Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D1VWh_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEfaEh5IJfC2n2HUTKuC-2B6c3g7bVn29gkAdYHFLMN989TKU1lSJEGABnB5YRyRESe3GxAej7KxIxTDvAD3DEz0CJdt11OKV8OWc8YCfcckOpsqquJmOwd-2FxHlyVMotIsuuhUWwLD2O1RoiOGWIiQ-2FK4H8uS8BMaVD9vgbh-2FXQbb0vyhHoHbOWxOsNuZUGCBuDo-3D Build ID: 418466 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] master update
The branch master has been updated
via af16097febcd4fa31cd5fcd05ad09cf8b53659ea (commit)
via 747adb6a0134e3b707fbc47d0f0c52d6ff9c4223 (commit)
via 2ff286c26c29b69b02ca99656d26d2f8cfd54682 (commit)
from a6838c8d52087f2b0494bbab8486e10944aff7f7 (commit)
- Log -
commit af16097febcd4fa31cd5fcd05ad09cf8b53659ea
Author: Dr. David von Oheimb
Date: Thu Jun 24 11:13:51 2021 +0200
Move more general parts of internal/cryptlib.h to new internal/common.h
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/15847)
commit 747adb6a0134e3b707fbc47d0f0c52d6ff9c4223
Author: Dr. David von Oheimb
Date: Thu Jun 24 10:29:37 2021 +0200
Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and
HAS_CASE_SUFFIX()
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/15847)
commit 2ff286c26c29b69b02ca99656d26d2f8cfd54682
Author: Dr. David von Oheimb
Date: Mon Jun 21 08:55:50 2021 +0200
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string
has literal prefix
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/15847)
---
Summary of changes:
apps/cmp.c | 3 +-
apps/fipsinstall.c | 5 +-
apps/include/apps.h | 1 +
apps/include/engine_loader.h | 2 +-
apps/lib/apps.c | 32 +++
apps/lib/engine_loader.c | 4 +-
apps/lib/http_server.c | 17 ++--
apps/openssl.c | 6 +-
apps/rehash.c| 7 +-
apps/s_client.c | 4 +-
apps/s_server.c | 24 ++---
apps/speed.c | 47 -
crypto/asn1/a_strnid.c | 6 +-
crypto/asn1/asn1_gen.c | 10 +-
crypto/asn1/asn_mime.c | 9 +-
crypto/cmp/cmp_http.c| 1 -
crypto/cmp/cmp_util.c| 3 +-
crypto/conf/conf_def.c | 8 +-
crypto/http/http_client.c| 13 ++-
crypto/params_from_text.c| 7 +-
crypto/pem/pem_lib.c | 41
crypto/punycode.c| 4 +-
crypto/store/store_lib.c | 2 +-
crypto/x509/v3_conf.c| 9 +-
crypto/x509/v3_cpols.c | 12 +--
crypto/x509/v3_crld.c| 2 +-
crypto/x509/v3_ncons.c | 4 +-
crypto/x509/v3_pci.c | 13 +--
crypto/x509/v3_utl.c | 4 +-
engines/e_loader_attic.c | 27 ++
engines/e_ossltest.c | 8 +-
include/internal/common.h| 115 +++
include/internal/cryptlib.h | 87 +
providers/implementations/storemgmt/file_store.c | 20 ++--
ssl/record/ssl3_record.c | 10 +-
ssl/ssl_ciph.c | 16 ++--
ssl/ssl_local.h | 2 +-
ssl/ssl_rsa.c| 13 +--
test/dtls_mtu_test.c | 2 +-
test/evp_test.c | 88 -
test/helpers/handshake.c | 4 +-
test/http_test.c | 16 ++--
test/ssl_old_test.c | 2 +-
test/testutil.h | 1 +
test/testutil/stanza.c | 2 +-
45 files changed, 342 insertions(+), 371 deletions(-)
create mode 100644 include/internal/common.h
diff --git a/apps/cmp.c b/apps/cmp.c
index ae3488553a..589cce1266 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1710,11 +1710,10 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
valptr[0] = '\0';
valptr++;
-if (strncasecmp(valptr, "int:", 4) != 0) {
+if (!CHECK_AND_SKIP_CASE_PREFIX(valptr, "int:")) {
CMP_err("missing 'int:' in -geninfo option");
return 0;
}
-valptr += 4;
value = strtol(valptr, &endstr, 10);
if (endstr == valptr || *endstr != '\0') {
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index d0efdf7643..363631112e 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -7,7 +7,6 @@
* https://www.openssl.org/source/license.html
*/
-#include
#include
#include
#include
@@ -368,9 +367,9 @@ opthel
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 4bf976565294b883c980244c36fac326897fc261 (commit)
via 60665a68512d73a9ee3ef1914bf4f70808775479 (commit)
via 98501abe7315128068a7673fc72ac9b5a5032e1e (commit)
from 9723c07d94cd1e4eedfbfb86245360be57c3cf39 (commit)
- Log -
commit 4bf976565294b883c980244c36fac326897fc261
Author: Dr. David von Oheimb
Date: Fri Nov 12 12:51:44 2021 +0100
80-test_cmp_http: Make server diagnostics more verbose to aid debugging
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16051)
commit 60665a68512d73a9ee3ef1914bf4f70808775479
Author: Dr. David von Oheimb
Date: Fri Nov 12 12:48:29 2021 +0100
cmp_server.c: Log received request type before checking details
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16051)
commit 98501abe7315128068a7673fc72ac9b5a5032e1e
Author: Dr. David von Oheimb
Date: Mon Jul 12 14:17:04 2021 +0200
Fix verbosity of CMP client diagnostics
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16051)
---
Summary of changes:
apps/cmp.c | 29 +++---
crypto/cmp/cmp_server.c| 6 ++---
test/recipes/80-test_cmp_http_data/Mock/server.cnf | 2 ++
3 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index b6e88e64f6..119419c5ef 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -613,6 +613,12 @@ static int print_to_bio_out(const char *func, const char
*file, int line,
return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg);
}
+static int print_to_bio_err(const char *func, const char *file, int line,
+OSSL_CMP_severity level, const char *msg)
+{
+return OSSL_CMP_print_to_bio(bio_err, func, file, line, level, msg);
+}
+
static int set_verbosity(int level)
{
if (level < OSSL_CMP_LOG_EMERG || level > OSSL_CMP_LOG_MAX) {
@@ -2067,16 +2073,16 @@ static int read_config(void)
long num = 0;
char *txt = NULL;
const OPTIONS *opt;
-int start = OPT_VERBOSITY;
+int start_opt = OPT_VERBOSITY - OPT_HELP;
+int start_idx = OPT_VERBOSITY - 2;
/*
* starting with offset OPT_VERBOSITY because OPT_CONFIG and OPT_SECTION
* would not make sense within the config file.
- * Moreover, these two options and OPT_VERBOSITY have already been handled.
*/
int n_options = OSSL_NELEM(cmp_options) - 1;
-for (i = start - OPT_HELP, opt = &cmp_options[start];
- opt->name; i++, opt++)
+for (opt = &cmp_options[start_opt], i = start_idx;
+ opt->name != NULL; i++, opt++)
if (!strcmp(opt->name, OPT_SECTION_STR)
|| !strcmp(opt->name, OPT_MORE_STR))
n_options--;
@@ -2084,8 +2090,8 @@ static int read_config(void)
+ OPT_PROV__FIRST + 1 - OPT_PROV__LAST
+ OPT_R__FIRST + 1 - OPT_R__LAST
+ OPT_V__FIRST + 1 - OPT_V__LAST);
-for (i = start - OPT_HELP, opt = &cmp_options[start];
- opt->name; i++, opt++) {
+for (opt = &cmp_options[start_opt], i = start_idx;
+ opt->name != NULL; i++, opt++) {
int provider_option = (OPT_PROV__FIRST <= opt->retval
&& opt->retval < OPT_PROV__LAST);
int rand_state_option = (OPT_R__FIRST <= opt->retval
@@ -2115,7 +2121,7 @@ static int read_config(void)
num, opt->name);
return -1;
}
-if (opt->valtype == 'N' && num <= 0) {
+if (opt->valtype == 'N' && num < 0) {
opt_printf_stderr("Negative number \"%ld\" for config option
-%s\n",
num, opt->name);
return -1;
@@ -2225,7 +2231,10 @@ static int get_opts(int argc, char **argv)
return -1;
case OPT_CONFIG: /* has already been handled */
case OPT_SECTION: /* has already been handled */
-case OPT_VERBOSITY: /* has already been handled */
+break;
+case OPT_VERBOSITY:
+if (!set_verbosity(opt_int_arg()))
+goto opthelp;
break;
case OPT_SERVER:
opt_server = opt_str();
@@ -2696,6 +2705,8 @@ int cmp_main(int argc, char **argv)
}
}
ret = read_config();
+if (!set_verbosity(opt_verbosity)) /* just for checking range */
+ret = -1;
if (ret <= 0) {
if (ret == -1)
BIO_printf(bio_err, "Use -help for summary.\n");
@@ -2749,7 +2760,7 @@ int cmp_main(int argc, char **argv)
goto err;
srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
[openssl] master update
The branch master has been updated
via a6838c8d52087f2b0494bbab8486e10944aff7f7 (commit)
via ae8ff109c1d80399a6a1c9f50aa37381bc3a1c5f (commit)
via 92df52119eb33ea980e8f02f9cdfe194ad6c04e1 (commit)
from 7f6496275157f8e40f544f75a223c2c0dc6b389e (commit)
- Log -
commit a6838c8d52087f2b0494bbab8486e10944aff7f7
Author: Dr. David von Oheimb
Date: Fri Nov 12 12:51:44 2021 +0100
80-test_cmp_http: Make server diagnostics more verbose to aid debugging
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16051)
commit ae8ff109c1d80399a6a1c9f50aa37381bc3a1c5f
Author: Dr. David von Oheimb
Date: Fri Nov 12 12:48:29 2021 +0100
cmp_server.c: Log received request type before checking details
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16051)
commit 92df52119eb33ea980e8f02f9cdfe194ad6c04e1
Author: Dr. David von Oheimb
Date: Mon Jul 12 14:17:04 2021 +0200
Fix verbosity of CMP client diagnostics
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16051)
---
Summary of changes:
apps/cmp.c | 29 +++---
crypto/cmp/cmp_server.c| 6 ++---
test/recipes/80-test_cmp_http_data/Mock/server.cnf | 2 ++
3 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 1c97075531..ae3488553a 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -613,6 +613,12 @@ static int print_to_bio_out(const char *func, const char
*file, int line,
return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg);
}
+static int print_to_bio_err(const char *func, const char *file, int line,
+OSSL_CMP_severity level, const char *msg)
+{
+return OSSL_CMP_print_to_bio(bio_err, func, file, line, level, msg);
+}
+
static int set_verbosity(int level)
{
if (level < OSSL_CMP_LOG_EMERG || level > OSSL_CMP_LOG_MAX) {
@@ -2068,16 +2074,16 @@ static int read_config(void)
long num = 0;
char *txt = NULL;
const OPTIONS *opt;
-int start = OPT_VERBOSITY;
+int start_opt = OPT_VERBOSITY - OPT_HELP;
+int start_idx = OPT_VERBOSITY - 2;
/*
* starting with offset OPT_VERBOSITY because OPT_CONFIG and OPT_SECTION
* would not make sense within the config file.
- * Moreover, these two options and OPT_VERBOSITY have already been handled.
*/
int n_options = OSSL_NELEM(cmp_options) - 1;
-for (i = start - OPT_HELP, opt = &cmp_options[start];
- opt->name; i++, opt++)
+for (opt = &cmp_options[start_opt], i = start_idx;
+ opt->name != NULL; i++, opt++)
if (!strcmp(opt->name, OPT_SECTION_STR)
|| !strcmp(opt->name, OPT_MORE_STR))
n_options--;
@@ -2085,8 +2091,8 @@ static int read_config(void)
+ OPT_PROV__FIRST + 1 - OPT_PROV__LAST
+ OPT_R__FIRST + 1 - OPT_R__LAST
+ OPT_V__FIRST + 1 - OPT_V__LAST);
-for (i = start - OPT_HELP, opt = &cmp_options[start];
- opt->name; i++, opt++) {
+for (opt = &cmp_options[start_opt], i = start_idx;
+ opt->name != NULL; i++, opt++) {
int provider_option = (OPT_PROV__FIRST <= opt->retval
&& opt->retval < OPT_PROV__LAST);
int rand_state_option = (OPT_R__FIRST <= opt->retval
@@ -2116,7 +2122,7 @@ static int read_config(void)
num, opt->name);
return -1;
}
-if (opt->valtype == 'N' && num <= 0) {
+if (opt->valtype == 'N' && num < 0) {
opt_printf_stderr("Negative number \"%ld\" for config option
-%s\n",
num, opt->name);
return -1;
@@ -2226,7 +2232,10 @@ static int get_opts(int argc, char **argv)
return -1;
case OPT_CONFIG: /* has already been handled */
case OPT_SECTION: /* has already been handled */
-case OPT_VERBOSITY: /* has already been handled */
+break;
+case OPT_VERBOSITY:
+if (!set_verbosity(opt_int_arg()))
+goto opthelp;
break;
case OPT_SERVER:
opt_server = opt_str();
@@ -2697,6 +2706,8 @@ int cmp_main(int argc, char **argv)
}
}
ret = read_config();
+if (!set_verbosity(opt_verbosity)) /* just for checking range */
+ret = -1;
if (ret <= 0) {
if (ret == -1)
BIO_printf(bio_err, "Use -help for summary.\n");
@@ -2750,7 +2761,7 @@ int cmp_main(int argc, char **argv)
goto err;
srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 9723c07d94cd1e4eedfbfb86245360be57c3cf39 (commit) from d05340770a9cdc6acfe7d4d3a8acbe1165a100ee (commit) - Log - commit 9723c07d94cd1e4eedfbfb86245360be57c3cf39 Author: Pauli Date: Tue Nov 16 10:31:44 2021 +1000 Add documentation for some of the missing environment variables. Where document already exists, it has been linked to. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17044) (cherry picked from commit 7f6496275157f8e40f544f75a223c2c0dc6b389e) --- Summary of changes: doc/man7/openssl-env.pod | 13 + 1 file changed, 13 insertions(+) diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index f691191b6f..a2443d54d8 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -74,6 +74,19 @@ See L. Additional arguments for the L command. +=item B, B, B, B, B + +OpenSSL supports a number of different algorithm implementations for +various machines and, by default, it determines which to use based on the +processor capabilities and run time feature enquiry. These environment +variables can be used to exert more control over this selection process. +See L, L. + +=item B, B, B + +Specify a proxy hostname. +See L. + =back =head1 COPYRIGHT
[openssl] master update
The branch master has been updated via 7f6496275157f8e40f544f75a223c2c0dc6b389e (commit) from 7cc5738a561933e38ad0e724f4df7b503c3c8e73 (commit) - Log - commit 7f6496275157f8e40f544f75a223c2c0dc6b389e Author: Pauli Date: Tue Nov 16 10:31:44 2021 +1000 Add documentation for some of the missing environment variables. Where document already exists, it has been linked to. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17044) --- Summary of changes: doc/man7/openssl-env.pod | 13 + 1 file changed, 13 insertions(+) diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index f691191b6f..a2443d54d8 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -74,6 +74,19 @@ See L. Additional arguments for the L command. +=item B, B, B, B, B + +OpenSSL supports a number of different algorithm implementations for +various machines and, by default, it determines which to use based on the +processor capabilities and run time feature enquiry. These environment +variables can be used to exert more control over this selection process. +See L, L. + +=item B, B, B + +Specify a proxy hostname. +See L. + =back =head1 COPYRIGHT
