date:20220222

Coverity Scan: Analysis completed for openssl/openssl

2022-02-22 Thread scan-admin



Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DdjHW_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFyF-2FUGFtcxWMgO8LTjmc9dUWrP16zXOWwJRYu9VeRwvWv8-2BbTBqB3a-2BOsLVrch061WSR7scYih50AkUEtOYCBDbDEa0FJ2l1H2K-2FqjoptqGthOlwicKhZoXS-2BYEx-2BU90o9vvSYqtmPnztwB-2FXAy1iUuGx9EEbIuYmUUrnZpzyeQH00TcmPcpApORhSzGx-2Blmc-3D

Build ID: 439300

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl] openssl-3.0 update

2022-02-22 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  0ec286a62840c2a0de4b7a1b5063ace3338a925f (commit)
  from  46119286c16341734b3cb60945fb07d1ea30eb81 (commit)


- Log -
commit 0ec286a62840c2a0de4b7a1b5063ace3338a925f
Author: xkernel 
Date:   Mon Feb 21 15:29:25 2022 +0800

check *libctx which is allocated by OSSL_LIB_CTX_new()

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17740)

(cherry picked from commit 8d215738a05350baa583c47a2c52371d9cff3197)

---

Summary of changes:
 test/tls-provider.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/tls-provider.c b/test/tls-provider.c
index 9ac1db51b3..3b7be54331 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -840,6 +840,9 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle,
 {
 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
 
+if (libctx == NULL)
+return 0;
+
 *provctx = libctx;
 
 /*

[openssl] master update

2022-02-22 Thread Dr . Paul Dale

The branch master has been updated
   via  8d215738a05350baa583c47a2c52371d9cff3197 (commit)
  from  b0317df2311769e02d9ceb4e7afe19521f8ffbf1 (commit)


- Log -
commit 8d215738a05350baa583c47a2c52371d9cff3197
Author: xkernel 
Date:   Mon Feb 21 15:29:25 2022 +0800

check *libctx which is allocated by OSSL_LIB_CTX_new()

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17740)

---

Summary of changes:
 test/tls-provider.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/test/tls-provider.c b/test/tls-provider.c
index 7bff6e7406..c658514854 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -840,6 +840,9 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle,
 {
 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
 
+if (libctx == NULL)
+return 0;
+
 *provctx = libctx;
 
 /*

[openssl] openssl-3.0 update

2022-02-22 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  46119286c16341734b3cb60945fb07d1ea30eb81 (commit)
  from  ad910cc482c8e06d04a141a9f5f79172a6e56f66 (commit)


- Log -
commit 46119286c16341734b3cb60945fb07d1ea30eb81
Author: Jiasheng Jiang 
Date:   Mon Feb 21 10:54:29 2022 +0800

test/sslapitest.c: Add check for SSL_CTX_new

As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17739)

(cherry picked from commit b0317df2311769e02d9ceb4e7afe19521f8ffbf1)

---

Summary of changes:
 test/sslapitest.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 9056fa28f1..b2f3471548 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8074,8 +8074,12 @@ static int test_cert_cb_int(int prot, int tst)
 else
 cert_cb_cnt = 0;
 
-if (tst == 2)
+if (tst == 2) {
 snictx = SSL_CTX_new(TLS_server_method());
+if (!TEST_ptr(snictx))
+goto end;
+}
+
 SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
 
 if (!TEST_true(create_ssl_objects(sctx, cctx, , ,

[openssl] master update

2022-02-22 Thread Dr . Paul Dale

The branch master has been updated
   via  b0317df2311769e02d9ceb4e7afe19521f8ffbf1 (commit)
  from  a044af49c43ec8fe099deeb5d06501ddf70abf7a (commit)


- Log -
commit b0317df2311769e02d9ceb4e7afe19521f8ffbf1
Author: Jiasheng Jiang 
Date:   Mon Feb 21 10:54:29 2022 +0800

test/sslapitest.c: Add check for SSL_CTX_new

As the potential failure of the memory allocation, it should
be better to check the return value of SSL_CTX_new() and return
error if fails, like SSL_CTX_new_ex().

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17739)

---

Summary of changes:
 test/sslapitest.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 181d0ef686..8ba5d8125c 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8090,8 +8090,12 @@ static int test_cert_cb_int(int prot, int tst)
 else
 cert_cb_cnt = 0;
 
-if (tst == 2)
+if (tst == 2) {
 snictx = SSL_CTX_new(TLS_server_method());
+if (!TEST_ptr(snictx))
+goto end;
+}
+
 SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
 
 if (!TEST_true(create_ssl_objects(sctx, cctx, , ,

[openssl] master update

2022-02-22 Thread dev

The branch master has been updated
   via  a044af49c43ec8fe099deeb5d06501ddf70abf7a (commit)
   via  2455a21f4ef9826b465ba68fd96f26ea25b80b10 (commit)
  from  cd7ec0bca00ceb6e8d4af46a57c6c096a7ed8947 (commit)


- Log -
commit a044af49c43ec8fe099deeb5d06501ddf70abf7a
Author: Dr. David von Oheimb 
Date:   Fri Feb 18 09:36:00 2022 +0100

X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17724)

commit 2455a21f4ef9826b465ba68fd96f26ea25b80b10
Author: Dr. David von Oheimb 
Date:   Thu Feb 17 19:43:55 2022 +0100

X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17724)

---

Summary of changes:
 doc/man3/X509V3_get_d2i.pod | 66 +++--
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod
index 981eab14b8..a94e92191d 100644
--- a/doc/man3/X509V3_get_d2i.pod
+++ b/doc/man3/X509V3_get_d2i.pod
@@ -2,11 +2,12 @@
 
 =head1 NAME
 
-X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
 X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
-X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
-X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
-X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
+X509_get_ext_d2i, X509_add1_ext_i2d,
+X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d,
+X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d,
+X509_get0_extensions, X509_CRL_get0_extensions,
+X509_REVOKED_get0_extensions - X509 extension decode and encode functions
 
 =head1 SYNOPSIS
 
@@ -38,37 +39,37 @@ X509_REVOKED_add1_ext_i2d - X509 extension decode and 
encode functions
 
 =head1 DESCRIPTION
 
-X509V3_get_ext_d2i() looks for an extension with OID B in the extensions
-B and, if found, decodes it. If B is B then only one
+X509V3_get_d2i() looks for an extension with OID I in the extensions
+I and, if found, decodes it. If I is NULL then only one
 occurrence of an extension is permissible otherwise the first extension after
-index B<*idx> is returned and B<*idx> updated to the location of the extension.
-If B is not B then B<*crit> is set to a status value: -2 if the
-extension occurs multiple times (this is only returned if B is B),
+index I<*idx> is returned and I<*idx> updated to the location of the extension.
+If I is not NULL then I<*crit> is set to a status value: -2 if the
+extension occurs multiple times (this is only returned if I is NULL),
 -1 if the extension could not be found, 0 if the extension is found and is
 not critical and 1 if critical. A pointer to an extension specific structure
-or B is returned.
+or NULL is returned.
 
-X509V3_add1_i2d() adds extension B to STACK B<*x> (allocating a new
-STACK if necessary) using OID B and criticality B according
-to B.
+X509V3_add1_i2d() adds extension I to STACK I<*x> (allocating a new
+STACK if necessary) using OID I and criticality I according
+to I.
 
 X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension
-B and returns a pointer to an extension specific structure or B
+I and returns a pointer to an extension specific structure or NULL
 if the extension could not be decoded (invalid syntax or not supported).
 
-X509V3_EXT_i2d() encodes the extension specific structure B
-with OID B and criticality B.
+X509V3_EXT_i2d() encodes the extension specific structure I
+with OID I and criticality I.
 
 X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
-certificate B, they are otherwise identical to X509V3_get_d2i() and
+certificate I, they are otherwise identical to X509V3_get_d2i() and
 X509V3_add_i2d().
 
 X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions
-of CRL B, they are otherwise identical to X509V3_get_d2i() and
+of CRL I, they are otherwise identical to X509V3_get_d2i() and
 X509V3_add_i2d().
 
 X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
-extensions of B structure B (i.e for CRL entry extensions),
+extensions of B structure I (i.e for CRL entry extensions),
 they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().
 
 X509_get0_extensions(), X509_CRL_get0_extensions() and
@@ -78,9 +79,9 @@ of a certificate a CRL or a CRL entry respectively.
 =head1 NOTES
 
 In almost all cases an extension can occur at most once and multiple
-occurrences is an error. Therefore, the B parameter is usually B.
+occurrences is an error. Therefore, the I parameter is usually NULL.
 
-The B parameter may be one of the following values.
+The I parameter may be one of the following values.

[openssl] openssl-3.0 update

2022-02-22 Thread dev

The branch openssl-3.0 has been updated
   via  ad910cc482c8e06d04a141a9f5f79172a6e56f66 (commit)
   via  3138402278b3fc3ce67edc01e6198b9840ca7d9b (commit)
  from  5675a5aaf6a2e489022bcfc18330dae9263e598e (commit)


- Log -
commit ad910cc482c8e06d04a141a9f5f79172a6e56f66
Author: Dr. David von Oheimb 
Date:   Fri Feb 18 09:36:00 2022 +0100

X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17724)

(cherry picked from commit a044af49c43ec8fe099deeb5d06501ddf70abf7a)

commit 3138402278b3fc3ce67edc01e6198b9840ca7d9b
Author: Dr. David von Oheimb 
Date:   Thu Feb 17 19:43:55 2022 +0100

X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17724)

(cherry picked from commit 2455a21f4ef9826b465ba68fd96f26ea25b80b10)

---

Summary of changes:
 doc/man3/X509V3_get_d2i.pod | 66 +++--
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod
index 981eab14b8..a94e92191d 100644
--- a/doc/man3/X509V3_get_d2i.pod
+++ b/doc/man3/X509V3_get_d2i.pod
@@ -2,11 +2,12 @@
 
 =head1 NAME
 
-X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions,
 X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
-X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i,
-X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i,
-X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
+X509_get_ext_d2i, X509_add1_ext_i2d,
+X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d,
+X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d,
+X509_get0_extensions, X509_CRL_get0_extensions,
+X509_REVOKED_get0_extensions - X509 extension decode and encode functions
 
 =head1 SYNOPSIS
 
@@ -38,37 +39,37 @@ X509_REVOKED_add1_ext_i2d - X509 extension decode and 
encode functions
 
 =head1 DESCRIPTION
 
-X509V3_get_ext_d2i() looks for an extension with OID B in the extensions
-B and, if found, decodes it. If B is B then only one
+X509V3_get_d2i() looks for an extension with OID I in the extensions
+I and, if found, decodes it. If I is NULL then only one
 occurrence of an extension is permissible otherwise the first extension after
-index B<*idx> is returned and B<*idx> updated to the location of the extension.
-If B is not B then B<*crit> is set to a status value: -2 if the
-extension occurs multiple times (this is only returned if B is B),
+index I<*idx> is returned and I<*idx> updated to the location of the extension.
+If I is not NULL then I<*crit> is set to a status value: -2 if the
+extension occurs multiple times (this is only returned if I is NULL),
 -1 if the extension could not be found, 0 if the extension is found and is
 not critical and 1 if critical. A pointer to an extension specific structure
-or B is returned.
+or NULL is returned.
 
-X509V3_add1_i2d() adds extension B to STACK B<*x> (allocating a new
-STACK if necessary) using OID B and criticality B according
-to B.
+X509V3_add1_i2d() adds extension I to STACK I<*x> (allocating a new
+STACK if necessary) using OID I and criticality I according
+to I.
 
 X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension
-B and returns a pointer to an extension specific structure or B
+I and returns a pointer to an extension specific structure or NULL
 if the extension could not be decoded (invalid syntax or not supported).
 
-X509V3_EXT_i2d() encodes the extension specific structure B
-with OID B and criticality B.
+X509V3_EXT_i2d() encodes the extension specific structure I
+with OID I and criticality I.
 
 X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
-certificate B, they are otherwise identical to X509V3_get_d2i() and
+certificate I, they are otherwise identical to X509V3_get_d2i() and
 X509V3_add_i2d().
 
 X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions
-of CRL B, they are otherwise identical to X509V3_get_d2i() and
+of CRL I, they are otherwise identical to X509V3_get_d2i() and
 X509V3_add_i2d().
 
 X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
-extensions of B structure B (i.e for CRL entry extensions),
+extensions of B structure I (i.e for CRL entry extensions),
 they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().
 
 X509_get0_extensions(), X509_CRL_get0_extensions() and
@@ -78,9 +79,9 @@ of a certificate a CRL or a CRL entry respectively.
 =head1 NOTES
 
 In almost all cases an extension can occur at most once and multiple
-occurrences is an error. Therefore, the B parameter is usually B.
+occurrences is

[openssl] master update

2022-02-22 Thread dev

The branch master has been updated
   via  cd7ec0bca00ceb6e8d4af46a57c6c096a7ed8947 (commit)
  from  f596bbe4da779b56eea34d96168b557d78e1149a (commit)


- Log -
commit cd7ec0bca00ceb6e8d4af46a57c6c096a7ed8947
Author: Dr. David von Oheimb 
Date:   Thu Feb 17 19:46:29 2022 +0100

CMP: add subject of any provided CSR as default message sender

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17723)

---

Summary of changes:
 crypto/cmp/cmp_hdr.c  | 3 ++-
 doc/man1/openssl-cmp.pod.in   | 4 +++-
 doc/man3/OSSL_CMP_CTX_new.pod | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index e970e6cbd7..86966c3195 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -301,11 +301,12 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, 
OSSL_CMP_PKIHEADER *hdr)
 return 0;
 
 /*
- * If neither protection cert nor oldCert nor subject are given,
+ * If no protection cert nor oldCert nor CSR nor subject is given,
  * sender name is not known to the client and thus set to NULL-DN
  */
 sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) :
 ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) :
+ctx->p10CSR != NULL ? X509_REQ_get_subject_name(ctx->p10CSR) :
 ctx->subjectName;
 if (!ossl_cmp_hdr_set1_sender(hdr, sender))
 return 0;
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 705baf1dd6..5a111a39eb 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -273,7 +273,7 @@ or of the reference certificate (see B<-oldcert>) if 
provided.
 This default is used for IR and CR only if no SANs are set.
 If the NULL-DN (C<"/">) is given then no subject is placed in the template.
 
-If provided and neither B<-cert> nor B<-oldcert> is given,
+If provided and neither of B<-cert>, B<-oldcert>, or B<-csr> is given,
 the subject DN is used as fallback sender of outgoing CMP messages.
 
 The argument must be formatted as I.
@@ -360,6 +360,8 @@ When used with B<-cmd> I, I, or I, it is 
transformed into the
 respective regular CMP request.
 It may also be used with B<-cmd> I to specify the certificate to be revoked
 via the included subject name and public key.
+Its subject is used as fallback sender in CMP message headers
+if B<-cert> and B<-oldcert> are not given.
 
 =item B<-out_trusted> I|I
 
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index d739f7f6f7..883bda8b69 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -457,7 +457,8 @@ When using signature-based protection of CMP request 
messages
 this CMP signer certificate will be included first in the extraCerts field.
 It serves as fallback reference certificate, see OSSL_CMP_CTX_set1_oldCert().
 The subject of this I will be used as the sender field of outgoing
-messages, while the subject of any cert set via OSSL_CMP_CTX_set1_oldCert()
+messages, while the subject of any cert set via OSSL_CMP_CTX_set1_oldCert(),
+the subject of any PKCS#10 CSR set via OSSL_CMP_CTX_set1_p10CSR(),
 and any value set via OSSL_CMP_CTX_set1_subjectName() are used as fallback.
 
 The I argument may be NULL to clear the entry.

Coverity Scan: Analysis completed for openssl/openssl

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

8 matches

Site Navigation

Mail list logo

Footer information