[thirdparty/openssl.git] / test / quicapitest.c

/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <string.h>

#include <openssl/opensslconf.h>
#include <openssl/quic.h>

#include "helpers/ssltestlib.h"
#include "helpers/quictestlib.h"
#include "testutil.h"
#include "testutil/output.h"
#include "../ssl/ssl_local.h"

static OSSL_LIB_CTX *libctx = NULL;
static OSSL_PROVIDER *defctxnull = NULL;
static char *certsdir = NULL;
static char *cert = NULL;
static char *privkey = NULL;
static char *datadir = NULL;

static int is_fips = 0;

/*
 * Test that we read what we've written.
 * Test 0: Non-blocking
 * Test 1: Blocking
 */
static int test_quic_write_read(int idx)
{
    SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
    SSL *clientquic = NULL;
    QUIC_TSERVER *qtserv = NULL;
    int j, ret = 0;
    unsigned char buf[20];
    static char *msg = "A test message";
    size_t msglen = strlen(msg);
    size_t numbytes = 0;
    int ssock = 0, csock = 0;
    uint64_t sid = UINT64_MAX;

    if (idx == 1 && !qtest_supports_blocking())
        return TEST_skip("Blocking tests not supported in this build");

    if (!TEST_ptr(cctx)
            || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
                                                    idx, &qtserv, &clientquic,
                                                    NULL))
            || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))
            || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
        goto end;

    if (idx == 1) {
        if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), &ssock)))
            goto end;
        if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
            goto end;
    }

    sid = 0; /* client-initiated bidirectional stream */

    for (j = 0; j < 2; j++) {
        /* Check that sending and receiving app data is ok */
        if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
            || !TEST_size_t_eq(numbytes, msglen))
            goto end;
        if (idx == 1) {
            do {
                if (!TEST_true(wait_until_sock_readable(ssock)))
                    goto end;

                ossl_quic_tserver_tick(qtserv);

                if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
                                                      &numbytes)))
                    goto end;
            } while (numbytes == 0);

            if (!TEST_mem_eq(buf, numbytes, msg, msglen))
                goto end;
        }

        ossl_quic_tserver_tick(qtserv);
        if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
                                               msglen, &numbytes)))
            goto end;
        ossl_quic_tserver_tick(qtserv);
        SSL_handle_events(clientquic);
        /*
         * In blocking mode the SSL_read_ex call will block until the socket is
         * readable and has our data. In non-blocking mode we're doing everything
         * in memory, so it should be immediately available
         */
        if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
                || !TEST_size_t_eq(numbytes, 1)
                || !TEST_true(SSL_has_pending(clientquic))
                || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
                || !TEST_true(SSL_read_ex(clientquic, buf + 1, sizeof(buf) - 1, &numbytes))
                || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
            goto end;
    }

    if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
        goto end;

    ret = 1;

 end:
    ossl_quic_tserver_free(qtserv);
    SSL_free(clientquic);
    SSL_CTX_free(cctx);

    return ret;
}

/* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
static int test_ciphersuites(void)
{
    SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
    SSL *ssl;
    int testresult = 0;
    const STACK_OF(SSL_CIPHER) *ciphers = NULL;
    const SSL_CIPHER *cipher;
    /* We expect this exact list of ciphersuites by default */
    int cipherids[] = {
        TLS1_3_CK_AES_256_GCM_SHA384,
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
#endif
        TLS1_3_CK_AES_128_GCM_SHA256
    };
    size_t i, j;

    if (!TEST_ptr(ctx))
        return 0;

    ssl = SSL_new(ctx);
    if (!TEST_ptr(ssl))
        goto err;

    ciphers = SSL_get_ciphers(ssl);

    for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
        if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
            continue;
        cipher = sk_SSL_CIPHER_value(ciphers, j++);
        if (!TEST_ptr(cipher))
            goto err;
        if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
            goto err;
    }

    /* We should have checked all the ciphers in the stack */
    if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
        goto err;

    testresult = 1;
 err:
    SSL_free(ssl);
    SSL_CTX_free(ctx);

    return testresult;
}

/*
 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
 * connections.
 */
static int test_version(void)
{
    SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
    SSL *clientquic = NULL;
    QUIC_TSERVER *qtserv = NULL;
    int testresult = 0;

    if (!TEST_ptr(cctx)
            || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
                                                    0, &qtserv, &clientquic,
                                                    NULL))
            || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
        goto err;

    if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
            || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
        goto err;

    if (!TEST_true(SSL_is_quic(clientquic))
            || !TEST_false(SSL_is_tls(clientquic))
            || !TEST_false(SSL_is_dtls(clientquic)))
        goto err;


    testresult = 1;
 err:
    ossl_quic_tserver_free(qtserv);
    SSL_free(clientquic);
    SSL_CTX_free(cctx);

    return testresult;
}

#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
static void strip_line_ends(char *str)
{
    size_t i;

    for (i = strlen(str);
         i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
         i--);

    str[i] = '\0';
}

static int compare_with_file(BIO *membio)
{
    BIO *file = NULL;
    char buf1[512], buf2[512];
    char *reffile;
    int ret = 0;
    size_t i;

    reffile = test_mk_file_path(datadir, "ssltraceref.txt");
    if (!TEST_ptr(reffile))
        goto err;

    file = BIO_new_file(reffile, "rb");
    if (!TEST_ptr(file))
        goto err;

    while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
        if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
            TEST_error("Failed reading mem data");
            goto err;
        }
        strip_line_ends(buf1);
        strip_line_ends(buf2);
        if (strlen(buf1) != strlen(buf2)) {
            TEST_error("Actual and ref line data length mismatch");
            TEST_info("%s", buf1);
            TEST_info("%s", buf2);
           goto err;
        }
        for (i = 0; i < strlen(buf1); i++) {
            /* '?' is a wild card character in the reference text */
            if (buf1[i] == '?')
                buf2[i] = '?';
        }
        if (!TEST_str_eq(buf1, buf2))
            goto err;
    }
    if (!TEST_true(BIO_eof(file))
            || !TEST_true(BIO_eof(membio)))
        goto err;

    ret = 1;
 err:
    OPENSSL_free(reffile);
    BIO_free(file);
    return ret;
}

/*
 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
 * connection. This also provides testing of the msg_callback at the same time.
 */
static int test_ssl_trace(void)
{
    SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
    SSL *clientquic = NULL;
    QUIC_TSERVER *qtserv = NULL;
    int testresult = 0;
    BIO *bio = BIO_new(BIO_s_mem());

    /*
     * Ensure we only configure ciphersuites that are available with both the
     * default and fips providers to get the same output in both cases
     */
    if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
        goto err;

    if (!TEST_ptr(cctx)
            || !TEST_ptr(bio)
            || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
                                                    0, &qtserv, &clientquic,
                                                    NULL)))
        goto err;

    SSL_set_msg_callback(clientquic, SSL_trace);
    SSL_set_msg_callback_arg(clientquic, bio);

    if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
        goto err;

    if (!TEST_true(compare_with_file(bio)))
        goto err;

    testresult = 1;
 err:
    ossl_quic_tserver_free(qtserv);
    SSL_free(clientquic);
    SSL_CTX_free(cctx);
    BIO_free(bio);

    return testresult;
}
#endif

static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
{
    size_t i;

    /* Ensure ciphersuite list is suitably subsetted. */
    for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
        const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
        switch (SSL_CIPHER_get_id(cipher)) {
            case TLS1_3_CK_AES_128_GCM_SHA256:
            case TLS1_3_CK_AES_256_GCM_SHA384:
            case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
                break;
            default:
                TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
                return 0;
        }
    }

    return 1;
}

/*
 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
 */
static int test_quic_forbidden_apis_ctx(void)
{
    int testresult = 0;
    SSL_CTX *ctx = NULL;

    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
        goto err;

    /* This function returns 0 on success and 1 on error, and should fail. */
    if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
        goto err;

    /*
     * List of ciphersuites we do and don't allow in QUIC.
     */
#define QUIC_CIPHERSUITES \
    "TLS_AES_128_GCM_SHA256:"           \
    "TLS_AES_256_GCM_SHA384:"           \
    "TLS_CHACHA20_POLY1305_SHA256"

#define NON_QUIC_CIPHERSUITES           \
    "TLS_AES_128_CCM_SHA256:"           \
    "TLS_AES_256_CCM_SHA384:"           \
    "TLS_AES_128_CCM_8_SHA256"

    /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
    if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
                                            QUIC_CIPHERSUITES ":"
                                            NON_QUIC_CIPHERSUITES)))
        goto err;

    /*
     * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
     * filtered in SSL_get1_supported_ciphers, so we don't check for
     * non-inclusion here.
     */

    testresult = 1;
err:
    SSL_CTX_free(ctx);
    return testresult;
}

static int test_quic_forbidden_apis(void)
{
    int testresult = 0;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *ciphers = NULL;

    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
        goto err;

    if (!TEST_ptr(ssl = SSL_new(ctx)))
        goto err;

    /* This function returns 0 on success and 1 on error, and should fail. */
    if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
        goto err;

    /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
    if (!TEST_true(SSL_set_ciphersuites(ssl,
                                        QUIC_CIPHERSUITES ":"
                                        NON_QUIC_CIPHERSUITES)))
        goto err;

    /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
    if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
        || !TEST_true(ensure_valid_ciphers(ciphers)))
        goto err;

    testresult = 1;
err:
    sk_SSL_CIPHER_free(ciphers);
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    return testresult;
}

static int test_quic_forbidden_options(void)
{
    int testresult = 0;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    char buf[16];
    size_t len;

    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
        goto err;

    /* QUIC options restrictions do not affect SSL_CTX */
    SSL_CTX_set_options(ctx, UINT64_MAX);

    if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
        goto err;

    /* Set options on CTX which should not be inherited (tested below). */
    SSL_CTX_set_read_ahead(ctx, 1);
    SSL_CTX_set_max_early_data(ctx, 1);
    SSL_CTX_set_recv_max_early_data(ctx, 1);
    SSL_CTX_set_quiet_shutdown(ctx, 1);

    if (!TEST_ptr(ssl = SSL_new(ctx)))
        goto err;

    /* Only permitted options get transferred to SSL object */
    if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
        goto err;

    /* Try again using SSL_set_options */
    SSL_set_options(ssl, UINT64_MAX);

    if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
        goto err;

    /* Clear everything */
    SSL_clear_options(ssl, UINT64_MAX);

    if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
        goto err;

    /* Readahead */
    if (!TEST_false(SSL_get_read_ahead(ssl)))
        goto err;

    SSL_set_read_ahead(ssl, 1);
    if (!TEST_false(SSL_get_read_ahead(ssl)))
        goto err;

    /* Block padding */
    if (!TEST_true(SSL_set_block_padding(ssl, 0))
        || !TEST_true(SSL_set_block_padding(ssl, 1))
        || !TEST_false(SSL_set_block_padding(ssl, 2)))
        goto err;

    /* Max fragment length */
    if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
        || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
        goto err;

    /* Max early data */
    if (!TEST_false(SSL_get_recv_max_early_data(ssl))
        || !TEST_false(SSL_get_max_early_data(ssl))
        || !TEST_false(SSL_set_recv_max_early_data(ssl, 1))
        || !TEST_false(SSL_set_max_early_data(ssl, 1)))
        goto err;

    /* Read/Write */
    if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
        || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
        goto err;

    /* Buffer Management */
    if (!TEST_true(SSL_alloc_buffers(ssl))
        || !TEST_false(SSL_free_buffers(ssl)))
        goto err;

    /* Pipelining */
    if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
        || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
        || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
        goto err;

    /* HRR */
    if  (!TEST_false(SSL_stateless(ssl)))
        goto err;

    /* Quiet Shutdown */
    if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
        goto err;

    /* No duplication */
    if (!TEST_ptr_null(SSL_dup(ssl)))
        goto err;

    /* No clear */
    if (!TEST_false(SSL_clear(ssl)))
        goto err;

    testresult = 1;
err:
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    return testresult;
}

static int test_quic_set_fd(int idx)
{
    int testresult = 0;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    int fd = -1, resfd = -1;
    BIO *bio = NULL;

    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
        goto err;

    if (!TEST_ptr(ssl = SSL_new(ctx)))
        goto err;

    if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
        goto err;

    if (idx == 0) {
        if (!TEST_true(SSL_set_fd(ssl, fd)))
            goto err;
        if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
            goto err;
        if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
            goto err;
    } else if (idx == 1) {
        if (!TEST_true(SSL_set_rfd(ssl, fd)))
            goto err;
        if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
            goto err;
        if (!TEST_ptr_null(SSL_get_wbio(ssl)))
            goto err;
    } else {
        if (!TEST_true(SSL_set_wfd(ssl, fd)))
            goto err;
        if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
            goto err;
        if (!TEST_ptr_null(SSL_get_rbio(ssl)))
            goto err;
    }

    if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
        goto err;

    if (!TEST_true(BIO_get_fd(bio, &resfd))
        || !TEST_int_eq(resfd, fd))
        goto err;

    testresult = 1;
err:
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    if (fd >= 0)
        BIO_closesocket(fd);
    return testresult;
}

OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")

int setup_tests(void)
{
    char *modulename;
    char *configfile;

    libctx = OSSL_LIB_CTX_new();
    if (!TEST_ptr(libctx))
        return 0;

    defctxnull = OSSL_PROVIDER_load(NULL, "null");

    /*
     * Verify that the default and fips providers in the default libctx are not
     * available
     */
    if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
            || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
        goto err;

    if (!test_skip_common_options()) {
        TEST_error("Error parsing test options\n");
        goto err;
    }

    if (!TEST_ptr(modulename = test_get_argument(0))
            || !TEST_ptr(configfile = test_get_argument(1))
            || !TEST_ptr(certsdir = test_get_argument(2))
            || !TEST_ptr(datadir = test_get_argument(3)))
        goto err;

    if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
        goto err;

    /* Check we have the expected provider available */
    if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
        goto err;

    /* Check the default provider is not available */
    if (strcmp(modulename, "default") != 0
            && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
        goto err;

    if (strcmp(modulename, "fips") == 0)
        is_fips = 1;

    cert = test_mk_file_path(certsdir, "servercert.pem");
    if (cert == NULL)
        goto err;

    privkey = test_mk_file_path(certsdir, "serverkey.pem");
    if (privkey == NULL)
        goto err;

    ADD_ALL_TESTS(test_quic_write_read, 2);
    ADD_TEST(test_ciphersuites);
    ADD_TEST(test_version);
#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
    ADD_TEST(test_ssl_trace);
#endif
    ADD_TEST(test_quic_forbidden_apis_ctx);
    ADD_TEST(test_quic_forbidden_apis);
    ADD_TEST(test_quic_forbidden_options);
    ADD_ALL_TESTS(test_quic_set_fd, 3);
    return 1;
 err:
    cleanup_tests();
    return 0;
}

void cleanup_tests(void)
{
    OPENSSL_free(cert);
    OPENSSL_free(privkey);
    OSSL_PROVIDER_unload(defctxnull);
    OSSL_LIB_CTX_free(libctx);
}
Commit	Line	Data
e44795bd TM	1	/*
	2	* Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <stdio.h>
	11	#include <string.h>
	12
	13	#include <openssl/opensslconf.h>
	14	#include <openssl/quic.h>
	15
	16	#include "helpers/ssltestlib.h"
0c593328	17	#include "helpers/quictestlib.h"
e44795bd TM	18	#include "testutil.h"
e44795bd TM	19	#include "testutil/output.h"
f0d9757c	20	#include "../ssl/ssl_local.h"
e44795bd TM	21
	22	static OSSL_LIB_CTX *libctx = NULL;
	23	static OSSL_PROVIDER *defctxnull = NULL;
0c593328 MC	24	static char *certsdir = NULL;
	25	static char *cert = NULL;
	26	static char *privkey = NULL;
2e1da969	27	static char *datadir = NULL;
e44795bd TM	28
	29	static int is_fips = 0;
	30
	31	/*
	32	* Test that we read what we've written.
0c593328 MC	33	* Test 0: Non-blocking
0c593328 MC	34	* Test 1: Blocking
e44795bd	35	*/
0c593328	36	static int test_quic_write_read(int idx)
e44795bd	37	{
0c593328 MC	38	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
	39	SSL *clientquic = NULL;
	40	QUIC_TSERVER *qtserv = NULL;
e44795bd	41	int j, ret = 0;
0c593328	42	unsigned char buf[20];
e44795bd TM	43	static char *msg = "A test message";
	44	size_t msglen = strlen(msg);
	45	size_t numbytes = 0;
0c593328	46	int ssock = 0, csock = 0;
b757beb5	47	uint64_t sid = UINT64_MAX;
0c593328 MC	48
	49	if (idx == 1 && !qtest_supports_blocking())
	50	return TEST_skip("Blocking tests not supported in this build");
e44795bd	51
0c593328 MC	52	if (!TEST_ptr(cctx)
	53	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
	54	idx, &qtserv, &clientquic,
	55	NULL))
	56	\|\| !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))
	57	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
e44795bd TM	58	goto end;
e44795bd TM	59
0c593328 MC	60	if (idx == 1) {
	61	if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), &ssock)))
	62	goto end;
	63	if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
	64	goto end;
	65	}
	66
13ac037d	67	sid = 0; /* client-initiated bidirectional stream */
b757beb5	68
e44795bd TM	69	for (j = 0; j < 2; j++) {
e44795bd TM	70	/* Check that sending and receiving app data is ok */
13ac037d HL	71	if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
13ac037d HL	72	\|\| !TEST_size_t_eq(numbytes, msglen))
0c593328	73	goto end;
54b86b7f HL	74	if (idx == 1) {
	75	do {
	76	if (!TEST_true(wait_until_sock_readable(ssock)))
	77	goto end;
	78
	79	ossl_quic_tserver_tick(qtserv);
	80
b757beb5	81	if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
54b86b7f HL	82	&numbytes)))
	83	goto end;
	84	} while (numbytes == 0);
	85
	86	if (!TEST_mem_eq(buf, numbytes, msg, msglen))
	87	goto end;
	88	}
e44795bd	89
13ac037d	90	ossl_quic_tserver_tick(qtserv);
b757beb5	91	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
0c593328 MC	92	msglen, &numbytes)))
	93	goto end;
	94	ossl_quic_tserver_tick(qtserv);
6084e04b	95	SSL_handle_events(clientquic);
0c593328 MC	96	/*
	97	* In blocking mode the SSL_read_ex call will block until the socket is
	98	* readable and has our data. In non-blocking mode we're doing everything
	99	* in memory, so it should be immediately available
	100	*/
	101	if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
	102	\|\| !TEST_size_t_eq(numbytes, 1)
	103	\|\| !TEST_true(SSL_has_pending(clientquic))
	104	\|\| !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
	105	\|\| !TEST_true(SSL_read_ex(clientquic, buf + 1, sizeof(buf) - 1, &numbytes))
	106	\|\| !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
e44795bd TM	107	goto end;
	108	}
	109
0c593328 MC	110	if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
	111	goto end;
	112
e44795bd TM	113	ret = 1;
	114
	115	end:
0c593328	116	ossl_quic_tserver_free(qtserv);
e44795bd	117	SSL_free(clientquic);
e44795bd TM	118	SSL_CTX_free(cctx);
	119
	120	return ret;
	121	}
	122
0c9646ec MC	123	/* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
	124	static int test_ciphersuites(void)
	125	{
	126	SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
	127	SSL *ssl;
	128	int testresult = 0;
	129	const STACK_OF(SSL_CIPHER) *ciphers = NULL;
	130	const SSL_CIPHER *cipher;
	131	/* We expect this exact list of ciphersuites by default */
	132	int cipherids[] = {
	133	TLS1_3_CK_AES_256_GCM_SHA384,
	134	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
	135	TLS1_3_CK_CHACHA20_POLY1305_SHA256,
	136	#endif
	137	TLS1_3_CK_AES_128_GCM_SHA256
	138	};
	139	size_t i, j;
	140
	141	if (!TEST_ptr(ctx))
	142	return 0;
	143
	144	ssl = SSL_new(ctx);
	145	if (!TEST_ptr(ssl))
	146	goto err;
	147
	148	ciphers = SSL_get_ciphers(ssl);
	149
	150	for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
	151	if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
	152	continue;
	153	cipher = sk_SSL_CIPHER_value(ciphers, j++);
	154	if (!TEST_ptr(cipher))
	155	goto err;
	156	if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
	157	goto err;
	158	}
	159
	160	/* We should have checked all the ciphers in the stack */
	161	if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
	162	goto err;
	163
	164	testresult = 1;
	165	err:
	166	SSL_free(ssl);
	167	SSL_CTX_free(ctx);
	168
	169	return testresult;
	170	}
	171
843f6e27 MC	172	/*
	173	* Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
	174	* SSL_is_dtls return the expected results for a QUIC connection. Compare with
	175	* test_version() in sslapitest.c which does the same thing for TLS/DTLS
	176	* connections.
	177	*/
	178	static int test_version(void)
	179	{
	180	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
	181	SSL *clientquic = NULL;
	182	QUIC_TSERVER *qtserv = NULL;
	183	int testresult = 0;
	184
	185	if (!TEST_ptr(cctx)
	186	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
	187	0, &qtserv, &clientquic,
	188	NULL))
	189	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
	190	goto err;
	191
	192	if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
	193	\|\| !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
	194	goto err;
	195
	196	if (!TEST_true(SSL_is_quic(clientquic))
	197	\|\| !TEST_false(SSL_is_tls(clientquic))
	198	\|\| !TEST_false(SSL_is_dtls(clientquic)))
	199	goto err;
	200
	201
	202	testresult = 1;
	203	err:
	204	ossl_quic_tserver_free(qtserv);
	205	SSL_free(clientquic);
	206	SSL_CTX_free(cctx);
	207
	208	return testresult;
	209	}
	210
2e1da969 MC	211	#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
	212	static void strip_line_ends(char *str)
	213	{
	214	size_t i;
	215
	216	for (i = strlen(str);
	217	i > 0 && (str[i - 1] == '\n' \|\| str[i - 1] == '\r');
	218	i--);
	219
	220	str[i] = '\0';
	221	}
	222
	223	static int compare_with_file(BIO *membio)
	224	{
	225	BIO *file = NULL;
	226	char buf1[512], buf2[512];
	227	char *reffile;
	228	int ret = 0;
	229	size_t i;
	230
	231	reffile = test_mk_file_path(datadir, "ssltraceref.txt");
	232	if (!TEST_ptr(reffile))
	233	goto err;
	234
	235	file = BIO_new_file(reffile, "rb");
	236	if (!TEST_ptr(file))
	237	goto err;
	238
	239	while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
	240	if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
	241	TEST_error("Failed reading mem data");
	242	goto err;
	243	}
	244	strip_line_ends(buf1);
	245	strip_line_ends(buf2);
	246	if (strlen(buf1) != strlen(buf2)) {
	247	TEST_error("Actual and ref line data length mismatch");
	248	TEST_info("%s", buf1);
	249	TEST_info("%s", buf2);
	250	goto err;
	251	}
	252	for (i = 0; i < strlen(buf1); i++) {
	253	/* '?' is a wild card character in the reference text */
	254	if (buf1[i] == '?')
	255	buf2[i] = '?';
	256	}
	257	if (!TEST_str_eq(buf1, buf2))
	258	goto err;
	259	}
	260	if (!TEST_true(BIO_eof(file))
	261	\|\| !TEST_true(BIO_eof(membio)))
	262	goto err;
	263
	264	ret = 1;
	265	err:
	266	OPENSSL_free(reffile);
	267	BIO_free(file);
	268	return ret;
	269	}
	270
	271	/*
	272	* Tests that the SSL_trace() msg_callback works as expected with a QUIC
	273	* connection. This also provides testing of the msg_callback at the same time.
	274	*/
275	static int test_ssl_trace(void)
276	{
277	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
278	SSL *clientquic = NULL;
279	QUIC_TSERVER *qtserv = NULL;
280	int testresult = 0;
281	BIO *bio = BIO_new(BIO_s_mem());
282
283	/*
284	* Ensure we only configure ciphersuites that are available with both the
285	* default and fips providers to get the same output in both cases
286	*/
287	if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
288	goto err;
289
290	if (!TEST_ptr(cctx)
291	\|\| !TEST_ptr(bio)
292	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
293	0, &qtserv, &clientquic,
294	NULL)))
295	goto err;
296
297	SSL_set_msg_callback(clientquic, SSL_trace);
298	SSL_set_msg_callback_arg(clientquic, bio);
299
300	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
301	goto err;
302
303	if (!TEST_true(compare_with_file(bio)))
304	goto err;
305
306	testresult = 1;
307	err:
308	ossl_quic_tserver_free(qtserv);
309	SSL_free(clientquic);
310	SSL_CTX_free(cctx);
311	BIO_free(bio);
312
313	return testresult;
314	}
315	#endif
316
09d56d20 HL	317	static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
	318	{
	319	size_t i;
	320
	321	/* Ensure ciphersuite list is suitably subsetted. */
	322	for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
	323	const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
	324	switch (SSL_CIPHER_get_id(cipher)) {
	325	case TLS1_3_CK_AES_128_GCM_SHA256:
	326	case TLS1_3_CK_AES_256_GCM_SHA384:
	327	case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
	328	break;
	329	default:
	330	TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
	331	return 0;
	332	}
	333	}
	334
	335	return 1;
	336	}
	337
f082205b HL	338	/*
	339	* Test that handshake-layer APIs which shouldn't work don't work with QUIC.
	340	*/
09d56d20	341	static int test_quic_forbidden_apis_ctx(void)
f082205b HL	342	{
	343	int testresult = 0;
	344	SSL_CTX *ctx = NULL;
f082205b HL	345
	346	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
	347	goto err;
	348
	349	/* This function returns 0 on success and 1 on error, and should fail. */
	350	if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
	351	goto err;
	352
09d56d20 HL	353	/*
	354	* List of ciphersuites we do and don't allow in QUIC.
	355	*/
	356	#define QUIC_CIPHERSUITES \
	357	"TLS_AES_128_GCM_SHA256:" \
	358	"TLS_AES_256_GCM_SHA384:" \
	359	"TLS_CHACHA20_POLY1305_SHA256"
	360
	361	#define NON_QUIC_CIPHERSUITES \
	362	"TLS_AES_128_CCM_SHA256:" \
	363	"TLS_AES_256_CCM_SHA384:" \
	364	"TLS_AES_128_CCM_8_SHA256"
	365
	366	/* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
	367	if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
	368	QUIC_CIPHERSUITES ":"
	369	NON_QUIC_CIPHERSUITES)))
	370	goto err;
	371
	372	/*
	373	* Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
	374	* filtered in SSL_get1_supported_ciphers, so we don't check for
	375	* non-inclusion here.
	376	*/
	377
	378	testresult = 1;
	379	err:
	380	SSL_CTX_free(ctx);
	381	return testresult;
	382	}
	383
	384	static int test_quic_forbidden_apis(void)
	385	{
	386	int testresult = 0;
	387	SSL_CTX *ctx = NULL;
	388	SSL *ssl = NULL;
	389	STACK_OF(SSL_CIPHER) *ciphers = NULL;
	390
	391	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
	392	goto err;
	393
f082205b HL	394	if (!TEST_ptr(ssl = SSL_new(ctx)))
	395	goto err;
	396
	397	/* This function returns 0 on success and 1 on error, and should fail. */
	398	if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
	399	goto err;
	400
09d56d20 HL	401	/* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
	402	if (!TEST_true(SSL_set_ciphersuites(ssl,
	403	QUIC_CIPHERSUITES ":"
	404	NON_QUIC_CIPHERSUITES)))
	405	goto err;
	406
	407	/* Non-QUIC ciphersuites must not appear in supported ciphers list. */
	408	if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
	409	\|\| !TEST_true(ensure_valid_ciphers(ciphers)))
	410	goto err;
	411
f082205b HL	412	testresult = 1;
f082205b HL	413	err:
09d56d20	414	sk_SSL_CIPHER_free(ciphers);
f082205b HL	415	SSL_free(ssl);
	416	SSL_CTX_free(ctx);
	417	return testresult;
	418	}
	419
f0d9757c HL	420	static int test_quic_forbidden_options(void)
	421	{
	422	int testresult = 0;
	423	SSL_CTX *ctx = NULL;
	424	SSL *ssl = NULL;
82a2beca HL	425	char buf[16];
82a2beca HL	426	size_t len;
f0d9757c HL	427
	428	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
	429	goto err;
	430
	431	/* QUIC options restrictions do not affect SSL_CTX */
	432	SSL_CTX_set_options(ctx, UINT64_MAX);
	433
	434	if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
	435	goto err;
	436
82a2beca HL	437	/* Set options on CTX which should not be inherited (tested below). */
	438	SSL_CTX_set_read_ahead(ctx, 1);
	439	SSL_CTX_set_max_early_data(ctx, 1);
	440	SSL_CTX_set_recv_max_early_data(ctx, 1);
f66f0d3c	441	SSL_CTX_set_quiet_shutdown(ctx, 1);
82a2beca	442
f0d9757c HL	443	if (!TEST_ptr(ssl = SSL_new(ctx)))
	444	goto err;
	445
	446	/* Only permitted options get transferred to SSL object */
	447	if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
	448	goto err;
	449
	450	/* Try again using SSL_set_options */
	451	SSL_set_options(ssl, UINT64_MAX);
	452
	453	if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
	454	goto err;
	455
	456	/* Clear everything */
	457	SSL_clear_options(ssl, UINT64_MAX);
	458
	459	if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
	460	goto err;
	461
d0638fd5	462	/* Readahead */
82a2beca HL	463	if (!TEST_false(SSL_get_read_ahead(ssl)))
	464	goto err;
	465
d0638fd5 HL	466	SSL_set_read_ahead(ssl, 1);
	467	if (!TEST_false(SSL_get_read_ahead(ssl)))
	468	goto err;
	469
	470	/* Block padding */
	471	if (!TEST_true(SSL_set_block_padding(ssl, 0))
	472	\|\| !TEST_true(SSL_set_block_padding(ssl, 1))
	473	\|\| !TEST_false(SSL_set_block_padding(ssl, 2)))
	474	goto err;
	475
	476	/* Max fragment length */
	477	if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
	478	\|\| !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
	479	goto err;
	480
82a2beca HL	481	/* Max early data */
	482	if (!TEST_false(SSL_get_recv_max_early_data(ssl))
	483	\|\| !TEST_false(SSL_get_max_early_data(ssl))
	484	\|\| !TEST_false(SSL_set_recv_max_early_data(ssl, 1))
	485	\|\| !TEST_false(SSL_set_max_early_data(ssl, 1)))
	486	goto err;
	487
	488	/* Read/Write */
	489	if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
	490	\|\| !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
	491	goto err;
	492
fe33e2c8	493	/* Buffer Management */
a1c56bbe	494	if (!TEST_true(SSL_alloc_buffers(ssl))
fe33e2c8 HL	495	\|\| !TEST_false(SSL_free_buffers(ssl)))
	496	goto err;
	497
38c0ff1f HL	498	/* Pipelining */
	499	if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
	500	\|\| !TEST_false(SSL_set_split_send_fragment(ssl, 2))
	501	\|\| !TEST_false(SSL_set_max_pipelines(ssl, 2)))
	502	goto err;
	503
a1c56bbe HL	504	/* HRR */
	505	if (!TEST_false(SSL_stateless(ssl)))
	506	goto err;
	507
f66f0d3c HL	508	/* Quiet Shutdown */
	509	if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
	510	goto err;
	511
764817c4 HL	512	/* No duplication */
	513	if (!TEST_ptr_null(SSL_dup(ssl)))
	514	goto err;
	515
5f69db39 HL	516	/* No clear */
	517	if (!TEST_false(SSL_clear(ssl)))
	518	goto err;
	519
f0d9757c HL	520	testresult = 1;
	521	err:
	522	SSL_free(ssl);
	523	SSL_CTX_free(ctx);
	524	return testresult;
	525	}
	526
5e6015af HL	527	static int test_quic_set_fd(int idx)
	528	{
	529	int testresult = 0;
	530	SSL_CTX *ctx = NULL;
	531	SSL *ssl = NULL;
	532	int fd = -1, resfd = -1;
	533	BIO *bio = NULL;
	534
	535	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
	536	goto err;
	537
	538	if (!TEST_ptr(ssl = SSL_new(ctx)))
	539	goto err;
	540
	541	if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
	542	goto err;
	543
	544	if (idx == 0) {
	545	if (!TEST_true(SSL_set_fd(ssl, fd)))
	546	goto err;
	547	if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
	548	goto err;
	549	if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
	550	goto err;
	551	} else if (idx == 1) {
	552	if (!TEST_true(SSL_set_rfd(ssl, fd)))
	553	goto err;
	554	if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
	555	goto err;
	556	if (!TEST_ptr_null(SSL_get_wbio(ssl)))
	557	goto err;
	558	} else {
	559	if (!TEST_true(SSL_set_wfd(ssl, fd)))
	560	goto err;
	561	if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
	562	goto err;
	563	if (!TEST_ptr_null(SSL_get_rbio(ssl)))
	564	goto err;
	565	}
	566
	567	if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
	568	goto err;
	569
	570	if (!TEST_true(BIO_get_fd(bio, &resfd))
	571	\|\| !TEST_int_eq(resfd, fd))
	572	goto err;
	573
	574	testresult = 1;
	575	err:
	576	SSL_free(ssl);
	577	SSL_CTX_free(ctx);
	578	if (fd >= 0)
	579	BIO_closesocket(fd);
	580	return testresult;
	581	}
	582
2e1da969	583	OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
e44795bd TM	584
	585	int setup_tests(void)
	586	{
	587	char *modulename;
	588	char *configfile;
	589
	590	libctx = OSSL_LIB_CTX_new();
	591	if (!TEST_ptr(libctx))
	592	return 0;
	593
	594	defctxnull = OSSL_PROVIDER_load(NULL, "null");
	595
	596	/*
	597	* Verify that the default and fips providers in the default libctx are not
	598	* available
	599	*/
	600	if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
	601	\|\| !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
0c593328	602	goto err;
e44795bd TM	603
	604	if (!test_skip_common_options()) {
	605	TEST_error("Error parsing test options\n");
0c593328	606	goto err;
e44795bd TM	607	}
	608
	609	if (!TEST_ptr(modulename = test_get_argument(0))
0c593328	610	\|\| !TEST_ptr(configfile = test_get_argument(1))
2e1da969 MC	611	\|\| !TEST_ptr(certsdir = test_get_argument(2))
2e1da969 MC	612	\|\| !TEST_ptr(datadir = test_get_argument(3)))
0c593328	613	goto err;
e44795bd TM	614
e44795bd TM	615	if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
0c593328	616	goto err;
e44795bd TM	617
	618	/* Check we have the expected provider available */
	619	if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
0c593328	620	goto err;
e44795bd TM	621
	622	/* Check the default provider is not available */
	623	if (strcmp(modulename, "default") != 0
	624	&& !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
0c593328	625	goto err;
e44795bd TM	626
	627	if (strcmp(modulename, "fips") == 0)
	628	is_fips = 1;
	629
0c593328 MC	630	cert = test_mk_file_path(certsdir, "servercert.pem");
	631	if (cert == NULL)
	632	goto err;
	633
	634	privkey = test_mk_file_path(certsdir, "serverkey.pem");
	635	if (privkey == NULL)
	636	goto err;
	637
	638	ADD_ALL_TESTS(test_quic_write_read, 2);
0c9646ec	639	ADD_TEST(test_ciphersuites);
843f6e27	640	ADD_TEST(test_version);
2e1da969 MC	641	#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
	642	ADD_TEST(test_ssl_trace);
	643	#endif
09d56d20	644	ADD_TEST(test_quic_forbidden_apis_ctx);
f082205b	645	ADD_TEST(test_quic_forbidden_apis);
f0d9757c	646	ADD_TEST(test_quic_forbidden_options);
5e6015af	647	ADD_ALL_TESTS(test_quic_set_fd, 3);
e44795bd	648	return 1;
0c593328 MC	649	err:
	650	cleanup_tests();
	651	return 0;
e44795bd TM	652	}
	653
	654	void cleanup_tests(void)
	655	{
0c593328 MC	656	OPENSSL_free(cert);
0c593328 MC	657	OPENSSL_free(privkey);
e44795bd TM	658	OSSL_PROVIDER_unload(defctxnull);
	659	OSSL_LIB_CTX_free(libctx);
	660	}