Update unix Makefile template to handle paths with spaces

Fixes #4668 (on unix-like platforms)

Testing:

rm -rf "$HOME/tmp/beforespace afterspace"
./Configure -Werro

Update unix Makefile template to handle paths with spaces

Fixes #4668 (on unix-like platforms)

Testing:

rm -rf "$HOME/tmp/beforespace afterspace"
./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace"
make -j6 update
make -j6
make install
make test

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21821)

show more ...

trace_api_test.c: Separate tracing statements

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/open

trace_api_test.c: Separate tracing statements

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)

show more ...

Windows: use srand() instead of srandom()

This is used for memory allocation failure debugging only

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <paul

Windows: use srand() instead of srandom()

This is used for memory allocation failure debugging only

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)

show more ...

Windows CI: Add some non-default options to check they are working

Some of the non-default options that enable more
code to be built need to be enabled in one of the
Windows builds t

Windows CI: Add some non-default options to check they are working

Some of the non-default options that enable more
code to be built need to be enabled in one of the
Windows builds to avoid regressions.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)

show more ...

DH_check_pub_key() should not fail when setting result code

The semantics of ossl_ffc_validate_public_key() and
ossl_ffc_validate_public_key_partial() needs to be changed
to not retu

DH_check_pub_key() should not fail when setting result code

The semantics of ossl_ffc_validate_public_key() and
ossl_ffc_validate_public_key_partial() needs to be changed
to not return error on non-fatal problems.

Fixes #22287

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22291)

show more ...

test/recipes/05-test_rand.t: replace 'and' with '&&'

The lower priority 'and' seems to have some "interesting" interactions with
function argument parsing in some perl versions (presumab

test/recipes/05-test_rand.t: replace 'and' with '&&'

The lower priority 'and' seems to have some "interesting" interactions with
function argument parsing in some perl versions (presumably because 'and' is
lower priority than the comma).

For the lines that are changed here, perl v5.20.1 says this:

Useless use of string eq in void context at [.test.recipes]05-test_rand.t line 33.
Useless use of numeric eq (==) in void context at [.test.recipes]05-test_rand.t line 39.

Replacing 'and' with '&&' in these two cases fixes the problem.

Replacing

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22331)

show more ...

Ensure struct timeval is defined when including ssl.h

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@op

Ensure struct timeval is defined when including ssl.h

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22323)

show more ...

Improve Malloc Failure Test

Allow 2 digits after the comma in percentage in OPENSSL_MALLOC_FAILURES.
Add OPENSSL_MALLOC_SEED to allow for some randomization.

Reviewed-by: Paul D

Improve Malloc Failure Test

Allow 2 digits after the comma in percentage in OPENSSL_MALLOC_FAILURES.
Add OPENSSL_MALLOC_SEED to allow for some randomization.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22127)

show more ...

CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS

Fixes #21120

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS

Fixes #21120

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)

show more ...

OSSL_CMP_CTX_new.pod: remove overlap with OSSL_HTTP_transfer.pod; improve the latter

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged f

OSSL_CMP_CTX_new.pod: remove overlap with OSSL_HTTP_transfer.pod; improve the latter

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)

show more ...

apps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer

apps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21176)

show more ...

Added check for the return value of the RAND_bytes() function

Call app_bail_out if RAND_bytes() fails.

Also changed the output parameter of RAND_bytes() to inp as
writing to enc

Added check for the return value of the RAND_bytes() function

Call app_bail_out if RAND_bytes() fails.

Also changed the output parameter of RAND_bytes() to inp as
writing to encrypted output buffer does not make sense.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21706)

show more ...

ECDSA with SHA3 verification does not depend on FIPS provider version

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

ECDSA with SHA3 verification does not depend on FIPS provider version

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22322)

show more ...

provider-compatibility.yml: Correct the directory where opensslwrap.sh is being run

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged fr

provider-compatibility.yml: Correct the directory where opensslwrap.sh is being run

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22322)

show more ...

* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

* Enable extra Arm64 optimization on Windows for GHASH, RAND and AES

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21673)

show more ...

When calling ossl_crypto_condvar_wait_timeout() we must use real time

Although many of the QUIC tests use fake time, the time we pass to the
ossl_crypto_condvar_wait_timeout() must be a

When calling ossl_crypto_condvar_wait_timeout() we must use real time

Although many of the QUIC tests use fake time, the time we pass to the
ossl_crypto_condvar_wait_timeout() must be a real time.

Passing fake time was causing the QUIC tserver test to hang because
ossl_crypto_convar_wait_timeout() always timed out immediately and never
relinquished the CPU.

If using fake time we adjust the time to real time just before using it.

Fixes #22020

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22301)

show more ...

Avoid divide-by-zero in kmac_prov.c's bytepad()

This would happen if EVP_MD_get_block_size() returned 0
so we return an error instead.

Reviewed-by: Paul Dale <pauli@openssl.org>

Avoid divide-by-zero in kmac_prov.c's bytepad()

This would happen if EVP_MD_get_block_size() returned 0
so we return an error instead.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21698)

show more ...

Fix the BIO_addr test

The BIO_addr test is failing on non-stop. The length of the data is larger
than the size we have allocated for it. We dynamically allocate instead.

Fixes #

Fix the BIO_addr test

The BIO_addr test is failing on non-stop. The length of the data is larger
than the size we have allocated for it. We dynamically allocate instead.

Fixes #22218

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22294)

show more ...

test_provider_ex(): Add missing call failure checks

Fixes Coverity 1542440

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Revie

test_provider_ex(): Add missing call failure checks

Fixes Coverity 1542440

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21913)

show more ...

Timeout in the tserver test using real time

When running the tserver test we bail out if a timeout expires. We
shouldn't use fake time for that timeout, because fake time might never

Timeout in the tserver test using real time

When running the tserver test we bail out if a timeout expires. We
shouldn't use fake time for that timeout, because fake time might never
actually get incremented.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22284)

show more ...

Don't wait in the tesrver idle testing every time around the loop

If we wait for 100ms 600 times - then the test takes a minute to complete
which is far too long. The purpose of the wait

Don't wait in the tesrver idle testing every time around the loop

If we wait for 100ms 600 times - then the test takes a minute to complete
which is far too long. The purpose of the wait is to give the assistance
thread a chance to catch up. We only do that if the event timeout has
actually expired - otherwise we are waiting for no reason.

Fixes #22156

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22284)

show more ...

Windows CI: Continue on error during cpuinfo

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

Windows CI: Continue on error during cpuinfo

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22293)

show more ...

Always back off on the first packet noise from client to server

The test server cannot really cope with modifications

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: P

Always back off on the first packet noise from client to server

The test server cannot really cope with modifications

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22267)

show more ...

Add testing of bitflips in packet headers

A new type of noise is introduced in the noisy dgram bio
filter.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dal

Add testing of bitflips in packet headers

A new type of noise is introduced in the noisy dgram bio
filter.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22267)

show more ...

avoid sun as variable name

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: T

avoid sun as variable name

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22281)

show more ...