date:20211129

Coverity Scan: Analysis completed for openssl/openssl

2021-11-29 Thread scan-admin



Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D2J4I_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFQx-2Fc8mF8Fjp-2BpxJ1Xw-2FQjfD6nahiJtn6RZOJWE8uryPrSc9qVzxnZwy54vCwsiOsMHdWhzLSpdHM-2FnFSEdFCFd0X3y-2FlU3MW-2Fu9lWd6nVA8vp86P4FIErLVydTcVE4kuihNcTxNfjK6ohhg-2F8N54dQ5GRh6FVy5lG8vTKleOoorS7VGltxkiravAD7fxriMg-3D

Build ID: 420713

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl] openssl-3.0 update

2021-11-29 Thread beldmit

The branch openssl-3.0 has been updated
   via  09e1818a54cad2d348138427234660fcabae793e (commit)
  from  91b749a2726351aa5fb37db7064a9104df074c9b (commit)


- Log -
commit 09e1818a54cad2d348138427234660fcabae793e
Author: Dmitry Belyavskiy 
Date:   Sun Nov 28 10:21:21 2021 +0100

No EtM for GOST ciphers in TLS 1.2

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17150)

(cherry picked from commit d724da69389196cdb9ef8db036656882fbc5a6ab)

---

Summary of changes:
 ssl/statem/extensions_clnt.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index b38c9ca684..4cd7affe23 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1678,7 +1678,11 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int 
context, X509 *x,
 /* Ignore if inappropriate ciphersuite */
 if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
 && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD
-&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4)
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK)
 s->ext.use_etm = 1;
 
 return 1;

[openssl] master update

2021-11-29 Thread beldmit

The branch master has been updated
   via  d724da69389196cdb9ef8db036656882fbc5a6ab (commit)
  from  bc42cf51c8b2a22282bb3cdf6303e230dc7b7873 (commit)


- Log -
commit d724da69389196cdb9ef8db036656882fbc5a6ab
Author: Dmitry Belyavskiy 
Date:   Sun Nov 28 10:21:21 2021 +0100

No EtM for GOST ciphers in TLS 1.2

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17150)

---

Summary of changes:
 ssl/statem/extensions_clnt.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index d6d4e55ce7..c5de5ca5ba 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1695,7 +1695,11 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int 
context, X509 *x,
 /* Ignore if inappropriate ciphersuite */
 if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
 && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD
-&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4)
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA
+&& s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK)
 s->ext.use_etm = 1;
 
 return 1;

[openssl] openssl-3.0 update

2021-11-29 Thread tomas

The branch openssl-3.0 has been updated
   via  91b749a2726351aa5fb37db7064a9104df074c9b (commit)
  from  94b45c31533421d33d4180b65ebeabfec50a1485 (commit)


- Log -
commit 91b749a2726351aa5fb37db7064a9104df074c9b
Author: PW Hu 
Date:   Wed Nov 10 00:25:47 2021 +0800

Return -1 properly from do_X509_REQ_verify and do_X509_verify

Reviewed-by: Kurt Roeckx 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17001)

(cherry picked from commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873)

---

Summary of changes:
 apps/lib/apps.c | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 43c01401e8..e01633c5b5 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2302,23 +2302,35 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const 
char *md,
 return rv;
 }
 
+/*
+ * do_X509_verify returns 1 if the signature is valid,
+ * 0 if the signature check fails, or -1 if error occurs.
+ */
 int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts)
 {
 int rv = 0;
 
 if (do_x509_init(x, vfyopts) > 0)
-rv = (X509_verify(x, pkey) > 0);
+rv = X509_verify(x, pkey);
+else
+rv = -1;
 return rv;
 }
 
+/*
+ * do_X509_REQ_verify returns 1 if the signature is valid,
+ * 0 if the signature check fails, or -1 if error occurs.
+ */
 int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
STACK_OF(OPENSSL_STRING) *vfyopts)
 {
 int rv = 0;
 
 if (do_x509_req_init(x, vfyopts) > 0)
-rv = (X509_REQ_verify_ex(x, pkey,
- app_get0_libctx(), app_get0_propq()) > 0);
+rv = X509_REQ_verify_ex(x, pkey,
+ app_get0_libctx(), app_get0_propq());
+else
+rv = -1;
 return rv;
 }

[openssl] master update

2021-11-29 Thread tomas

The branch master has been updated
   via  bc42cf51c8b2a22282bb3cdf6303e230dc7b7873 (commit)
  from  6cb814de6f276106eea39dbb813b9134b1b72041 (commit)


- Log -
commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873
Author: PW Hu 
Date:   Wed Nov 10 00:25:47 2021 +0800

Return -1 properly from do_X509_REQ_verify and do_X509_verify

Reviewed-by: Kurt Roeckx 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17001)

---

Summary of changes:
 apps/lib/apps.c | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 7e3f95b75a..6f697ab481 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2322,23 +2322,35 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const 
char *md,
 return rv;
 }
 
+/*
+ * do_X509_verify returns 1 if the signature is valid,
+ * 0 if the signature check fails, or -1 if error occurs.
+ */
 int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts)
 {
 int rv = 0;
 
 if (do_x509_init(x, vfyopts) > 0)
-rv = (X509_verify(x, pkey) > 0);
+rv = X509_verify(x, pkey);
+else
+rv = -1;
 return rv;
 }
 
+/*
+ * do_X509_REQ_verify returns 1 if the signature is valid,
+ * 0 if the signature check fails, or -1 if error occurs.
+ */
 int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey,
STACK_OF(OPENSSL_STRING) *vfyopts)
 {
 int rv = 0;
 
 if (do_x509_req_init(x, vfyopts) > 0)
-rv = (X509_REQ_verify_ex(x, pkey,
- app_get0_libctx(), app_get0_propq()) > 0);
+rv = X509_REQ_verify_ex(x, pkey,
+ app_get0_libctx(), app_get0_propq());
+else
+rv = -1;
 return rv;
 }

Coverity Scan: Analysis completed for openssl/openssl

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

5 matches

Site Navigation

Mail list logo

Footer information