023-05-05 17:11:16 +01:00
run_tests.pl
safe_math_test.c
sanitytest.c Add sanity test for OSSL_sleep() 2023-03-18 20:00:57 +01:00
secmemtest.c
serverinfo2.pem
serverinfo.pem
servername_test.c
session.pem
sha_test.c
shibboleth.pfx
shlibloadtest.c
simpledynamic.c
simpledynamic.h
siphash_internal_test.c
sm2_internal_test.c
sm3_internal_test.c
sm4_internal_test.c
smcont_zero.txt
smcont.bin
smcont.txt
sparse_array_test.c
srptest.c
ssl_cert_table_internal_test.c Cast values to match printf format strings. 2022-11-14 07:47:53 +00:00
ssl_ctx_test.c Extend the min/max protocol testing 2023-05-05 15:25:37 +01:00
ssl_handshake_rtt_test.c [feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available 2023-06-02 05:46:46 +02:00
ssl_old_test.c Update COMP_METHOD 2022-10-18 09:30:22 -04:00
ssl_test_ctx_test.c
ssl_test_ctx_test.cnf
ssl_test.c test: update ssl_new tests in line with pedantic FIPS policy 2023-04-21 17:01:38 +01:00
ssl_test.tmpl
sslapitest.c Fix typos found by codespell 2023-06-15 10:11:46 +10:00
sslbuffertest.c Move recordmethod.h to be an "internal" header 2023-01-24 17:16:29 +00:00
sslcorrupttest.c tests: clear error queue before executing a testcase 2022-10-27 18:39:29 +02:00
stack_test.c
sysdefault.cnf
sysdefaulttest.c
test_test.c
test.cnf
testcrl.pem
testdsa.pem
testdsapub.pem
testec-p112r1.pem TEST: Check property query support of apps/pkey 2022-08-17 09:20:41 +02:00
testec-p256.pem
testecpub-p256.pem
tested448.pem
tested448pub.pem
tested25519.pem
tested25519pub.pem
testp7.pem
testreq2.pem
testrsa2048.pem
testrsa2048pub.pem Test that signatures using hash name commands work properly 2022-11-07 14:40:09 +01:00
testrsa_withattrs.der
testrsa_withattrs.pem
testrsa.pem
testrsapss.pem
testrsapssmandatory.pem
testrsapub.pem
testsid.pem
testutil.h QUIC: Test key update works correctly 2023-06-16 09:26:48 +10:00
testx509.pem
threadpool_test.c Split out thread pool tests into threadpool_test 2022-11-22 17:08:23 +01:00
threadstest_fips.c
threadstest.c Split out thread pool tests into threadpool_test 2022-11-22 17:08:23 +01:00
threadstest.h
time_offset_test.c
timing_load_creds.c timing_load_creds requires POSIX1.2001 due to rusage 2022-12-15 12:04:01 +01:00
tls13ccstest.c configure: introduce no-ecx to remove ECX related feature 2023-06-14 13:06:22 +10:00
tls13encryptiontest.c Extend the new_record_layer function 2023-01-24 17:16:29 +00:00
tls13secretstest.c Extend the new_record_layer function 2023-01-24 17:16:29 +00:00
tls-provider.c Fix typos found by codespell 2023-06-15 10:11:46 +10:00
trace_api_test.c add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string() 2023-01-26 09:16:51 +01:00
uitest.c
upcallstest.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
user_property_test.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
v3_ca_exts.cnf
v3-cert1.pem
v3-cert2.pem
v3ext.c Fix coverity issues in X509v3_addr 2022-11-21 12:41:25 +01:00
v3nametest.c Fix GENERAL_NAME_cmp for x400Address (master) 2023-02-07 17:05:10 +01:00
verify_extra_test.c
versions.c
wpackettest.c Rationalize FIPS sources 2023-02-08 16:20:55 +01:00
x509_check_cert_pkey_test.c Coverity 1529992: Check return value of sscanf() 2023-06-10 19:23:59 -04:00
x509_dup_cert_test.c
x509_internal_test.c
x509_test.c Add test for X509 sign TBS cache regression. 2022-11-02 11:14:32 +01:00
x509_time_test.c apps & al : Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:28 +11:00
x509aux.c Cleanup : directly include of internal/nelem.h when required. 2022-11-23 18:08:25 +01:00

Using OpenSSL Tests

After a successful build, and before installing, the libraries should be tested. Run:

$ make test                                      # Unix
$ mms test                                       ! OpenVMS
$ nmake test                                     # Windows

Warning: you MUST run the tests from an unprivileged account (or disable your privileges temporarily if your platform allows it).

If some tests fail, take a look at the section Test Failures below.

Test Failures

If some tests fail, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). You may want increased verbosity, that can be accomplished like this:

Full verbosity, showing full output of all successful and failed test cases (make macro VERBOSE or V):

$ make V=1 test                                  # Unix
$ mms /macro=(V=1) test                          ! OpenVMS
$ nmake V=1 test                                 # Windows

Verbosity on failed (sub-)tests only (VERBOSE_FAILURE or VF or REPORT_FAILURES):

$ make test VF=1

Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests (VERBOSE_FAILURE_PROGRESS or VFP or REPORT_FAILURES_PROGRESS):

$ make test VFP=1

If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this:

$ make TESTS='test_rsa test_dsa' test            # Unix
$ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
$ nmake TESTS='test_rsa test_dsa' test           # Windows

And of course, you can combine (Unix examples shown):

$ make test TESTS='test_rsa test_dsa' VF=1
$ make test TESTS="test_cmp_*" VFP=1

You can find the list of available tests like this:

$ make list-tests                                # Unix
$ mms list-tests                                 ! OpenVMS
$ nmake list-tests                               # Windows

Have a look at the manual for the perl module Test::Harness to see what other HARNESS_* variables there are.

To report a bug please open an issue on GitHub, at https://github.com/openssl/openssl/issues.

For more details on how the make variables TESTS can be used, see section Running Selected Tests below.

Running Selected Tests

The make variable TESTS supports a versatile set of space separated tokens with which you can specify a set of tests to be performed. With a "current set of tests" in mind, initially being empty, here are the possible tokens:

 alltests      The current set of tests becomes the whole set of available
               tests (as listed when you do 'make list-tests' or similar).

 xxx           Adds the test 'xxx' to the current set of tests.

-xxx           Removes 'xxx' from the current set of tests.  If this is the
               first token in the list, the current set of tests is first
               assigned the whole set of available tests, effectively making
               this token equivalent to TESTS="alltests -xxx".

 nn            Adds the test group 'nn' (which is a number) to the current
               set of tests.

-nn            Removes the test group 'nn' from the current set of tests.
               If this is the first token in the list, the current set of
               tests is first assigned the whole set of available tests,
               effectively making this token equivalent to
               TESTS="alltests -xxx".

Also, all tokens except for "alltests" may have wildcards, such as *. (on Unix and Windows, BSD style wildcards are supported, while on VMS, it's VMS style wildcards)

Examples

Run all tests except for the fuzz tests:

$ make TESTS='-test_fuzz*' test

or, if you want to be explicit:

$ make TESTS='alltests -test_fuzz*' test

Run all tests that have a name starting with "test_ssl" but not those starting with "test_ssl_":

$ make TESTS='test_ssl* -test_ssl_*' test

Run only test group 10:

$ make TESTS='10' test

Run all tests except the slow group (group 99):

$ make TESTS='-99' test

Run all tests in test groups 80 to 99 except for tests in group 90:

$ make TESTS='[89]? -90' test

To run specific fuzz tests you can use for instance:

$ make test TESTS='test_fuzz_cmp test_fuzz_cms'

To stochastically verify that the algorithm that produces uniformly distributed random numbers is operating correctly (with a false positive rate of 0.01%):

$ ./util/wrap.sh test/bntest -stochastic

Running Tests in Parallel

By default the test harness will execute the selected tests sequentially. Depending on the platform characteristics, running more than one test job in parallel may speed up test execution. This can be requested by setting the HARNESS_JOBS environment variable to a positive integer value. This specifies the maximum number of test jobs to run in parallel.

Depending on the Perl version different strategies could be adopted to select which test recipes can be run in parallel. In recent versions of Perl, unless specified otherwise, any task can be run in parallel. Consult the documentation for TAP::Harness to know more.

To run up to four tests in parallel at any given time:

$ make HARNESS_JOBS=4 test

Randomisation of Test Ordering

By default, the test harness will execute tests in the order they were added. By setting the OPENSSL_TEST_RAND_ORDER environment variable to zero, the test ordering will be randomised. If a randomly ordered test fails, the seed value used will be reported. Setting the OPENSSL_TEST_RAND_ORDER environment variable to this value will rerun the tests in the same order. This assures repeatability of randomly ordered test runs. This repeatability is independent of the operating system, processor or platform used.

To randomise the test ordering:

$ make OPENSSL_TEST_RAND_ORDER=0 test

To run the tests using the order defined by the random seed 42:

$ make OPENSSL_TEST_RAND_ORDER=42 test