]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/quicapitest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Allow qtestlib to use a "fake_now" implementation
[thirdparty/openssl.git] / test / quicapitest.c
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15
16 #include "helpers/ssltestlib.h"
17 #include "helpers/quictestlib.h"
18 #include "testutil.h"
19 #include "testutil/output.h"
20 #include "../ssl/ssl_local.h"
21
22 static OSSL_LIB_CTX *libctx = NULL;
23 static OSSL_PROVIDER *defctxnull = NULL;
24 static char *certsdir = NULL;
25 static char *cert = NULL;
26 static char *privkey = NULL;
27 static char *datadir = NULL;
28
29 static int is_fips = 0;
30
31 /* The ssltrace test assumes some options are switched on/off */
32 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) \
33 && defined(OPENSSL_NO_ZLIB) && defined(OPENSSL_NO_BROTLI) \
34 && defined(OPENSSL_NO_ZSTD)
35 # define DO_SSL_TRACE_TEST
36 #endif
37
38 /*
39 * Test that we read what we've written.
40 * Test 0: Non-blocking
41 * Test 1: Blocking
42 */
43 static int test_quic_write_read(int idx)
44 {
45 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
46 SSL *clientquic = NULL;
47 QUIC_TSERVER *qtserv = NULL;
48 int j, ret = 0;
49 unsigned char buf[20];
50 static char *msg = "A test message";
51 size_t msglen = strlen(msg);
52 size_t numbytes = 0;
53 int ssock = 0, csock = 0;
54 uint64_t sid = UINT64_MAX;
55
56 if (idx == 1 && !qtest_supports_blocking())
57 return TEST_skip("Blocking tests not supported in this build");
58
59 if (!TEST_ptr(cctx)
60 || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
61 idx == 1 ? QTEST_FLAG_BLOCK : 0,
62 &qtserv, &clientquic, NULL))
63 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))
64 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
65 goto end;
66
67 if (idx == 1) {
68 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), &ssock)))
69 goto end;
70 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
71 goto end;
72 }
73
74 sid = 0; /* client-initiated bidirectional stream */
75
76 for (j = 0; j < 2; j++) {
77 /* Check that sending and receiving app data is ok */
78 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
79 || !TEST_size_t_eq(numbytes, msglen))
80 goto end;
81 if (idx == 1) {
82 do {
83 if (!TEST_true(wait_until_sock_readable(ssock)))
84 goto end;
85
86 ossl_quic_tserver_tick(qtserv);
87
88 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
89 &numbytes)))
90 goto end;
91 } while (numbytes == 0);
92
93 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
94 goto end;
95 }
96
97 ossl_quic_tserver_tick(qtserv);
98 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
99 msglen, &numbytes)))
100 goto end;
101 ossl_quic_tserver_tick(qtserv);
102 SSL_handle_events(clientquic);
103 /*
104 * In blocking mode the SSL_read_ex call will block until the socket is
105 * readable and has our data. In non-blocking mode we're doing everything
106 * in memory, so it should be immediately available
107 */
108 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
109 || !TEST_size_t_eq(numbytes, 1)
110 || !TEST_true(SSL_has_pending(clientquic))
111 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
112 || !TEST_true(SSL_read_ex(clientquic, buf + 1, sizeof(buf) - 1, &numbytes))
113 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
114 goto end;
115 }
116
117 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
118 goto end;
119
120 ret = 1;
121
122 end:
123 ossl_quic_tserver_free(qtserv);
124 SSL_free(clientquic);
125 SSL_CTX_free(cctx);
126
127 return ret;
128 }
129
130 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
131 static int test_ciphersuites(void)
132 {
133 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
134 SSL *ssl;
135 int testresult = 0;
136 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
137 const SSL_CIPHER *cipher;
138 /* We expect this exact list of ciphersuites by default */
139 int cipherids[] = {
140 TLS1_3_CK_AES_256_GCM_SHA384,
141 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
142 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
143 #endif
144 TLS1_3_CK_AES_128_GCM_SHA256
145 };
146 size_t i, j;
147
148 if (!TEST_ptr(ctx))
149 return 0;
150
151 ssl = SSL_new(ctx);
152 if (!TEST_ptr(ssl))
153 goto err;
154
155 ciphers = SSL_get_ciphers(ssl);
156
157 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
158 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
159 continue;
160 cipher = sk_SSL_CIPHER_value(ciphers, j++);
161 if (!TEST_ptr(cipher))
162 goto err;
163 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
164 goto err;
165 }
166
167 /* We should have checked all the ciphers in the stack */
168 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
169 goto err;
170
171 testresult = 1;
172 err:
173 SSL_free(ssl);
174 SSL_CTX_free(ctx);
175
176 return testresult;
177 }
178
179 /*
180 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
181 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
182 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
183 * connections.
184 */
185 static int test_version(void)
186 {
187 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
188 SSL *clientquic = NULL;
189 QUIC_TSERVER *qtserv = NULL;
190 int testresult = 0;
191
192 if (!TEST_ptr(cctx)
193 || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
194 0, &qtserv, &clientquic,
195 NULL))
196 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
197 goto err;
198
199 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
200 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
201 goto err;
202
203 if (!TEST_true(SSL_is_quic(clientquic))
204 || !TEST_false(SSL_is_tls(clientquic))
205 || !TEST_false(SSL_is_dtls(clientquic)))
206 goto err;
207
208
209 testresult = 1;
210 err:
211 ossl_quic_tserver_free(qtserv);
212 SSL_free(clientquic);
213 SSL_CTX_free(cctx);
214
215 return testresult;
216 }
217
218 #if defined(DO_SSL_TRACE_TEST)
219 static void strip_line_ends(char *str)
220 {
221 size_t i;
222
223 for (i = strlen(str);
224 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
225 i--);
226
227 str[i] = '\0';
228 }
229
230 static int compare_with_file(BIO *membio)
231 {
232 BIO *file = NULL;
233 char buf1[512], buf2[512];
234 char *reffile;
235 int ret = 0;
236 size_t i;
237
238 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
239 if (!TEST_ptr(reffile))
240 goto err;
241
242 file = BIO_new_file(reffile, "rb");
243 if (!TEST_ptr(file))
244 goto err;
245
246 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
247 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
248 TEST_error("Failed reading mem data");
249 goto err;
250 }
251 strip_line_ends(buf1);
252 strip_line_ends(buf2);
253 if (strlen(buf1) != strlen(buf2)) {
254 TEST_error("Actual and ref line data length mismatch");
255 TEST_info("%s", buf1);
256 TEST_info("%s", buf2);
257 goto err;
258 }
259 for (i = 0; i < strlen(buf1); i++) {
260 /* '?' is a wild card character in the reference text */
261 if (buf1[i] == '?')
262 buf2[i] = '?';
263 }
264 if (!TEST_str_eq(buf1, buf2))
265 goto err;
266 }
267 if (!TEST_true(BIO_eof(file))
268 || !TEST_true(BIO_eof(membio)))
269 goto err;
270
271 ret = 1;
272 err:
273 OPENSSL_free(reffile);
274 BIO_free(file);
275 return ret;
276 }
277
278 /*
279 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
280 * connection. This also provides testing of the msg_callback at the same time.
281 */
282 static int test_ssl_trace(void)
283 {
284 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
285 SSL *clientquic = NULL;
286 QUIC_TSERVER *qtserv = NULL;
287 int testresult = 0;
288 BIO *bio = BIO_new(BIO_s_mem());
289
290 /*
291 * Ensure we only configure ciphersuites that are available with both the
292 * default and fips providers to get the same output in both cases
293 */
294 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
295 goto err;
296
297 if (!TEST_ptr(cctx)
298 || !TEST_ptr(bio)
299 || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
300 0, &qtserv, &clientquic,
301 NULL)))
302 goto err;
303
304 SSL_set_msg_callback(clientquic, SSL_trace);
305 SSL_set_msg_callback_arg(clientquic, bio);
306
307 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
308 goto err;
309
310 if (!TEST_true(compare_with_file(bio)))
311 goto err;
312
313 testresult = 1;
314 err:
315 ossl_quic_tserver_free(qtserv);
316 SSL_free(clientquic);
317 SSL_CTX_free(cctx);
318 BIO_free(bio);
319
320 return testresult;
321 }
322 #endif
323
324 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
325 {
326 size_t i;
327
328 /* Ensure ciphersuite list is suitably subsetted. */
329 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
330 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
331 switch (SSL_CIPHER_get_id(cipher)) {
332 case TLS1_3_CK_AES_128_GCM_SHA256:
333 case TLS1_3_CK_AES_256_GCM_SHA384:
334 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
335 break;
336 default:
337 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
338 return 0;
339 }
340 }
341
342 return 1;
343 }
344
345 /*
346 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
347 */
348 static int test_quic_forbidden_apis_ctx(void)
349 {
350 int testresult = 0;
351 SSL_CTX *ctx = NULL;
352
353 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
354 goto err;
355
356 /* This function returns 0 on success and 1 on error, and should fail. */
357 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
358 goto err;
359
360 /*
361 * List of ciphersuites we do and don't allow in QUIC.
362 */
363 #define QUIC_CIPHERSUITES \
364 "TLS_AES_128_GCM_SHA256:" \
365 "TLS_AES_256_GCM_SHA384:" \
366 "TLS_CHACHA20_POLY1305_SHA256"
367
368 #define NON_QUIC_CIPHERSUITES \
369 "TLS_AES_128_CCM_SHA256:" \
370 "TLS_AES_256_CCM_SHA384:" \
371 "TLS_AES_128_CCM_8_SHA256"
372
373 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
374 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
375 QUIC_CIPHERSUITES ":"
376 NON_QUIC_CIPHERSUITES)))
377 goto err;
378
379 /*
380 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
381 * filtered in SSL_get1_supported_ciphers, so we don't check for
382 * non-inclusion here.
383 */
384
385 testresult = 1;
386 err:
387 SSL_CTX_free(ctx);
388 return testresult;
389 }
390
391 static int test_quic_forbidden_apis(void)
392 {
393 int testresult = 0;
394 SSL_CTX *ctx = NULL;
395 SSL *ssl = NULL;
396 STACK_OF(SSL_CIPHER) *ciphers = NULL;
397
398 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
399 goto err;
400
401 if (!TEST_ptr(ssl = SSL_new(ctx)))
402 goto err;
403
404 /* This function returns 0 on success and 1 on error, and should fail. */
405 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
406 goto err;
407
408 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
409 if (!TEST_true(SSL_set_ciphersuites(ssl,
410 QUIC_CIPHERSUITES ":"
411 NON_QUIC_CIPHERSUITES)))
412 goto err;
413
414 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
415 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
416 || !TEST_true(ensure_valid_ciphers(ciphers)))
417 goto err;
418
419 testresult = 1;
420 err:
421 sk_SSL_CIPHER_free(ciphers);
422 SSL_free(ssl);
423 SSL_CTX_free(ctx);
424 return testresult;
425 }
426
427 static int test_quic_forbidden_options(void)
428 {
429 int testresult = 0;
430 SSL_CTX *ctx = NULL;
431 SSL *ssl = NULL;
432 char buf[16];
433 size_t len;
434
435 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
436 goto err;
437
438 /* QUIC options restrictions do not affect SSL_CTX */
439 SSL_CTX_set_options(ctx, UINT64_MAX);
440
441 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
442 goto err;
443
444 /* Set options on CTX which should not be inherited (tested below). */
445 SSL_CTX_set_read_ahead(ctx, 1);
446 SSL_CTX_set_max_early_data(ctx, 1);
447 SSL_CTX_set_recv_max_early_data(ctx, 1);
448 SSL_CTX_set_quiet_shutdown(ctx, 1);
449
450 if (!TEST_ptr(ssl = SSL_new(ctx)))
451 goto err;
452
453 /* Only permitted options get transferred to SSL object */
454 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
455 goto err;
456
457 /* Try again using SSL_set_options */
458 SSL_set_options(ssl, UINT64_MAX);
459
460 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
461 goto err;
462
463 /* Clear everything */
464 SSL_clear_options(ssl, UINT64_MAX);
465
466 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
467 goto err;
468
469 /* Readahead */
470 if (!TEST_false(SSL_get_read_ahead(ssl)))
471 goto err;
472
473 SSL_set_read_ahead(ssl, 1);
474 if (!TEST_false(SSL_get_read_ahead(ssl)))
475 goto err;
476
477 /* Block padding */
478 if (!TEST_true(SSL_set_block_padding(ssl, 0))
479 || !TEST_true(SSL_set_block_padding(ssl, 1))
480 || !TEST_false(SSL_set_block_padding(ssl, 2)))
481 goto err;
482
483 /* Max fragment length */
484 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
485 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
486 goto err;
487
488 /* Max early data */
489 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
490 || !TEST_false(SSL_set_max_early_data(ssl, 1)))
491 goto err;
492
493 /* Read/Write */
494 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
495 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
496 goto err;
497
498 /* Buffer Management */
499 if (!TEST_true(SSL_alloc_buffers(ssl))
500 || !TEST_false(SSL_free_buffers(ssl)))
501 goto err;
502
503 /* Pipelining */
504 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
505 || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
506 || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
507 goto err;
508
509 /* HRR */
510 if (!TEST_false(SSL_stateless(ssl)))
511 goto err;
512
513 /* Quiet Shutdown */
514 if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
515 goto err;
516
517 /* No duplication */
518 if (!TEST_ptr_null(SSL_dup(ssl)))
519 goto err;
520
521 /* No clear */
522 if (!TEST_false(SSL_clear(ssl)))
523 goto err;
524
525 testresult = 1;
526 err:
527 SSL_free(ssl);
528 SSL_CTX_free(ctx);
529 return testresult;
530 }
531
532 static int test_quic_set_fd(int idx)
533 {
534 int testresult = 0;
535 SSL_CTX *ctx = NULL;
536 SSL *ssl = NULL;
537 int fd = -1, resfd = -1;
538 BIO *bio = NULL;
539
540 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
541 goto err;
542
543 if (!TEST_ptr(ssl = SSL_new(ctx)))
544 goto err;
545
546 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
547 goto err;
548
549 if (idx == 0) {
550 if (!TEST_true(SSL_set_fd(ssl, fd)))
551 goto err;
552 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
553 goto err;
554 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
555 goto err;
556 } else if (idx == 1) {
557 if (!TEST_true(SSL_set_rfd(ssl, fd)))
558 goto err;
559 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
560 goto err;
561 if (!TEST_ptr_null(SSL_get_wbio(ssl)))
562 goto err;
563 } else {
564 if (!TEST_true(SSL_set_wfd(ssl, fd)))
565 goto err;
566 if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
567 goto err;
568 if (!TEST_ptr_null(SSL_get_rbio(ssl)))
569 goto err;
570 }
571
572 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
573 goto err;
574
575 if (!TEST_true(BIO_get_fd(bio, &resfd))
576 || !TEST_int_eq(resfd, fd))
577 goto err;
578
579 testresult = 1;
580 err:
581 SSL_free(ssl);
582 SSL_CTX_free(ctx);
583 if (fd >= 0)
584 BIO_closesocket(fd);
585 return testresult;
586 }
587
588 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
589
590 int setup_tests(void)
591 {
592 char *modulename;
593 char *configfile;
594
595 libctx = OSSL_LIB_CTX_new();
596 if (!TEST_ptr(libctx))
597 return 0;
598
599 defctxnull = OSSL_PROVIDER_load(NULL, "null");
600
601 /*
602 * Verify that the default and fips providers in the default libctx are not
603 * available
604 */
605 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
606 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
607 goto err;
608
609 if (!test_skip_common_options()) {
610 TEST_error("Error parsing test options\n");
611 goto err;
612 }
613
614 if (!TEST_ptr(modulename = test_get_argument(0))
615 || !TEST_ptr(configfile = test_get_argument(1))
616 || !TEST_ptr(certsdir = test_get_argument(2))
617 || !TEST_ptr(datadir = test_get_argument(3)))
618 goto err;
619
620 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
621 goto err;
622
623 /* Check we have the expected provider available */
624 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
625 goto err;
626
627 /* Check the default provider is not available */
628 if (strcmp(modulename, "default") != 0
629 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
630 goto err;
631
632 if (strcmp(modulename, "fips") == 0)
633 is_fips = 1;
634
635 cert = test_mk_file_path(certsdir, "servercert.pem");
636 if (cert == NULL)
637 goto err;
638
639 privkey = test_mk_file_path(certsdir, "serverkey.pem");
640 if (privkey == NULL)
641 goto err;
642
643 ADD_ALL_TESTS(test_quic_write_read, 2);
644 ADD_TEST(test_ciphersuites);
645 ADD_TEST(test_version);
646 #if defined(DO_SSL_TRACE_TEST)
647 ADD_TEST(test_ssl_trace);
648 #endif
649 ADD_TEST(test_quic_forbidden_apis_ctx);
650 ADD_TEST(test_quic_forbidden_apis);
651 ADD_TEST(test_quic_forbidden_options);
652 ADD_ALL_TESTS(test_quic_set_fd, 3);
653 return 1;
654 err:
655 cleanup_tests();
656 return 0;
657 }
658
659 void cleanup_tests(void)
660 {
661 OPENSSL_free(cert);
662 OPENSSL_free(privkey);
663 OSSL_PROVIDER_unload(defctxnull);
664 OSSL_LIB_CTX_free(libctx);
665 }
A mirror of the official openssl repository