From 2995be50e8c2f2ef907866e35347be1e200558a2 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 3 Jan 2024 09:43:16 +0000
Subject: [PATCH] Correct ssl_old_test stream handling

The ssl_old_test has not been fully converted to the test framework but
it still reuses some test framework utilities. Notably it was creating
it's own copy of the global bio_err object directly (which is normally
created and owned by the test framework). This causes a problem because
ever since commit 2fa9044 access to the bio_err object is controlled by
a lock. Since ssl_old_test was circumventing the normal creation and
destruction of bio_err, the lock was not being created resulting in a
crash under certain error conditions.

We fix this by creating and destroying the bio_err object using the
test framework functions designed for that purpose.

Fixes #23184

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23187)
---
 test/ssl_old_test.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index b0f4ae3ac5..430e1801e7 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -56,6 +56,7 @@
 #endif
 #include <openssl/provider.h>
 #include "testutil.h"
+#include "testutil/output.h"
 
 /*
  * Or gethostname won't be declared properly
@@ -945,7 +946,8 @@ int main(int argc, char *argv[])
     verbose = 0;
     debug = 0;
 
-    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+    test_open_streams();
+
     bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
 
     s_cctx = SSL_CONF_CTX_new();
@@ -990,7 +992,8 @@ int main(int argc, char *argv[])
         if (strcmp(*argv, "-F") == 0) {
             fprintf(stderr,
                     "not compiled with FIPS support, so exiting without running.\n");
-            EXIT(0);
+            ret = EXIT_SUCCESS;
+            goto end;
         } else if (strcmp(*argv, "-server_auth") == 0)
             server_auth = 1;
         else if (strcmp(*argv, "-client_auth") == 0)
@@ -1257,7 +1260,7 @@ int main(int argc, char *argv[])
     if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
         fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
                 "be requested.\n");
-        EXIT(1);
+        goto end;
     }
 
 #ifdef OPENSSL_NO_SSL3
@@ -1310,7 +1313,7 @@ int main(int argc, char *argv[])
                 "the test anyway (and\n-d to see what happens), "
                 "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
                 "to avoid protocol mismatch.\n");
-        EXIT(1);
+        goto end;
     }
 
     if (print_time) {
@@ -1922,7 +1925,8 @@ int main(int argc, char *argv[])
     OSSL_PROVIDER_unload(thisprov);
     OSSL_LIB_CTX_free(libctx);
 
-    BIO_free(bio_err);
+    test_close_streams();
+
     EXIT(ret);
 }