Ensure we use OPENSSL_NO_SSL_TRACE guards where appropriate.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22193)
Fixes: #22178
Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22179)
We were neglecting to register the main thread to receive thread stop
notifications. This is important if the thread that starts the FIPS
provider is not the same one that is used when OPENSSL_cleanup() is
called.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Until the cipher dupctx is properly implemented in 3.1 and 3.0 the check is
wrong. This should be reverted once the implemenation has been done.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Add a warning note to the provider cross version checks indicating that a
pull request branch will not be used if execution is set to on pull request.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21342)
We also add a test for BIO_ADDR_dup() which was also added in 3.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
We now have a public function for BIO_ADDR_copy() which can be used in
preference to the test code's private implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
We already have BIO_ADDR_dup() but in some contexts that is not sufficent.
We implement BIO_ADDR_copy() and make BIO_ADDR_dup() use it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22164)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22174)
Signing with an app method based key (i.e. an `EVP_PKEY` which wraps an
`RSA` key with an application defined `RSA_METHOD`) used to work in 1.1.1.
That feature was broken in commit 60488d2434, but later on fixed by @t8m
in commit b247113c05 (see #14859).
This commit corrects a minor flaw of the fix, which affects only
`no-engine` builds: the special treatment for foreign keys is guarded
by an `OPENSSL_NO_ENGINE` check.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22163)
sparse_array.o is not needed in libssl at 3.0.x version.
Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22111)
(cherry picked from commit a31cd07af1)
The previous terminology was quite confusing. We try to use drop, duplicate
and delay more consistently and introduce the "reinject" terminology as a
mechanism for implementing duplicates and delays.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
An application may pass in a whole BIO chain via SSL_set_bio(). When we
free the BIO we should be using BIO_free_all() not BIO_free() like we do
with TLS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
We are actually passing two references to sbio: one as part of a BIO chain
and one stand alone. Therefore we need two references.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
So far we've only applied noise to the server to client datagrams. Do the
same thing the other way around.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
We add a new flag QTEST_FLAG_CLIENT_TRACE to get debug tracing output if
required.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
Where multiple packets are in a single datagram we split them so that all
packets can be affected by the noise
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
Provide a BIO filter that can split QUIC datagrams containing multiple
packets, such that each packet is in its own datagram.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
Now that we have a noisy datagram BIO we cannot rely on datagrams always
reliably being delivered in the test framework. We need to start taking
notice of timeouts and handling them appropriately.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
We drop some datagrams, and we delay some datagrams. We can also duplicate
some datagrams.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
We send several messages between client and server, and server and client,
and also create a new stream.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
Create a noisy dgram test that can drop/duplicate/reorder UDP packets and
ensure that the QUIC connection is tolerant of this. At this stage we just
create the outline of the test. Adding in the noise will come in future
commits.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22157)
When the realloc fails in contract, this not a fatal
error, since the memory is only shrinked. It is also no
option to exit the function at this point, since that
would leave the hash table in an inconsistent state.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22154)
If an out of memory error happens when the index zero
is reserved in a newly created ip->meth stack object,
that reservation is not done in a second attempt, which makes
various X_set_ex_data overwrite the value of X_set_app_data.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22149)
In some error cases the normal cleanup did not
happen, but instead an exit(1) which caused some
memory leaks, as reported in #22049.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22055)
Use dashes instead of underscores, to be more consistent with
existing document names. And speaking of consistency, introduce
a consistent name transformation, which will scale better when
design documents start filling the folder ;-)
OSSL_PROVIDER_load_ex -> ossl-provider-load-ex.md
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22029)
Late review comments for pull request #21604, sort of.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22029)
Numerous tests use the test_random() function to get a random number. If a
test fails then the seed that was used for the test RNG is displayed.
Setting the seed to the same value in a future run is supposed to cause the
same random numbers to be generated again.
The way to set the RNG seed again is to use the `OPENSSL_TEST_RAND_ORDER`
environment variable. However setting this environment variable *also*
randomises the test ordering as well as seeding the RNG. This in itself
calls test_random() so, in fact, when the test finally runs it gets
different random numbers to when it originally run (defeating the
repeatability objective).
This means that only way repeatability can be obtained is if the test was
originally run with `OPENSSL_TEST_RAND_ORDER` set to 0. If that wasn't done
then the seed printed when the test failed is not useful.
We introduce a new environment variable `OPENSSL_TEST_RAND_SEED` which can
be used to independently seed the test RNG without randomising the test
ordering. This can be used to get repeatability in cases where test ordering
randomisation was not done in the first place.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22118)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21979)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21979)
