[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Mar 26 13:24:18 UTC 2021


The branch master has been updated
       via  cede07dc51728edce77336f0fe5fce6d62ed7654 (commit)
      from  6b2e51dd36c2f7f1ec24e84288324a12cfe3549e (commit)


- Log -----------------------------------------------------------------
commit cede07dc51728edce77336f0fe5fce6d62ed7654
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Mar 25 12:46:29 2021 +0100

    Remove the external BoringSSL test
    
    Fixes #14424
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14682)

-----------------------------------------------------------------------

Summary of changes:
 .gitattributes                            |    1 -
 .github/workflows/ci.yml                  |    2 -
 .gitmodules                               |    4 -
 INSTALL.md                                |    2 +-
 boringssl                                 |    1 -
 test/README-external.md                   |   63 --
 test/build.info                           |    2 -
 test/data2.bin                            |  245 ++----
 test/ossl_shim/async_bio.cc               |  183 ----
 test/ossl_shim/async_bio.h                |   39 -
 test/ossl_shim/build.info                 |    6 -
 test/ossl_shim/include/openssl/base.h     |  114 ---
 test/ossl_shim/ossl_config.json           |  301 -------
 test/ossl_shim/ossl_shim.cc               | 1312 -----------------------------
 test/ossl_shim/packeted_bio.cc            |  299 -------
 test/ossl_shim/packeted_bio.h             |   35 -
 test/ossl_shim/test_config.cc             |  195 -----
 test/ossl_shim/test_config.h              |   90 --
 test/recipes/95-test_external_boringssl.t |   30 -
 19 files changed, 60 insertions(+), 2864 deletions(-)
 delete mode 160000 boringssl
 delete mode 100644 test/ossl_shim/async_bio.cc
 delete mode 100644 test/ossl_shim/async_bio.h
 delete mode 100644 test/ossl_shim/build.info
 delete mode 100644 test/ossl_shim/include/openssl/base.h
 delete mode 100644 test/ossl_shim/ossl_config.json
 delete mode 100644 test/ossl_shim/ossl_shim.cc
 delete mode 100644 test/ossl_shim/packeted_bio.cc
 delete mode 100644 test/ossl_shim/packeted_bio.h
 delete mode 100644 test/ossl_shim/test_config.cc
 delete mode 100644 test/ossl_shim/test_config.h
 delete mode 100644 test/recipes/95-test_external_boringssl.t

diff --git a/.gitattributes b/.gitattributes
index 6771355ff7..6bd7389c8a 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -8,7 +8,6 @@ fuzz/corpora/**                         export-ignore
 Configurations/*.norelease.conf         export-ignore
 .*                                      export-ignore
 util/mktar.sh                           export-ignore
-boringssl                               export-ignore
 krb5                                    export-ignore
 pyca-cryptography                       export-ignore
 dev                                     export-ignore
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7adc2ab746..ad24aaa5b8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -200,7 +200,5 @@ jobs:
       run: make test TESTS="test_external_gost_engine"
     - name: test external krb5
       run: make test TESTS="test_external_krb5"
-#   - name: test external boringssl
-#     run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl"
 #   - name: test external pyca
 #     run: make test TESTS="test_external_pyca"
diff --git a/.gitmodules b/.gitmodules
index 637e7ade7e..955140d60d 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,7 +1,3 @@
-[submodule "boringssl"]
-	path = boringssl
-	url = https://boringssl.googlesource.com/boringssl
-
 [submodule "pyca.cryptography"]
 	path = pyca-cryptography
 	url = https://github.com/pyca/cryptography.git
diff --git a/INSTALL.md b/INSTALL.md
index d6ef21d20e..14b6118c36 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -692,7 +692,7 @@ Enable building of integration with external test suites.
 This is a developer option and may not work on all platforms.  The following
 external test suites are currently supported:
 
- - BoringSSL test suite
+ - GOST engine test suite
  - Python PYCA/Cryptography test suite
  - krb5 test suite
 
diff --git a/boringssl b/boringssl
deleted file mode 160000
index 2070f8ad91..0000000000
--- a/boringssl
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 2070f8ad9151dc8f3a73bffaa146b5e6937a583f
diff --git a/test/README-external.md b/test/README-external.md
index b06deaac4f..3e10526b85 100644
--- a/test/README-external.md
+++ b/test/README-external.md
@@ -5,69 +5,6 @@ It is possible to integrate external test suites into OpenSSL's `make test`.
 This capability is considered a developer option and does not work on all
 platforms.
 
-The BoringSSL test suite
-========================
-
-In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
-source code into an appropriate directory. This can be done in two ways:
-
-1) Separately from the OpenSSL checkout using:
-
-    $ git clone https://boringssl.googlesource.com/boringssl boringssl
-
-  The BoringSSL tests are only confirmed to work at a specific commit in the
-  BoringSSL repository. Later commits may or may not pass the test suite:
-
-    $ cd boringssl
-    $ git checkout 490469f850e
-
-2) Using the already configured submodule settings in OpenSSL:
-
-    $ git submodule update --init
-
-Configure the OpenSSL source code to enable the external tests:
-
-    $ cd ../openssl
-    $ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
-             enable-external-tests
-
-Note that using other config options than those given above may cause the tests
-to fail.
-
-Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
-`BORING_RUNNER_DIR` environment variable:
-
-    $ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
-
-Note that the test suite may change directory while running so the path provided
-should be absolute and not relative to the current working directory.
-
-To see more detailed output you can run just the BoringSSL tests with the
-verbose option:
-
-    $ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
-        TESTS="test_external_boringssl" test
-
-Test failures and suppressions
-------------------------------
-
-A large number of the BoringSSL tests are known to fail. A test could fail
-because of many possible reasons. For example:
-
-- A bug in OpenSSL
-- Different interpretations of standards
-- Assumptions about the way BoringSSL works that do not apply to OpenSSL
-- The test uses APIs added to BoringSSL that are not present in OpenSSL
-- etc
-
-In order to provide a "clean" baseline run with all the tests passing a config
-file has been provided that suppresses the running of tests that are known to
-fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
-within the OpenSSL source code.
-
-The community is encouraged to contribute patches which reduce the number of
-suppressions that are currently present.
-
 Python PYCA/Cryptography test suite
 ===================================
 
diff --git a/test/build.info b/test/build.info
index 8abb14f634..b31e5dedd5 100644
--- a/test/build.info
+++ b/test/build.info
@@ -1,5 +1,3 @@
-SUBDIRS=ossl_shim
-
 # TODO: use ../apps/libapps.a instead of direct ../apps/lib source.
 # This can't currently be done, because some of its units drag in too many
 # unresolved references that don't apply here.
diff --git a/test/data2.bin b/test/data2.bin
index c4f9691a26..40c1bdad13 100644
--- a/test/data2.bin
+++ b/test/data2.bin
@@ -1,188 +1,61 @@
 TEST DATA2
 
-Running external test suites with OpenSSL
-=========================================
-
-It is possible to integrate external test suites into OpenSSL's "make test".
-This capability is considered a developer option and does not work on all
-platforms.
-
-
-
-The BoringSSL test suite
-========================
-
-In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL
-source code into an appropriate directory. This can be done in two ways:
-
-1) Separately from the OpenSSL checkout using:
-
-  $ git clone https://boringssl.googlesource.com/boringssl boringssl
-
-  The BoringSSL tests are only confirmed to work at a specific commit in the
-  BoringSSL repository. Later commits may or may not pass the test suite:
-
-  $ cd boringssl
-  $ git checkout 490469f850e
-
-2) Using the already configured submodule settings in OpenSSL:
-
-  $ git submodule update --init
-
-Configure the OpenSSL source code to enable the external tests:
-
-$ cd ../openssl
-$ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \
-  enable-external-tests
-
-Note that using other config options than those given above may cause the tests
-to fail.
-
-Run the OpenSSL tests by providing the path to the BoringSSL test runner in the
-BORING_RUNNER_DIR environment variable:
-
-$ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test
-
-Note that the test suite may change directory while running so the path provided
-should be absolute and not relative to the current working directory.
-
-To see more detailed output you can run just the BoringSSL tests with the
-verbose option:
-
-$ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \
-  TESTS="test_external_boringssl" test
-
-
-Test failures and suppressions
-------------------------------
-
-A large number of the BoringSSL tests are known to fail. A test could fail
-because of many possible reasons. For example:
-
-- A bug in OpenSSL
-- Different interpretations of standards
-- Assumptions about the way BoringSSL works that do not apply to OpenSSL
-- The test uses APIs added to BoringSSL that are not present in OpenSSL
-- etc
-
-In order to provide a "clean" baseline run with all the tests passing a config
-file has been provided that suppresses the running of tests that are known to
-fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json"
-within the OpenSSL source code.
-
-The community is encouraged to contribute patches which reduce the number of
-suppressions that are currently present.
-
-
-Python PYCA/Cryptography test suite
-===================================
-
-This python test suite runs cryptographic tests with a local OpenSSL build as
-the implementation.
-
-First checkout the PYCA/Cryptography module into ./pyca-cryptography using:
-
-$ git submodule update --init
-
-Then configure/build OpenSSL compatible with the python module:
-
-$ ./config shared enable-external-tests
-$ make
-
-The tests will run in a python virtual environment which requires virtualenv
-to be installed.
-
-$ make test VERBOSE=1 TESTS=test_external_pyca
-
-Test failures and suppressions
-------------------------------
-
-Some tests target older (<=1.0.2) versions so will not run. Other tests target
-other crypto implementations so are not relevant. Currently no tests fail.
-
-
-krb5 test suite
-===============
-
-Much like the PYCA/Cryptography test suite, this builds and runs the krb5
-tests against the local OpenSSL build.
-
-You will need a git checkout of krb5 at the top level:
-
-$ git clone https://github.com/krb5/krb5
-
-krb5's master has to pass this same CI, but a known-good version is
-krb5-1.15.1-final if you want to be sure.
-
-$ cd krb5
-$ git checkout krb5-1.15.1-final
-$ cd ..
-
-OpenSSL must be built with external tests enabled:
-
-$ ./config enable-external-tests
-$ make
-
-krb5's tests will then be run as part of the rest of the suite, or can be
-explicitly run (with more debugging):
-
-$ VERBOSE=1 make TESTS=test_external_krb5 test
-
-Test-failures suppressions
---------------------------
-
-krb5 will automatically adapt its test suite to account for the configuration
-of your system.  Certain tests may require more installed packages to run.  No
-tests are expected to fail.
-
-
-GOST engine test suite
-===============
-
-Much like the PYCA/Cryptography test suite, this builds and runs the GOST engine
-tests against the local OpenSSL build.
-
-You will need a git checkout of gost-engine at the top level:
-
-$ git submodule update --init
-
-Then configure/build OpenSSL enabling external tests:
-
-$ ./config shared enable-external-tests
-$ make
-
-GOST engine requires CMake for the build process.
-
-GOST engine tests will then be run as part of the rest of the suite, or can be
-explicitly run (with more debugging):
-
-$ make test VERBOSE=1 TESTS=test_external_gost_engine
-
-Updating test suites
-====================
-
-To update the commit for any of the above test suites:
-
-- Make sure the submodules are cloned locally:
-
-  $ git submodule update --init --recursive
-
-- Enter subdirectory and pull from the repository (use a specific branch/tag if required):
-
-  $ cd <submodule-dir>
-  $ git pull origin master
-
-- Go to root directory, there should be a new git status:
-
-  $ cd ../
-  $ git status
-  ...
-  #       modified:   <submodule-dir> (new commits)
-  ...
-
-- Add/commit/push the update
-
-  git add <submodule-dir>
-  git commit -m "Updated <submodule> to latest commit"
-  git push
-
+This is just some data that is meant to be different from the contents
+of the data.bin file.
+
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod
+tempor incididunt ut labore et dolore magna aliqua. Hendrerit dolor magna
+eget est. Integer enim neque volutpat ac tincidunt vitae. Erat imperdiet
+sed euismod nisi porta. Sit amet volutpat consequat mauris nunc.
+Fermentum leo vel orci porta non. Purus viverra accumsan in nisl.
+Volutpat maecenas volutpat blandit aliquam etiam erat velit scelerisque.
+Gravida in fermentum et sollicitudin ac orci phasellus. Ut eu sem integer
+vitae justo eget. Enim tortor at auctor urna nunc id. Laoreet non
+curabitur gravida arcu ac tortor dignissim convallis aenean. A lacus
+vestibulum sed arcu non odio euismod lacinia. In metus vulputate eu
+scelerisque felis imperdiet proin fermentum. Semper quis lectus nulla at
+volutpat diam ut venenatis tellus. Hac habitasse platea dictumst quisque.
+Augue ut lectus arcu bibendum at varius vel pharetra. Nisl nunc mi ipsum
+faucibus vitae aliquet. Nec sagittis aliquam malesuada bibendum arcu
+vitae. Tellus id interdum velit laoreet id donec ultrices.
+
+Eget gravida cum sociis natoque. Nunc vel risus commodo viverra maecenas
+accumsan. Enim lobortis scelerisque fermentum dui faucibus. Quis eleifend
+quam adipiscing vitae. Nec nam aliquam sem et tortor. Pharetra massa
+massa ultricies mi quis hendrerit. Tellus in metus vulputate eu
+scelerisque. Et ultrices neque ornare aenean euismod elementum. Tellus
+mauris a diam maecenas sed enim ut sem viverra. Fermentum leo vel orci
+porta non pulvinar neque. Risus nullam eget felis eget nunc. Sed tempus
+urna et pharetra pharetra massa massa ultricies. Dui sapien eget mi
+proin. Vitae elementum curabitur vitae nunc sed velit dignissim sodales.
+Sed arcu non odio euismod lacinia at. Enim praesent elementum facilisis
+leo vel fringilla. Vel facilisis volutpat est velit egestas dui id ornare
+arcu. Arcu dictum varius duis at. Pretium lectus quam id leo in vitae.
+
+Egestas fringilla phasellus faucibus scelerisque eleifend donec. Ut
+ornare lectus sit amet est placerat in egestas. Viverra ipsum nunc
+aliquet bibendum enim facilisis gravida neque. Commodo ullamcorper a
+lacus vestibulum. Urna molestie at elementum eu. Mi in nulla posuere
+sollicitudin aliquam ultrices sagittis orci a. Orci sagittis eu volutpat
+odio facilisis mauris sit. Volutpat ac tincidunt vitae semper quis.
+Adipiscing elit duis tristique sollicitudin nibh. Dignissim enim sit amet
+venenatis urna cursus. Lacus luctus accumsan tortor posuere ac ut. Eu
+feugiat pretium nibh ipsum consequat nisl. Arcu risus quis varius quam
+quisque id diam. Urna nec tincidunt praesent semper feugiat nibh sed. Sed
+libero enim sed faucibus turpis in eu mi.
+
+Suspendisse faucibus interdum posuere lorem ipsum dolor sit amet. Aliquet
+eget sit amet tellus cras adipiscing enim. Lectus proin nibh nisl
+condimentum id. Et odio pellentesque diam volutpat commodo sed egestas
+egestas. Tempor id eu nisl nunc mi ipsum. Egestas erat imperdiet sed
+euismod nisi porta lorem mollis aliquam. Pretium quam vulputate dignissim
+suspendisse in est. Volutpat commodo sed egestas egestas fringilla. In
+aliquam sem fringilla ut. Viverra accumsan in nisl nisi. Nam at lectus
+urna duis convallis convallis. Tortor posuere ac ut consequat semper.
+Pellentesque habitant morbi tristique senectus et netus et malesuada.
+Aliquet enim tortor at auctor urna nunc id cursus metus. Sit amet luctus
+venenatis lectus magna. A diam maecenas sed enim ut sem viverra aliquet.
+Pellentesque sit amet porttitor eget dolor morbi. Eget lorem dolor sed
+viverra ipsum nunc aliquet bibendum enim. Iaculis urna id volutpat lacus
+laoreet non curabitur. Mattis vulputate enim nulla aliquet porttitor
+lacus luctus accumsan tortor.
diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc
deleted file mode 100644
index b21e5af51b..0000000000
--- a/test/ossl_shim/async_bio.cc
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "async_bio.h"
-
-#include <errno.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-
-
-namespace {
-
-struct AsyncBio {
-  bool datagram;
-  bool enforce_write_quota;
-  size_t read_quota;
-  size_t write_quota;
-};
-
-AsyncBio *GetData(BIO *bio) {
-  return (AsyncBio *)BIO_get_data(bio);
-}
-
-static int AsyncWrite(BIO *bio, const char *in, int inl) {
-  AsyncBio *a = GetData(bio);
-  if (a == NULL || BIO_next(bio) == NULL) {
-    return 0;
-  }
-
-  if (!a->enforce_write_quota) {
-    return BIO_write(BIO_next(bio), in, inl);
-  }
-
-  BIO_clear_retry_flags(bio);
-
-  if (a->write_quota == 0) {
-    BIO_set_retry_write(bio);
-    errno = EAGAIN;
-    return -1;
-  }
-
-  if (!a->datagram && (size_t)inl > a->write_quota) {
-    inl = a->write_quota;
-  }
-  int ret = BIO_write(BIO_next(bio), in, inl);
-  if (ret <= 0) {
-    BIO_copy_next_retry(bio);
-  } else {
-    a->write_quota -= (a->datagram ? 1 : ret);
-  }
-  return ret;
-}
-
-static int AsyncRead(BIO *bio, char *out, int outl) {
-  AsyncBio *a = GetData(bio);
-  if (a == NULL || BIO_next(bio) == NULL) {
-    return 0;
-  }
-
-  BIO_clear_retry_flags(bio);
-
-  if (a->read_quota == 0) {
-    BIO_set_retry_read(bio);
-    errno = EAGAIN;
-    return -1;
-  }
-
-  if (!a->datagram && (size_t)outl > a->read_quota) {
-    outl = a->read_quota;
-  }
-  int ret = BIO_read(BIO_next(bio), out, outl);
-  if (ret <= 0) {
-    BIO_copy_next_retry(bio);
-  } else {
-    a->read_quota -= (a->datagram ? 1 : ret);
-  }
-  return ret;
-}
-
-static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) {
-  if (BIO_next(bio) == NULL) {
-    return 0;
-  }
-  BIO_clear_retry_flags(bio);
-  int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
-  BIO_copy_next_retry(bio);
-  return ret;
-}
-
-static int AsyncNew(BIO *bio) {
-  AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a));
-  if (a == NULL) {
-    return 0;
-  }
-  memset(a, 0, sizeof(*a));
-  a->enforce_write_quota = true;
-  BIO_set_init(bio, 1);
-  BIO_set_data(bio, a);
-  return 1;
-}
-
-static int AsyncFree(BIO *bio) {
-  if (bio == NULL) {
-    return 0;
-  }
-
-  OPENSSL_free(BIO_get_data(bio));
-  BIO_set_data(bio, NULL);
-  BIO_set_init(bio, 0);
-  return 1;
-}
-
-static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
-{
-  if (BIO_next(bio) == NULL)
-    return 0;
-  return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
-}
-
-static BIO_METHOD *g_async_bio_method = NULL;
-
-static const BIO_METHOD *AsyncMethod(void)
-{
-  if (g_async_bio_method == NULL) {
-    g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio");
-    if (   g_async_bio_method == NULL
-        || !BIO_meth_set_write(g_async_bio_method, AsyncWrite)
-        || !BIO_meth_set_read(g_async_bio_method, AsyncRead)
-        || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl)
-        || !BIO_meth_set_create(g_async_bio_method, AsyncNew)
-        || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree)
-        || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl))
-    return NULL;
-  }
-  return g_async_bio_method;
-}
-
-}  // namespace
-
-bssl::UniquePtr<BIO> AsyncBioCreate() {
-  return bssl::UniquePtr<BIO>(BIO_new(AsyncMethod()));
-}
-
-bssl::UniquePtr<BIO> AsyncBioCreateDatagram() {
-  bssl::UniquePtr<BIO> ret(BIO_new(AsyncMethod()));
-  if (!ret) {
-    return nullptr;
-  }
-  GetData(ret.get())->datagram = true;
-  return ret;
-}
-
-void AsyncBioAllowRead(BIO *bio, size_t count) {
-  AsyncBio *a = GetData(bio);
-  if (a == NULL) {
-    return;
-  }
-  a->read_quota += count;
-}
-
-void AsyncBioAllowWrite(BIO *bio, size_t count) {
-  AsyncBio *a = GetData(bio);
-  if (a == NULL) {
-    return;
-  }
-  a->write_quota += count;
-}
-
-void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) {
-  AsyncBio *a = GetData(bio);
-  if (a == NULL) {
-    return;
-  }
-  a->enforce_write_quota = enforce;
-}
diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h
deleted file mode 100644
index 0d3b0ebc6e..0000000000
--- a/test/ossl_shim/async_bio.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H
-#define OSSL_TEST_SHIM_ASYNC_BIO_H
-
-#include <openssl/base.h>
-#include <openssl/bio.h>
-
-
-// AsyncBioCreate creates a filter BIO for testing asynchronous state
-// machines which consume a stream socket. Reads and writes will fail
-// and return EAGAIN unless explicitly allowed. Each async BIO has a
-// read quota and a write quota. Initially both are zero. As each is
-// incremented, bytes are allowed to flow through the BIO.
-bssl::UniquePtr<BIO> AsyncBioCreate();
-
-// AsyncBioCreateDatagram creates a filter BIO for testing for
-// asynchronous state machines which consume datagram sockets. The read
-// and write quota count in packets rather than bytes.
-bssl::UniquePtr<BIO> AsyncBioCreateDatagram();
-
-// AsyncBioAllowRead increments |bio|'s read quota by |count|.
-void AsyncBioAllowRead(BIO *bio, size_t count);
-
-// AsyncBioAllowWrite increments |bio|'s write quota by |count|.
-void AsyncBioAllowWrite(BIO *bio, size_t count);
-
-// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota.
-void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce);
-
-
-#endif  // OSSL_TEST_SHIM_ASYNC_BIO_H
diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info
deleted file mode 100644
index d1dd208408..0000000000
--- a/test/ossl_shim/build.info
+++ /dev/null
@@ -1,6 +0,0 @@
-IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}]
-  PROGRAMS{noinst}=ossl_shim
-  SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc
-  INCLUDE[ossl_shim]=. include ../../include
-  DEPEND[ossl_shim]=../../libssl ../../libcrypto
-ENDIF
diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h
deleted file mode 100644
index 9b07292673..0000000000
--- a/test/ossl_shim/include/openssl/base.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
-#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
-
-/* Needed for DH functions */
-#include "internal/deprecated.h"
-
-/* Needed for BORINGSSL_MAKE_DELETER */
-# include <openssl/bio.h>
-# include <openssl/evp.h>
-# include <openssl/dh.h>
-# include <openssl/x509.h>
-# include <openssl/ssl.h>
-
-# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
-
-extern "C++" {
-
-#include <memory>
-
-namespace bssl {
-
-namespace internal {
-
-template <typename T>
-struct DeleterImpl {};
-
-template <typename T>
-struct Deleter {
-  void operator()(T *ptr) {
-    // Rather than specialize Deleter for each type, we specialize
-    // DeleterImpl. This allows bssl::UniquePtr<T> to be used while only
-    // including base.h as long as the destructor is not emitted. This matches
-    // std::unique_ptr's behavior on forward-declared types.
-    //
-    // DeleterImpl itself is specialized in the corresponding module's header
-    // and must be included to release an object. If not included, the compiler
-    // will error that DeleterImpl<T> does not have a method Free.
-    DeleterImpl<T>::Free(ptr);
-  }
-};
-
-template <typename T, typename CleanupRet, void (*init)(T *),
-          CleanupRet (*cleanup)(T *)>
-class StackAllocated {
- public:
-  StackAllocated() { init(&ctx_); }
-  ~StackAllocated() { cleanup(&ctx_); }
-
-  StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
-  T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
-
-  T *get() { return &ctx_; }
-  const T *get() const { return &ctx_; }
-
-  void Reset() {
-    cleanup(&ctx_);
-    init(&ctx_);
-  }
-
- private:
-  T ctx_;
-};
-
-}  // namespace internal
-
-#define BORINGSSL_MAKE_DELETER(type, deleter)     \
-  namespace internal {                            \
-  template <>                                     \
-  struct DeleterImpl<type> {                      \
-    static void Free(type *ptr) { deleter(ptr); } \
-  };                                              \
-  }
-
-// This makes a unique_ptr to STACK_OF(type) that owns all elements on the
-// stack, i.e. it uses sk_pop_free() to clean up.
-#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \
-  namespace internal {                              \
-  template <>                                       \
-  struct DeleterImpl<STACK_OF(type)> {              \
-    static void Free(STACK_OF(type) *ptr) {         \
-      sk_##type##_pop_free(ptr, deleter);           \
-    }                                               \
-  };                                                \
-  }
-
-// Holds ownership of heap-allocated BoringSSL structures. Sample usage:
-//   bssl::UniquePtr<BIO> rsa(RSA_new());
-//   bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
-template <typename T>
-using UniquePtr = std::unique_ptr<T, internal::Deleter<T>>;
-
-BORINGSSL_MAKE_DELETER(BIO, BIO_free)
-BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
-BORINGSSL_MAKE_DELETER(DH, DH_free)
-BORINGSSL_MAKE_DELETER(X509, X509_free)
-BORINGSSL_MAKE_DELETER(SSL, SSL_free)
-BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
-BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
-
-}  // namespace bssl
-
-}  /* extern C++ */
-
-
-#endif  /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */
diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json
deleted file mode 100644
index 1e57499065..0000000000
--- a/test/ossl_shim/ossl_config.json
+++ /dev/null
@@ -1,301 +0,0 @@
-
-{
-    "DisabledTests" : {
-        "*TLS13*":"No TLS1.3 support yet",
-        "FragmentAlert-DTLS":"Test failure - reason unknown",
-        "FragmentedClientVersion":"Test failure - reason unknown",
-        "MTU":"Test failure - reason unknown",
-        "EmptyCertificateList":"Test failure - reason unknown",
-        "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown",
-        "AlertAfterChangeCipherSpec":"Test failure - reason unknown",
-        "AppDataAfterChangeCipherSpec":"Test failure - reason unknown",
-        "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown",
-        "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
-        "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown",
-        "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown",
-        "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown",
-        "SplitFragments-Header-DTLS":"Test failure - reason unknown",
-        "SplitFragments-Boundary-DTLS":"Test failure - reason unknown",
-        "SplitFragments-Body-DTLS":"Test failure - reason unknown",
-        "SendEmptyFragments-DTLS":"Test failure - reason unknown",
-        "SendInvalidRecordType-DTLS":"Test failure - reason unknown",
-        "SendInvalidRecordType":"Test failure - reason unknown",
-        "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown",
-        "SendWarningAlerts-Pass":"Test failure - reason unknown",
-        "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown",
-        "TooManyKeyUpdates":"Test failure - reason unknown",
-        "Unclean-Shutdown-Alert":"Test failure - reason unknown",
-        "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown",
-        "BadHelloRequest-2":"Test failure - reason unknown",
-        "DTLS-SendExtraFinished":"Test failure - reason unknown",
-        "NoNullCompression-TLS12":"Test failure - reason unknown",
-        "KeyUpdate-Client":"Test failure - reason unknown",
-        "KeyUpdate-InvalidRequestMode":"Test failure - reason unknown",
-        "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown",
-        "LargeMessage-Reject-DTLS":"Test failure - reason unknown",
-        "KeyUpdate-Server":"Test failure - reason unknown",
-        "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown",
-        "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown",
-        "DTLS1-NULL-SHA-server":"Test failure - reason unknown",
-        "DTLS1-NULL-SHA-client":"Test failure - reason unknown",
-        "DTLS12-NULL-SHA-client":"Test failure - reason unknown",
-        "DTLS12-NULL-SHA-server":"Test failure - reason unknown",
-        "BadECDSA-1-4":"Test failure - reason unknown",
-        "BadECDSA-3-4":"Test failure - reason unknown",
-        "BadECDSA-4-1":"Test failure - reason unknown",
-        "BadECDSA-4-4":"Test failure - reason unknown",
-        "BadECDSA-4-3":"Test failure - reason unknown",
-        "SillyDH":"Test failure - reason unknown",
-        "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown",
-        "NoSupportedVersions-DTLS":"Test failure - reason unknown",
-        "VersionTooLow-DTLS":"Test failure - reason unknown",
-        "IgnoreClientVersionOrder":"Test failure - reason unknown",
-        "VersionTooLow":"Test failure - reason unknown",
-        "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown",
-        "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown",
-        "MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown",
-        "DuplicateExtensionClient-TLS1":"Test failure - reason unknown",
-        "DuplicateExtensionServer-TLS1":"Test failure - reason unknown",
-        "ALPNClient-Mismatch-TLS1":"Test failure - reason unknown",
-        "UnsolicitedServerNameAck-TLS1":"Test failure - reason unknown",
-        "ALPNServer-Decline-TLS1":"Test failure - reason unknown",
-        "ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown",
-        "NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown",
-        "NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown",
-        "TicketSessionIDLength-33-TLS1":"Test failure - reason unknown",
-        "DuplicateExtensionClient-TLS11":"Test failure - reason unknown",
-        "DuplicateExtensionServer-TLS11":"Test failure - reason unknown",
-        "UnsolicitedServerNameAck-TLS11":"Test failure - reason unknown",
-        "ALPNServer-Decline-TLS11":"Test failure - reason unknown",
-        "ALPNClient-Mismatch-TLS11":"Test failure - reason unknown",
-        "ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown",
-        "NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown",
-        "NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown",
-        "TicketSessionIDLength-33-TLS11":"Test failure - reason unknown",
-        "DuplicateExtensionServer-TLS12":"Test failure - reason unknown",
-        "DuplicateExtensionClient-TLS12":"Test failure - reason unknown",
-        "UnsolicitedServerNameAck-TLS12":"Test failure - reason unknown",
-        "ALPNServer-Decline-TLS12":"Test failure - reason unknown",
-        "ALPNClient-Mismatch-TLS12":"Test failure - reason unknown",
-        "ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown",
-        "NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown",
-        "NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown",
-        "TicketSessionIDLength-33-TLS12":"Test failure - reason unknown",
-        "ClientHelloPadding":"Test failure - reason unknown",
-        "Resume-Server-UnofferedCipher":"Test failure - reason unknown",
-        "Resume-Client-CipherMismatch":"Test failure - reason unknown",
-        "Resume-Server-ExtraIdentityNoBinder":"Test failure - reason unknown",
-        "Resume-Server-BinderWrongLength":"Test failure - reason unknown",
-        "Resume-Server-ExtraPSKBinder":"Test failure - reason unknown",
-        "Resume-Server-NoPSKBinder":"Test failure - reason unknown",
-        "Resume-Server-PSKBinderFirstExtension":"Test failure - reason unknown",
-        "Resume-Server-InvalidPSKBinder":"Test failure - reason unknown",
-        "ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown",
-        "Renegotiate-Server-Forbidden":"Test failure - reason unknown",
-        "ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown",
-        "Renegotiate-Client-SwitchVersion":"Test failure - reason unknown",
-        "Renegotiate-Client-Upgrade":"Test failure - reason unknown",
-        "Renegotiate-SameClientVersion":"Test failure - reason unknown",
-        "Renegotiate-Client-Downgrade":"Test failure - reason unknown",
-        "Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown",
-        "Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown",
-        "Renegotiate-Client-Forbidden-1":"Test failure - reason unknown",
-        "StrayHelloRequest":"Test failure - reason unknown",
-        "Renegotiate-Client-Freely-2":"Test failure - reason unknown",
-        "Renegotiate-Client-NoIgnore":"Test failure - reason unknown",
-        "StrayHelloRequest-Packed":"Test failure - reason unknown",
-        "Renegotiate-Client-Freely-1":"Test failure - reason unknown",
-        "Renegotiation-CertificateChange":"Test failure - reason unknown",
-        "Renegotiation-CertificateChange-2":"Test failure - reason unknown",
-        "Renegotiate-Client-SSL3":"Test failure - reason unknown",
-        "ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown",
-        "ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown",
-        "P224-Server":"Test failure - reason unknown",
-        "RSA-PSS-Large":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-1":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-2":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-1":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-2":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-3":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-3":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-4":"Test failure - reason unknown",
-        "Renegotiate-Client-Packed":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-4":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-5":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-6":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-6":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-5":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-7":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-7":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-8":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-9":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-8":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-9":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-10":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-11":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-10":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-11":"Test failure - reason unknown",
-        "CustomExtensions-ParseError-Server":"Test failure - reason unknown",
-        "CustomExtensions-FailAdd-Server":"Test failure - reason unknown",
-        "CustomExtensions-FailAdd-Client":"Test failure - reason unknown",
-        "CustomExtensions-ParseError-Client":"Test failure - reason unknown",
-        "UnknownExtension-Client":"Test failure - reason unknown",
-        "UnofferedExtension-Client":"Test failure - reason unknown",
-        "PointFormat-Client-MissingUncompressed":"Test failure - reason unknown",
-        "PointFormat-Server-MissingUncompressed":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown",
-        "Renegotiate-Client-Sync":"Test failure - reason unknown",
-        "Shutdown-Shim-Sync":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown",
-        "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown",
-        "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-Async":"Test failure - reason unknown",
-        "Shutdown-Shim-Async":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown",
-        "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown",
-        "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown",
-        "SendUnencryptedFinished-DTLS":"Test failure - reason unknown",
-        "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown",
-        "StrayChangeCipherSpec":"Test failure - reason unknown",
-        "PartialClientFinishedWithClientHello":"Test failure - reason unknown",
-        "TrailingMessageData-ClientHello":"Test failure - reason unknown",
-        "TrailingMessageData-ServerHello":"Test failure - reason unknown",
-        "TrailingMessageData-ServerCertificate":"Test failure - reason unknown",
-        "TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown",
-        "TrailingMessageData-CertificateRequest":"Test failure - reason unknown",
-        "TrailingMessageData-ServerHelloDone":"Test failure - reason unknown",
-        "TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown",
-        "TrailingMessageData-ClientCertificate":"Test failure - reason unknown",
-        "TrailingMessageData-CertificateVerify":"Test failure - reason unknown",
-        "TrailingMessageData-NextProtocol":"Test failure - reason unknown",
-        "TrailingMessageData-NewSessionTicket":"Test failure - reason unknown",
-        "TrailingMessageData-ClientFinished":"Test failure - reason unknown",
-        "TrailingMessageData-ServerFinished":"Test failure - reason unknown",
-        "TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown",
-        "TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown",
-        "MissingKeyShare-Client":"Test failure - reason unknown",
-        "MissingKeyShare-Server":"Test failure - reason unknown",
-        "DuplicateKeyShares":"Test failure - reason unknown",
-        "SkipEarlyData":"Test failure - reason unknown",
-        "SkipEarlyData-OmitEarlyDataExtension":"Test failure - reason unknown",
-        "SkipEarlyData-TooMuchData":"Test failure - reason unknown",
-        "SkipEarlyData-Interleaved":"Test failure - reason unknown",
-        "SkipEarlyData-HRR":"Test failure - reason unknown",
-        "SkipEarlyData-HRR-Interleaved":"Test failure - reason unknown",
-        "SkipEarlyData-HRR-TooMuchData":"Test failure - reason unknown",
-        "SkipEarlyData-HRR-FatalAlert":"Test failure - reason unknown",
-        "SkipEarlyData-EarlyDataInTLS12":"Test failure - reason unknown",
-        "SkipEarlyData-SecondClientHelloEarlyData":"Test failure - reason unknown",
-        "EmptyEncryptedExtensions":"Test failure - reason unknown",
-        "EncryptedExtensionsWithKeyShare":"Test failure - reason unknown",
-        "UnknownCurve-HelloRetryRequest":"Test failure - reason unknown",
-        "UnnecessaryHelloRetryRequest":"Test failure - reason unknown",
-        "HelloRetryRequest-Empty":"Test failure - reason unknown",
-        "SecondHelloRetryRequest":"Test failure - reason unknown",
-        "HelloRetryRequest-DuplicateCurve":"Test failure - reason unknown",
-        "HelloRetryRequest-DuplicateCookie":"Test failure - reason unknown",
-        "HelloRetryRequest-EmptyCookie":"Test failure - reason unknown",
-        "HelloRetryRequest-Unknown":"Test failure - reason unknown",
-        "SecondClientHelloMissingKeyShare":"Test failure - reason unknown",
-        "SecondClientHelloWrongCurve":"Test failure - reason unknown",
-        "HelloRetryRequestVersionMismatch":"Test failure - reason unknown",
-        "HelloRetryRequestCurveMismatch":"Test failure - reason unknown",
-        "SkipHelloRetryRequest":"Test failure - reason unknown",
-        "Peek-Renegotiate":"Test failure - reason unknown",
-        "Peek-KeyUpdate":"Test failure - reason unknown",
-        "DTLS-Retransmit-Client-12":"Test failure - reason unknown",
-        "DTLS-Retransmit-Timeout":"Test failure - reason unknown",
-        "DTLS-Retransmit-Server-12":"Test failure - reason unknown",
-        "DTLS-Retransmit-Fudge":"Test failure - reason unknown",
-        "DTLS-Retransmit-Fragmented":"Test failure - reason unknown",
-        "TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown",
-        "SendFallbackSCSV":"Current runner version uses old draft TLSv1.3",
-        "VersionNegotiationExtension-TLS11":"Current runner version uses old draft TLSv1.3",
-        "VersionNegotiationExtension-TLS1":"Current runner version uses old draft TLSv1.3",
-        "VersionNegotiationExtension-SSL3":"Current runner version uses old draft TLSv1.3",
-        "ConflictingVersionNegotiation":"Current runner version uses old draft TLSv1.3"
-    },
-    "ErrorMap" : {
-        ":UNEXPECTED_MESSAGE:":"unexpected message",
-        ":INAPPROPRIATE_FALLBACK:":"inappropriate fallback",
-        ":UNEXPECTED_RECORD:":"unexpected message",
-        ":TLSV1_ALERT_RECORD_OVERFLOW:":"tlsv1 alert record overflow",
-        ":WRONG_SSL_VERSION:":"no protocols available",
-        ":BAD_ALERT:":"invalid alert",
-        ":HTTP_REQUEST:":"http request",
-        ":HTTPS_PROXY_REQUEST:":"https proxy request",
-        ":WRONG_CERTIFICATE_TYPE:":"wrong certificate type",
-        ":WRONG_VERSION_NUMBER:":"wrong version number",
-        ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:":"decryption failed or bad record mac",
-        ":DIGEST_CHECK_FAILED:":"digest check failed",
-        ":TOO_MANY_EMPTY_FRAGMENTS:":"record too small",
-        ":TOO_MANY_WARNING_ALERTS:":"too many warn alerts",
-        ":DATA_LENGTH_TOO_LONG:":"data length too long",
-        ":EXCESSIVE_MESSAGE_SIZE:":"excessive message size",
-        ":ENCRYPTED_LENGTH_TOO_LONG:":"packet length too long",
-        ":INVALID_COMPRESSION_LIST:":"no compression specified",
-        ":NO_SHARED_CIPHER:":"no shared cipher",
-        ":WRONG_CIPHER_RETURNED:":"wrong cipher returned",
-        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"sslv3 alert handshake failure",
-        ":UNKNOWN_CIPHER_RETURNED:":"unknown cipher returned",
-        ":BAD_SIGNATURE:":"bad signature",
-        ":BAD_DH_P_LENGTH:":"dh key too small",
-        ":PEER_DID_NOT_RETURN_A_CERTIFICATE:":"peer did not return a certificate",
-        ":UNSUPPORTED_PROTOCOL:":"unsupported protocol",
-        ":PARSE_TLSEXT:":"bad extension",
-        ":BAD_SRTP_PROTECTION_PROFILE_LIST:":"bad srtp protection profile list",
-        ":OLD_SESSION_VERSION_NOT_RETURNED:":"ssl session version mismatch",
-        ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:":"inconsistent extms",
-        ":RENEGOTIATION_EMS_MISMATCH:":"inconsistent extms",
-        ":RENEGOTIATION_MISMATCH:":"renegotiation mismatch",
-        ":WRONG_SIGNATURE_TYPE:":"wrong signature type",
-        ":BAD_ECC_CERT:":"wrong curve",
-        ":WRONG_CURVE:":"wrong curve",
-        ":INVALID_ENCODING:":"invalid encoding",
-        ":CERTIFICATE_VERIFY_FAILED:":"certificate verify failed",
-        ":BAD_CHANGE_CIPHER_SPEC:":"bad change cipher spec",
-        ":ECC_CERT_NOT_FOR_SIGNING:":"ecc cert not for signing",
-        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"old session cipher not returned",
-        ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:":"inconsistent extms"
-    }
-}
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
deleted file mode 100644
index 7ea8050ae7..0000000000
--- a/test/ossl_shim/ossl_shim.cc
+++ /dev/null
@@ -1,1312 +0,0 @@
-/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
-#include "packeted_bio.h"
-#include <openssl/e_os2.h>
-
-#if !defined(OPENSSL_SYS_WINDOWS)
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <unistd.h>
-#else
-#include <io.h>
-OPENSSL_MSVC_PRAGMA(warning(push, 3))
-#include <winsock2.h>
-#include <ws2tcpip.h>
-OPENSSL_MSVC_PRAGMA(warning(pop))
-
-OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib"))
-#endif
-
-#include <assert.h>
-#include <inttypes.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/core_names.h>
-#include <openssl/crypto.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
-#include <memory>
-#include <string>
-#include <vector>
-
-#include "async_bio.h"
-#include "test_config.h"
-
-namespace bssl {
-
-#if !defined(OPENSSL_SYS_WINDOWS)
-static int closesocket(int sock) {
-  return close(sock);
-}
-
-static void PrintSocketError(const char *func) {
-  perror(func);
-}
-#else
-static void PrintSocketError(const char *func) {
-  fprintf(stderr, "%s: %d\n", func, WSAGetLastError());
-}
-#endif
-
-static int Usage(const char *program) {
-  fprintf(stderr, "Usage: %s [flags...]\n", program);
-  return 1;
-}
-
-struct TestState {
-  // async_bio is async BIO which pauses reads and writes.
-  BIO *async_bio = nullptr;
-  // packeted_bio is the packeted BIO which simulates read timeouts.
-  BIO *packeted_bio = nullptr;
-  bool cert_ready = false;
-  bool handshake_done = false;
-  // private_key is the underlying private key used when testing custom keys.
-  bssl::UniquePtr<EVP_PKEY> private_key;
-  bool got_new_session = false;
-  bssl::UniquePtr<SSL_SESSION> new_session;
-  bool ticket_decrypt_done = false;
-  bool alpn_select_done = false;
-};
-
-static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                            int index, long argl, void *argp) {
-  delete ((TestState *)ptr);
-}
-
-static int g_config_index = 0;
-static int g_state_index = 0;
-
-static bool SetTestConfig(SSL *ssl, const TestConfig *config) {
-  return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1;
-}
-
-static const TestConfig *GetTestConfig(const SSL *ssl) {
-  return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index);
-}
-
-static bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) {
-  // |SSL_set_ex_data| takes ownership of |state| only on success.
-  if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) {
-    state.release();
-    return true;
-  }
-  return false;
-}
-
-static TestState *GetTestState(const SSL *ssl) {
-  return (TestState *)SSL_get_ex_data(ssl, g_state_index);
-}
-
-static bssl::UniquePtr<X509> LoadCertificate(const std::string &file) {
-  bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
-  if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
-    return nullptr;
-  }
-  return bssl::UniquePtr<X509>(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL));
-}
-
-static bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file) {
-  bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
-  if (!bio || !BIO_read_filename(bio.get(), file.c_str())) {
-    return nullptr;
-  }
-  return bssl::UniquePtr<EVP_PKEY>(
-      PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL));
-}
-
-template<typename T>
-struct Free {
-  void operator()(T *buf) {
-    free(buf);
-  }
-};
-
-static bool GetCertificate(SSL *ssl, bssl::UniquePtr<X509> *out_x509,
-                           bssl::UniquePtr<EVP_PKEY> *out_pkey) {
-  const TestConfig *config = GetTestConfig(ssl);
-
-  if (!config->key_file.empty()) {
-    *out_pkey = LoadPrivateKey(config->key_file.c_str());
-    if (!*out_pkey) {
-      return false;
-    }
-  }
-  if (!config->cert_file.empty()) {
-    *out_x509 = LoadCertificate(config->cert_file.c_str());
-    if (!*out_x509) {
-      return false;
-    }
-  }
-  return true;
-}
-
-static bool InstallCertificate(SSL *ssl) {
-  bssl::UniquePtr<X509> x509;
-  bssl::UniquePtr<EVP_PKEY> pkey;
-  if (!GetCertificate(ssl, &x509, &pkey)) {
-    return false;
-  }
-
-  if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) {
-    return false;
-  }
-
-  if (x509 && !SSL_use_certificate(ssl, x509.get())) {
-    return false;
-  }
-
-  return true;
-}
-
-static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) {
-  if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) {
-    return -1;
-  }
-
-  bssl::UniquePtr<X509> x509;
-  bssl::UniquePtr<EVP_PKEY> pkey;
-  if (!GetCertificate(ssl, &x509, &pkey)) {
-    return -1;
-  }
-
-  // Return zero for no certificate.
-  if (!x509) {
-    return 0;
-  }
-
-  // Asynchronous private keys are not supported with client_cert_cb.
-  *out_x509 = x509.release();
-  *out_pkey = pkey.release();
-  return 1;
-}
-
-static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) {
-  return 1;
-}
-
-static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) {
-  X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION);
-  return 0;
-}
-
-static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out,
-                                        unsigned int *out_len, void *arg) {
-  const TestConfig *config = GetTestConfig(ssl);
-  if (config->advertise_npn.empty()) {
-    return SSL_TLSEXT_ERR_NOACK;
-  }
-
-  *out = (const uint8_t*)config->advertise_npn.data();
-  *out_len = config->advertise_npn.size();
-  return SSL_TLSEXT_ERR_OK;
-}
-
-static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen,
-                                   const uint8_t* in, unsigned inlen, void* arg) {
-  const TestConfig *config = GetTestConfig(ssl);
-  if (config->select_next_proto.empty()) {
-    return SSL_TLSEXT_ERR_NOACK;
-  }
-
-  *out = (uint8_t*)config->select_next_proto.data();
-  *outlen = config->select_next_proto.size();
-  return SSL_TLSEXT_ERR_OK;
-}
-
-static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen,
-                              const uint8_t* in, unsigned inlen, void* arg) {
-  if (GetTestState(ssl)->alpn_select_done) {
-    fprintf(stderr, "AlpnSelectCallback called after completion.\n");
-    exit(1);
-  }
-
-  GetTestState(ssl)->alpn_select_done = true;
-
-  const TestConfig *config = GetTestConfig(ssl);
-  if (config->decline_alpn) {
-    return SSL_TLSEXT_ERR_NOACK;
-  }
-
-  if (!config->expected_advertised_alpn.empty() &&
-      (config->expected_advertised_alpn.size() != inlen ||
-       memcmp(config->expected_advertised_alpn.data(),
-              in, inlen) != 0)) {
-    fprintf(stderr, "bad ALPN select callback inputs\n");
-    exit(1);
-  }
-
-  *out = (const uint8_t*)config->select_alpn.data();
-  *outlen = config->select_alpn.size();
-  return SSL_TLSEXT_ERR_OK;
-}
-
-static unsigned PskClientCallback(SSL *ssl, const char *hint,
-                                  char *out_identity,
-                                  unsigned max_identity_len,
-                                  uint8_t *out_psk, unsigned max_psk_len) {
-  const TestConfig *config = GetTestConfig(ssl);
-
-  if (config->psk_identity.empty()) {
-    if (hint != nullptr) {
-      fprintf(stderr, "Server PSK hint was non-null.\n");
-      return 0;
-    }
-  } else if (hint == nullptr ||
-             strcmp(hint, config->psk_identity.c_str()) != 0) {
-    fprintf(stderr, "Server PSK hint did not match.\n");
-    return 0;
-  }
-
-  // Account for the trailing '\0' for the identity.
-  if (config->psk_identity.size() >= max_identity_len ||
-      config->psk.size() > max_psk_len) {
-    fprintf(stderr, "PSK buffers too small\n");
-    return 0;
-  }
-
-  OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(),
-                  max_identity_len);
-  memcpy(out_psk, config->psk.data(), config->psk.size());
-  return config->psk.size();
-}
-
-static unsigned PskServerCallback(SSL *ssl, const char *identity,
-                                  uint8_t *out_psk, unsigned max_psk_len) {
-  const TestConfig *config = GetTestConfig(ssl);
-
-  if (strcmp(identity, config->psk_identity.c_str()) != 0) {
-    fprintf(stderr, "Client PSK identity did not match.\n");
-    return 0;
-  }
-
-  if (config->psk.size() > max_psk_len) {
-    fprintf(stderr, "PSK buffers too small\n");
-    return 0;
-  }
-
-  memcpy(out_psk, config->psk.data(), config->psk.size());
-  return config->psk.size();
-}
-
-static int CertCallback(SSL *ssl, void *arg) {
-  const TestConfig *config = GetTestConfig(ssl);
-
-  // Check the CertificateRequest metadata is as expected.
-  //
-  // TODO(davidben): Test |SSL_get_client_CA_list|.
-  if (!SSL_is_server(ssl) &&
-      !config->expected_certificate_types.empty()) {
-    const uint8_t *certificate_types;
-    size_t certificate_types_len =
-        SSL_get0_certificate_types(ssl, &certificate_types);
-    if (certificate_types_len != config->expected_certificate_types.size() ||
-        memcmp(certificate_types,
-               config->expected_certificate_types.data(),
-               certificate_types_len) != 0) {
-      fprintf(stderr, "certificate types mismatch\n");
-      return 0;
-    }
-  }
-
-  // The certificate will be installed via other means.
-  if (!config->async ||
-      config->use_old_client_cert_callback) {
-    return 1;
-  }
-
-  if (!GetTestState(ssl)->cert_ready) {
-    return -1;
-  }
-  if (!InstallCertificate(ssl)) {
-    return 0;
-  }
-  return 1;
-}
-
-static void InfoCallback(const SSL *ssl, int type, int val) {
-  if (type == SSL_CB_HANDSHAKE_DONE) {
-    if (GetTestConfig(ssl)->handshake_never_done) {
-      fprintf(stderr, "Handshake unexpectedly completed.\n");
-      // Abort before any expected error code is printed, to ensure the overall
-      // test fails.
-      abort();
-    }
-    GetTestState(ssl)->handshake_done = true;
-
-    // Callbacks may be called again on a new handshake.
-    GetTestState(ssl)->ticket_decrypt_done = false;
-    GetTestState(ssl)->alpn_select_done = false;
-  }
-}
-
-static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) {
-  GetTestState(ssl)->got_new_session = true;
-  GetTestState(ssl)->new_session.reset(session);
-  return 1;
-}
-
-static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv,
-                             EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx,
-                             int encrypt) {
-  OSSL_PARAM params[2], *p = params;
-
-  if (!encrypt) {
-    if (GetTestState(ssl)->ticket_decrypt_done) {
-      fprintf(stderr, "TicketKeyCallback called after completion.\n");
-      return -1;
-    }
-
-    GetTestState(ssl)->ticket_decrypt_done = true;
-  }
-
-  // This is just test code, so use the all-zeros key.
-  static const uint8_t kZeros[16] = {0};
-
-  if (encrypt) {
-    memcpy(key_name, kZeros, sizeof(kZeros));
-    RAND_bytes(iv, 16);
-  } else if (memcmp(key_name, kZeros, 16) != 0) {
-    return 0;
-  }
-
-  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
-                                          const_cast<char *>("SHA256"), 0);
-  *p = OSSL_PARAM_construct_end();
-
-  if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt)
-      || !EVP_MAC_init(hmac_ctx, kZeros, sizeof(kZeros), params)) {
-    return -1;
-  }
-
-  if (!encrypt) {
-    return GetTestConfig(ssl)->renew_ticket ? 2 : 1;
-  }
-  return 1;
-}
-
-// kCustomExtensionValue is the extension value that the custom extension
-// callbacks will add.
-static const uint16_t kCustomExtensionValue = 1234;
-static void *const kCustomExtensionAddArg =
-    reinterpret_cast<void *>(kCustomExtensionValue);
-static void *const kCustomExtensionParseArg =
-    reinterpret_cast<void *>(kCustomExtensionValue + 1);
-static const char kCustomExtensionContents[] = "custom extension";
-
-static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value,
-                                      const uint8_t **out, size_t *out_len,
-                                      int *out_alert_value, void *add_arg) {
-  if (extension_value != kCustomExtensionValue ||
-      add_arg != kCustomExtensionAddArg) {
-    abort();
-  }
-
-  if (GetTestConfig(ssl)->custom_extension_skip) {
-    return 0;
-  }
-  if (GetTestConfig(ssl)->custom_extension_fail_add) {
-    return -1;
-  }
-
-  *out = reinterpret_cast<const uint8_t*>(kCustomExtensionContents);
-  *out_len = sizeof(kCustomExtensionContents) - 1;
-
-  return 1;
-}
-
-static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value,
-                                        const uint8_t *out, void *add_arg) {
-  if (extension_value != kCustomExtensionValue ||
-      add_arg != kCustomExtensionAddArg ||
-      out != reinterpret_cast<const uint8_t *>(kCustomExtensionContents)) {
-    abort();
-  }
-}
-
-static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value,
-                                        const uint8_t *contents,
-                                        size_t contents_len,
-                                        int *out_alert_value, void *parse_arg) {
-  if (extension_value != kCustomExtensionValue ||
-      parse_arg != kCustomExtensionParseArg) {
-    abort();
-  }
-
-  if (contents_len != sizeof(kCustomExtensionContents) - 1 ||
-      memcmp(contents, kCustomExtensionContents, contents_len) != 0) {
-    *out_alert_value = SSL_AD_DECODE_ERROR;
-    return 0;
-  }
-
-  return 1;
-}
-
-static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) {
-  // SNI must be accessible from the SNI callback.
-  const TestConfig *config = GetTestConfig(ssl);
-  const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
-  if (server_name == nullptr ||
-      std::string(server_name) != config->expected_server_name) {
-    fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name,
-            config->expected_server_name.c_str());
-    return SSL_TLSEXT_ERR_ALERT_FATAL;
-  }
-
-  return SSL_TLSEXT_ERR_OK;
-}
-
-// Connect returns a new socket connected to localhost on |port| or -1 on
-// error.
-static int Connect(uint16_t port) {
-  int sock = socket(AF_INET, SOCK_STREAM, 0);
-  if (sock == -1) {
-    PrintSocketError("socket");
-    return -1;
-  }
-  int nodelay = 1;
-  if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
-          reinterpret_cast<const char*>(&nodelay), sizeof(nodelay)) != 0) {
-    PrintSocketError("setsockopt");
-    closesocket(sock);
-    return -1;
-  }
-  sockaddr_in sin;
-  memset(&sin, 0, sizeof(sin));
-  sin.sin_family = AF_INET;
-  sin.sin_port = htons(port);
-  if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
-    PrintSocketError("inet_pton");
-    closesocket(sock);
-    return -1;
-  }
-  if (connect(sock, reinterpret_cast<const sockaddr*>(&sin),
-              sizeof(sin)) != 0) {
-    PrintSocketError("connect");
-    closesocket(sock);
-    return -1;
-  }
-  return sock;
-}
-
-class SocketCloser {
- public:
-  explicit SocketCloser(int sock) : sock_(sock) {}
-  ~SocketCloser() {
-    // Half-close and drain the socket before releasing it. This seems to be
-    // necessary for graceful shutdown on Windows. It will also avoid write
-    // failures in the test runner.
-#if defined(OPENSSL_SYS_WINDOWS)
-    shutdown(sock_, SD_SEND);
-#else
-    shutdown(sock_, SHUT_WR);
-#endif
-    while (true) {
-      char buf[1024];
-      if (recv(sock_, buf, sizeof(buf), 0) <= 0) {
-        break;
-      }
-    }
-    closesocket(sock_);
-  }
-
- private:
-  const int sock_;
-};
-
-static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
-  const char sess_id_ctx[] = "ossl_shim";
-  bssl::UniquePtr<SSL_CTX> ssl_ctx(SSL_CTX_new(
-      config->is_dtls ? DTLS_method() : TLS_method()));
-  if (!ssl_ctx) {
-    return nullptr;
-  }
-
-  SSL_CTX_set_security_level(ssl_ctx.get(), 0);
-#if 0
-  /* Disabled for now until we have some TLS1.3 support */
-  // Enable TLS 1.3 for tests.
-  if (!config->is_dtls &&
-      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) {
-    return nullptr;
-  }
-#else
-  /* Ensure we don't negotiate TLSv1.3 until we can handle it */
-  if (!config->is_dtls &&
-      !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) {
-    return nullptr;
-  }
-#endif
-
-  std::string cipher_list = "ALL";
-  if (!config->cipher.empty()) {
-    cipher_list = config->cipher;
-    SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE);
-  }
-  if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) {
-    return nullptr;
-  }
-
-  DH *tmpdh;
-
-  if (config->use_sparse_dh_prime) {
-    BIGNUM *p, *g;
-    p = BN_new();
-    g = BN_new();
-    tmpdh = DH_new();
-    if (p == NULL || g == NULL || tmpdh == NULL) {
-        BN_free(p);
-        BN_free(g);
-        DH_free(tmpdh);
-        return nullptr;
-    }
-    // This prime number is 2^1024 + 643 – a value just above a power of two.
-    // Because of its form, values modulo it are essentially certain to be one
-    // byte shorter. This is used to test padding of these values.
-    if (BN_hex2bn(
-            &p,
-            "1000000000000000000000000000000000000000000000000000000000000000"
-            "0000000000000000000000000000000000000000000000000000000000000000"
-            "0000000000000000000000000000000000000000000000000000000000000000"
-            "0000000000000000000000000000000000000000000000000000000000000028"
-            "3") == 0 ||
-        !BN_set_word(g, 2)) {
-      BN_free(p);
-      BN_free(g);
-      DH_free(tmpdh);
-      return nullptr;
-    }
-    DH_set0_pqg(tmpdh, p, NULL, g);
-  } else {
-      tmpdh = DH_get_2048_256();
-  }
-
-  bssl::UniquePtr<DH> dh(tmpdh);
-
-  if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) {
-    return nullptr;
-  }
-
-  SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH);
-
-  if (config->use_old_client_cert_callback) {
-    SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
-  }
-
-  SSL_CTX_set_npn_advertised_cb(
-      ssl_ctx.get(), NextProtosAdvertisedCallback, NULL);
-  if (!config->select_next_proto.empty()) {
-    SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
-                                     NULL);
-  }
-
-  if (!config->select_alpn.empty() || config->decline_alpn) {
-    SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL);
-  }
-
-  SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback);
-  SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
-
-  if (config->use_ticket_callback) {
-    SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback);
-  }
-
-  if (config->enable_client_custom_extension &&
-      !SSL_CTX_add_client_custom_ext(
-          ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
-          CustomExtensionFreeCallback, kCustomExtensionAddArg,
-          CustomExtensionParseCallback, kCustomExtensionParseArg)) {
-    return nullptr;
-  }
-
-  if (config->enable_server_custom_extension &&
-      !SSL_CTX_add_server_custom_ext(
-          ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback,
-          CustomExtensionFreeCallback, kCustomExtensionAddArg,
-          CustomExtensionParseCallback, kCustomExtensionParseArg)) {
-    return nullptr;
-  }
-
-  if (config->verify_fail) {
-    SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL);
-  } else {
-    SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL);
-  }
-
-  if (config->use_null_client_ca_list) {
-    SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr);
-  }
-
-  if (!SSL_CTX_set_session_id_context(ssl_ctx.get(),
-                                      (const unsigned char *)sess_id_ctx,
-                                      sizeof(sess_id_ctx) - 1))
-    return nullptr;
-
-  if (!config->expected_server_name.empty()) {
-    SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback);
-  }
-
-  return ssl_ctx;
-}
-
-// RetryAsync is called after a failed operation on |ssl| with return code
-// |ret|. If the operation should be retried, it simulates one asynchronous
-// event and returns true. Otherwise it returns false.
-static bool RetryAsync(SSL *ssl, int ret) {
-  // No error; don't retry.
-  if (ret >= 0) {
-    return false;
-  }
-
-  TestState *test_state = GetTestState(ssl);
-  assert(GetTestConfig(ssl)->async);
-
-  if (test_state->packeted_bio != nullptr &&
-      PacketedBioAdvanceClock(test_state->packeted_bio)) {
-    // The DTLS retransmit logic silently ignores write failures. So the test
-    // may progress, allow writes through synchronously.
-    AsyncBioEnforceWriteQuota(test_state->async_bio, false);
-    int timeout_ret = DTLSv1_handle_timeout(ssl);
-    AsyncBioEnforceWriteQuota(test_state->async_bio, true);
-
-    if (timeout_ret < 0) {
-      fprintf(stderr, "Error retransmitting.\n");
-      return false;
-    }
-    return true;
-  }
-
-  // See if we needed to read or write more. If so, allow one byte through on
-  // the appropriate end to maximally stress the state machine.
-  switch (SSL_get_error(ssl, ret)) {
-    case SSL_ERROR_WANT_READ:
-      AsyncBioAllowRead(test_state->async_bio, 1);
-      return true;
-    case SSL_ERROR_WANT_WRITE:
-      AsyncBioAllowWrite(test_state->async_bio, 1);
-      return true;
-    case SSL_ERROR_WANT_X509_LOOKUP:
-      test_state->cert_ready = true;
-      return true;
-    default:
-      return false;
-  }
-}
-
-// DoRead reads from |ssl|, resolving any asynchronous operations. It returns
-// the result value of the final |SSL_read| call.
-static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) {
-  const TestConfig *config = GetTestConfig(ssl);
-  TestState *test_state = GetTestState(ssl);
-  int ret;
-  do {
-    if (config->async) {
-      // The DTLS retransmit logic silently ignores write failures. So the test
-      // may progress, allow writes through synchronously. |SSL_read| may
-      // trigger a retransmit, so disconnect the write quota.
-      AsyncBioEnforceWriteQuota(test_state->async_bio, false);
-    }
-    ret = config->peek_then_read ? SSL_peek(ssl, out, max_out)
-                                 : SSL_read(ssl, out, max_out);
-    if (config->async) {
-      AsyncBioEnforceWriteQuota(test_state->async_bio, true);
-    }
-  } while (config->async && RetryAsync(ssl, ret));
-
-  if (config->peek_then_read && ret > 0) {
-    std::unique_ptr<uint8_t[]> buf(new uint8_t[static_cast<size_t>(ret)]);
-
-    // SSL_peek should synchronously return the same data.
-    int ret2 = SSL_peek(ssl, buf.get(), ret);
-    if (ret2 != ret ||
-        memcmp(buf.get(), out, ret) != 0) {
-      fprintf(stderr, "First and second SSL_peek did not match.\n");
-      return -1;
-    }
-
-    // SSL_read should synchronously return the same data and consume it.
-    ret2 = SSL_read(ssl, buf.get(), ret);
-    if (ret2 != ret ||
-        memcmp(buf.get(), out, ret) != 0) {
-      fprintf(stderr, "SSL_peek and SSL_read did not match.\n");
-      return -1;
-    }
-  }
-
-  return ret;
-}
-
-// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous
-// operations. It returns the result of the final |SSL_write| call.
-static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) {
-  const TestConfig *config = GetTestConfig(ssl);
-  int ret;
-  do {
-    ret = SSL_write(ssl, in, in_len);
-    if (ret > 0) {
-      in += ret;
-      in_len -= ret;
-    }
-  } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0));
-  return ret;
-}
-
-// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It
-// returns the result of the final |SSL_shutdown| call.
-static int DoShutdown(SSL *ssl) {
-  const TestConfig *config = GetTestConfig(ssl);
-  int ret;
-  do {
-    ret = SSL_shutdown(ssl);
-  } while (config->async && RetryAsync(ssl, ret));
-  return ret;
-}
-
-static uint16_t GetProtocolVersion(const SSL *ssl) {
-  uint16_t version = SSL_version(ssl);
-  if (!SSL_is_dtls(ssl)) {
-    return version;
-  }
-  return 0x0201 + ~version;
-}
-
-// CheckHandshakeProperties checks, immediately after |ssl| completes its
-// initial handshake (or False Starts), whether all the properties are
-// consistent with the test configuration and invariants.
-static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) {
-  const TestConfig *config = GetTestConfig(ssl);
-
-  if (SSL_get_current_cipher(ssl) == nullptr) {
-    fprintf(stderr, "null cipher after handshake\n");
-    return false;
-  }
-
-  if (is_resume &&
-      (!!SSL_session_reused(ssl) == config->expect_session_miss)) {
-    fprintf(stderr, "session was%s reused\n",
-            SSL_session_reused(ssl) ? "" : " not");
-    return false;
-  }
-
-  if (!GetTestState(ssl)->handshake_done) {
-    fprintf(stderr, "handshake was not completed\n");
-    return false;
-  }
-
-  if (!config->is_server) {
-    bool expect_new_session =
-        !config->expect_no_session &&
-        (!SSL_session_reused(ssl) || config->expect_ticket_renewal) &&
-        // Session tickets are sent post-handshake in TLS 1.3.
-        GetProtocolVersion(ssl) < TLS1_3_VERSION;
-    if (expect_new_session != GetTestState(ssl)->got_new_session) {
-      fprintf(stderr,
-              "new session was%s cached, but we expected the opposite\n",
-              GetTestState(ssl)->got_new_session ? "" : " not");
-      return false;
-    }
-  }
-
-  if (!config->expected_server_name.empty()) {
-    const char *server_name =
-        SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
-    if (server_name == nullptr ||
-            std::string(server_name) != config->expected_server_name) {
-      fprintf(stderr, "servername mismatch (got %s; want %s)\n",
-              server_name, config->expected_server_name.c_str());
-      return false;
-    }
-  }
-
-  if (!config->expected_next_proto.empty()) {
-    const uint8_t *next_proto;
-    unsigned next_proto_len;
-    SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
-    if (next_proto_len != config->expected_next_proto.size() ||
-        memcmp(next_proto, config->expected_next_proto.data(),
-               next_proto_len) != 0) {
-      fprintf(stderr, "negotiated next proto mismatch\n");
-      return false;
-    }
-  }
-
-  if (!config->expected_alpn.empty()) {
-    const uint8_t *alpn_proto;
-    unsigned alpn_proto_len;
-    SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);
-    if (alpn_proto_len != config->expected_alpn.size() ||
-        memcmp(alpn_proto, config->expected_alpn.data(),
-               alpn_proto_len) != 0) {
-      fprintf(stderr, "negotiated alpn proto mismatch\n");
-      return false;
-    }
-  }
-
-  if (config->expect_extended_master_secret) {
-    if (!SSL_get_extms_support(ssl)) {
-      fprintf(stderr, "No EMS for connection when expected");
-      return false;
-    }
-  }
-
-  if (config->expect_verify_result) {
-    int expected_verify_result = config->verify_fail ?
-      X509_V_ERR_APPLICATION_VERIFICATION :
-      X509_V_OK;
-
-    if (SSL_get_verify_result(ssl) != expected_verify_result) {
-      fprintf(stderr, "Wrong certificate verification result\n");
-      return false;
-    }
-  }
-
-  if (!config->psk.empty()) {
-    if (SSL_get_peer_cert_chain(ssl) != nullptr) {
-      fprintf(stderr, "Received peer certificate on a PSK cipher.\n");
-      return false;
-    }
-  } else if (!config->is_server || config->require_any_client_certificate) {
-    if (SSL_get0_peer_certificate(ssl) == nullptr) {
-      fprintf(stderr, "Received no peer certificate but expected one.\n");
-      return false;
-    }
-  }
-
-  return true;
-}
-
-// DoExchange runs a test SSL exchange against the peer. On success, it returns
-// true and sets |*out_session| to the negotiated SSL session. If the test is a
-// resumption attempt, |is_resume| is true and |session| is the session from the
-// previous exchange.
-static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
-                       SSL_CTX *ssl_ctx, const TestConfig *config,
-                       bool is_resume, SSL_SESSION *session) {
-  bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx));
-  if (!ssl) {
-    return false;
-  }
-
-  if (!SetTestConfig(ssl.get(), config) ||
-      !SetTestState(ssl.get(), std::unique_ptr<TestState>(new TestState))) {
-    return false;
-  }
-
-  if (config->fallback_scsv &&
-      !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) {
-    return false;
-  }
-  // Install the certificate synchronously if nothing else will handle it.
-  if (!config->use_old_client_cert_callback &&
-      !config->async &&
-      !InstallCertificate(ssl.get())) {
-    return false;
-  }
-  SSL_set_cert_cb(ssl.get(), CertCallback, nullptr);
-  if (config->require_any_client_certificate) {
-    SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-                   NULL);
-  }
-  if (config->verify_peer) {
-    SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL);
-  }
-  if (config->partial_write) {
-    SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE);
-  }
-  if (config->no_tls13) {
-    SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3);
-  }
-  if (config->no_tls12) {
-    SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2);
-  }
-  if (config->no_tls11) {
-    SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1);
-  }
-  if (config->no_tls1) {
-    SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1);
-  }
-  if (config->no_ssl3) {
-    SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
-  }
-  if (!config->host_name.empty() &&
-      !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) {
-    return false;
-  }
-  if (!config->advertise_alpn.empty() &&
-      SSL_set_alpn_protos(ssl.get(),
-                          (const uint8_t *)config->advertise_alpn.data(),
-                          config->advertise_alpn.size()) != 0) {
-    return false;
-  }
-  if (!config->psk.empty()) {
-    SSL_set_psk_client_callback(ssl.get(), PskClientCallback);
-    SSL_set_psk_server_callback(ssl.get(), PskServerCallback);
-  }
-  if (!config->psk_identity.empty() &&
-      !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) {
-    return false;
-  }
-  if (!config->srtp_profiles.empty() &&
-      SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) {
-    return false;
-  }
-  if (config->min_version != 0 &&
-      !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) {
-    return false;
-  }
-  if (config->max_version != 0 &&
-      !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) {
-    return false;
-  }
-  if (config->mtu != 0) {
-    SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU);
-    SSL_set_mtu(ssl.get(), config->mtu);
-  }
-  if (config->renegotiate_freely) {
-    // This is always on for OpenSSL.
-  }
-  if (!config->check_close_notify) {
-    SSL_set_quiet_shutdown(ssl.get(), 1);
-  }
-  if (config->p384_only) {
-    int nid = NID_secp384r1;
-    if (!SSL_set1_curves(ssl.get(), &nid, 1)) {
-      return false;
-    }
-  }
-  if (config->enable_all_curves) {
-    static const int kAllCurves[] = {
-      NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1
-    };
-    if (!SSL_set1_curves(ssl.get(), kAllCurves,
-                         OPENSSL_ARRAY_SIZE(kAllCurves))) {
-      return false;
-    }
-  }
-  if (config->max_cert_list > 0) {
-    SSL_set_max_cert_list(ssl.get(), config->max_cert_list);
-  }
-
-  if (!config->async) {
-    SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY);
-  }
-
-  int sock = Connect(config->port);
-  if (sock == -1) {
-    return false;
-  }
-  SocketCloser closer(sock);
-
-  bssl::UniquePtr<BIO> bio(BIO_new_socket(sock, BIO_NOCLOSE));
-  if (!bio) {
-    return false;
-  }
-  if (config->is_dtls) {
-    bssl::UniquePtr<BIO> packeted = PacketedBioCreate(!config->async);
-    if (!packeted) {
-      return false;
-    }
-    GetTestState(ssl.get())->packeted_bio = packeted.get();
-    BIO_push(packeted.get(), bio.release());
-    bio = std::move(packeted);
-  }
-  if (config->async) {
-    bssl::UniquePtr<BIO> async_scoped =
-        config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate();
-    if (!async_scoped) {
-      return false;
-    }
-    BIO_push(async_scoped.get(), bio.release());
-    GetTestState(ssl.get())->async_bio = async_scoped.get();
-    bio = std::move(async_scoped);
-  }
-  SSL_set_bio(ssl.get(), bio.get(), bio.get());
-  bio.release();  // SSL_set_bio takes ownership.
-
-  if (session != NULL) {
-    if (!config->is_server) {
-      if (SSL_set_session(ssl.get(), session) != 1) {
-        return false;
-      }
-    }
-  }
-
-#if 0
-  // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when
-  // offering resumption.
-  if (SSL_get_current_cipher(ssl.get()) != nullptr) {
-    fprintf(stderr, "non-null cipher before handshake\n");
-    return false;
-  }
-#endif
-
-  int ret;
-  if (config->implicit_handshake) {
-    if (config->is_server) {
-      SSL_set_accept_state(ssl.get());
-    } else {
-      SSL_set_connect_state(ssl.get());
-    }
-  } else {
-    do {
-      if (config->is_server) {
-        ret = SSL_accept(ssl.get());
-      } else {
-        ret = SSL_connect(ssl.get());
-      }
-    } while (config->async && RetryAsync(ssl.get(), ret));
-    if (ret != 1 ||
-        !CheckHandshakeProperties(ssl.get(), is_resume)) {
-      fprintf(stderr, "resumption check failed\n");
-      return false;
-    }
-
-    // Reset the state to assert later that the callback isn't called in
-    // renegotiations.
-    GetTestState(ssl.get())->got_new_session = false;
-  }
-
-  if (config->export_keying_material > 0) {
-    std::vector<uint8_t> result(
-        static_cast<size_t>(config->export_keying_material));
-    if (SSL_export_keying_material(
-            ssl.get(), result.data(), result.size(),
-            config->export_label.data(), config->export_label.size(),
-            reinterpret_cast<const uint8_t*>(config->export_context.data()),
-            config->export_context.size(), config->use_export_context) != 1) {
-      fprintf(stderr, "failed to export keying material\n");
-      return false;
-    }
-    if (WriteAll(ssl.get(), result.data(), result.size()) < 0) {
-      fprintf(stderr, "writing exported key material failed\n");
-      return false;
-    }
-  }
-
-  if (config->write_different_record_sizes) {
-    if (config->is_dtls) {
-      fprintf(stderr, "write_different_record_sizes not supported for DTLS\n");
-      return false;
-    }
-    // This mode writes a number of different record sizes in an attempt to
-    // trip up the CBC record splitting code.
-    static const size_t kBufLen = 32769;
-    std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
-    memset(buf.get(), 0x42, kBufLen);
-    static const size_t kRecordSizes[] = {
-        0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};
-    for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) {
-      const size_t len = kRecordSizes[i];
-      if (len > kBufLen) {
-        fprintf(stderr, "Bad kRecordSizes value.\n");
-        return false;
-      }
-      if (WriteAll(ssl.get(), buf.get(), len) < 0) {
-        return false;
-      }
-    }
-  } else {
-    if (config->shim_writes_first) {
-      if (WriteAll(ssl.get(), reinterpret_cast<const uint8_t *>("hello"),
-                   5) < 0) {
-        fprintf(stderr, "shim_writes_first write failed\n");
-        return false;
-      }
-    }
-    if (!config->shim_shuts_down) {
-      for (;;) {
-        static const size_t kBufLen = 16384;
-        std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
-
-        // Read only 512 bytes at a time in TLS to ensure records may be
-        // returned in multiple reads.
-        int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512);
-        int err = SSL_get_error(ssl.get(), n);
-        if (err == SSL_ERROR_ZERO_RETURN ||
-            (n == 0 && err == SSL_ERROR_SYSCALL)) {
-          if (n != 0) {
-            fprintf(stderr, "Invalid SSL_get_error output\n");
-            return false;
-          }
-          // Stop on either clean or unclean shutdown.
-          break;
-        } else if (err != SSL_ERROR_NONE) {
-          if (n > 0) {
-            fprintf(stderr, "Invalid SSL_get_error output\n");
-            return false;
-          }
-          fprintf(stderr, "Unexpected entry in error queue\n");
-          return false;
-        }
-        // Successfully read data.
-        if (n <= 0) {
-          fprintf(stderr, "Invalid SSL_get_error output\n");
-          return false;
-        }
-
-        // After a successful read, with or without False Start, the handshake
-        // must be complete.
-        if (!GetTestState(ssl.get())->handshake_done) {
-          fprintf(stderr, "handshake was not completed after SSL_read\n");
-          return false;
-        }
-
-        for (int i = 0; i < n; i++) {
-          buf[i] ^= 0xff;
-        }
-        if (WriteAll(ssl.get(), buf.get(), n) < 0) {
-          fprintf(stderr, "write of inverted bitstream failed\n");
-          return false;
-        }
-      }
-    }
-  }
-
-  if (!config->is_server &&
-      !config->implicit_handshake &&
-      // Session tickets are sent post-handshake in TLS 1.3.
-      GetProtocolVersion(ssl.get()) < TLS1_3_VERSION &&
-      GetTestState(ssl.get())->got_new_session) {
-    fprintf(stderr, "new session was established after the handshake\n");
-    return false;
-  }
-
-  if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) {
-    bool expect_new_session =
-        !config->expect_no_session && !config->shim_shuts_down;
-    if (expect_new_session != GetTestState(ssl.get())->got_new_session) {
-      fprintf(stderr,
-              "new session was%s cached, but we expected the opposite\n",
-              GetTestState(ssl.get())->got_new_session ? "" : " not");
-      return false;
-    }
-  }
-
-  if (out_session) {
-    *out_session = std::move(GetTestState(ssl.get())->new_session);
-  }
-
-  ret = DoShutdown(ssl.get());
-
-  if (config->shim_shuts_down && config->check_close_notify) {
-    // We initiate shutdown, so |SSL_shutdown| will return in two stages. First
-    // it returns zero when our close_notify is sent, then one when the peer's
-    // is received.
-    if (ret != 0) {
-      fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret);
-      return false;
-    }
-    ret = DoShutdown(ssl.get());
-  }
-
-  if (ret != 1) {
-    fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret);
-    return false;
-  }
-
-  if (SSL_total_renegotiations(ssl.get()) !=
-      config->expect_total_renegotiations) {
-    fprintf(stderr, "Expected %d renegotiations, got %ld\n",
-            config->expect_total_renegotiations,
-            SSL_total_renegotiations(ssl.get()));
-    return false;
-  }
-
-  return true;
-}
-
-class StderrDelimiter {
- public:
-  ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); }
-};
-
-static int Main(int argc, char **argv) {
-  // To distinguish ASan's output from ours, add a trailing message to stderr.
-  // Anything following this line will be considered an error.
-  StderrDelimiter delimiter;
-
-#if defined(OPENSSL_SYS_WINDOWS)
-  /* Initialize Winsock. */
-  WORD wsa_version = MAKEWORD(2, 2);
-  WSADATA wsa_data;
-  int wsa_err = WSAStartup(wsa_version, &wsa_data);
-  if (wsa_err != 0) {
-    fprintf(stderr, "WSAStartup failed: %d\n", wsa_err);
-    return 1;
-  }
-  if (wsa_data.wVersion != wsa_version) {
-    fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion);
-    return 1;
-  }
-#else
-  signal(SIGPIPE, SIG_IGN);
-#endif
-
-  OPENSSL_init_crypto(0, NULL);
-  OPENSSL_init_ssl(0, NULL);
-  g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
-  g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree);
-  if (g_config_index < 0 || g_state_index < 0) {
-    return 1;
-  }
-
-  TestConfig config;
-  if (!ParseConfig(argc - 1, argv + 1, &config)) {
-    return Usage(argv[0]);
-  }
-
-  bssl::UniquePtr<SSL_CTX> ssl_ctx = SetupCtx(&config);
-  if (!ssl_ctx) {
-    ERR_print_errors_fp(stderr);
-    return 1;
-  }
-
-  bssl::UniquePtr<SSL_SESSION> session;
-  for (int i = 0; i < config.resume_count + 1; i++) {
-    bool is_resume = i > 0;
-    if (is_resume && !config.is_server && !session) {
-      fprintf(stderr, "No session to offer.\n");
-      return 1;
-    }
-
-    bssl::UniquePtr<SSL_SESSION> offer_session = std::move(session);
-    if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume,
-                    offer_session.get())) {
-      fprintf(stderr, "Connection %d failed.\n", i + 1);
-      ERR_print_errors_fp(stderr);
-      return 1;
-    }
-  }
-
-  return 0;
-}
-
-}  // namespace bssl
-
-int main(int argc, char **argv) {
-  return bssl::Main(argc, argv);
-}
diff --git a/test/ossl_shim/packeted_bio.cc b/test/ossl_shim/packeted_bio.cc
deleted file mode 100644
index b5286d3e7c..0000000000
--- a/test/ossl_shim/packeted_bio.cc
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "packeted_bio.h"
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-
-
-namespace {
-
-const uint8_t kOpcodePacket = 'P';
-const uint8_t kOpcodeTimeout = 'T';
-const uint8_t kOpcodeTimeoutAck = 't';
-
-struct PacketedBio {
-  explicit PacketedBio(bool advance_clock_arg)
-      : advance_clock(advance_clock_arg) {
-    memset(&timeout, 0, sizeof(timeout));
-    memset(&clock, 0, sizeof(clock));
-    memset(&read_deadline, 0, sizeof(read_deadline));
-  }
-
-  bool HasTimeout() const {
-    return timeout.tv_sec != 0 || timeout.tv_usec != 0;
-  }
-
-  bool CanRead() const {
-    if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) {
-      return true;
-    }
-
-    if (clock.tv_sec == read_deadline.tv_sec) {
-      return clock.tv_usec < read_deadline.tv_usec;
-    }
-    return clock.tv_sec < read_deadline.tv_sec;
-  }
-
-  timeval timeout;
-  timeval clock;
-  timeval read_deadline;
-  bool advance_clock;
-};
-
-PacketedBio *GetData(BIO *bio) {
-  return (PacketedBio *)BIO_get_data(bio);
-}
-
-const PacketedBio *GetData(const BIO *bio) {
-  return GetData(const_cast<BIO*>(bio));
-}
-
-// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and
-// 0 or -1 on error.
-static int ReadAll(BIO *bio, uint8_t *out, size_t len) {
-  while (len > 0) {
-    int chunk_len = INT_MAX;
-    if (len <= INT_MAX) {
-      chunk_len = (int)len;
-    }
-    int ret = BIO_read(bio, out, chunk_len);
-    if (ret <= 0) {
-      return ret;
-    }
-    out += ret;
-    len -= ret;
-  }
-  return 1;
-}
-
-static int PacketedWrite(BIO *bio, const char *in, int inl) {
-  if (BIO_next(bio) == NULL) {
-    return 0;
-  }
-
-  BIO_clear_retry_flags(bio);
-
-  // Write the header.
-  uint8_t header[5];
-  header[0] = kOpcodePacket;
-  header[1] = (inl >> 24) & 0xff;
-  header[2] = (inl >> 16) & 0xff;
-  header[3] = (inl >> 8) & 0xff;
-  header[4] = inl & 0xff;
-  int ret = BIO_write(BIO_next(bio), header, sizeof(header));
-  if (ret <= 0) {
-    BIO_copy_next_retry(bio);
-    return ret;
-  }
-
-  // Write the buffer.
-  ret = BIO_write(BIO_next(bio), in, inl);
-  if (ret < 0 || (inl > 0 && ret == 0)) {
-    BIO_copy_next_retry(bio);
-    return ret;
-  }
-  assert(ret == inl);
-  return ret;
-}
-
-static int PacketedRead(BIO *bio, char *out, int outl) {
-  PacketedBio *data = GetData(bio);
-  if (BIO_next(bio) == NULL) {
-    return 0;
-  }
-
-  BIO_clear_retry_flags(bio);
-
-  for (;;) {
-    // Check if the read deadline has passed.
-    if (!data->CanRead()) {
-      BIO_set_retry_read(bio);
-      return -1;
-    }
-
-    // Read the opcode.
-    uint8_t opcode;
-    int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode));
-    if (ret <= 0) {
-      BIO_copy_next_retry(bio);
-      return ret;
-    }
-
-    if (opcode == kOpcodeTimeout) {
-      // The caller is required to advance any pending timeouts before
-      // continuing.
-      if (data->HasTimeout()) {
-        fprintf(stderr, "Unprocessed timeout!\n");
-        return -1;
-      }
-
-      // Process the timeout.
-      uint8_t buf[8];
-      ret = ReadAll(BIO_next(bio), buf, sizeof(buf));
-      if (ret <= 0) {
-        BIO_copy_next_retry(bio);
-        return ret;
-      }
-      uint64_t timeout = (static_cast<uint64_t>(buf[0]) << 56) |
-          (static_cast<uint64_t>(buf[1]) << 48) |
-          (static_cast<uint64_t>(buf[2]) << 40) |
-          (static_cast<uint64_t>(buf[3]) << 32) |
-          (static_cast<uint64_t>(buf[4]) << 24) |
-          (static_cast<uint64_t>(buf[5]) << 16) |
-          (static_cast<uint64_t>(buf[6]) << 8) |
-          static_cast<uint64_t>(buf[7]);
-      timeout /= 1000;  // Convert nanoseconds to microseconds.
-
-      data->timeout.tv_usec = timeout % 1000000;
-      data->timeout.tv_sec = timeout / 1000000;
-
-      // Send an ACK to the peer.
-      ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1);
-      if (ret <= 0) {
-        return ret;
-      }
-      assert(ret == 1);
-
-      if (!data->advance_clock) {
-        // Signal to the caller to retry the read, after advancing the clock.
-        BIO_set_retry_read(bio);
-        return -1;
-      }
-
-      PacketedBioAdvanceClock(bio);
-      continue;
-    }
-
-    if (opcode != kOpcodePacket) {
-      fprintf(stderr, "Unknown opcode, %u\n", opcode);
-      return -1;
-    }
-
-    // Read the length prefix.
-    uint8_t len_bytes[4];
-    ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes));
-    if (ret <= 0) {
-      BIO_copy_next_retry(bio);
-      return ret;
-    }
-
-    uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) |
-        (len_bytes[2] << 8) | len_bytes[3];
-    uint8_t *buf = (uint8_t *)OPENSSL_malloc(len);
-    if (buf == NULL) {
-      return -1;
-    }
-    ret = ReadAll(BIO_next(bio), buf, len);
-    if (ret <= 0) {
-      fprintf(stderr, "Packeted BIO was truncated\n");
-      return -1;
-    }
-
-    if (outl > (int)len) {
-      outl = len;
-    }
-    memcpy(out, buf, outl);
-    OPENSSL_free(buf);
-    return outl;
-  }
-}
-
-static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
-  if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
-    memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
-    return 1;
-  }
-
-  if (BIO_next(bio) == NULL) {
-    return 0;
-  }
-  BIO_clear_retry_flags(bio);
-  int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
-  BIO_copy_next_retry(bio);
-  return ret;
-}
-
-static int PacketedNew(BIO *bio) {
-  BIO_set_init(bio, 1);
-  return 1;
-}
-
-static int PacketedFree(BIO *bio) {
-  if (bio == NULL) {
-    return 0;
-  }
-
-  delete GetData(bio);
-  BIO_set_init(bio, 0);
-  return 1;
-}
-
-static long PacketedCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp)
-{
-  if (BIO_next(bio) == NULL)
-    return 0;
-  return BIO_callback_ctrl(BIO_next(bio), cmd, fp);
-}
-
-static BIO_METHOD *g_packeted_bio_method = NULL;
-
-static const BIO_METHOD *PacketedMethod(void)
-{
-  if (g_packeted_bio_method == NULL) {
-    g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio");
-    if (   g_packeted_bio_method == NULL
-        || !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite)
-        || !BIO_meth_set_read(g_packeted_bio_method, PacketedRead)
-        || !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl)
-        || !BIO_meth_set_create(g_packeted_bio_method, PacketedNew)
-        || !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree)
-        || !BIO_meth_set_callback_ctrl(g_packeted_bio_method,
-                                       PacketedCallbackCtrl))
-    return NULL;
-  }
-  return g_packeted_bio_method;
-}
-}  // namespace
-
-bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock) {
-  bssl::UniquePtr<BIO> bio(BIO_new(PacketedMethod()));
-  if (!bio) {
-    return nullptr;
-  }
-  BIO_set_data(bio.get(), new PacketedBio(advance_clock));
-  return bio;
-}
-
-timeval PacketedBioGetClock(const BIO *bio) {
-  return GetData(bio)->clock;
-}
-
-bool PacketedBioAdvanceClock(BIO *bio) {
-  PacketedBio *data = GetData(bio);
-  if (data == nullptr) {
-    return false;
-  }
-
-  if (!data->HasTimeout()) {
-    return false;
-  }
-
-  data->clock.tv_usec += data->timeout.tv_usec;
-  data->clock.tv_sec += data->clock.tv_usec / 1000000;
-  data->clock.tv_usec %= 1000000;
-  data->clock.tv_sec += data->timeout.tv_sec;
-  memset(&data->timeout, 0, sizeof(data->timeout));
-  return true;
-}
diff --git a/test/ossl_shim/packeted_bio.h b/test/ossl_shim/packeted_bio.h
deleted file mode 100644
index 27678bd7e6..0000000000
--- a/test/ossl_shim/packeted_bio.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_PACKETED_BIO_H
-#define OSSL_TEST_SHIM_PACKETED_BIO_H
-
-#include <openssl/base.h>
-#include <openssl/bio.h>
-
-// PacketedBioCreate creates a filter BIO which implements a reliable in-order
-// blocking datagram socket. It internally maintains a clock and honors
-// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it.
-//
-// During a |BIO_read|, the peer may signal the filter BIO to simulate a
-// timeout. If |advance_clock| is true, it automatically advances the clock and
-// continues reading, subject to the read deadline. Otherwise, it fails
-// immediately. The caller must then call |PacketedBioAdvanceClock| before
-// retrying |BIO_read|.
-bssl::UniquePtr<BIO> PacketedBioCreate(bool advance_clock);
-
-// PacketedBioGetClock returns the current time for |bio|.
-timeval PacketedBioGetClock(const BIO *bio);
-
-// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if
-// there is a pending timeout. Otherwise, it returns false.
-bool PacketedBioAdvanceClock(BIO *bio);
-
-
-#endif  // OSSL_TEST_SHIM_PACKETED_BIO_H
diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc
deleted file mode 100644
index a37d010d7a..0000000000
--- a/test/ossl_shim/test_config.cc
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "test_config.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <memory>
-
-#include <openssl/evp.h>
-
-namespace {
-
-template <typename T>
-struct Flag {
-  const char *flag;
-  T TestConfig::*member;
-};
-
-// FindField looks for the flag in |flags| that matches |flag|. If one is found,
-// it returns a pointer to the corresponding field in |config|. Otherwise, it
-// returns NULL.
-template<typename T, size_t N>
-T *FindField(TestConfig *config, const Flag<T> (&flags)[N], const char *flag) {
-  for (size_t i = 0; i < N; i++) {
-    if (strcmp(flag, flags[i].flag) == 0) {
-      return &(config->*(flags[i].member));
-    }
-  }
-  return NULL;
-}
-
-const Flag<bool> kBoolFlags[] = {
-  { "-server", &TestConfig::is_server },
-  { "-dtls", &TestConfig::is_dtls },
-  { "-fallback-scsv", &TestConfig::fallback_scsv },
-  { "-require-any-client-certificate",
-    &TestConfig::require_any_client_certificate },
-  { "-async", &TestConfig::async },
-  { "-write-different-record-sizes",
-    &TestConfig::write_different_record_sizes },
-  { "-partial-write", &TestConfig::partial_write },
-  { "-no-tls13", &TestConfig::no_tls13 },
-  { "-no-tls12", &TestConfig::no_tls12 },
-  { "-no-tls11", &TestConfig::no_tls11 },
-  { "-no-tls1", &TestConfig::no_tls1 },
-  { "-no-ssl3", &TestConfig::no_ssl3 },
-  { "-shim-writes-first", &TestConfig::shim_writes_first },
-  { "-expect-session-miss", &TestConfig::expect_session_miss },
-  { "-decline-alpn", &TestConfig::decline_alpn },
-  { "-expect-extended-master-secret",
-    &TestConfig::expect_extended_master_secret },
-  { "-implicit-handshake", &TestConfig::implicit_handshake },
-  { "-handshake-never-done", &TestConfig::handshake_never_done },
-  { "-use-export-context", &TestConfig::use_export_context },
-  { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal },
-  { "-expect-no-session", &TestConfig::expect_no_session },
-  { "-use-ticket-callback", &TestConfig::use_ticket_callback },
-  { "-renew-ticket", &TestConfig::renew_ticket },
-  { "-enable-client-custom-extension",
-    &TestConfig::enable_client_custom_extension },
-  { "-enable-server-custom-extension",
-    &TestConfig::enable_server_custom_extension },
-  { "-custom-extension-skip", &TestConfig::custom_extension_skip },
-  { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },
-  { "-check-close-notify", &TestConfig::check_close_notify },
-  { "-shim-shuts-down", &TestConfig::shim_shuts_down },
-  { "-verify-fail", &TestConfig::verify_fail },
-  { "-verify-peer", &TestConfig::verify_peer },
-  { "-expect-verify-result", &TestConfig::expect_verify_result },
-  { "-renegotiate-freely", &TestConfig::renegotiate_freely },
-  { "-p384-only", &TestConfig::p384_only },
-  { "-enable-all-curves", &TestConfig::enable_all_curves },
-  { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
-  { "-use-old-client-cert-callback",
-    &TestConfig::use_old_client_cert_callback },
-  { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list },
-  { "-peek-then-read", &TestConfig::peek_then_read },
-};
-
-const Flag<std::string> kStringFlags[] = {
-  { "-key-file", &TestConfig::key_file },
-  { "-cert-file", &TestConfig::cert_file },
-  { "-expect-server-name", &TestConfig::expected_server_name },
-  { "-advertise-npn", &TestConfig::advertise_npn },
-  { "-expect-next-proto", &TestConfig::expected_next_proto },
-  { "-select-next-proto", &TestConfig::select_next_proto },
-  { "-host-name", &TestConfig::host_name },
-  { "-advertise-alpn", &TestConfig::advertise_alpn },
-  { "-expect-alpn", &TestConfig::expected_alpn },
-  { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn },
-  { "-select-alpn", &TestConfig::select_alpn },
-  { "-psk", &TestConfig::psk },
-  { "-psk-identity", &TestConfig::psk_identity },
-  { "-srtp-profiles", &TestConfig::srtp_profiles },
-  { "-cipher", &TestConfig::cipher },
-  { "-export-label", &TestConfig::export_label },
-  { "-export-context", &TestConfig::export_context },
-};
-
-const Flag<std::string> kBase64Flags[] = {
-  { "-expect-certificate-types", &TestConfig::expected_certificate_types },
-};
-
-const Flag<int> kIntFlags[] = {
-  { "-port", &TestConfig::port },
-  { "-resume-count", &TestConfig::resume_count },
-  { "-min-version", &TestConfig::min_version },
-  { "-max-version", &TestConfig::max_version },
-  { "-mtu", &TestConfig::mtu },
-  { "-export-keying-material", &TestConfig::export_keying_material },
-  { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations },
-  { "-max-cert-list", &TestConfig::max_cert_list },
-};
-
-}  // namespace
-
-bool ParseConfig(int argc, char **argv, TestConfig *out_config) {
-  for (int i = 0; i < argc; i++) {
-    bool *bool_field = FindField(out_config, kBoolFlags, argv[i]);
-    if (bool_field != NULL) {
-      *bool_field = true;
-      continue;
-    }
-
-    std::string *string_field = FindField(out_config, kStringFlags, argv[i]);
-    if (string_field != NULL) {
-      const char *val;
-
-      i++;
-      if (i >= argc) {
-        fprintf(stderr, "Missing parameter\n");
-        return false;
-      }
-
-      /*
-       * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable
-       * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches
-       * off NULL ciphers, so we use "ALL:NULL-SHA" instead.
-       */
-      if (strcmp(argv[i - 1], "-cipher") == 0
-          && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0)
-        val = "ALL:NULL-SHA";
-      else
-        val = argv[i];
-
-      string_field->assign(val);
-      continue;
-    }
-
-    std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]);
-    if (base64_field != NULL) {
-      i++;
-      if (i >= argc) {
-        fprintf(stderr, "Missing parameter\n");
-        return false;
-      }
-      std::unique_ptr<uint8_t[]> decoded(new uint8_t[strlen(argv[i])]);
-      int len = EVP_DecodeBlock(decoded.get(),
-                                reinterpret_cast<const uint8_t *>(argv[i]),
-                                strlen(argv[i]));
-      if (len < 0) {
-        fprintf(stderr, "Invalid base64: %s\n", argv[i]);
-        return false;
-      }
-      base64_field->assign(reinterpret_cast<const char *>(decoded.get()), len);
-      continue;
-    }
-
-    int *int_field = FindField(out_config, kIntFlags, argv[i]);
-    if (int_field) {
-      i++;
-      if (i >= argc) {
-        fprintf(stderr, "Missing parameter\n");
-        return false;
-      }
-      *int_field = atoi(argv[i]);
-      continue;
-    }
-
-    fprintf(stderr, "Unknown argument: %s\n", argv[i]);
-    exit(89);
-    return false;
-  }
-
-  return true;
-}
diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h
deleted file mode 100644
index 6dc7319485..0000000000
--- a/test/ossl_shim/test_config.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef OSSL_TEST_SHIM_TEST_CONFIG_H
-#define OSSL_TEST_SHIM_TEST_CONFIG_H
-
-#include <string>
-#include <vector>
-
-#include <openssl/configuration.h>
-
-
-struct TestConfig {
-  int port = 0;
-  bool is_server = false;
-  bool is_dtls = false;
-  int resume_count = 0;
-  bool fallback_scsv = false;
-  std::string key_file;
-  std::string cert_file;
-  std::string expected_server_name;
-  std::string expected_certificate_types;
-  bool require_any_client_certificate = false;
-  std::string advertise_npn;
-  std::string expected_next_proto;
-  std::string select_next_proto;
-  bool async = false;
-  bool write_different_record_sizes = false;
-  bool partial_write = false;
-  bool no_tls13 = false;
-  bool no_tls12 = false;
-  bool no_tls11 = false;
-  bool no_tls1 = false;
-  bool no_ssl3 = false;
-  bool shim_writes_first = false;
-  std::string host_name;
-  std::string advertise_alpn;
-  std::string expected_alpn;
-  std::string expected_advertised_alpn;
-  std::string select_alpn;
-  bool decline_alpn = false;
-  bool expect_session_miss = false;
-  bool expect_extended_master_secret = false;
-  std::string psk;
-  std::string psk_identity;
-  std::string srtp_profiles;
-  int min_version = 0;
-  int max_version = 0;
-  int mtu = 0;
-  bool implicit_handshake = false;
-  std::string cipher;
-  bool handshake_never_done = false;
-  int export_keying_material = 0;
-  std::string export_label;
-  std::string export_context;
-  bool use_export_context = false;
-  bool expect_ticket_renewal = false;
-  bool expect_no_session = false;
-  bool use_ticket_callback = false;
-  bool renew_ticket = false;
-  bool enable_client_custom_extension = false;
-  bool enable_server_custom_extension = false;
-  bool custom_extension_skip = false;
-  bool custom_extension_fail_add = false;
-  bool check_close_notify = false;
-  bool shim_shuts_down = false;
-  bool verify_fail = false;
-  bool verify_peer = false;
-  bool expect_verify_result = false;
-  int expect_total_renegotiations = 0;
-  bool renegotiate_freely = false;
-  bool p384_only = false;
-  bool enable_all_curves = false;
-  bool use_sparse_dh_prime = false;
-  bool use_old_client_cert_callback = false;
-  bool use_null_client_ca_list = false;
-  bool peek_then_read = false;
-  int max_cert_list = 0;
-};
-
-bool ParseConfig(int argc, char **argv, TestConfig *out_config);
-
-
-#endif  // OSSL_TEST_SHIM_TEST_CONFIG_H
diff --git a/test/recipes/95-test_external_boringssl.t b/test/recipes/95-test_external_boringssl.t
deleted file mode 100644
index ea607935aa..0000000000
--- a/test/recipes/95-test_external_boringssl.t
+++ /dev/null
@@ -1,30 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-use OpenSSL::Test;
-use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file cmdstr/;
-
-setup("test_external_boringssl");
-
-plan skip_all => "No external tests in this configuration"
-    if disabled("external-tests");
-plan skip_all => "BoringSSL runner not detected"
-    if !$ENV{BORING_RUNNER_DIR};
-
-plan tests => 1;
-
-indir $ENV{BORING_RUNNER_DIR} => sub {
-    ok(run(cmd(["go", "test", "-shim-path",
-                bldtop_file("test", "ossl_shim", "ossl_shim"),
-                "-shim-config",
-                srctop_file("test", "ossl_shim", "ossl_config.json"),
-                "-pipe", "-allow-unimplemented"]), prefix => "go test: "),
-       "running BoringSSL tests");
-}, create => 0, cleanup => 0;


More information about the openssl-commits mailing list