Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DiAcj_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFVpsJHlMg2CBKRWVc-2FLQU4cQtXiCfiyq-2FiFwFWzh46-2B2q-2FWHVDBLto1g-2FwC6O121VYLp2dt8RoF5vqjjOUcPqM44GpvYUKyY21ddHyZrx3UhBi2K9w7YRLyJTu-2Bvz6Y7hw1CK0nOPCyD-2BrHFBdBhCsV6YzeUam8f8uF7ZShObXLr8Kdc-2F1z5u8nfuzDlnw-2Bu4-3D Build ID: 429924 Analysis Summary: New defects found: 1 Defects eliminated: 0 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DqP1U_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFVpsJHlMg2CBKRWVc-2FLQU4cQtXiCfiyq-2FiFwFWzh46-2B0tt5F8tH3doT688l4X0lo7Rd-2B00kjmi-2Fm9ks8gMEtJEV0BdF-2FwG8YEPaCgL8hb9y7hriplHaunkt9DjvRoiTnmHsXPHxRB55H73xCIm61iPb1R6GFn7Ileu0OXZg-2FHep-2Bdomd74jhlw46Srz1hM-2BZc-3D
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Deeoz_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFcOtwuH2GjsmmRqCngW4Pv0P70wG-2FN6ts1QHdrdeiczrlXwb9tKU11DVVqQ6iRxLzFssEq6OijIqqR7L3WRReNbnuPPFZRdRiIZEBLJYmarQR7362kt-2FcL-2B4HGFg3RzI34bIThVdDzCuj9oV4LB4dFQJEIngyHNosH8sYL9VxLYqBew9-2BpeHw7b3EVDmUzTu4-3D Build ID: 429740 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5e7098e11581b6b3a4083a1c17889ed817e8ac22 (commit) from f4942134815f95845706993c15ca7e4fd6e44627 (commit) - Log - commit 5e7098e11581b6b3a4083a1c17889ed817e8ac22 Author: Bernd Edlinger Date: Tue Jan 11 12:10:35 2022 +0100 Remove unsafe call to OPENSSL_cpuid_setup This function is inherently thread-unsafe, and moreover it is unnecessary here, because OPENSSL_init_crypto always calls it in a thread-safe way. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17468) --- Summary of changes: crypto/engine/eng_all.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index b675ed7892..c570aeda3d 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -12,9 +12,6 @@ void ENGINE_load_builtin_engines(void) { -/* Some ENGINEs need this */ -OPENSSL_cpuid_setup(); - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); }
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 3dcec2fb274235e938ce04f43e3e2f6d5743ae52 (commit) from 3755dc294d2e24b741e235550d063850464467cb (commit) - Log - commit 3dcec2fb274235e938ce04f43e3e2f6d5743ae52 Author: Tomas Mraz Date: Mon Jan 10 17:09:59 2022 +0100 EVP_DigestSignFinal: *siglen should not be read if sigret == NULL This fixes small regression from #16962. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17460) (cherry picked from commit a4e01187d3648d9ce99507097400902cf21f9b55) --- Summary of changes: crypto/evp/m_sigver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 9188edbc21..7409780065 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -480,14 +480,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + sigret == NULL ? 0 : *siglen); dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + *siglen); EVP_PKEY_CTX_free(dctx); return r;
[openssl] master update
The branch master has been updated via a4e01187d3648d9ce99507097400902cf21f9b55 (commit) from a10a576090022e583a06271ceced8e38dd509657 (commit) - Log - commit a4e01187d3648d9ce99507097400902cf21f9b55 Author: Tomas Mraz Date: Mon Jan 10 17:09:59 2022 +0100 EVP_DigestSignFinal: *siglen should not be read if sigret == NULL This fixes small regression from #16962. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17460) --- Summary of changes: crypto/evp/m_sigver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index e034189bb5..0993de0937 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -480,14 +480,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + sigret == NULL ? 0 : *siglen); dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + *siglen); EVP_PKEY_CTX_free(dctx); return r;
[openssl] master update
The branch master has been updated via a10a576090022e583a06271ceced8e38dd509657 (commit) via 3ee3a2bd1e5763b0df5c0a2cba3b06edc26f5276 (commit) via 3831351da50b7ce07edba88056394a7a33c5e5d5 (commit) via 291c5b3e39f4c98e61cf7f65056fe49780d1f0ac (commit) via ac1082f00f991aca1c6e8282717fece16e9bb41f (commit) via 826da1451b2525b70f93fcc57ed5dbab61a19591 (commit) from b82fd89d8bae1445c89ec90d1a6145fe3216d2d7 (commit) - Log - commit a10a576090022e583a06271ceced8e38dd509657 Author: Pauli Date: Mon Jan 10 11:36:24 2022 +1100 param dup: add errors to failure returns Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17440) commit 3ee3a2bd1e5763b0df5c0a2cba3b06edc26f5276 Author: Pauli Date: Mon Jan 10 11:33:06 2022 +1100 param build set: add errors to failure returns Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17440) commit 3831351da50b7ce07edba88056394a7a33c5e5d5 Author: Pauli Date: Mon Jan 10 11:31:45 2022 +1100 param build: add errors to failure returns Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17440) commit 291c5b3e39f4c98e61cf7f65056fe49780d1f0ac Author: Pauli Date: Mon Jan 10 11:10:34 2022 +1100 test: check for properly raised errors during param conversion Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17440) commit ac1082f00f991aca1c6e8282717fece16e9bb41f Author: Pauli Date: Fri Jan 7 22:11:10 2022 +1100 params: add error messages for built in param conversions Specifically: * out of range * unsigned negatives * inexact reals * bad param types * buffers that are too small * null function arguments * unknown sizes of real Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17440) commit 826da1451b2525b70f93fcc57ed5dbab61a19591 Author: Pauli Date: Fri Jan 7 22:10:38 2022 +1100 err: add additional errors Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17440) --- Summary of changes: crypto/cpt_err.c | 20 ++- crypto/err/openssl.txt| 15 ++- crypto/param_build.c | 4 +- crypto/param_build_set.c | 4 +- crypto/params.c | 305 +++--- crypto/params_dup.c | 12 +- include/crypto/cryptoerr.h| 2 +- include/openssl/cryptoerr.h | 11 +- test/params_conversion_test.c | 15 ++- 9 files changed, 324 insertions(+), 64 deletions(-) diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 8574f31a81..02d631466c 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,14 +29,32 @@ static const ERR_STRING_DATA CRYPTO_str_reasons[] = { "insufficient param size"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE), "insufficient secure data space"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INTEGER_OVERFLOW), +"integer overflow"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NEGATIVE_VALUE), "invalid negative value"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE), "invalid ossl param type"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_NO_PARAMS_TO_MERGE), +"no params to merge"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_NO_SPACE_FOR_TERMINATING_NULL), +"no space for terminating null"}, {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PARAM_CANNOT_BE_REPRESENTED_EXACTLY), +"param cannot be represented exactly"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PARAM_NOT_INTEGER_TYPE), +"param not integer type"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PARAM_OF_INCOMPATIBLE_TYPE), +"param of incompatible type"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PARAM_UNSIGNED_INTEGER_NEGATIVE_VALUE_UNSUPPORTED), +"param unsigned integer negative value unsupported"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PARAM_UNSUPPORTED_FLOATING_POINT_FORMAT), +"param unsupported floating point format"}, +{ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PARAM_VALUE_TOO_LARGE_FOR_DESTINATION), +"param value too large for