Guidelines for test developers
==============================

How to add recipes
------------------

For any test that you want to perform, you write a script located in
`test/recipes/`, named `{nn}-test_{name}.t`,
where `{nn}` is a two digit number and
`{name}` is a unique name of your choice.

Please note that if a test involves a new testing executable, you will need to
do some additions in test/build.info. Please refer to the section
["Changes to test/build.info"](README.md#changes-to-testbuildinfo) below.

Naming conventions
------------------

A test executable is named `test/{name}test.c`

A test recipe is named `test/recipes/{nn}-test_{name}.t`, where `{nn}` is a two
digit number and `{name}` is a unique name of your choice.

The number `{nn}` is (somewhat loosely) grouped as follows:

    00-04  sanity, internal and essential API tests
    05-09  individual symmetric cipher algorithms
    10-14  math (bignum)
    15-19  individual asymmetric cipher algorithms
    20-24  openssl commands (some otherwise not tested)
    25-29  certificate forms, generation and verification
    30-35  engine and evp
    60-79  APIs:
       60  X509 subsystem
       61  BIO subsystem
       65  CMP subsystem
       70  PACKET layer
    80-89  "larger" protocols (CA, CMS, OCSP, SSL, TSA)
    90-98  misc
    99     most time consuming tests [such as test_fuzz]

A recipe that just runs a test executable
-----------------------------------------

A script that just runs a program looks like this:

    #! /usr/bin/env perl

    use OpenSSL::Test::Simple;

    simple_test("test_{name}", "{name}test", "{name}");

`{name}` is the unique name you have chosen for your test.

The second argument to `simple_test` is the test executable, and `simple_test`
expects it to be located in `test/`

For documentation on `OpenSSL::Test::Simple`,
do `perldoc util/perl/OpenSSL/Test/Simple.pm`.

A recipe that runs a more complex test
--------------------------------------

For more complex tests, you will need to read up on Test::More and
OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More` for
documentation.  For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm`.

A script to start from could be this:

    #! /usr/bin/env perl

    use strict;
    use warnings;
    use OpenSSL::Test;

    setup("test_{name}");

    plan tests => 2;                # The number of tests being performed

    ok(test1, "test1");
    ok(test2, "test1");

    sub test1
    {
        # test feature 1
    }

    sub test2
    {
        # test feature 2
    }

Changes to test/build.info
--------------------------

Whenever a new test involves a new test executable you need to do the
following (at all times, replace {NAME} and {name} with the name of your
test):

 * add `{name}` to the list of programs under `PROGRAMS_NO_INST`

 * create a three line description of how to build the test, you will have
   to modify the include paths and source files if you don't want to use the
   basic test framework:

       SOURCE[{name}]={name}.c
       INCLUDE[{name}]=.. ../include ../apps/include
       DEPEND[{name}]=../libcrypto libtestutil.a

Generic form of C test executables
----------------------------------

    #include "testutil.h"

    static int my_test(void)
    {
        int testresult = 0;                 /* Assume the test will fail    */
        int observed;

        observed = function();              /* Call the code under test     */
        if (!TEST_int_eq(observed, 2))      /* Check the result is correct  */
            goto end;                       /* Exit on failure - optional   */

        testresult = 1;                     /* Mark the test case a success */
    end:
        cleanup();                          /* Any cleanup you require      */
        return testresult;
    }

    int setup_tests(void)
    {
        ADD_TEST(my_test);                  /* Add each test separately     */
        return 1;                           /* Indicate success             */
    }

You should use the `TEST_xxx` macros provided by `testutil.h` to test all failure
conditions.  These macros produce an error message in a standard format if the
condition is not met (and nothing if the condition is met).  Additional
information can be presented with the `TEST_info` macro that takes a `printf`
format string and arguments.  `TEST_error` is useful for complicated conditions,
it also takes a `printf` format string and argument.  In all cases the `TEST_xxx`
macros are guaranteed to evaluate their arguments exactly once.  This means
that expressions with side effects are allowed as parameters.  Thus,

    if (!TEST_ptr(ptr = OPENSSL_malloc(..)))

works fine and can be used in place of:

    ptr = OPENSSL_malloc(..);
    if (!TEST_ptr(ptr))

The former produces a more meaningful message on failure than the latter.

Note that the test infrastructure automatically sets up all required environment
variables (such as `OPENSSL_MODULES`, `OPENSSL_CONF`, etc.) for the tests.
Individual tests may choose to override the default settings as required.

Running external test suites with OpenSSL
=========================================

It is possible to integrate external test suites into OpenSSL's `make test`.
This capability is considered a developer option and does not work on all
platforms.

Python PYCA/Cryptography test suite
===================================

This python test suite runs cryptographic tests with a local OpenSSL build as
the implementation.

First checkout the `PYCA/Cryptography` module into `./pyca-cryptography` using:

    $ git submodule update --init

Then configure/build OpenSSL compatible with the python module:

    $ ./config shared enable-external-tests
    $ make

The tests will run in a python virtual environment which requires virtualenv
to be installed.

    $ make test VERBOSE=1 TESTS=test_external_pyca

Test failures and suppressions
------------------------------

Some tests target older (<=1.0.2) versions so will not run. Other tests target
other crypto implementations so are not relevant. Currently no tests fail.

krb5 test suite
===============

Much like the PYCA/Cryptography test suite, this builds and runs the krb5
tests against the local OpenSSL build.

You will need a git checkout of krb5 at the top level:

    $ git clone https://github.com/krb5/krb5

krb5's master has to pass this same CI, but a known-good version is
krb5-1.15.1-final if you want to be sure.

    $ cd krb5
    $ git checkout krb5-1.15.1-final
    $ cd ..

OpenSSL must be built with external tests enabled:

    $ ./config enable-external-tests
    $ make

krb5's tests will then be run as part of the rest of the suite, or can be
explicitly run (with more debugging):

    $ VERBOSE=1 make TESTS=test_external_krb5 test

Test-failures suppressions
--------------------------

krb5 will automatically adapt its test suite to account for the configuration
of your system.  Certain tests may require more installed packages to run.  No
tests are expected to fail.

GOST engine test suite
===============

Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine
tests against the local OpenSSL build.

You will need a git checkout of gost-engine at the top level:

    $ git submodule update --init

Then configure/build OpenSSL enabling external tests:

    $ ./config shared enable-external-tests
    $ make

GOST engine requires CMake for the build process.

GOST engine tests will then be run as part of the rest of the suite, or can be
explicitly run (with more debugging):

    $ make test VERBOSE=1 TESTS=test_external_gost_engine

Updating test suites
====================

To update the commit for any of the above test suites:

- Make sure the submodules are cloned locally:

    $ git submodule update --init --recursive

- Enter subdirectory and pull from the repository (use a specific branch/tag if required):

    $ cd `<submodule-dir>`
    $ git pull origin master

- Go to root directory, there should be a new git status:

    $ cd ../
    $ git status
      ...
      #       modified:   `<submodule-dir>` (new commits)
      ...

- Add/commit/push the update

    $ git add `<submodule-dir>`
    $ git commit -m `"Updated <submodule> to latest commit"`
    $ git push

Using OpenSSL Tests
===================

After a successful build, and before installing, the libraries should be tested.
Run:

    $ make test                                      # Unix
    $ mms test                                       ! OpenVMS
    $ nmake test                                     # Windows

**Warning:** you MUST run the tests from an unprivileged account
(or disable your privileges temporarily if your platform allows it).

If some tests fail, take a look at the section Test Failures below.

Test Failures
-------------

If some tests fail, look at the output.  There may be reasons for the failure
that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue).
You may want increased verbosity, that can be accomplished like this:

Full verbosity, showing full output of all successful and failed test cases
(`make` macro `VERBOSE` or `V`):

    $ make V=1 test                                  # Unix
    $ mms /macro=(V=1) test                          ! OpenVMS
    $ nmake V=1 test                                 # Windows

Verbosity on failed (sub-)tests only
(`VERBOSE_FAILURE` or `VF` or `REPORT_FAILURES`):

    $ make test VF=1

Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests
(`VERBOSE_FAILURE_PROGRESS` or `VFP` or `REPORT_FAILURES_PROGRESS`):

    $ make test VFP=1

If you want to run just one or a few specific tests, you can use
the make variable TESTS to specify them, like this:

    $ make TESTS='test_rsa test_dsa' test            # Unix
    $ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
    $ nmake TESTS='test_rsa test_dsa' test           # Windows

And of course, you can combine (Unix examples shown):

    $ make test TESTS='test_rsa test_dsa' VF=1
    $ make test TESTS="test_cmp_*" VFP=1

You can find the list of available tests like this:

    $ make list-tests                                # Unix
    $ mms list-tests                                 ! OpenVMS
    $ nmake list-tests                               # Windows

Have a look at the manual for the perl module Test::Harness to
see what other HARNESS_* variables there are.

To report a bug please open an issue on GitHub, at
<https://github.com/openssl/openssl/issues>.

For more details on how the `make` variables `TESTS` can be used,
see section Running Selected Tests below.

Running Selected Tests
----------------------

The `make` variable `TESTS` supports a versatile set of space separated tokens
with which you can specify a set of tests to be performed.  With a "current
set of tests" in mind, initially being empty, here are the possible tokens:

     alltests      The current set of tests becomes the whole set of available
                   tests (as listed when you do 'make list-tests' or similar).

     xxx           Adds the test 'xxx' to the current set of tests.

    -xxx           Removes 'xxx' from the current set of tests.  If this is the
                   first token in the list, the current set of tests is first
                   assigned the whole set of available tests, effectively making
                   this token equivalent to TESTS="alltests -xxx".

     nn            Adds the test group 'nn' (which is a number) to the current
                   set of tests.

    -nn            Removes the test group 'nn' from the current set of tests.
                   If this is the first token in the list, the current set of
                   tests is first assigned the whole set of available tests,
                   effectively making this token equivalent to
                   TESTS="alltests -xxx".

Also, all tokens except for "alltests" may have wildcards, such as *.
(on Unix and Windows, BSD style wildcards are supported, while on VMS,
it's VMS style wildcards)

### Examples

Run all tests except for the fuzz tests:

    $ make TESTS='-test_fuzz*' test

or, if you want to be explicit:

    $ make TESTS='alltests -test_fuzz*' test

Run all tests that have a name starting with "test_ssl" but not those
starting with "test_ssl_":

    $ make TESTS='test_ssl* -test_ssl_*' test

Run only test group 10:

    $ make TESTS='10' test

Run all tests except the slow group (group 99):

    $ make TESTS='-99' test

Run all tests in test groups 80 to 99 except for tests in group 90:

    $ make TESTS='[89]? -90' test

To run specific fuzz tests you can use for instance:

    $ make test TESTS='test_fuzz_cmp test_fuzz_cms'

To stochastically verify that the algorithm that produces uniformly distributed
random numbers is operating correctly (with a false positive rate of 0.01%):

    $ ./util/wrap.sh test/bntest -stochastic

Running Tests in Parallel
-------------------------

By default the test harness will execute the selected tests sequentially.
Depending on the platform characteristics, running more than one test job in
parallel may speed up test execution.
This can be requested by setting the `HARNESS_JOBS` environment variable to a
positive integer value. This specifies the maximum number of test jobs to run in
parallel.

Depending on the Perl version different strategies could be adopted to select
which test recipes can be run in parallel.  In recent versions of Perl, unless
specified otherwise, any task can be run in parallel. Consult the documentation
for `TAP::Harness` to know more.

To run up to four tests in parallel at any given time:

    $ make HARNESS_JOBS=4 test

Randomisation of Test Ordering
------------------------------

By default, the test harness will execute tests in the order they were added.
By setting the `OPENSSL_TEST_RAND_ORDER` environment variable to zero, the
test ordering will be randomised.  If a randomly ordered test fails, the
seed value used will be reported.  Setting the `OPENSSL_TEST_RAND_ORDER`
environment variable to this value will rerun the tests in the same
order.  This assures repeatability of randomly ordered test runs.
This repeatability is independent of the operating system, processor or
platform used.

To randomise the test ordering:

    $ make OPENSSL_TEST_RAND_ORDER=0 test

To run the tests using the order defined by the random seed `42`:

    $ make OPENSSL_TEST_RAND_ORDER=42 test

SSL tests
=========

SSL testcases are configured in the `ssl-tests` directory.

Each `ssl_*.cnf.in` file contains a number of test configurations. These files
are used to generate testcases in the OpenSSL CONF format.

The precise test output can be dependent on the library configuration. The test
harness generates the output files on the fly.

However, for verification, we also include checked-in configuration outputs
corresponding to the default configuration. These testcases live in
`test/ssl-tests/*.cnf` files.

For more details, see `ssl-tests/01-simple.cnf.in` for an example.

Configuring the test
--------------------

First, give your test a name. The names do not have to be unique.

An example test input looks like this:

    {
        name => "test-default",
        server => { "CipherString" => "DEFAULT" },
        client => { "CipherString" => "DEFAULT" },
        test   => { "ExpectedResult" => "Success" },
    }

The test section supports the following options

### Test mode

* Method - the method to test. One of DTLS or TLS.

* HandshakeMode - which handshake flavour to test:
  - Simple - plain handshake (default)
  - Resume - test resumption
  - RenegotiateServer - test server initiated renegotiation
  - RenegotiateClient - test client initiated renegotiation

When HandshakeMode is Resume or Renegotiate, the original handshake is expected
to succeed. All configured test expectations are verified against the second
handshake.

* ApplicationData - amount of application data bytes to send (integer, defaults
  to 256 bytes). Applies to both client and server. Application data is sent in
  64kB chunks (but limited by MaxFragmentSize and available parallelization, see
  below).

* MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in
  tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to
  both client and server. Lowering the fragment size will split handshake and
  application data up between more `SSL_write` calls, thus allowing to exercise
  different code paths. In particular, if the buffer size (64kB) is at least
  four times as large as the maximum fragment, interleaved multi-buffer crypto
  implementations may be used on some platforms.

### Test expectations

* ExpectedResult - expected handshake outcome. One of
  - Success - handshake success
  - ServerFail - serverside handshake failure
  - ClientFail - clientside handshake failure
  - InternalError - some other error

* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
  `test/helpers/ssl_test_ctx.c` for known values. Note: the expected alert is currently
  matched against the _last_ received alert (i.e., a fatal alert or a
  `close_notify`). Warning alert expectations are not yet supported. (A warning
  alert will not be correctly matched, if followed by a `close_notify` or
  another alert.)

* ExpectedProtocol - expected negotiated protocol. One of
  SSLv3, TLSv1, TLSv1.1, TLSv1.2.

* SessionTicketExpected - whether or not a session ticket is expected
  - Ignore - do not check for a session ticket (default)
  - Yes - a session ticket is expected
  - No - a session ticket is not expected

* SessionIdExpected - whether or not a session id is expected
  - Ignore - do not check for a session id (default)
  - Yes - a session id is expected
  - No - a session id is not expected

* ResumptionExpected - whether or not resumption is expected (Resume mode only)
  - Yes - resumed handshake
  - No - full handshake (default)

* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.

* ExpectedTmpKeyType - the expected algorithm or curve of server temp key

* ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
  curve of server or client certificate

* ExpectedServerSignHash, ExpectedClientSignHash - the expected
  signing hash used by server or client certificate

* ExpectedServerSignType, ExpectedClientSignType - the expected
  signature type used by server or client when signing messages

* ExpectedClientCANames - for client auth list of CA names the server must
  send. If this is "empty" the list is expected to be empty otherwise it
  is a file of certificates whose subject names form the list.

* ExpectedServerCANames - list of CA names the client must send, TLS 1.3 only.
  If this is "empty" the list is expected to be empty otherwise it is a file
  of certificates whose subject names form the list.

Configuring the client and server
---------------------------------

The client and server configurations can be any valid `SSL_CTX`
configurations. For details, see the manpages for `SSL_CONF_cmd`.

Give your configurations as a dictionary of CONF commands, e.g.

    server => {
        "CipherString" => "DEFAULT",
        "MinProtocol" => "TLSv1",
    }

The following sections may optionally be defined:

* server2 - this section configures a secondary context that is selected via the
  ServerName test option. This context is used whenever a ServerNameCallback is
  specified. If the server2 section is not present, then the configuration
  matches server.
* resume_server - this section configures the client to resume its session
  against a different server. This context is used whenever HandshakeMode is
  Resume. If the resume_server section is not present, then the configuration
  matches server.
* resume_client - this section configures the client to resume its session with
  a different configuration. In practice this may occur when, for example,
  upgraded clients reuse sessions persisted on disk.  This context is used
  whenever HandshakeMode is Resume. If the resume_client section is not present,
  then the configuration matches client.

### Configuring callbacks and additional options

Additional handshake settings can be configured in the `extra` section of each
client and server:

    client => {
        "CipherString" => "DEFAULT",
        extra => {
            "ServerName" => "server2",
        }
    }

#### Supported client-side options

* ClientVerifyCallback - the client's custom certificate verify callback.
  Used to test callback behaviour. One of
  - None - no custom callback (default)
  - AcceptAll - accepts all certificates.
  - RejectAll - rejects all certificates.

* ServerName - the server the client should attempt to connect to. One of
  - None - do not use SNI (default)
  - server1 - the initial context
  - server2 - the secondary context
  - invalid - an unknown context

* CTValidation - Certificate Transparency validation strategy. One of
  - None - no validation (default)
  - Permissive - SSL_CT_VALIDATION_PERMISSIVE
  - Strict - SSL_CT_VALIDATION_STRICT

#### Supported server-side options

* ServerNameCallback - the SNI switching callback to use
  - None - no callback (default)
  - IgnoreMismatch - continue the handshake on SNI mismatch
  - RejectMismatch - abort the handshake on SNI mismatch

* BrokenSessionTicket - a special test case where the session ticket callback
  does not initialize crypto.
  - No (default)
  - Yes

#### Mutually supported options

* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
  protocols can be specified as a comma-separated list, and a callback with the
  recommended behaviour will be installed automatically.

* SRPUser, SRPPassword - SRP settings. For client, this is the SRP user to
  connect as; for server, this is a known SRP user.

### Default server and client configurations

The default server certificate and CA files are added to the configurations
automatically. Server certificate verification is requested by default.

You can override these options by redefining them:

    client => {
        "VerifyCAFile" => "/path/to/custom/file"
    }

or by deleting them

    client => {
        "VerifyCAFile" => undef
    }

Adding a test to the test harness
---------------------------------

1. Add a new test configuration to `test/ssl-tests`, following the examples of
   existing `*.cnf.in` files (for example, `01-simple.cnf.in`).

2. Generate the generated `*.cnf` test input file. You can do so by running
   `generate_ssl_tests.pl`:

    $ ./config
    $ cd test
    $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \
      ssl-tests/my.cnf.in default > ssl-tests/my.cnf

where `my.cnf.in` is your test input file and `default` is the provider to use.
For all the pre-generated test files you should use the default provider.

For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do

    $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \
      ssl-tests/01-simple.cnf.in default > ssl-tests/01-simple.cnf

Alternatively (hackish but simple), you can comment out

    unlink glob $tmp_file;

in `test/recipes/80-test_ssl_new.t` and run

    $ make TESTS=test_ssl_new test

This will save the generated output in a `*.tmp` file in the build directory.

3. Update the number of tests planned in `test/recipes/80-test_ssl_new.t`. If
   the test suite has any skip conditions, update those too (see
   `test/recipes/80-test_ssl_new.t` for details).

Running the tests with the test harness
---------------------------------------

    HARNESS_VERBOSE=yes make TESTS=test_ssl_new test

Running a test manually
-----------------------

These steps are only needed during development. End users should run `make test`
or follow the instructions above to run the SSL test suite.

To run an SSL test manually from the command line, the `TEST_CERTS_DIR`
environment variable to point to the location of the certs. E.g., from the root
OpenSSL directory, do

    $ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \
      test/ssl-tests/01-simple.cnf default

or for shared builds

    $ CTLOG_FILE=test/ct/log_list.cnf  TEST_CERTS_DIR=test/certs \
      util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf default

In the above examples, `default` is the provider to use.

Note that the test expectations sometimes depend on the Configure settings. For
example, the negotiated protocol depends on the set of available (enabled)
protocols: a build with `enable-ssl3` has different test expectations than a
build with `no-ssl3`.

The Perl test harness automatically generates expected outputs, so users who
just run `make test` do not need any extra steps.

However, when running a test manually, keep in mind that the repository version
of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with
the default Configure options. To run `ssl_test` manually from the command line
in a build with a different configuration, you may need to generate the right
`*.cnf` file from the `*.cnf.in` input first.