Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DWqzZ_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFBhF1fWbsKwy-2BIgCdyC2NinZsXE7iMl04rJBazeE7X4FGzpGMs33HnuVB760EzaQPvpS3RpgkiPAdig9sCBR8uWvdu9Y0s617cHOSh2nDQM2n4ShnzZDiQM4VNzWT3ZXTtAVNPkM7ZfP5sMHhijx-2FiKpZyzcz1X7Nplz4eLGayVJ4Pd4VIGrvXr-2B0YnpoeTt0-3D Build ID: 488403 Analysis Summary: New defects found: 1 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DEpTL_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFBhF1fWbsKwy-2BIgCdyC2NinZsXE7iMl04rJBazeE7X4KDn34ILxBBbLzbaArpoX9h1rv31e4jkrGFhNiZcanke8JAn42WYUYmCZA5g5akZ28JQwqqJDZ-2BKB3T1rA1Zn-2BBe8rBUurHLFur2W3qBflARu6tHnQUznpH4k-2FxsKLfHDjmDOtXTMB1RiKPfxdcHUG8-3D
[openssl/openssl] 5e569f: Fix coverity 1516093 tainted scalar
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 5e569f0a2e11a59cab7b6f525865232e7770e2f0 https://github.com/openssl/openssl/commit/5e569f0a2e11a59cab7b6f525865232e7770e2f0 Author: Todd Short Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M ssl/t1_trce.c Log Message: --- Fix coverity 1516093 tainted scalar Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19440) Commit: d06d5d6b68f39c7f75f1130f984efa78c291fb57 https://github.com/openssl/openssl/commit/d06d5d6b68f39c7f75f1130f984efa78c291fb57 Author: Todd Short Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M ssl/statem/statem_clnt.c Log Message: --- Fix coverity 1516094 uninit Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19440) Commit: dc45bfb4b452ba5a876ebf48791217b69d092ff9 https://github.com/openssl/openssl/commit/dc45bfb4b452ba5a876ebf48791217b69d092ff9 Author: Todd Short Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M test/cert_comp_test.c Log Message: --- Fix coverity 1516095 deadcode Unless multiple compression algorithms are configured, test 3 is not run, so anything looking at `test == 3` is considered dead code. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19440) Compare: https://github.com/openssl/openssl/compare/efd59f7a37bf...dc45bfb4b452
[openssl/openssl] f531e4: link the pyca tests against the correct openssl
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: f531e4ae0c3f1ffbeaff4364ee3140662195adca https://github.com/openssl/openssl/commit/f531e4ae0c3f1ffbeaff4364ee3140662195adca Author: Paul Kehrer Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M test/recipes/95-test_external_pyca_data/cryptography.sh Log Message: --- link the pyca tests against the correct openssl Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19439) (cherry picked from commit 097752da99d9c27702e9e9d51609efedd3a4d0cf) Commit: e5b8044a7a836556fae61902a4bd3c6bdbdc0f35 https://github.com/openssl/openssl/commit/e5b8044a7a836556fae61902a4bd3c6bdbdc0f35 Author: Paul Kehrer Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M pyca-cryptography Log Message: --- update pyca cryptography to 38.0.2 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19439) (cherry picked from commit efd59f7a37bf1f9034b62b67f730c25dff0e8d8e) Compare: https://github.com/openssl/openssl/compare/bd7379b0db5c...e5b8044a7a83
[openssl/openssl] 097752: link the pyca tests against the correct openssl
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 097752da99d9c27702e9e9d51609efedd3a4d0cf https://github.com/openssl/openssl/commit/097752da99d9c27702e9e9d51609efedd3a4d0cf Author: Paul Kehrer Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M test/recipes/95-test_external_pyca_data/cryptography.sh Log Message: --- link the pyca tests against the correct openssl Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19439) Commit: efd59f7a37bf1f9034b62b67f730c25dff0e8d8e https://github.com/openssl/openssl/commit/efd59f7a37bf1f9034b62b67f730c25dff0e8d8e Author: Paul Kehrer Date: 2022-10-21 (Fri, 21 Oct 2022) Changed paths: M pyca-cryptography Log Message: --- update pyca cryptography to 38.0.2 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19439) Compare: https://github.com/openssl/openssl/compare/3c153d8722d5...efd59f7a37bf
[openssl/openssl] 3c153d: Fix make update
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 3c153d8722d52ac6faa0d98873060272e5f160ea https://github.com/openssl/openssl/commit/3c153d8722d52ac6faa0d98873060272e5f160ea Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M crypto/err/openssl.txt M include/openssl/sslerr.h Log Message: --- Fix make update The recent DTLS write record layer code and the certificate compression code both added new SSL_R_ reason codes. The numbers are conflicting due to rebase issues and causing make update to fail. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19457)
[openssl/openssl] 2d23ba: Finer grained error records for provider load/init...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 2d23ba14630551ee347acafcab81fa1a290c6504 https://github.com/openssl/openssl/commit/2d23ba14630551ee347acafcab81fa1a290c6504 Author: Richard Levitte Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M crypto/provider_core.c Log Message: --- Finer grained error records for provider load/init failures When a provider is activated, these three cases would record that the provider init function failed (implying that it was called): - failure to load the provider module (in case it's a dynamically loadable module) - the init function not being present (i.e. being NULL) - the init function being called and returning an error indication (i.e. returning a false value) This is confusing. Separating the three cases so that they record different errors will make it easier to determine causes of failure. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19419)
[openssl/openssl] bd7379: Fix no longer implicitly refresh the cached TBSCer...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: bd7379b0db5c7e9814aff67d053cd786e4773a16 https://github.com/openssl/openssl/commit/bd7379b0db5c7e9814aff67d053cd786e4773a16 Author: Gibeom Gwon Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M crypto/x509/x_all.c Log Message: --- Fix no longer implicitly refresh the cached TBSCertificate This reverts commit 9249a34b076df9a9d55ab74ab465d336980cae6a. Fixes #19388 Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19393) (cherry picked from commit 963e0bc43369a6dbe6644f709630f6c9f63dccf9)
[openssl/openssl] 963e0b: Fix no longer implicitly refresh the cached TBSCer...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 963e0bc43369a6dbe6644f709630f6c9f63dccf9 https://github.com/openssl/openssl/commit/963e0bc43369a6dbe6644f709630f6c9f63dccf9 Author: Gibeom Gwon Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M crypto/x509/x_all.c Log Message: --- Fix no longer implicitly refresh the cached TBSCertificate This reverts commit 9249a34b076df9a9d55ab74ab465d336980cae6a. Fixes #19388 Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19393)
[openssl/openssl] 22d6e8: Remove create_empty_fragment from do_dtls1_write()
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 22d6e8547f11dae2e4c026be93331e9acfe9b940 https://github.com/openssl/openssl/commit/22d6e8547f11dae2e4c026be93331e9acfe9b940 Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/d1_msg.c M ssl/record/rec_layer_d1.c M ssl/record/record.h Log Message: --- Remove create_empty_fragment from do_dtls1_write() do_dtls1_write() was never called with a value for create_empty_fragment that was ever non-zero - so this is dead code and can be removed. The equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect against known IV weaknesses because those protocol versions do not have an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an explicit IV - so this is not useful there. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19424) Commit: 88bf978eb1766bec720c198deabe8d0a5de157bb https://github.com/openssl/openssl/commit/88bf978eb1766bec720c198deabe8d0a5de157bb Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/record/rec_layer_d1.c Log Message: --- Create a dlts_write_records() function In preparation for moving the DTLS code to use the new write record layer architecture we first restructure the code to create a dtls_write_records() function that mirrors the functionality that the record layer will provide. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19424) Commit: fc938db6cc46c6b59ab9da39f3c5b9c9a97ad33a https://github.com/openssl/openssl/commit/fc938db6cc46c6b59ab9da39f3c5b9c9a97ad33a Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/rec_layer_d1.c Log Message: --- Move dlts_write_records() function in the record layer At the this stage we just move the code and don't restructure it to do it the record layer way yet. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19424) Commit: bf04cbfafe77ddc67f1a9c06ffb044f9bf44057c https://github.com/openssl/openssl/commit/bf04cbfafe77ddc67f1a9c06ffb044f9bf44057c Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/methods/tls1_meth.c M ssl/record/methods/tlsany_meth.c Log Message: --- Use record layer buffers for DTLS rather than the buffers in s->rlayer Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19424) Commit: 4cdd198ec204a4c2ec6b3ec728ebcc8af04abc86 https://github.com/openssl/openssl/commit/4cdd198ec204a4c2ec6b3ec728ebcc8af04abc86 Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/rec_layer_d1.c Log Message: --- Convert dtls_write_records() to return the correct return values We now use standard record layer return values for this function. We also convert the code to use RLAYERfatal instead of SSLfatal. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19424) Commit: 602ee1f672a41f984e8923ad7430ca51ca42abde https://github.com/openssl/openssl/commit/602ee1f672a41f984e8923ad7430ca51ca42abde Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/methods/recmethod_local.h M ssl/record/methods/tls1_meth.c M ssl/record/methods/tlsany_meth.c Log Message: --- Use common tls_write_records() even for DTLS In practice this just means have a DTLS specific write_records that the common tls_write_records() just calls. We also replace the use of ssl3_write_pending() with tls_retry_write_records(). Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/19424) Commit: 248a9bf21ad5a61d911765964e2758e0da3c554c https://github.com/openssl/openssl/commit/248a9bf21ad5a61d911765964e2758e0da3c554c Author: Matt Caswell Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/methods/tls1_meth.c M ssl/record/methods/tlsany_meth.c Log Message: --- Start using WPACKET in the dtls write records code Previously this was writing to the buffers directly. We use the safer WPACKET instead Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from
[openssl/openssl] 706fc5: c_rehash: Fix file extension matching
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 706fc5f6ebd63e1fcd18d4764248206ab3c18a0a https://github.com/openssl/openssl/commit/706fc5f6ebd63e1fcd18d4764248206ab3c18a0a Author: Tobias Girstmair Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M tools/c_rehash.in Log Message: --- c_rehash: Fix file extension matching For some reason, parenthesis were added 8 years ago in commit a787c2590e468585a1a19738e0c7f481ec91b762. This essentially removed the \. and $ constructs from the middle branches. Hence a file called e.g. cert.key would accidentally match the (cer) rule. CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19427)
[openssl/openssl] f44d32: add a check for the return of sk_SRP_gN_new_null()...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: f44d32fdfbd2a249dae74dc24478f31fca69d288 https://github.com/openssl/openssl/commit/f44d32fdfbd2a249dae74dc24478f31fca69d288 Author: xkernel Date: 2022-10-20 (Thu, 20 Oct 2022) Changed paths: M crypto/srp/srp_vfy.c Log Message: --- add a check for the return of sk_SRP_gN_new_null() so that capture the potential memory error in time Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19435)