Merge 8979660d77 into f12f8cc035

The commit "Remove HARNESS_OSSL_PREFIX manipulation in the test harness"
forced all the output to be processed by the test harness, which means
that any process that keeps the stdout FD open prevents the run() call
from finishing, as was the case in the test_external_cf_quiche test that
ran quiche server in the background, but retaining the std{in,out,err}
descriptors.  Avoid that by explicitly redirecting them to a log file.

Reported-by: Tomas Mraz <tomas@openssl.org>
Fixes: 70c05fcde5 "Remove HARNESS_OSSL_PREFIX manipulation in the test harness"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28125)

crypto/ml_kem/ml_kem.c

@@ -1652,7 +1652,13 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
     key->libctx = libctx;
     key->prov_flags = ML_KEM_KEY_PROV_FLAGS_DEFAULT;
     key->shake128_md = EVP_MD_fetch(libctx, "SHAKE128", properties);
-    key->shake256_md = EVP_MD_fetch(libctx, "SHAKE256", properties);
+    if (key->shake128_md != NULL && key->shake128_md->dsqueeze == NULL) {
+        EVP_MD_free(key->shake128_md);
+        key->shake128_md = EVP_MD_fetch(libctx, "SHAKE128", "fips=no");
+        key->shake256_md = EVP_MD_fetch(libctx, "SHAKE256", "fips=no");
+    } else {
+        key->shake256_md = EVP_MD_fetch(libctx, "SHAKE256", properties);
+    }
     key->sha3_256_md = EVP_MD_fetch(libctx, "SHA3-256", properties);
     key->sha3_512_md = EVP_MD_fetch(libctx, "SHA3-512", properties);
     key->d = key->z = key->rho = key->pkhash = key->encoded_dk = key->seedbuf = NULL;

test/build.info

@@ -578,7 +578,7 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[param_build_test]=../include ../apps/include
   DEPEND[param_build_test]=../libcrypto libtestutil.a
 
-  SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c
+  SOURCE[sslapitest]=sslapitest.c helpers/ssltestlib.c filterprov.c tls-provider.c hybridprov.c
   INCLUDE[sslapitest]=../include ../apps/include ../providers/common/include ..
   DEPEND[sslapitest]=../libcrypto.a ../libssl.a libtestutil.a
 

test/hybridprov.c

@@ -0,0 +1,111 @@
+/*
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/provider.h>
+#include <openssl/decoder.h>
+#include <openssl/encoder.h>
+#include <openssl/store.h>
+#include <openssl/rand.h>
+#include <openssl/core_names.h>
+#include "prov/provider_ctx.h"
+#include "testutil.h"
+
+extern const OSSL_DISPATCH ossl_mlx_kem_asym_kem_functions[];
+extern const OSSL_DISPATCH ossl_ml_kem_asym_kem_functions[];
+extern const OSSL_DISPATCH ossl_mlx_p256_kem_kmgmt_functions[];
+extern const OSSL_DISPATCH ossl_ml_kem_768_keymgmt_functions[];
+
+/* Defined in tls-provider.c */
+int hybrid_provider_init(const OSSL_CORE_HANDLE *handle,
+                         const OSSL_DISPATCH *in,
+                         const OSSL_DISPATCH **out,
+                         void **provctx);
+
+static const OSSL_ALGORITHM hybrid_asym_kem[] = {
+#ifndef OPENSSL_NO_ML_KEM
+    { "ML-KEM-768:MLKEM768:id-alg-ml-kem-768:2.16.840.1.101.3.4.4.2",
+      "provider=hybrid,fips=yes", ossl_ml_kem_asym_kem_functions },
+# if !defined(OPENSSL_NO_EC)
+    { "SecP256r1MLKEM768", "provider=hybrid,fips=yes", ossl_mlx_kem_asym_kem_functions },
+# endif
+#endif
+    { NULL, NULL, NULL }
+};
+
+#define PROV_NAMES_SecP256r1MLKEM768 "SecP256r1MLKEM768"
+#define PROV_DESCS_SecP256r1MLKEM768 "P-256+ML-KEM-768 TLS hybrid implementation"
+
+static const OSSL_ALGORITHM hybrid_keymgmt[] = {
+#ifndef OPENSSL_NO_ML_KEM
+    { "ML-KEM-768:MLKEM768:id-alg-ml-kem-768:2.16.840.1.101.3.4.4.2",
+      "provider=hybrid,fips=yes",
+      ossl_ml_kem_768_keymgmt_functions,
+      "OpenSSL ML-KEM-768 implementation" },
+# if !defined(OPENSSL_NO_EC)
+    { PROV_NAMES_SecP256r1MLKEM768, "provider=hybrid,fips=yes",
+      ossl_mlx_p256_kem_kmgmt_functions, PROV_DESCS_SecP256r1MLKEM768 },
+# endif
+#endif
+    { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *hybrid_query(void *provctx, int operation_id,
+                                          int *no_cache)
+{
+    *no_cache = 0;
+    switch (operation_id) {
+    case OSSL_OP_KEM:
+        return hybrid_asym_kem;
+    case OSSL_OP_KEYMGMT:
+        return hybrid_keymgmt;
+    }
+    return NULL;
+}
+
+static void hybrid_teardown(void *provctx)
+{
+    ossl_prov_ctx_free(provctx);
+}
+
+static const OSSL_DISPATCH hybrid_dispatch_table[] = {
+    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))hybrid_query },
+    { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))hybrid_teardown },
+    OSSL_DISPATCH_END
+};
+
+int hybrid_provider_init(const OSSL_CORE_HANDLE *handle,
+                         const OSSL_DISPATCH *in,
+                         const OSSL_DISPATCH **out,
+                         void **provctx)
+{
+    OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
+
+    for (; in->function_id != 0; in++) {
+        switch (in->function_id) {
+        case OSSL_FUNC_CORE_GET_LIBCTX:
+            c_get_libctx = OSSL_FUNC_core_get_libctx(in);
+            break;
+        default:
+            /* Just ignore anything we don't understand */
+            break;
+        }
+    }
+    if (c_get_libctx == NULL)
+        return 0;
+
+    if ((*provctx = ossl_prov_ctx_new()) == NULL) {
+        *provctx = NULL;
+        return 0;
+    }
+    ossl_prov_ctx_set0_libctx(*provctx, (OSSL_LIB_CTX *)c_get_libctx(handle));
+    ossl_prov_ctx_set0_handle(*provctx, handle);
+    *out = hybrid_dispatch_table;
+    return 1;
+}

test/recipes/90-test_sslapi.t

@@ -18,7 +18,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 my $fipsmodcfg_filename = "fipsmodule.cnf";
 my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
 
-my $provconf = srctop_file("test", "fips-and-base.cnf");
+my $provconf = srctop_file("test", "default-and-fips.cnf");
 
 # A modified copy of "fipsmodule.cnf"
 my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf";
@@ -29,48 +29,23 @@ my $fipsmodcfgtmp_filename = "fipsmodule_tmp.cnf";
 my $fipsmodcfgtmp = result_file($fipsmodcfgtmp_filename);
 
 # A modified copy of "fips-and-base.cnf"
-my $provconfnew = result_file("fips-and-base-temp.cnf");
+my $provconfnew = result_file("default-and-fips-temp.cnf");
 
 plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
     if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
 
-plan tests => 4;
+plan tests => 1;
 
 (undef, my $tmpfilename) = tempfile();
 
-ok(run(test(["sslapitest", srctop_dir("test", "certs"),
-             srctop_file("test", "recipes", "90-test_sslapi_data",
-                         "passwd.txt"), $tmpfilename, "default",
-             srctop_file("test", "default.cnf"),
-             srctop_file("test",
-                         "recipes",
-                         "90-test_sslapi_data",
-                         "dhparams.pem")])),
-             "running sslapitest");
 
 SKIP: {
-    skip "Skipping FIPS tests", 2
+    skip "Skipping FIPS tests", 1
         if $no_fips;
 
-    # NOTE that because by default we setup fips provider in pedantic mode,
-    # with >= 3.1.0 this just runs test_no_ems() to check that the connection
-    # fails if ems is not used and the fips check is enabled.
-    ok(run(test(["sslapitest", srctop_dir("test", "certs"),
-                 srctop_file("test", "recipes", "90-test_sslapi_data",
-                             "passwd.txt"), $tmpfilename, "fips",
-                 $provconf,
-                 srctop_file("test",
-                             "recipes",
-                             "90-test_sslapi_data",
-                             "dhparams.pem")])),
-                 "running sslapitest with default fips config");
-
-    run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
+    run(test(["fips_version_test", "-config", $provconf, ">=3.0.18"]),
              capture => 1, statusvar => \my $exit);
 
-    skip "FIPS provider version is too old for TLS_PRF EMS option test", 1
-        if !$exit;
-
     # Read in a text $infile and replace the regular expression in $srch with the
     # value in $repl and output to a new file $outfile.
     sub replace_line_file_internal {
@@ -144,6 +119,5 @@ SKIP: {
        "running sslapitest with modified fips config");
 }
 
-ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test");
 
 unlink $tmpfilename;

test/recipes/95-test_external_cf_quiche_data/quiche-server.sh

@@ -24,6 +24,6 @@ test -d "$QUICHE_TARGET_PATH" || exit 1
 
 "$QUICHE_TARGET_PATH/debug/quiche-server" --cert "$SRCTOP/test/certs/servercert.pem" \
     --key "$SRCTOP/test/certs/serverkey.pem" --disable-gso \
-    --http-version HTTP/0.9 --root "$SRCTOP" --no-grease --disable-hystart &
+    --http-version HTTP/0.9 --root "$SRCTOP" --no-grease --disable-hystart > quiche_server_log 2>&1 &
 
 echo $! >server.pid