openssl/test
Matt Caswell 92760c21e6 Update state machine to be closer to TLS1.3
This is a major overhaul of the TLSv1.3 state machine. Currently it still
looks like TLSv1.2. This commit changes things around so that it starts
to look a bit less like TLSv1.2 and bit more like TLSv1.3.

After this commit we have:

ClientHello
+ key_share          ---->
                           ServerHello
                           +key_share
                           {CertificateRequest*}
                           {Certificate*}
                           {CertificateStatus*}
                     <---- {Finished}
{Certificate*}
{CertificateVerify*}
{Finished}           ---->
[ApplicationData]    <---> [Application Data]

Key differences between this intermediate position and the final TLSv1.3
position are:
- No EncryptedExtensions message yet
- No server side CertificateVerify message yet
- CertificateStatus still exists as a separate message
- A number of the messages are still in the TLSv1.2 format
- Still running on the TLSv1.2 record layer

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-23 15:31:21 +00:00
..
certs Extend mkcert.sh to support nameConstraints generation and more complex 2016-07-11 23:30:04 +01:00
ct Verify SCT signatures 2016-03-01 11:59:28 -05:00
d2i-tests add test for CVE-2016-7053 2016-11-10 13:04:11 +00:00
ocsp-tests Fix OCSP checking. 2012-12-07 18:47:47 +00:00
ossl_shim Remove an unused field in ossl_shim 2016-11-04 10:38:54 +00:00
recipes Remove old style NewSessionTicket from TLSv1.3 2016-11-23 15:31:21 +00:00
smime-certs spelling fixes, just comments and readme. 2016-08-05 19:07:30 -04:00
ssl-tests Remove old style NewSessionTicket from TLSv1.3 2016-11-23 15:31:21 +00:00
testlib/OpenSSL OpenSSL::Test - small fixup 2016-10-19 17:14:33 +02:00
aborttest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
afalgtest.c Handle inability to create AFALG socket 2016-06-13 17:28:40 +01:00
asn1_internal_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
asynciotest.c Make SSL_read and SSL_write return the old behaviour and document it. 2016-11-21 21:54:28 +01:00
asynctest.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
bad_dtls_test.c Solution proposal for issue #1647. 2016-11-12 22:26:20 -05:00
bftest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
bio_enc_test.c Fix bio_enc_test 2016-08-23 09:24:29 +01:00
bioprinttest.c Whitespace cleanup in apps 2016-06-29 09:56:39 -04:00
bntest.c test/bntest.c: regression test for CVE-2016-7055. 2016-11-10 10:30:49 +00:00
build.info Add test to check EVP_PKEY method ordering. 2016-11-20 00:22:02 +00:00
CAss.cnf RT3809: basicConstraints is critical 2016-06-13 09:18:22 -04:00
CAssdh.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
CAssdsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
CAssrsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
casttest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
CAtsa.cnf Use better defaults for TSA. 2015-11-20 13:40:53 +00:00
cipher_overhead_test.c Add unit test for ssl_cipher_get_overhead() 2016-11-02 14:00:11 +00:00
cipherlist_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
clienthellotest.c Remove old style NewSessionTicket from TLSv1.3 2016-11-23 15:31:21 +00:00
cms-examples.pl Copyright consolidation: perl files 2016-04-20 09:45:40 -04:00
constant_time_test.c constant time test: include our internal/numbers.h rather than limits.h 2016-11-05 11:38:29 +01:00
ct_test.c Make sure things get deleted when test setup fails in ct_test.c 2016-11-16 13:54:17 +00:00
d2i_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
danetest.c Perform DANE-EE(3) name checks by default 2016-07-12 10:16:34 -04:00
danetest.in Perform DANE-EE(3) name checks by default 2016-07-12 10:16:34 -04:00
danetest.pem DANE support for X509_verify_cert() 2016-01-07 13:48:59 -05:00
destest.c spelling fixes, just comments and readme. 2016-08-05 19:07:30 -04:00
dhtest.c Fix the build and tests following constification of DH, DSA, RSA 2016-06-16 13:34:44 +01:00
dsatest.c Fix the build and tests following constification of DH, DSA, RSA 2016-06-16 13:34:44 +01:00
dtls_mtu_test.c dtl_mtu_test doesn't follow BIO_* conventions and make Windows build fail 2016-11-09 15:54:41 +01:00
dtlstest.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
dtlsv1listentest.c Simplify and rename SSL_set_rbio() and SSL_set_wbio() 2016-07-29 14:09:57 +01:00
ecdhtest_cavs.h Whitespace cleanup in apps 2016-06-29 09:56:39 -04:00
ecdhtest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
ecdsatest.c spelling fixes, just comments and readme. 2016-08-05 19:07:30 -04:00
ectest.c Fix a memory leak in EC_GROUP_get_ecparameters() 2016-08-22 15:10:03 +01:00
enginetest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
evp_extra_test.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
evp_test.c Skipping tests in evp_test leaks memory 2016-11-21 16:04:39 -05:00
evptests.txt test/evptests.txt: add negative tests for AEAD ciphers. 2016-11-10 13:04:11 +00:00
exdatatest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
exptest.c Change callers to use the new constants. 2016-08-10 10:07:37 -04:00
generate_buildtest.pl Move the building of test/buildtest_*. to be done unconditionally 2016-08-05 21:17:05 +02:00
generate_ssl_tests.pl Reorganize SSL test structures 2016-08-08 12:06:26 +02:00
gmdifftest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
handshake_helper.c Extend the renegotiation tests 2016-09-28 09:15:07 +01:00
handshake_helper.h Test that the peers send at most one fatal alert 2016-08-18 12:49:32 +02:00
hmactest.c Fix hmac test case 6 2016-06-30 08:52:37 -04:00
ideatest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
igetest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
md2test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
md4test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
md5test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
mdc2_internal_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
mdc2test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
memleaktest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
methtest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
modes_internal_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
p5_crpt2_test.c Useless includes 2016-06-18 16:30:24 -04:00
P1ss.cnf Use 2K RSA and SHA256 in tests 2015-04-20 07:23:04 -04:00
P2ss.cnf Use 2K RSA and SHA256 in tests 2015-04-20 07:23:04 -04:00
packettest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
pbelutest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
pkcs7-1.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pkcs7.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pkey_meth_test.c Add test to check EVP_PKEY method ordering. 2016-11-20 00:22:02 +00:00
pkits-test.pl Remove trailing whitespace from some files. 2016-10-10 23:36:21 +01:00
poly1305_internal_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
r160test.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
randtest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
rc2test.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
rc4test.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
rc5test.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
README Add a test for 'openssl passwd' 2016-09-14 00:30:50 +02:00
README.external Fix argument order in documentation 2016-11-04 10:38:54 +00:00
README.ssltest.md Extend the renegotiation tests 2016-09-28 09:15:07 +01:00
rmdtest.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
rsa_test.c Deprecate the flags that switch off constant time 2016-06-06 11:09:06 +01:00
run_tests.pl Add a more versatile test chooser 2016-09-01 20:58:40 +02:00
sanitytest.c Platform sanity test 2016-07-08 15:56:55 -04:00
secmemtest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
serverinfo.pem Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"... 2013-09-13 19:32:55 -07:00
sha1test.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
sha256t.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
sha512t.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
shibboleth.pfx Add PKCS#12 UTF-8 interoperability test. 2016-08-22 13:52:51 +02:00
shlibloadtest.c Fix no-dso (shlibloadtest) 2016-11-10 10:12:00 +00:00
smcont.txt test/smcont.txt: trigger assertion in bio_enc.c. 2016-07-31 17:03:17 +02:00
srptest.c Add SRP test vectors from RFC5054 2016-10-01 13:46:54 +01:00
ssl_test_ctx_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
ssl_test_ctx_test.conf Port multi-buffer tests 2016-08-18 12:46:00 +02:00
ssl_test_ctx.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
ssl_test_ctx.h Extend the renegotiation tests 2016-09-28 09:15:07 +01:00
ssl_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
ssl_test.tmpl test/ssl_test.tmpl: make it work with elderly perl. 2016-08-16 12:43:44 +02:00
sslapitest.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
sslcorrupttest.c Fix test_sslcorrupt when using TLSv1.3 2016-11-10 15:51:11 +00:00
ssltest_old.c Remove a hack from ssl_test_old 2016-11-16 10:27:40 +00:00
ssltestlib.c test: add TLS application data corruption test. 2016-11-10 13:04:11 +00:00
ssltestlib.h Fix some clang warnings 2016-08-19 13:52:40 +01:00
Sssdsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Sssrsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
test_main_custom.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
test_main_custom.h Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
test_main.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
test_main.h Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
test.cnf Use 2K RSA and SHA256 in tests 2015-04-20 07:23:04 -04:00
testcrl.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testdsa.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testdsapub.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testec-p256.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testecpub-p256.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testp7.pem Change PKCS#7 test data to take account of removal of 2000-08-25 01:29:41 +00:00
testreq2.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testrsa.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testrsapub.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testsid.pem Remove SSLv2 support 2014-12-04 11:55:03 +01:00
testutil.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
testutil.h Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
testx509.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
threadstest.c include/openssl: don't include <windows.h> in public headers. 2016-07-08 11:49:44 +02:00
tls13secretstest.c Update state machine to be closer to TLS1.3 2016-11-23 15:31:21 +00:00
Uss.cnf Create DSA and ECDSA certificates. 2015-09-02 21:22:44 +01:00
v3-cert1.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
v3-cert2.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
v3ext.c Add some accessor API's 2016-06-08 11:37:06 -04:00
v3nametest.c Copyright consolidation 02/10 2016-05-17 14:20:27 -04:00
verify_extra_test.c Fix a few if(, for(, while( inside code. 2016-07-20 07:21:53 -04:00
wp_test.c crypto/cryptlib.c: omit OPENSSL_ia32cap_loc(). 2016-06-22 20:20:37 +02:00
wpackettest.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
x509_internal_test.c Add main() test methods to reduce test boilerplate. 2016-11-09 16:07:16 +01:00
x509aux.c test/x509aux.c: Fix argv loop 2016-09-21 16:19:22 +02:00

How to add recipes
==================

For any test that you want to perform, you write a script located in
test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and
{name} is a unique name of your choice.

Please note that if a test involves a new testing executable, you will need to
do some additions in test/Makefile.  More on this later.


Naming conventions
=================

A test executable is named test/{name}test.c

A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two
digit number and {name} is a unique name of your choice.

The number {nn} is (somewhat loosely) grouped as follows:

05  individual symmetric cipher algorithms
10  math (bignum)
15  individual asymmetric cipher algorithms
20  openssl commands (some otherwise not tested)
25  certificate forms, generation and verification
30  engine and evp
70  PACKET layer
80  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
90  misc


A recipe that just runs a test executable
=========================================

A script that just runs a program looks like this:

    #! /usr/bin/perl
    
    use OpenSSL::Test::Simple;
    
    simple_test("test_{name}", "{name}test", "{name}");

{name} is the unique name you have chosen for your test.

The second argument to `simple_test' is the test executable, and `simple_test'
expects it to be located in test/

For documentation on OpenSSL::Test::Simple, do
`perldoc test/testlib/OpenSSL/Test/Simple.pm'.


A recipe that runs a more complex test
======================================

For more complex tests, you will need to read up on Test::More and
OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
documentation.  For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'.

A script to start from could be this:

    #! /usr/bin/perl
    
    use strict;
    use warnings;
    use OpenSSL::Test;
    
    setup("test_{name}");
    
    plan tests => 2;                # The number of tests being performed
    
    ok(test1, "test1");
    ok(test2, "test1");
    
    sub test1
    {
        # test feature 1
    }
    
    sub test2
    {
        # test feature 2
    }
    

Changes to test/Makefile
========================

Whenever a new test involves a new test executable you need to do the
following (at all times, replace {NAME} and {name} with the name of your
test):

* among the variables for test executables at the beginning, add a line like
  this:

    {NAME}TEST= {name}test

* add `$({NAME}TEST)$(EXE_EXT)' to the assignment of EXE:

* add `$({NAME}TEST).o' to the assignment of OBJ:

* add `$({NAME}TEST).c' to the assignment of SRC:

* add the following lines for building the executable:

    $({NAME}TEST)$(EXE_EXT): $({NAME}TEST).o $(DLIBCRYPTO)
           @target=$({NAME}TEST); $(BUILD_CMD)