Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D2J4I_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFQx-2Fc8mF8Fjp-2BpxJ1Xw-2FQjfD6nahiJtn6RZOJWE8uryPrSc9qVzxnZwy54vCwsiOsMHdWhzLSpdHM-2FnFSEdFCFd0X3y-2FlU3MW-2Fu9lWd6nVA8vp86P4FIErLVydTcVE4kuihNcTxNfjK6ohhg-2F8N54dQ5GRh6FVy5lG8vTKleOoorS7VGltxkiravAD7fxriMg-3D Build ID: 420713 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 09e1818a54cad2d348138427234660fcabae793e (commit) from 91b749a2726351aa5fb37db7064a9104df074c9b (commit) - Log - commit 09e1818a54cad2d348138427234660fcabae793e Author: Dmitry Belyavskiy Date: Sun Nov 28 10:21:21 2021 +0100 No EtM for GOST ciphers in TLS 1.2 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17150) (cherry picked from commit d724da69389196cdb9ef8db036656882fbc5a6ab) --- Summary of changes: ssl/statem/extensions_clnt.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b38c9ca684..4cd7affe23 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1678,7 +1678,11 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD -&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4) +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) s->ext.use_etm = 1; return 1;
[openssl] master update
The branch master has been updated via d724da69389196cdb9ef8db036656882fbc5a6ab (commit) from bc42cf51c8b2a22282bb3cdf6303e230dc7b7873 (commit) - Log - commit d724da69389196cdb9ef8db036656882fbc5a6ab Author: Dmitry Belyavskiy Date: Sun Nov 28 10:21:21 2021 +0100 No EtM for GOST ciphers in TLS 1.2 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17150) --- Summary of changes: ssl/statem/extensions_clnt.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index d6d4e55ce7..c5de5ca5ba 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1695,7 +1695,11 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) && s->s3.tmp.new_cipher->algorithm_mac != SSL_AEAD -&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4) +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_RC4 +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12 +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_MAGMA +&& s->s3.tmp.new_cipher->algorithm_enc != SSL_KUZNYECHIK) s->ext.use_etm = 1; return 1;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 91b749a2726351aa5fb37db7064a9104df074c9b (commit) from 94b45c31533421d33d4180b65ebeabfec50a1485 (commit) - Log - commit 91b749a2726351aa5fb37db7064a9104df074c9b Author: PW Hu Date: Wed Nov 10 00:25:47 2021 +0800 Return -1 properly from do_X509_REQ_verify and do_X509_verify Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17001) (cherry picked from commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873) --- Summary of changes: apps/lib/apps.c | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 43c01401e8..e01633c5b5 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2302,23 +2302,35 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, return rv; } +/* + * do_X509_verify returns 1 if the signature is valid, + * 0 if the signature check fails, or -1 if error occurs. + */ int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts) { int rv = 0; if (do_x509_init(x, vfyopts) > 0) -rv = (X509_verify(x, pkey) > 0); +rv = X509_verify(x, pkey); +else +rv = -1; return rv; } +/* + * do_X509_REQ_verify returns 1 if the signature is valid, + * 0 if the signature check fails, or -1 if error occurs. + */ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts) { int rv = 0; if (do_x509_req_init(x, vfyopts) > 0) -rv = (X509_REQ_verify_ex(x, pkey, - app_get0_libctx(), app_get0_propq()) > 0); +rv = X509_REQ_verify_ex(x, pkey, + app_get0_libctx(), app_get0_propq()); +else +rv = -1; return rv; }
[openssl] master update
The branch master has been updated via bc42cf51c8b2a22282bb3cdf6303e230dc7b7873 (commit) from 6cb814de6f276106eea39dbb813b9134b1b72041 (commit) - Log - commit bc42cf51c8b2a22282bb3cdf6303e230dc7b7873 Author: PW Hu Date: Wed Nov 10 00:25:47 2021 +0800 Return -1 properly from do_X509_REQ_verify and do_X509_verify Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17001) --- Summary of changes: apps/lib/apps.c | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 7e3f95b75a..6f697ab481 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2322,23 +2322,35 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, return rv; } +/* + * do_X509_verify returns 1 if the signature is valid, + * 0 if the signature check fails, or -1 if error occurs. + */ int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts) { int rv = 0; if (do_x509_init(x, vfyopts) > 0) -rv = (X509_verify(x, pkey) > 0); +rv = X509_verify(x, pkey); +else +rv = -1; return rv; } +/* + * do_X509_REQ_verify returns 1 if the signature is valid, + * 0 if the signature check fails, or -1 if error occurs. + */ int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts) { int rv = 0; if (do_x509_req_init(x, vfyopts) > 0) -rv = (X509_REQ_verify_ex(x, pkey, - app_get0_libctx(), app_get0_propq()) > 0); +rv = X509_REQ_verify_ex(x, pkey, + app_get0_libctx(), app_get0_propq()); +else +rv = -1; return rv; }