openssl/test
Rob Percival ed29e82ade Adds CT validation to SSL connections
Disabled by default, but can be enabled by setting the
ct_validation_callback on a SSL or SSL_CTX.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:10 -05:00
..
certs CT policy validation 2016-03-01 20:03:25 +00:00
ct Verify SCT signatures 2016-03-01 11:59:28 -05:00
ocsp-tests Fix OCSP checking. 2012-12-07 18:47:47 +00:00
recipes Refactor ClientHello extension parsing 2016-03-03 13:53:26 +01:00
smime-certs Add X9.42 DH certificate to S/MIME test 2013-08-05 16:23:22 +01:00
testlib/OpenSSL Rethink logging of test recipes 2016-02-12 20:56:46 +01:00
asynctest.c Fix use before init warnings in asynctest 2016-02-29 13:07:28 +00:00
bftest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
bntest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
build.info ct_test.c doesn't need to include from source top, only testutil.c does 2016-02-27 21:40:20 +01:00
CAss.cnf GH645: Fix typo: ctificates -> certificates 2016-02-09 11:05:22 -05:00
CAssdh.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
CAssdsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
CAssrsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
casttest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
CAtsa.cnf Use better defaults for TSA. 2015-11-20 13:40:53 +00:00
clienthellotest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
cms-examples.pl Use "cont" consistently in cms-examples.pl 2008-05-01 23:30:06 +00:00
constant_time_test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
ct_test.c CT policy validation 2016-03-01 20:03:25 +00:00
danetest.c Make sure to use unsigned char for is*() functions 2016-02-14 19:31:55 +01:00
danetest.in Suppress DANE TLSA reflection when verification fails 2016-02-08 14:46:09 -05:00
danetest.pem DANE support for X509_verify_cert() 2016-01-07 13:48:59 -05:00
destest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dhtest.c Add a test for small subgroup attacks on DH/DHE 2016-01-28 14:41:19 +00:00
dsatest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
dtlsv1listentest.c fix "no-engine" build of test fixture 2016-02-25 15:23:40 -05:00
dummytest.c Rename some BUF_xxx to OPENSSL_xxx 2015-12-16 16:14:49 -05:00
ecdhtest.c skip inappropriate X25519 tests 2016-02-28 22:54:54 +00:00
ecdsatest.c skip inappropriate X25519 tests 2016-02-28 22:54:54 +00:00
ectest.c skip inappropriate X25519 tests 2016-02-28 22:54:54 +00:00
enginetest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
evp_extra_test.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
evp_test.c Generalise KDF test in evp_test.c 2016-03-02 20:57:32 +00:00
evptests.txt GH355: Implement HKDF 2016-03-03 18:21:20 -05:00
exdatatest.c ex_data part 2: doc fixes and CRYPTO_free_ex_index. 2015-12-01 11:48:37 -05:00
exptest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
gmdifftest.c Check OPENSSL_gmtime_diff 2015-09-02 23:03:43 -04:00
heartbeat_test.c Remove TLS heartbeat, disable DTLS heartbeat 2016-02-11 12:57:26 -05:00
hmactest.c RT3095: allow NULL key for single-shot HMAC 2016-02-04 13:01:32 +01:00
ideatest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
igetest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
Makefile.in CT policy validation 2016-03-01 20:03:25 +00:00
md2test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
md4test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
md5test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
mdc2test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
memleaktest.c Update leak test to check return values. 2016-01-11 02:41:16 +00:00
methtest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
nptest.c Test for NULL ptr == 0 2015-09-04 14:30:38 -04:00
P1ss.cnf Use 2K RSA and SHA256 in tests 2015-04-20 07:23:04 -04:00
P2ss.cnf Use 2K RSA and SHA256 in tests 2015-04-20 07:23:04 -04:00
p5_crpt2_test.c Rename INIT funtions, deprecate old ones. 2016-02-10 09:37:03 -05:00
packettest.c Refactor ClientHello extension parsing 2016-03-03 13:53:26 +01:00
pbelutest.c PBE lookup test 2015-09-03 18:37:27 +01:00
pkcs7-1.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pkcs7.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
pkits-test.pl detect and use older PKITS data 2011-12-11 16:39:25 +00:00
r160test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
randtest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
rc2test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
rc4test.c Don't call cpuid in test; done as init. 2016-02-14 16:36:41 -05:00
rc5test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
README Add documentation for the new testing framework 2015-09-07 16:10:58 +02:00
rmdtest.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
rsa_test.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
run_tests.pl unified build scheme: adjust test framework for out of source build tree 2016-02-09 11:43:20 +01:00
secmemtest.c Fixup secmemtest for the change of CRYPTO_free() and friends 2016-02-17 12:27:53 +01:00
serverinfo.pem Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"... 2013-09-13 19:32:55 -07:00
sha1test.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
sha256t.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
sha512t.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
smcont.txt Add extensive PCKS7 and CMS consistency test script. 2008-03-18 14:37:59 +00:00
srptest.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
ssltest.c Adds CT validation to SSL connections 2016-03-04 10:50:10 -05:00
Sssdsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Sssrsa.cnf Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
test.cnf Use 2K RSA and SHA256 in tests 2015-04-20 07:23:04 -04:00
test_aesni test_aesni: harmonize with AES-NI support at EVP layer. 2012-07-15 13:38:51 +00:00
test_padlock Update test/test_padlock script. 2009-04-27 19:04:23 +00:00
test_t4 Add support for SPARC T4 DES opcode. 2013-03-31 14:32:05 +02:00
testcrl.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testdsa.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testdsapub.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testec-p256.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testecpub-p256.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testp7.pem Change PKCS#7 test data to take account of removal of 2000-08-25 01:29:41 +00:00
testreq2.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testrsa.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
testrsapub.pem Add private/public key conversion tests 2015-03-29 03:26:12 +01:00
testsid.pem Remove SSLv2 support 2014-12-04 11:55:03 +01:00
testutil.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
testutil.h Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
testx509.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
threadstest.c Implement new multi-threading API 2016-02-26 10:00:36 +00:00
times Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Uss.cnf Create DSA and ECDSA certificates. 2015-09-02 21:22:44 +01:00
v3-cert1.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
v3-cert2.pem Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00
v3nametest.c NGX-2040 - fix wildcard match on punycode/IDNA DNS names 2016-01-15 14:46:58 -05:00
verify_extra_test.c Clean up the tests for auto-init/de-init 2016-02-09 15:11:38 +00:00
wp_test.c Enable -Wmissing-variable-declarations and 2015-09-11 04:51:55 +01:00

How to add recipes
==================

For any test that you want to perform, you write a script located in
test/recipes/, named {nn}-test_{name}.t, where {nn} is a two digit number and
{name} is a unique name of your choice.

Please note that if a test involves a new testing executable, you will need to
do some additions in test/Makefile.  More on this later.


Naming convetions
=================

A test executable is named test/{name}test.c

A test recipe is named test/recipes/{nn}-test_{name}.t, where {nn} is a two
digit number and {name} is a unique name of your choice.

The number {nn} is (somewhat loosely) grouped as follows:

05  individual symmetric cipher algorithms
10  math (bignum)
15  individual asymmetric cipher algorithms
20  openssl enc
25  certificate forms, generation and verification
30  engine and evp
70  PACKET layer
80  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
90  misc


A recipe that just runs a test executable
=========================================

A script that just runs a program looks like this:

    #! /usr/bin/perl
    
    use OpenSSL::Test::Simple;
    
    simple_test("test_{name}", "{name}test", "{name}");

{name} is the unique name you have chosen for your test.

The second argument to `simple_test' is the test executable, and `simple_test'
expects it to be located in test/

For documentation on OpenSSL::Test::Simple, do
`perldoc test/testlib/OpenSSL/Test/Simple.pm'.


A recipe that runs a more complex test
======================================

For more complex tests, you will need to read up on Test::More and
OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
documentation.  For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'.

A script to start from could be this:

    #! /usr/bin/perl
    
    use strict;
    use warnings;
    use OpenSSL::Test;
    
    setup("test_{name}");
    
    plan tests => 2;                # The number of tests being performed
    
    ok(test1, "test1");
    ok(test2, "test1");
    
    sub test1
    {
        # test feature 1
    }
    
    sub test2
    {
        # test feature 2
    }
    

Changes to test/Makefile
========================

Whenever a new test involves a new test executable you need to do the
following (at all times, replace {NAME} and {name} with the name of your
test):

* among the variables for test executables at the beginning, add a line like
  this:

    {NAME}TEST= {name}test

* add `$({NAME}TEST)$(EXE_EXT)' to the assignment of EXE:

* add `$({NAME}TEST).o' to the assignment of OBJ:

* add `$({NAME}TEST).c' to the assignment of SRC:

* add the following lines for building the executable:

    $({NAME}TEST)$(EXE_EXT): $({NAME}TEST).o $(DLIBCRYPTO)
           @target=$({NAME}TEST); $(BUILD_CMD)