Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Dwjh5_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHfVinmPPmR9-2BdPKl5vei-2B-2Bn6wzoWU3Ld-2FPTn-2BvQea8Is0onGBiD4nv0J7Ng0KmuGVdxtvZeo21QVxpSdCgMNE1vtKuHwBowHuY3tVjEKBAf4cygEByEX-2BQdiGvxXKJqDR3zu2TShAbUSAQIsBMPTNOS-2B7lMeEQHwGe2a1qWHmEB9zCntlydXS7qtSjOUMYQYE-3D Build ID: 424943 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] master update
The branch master has been updated via c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15 (commit) from 606c79e29bbc26c27c3b85cc52fe7d72051184de (commit) - Log - commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15 Author: Piotr Kubaj Date: Sat Dec 18 15:21:51 2021 +0100 Add support for BSD-riscv64 target Reviewed-by: Tomas Mraz Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17306) --- Summary of changes: Configurations/10-main.conf | 7 +++ util/perl/OpenSSL/config.pm | 1 + 2 files changed, 8 insertions(+) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 071b1e5abe..ba224fba84 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1095,6 +1095,13 @@ my %targets = ( perlasm_scheme => "linux64le", }, +# riscv64 below refers to contemporary RISCV Architecture +# specifications, +"BSD-riscv64" => { +inherit_from => [ "BSD-generic64"], +perlasm_scheme => "linux64", +}, + "bsdi-elf-gcc" => { inherit_from => [ "BASE_unix" ], CC => "gcc", diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 50efef423a..fd4cce3c25 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -742,6 +742,7 @@ EOF [ 'powerpc-.*-.*bsd.*', { target => "BSD-ppc" } ], [ 'powerpc64-.*-.*bsd.*', { target => "BSD-ppc64" } ], [ 'powerpc64le-.*-.*bsd.*', { target => "BSD-ppc64le" } ], + [ 'riscv64-.*-.*bsd.*', { target => "BSD-riscv64" } ], [ 'sparc64-.*-.*bsd.*', { target => "BSD-sparc64" } ], [ 'ia64-.*-.*bsd.*',{ target => "BSD-ia64" } ], [ 'x86_64-.*-dragonfly.*', { target => "BSD-x86_64" } ],
[openssl] master update
The branch master has been updated via 606c79e29bbc26c27c3b85cc52fe7d72051184de (commit) from a497a90213b50c499f2a385e63e1fa6e13ef283a (commit) - Log - commit 606c79e29bbc26c27c3b85cc52fe7d72051184de Author: Dr. David von Oheimb Date: Thu Nov 18 20:43:06 2021 +0100 HTTP client: Work around the 'gets' method not being supported by SSL BIOs It turned out that loading non-ASN.1 contents using the HTTP client fails over TLS because SSL BIOs do not support the gets method. This PR provides a workaround by using the less efficient BIO_get_line() function in case BIO_gets() returns -2, which means that it is not supported by the BIO. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17317) --- Summary of changes: crypto/http/http_client.c | 23 --- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index b4d42f2eb0..ef0114240b 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -488,7 +488,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) long n; size_t resp_len; const unsigned char *p; -char *key, *value, *line_end = NULL; +char *buf, *key, *value, *line_end = NULL; if (rctx == NULL) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); @@ -501,11 +501,20 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) rctx->redirection_url = NULL; next_io: +buf = (char *)rctx->buf; if ((rctx->state & OHS_NOREAD) == 0) { -if (rctx->expect_asn1) +if (rctx->expect_asn1) { n = BIO_read(rctx->rbio, rctx->buf, rctx->buf_size); -else -n = BIO_gets(rctx->rbio, (char *)rctx->buf, rctx->buf_size); +} else { +(void)ERR_set_mark(); +n = BIO_gets(rctx->rbio, buf, rctx->buf_size); +if (n == -2) { /* some BIOs, such as SSL, do not support "gets" */ +(void)ERR_pop_to_mark(); +n = BIO_get_line(rctx->rbio, buf, rctx->buf_size); +} else { +(void)ERR_clear_last_mark(); +} +} if (n <= 0) { if (BIO_should_retry(rctx->rbio)) return -1; @@ -606,7 +615,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) } goto next_io; } -n = BIO_gets(rctx->mem, (char *)rctx->buf, rctx->buf_size); +n = BIO_gets(rctx->mem, buf, rctx->buf_size); if (n <= 0) { if (BIO_should_retry(rctx->mem)) @@ -624,7 +633,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) /* First line */ if (rctx->state == OHS_FIRSTLINE) { -switch (parse_http_line1((char *)rctx->buf, &found_keep_alive)) { +switch (parse_http_line1(buf, &found_keep_alive)) { case HTTP_STATUS_CODE_OK: rctx->state = OHS_HEADERS; goto next_line; @@ -642,7 +651,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) goto next_line; } } -key = (char *)rctx->buf; +key = buf; value = strchr(key, ':'); if (value != NULL) { *(value++) = '\0';
[openssl] master update
The branch master has been updated via a497a90213b50c499f2a385e63e1fa6e13ef283a (commit) from 79b2a2f2eedb9d6b24a3f6748332328cf54568fb (commit) - Log - commit a497a90213b50c499f2a385e63e1fa6e13ef283a Author: Dr. David von Oheimb Date: Sat Dec 18 16:48:31 2021 +0100 http_test.c: Simplify constant init of 'server_args' struct for gcc-4.8.x Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17308) --- Summary of changes: test/http_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/http_test.c b/test/http_test.c index d684c5eb18..49e770cd88 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -208,13 +208,14 @@ static int test_http_keep_alive(char version, int keep_alive, int kept_alive) BIO *rbio = BIO_new(BIO_s_mem()); BIO *rsp; const char *const content_type = "application/x-x509-ca-cert"; -server_args mock_args = { NULL, content_type, NULL, '0', 0 }; +server_args mock_args = { NULL, NULL, NULL, '0', 0 }; OSSL_HTTP_REQ_CTX *rctx = NULL; int i, res = 0; if (wbio == NULL || rbio == NULL) goto err; mock_args.out = rbio; +mock_args.content_type = content_type; mock_args.version = version; mock_args.keep_alive = kept_alive; BIO_set_callback_ex(wbio, http_bio_cb_ex);
[openssl] master update
The branch master has been updated via 79b2a2f2eedb9d6b24a3f6748332328cf54568fb (commit) from 0d4c52320d245be80bd69346fdda4b12b4961eae (commit) - Log - commit 79b2a2f2eedb9d6b24a3f6748332328cf54568fb Author: Dr. David von Oheimb Date: Sat Dec 18 16:15:49 2021 +0100 add OSSL_STACK_OF_X509_free() for commonly used pattern Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17307) --- Summary of changes: apps/ca.c | 2 +- apps/cmp.c| 8 apps/cms.c| 6 +++--- apps/lib/apps.c | 12 ++-- apps/lib/cmp_mock_srv.c | 12 ++-- apps/lib/s_cb.c | 2 +- apps/ocsp.c | 8 apps/pkcs12.c | 6 +++--- apps/s_client.c | 2 +- apps/s_server.c | 4 ++-- apps/smime.c | 4 ++-- apps/verify.c | 6 +++--- crypto/cmp/cmp_client.c | 2 +- crypto/cmp/cmp_ctx.c | 21 + crypto/cmp/cmp_server.c | 4 ++-- crypto/cmp/cmp_vfy.c | 2 +- crypto/cms/cms_lib.c | 2 +- crypto/cms/cms_smime.c| 4 ++-- crypto/ocsp/ocsp_vfy.c| 2 +- crypto/pkcs12/p12_kiss.c | 2 +- crypto/store/store_result.c | 2 +- crypto/ts/ts_conf.c | 4 ++-- crypto/ts/ts_rsp_sign.c | 4 ++-- crypto/ts/ts_rsp_verify.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/x509/t_x509.c | 7 ++- crypto/x509/x509_lu.c | 4 ++-- crypto/x509/x509_vfy.c| 8 demos/cms/cms_denc.c | 6 +++--- demos/cms/cms_enc.c | 6 +++--- demos/pkcs12/pkread.c | 2 +- demos/smime/smenc.c | 6 +++--- doc/man3/X509_STORE_CTX_get_error.pod | 2 +- doc/man3/X509_new.pod | 14 -- engines/e_loader_attic.c | 2 +- include/openssl/x509.h.in | 1 + ssl/s3_lib.c | 2 +- ssl/ssl_cert.c| 12 ++-- ssl/ssl_lib.c | 6 +++--- ssl/ssl_rsa.c | 2 +- ssl/ssl_sess.c| 2 +- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_srvr.c | 4 ++-- test/cmp_client_test.c| 2 +- test/cmp_ctx_test.c | 2 +- test/cmp_protect_test.c | 6 +++--- test/crltest.c| 2 +- test/danetest.c | 4 ++-- test/sslapitest.c | 2 +- test/testutil/load.c | 2 +- test/verify_extra_test.c | 2 +- util/libcrypto.num| 1 + 52 files changed, 125 insertions(+), 111 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 1e77bf50c5..a9d6c5c1a6 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1325,7 +1325,7 @@ end_of_options: BIO_free_all(Sout); BIO_free_all(out); BIO_free_all(in); -sk_X509_pop_free(cert_sk, X509_free); +OSSL_STACK_OF_X509_free(cert_sk); cleanse(passin); if (free_passin) diff --git a/apps/cmp.c b/apps/cmp.c index f994b83b18..0f810129b3 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -933,7 +933,7 @@ static int setup_certs(char *files, const char *desc, void *ctx, if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL) return 0; ok = (*set1_fn)(ctx, certs); -sk_X509_pop_free(certs, X509_free); +OSSL_STACK_OF_X509_free(certs); return ok; } @@ -1262,7 +1262,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) { CMP_err1("unable to use client TLS certificate file '%s'", opt_tls_cert); -sk_X509_pop_free(certs, X509_free); +OSSL_STACK_OF_X509_free(certs); goto err; } for (i = 0; i < sk_X509_num(untrusted); i++) { @@ -1441,7 +1441,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs); } X509_STORE_free(own_trusted); -sk_X509_pop_free(certs, X509_free); +OSSL_STACK_OF_X509_free(certs); if (!ok) return 0; } else if (opt_own_trusted != NULL) { @@ -2020,7 +2020,7 @@ static int save_free_certs(OSSL_CMP_CTX *ctx, end: BIO_free(bio); -sk_X509_pop_free(certs, X509_free); +OSSL_STACK_OF_X509_fr
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via fbadef597c906711d82d8bfd9c4d5276ea981db7 (commit) from a666c647c1f96c510e83a5becd8031d940b421fe (commit) - Log - commit fbadef597c906711d82d8bfd9c4d5276ea981db7 Author: Pauli Date: Sat Dec 18 15:21:38 2021 +1100 rsa exp: move declarations before code (3.0) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17305) --- Summary of changes: crypto/bn/rsaz_exp_x2.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c index 15db0c1f05..0e0aff1f85 100644 --- a/crypto/bn/rsaz_exp_x2.c +++ b/crypto/bn/rsaz_exp_x2.c @@ -318,6 +318,8 @@ static void RSAZ_exp52x20_x2_256(BN_ULONG *out, /* [2][20] */ int exp_chunk_no = exp_bit_no / 64; int exp_chunk_shift = exp_bit_no % 64; +BN_ULONG red_table_idx_0, red_table_idx_1; + /* * If rem == 0, then * exp_bit_no = modulus_bitsize - exp_win_size @@ -329,8 +331,8 @@ static void RSAZ_exp52x20_x2_256(BN_ULONG *out, /* [2][20] */ OPENSSL_assert(rem != 0); /* Process 1-st exp window - just init result */ -BN_ULONG red_table_idx_0 = expz[0][exp_chunk_no]; -BN_ULONG red_table_idx_1 = expz[1][exp_chunk_no]; +red_table_idx_0 = expz[0][exp_chunk_no]; +red_table_idx_1 = expz[1][exp_chunk_no]; /* * The function operates with fixed moduli sizes divisible by 64, * thus table index here is always in supported range [0, EXP_WIN_SIZE).