Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D06A4_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFGdgRSOP9zHmKQDsdC1jyP-2BkHVK2p7o9cWX9tICy1Rgs8c-2BSwmB3MWe6yWtAhaf805y483a3XLBR5NdSuKGH0snbnOOz3qlNUjirMqf2oxGhGuxw3oWMzN-2FJCF-2FqJKTewCRR6732HuYaVRpumWaBOLCm2pc28-2BgiYkqGZegdYtUPu-2BMvFkIYPgENEypRA4Jvo-3D Build ID: 484207 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl/openssl] fcae2a: Add Content Type OID for RPKI id-ct-signedTAL
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: fcae2ae4f675def607d338b7945b9af1dd9bb746 https://github.com/openssl/openssl/commit/fcae2ae4f675def607d338b7945b9af1dd9bb746 Author: Job Snijders Date: 2022-10-03 (Mon, 03 Oct 2022) Changed paths: M crypto/objects/obj_dat.h M crypto/objects/obj_mac.num M crypto/objects/objects.txt M fuzz/oids.txt M include/openssl/obj_mac.h Log Message: --- Add Content Type OID for RPKI id-ct-signedTAL References: draft-ietf-sidrops-signed-tal Title: "RPKI Signed Object for Trust Anchor Key" OID permanently assigned under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 CLA: trivial Reviewed-by: Hugo Landau Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19221)
[openssl/openssl] 01b533: Configurations: mips64*-linux-*abin32 needs bn_ops...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 01b533540a555fc3a9eee4957c3feec1168cd709 https://github.com/openssl/openssl/commit/01b533540a555fc3a9eee4957c3feec1168cd709 Author: Adam Joseph Date: 2022-10-03 (Mon, 03 Oct 2022) Changed paths: M Configurations/10-main.conf Log Message: --- Configurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(0003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19320) (cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908)
[openssl/openssl] 9f0867: Configurations: mips64*-linux-*abin32 needs bn_ops...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 9f0867da4cbf77ed642717b5e703e09ab2c087a0 https://github.com/openssl/openssl/commit/9f0867da4cbf77ed642717b5e703e09ab2c087a0 Author: Adam Joseph Date: 2022-10-03 (Mon, 03 Oct 2022) Changed paths: M Configurations/10-main.conf Log Message: --- Configurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(0003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19320) (cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908)
[openssl/openssl] d250e8: Configurations: mips64*-linux-*abin32 needs bn_ops...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: d250e8563fa400fd3d9b93cff609c7503149b908 https://github.com/openssl/openssl/commit/d250e8563fa400fd3d9b93cff609c7503149b908 Author: Adam Joseph Date: 2022-10-03 (Mon, 03 Oct 2022) Changed paths: M Configurations/10-main.conf Log Message: --- Configurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(0003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19320)
[openssl/openssl] 3189e1: Avoid divide by 0 exception
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3189e12733e676fbbc30b1b2d98952a6a9f78073 https://github.com/openssl/openssl/commit/3189e12733e676fbbc30b1b2d98952a6a9f78073 Author: Kelvin Lee Date: 2022-10-02 (Sun, 02 Oct 2022) Changed paths: M include/internal/safe_math.h Log Message: --- Avoid divide by 0 exception CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19310)
