2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
23 static OSSL_LIB_CTX
*libctx
= NULL
;
24 static OSSL_PROVIDER
*defctxnull
= NULL
;
25 static char *certsdir
= NULL
;
26 static char *cert
= NULL
;
27 static char *ccert
= NULL
;
28 static char *cauthca
= NULL
;
29 static char *privkey
= NULL
;
30 static char *cprivkey
= NULL
;
31 static char *datadir
= NULL
;
33 static int is_fips
= 0;
35 /* The ssltrace test assumes some options are switched on/off */
36 #if !defined(OPENSSL_NO_SSL_TRACE) \
37 && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
38 && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)
39 # define DO_SSL_TRACE_TEST
43 * Test that we read what we've written.
44 * Test 0: Non-blocking
46 * Test 2: Blocking, introduce socket error, test error handling.
48 static int test_quic_write_read(int idx
)
50 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
52 SSL
*clientquic
= NULL
;
53 QUIC_TSERVER
*qtserv
= NULL
;
55 unsigned char buf
[20];
56 static char *msg
= "A test message";
57 size_t msglen
= strlen(msg
);
59 int ssock
= 0, csock
= 0;
60 uint64_t sid
= UINT64_MAX
;
61 SSL_SESSION
*sess
= NULL
;
63 if (idx
>= 1 && !qtest_supports_blocking())
64 return TEST_skip("Blocking tests not supported in this build");
66 for (k
= 0; k
< 2; k
++) {
68 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, sctx
,
75 || !TEST_true(SSL_set_tlsext_host_name(clientquic
, "localhost")))
78 if (sess
!= NULL
&& !TEST_true(SSL_set_session(clientquic
, sess
)))
81 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
85 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv
),
88 if (!TEST_int_gt(csock
= SSL_get_rfd(clientquic
), 0))
92 sid
= 0; /* client-initiated bidirectional stream */
94 for (j
= 0; j
< 2; j
++) {
95 /* Check that sending and receiving app data is ok */
96 if (!TEST_true(SSL_write_ex(clientquic
, msg
, msglen
, &numbytes
))
97 || !TEST_size_t_eq(numbytes
, msglen
))
101 if (!TEST_true(wait_until_sock_readable(ssock
)))
104 ossl_quic_tserver_tick(qtserv
);
106 if (!TEST_true(ossl_quic_tserver_read(qtserv
, sid
, buf
,
110 } while (numbytes
== 0);
112 if (!TEST_mem_eq(buf
, numbytes
, msg
, msglen
))
116 if (idx
>= 2 && j
> 0)
117 /* Introduce permanent socket error */
118 BIO_closesocket(csock
);
120 ossl_quic_tserver_tick(qtserv
);
121 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
,
122 (unsigned char *)msg
,
125 ossl_quic_tserver_tick(qtserv
);
126 SSL_handle_events(clientquic
);
128 if (idx
>= 2 && j
> 0) {
129 if (!TEST_false(SSL_read_ex(clientquic
, buf
, 1, &numbytes
))
130 || !TEST_int_eq(SSL_get_error(clientquic
, 0),
132 || !TEST_false(SSL_write_ex(clientquic
, msg
, msglen
,
134 || !TEST_int_eq(SSL_get_error(clientquic
, 0),
141 * In blocking mode the SSL_read_ex call will block until the socket
142 * is readable and has our data. In non-blocking mode we're doing
143 * everything in memory, so it should be immediately available
145 if (!TEST_true(SSL_read_ex(clientquic
, buf
, 1, &numbytes
))
146 || !TEST_size_t_eq(numbytes
, 1)
147 || !TEST_true(SSL_has_pending(clientquic
))
148 || !TEST_int_eq(SSL_pending(clientquic
), msglen
- 1)
149 || !TEST_true(SSL_read_ex(clientquic
, buf
+ 1,
150 sizeof(buf
) - 1, &numbytes
))
151 || !TEST_mem_eq(buf
, numbytes
+ 1, msg
, msglen
))
156 /* We didn't supply a session so we're not expecting resumption */
157 if (!TEST_false(SSL_session_reused(clientquic
)))
159 /* We should have a session ticket by now */
160 sess
= SSL_get1_session(clientquic
);
164 /* We supplied a session so we should have resumed */
165 if (!TEST_true(SSL_session_reused(clientquic
)))
169 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
173 sctx
= ossl_quic_tserver_get0_ssl_ctx(qtserv
);
174 if (!TEST_true(SSL_CTX_up_ref(sctx
))) {
179 ossl_quic_tserver_free(qtserv
);
181 SSL_free(clientquic
);
191 SSL_SESSION_free(sess
);
192 ossl_quic_tserver_free(qtserv
);
193 SSL_free(clientquic
);
201 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
202 * wake up the client.
204 static int test_fin_only_blocking(void)
206 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
207 SSL_CTX
*sctx
= NULL
;
208 SSL
*clientquic
= NULL
;
209 QUIC_TSERVER
*qtserv
= NULL
;
210 const char *msg
= "Hello World";
213 unsigned char buf
[32];
215 OSSL_TIME timer
, timediff
;
217 if (!qtest_supports_blocking())
218 return TEST_skip("Blocking tests not supported in this build");
221 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, sctx
,
224 &qtserv
, &clientquic
,
226 || !TEST_true(SSL_set_tlsext_host_name(clientquic
, "localhost")))
229 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
232 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv
, 0, &sid
))
233 || !TEST_true(ossl_quic_tserver_write(qtserv
, sid
,
234 (unsigned char *)msg
,
235 strlen(msg
), &numbytes
))
236 || !TEST_size_t_eq(strlen(msg
), numbytes
))
239 ossl_quic_tserver_tick(qtserv
);
241 if (!TEST_true(SSL_read_ex(clientquic
, buf
, sizeof(buf
), &numbytes
))
242 || !TEST_mem_eq(msg
, strlen(msg
), buf
, numbytes
))
247 if (!TEST_true(ossl_quic_tserver_conclude(qtserv
, sid
)))
250 timer
= ossl_time_now();
251 if (!TEST_false(SSL_read_ex(clientquic
, buf
, sizeof(buf
), &numbytes
)))
253 timediff
= ossl_time_subtract(ossl_time_now(), timer
);
255 if (!TEST_int_eq(SSL_get_error(clientquic
, 0), SSL_ERROR_ZERO_RETURN
)
257 * We expect the SSL_read_ex to not have blocked so this should
258 * be very fast. 20ms should be plenty.
260 || !TEST_uint64_t_le(ossl_time2ms(timediff
), 20))
263 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
269 ossl_quic_tserver_free(qtserv
);
270 SSL_free(clientquic
);
277 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
278 static int test_ciphersuites(void)
280 SSL_CTX
*ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
283 const STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
284 const SSL_CIPHER
*cipher
;
285 /* We expect this exact list of ciphersuites by default */
287 TLS1_3_CK_AES_256_GCM_SHA384
,
288 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
289 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
291 TLS1_3_CK_AES_128_GCM_SHA256
302 ciphers
= SSL_get_ciphers(ssl
);
304 for (i
= 0, j
= 0; i
< OSSL_NELEM(cipherids
); i
++) {
305 if (cipherids
[i
] == TLS1_3_CK_CHACHA20_POLY1305_SHA256
&& is_fips
)
307 cipher
= sk_SSL_CIPHER_value(ciphers
, j
++);
308 if (!TEST_ptr(cipher
))
310 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher
), cipherids
[i
]))
314 /* We should have checked all the ciphers in the stack */
315 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers
), j
))
326 static int test_cipher_find(void)
328 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
329 SSL
*clientquic
= NULL
;
331 const unsigned char *cipherbytes
;
334 { TLS13_AES_128_GCM_SHA256_BYTES
, 1 },
335 { TLS13_AES_256_GCM_SHA384_BYTES
, 1 },
336 { TLS13_CHACHA20_POLY1305_SHA256_BYTES
, 1 },
337 { TLS13_AES_128_CCM_SHA256_BYTES
, 0 },
338 { TLS13_AES_128_CCM_8_SHA256_BYTES
, 0 }
346 clientquic
= SSL_new(cctx
);
347 if (!TEST_ptr(clientquic
))
350 for (i
= 0; i
< OSSL_NELEM(testciphers
); i
++)
351 if (testciphers
[i
].ok
) {
352 if (!TEST_ptr(SSL_CIPHER_find(clientquic
,
353 testciphers
[i
].cipherbytes
)))
356 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic
,
357 testciphers
[i
].cipherbytes
)))
363 SSL_free(clientquic
);
370 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
371 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
372 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
375 static int test_version(void)
377 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
378 SSL
*clientquic
= NULL
;
379 QUIC_TSERVER
*qtserv
= NULL
;
383 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
385 &clientquic
, NULL
, NULL
))
386 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
389 if (!TEST_int_eq(SSL_version(clientquic
), OSSL_QUIC1_VERSION
)
390 || !TEST_str_eq(SSL_get_version(clientquic
), "QUICv1"))
393 if (!TEST_true(SSL_is_quic(clientquic
))
394 || !TEST_false(SSL_is_tls(clientquic
))
395 || !TEST_false(SSL_is_dtls(clientquic
)))
401 ossl_quic_tserver_free(qtserv
);
402 SSL_free(clientquic
);
408 #if defined(DO_SSL_TRACE_TEST)
409 static void strip_line_ends(char *str
)
413 for (i
= strlen(str
);
414 i
> 0 && (str
[i
- 1] == '\n' || str
[i
- 1] == '\r');
420 static int compare_with_file(BIO
*membio
)
422 BIO
*file
= NULL
, *newfile
= NULL
;
423 char buf1
[512], buf2
[512];
428 #ifdef OPENSSL_NO_ZLIB
429 reffile
= test_mk_file_path(datadir
, "ssltraceref.txt");
431 reffile
= test_mk_file_path(datadir
, "ssltraceref-zlib.txt");
433 if (!TEST_ptr(reffile
))
436 file
= BIO_new_file(reffile
, "rb");
440 newfile
= BIO_new_file("ssltraceref-new.txt", "wb");
441 if (!TEST_ptr(newfile
))
444 while (BIO_gets(membio
, buf2
, sizeof(buf2
)) > 0)
445 if (BIO_puts(newfile
, buf2
) <= 0) {
446 TEST_error("Failed writing new file data");
450 if (!TEST_int_ge(BIO_seek(membio
, 0), 0))
453 while (BIO_gets(file
, buf1
, sizeof(buf1
)) > 0) {
454 if (BIO_gets(membio
, buf2
, sizeof(buf2
)) <= 0) {
455 TEST_error("Failed reading mem data");
458 strip_line_ends(buf1
);
459 strip_line_ends(buf2
);
460 if (strlen(buf1
) != strlen(buf2
)) {
461 TEST_error("Actual and ref line data length mismatch");
462 TEST_info("%s", buf1
);
463 TEST_info("%s", buf2
);
466 for (i
= 0; i
< strlen(buf1
); i
++) {
467 /* '?' is a wild card character in the reference text */
471 if (!TEST_str_eq(buf1
, buf2
))
474 if (!TEST_true(BIO_eof(file
))
475 || !TEST_true(BIO_eof(membio
)))
480 OPENSSL_free(reffile
);
487 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
488 * connection. This also provides testing of the msg_callback at the same time.
490 static int test_ssl_trace(void)
492 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
493 SSL
*clientquic
= NULL
;
494 QUIC_TSERVER
*qtserv
= NULL
;
496 BIO
*bio
= BIO_new(BIO_s_mem());
499 * Ensure we only configure ciphersuites that are available with both the
500 * default and fips providers to get the same output in both cases
502 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx
, "TLS_AES_128_GCM_SHA256")))
507 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
509 QTEST_FLAG_FAKE_TIME
,
511 &clientquic
, NULL
, NULL
)))
514 SSL_set_msg_callback(clientquic
, SSL_trace
);
515 SSL_set_msg_callback_arg(clientquic
, bio
);
517 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
520 if (!TEST_true(compare_with_file(bio
)))
525 ossl_quic_tserver_free(qtserv
);
526 SSL_free(clientquic
);
534 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER
) *ciphers
)
538 /* Ensure ciphersuite list is suitably subsetted. */
539 for (i
= 0; i
< (size_t)sk_SSL_CIPHER_num(ciphers
); ++i
) {
540 const SSL_CIPHER
*cipher
= sk_SSL_CIPHER_value(ciphers
, i
);
541 switch (SSL_CIPHER_get_id(cipher
)) {
542 case TLS1_3_CK_AES_128_GCM_SHA256
:
543 case TLS1_3_CK_AES_256_GCM_SHA384
:
544 case TLS1_3_CK_CHACHA20_POLY1305_SHA256
:
547 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher
));
556 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
558 static int test_quic_forbidden_apis_ctx(void)
563 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
566 #ifndef OPENSSL_NO_SRTP
567 /* This function returns 0 on success and 1 on error, and should fail. */
568 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx
, "SRTP_AEAD_AES_128_GCM")))
573 * List of ciphersuites we do and don't allow in QUIC.
575 #define QUIC_CIPHERSUITES \
576 "TLS_AES_128_GCM_SHA256:" \
577 "TLS_AES_256_GCM_SHA384:" \
578 "TLS_CHACHA20_POLY1305_SHA256"
580 #define NON_QUIC_CIPHERSUITES \
581 "TLS_AES_128_CCM_SHA256:" \
582 "TLS_AES_256_CCM_SHA384:" \
583 "TLS_AES_128_CCM_8_SHA256"
585 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
586 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx
,
587 QUIC_CIPHERSUITES
":"
588 NON_QUIC_CIPHERSUITES
)))
592 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
593 * filtered in SSL_get1_supported_ciphers, so we don't check for
594 * non-inclusion here.
603 static int test_quic_forbidden_apis(void)
608 STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
610 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
613 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
616 #ifndef OPENSSL_NO_SRTP
617 /* This function returns 0 on success and 1 on error, and should fail. */
618 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl
, "SRTP_AEAD_AES_128_GCM")))
622 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
623 if (!TEST_true(SSL_set_ciphersuites(ssl
,
624 QUIC_CIPHERSUITES
":"
625 NON_QUIC_CIPHERSUITES
)))
628 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
629 if (!TEST_ptr(ciphers
= SSL_get1_supported_ciphers(ssl
))
630 || !TEST_true(ensure_valid_ciphers(ciphers
)))
635 sk_SSL_CIPHER_free(ciphers
);
641 static int test_quic_forbidden_options(void)
649 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
652 /* QUIC options restrictions do not affect SSL_CTX */
653 SSL_CTX_set_options(ctx
, UINT64_MAX
);
655 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx
), UINT64_MAX
))
658 /* Set options on CTX which should not be inherited (tested below). */
659 SSL_CTX_set_read_ahead(ctx
, 1);
660 SSL_CTX_set_max_early_data(ctx
, 1);
661 SSL_CTX_set_recv_max_early_data(ctx
, 1);
662 SSL_CTX_set_quiet_shutdown(ctx
, 1);
664 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
667 /* Only permitted options get transferred to SSL object */
668 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), OSSL_QUIC_PERMITTED_OPTIONS
))
671 /* Try again using SSL_set_options */
672 SSL_set_options(ssl
, UINT64_MAX
);
674 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), OSSL_QUIC_PERMITTED_OPTIONS
))
677 /* Clear everything */
678 SSL_clear_options(ssl
, UINT64_MAX
);
680 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), 0))
684 if (!TEST_false(SSL_get_read_ahead(ssl
)))
687 SSL_set_read_ahead(ssl
, 1);
688 if (!TEST_false(SSL_get_read_ahead(ssl
)))
692 if (!TEST_true(SSL_set_block_padding(ssl
, 0))
693 || !TEST_true(SSL_set_block_padding(ssl
, 1))
694 || !TEST_false(SSL_set_block_padding(ssl
, 2)))
697 /* Max fragment length */
698 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl
, TLSEXT_max_fragment_length_DISABLED
))
699 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl
, TLSEXT_max_fragment_length_512
)))
703 if (!TEST_false(SSL_set_recv_max_early_data(ssl
, 1))
704 || !TEST_false(SSL_set_max_early_data(ssl
, 1)))
708 if (!TEST_false(SSL_read_early_data(ssl
, buf
, sizeof(buf
), &len
))
709 || !TEST_false(SSL_write_early_data(ssl
, buf
, sizeof(buf
), &len
)))
712 /* Buffer Management */
713 if (!TEST_true(SSL_alloc_buffers(ssl
))
714 || !TEST_false(SSL_free_buffers(ssl
)))
718 if (!TEST_false(SSL_set_max_send_fragment(ssl
, 2))
719 || !TEST_false(SSL_set_split_send_fragment(ssl
, 2))
720 || !TEST_false(SSL_set_max_pipelines(ssl
, 2)))
724 if (!TEST_false(SSL_stateless(ssl
)))
728 if (!TEST_false(SSL_get_quiet_shutdown(ssl
)))
732 if (!TEST_ptr_null(SSL_dup(ssl
)))
736 if (!TEST_false(SSL_clear(ssl
)))
746 static int test_quic_set_fd(int idx
)
751 int fd
= -1, resfd
= -1;
754 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
757 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
760 if (!TEST_int_ge(fd
= BIO_socket(AF_INET
, SOCK_DGRAM
, IPPROTO_UDP
, 0), 0))
764 if (!TEST_true(SSL_set_fd(ssl
, fd
)))
766 if (!TEST_ptr(bio
= SSL_get_rbio(ssl
)))
768 if (!TEST_ptr_eq(bio
, SSL_get_wbio(ssl
)))
770 } else if (idx
== 1) {
771 if (!TEST_true(SSL_set_rfd(ssl
, fd
)))
773 if (!TEST_ptr(bio
= SSL_get_rbio(ssl
)))
775 if (!TEST_ptr_null(SSL_get_wbio(ssl
)))
778 if (!TEST_true(SSL_set_wfd(ssl
, fd
)))
780 if (!TEST_ptr(bio
= SSL_get_wbio(ssl
)))
782 if (!TEST_ptr_null(SSL_get_rbio(ssl
)))
786 if (!TEST_int_eq(BIO_method_type(bio
), BIO_TYPE_DGRAM
))
789 if (!TEST_true(BIO_get_fd(bio
, &resfd
))
790 || !TEST_int_eq(resfd
, fd
))
802 #define MAXLOOPS 1000
804 static int test_bio_ssl(void)
807 * We just use OSSL_QUIC_client_method() rather than
808 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
809 * so we will always be implicitly handling time events anyway via other
812 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
813 SSL
*clientquic
= NULL
, *stream
= NULL
;
814 QUIC_TSERVER
*qtserv
= NULL
;
816 BIO
*cbio
= NULL
, *strbio
= NULL
, *thisbio
;
817 const char *msg
= "Hello world";
818 int abortctr
= 0, err
, clienterr
= 0, servererr
= 0, retc
= 0, rets
= 0;
819 size_t written
, readbytes
, msglen
;
821 unsigned char buf
[80];
826 cbio
= BIO_new_ssl(cctx
, 1);
831 * We must configure the ALPN/peer address etc so we get the SSL object in
832 * order to pass it to qtest_create_quic_objects for configuration.
834 if (!TEST_int_eq(BIO_get_ssl(cbio
, &clientquic
), 1))
837 if (!TEST_true(qtest_create_quic_objects(libctx
, NULL
, NULL
, cert
, privkey
,
838 0, &qtserv
, &clientquic
, NULL
,
842 msglen
= strlen(msg
);
845 err
= BIO_FLAGS_WRITE
;
846 while (!clienterr
&& !retc
&& err
== BIO_FLAGS_WRITE
) {
847 retc
= BIO_write_ex(cbio
, msg
, msglen
, &written
);
849 if (BIO_should_retry(cbio
))
850 err
= BIO_retry_type(cbio
);
856 if (!clienterr
&& retc
<= 0 && err
!= BIO_FLAGS_READ
) {
857 TEST_info("BIO_write_ex() failed %d, %d", retc
, err
);
858 TEST_openssl_errors();
862 if (!servererr
&& rets
<= 0) {
863 ossl_quic_tserver_tick(qtserv
);
864 servererr
= ossl_quic_tserver_is_term_any(qtserv
);
866 rets
= ossl_quic_tserver_is_handshake_confirmed(qtserv
);
869 if (clienterr
&& servererr
)
872 if (++abortctr
== MAXLOOPS
) {
873 TEST_info("No progress made");
876 } while ((!retc
&& !clienterr
) || (rets
<= 0 && !servererr
));
879 * 2 loops: The first using the default stream, and the second using a new
880 * client initiated bidi stream.
882 for (i
= 0, thisbio
= cbio
; i
< 2; i
++) {
883 if (!TEST_true(ossl_quic_tserver_read(qtserv
, sid
, buf
, sizeof(buf
),
885 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
888 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
,
891 ossl_quic_tserver_tick(qtserv
);
893 if (!TEST_true(BIO_read_ex(thisbio
, buf
, sizeof(buf
), &readbytes
))
894 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
901 * Now create a new stream and repeat. The bottom two bits of the stream
902 * id represents whether the stream is bidi and whether it is client
903 * initiated or not. For client initiated bidi they are both 0. So the
904 * first client initiated bidi stream is 0 and the next one is 4.
907 stream
= SSL_new_stream(clientquic
, 0);
908 if (!TEST_ptr(stream
))
911 thisbio
= strbio
= BIO_new(BIO_f_ssl());
912 if (!TEST_ptr(strbio
))
915 if (!TEST_int_eq(BIO_set_ssl(thisbio
, stream
, BIO_CLOSE
), 1))
919 if (!TEST_true(BIO_write_ex(thisbio
, msg
, msglen
, &written
)))
922 ossl_quic_tserver_tick(qtserv
);
928 BIO_free_all(strbio
);
930 ossl_quic_tserver_free(qtserv
);
936 #define BACK_PRESSURE_NUM_LOOPS 10000
938 * Test that sending data from the client to the server faster than the server
939 * can process it eventually results in back pressure on the client.
941 static int test_back_pressure(void)
943 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
944 SSL
*clientquic
= NULL
;
945 QUIC_TSERVER
*qtserv
= NULL
;
947 unsigned char *msg
= NULL
;
948 const size_t msglen
= 1024;
949 unsigned char buf
[64];
950 size_t readbytes
, written
;
954 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
956 &clientquic
, NULL
, NULL
))
957 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
960 msg
= OPENSSL_malloc(msglen
);
963 if (!TEST_int_eq(RAND_bytes_ex(libctx
, msg
, msglen
, 0), 1))
967 * Limit to 10000 loops. If we've not seen any back pressure after that
968 * we're going to run out of memory, so abort.
970 for (i
= 0; i
< BACK_PRESSURE_NUM_LOOPS
; i
++) {
971 /* Send data from the client */
972 if (!SSL_write_ex(clientquic
, msg
, msglen
, &written
)) {
973 /* Check if we are seeing back pressure */
974 if (SSL_get_error(clientquic
, 0) == SSL_ERROR_WANT_WRITE
)
976 TEST_error("Unexpected client failure");
980 /* Receive data at the server */
981 ossl_quic_tserver_tick(qtserv
);
982 if (!TEST_true(ossl_quic_tserver_read(qtserv
, 0, buf
, sizeof(buf
),
987 if (i
== BACK_PRESSURE_NUM_LOOPS
) {
988 TEST_error("No back pressure seen");
994 SSL_free(clientquic
);
995 ossl_quic_tserver_free(qtserv
);
1003 static int dgram_ctr
= 0;
1005 static void dgram_cb(int write_p
, int version
, int content_type
,
1006 const void *buf
, size_t msglen
, SSL
*ssl
, void *arg
)
1011 if (content_type
!= SSL3_RT_QUIC_DATAGRAM
)
1017 /* Test that we send multiple datagrams in one go when appropriate */
1018 static int test_multiple_dgrams(void)
1020 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1021 SSL
*clientquic
= NULL
;
1022 QUIC_TSERVER
*qtserv
= NULL
;
1025 const size_t buflen
= 1400;
1028 buf
= OPENSSL_zalloc(buflen
);
1032 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1033 privkey
, 0, &qtserv
,
1034 &clientquic
, NULL
, NULL
))
1035 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1039 SSL_set_msg_callback(clientquic
, dgram_cb
);
1040 if (!TEST_true(SSL_write_ex(clientquic
, buf
, buflen
, &written
))
1041 || !TEST_size_t_eq(written
, buflen
)
1042 /* We wrote enough data for 2 datagrams */
1043 || !TEST_int_eq(dgram_ctr
, 2))
1049 SSL_free(clientquic
);
1050 ossl_quic_tserver_free(qtserv
);
1056 static int non_io_retry_cert_verify_cb(X509_STORE_CTX
*ctx
, void *arg
)
1058 int idx
= SSL_get_ex_data_X509_STORE_CTX_idx();
1060 const int *allow
= (int *)arg
;
1062 /* this should not happen but check anyway */
1064 || (ssl
= X509_STORE_CTX_get_ex_data(ctx
, idx
)) == NULL
)
1067 /* If this is our first attempt then retry */
1069 return SSL_set_retry_verify(ssl
);
1071 /* Otherwise do nothing - verification succeeds. Continue as normal */
1075 /* Test that we can handle a non-io related retry error
1076 * Test 0: Non-blocking
1079 static int test_non_io_retry(int idx
)
1082 SSL
*clientquic
= NULL
;
1083 QUIC_TSERVER
*qtserv
= NULL
;
1085 int flags
= 0, allow
= 0;
1087 if (idx
>= 1 && !qtest_supports_blocking())
1088 return TEST_skip("Blocking tests not supported in this build");
1090 cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1091 if (!TEST_ptr(cctx
))
1094 SSL_CTX_set_cert_verify_callback(cctx
, non_io_retry_cert_verify_cb
, &allow
);
1096 flags
= (idx
>= 1) ? QTEST_FLAG_BLOCK
: 0;
1097 if (!TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
, privkey
,
1098 flags
, &qtserv
, &clientquic
, NULL
,
1100 || !TEST_true(qtest_create_quic_connection_ex(qtserv
, clientquic
,
1101 SSL_ERROR_WANT_RETRY_VERIFY
))
1102 || !TEST_int_eq(SSL_want(clientquic
), SSL_RETRY_VERIFY
))
1106 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1111 SSL_free(clientquic
);
1112 ossl_quic_tserver_free(qtserv
);
1118 static int use_session_cb_cnt
= 0;
1119 static int find_session_cb_cnt
= 0;
1120 static const char *pskid
= "Identity";
1121 static SSL_SESSION
*serverpsk
= NULL
, *clientpsk
= NULL
;
1123 static int use_session_cb(SSL
*ssl
, const EVP_MD
*md
, const unsigned char **id
,
1124 size_t *idlen
, SSL_SESSION
**sess
)
1126 use_session_cb_cnt
++;
1128 if (clientpsk
== NULL
)
1131 SSL_SESSION_up_ref(clientpsk
);
1134 *id
= (const unsigned char *)pskid
;
1135 *idlen
= strlen(pskid
);
1140 static int find_session_cb(SSL
*ssl
, const unsigned char *identity
,
1141 size_t identity_len
, SSL_SESSION
**sess
)
1143 find_session_cb_cnt
++;
1145 if (serverpsk
== NULL
)
1148 /* Identity should match that set by the client */
1149 if (strlen(pskid
) != identity_len
1150 || strncmp(pskid
, (const char *)identity
, identity_len
) != 0)
1153 SSL_SESSION_up_ref(serverpsk
);
1159 static int test_quic_psk(void)
1161 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1162 SSL
*clientquic
= NULL
;
1163 QUIC_TSERVER
*qtserv
= NULL
;
1167 /* No cert or private key for the server, i.e. PSK only */
1168 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, NULL
,
1170 &clientquic
, NULL
, NULL
)))
1173 SSL_set_psk_use_session_callback(clientquic
, use_session_cb
);
1174 ossl_quic_tserver_set_psk_find_session_cb(qtserv
, find_session_cb
);
1175 use_session_cb_cnt
= 0;
1176 find_session_cb_cnt
= 0;
1178 clientpsk
= serverpsk
= create_a_psk(clientquic
, SHA384_DIGEST_LENGTH
);
1179 if (!TEST_ptr(clientpsk
))
1181 /* We already had one ref. Add another one */
1182 SSL_SESSION_up_ref(clientpsk
);
1184 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
))
1185 || !TEST_int_eq(1, find_session_cb_cnt
)
1186 || !TEST_int_eq(1, use_session_cb_cnt
)
1187 /* Check that we actually used the PSK */
1188 || !TEST_true(SSL_session_reused(clientquic
)))
1194 SSL_free(clientquic
);
1195 ossl_quic_tserver_free(qtserv
);
1197 SSL_SESSION_free(clientpsk
);
1198 SSL_SESSION_free(serverpsk
);
1199 clientpsk
= serverpsk
= NULL
;
1204 static int test_client_auth(int idx
)
1206 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1207 SSL_CTX
*sctx
= SSL_CTX_new_ex(libctx
, NULL
, TLS_method());
1208 SSL
*clientquic
= NULL
;
1209 QUIC_TSERVER
*qtserv
= NULL
;
1211 unsigned char buf
[20];
1212 static char *msg
= "A test message";
1213 size_t msglen
= strlen(msg
);
1214 size_t numbytes
= 0;
1216 if (!TEST_ptr(cctx
) || !TEST_ptr(sctx
))
1219 SSL_CTX_set_verify(sctx
, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1220 | SSL_VERIFY_CLIENT_ONCE
, NULL
);
1222 if (!TEST_true(SSL_CTX_load_verify_file(sctx
, cauthca
)))
1226 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx
, ccert
))
1227 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx
, cprivkey
,
1228 SSL_FILETYPE_PEM
))))
1231 if (!TEST_true(qtest_create_quic_objects(libctx
, cctx
, sctx
, cert
,
1232 privkey
, 0, &qtserv
,
1233 &clientquic
, NULL
, NULL
)))
1237 if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx
, cctx
, ccert
))
1238 || !TEST_true(ssl_ctx_add_large_cert_chain(libctx
, sctx
, cert
)))
1243 if (!TEST_false(qtest_create_quic_connection(qtserv
, clientquic
)))
1246 /* negative test passed */
1251 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1254 /* Check that sending and receiving app data is ok */
1255 if (!TEST_true(SSL_write_ex(clientquic
, msg
, msglen
, &numbytes
))
1256 || !TEST_size_t_eq(numbytes
, msglen
))
1259 ossl_quic_tserver_tick(qtserv
);
1260 if (!TEST_true(ossl_quic_tserver_write(qtserv
, 0,
1261 (unsigned char *)msg
,
1262 msglen
, &numbytes
)))
1265 ossl_quic_tserver_tick(qtserv
);
1266 SSL_handle_events(clientquic
);
1268 if (!TEST_true(SSL_read_ex(clientquic
, buf
, sizeof(buf
), &numbytes
))
1269 || !TEST_size_t_eq(numbytes
, msglen
)
1270 || !TEST_mem_eq(buf
, numbytes
, msg
, msglen
))
1273 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
1279 SSL_free(clientquic
);
1280 ossl_quic_tserver_free(qtserv
);
1288 * Test that we correctly handle ALPN supplied by the application
1289 * Test 0: ALPN is provided
1290 * Test 1: No ALPN is provided
1292 static int test_alpn(int idx
)
1294 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1295 SSL
*clientquic
= NULL
;
1296 QUIC_TSERVER
*qtserv
= NULL
;
1301 * Ensure we only configure ciphersuites that are available with both the
1302 * default and fips providers to get the same output in both cases
1304 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx
, "TLS_AES_128_GCM_SHA256")))
1308 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1310 QTEST_FLAG_FAKE_TIME
,
1312 &clientquic
, NULL
, NULL
)))
1317 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1318 * because SSL_set_alpn_protos returns 0 for success.
1320 if (!TEST_false(SSL_set_alpn_protos(clientquic
, NULL
, 0)))
1324 ret
= SSL_connect(clientquic
);
1325 if (!TEST_int_le(ret
, 0))
1328 /* We expect an immediate error due to lack of ALPN */
1329 if (!TEST_int_eq(SSL_get_error(clientquic
, ret
), SSL_ERROR_SSL
))
1332 /* ALPN was provided so we expect the connection to succeed */
1333 if (!TEST_int_eq(SSL_get_error(clientquic
, ret
), SSL_ERROR_WANT_READ
)
1334 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1340 ossl_quic_tserver_free(qtserv
);
1341 SSL_free(clientquic
);
1348 * Test SSL_get_shutdown() behavior.
1350 static int test_get_shutdown(void)
1352 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1353 SSL
*clientquic
= NULL
;
1354 QUIC_TSERVER
*qtserv
= NULL
;
1358 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1360 QTEST_FLAG_FAKE_TIME
,
1361 &qtserv
, &clientquic
,
1363 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1366 if (!TEST_int_eq(SSL_get_shutdown(clientquic
), 0))
1369 if (!TEST_int_eq(SSL_shutdown(clientquic
), 0))
1372 if (!TEST_int_eq(SSL_get_shutdown(clientquic
), SSL_SENT_SHUTDOWN
))
1376 ossl_quic_tserver_tick(qtserv
);
1377 qtest_add_time(100);
1378 } while (SSL_shutdown(clientquic
) == 0);
1380 if (!TEST_int_eq(SSL_get_shutdown(clientquic
),
1381 SSL_SENT_SHUTDOWN
| SSL_RECEIVED_SHUTDOWN
))
1386 ossl_quic_tserver_free(qtserv
);
1387 SSL_free(clientquic
);
1393 #define MAX_LOOPS 2000
1396 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1397 * if we don't already have one
1399 static int unreliable_client_read(SSL
*clientquic
, SSL
**stream
, void *buf
,
1400 size_t buflen
, size_t *readbytes
,
1401 QUIC_TSERVER
*qtserv
)
1405 /* We just do this in a loop with a sleep for simplicity */
1406 for (abortctr
= 0; abortctr
< MAX_LOOPS
; abortctr
++) {
1407 if (*stream
== NULL
) {
1408 SSL_handle_events(clientquic
);
1409 *stream
= SSL_accept_stream(clientquic
, 0);
1412 if (*stream
!= NULL
) {
1413 if (SSL_read_ex(*stream
, buf
, buflen
, readbytes
))
1415 if (!TEST_int_eq(SSL_get_error(*stream
, 0), SSL_ERROR_WANT_READ
))
1418 ossl_quic_tserver_tick(qtserv
);
1420 qtest_wait_for_timeout(clientquic
, qtserv
);
1423 TEST_error("No progress made");
1427 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
1428 static int unreliable_server_read(QUIC_TSERVER
*qtserv
, uint64_t sid
,
1429 void *buf
, size_t buflen
, size_t *readbytes
,
1434 /* We just do this in a loop with a sleep for simplicity */
1435 for (abortctr
= 0; abortctr
< MAX_LOOPS
; abortctr
++) {
1436 if (ossl_quic_tserver_read(qtserv
, sid
, buf
, buflen
, readbytes
)
1439 ossl_quic_tserver_tick(qtserv
);
1440 SSL_handle_events(clientquic
);
1442 qtest_wait_for_timeout(clientquic
, qtserv
);
1445 TEST_error("No progress made");
1450 * Create a connection and send data using an unreliable transport. We introduce
1451 * random noise to drop, delay and duplicate datagrams.
1452 * Test 0: Introduce random noise to datagrams
1453 * Test 1: As with test 0 but also split datagrams containing multiple packets
1454 * into individual datagrams so that individual packets can be affected
1455 * by noise - not just a whole datagram.
1457 static int test_noisy_dgram(int idx
)
1459 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1460 SSL
*clientquic
= NULL
, *stream
[2] = { NULL
, NULL
};
1461 QUIC_TSERVER
*qtserv
= NULL
;
1464 char *msg
= "Hello world!";
1465 size_t msglen
= strlen(msg
), written
, readbytes
, i
, j
;
1466 unsigned char buf
[80];
1467 int flags
= QTEST_FLAG_NOISE
| QTEST_FLAG_FAKE_TIME
;
1468 QTEST_FAULT
*fault
= NULL
;
1471 flags
|= QTEST_FLAG_PACKET_SPLIT
;
1474 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1477 &clientquic
, &fault
, NULL
)))
1480 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1483 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic
,
1484 SSL_INCOMING_STREAM_POLICY_ACCEPT
,
1486 || !TEST_true(SSL_set_default_stream_mode(clientquic
,
1487 SSL_DEFAULT_STREAM_MODE_NONE
)))
1490 for (j
= 0; j
< 2; j
++) {
1491 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv
, 0, &sid
)))
1493 ossl_quic_tserver_tick(qtserv
);
1497 * Send data from the server to the client. Some datagrams may get
1498 * lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1499 * we are sending enough datagrams for problems to be noticed.
1501 for (i
= 0; i
< 20; i
++) {
1502 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
,
1503 (unsigned char *)msg
, msglen
,
1505 || !TEST_size_t_eq(msglen
, written
))
1507 ossl_quic_tserver_tick(qtserv
);
1511 * Since the underlying BIO is now noisy we may get failures that
1512 * need to be retried - so we use unreliable_client_read() to
1515 if (!TEST_true(unreliable_client_read(clientquic
, &stream
[j
], buf
,
1516 sizeof(buf
), &readbytes
,
1518 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
1522 /* Send data from the client to the server */
1523 for (i
= 0; i
< 20; i
++) {
1524 if (!TEST_true(SSL_write_ex(stream
[j
], (unsigned char *)msg
,
1526 || !TEST_size_t_eq(msglen
, written
))
1529 ossl_quic_tserver_tick(qtserv
);
1533 * Since the underlying BIO is now noisy we may get failures that
1534 * need to be retried - so we use unreliable_server_read() to
1537 if (!TEST_true(unreliable_server_read(qtserv
, sid
, buf
, sizeof(buf
),
1538 &readbytes
, clientquic
))
1539 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
1546 ossl_quic_tserver_free(qtserv
);
1547 SSL_free(stream
[0]);
1548 SSL_free(stream
[1]);
1549 SSL_free(clientquic
);
1551 qtest_fault_free(fault
);
1557 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
1559 int setup_tests(void)
1564 libctx
= OSSL_LIB_CTX_new();
1565 if (!TEST_ptr(libctx
))
1568 defctxnull
= OSSL_PROVIDER_load(NULL
, "null");
1571 * Verify that the default and fips providers in the default libctx are not
1574 if (!TEST_false(OSSL_PROVIDER_available(NULL
, "default"))
1575 || !TEST_false(OSSL_PROVIDER_available(NULL
, "fips")))
1578 if (!test_skip_common_options()) {
1579 TEST_error("Error parsing test options\n");
1583 if (!TEST_ptr(modulename
= test_get_argument(0))
1584 || !TEST_ptr(configfile
= test_get_argument(1))
1585 || !TEST_ptr(certsdir
= test_get_argument(2))
1586 || !TEST_ptr(datadir
= test_get_argument(3)))
1589 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx
, configfile
)))
1592 /* Check we have the expected provider available */
1593 if (!TEST_true(OSSL_PROVIDER_available(libctx
, modulename
)))
1596 /* Check the default provider is not available */
1597 if (strcmp(modulename
, "default") != 0
1598 && !TEST_false(OSSL_PROVIDER_available(libctx
, "default")))
1601 if (strcmp(modulename
, "fips") == 0)
1604 cert
= test_mk_file_path(certsdir
, "servercert.pem");
1608 ccert
= test_mk_file_path(certsdir
, "ee-client-chain.pem");
1612 cauthca
= test_mk_file_path(certsdir
, "root-cert.pem");
1613 if (cauthca
== NULL
)
1616 privkey
= test_mk_file_path(certsdir
, "serverkey.pem");
1617 if (privkey
== NULL
)
1620 cprivkey
= test_mk_file_path(certsdir
, "ee-key.pem");
1621 if (privkey
== NULL
)
1624 ADD_ALL_TESTS(test_quic_write_read
, 3);
1625 ADD_TEST(test_fin_only_blocking
);
1626 ADD_TEST(test_ciphersuites
);
1627 ADD_TEST(test_cipher_find
);
1628 ADD_TEST(test_version
);
1629 #if defined(DO_SSL_TRACE_TEST)
1630 ADD_TEST(test_ssl_trace
);
1632 ADD_TEST(test_quic_forbidden_apis_ctx
);
1633 ADD_TEST(test_quic_forbidden_apis
);
1634 ADD_TEST(test_quic_forbidden_options
);
1635 ADD_ALL_TESTS(test_quic_set_fd
, 3);
1636 ADD_TEST(test_bio_ssl
);
1637 ADD_TEST(test_back_pressure
);
1638 ADD_TEST(test_multiple_dgrams
);
1639 ADD_ALL_TESTS(test_non_io_retry
, 2);
1640 ADD_TEST(test_quic_psk
);
1641 ADD_ALL_TESTS(test_client_auth
, 3);
1642 ADD_ALL_TESTS(test_alpn
, 2);
1643 ADD_ALL_TESTS(test_noisy_dgram
, 2);
1644 ADD_TEST(test_get_shutdown
);
1652 void cleanup_tests(void)
1654 bio_f_noisy_dgram_filter_free();
1655 bio_f_pkt_split_dgram_filter_free();
1657 OPENSSL_free(privkey
);
1658 OPENSSL_free(ccert
);
1659 OPENSSL_free(cauthca
);
1660 OPENSSL_free(cprivkey
);
1661 OSSL_PROVIDER_unload(defctxnull
);
1662 OSSL_LIB_CTX_free(libctx
);