Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D7JaM_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEJaHCrOfGEMcgJoqtb19S-2B2HMtCPH-2BL9Jimk2bfKz-2F9ZW95mH8xnJ9om-2BdfXTC-2FZxDZzJDwCnJ81CXfT6imMaBUJ37A4Ph2NPxAaoIMg6ep764y7NulSr8CzQRnryFSkBe6V1XIg2slrehfnfnKxYUd5qYGz4I4vYjRn1r54ONn2WcnpcMZtbOewespledUOk-3D Build ID: 492901 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl/openssl] 709c04: punycode: update to use WPACKET instead of using c...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 709c04b5dd6a24f88459d9e214e85e396b2471fd https://github.com/openssl/openssl/commit/709c04b5dd6a24f88459d9e214e85e396b2471fd Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M crypto/punycode.c M crypto/x509/v3_ncons.c M doc/internal/man3/ossl_punycode_decode.pod M include/crypto/punycode.h M test/punycode_test.c Log Message: --- punycode: update to use WPACKET instead of using custom range checking Add test for `.' overflows, remove the output size argument from ossl_a2ulabel() since it was never used and greatly complicated the code. Convert ossl_a2ulabel() to use WPACKET for building the output string. Update the documentation to match the new definition of ossl_a2ulabel(). x509: let punycode handle the '\0' string termination. Saves a memset(3) and some size fiddling. Also update to deal with the modified parameters. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) (cherry picked from commit 905ba924398f474e647de70345b4ae4089fedba7) Commit: f01ebab0c0ef26677ab6d885922ca1a1b24494fc https://github.com/openssl/openssl/commit/f01ebab0c0ef26677ab6d885922ca1a1b24494fc Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M fuzz/build.info A fuzz/corpora/punycode/ A fuzz/corpora/punycode/0001 M fuzz/fuzzer.h A fuzz/punycode.c M include/crypto/punycode.h Log Message: --- fuzz: add punycode decoder fuzz test Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) (cherry picked from commit 8aa82b337081b7a22c35dddad8d62fb1ca9ea884) Compare: https://github.com/openssl/openssl/compare/7abe06cbb52c...f01ebab0c0ef
[openssl/openssl] 905ba9: punycode: update to use WPACKET instead of using c...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 905ba924398f474e647de70345b4ae4089fedba7 https://github.com/openssl/openssl/commit/905ba924398f474e647de70345b4ae4089fedba7 Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M crypto/punycode.c M crypto/x509/v3_ncons.c M doc/internal/man3/ossl_punycode_decode.pod M include/crypto/punycode.h M test/punycode_test.c Log Message: --- punycode: update to use WPACKET instead of using custom range checking Add test for `.' overflows, remove the output size argument from ossl_a2ulabel() since it was never used and greatly complicated the code. Convert ossl_a2ulabel() to use WPACKET for building the output string. Update the documentation to match the new definition of ossl_a2ulabel(). x509: let punycode handle the '\0' string termination. Saves a memset(3) and some size fiddling. Also update to deal with the modified parameters. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) Commit: 8aa82b337081b7a22c35dddad8d62fb1ca9ea884 https://github.com/openssl/openssl/commit/8aa82b337081b7a22c35dddad8d62fb1ca9ea884 Author: Pauli Date: 2022-11-11 (Fri, 11 Nov 2022) Changed paths: M fuzz/build.info A fuzz/corpora/punycode/ A fuzz/corpora/punycode/0001 M fuzz/fuzzer.h A fuzz/punycode.c M include/crypto/punycode.h Log Message: --- fuzz: add punycode decoder fuzz test Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19591) Compare: https://github.com/openssl/openssl/compare/373d90128042...8aa82b337081
[openssl/openssl] 60d391: pem: fix a memory leak in PEM_write_bio_PrivateKey...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 60d391b6f0178e1f1afac242db460a14590bc03e https://github.com/openssl/openssl/commit/60d391b6f0178e1f1afac242db460a14590bc03e Author: Milan Broz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/pem/pem_pkey.c Log Message: --- pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional The copy of PKEY should be released on the error path. Easily reproduced with "ED448" context. Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19536) (cherry picked from commit 608aca8ed2becccfe9c238846834ea2b162fc98b) Commit: 2fee530c86d5e203a311e0857330fa94ab18c6e9 https://github.com/openssl/openssl/commit/2fee530c86d5e203a311e0857330fa94ab18c6e9 Author: Milan Broz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/pem/pem_pkey.c M test/evp_pkey_provided_test.c Log Message: --- pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey Make the code more robust and correctly handle EVP_PKEY set to NULL instead of dereferencing null pointer. Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19536) (cherry picked from commit 373d90128042cb0409e347827d80b50a99d3965a) Compare: https://github.com/openssl/openssl/compare/b8a5adf3ec46...2fee530c86d5
[openssl/openssl] c8df07: pem: fix a memory leak in PEM_write_bio_PrivateKey...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: c8df0736e42b909a158282ffc7c04fec6acd18fe https://github.com/openssl/openssl/commit/c8df0736e42b909a158282ffc7c04fec6acd18fe Author: Milan Broz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/pem/pem_pkey.c Log Message: --- pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional The copy of PKEY should be released on the error path. Easily reproduced with "ED448" context. Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19536) (cherry picked from commit 608aca8ed2becccfe9c238846834ea2b162fc98b) Commit: 7abe06cbb52cf4c214f8eac1b5f9f3c6a38ed9fa https://github.com/openssl/openssl/commit/7abe06cbb52cf4c214f8eac1b5f9f3c6a38ed9fa Author: Milan Broz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/pem/pem_pkey.c M test/evp_pkey_provided_test.c Log Message: --- pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey Make the code more robust and correctly handle EVP_PKEY set to NULL instead of dereferencing null pointer. Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19536) (cherry picked from commit 373d90128042cb0409e347827d80b50a99d3965a) Compare: https://github.com/openssl/openssl/compare/80645dfb8fd6...7abe06cbb52c
[openssl/openssl] 608aca: pem: fix a memory leak in PEM_write_bio_PrivateKey...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 608aca8ed2becccfe9c238846834ea2b162fc98b https://github.com/openssl/openssl/commit/608aca8ed2becccfe9c238846834ea2b162fc98b Author: Milan Broz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/pem/pem_pkey.c Log Message: --- pem: fix a memory leak in PEM_write_bio_PrivateKey_traditional The copy of PKEY should be released on the error path. Easily reproduced with "ED448" context. Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19536) Commit: 373d90128042cb0409e347827d80b50a99d3965a https://github.com/openssl/openssl/commit/373d90128042cb0409e347827d80b50a99d3965a Author: Milan Broz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/pem/pem_pkey.c M test/evp_pkey_provided_test.c Log Message: --- pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey Make the code more robust and correctly handle EVP_PKEY set to NULL instead of dereferencing null pointer. Signed-off-by: Milan Broz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19536) Compare: https://github.com/openssl/openssl/compare/4378e3cd2a4d...373d90128042
[openssl/openssl] 4378e3: Limit size of modulus for BN_mod_exp_mont_consttime()
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 4378e3cd2a4d73a97a2349efaa143059d8ed05e8 https://github.com/openssl/openssl/commit/4378e3cd2a4d73a97a2349efaa143059d8ed05e8 Author: Tomas Mraz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/bn/bn_exp.c M test/exptest.c Log Message: --- Limit size of modulus for BN_mod_exp_mont_consttime() Otherwise the powerbufLen can overflow. Issue reported by Jiayi Lin. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19632)
[openssl/openssl] 80645d: Limit size of modulus for BN_mod_exp_mont_consttime()
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: 80645dfb8fd64eb9c14d09c24867d93ef9e9bd5c https://github.com/openssl/openssl/commit/80645dfb8fd64eb9c14d09c24867d93ef9e9bd5c Author: Tomas Mraz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/bn/bn_exp.c M test/exptest.c Log Message: --- Limit size of modulus for BN_mod_exp_mont_consttime() Otherwise the powerbufLen can overflow. Issue reported by Jiayi Lin. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19632) (cherry picked from commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8)
[openssl/openssl] b8a5ad: Limit size of modulus for BN_mod_exp_mont_consttime()
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: b8a5adf3ec46f1ce0fb80130f8b7c6e0dcb5bd41 https://github.com/openssl/openssl/commit/b8a5adf3ec46f1ce0fb80130f8b7c6e0dcb5bd41 Author: Tomas Mraz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/bn/bn_exp.c M test/exptest.c Log Message: --- Limit size of modulus for BN_mod_exp_mont_consttime() Otherwise the powerbufLen can overflow. Issue reported by Jiayi Lin. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19632) (cherry picked from commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8)
[openssl/openssl] d65b52: Put 3DES back into the FIPS provider as a non-appr...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: d65b52ab5751c0c041d0acff2f09e1c30de16daa https://github.com/openssl/openssl/commit/d65b52ab5751c0c041d0acff2f09e1c30de16daa Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M providers/fips/fipsprov.c Log Message: --- Put 3DES back into the FIPS provider as a non-approved algorithm This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit a0ea8ac134e8f503876f19bdc04da69e8862f3a7) Commit: d0afc4ecc004d4d7c7555947ec3307d6af5501f9 https://github.com/openssl/openssl/commit/d0afc4ecc004d4d7c7555947ec3307d6af5501f9 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- Revert "Move DES based test cases out of FIPS territory" This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit c69cf38ec4b592a488f0c8d3042ecc345787ffc9) Commit: a7fb08256d0fbd881f828aa865e6450fdaa9d2b9 https://github.com/openssl/openssl/commit/a7fb08256d0fbd881f828aa865e6450fdaa9d2b9 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/evp_libctx_test.c Log Message: --- Revert "Remove conditional FIPS dependence for 3DES" This reverts commit 464c1011b02936850fc779739013dba52650840a. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit ccc860a77e542bee24f64e44f7bcea5706068866) Commit: 78a4827dad6db9d45b37dde409ea5d6f3f3deeac https://github.com/openssl/openssl/commit/78a4827dad6db9d45b37dde409ea5d6f3f3deeac Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/80-test_cms.t Log Message: --- Revert "Skip DES based tests in FIPS mode" This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) (cherry picked from commit 75fcf1062817421d8c5850ad0d52a913a2e6499a) Compare: https://github.com/openssl/openssl/compare/13d3be4a37fc...78a4827dad6d
[openssl/openssl] a0ea8a: Put 3DES back into the FIPS provider as a non-appr...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: a0ea8ac134e8f503876f19bdc04da69e8862f3a7 https://github.com/openssl/openssl/commit/a0ea8ac134e8f503876f19bdc04da69e8862f3a7 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M providers/fips/fipsprov.c Log Message: --- Put 3DES back into the FIPS provider as a non-approved algorithm This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Commit: c69cf38ec4b592a488f0c8d3042ecc345787ffc9 https://github.com/openssl/openssl/commit/c69cf38ec4b592a488f0c8d3042ecc345787ffc9 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/30-test_evp.t Log Message: --- Revert "Move DES based test cases out of FIPS territory" This reverts commit c511953a0828e126b80a9ea8cee12d001d685ba8. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Commit: ccc860a77e542bee24f64e44f7bcea5706068866 https://github.com/openssl/openssl/commit/ccc860a77e542bee24f64e44f7bcea5706068866 Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/evp_libctx_test.c Log Message: --- Revert "Remove conditional FIPS dependence for 3DES" This reverts commit 464c1011b02936850fc779739013dba52650840a. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Commit: 75fcf1062817421d8c5850ad0d52a913a2e6499a https://github.com/openssl/openssl/commit/75fcf1062817421d8c5850ad0d52a913a2e6499a Author: Pauli Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M test/recipes/80-test_cms.t Log Message: --- Revert "Skip DES based tests in FIPS mode" This reverts commit 5db2b4a292b4576185287a9e01e4ba4098b4aa66. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19631) Compare: https://github.com/openssl/openssl/compare/2a5c0d93cfe6...75fcf1062817
[openssl/openssl] aa9729: Add a test case for the engine crash with AES-256-CTR
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: aa97297427fe60e89bbd11cc2f8a181dfc5ca89d https://github.com/openssl/openssl/commit/aa97297427fe60e89bbd11cc2f8a181dfc5ca89d Author: Bernd Edlinger Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M engines/e_dasync.c M test/recipes/05-test_rand.t Log Message: --- Add a test case for the engine crash with AES-256-CTR Implement the AES-256-CTR cipher in the dasync engine. Use that to reproduce the reported problems with the devcrypto engine in our normal test environment. See #17995 and #17532 for details. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19390) Commit: d0f8056c47f7aea40a34815fe459404f14501e81 https://github.com/openssl/openssl/commit/d0f8056c47f7aea40a34815fe459404f14501e81 Author: Tomas Mraz Date: 2022-11-10 (Thu, 10 Nov 2022) Changed paths: M crypto/context.c M crypto/rand/rand_lib.c M include/crypto/rand.h M include/internal/cryptlib.h Log Message: --- Release the drbg in the global default context before engines Fixes #17995 Fixes #18578 Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/19390) Compare: https://github.com/openssl/openssl/compare/e285a0b5a0ee...d0f8056c47f7