Move MAC removal responsibility to the various protocol "enc" functions

For CBC ciphersuites using Mac-then-encrypt we have to be careful about
removing the MAC from the record in consta

Move MAC removal responsibility to the various protocol "enc" functions

For CBC ciphersuites using Mac-then-encrypt we have to be careful about
removing the MAC from the record in constant time. Currently that happens
immediately before MAC verification. Instead we move this responsibility
to the various protocol "enc" functions so that MAC removal is handled at
the same time as padding removal.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)

show more ...

TEST: update 02-test_errstr.t to have better tests

We now check that if libcrypto hasn't loaded the string for some particular
system error, it gives us "reason(nnn)" instead, where 'nnn

TEST: update 02-test_errstr.t to have better tests

We now check that if libcrypto hasn't loaded the string for some particular
system error, it gives us "reason(nnn)" instead, where 'nnn' is the system
error number in decimal.

We go through all possible error macros that perl serves us, not only the
POSIX ones.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)

show more ...

SSL: fix misuse of ERR_LIB_SYS

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)

TEST: fix test/errtest.c

test/errtest.c used the system error code 1 for EPERM. However, EPERM
may be coded differently on different systems, so we switch to using
EPERM instead. H

TEST: fix test/errtest.c

test/errtest.c used the system error code 1 for EPERM. However, EPERM
may be coded differently on different systems, so we switch to using
EPERM instead. However, because we know that the ERR sub-system
truncates system error codes that occupy more than 24 bits, we check
that the reason code in the recorded error matches our EPERM, and skip
the test if not.

To be safe (even though the error string for that code is well defined
in POSIX), we also use strerror() to retrieve the string for that
error code instead of using a hard coded value.

Fixes #12276
Fixes #12217
Fixes #12354

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)

show more ...

ERR: special case system errors

Because system errors can be any positive number that fits in an 'int'
according to POSIX, we can't reasonably expect them to be in the 1..127
range,

ERR: special case system errors

Because system errors can be any positive number that fits in an 'int'
according to POSIX, we can't reasonably expect them to be in the 1..127
range, even though that's the most usual.

Instead of packing them into the OpenSSL error code structure, we
recognise them as a special case and mark them as such by storing them
in our error queue with the highest bit set. We make OpenSSL specific
error records have their highest bit cleared, and in doing so, we
shift down the library section of the code by one bit. This still
leaves a very large section for the reason codes.

Of course, we must adapt the error code and reason string extraction
and printing functions accordingly.

With this, we also thrown away the pre-loaded array of system error
strings, and extract them from the system when needed instead, i.e.
when we create error strings.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)

show more ...

ERR: refactor global error codes

Some ERR_R_ codes overlapped other ERR_R_ codes:

- ERR_R_BUF_LIB vs ERR_R_PASSED_INVALID_ARGUMENT
- ERR_R_DSA_LIB vs ERR_R_INTERRUPTED_OR_CANCEL

ERR: refactor global error codes

Some ERR_R_ codes overlapped other ERR_R_ codes:

- ERR_R_BUF_LIB vs ERR_R_PASSED_INVALID_ARGUMENT
- ERR_R_DSA_LIB vs ERR_R_INTERRUPTED_OR_CANCELLED

Looking back at history, this was originally not an issue, because
the ERR_R_ codes that weren't ERR_LIB_ aliases had bit 2**6 set.
However, new codes without that bit came in, and we got the overlap
that is mentioned above.

To get rid of the overlap, we repartition the codes as follows:

- ERR_R_{name}_LIB that are aliases for ERR_LIB_{name} are confined to
the range 1..63.
- Other ERR_R_ codes are confined to 64..99

We also expand the reason codes to 24 bits of data, where the 4 top
bits are for reason code flags. We also allocate a "fatal" flag
ERR_RFLAG_FATAL. The reason code ERR_R_FATAL stops acting as a flag,
but is coded in such a way that it still serves as one for code that
happens to use it as such.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12343)

show more ...

CORE: perform post-condition in algorithm_do_this() under all circumstances

When ossl_provider_query_operation() returned NULL, the post-condition
callback wasn't called, and could make

CORE: perform post-condition in algorithm_do_this() under all circumstances

When ossl_provider_query_operation() returned NULL, the post-condition
callback wasn't called, and could make algorithm_do_this() falsely
tell the caller that there was an error. Because of this, a provider
that answered with NULL for a particular operation identity would
effectively block the same query on all following providers.

Fixes #12293

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12365)

show more ...

Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)

Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)

util/markdownlint.rb: Add two rule exceptions: MD023 and MD026

exclude_rule 'MD023' # Headers must start at the beginning of the line
exclude_rule 'MD026' # Trailing punctuation in heade

util/markdownlint.rb: Add two rule exceptions: MD023 and MD026

exclude_rule 'MD023' # Headers must start at the beginning of the line
exclude_rule 'MD026' # Trailing punctuation in header

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12109)

show more ...

apps: remove NULL check imn release_engine since ENGINE_free also does it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)

coverity 1464983: null pointer dereference

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)

coverity 1464984: Null pointer dereferences

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)

cmp: remove NULL check.

Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.

Reviewed-by: Tim Hudson <tjh@open

cmp: remove NULL check.

Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)

show more ...

coverity: CID 1464987: USE AFTER FREE

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)

rand: avoid caching RNG parameters.

The strength and max_length DRBG parameters were being cached in the EVP_RAND
layer. This commit removes the caching.

Reviewed-by: Matthias

rand: avoid caching RNG parameters.

The strength and max_length DRBG parameters were being cached in the EVP_RAND
layer. This commit removes the caching.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12321)

show more ...

Refactor the EVP_RAND code to make locking issues less likely

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12321)

rand: fix recursive locking issue.

The calls to query the DRBG strength, state and maximum output size all used
nested locks. This removes the nesting.

Reviewed-by: Matthias St

rand: fix recursive locking issue.

The calls to query the DRBG strength, state and maximum output size all used
nested locks. This removes the nesting.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12321)

show more ...

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)

show more ...

Configuration and build: Fix solaris tags

The shared_target attrribute for Solaris built with gcc wasn't right
and shared libraries couldn't be properly built.

Fixes #12356

Configuration and build: Fix solaris tags

The shared_target attrribute for Solaris built with gcc wasn't right
and shared libraries couldn't be properly built.

Fixes #12356

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12360)

show more ...

util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/

This entry added the macro B_ENDIAN when it shouldn't have.

Fixes #12332

Reviewed-by: Matt Caswell <matt@openssl.or

util/perl/OpenSSL/config.pm: Fix /armv[7-9].*-.*-linux2/

This entry added the macro B_ENDIAN when it shouldn't have.

Fixes #12332

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12335)

show more ...

NOTE.WIN: suggest the audetecting configuration variant as well

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12339)

util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries

OpenSSL::config::guess_system() is supposed to return system triplets.
However, for Windows and VMS, it returned the f

util/perl/OpenSSL/config.pm: move misplaced Windows and VMS entries

OpenSSL::config::guess_system() is supposed to return system triplets.
However, for Windows and VMS, it returned the final OpenSSL config
target instead. We move the entries for them to the table that
OpenSSL::config::map_guess() uses, so it can properly convert the
input triplet to an OpenSSL config target.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12339)

show more ...

Fix a typo in the i2d_TYPE_fp documentation

Thanks to Michael Mueller on the openssl-users list for the suggested
improvement.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

Fix a typo in the i2d_TYPE_fp documentation

Thanks to Michael Mueller on the openssl-users list for the suggested
improvement.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12338)

show more ...

Don't run the cmp_cli tests if using FUZZING_BUILD_MODE

[extended tests]

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraprojec

Don't run the cmp_cli tests if using FUZZING_BUILD_MODE

[extended tests]

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12275)

show more ...