Coverity Scan: Analysis completed for openssl/openssl

2021-12-21 Thread scan-admin


Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Dwjh5_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHfVinmPPmR9-2BdPKl5vei-2B-2Bn6wzoWU3Ld-2FPTn-2BvQea8Is0onGBiD4nv0J7Ng0KmuGVdxtvZeo21QVxpSdCgMNE1vtKuHwBowHuY3tVjEKBAf4cygEByEX-2BQdiGvxXKJqDR3zu2TShAbUSAQIsBMPTNOS-2B7lMeEQHwGe2a1qWHmEB9zCntlydXS7qtSjOUMYQYE-3D

Build ID: 424943

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0



[openssl] master update

2021-12-21 Thread Dr . Paul Dale
The branch master has been updated
   via  c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15 (commit)
  from  606c79e29bbc26c27c3b85cc52fe7d72051184de (commit)


- Log -
commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15
Author: Piotr Kubaj 
Date:   Sat Dec 18 15:21:51 2021 +0100

Add support for BSD-riscv64 target

Reviewed-by: Tomas Mraz 
Reviewed-by: Ben Kaduk 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17306)

---

Summary of changes:
 Configurations/10-main.conf | 7 +++
 util/perl/OpenSSL/config.pm | 1 +
 2 files changed, 8 insertions(+)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 071b1e5abe..ba224fba84 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1095,6 +1095,13 @@ my %targets = (
 perlasm_scheme   => "linux64le",
 },
 
+# riscv64 below refers to contemporary RISCV Architecture
+# specifications,
+"BSD-riscv64" => {
+inherit_from => [ "BSD-generic64"],
+perlasm_scheme   => "linux64",
+},
+
 "bsdi-elf-gcc" => {
 inherit_from => [ "BASE_unix" ],
 CC   => "gcc",
diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm
index 50efef423a..fd4cce3c25 100755
--- a/util/perl/OpenSSL/config.pm
+++ b/util/perl/OpenSSL/config.pm
@@ -742,6 +742,7 @@ EOF
   [ 'powerpc-.*-.*bsd.*', { target => "BSD-ppc" } ],
   [ 'powerpc64-.*-.*bsd.*',   { target => "BSD-ppc64" } ],
   [ 'powerpc64le-.*-.*bsd.*', { target => "BSD-ppc64le" } ],
+  [ 'riscv64-.*-.*bsd.*', { target => "BSD-riscv64" } ],
   [ 'sparc64-.*-.*bsd.*', { target => "BSD-sparc64" } ],
   [ 'ia64-.*-.*bsd.*',{ target => "BSD-ia64" } ],
   [ 'x86_64-.*-dragonfly.*',  { target => "BSD-x86_64" } ],


[openssl] master update

2021-12-21 Thread dev
The branch master has been updated
   via  606c79e29bbc26c27c3b85cc52fe7d72051184de (commit)
  from  a497a90213b50c499f2a385e63e1fa6e13ef283a (commit)


- Log -
commit 606c79e29bbc26c27c3b85cc52fe7d72051184de
Author: Dr. David von Oheimb 
Date:   Thu Nov 18 20:43:06 2021 +0100

HTTP client: Work around the 'gets' method not being supported by SSL BIOs

It turned out that loading non-ASN.1 contents using the HTTP client
fails over TLS because SSL BIOs do not support the gets method.

This PR provides a workaround by using the less efficient BIO_get_line() 
function
in case BIO_gets() returns -2, which means that it is not supported by the 
BIO.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17317)

---

Summary of changes:
 crypto/http/http_client.c | 23 ---
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index b4d42f2eb0..ef0114240b 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -488,7 +488,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 long n;
 size_t resp_len;
 const unsigned char *p;
-char *key, *value, *line_end = NULL;
+char *buf, *key, *value, *line_end = NULL;
 
 if (rctx == NULL) {
 ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
@@ -501,11 +501,20 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 
 rctx->redirection_url = NULL;
  next_io:
+buf = (char *)rctx->buf;
 if ((rctx->state & OHS_NOREAD) == 0) {
-if (rctx->expect_asn1)
+if (rctx->expect_asn1) {
 n = BIO_read(rctx->rbio, rctx->buf, rctx->buf_size);
-else
-n = BIO_gets(rctx->rbio, (char *)rctx->buf, rctx->buf_size);
+} else {
+(void)ERR_set_mark();
+n = BIO_gets(rctx->rbio, buf, rctx->buf_size);
+if (n == -2) { /* some BIOs, such as SSL, do not support "gets" */
+(void)ERR_pop_to_mark();
+n = BIO_get_line(rctx->rbio, buf, rctx->buf_size);
+} else {
+(void)ERR_clear_last_mark();
+}
+}
 if (n <= 0) {
 if (BIO_should_retry(rctx->rbio))
 return -1;
@@ -606,7 +615,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 }
 goto next_io;
 }
-n = BIO_gets(rctx->mem, (char *)rctx->buf, rctx->buf_size);
+n = BIO_gets(rctx->mem, buf, rctx->buf_size);
 
 if (n <= 0) {
 if (BIO_should_retry(rctx->mem))
@@ -624,7 +633,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 
 /* First line */
 if (rctx->state == OHS_FIRSTLINE) {
-switch (parse_http_line1((char *)rctx->buf, &found_keep_alive)) {
+switch (parse_http_line1(buf, &found_keep_alive)) {
 case HTTP_STATUS_CODE_OK:
 rctx->state = OHS_HEADERS;
 goto next_line;
@@ -642,7 +651,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 goto next_line;
 }
 }
-key = (char *)rctx->buf;
+key = buf;
 value = strchr(key, ':');
 if (value != NULL) {
 *(value++) = '\0';


[openssl] master update

2021-12-21 Thread dev
The branch master has been updated
   via  a497a90213b50c499f2a385e63e1fa6e13ef283a (commit)
  from  79b2a2f2eedb9d6b24a3f6748332328cf54568fb (commit)


- Log -
commit a497a90213b50c499f2a385e63e1fa6e13ef283a
Author: Dr. David von Oheimb 
Date:   Sat Dec 18 16:48:31 2021 +0100

http_test.c: Simplify constant init of 'server_args' struct for gcc-4.8.x

Reviewed-by: Ben Kaduk 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17308)

---

Summary of changes:
 test/http_test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/http_test.c b/test/http_test.c
index d684c5eb18..49e770cd88 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -208,13 +208,14 @@ static int test_http_keep_alive(char version, int 
keep_alive, int kept_alive)
 BIO *rbio = BIO_new(BIO_s_mem());
 BIO *rsp;
 const char *const content_type = "application/x-x509-ca-cert";
-server_args mock_args = { NULL, content_type, NULL, '0', 0 };
+server_args mock_args = { NULL, NULL, NULL, '0', 0 };
 OSSL_HTTP_REQ_CTX *rctx = NULL;
 int i, res = 0;
 
 if (wbio == NULL || rbio == NULL)
 goto err;
 mock_args.out = rbio;
+mock_args.content_type = content_type;
 mock_args.version = version;
 mock_args.keep_alive = kept_alive;
 BIO_set_callback_ex(wbio, http_bio_cb_ex);


[openssl] master update

2021-12-21 Thread dev
The branch master has been updated
   via  79b2a2f2eedb9d6b24a3f6748332328cf54568fb (commit)
  from  0d4c52320d245be80bd69346fdda4b12b4961eae (commit)


- Log -
commit 79b2a2f2eedb9d6b24a3f6748332328cf54568fb
Author: Dr. David von Oheimb 
Date:   Sat Dec 18 16:15:49 2021 +0100

add OSSL_STACK_OF_X509_free() for commonly used pattern

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17307)

---

Summary of changes:
 apps/ca.c |  2 +-
 apps/cmp.c|  8 
 apps/cms.c|  6 +++---
 apps/lib/apps.c   | 12 ++--
 apps/lib/cmp_mock_srv.c   | 12 ++--
 apps/lib/s_cb.c   |  2 +-
 apps/ocsp.c   |  8 
 apps/pkcs12.c |  6 +++---
 apps/s_client.c   |  2 +-
 apps/s_server.c   |  4 ++--
 apps/smime.c  |  4 ++--
 apps/verify.c |  6 +++---
 crypto/cmp/cmp_client.c   |  2 +-
 crypto/cmp/cmp_ctx.c  | 21 +
 crypto/cmp/cmp_server.c   |  4 ++--
 crypto/cmp/cmp_vfy.c  |  2 +-
 crypto/cms/cms_lib.c  |  2 +-
 crypto/cms/cms_smime.c|  4 ++--
 crypto/ocsp/ocsp_vfy.c|  2 +-
 crypto/pkcs12/p12_kiss.c  |  2 +-
 crypto/store/store_result.c   |  2 +-
 crypto/ts/ts_conf.c   |  4 ++--
 crypto/ts/ts_rsp_sign.c   |  4 ++--
 crypto/ts/ts_rsp_verify.c |  2 +-
 crypto/ts/ts_verify_ctx.c |  2 +-
 crypto/x509/t_x509.c  |  7 ++-
 crypto/x509/x509_lu.c |  4 ++--
 crypto/x509/x509_vfy.c|  8 
 demos/cms/cms_denc.c  |  6 +++---
 demos/cms/cms_enc.c   |  6 +++---
 demos/pkcs12/pkread.c |  2 +-
 demos/smime/smenc.c   |  6 +++---
 doc/man3/X509_STORE_CTX_get_error.pod |  2 +-
 doc/man3/X509_new.pod | 14 --
 engines/e_loader_attic.c  |  2 +-
 include/openssl/x509.h.in |  1 +
 ssl/s3_lib.c  |  2 +-
 ssl/ssl_cert.c| 12 ++--
 ssl/ssl_lib.c |  6 +++---
 ssl/ssl_rsa.c |  2 +-
 ssl/ssl_sess.c|  2 +-
 ssl/statem/statem_clnt.c  |  2 +-
 ssl/statem/statem_srvr.c  |  4 ++--
 test/cmp_client_test.c|  2 +-
 test/cmp_ctx_test.c   |  2 +-
 test/cmp_protect_test.c   |  6 +++---
 test/crltest.c|  2 +-
 test/danetest.c   |  4 ++--
 test/sslapitest.c |  2 +-
 test/testutil/load.c  |  2 +-
 test/verify_extra_test.c  |  2 +-
 util/libcrypto.num|  1 +
 52 files changed, 125 insertions(+), 111 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 1e77bf50c5..a9d6c5c1a6 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1325,7 +1325,7 @@ end_of_options:
 BIO_free_all(Sout);
 BIO_free_all(out);
 BIO_free_all(in);
-sk_X509_pop_free(cert_sk, X509_free);
+OSSL_STACK_OF_X509_free(cert_sk);
 
 cleanse(passin);
 if (free_passin)
diff --git a/apps/cmp.c b/apps/cmp.c
index f994b83b18..0f810129b3 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -933,7 +933,7 @@ static int setup_certs(char *files, const char *desc, void 
*ctx,
 if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == 
NULL)
 return 0;
 ok = (*set1_fn)(ctx, certs);
-sk_X509_pop_free(certs, X509_free);
+OSSL_STACK_OF_X509_free(certs);
 return ok;
 }
 
@@ -1262,7 +1262,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const 
char *host,
 if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) {
 CMP_err1("unable to use client TLS certificate file '%s'",
  opt_tls_cert);
-sk_X509_pop_free(certs, X509_free);
+OSSL_STACK_OF_X509_free(certs);
 goto err;
 }
 for (i = 0; i < sk_X509_num(untrusted); i++) {
@@ -1441,7 +1441,7 @@ static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE 
*engine)
 ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs);
 }
 X509_STORE_free(own_trusted);
-sk_X509_pop_free(certs, X509_free);
+OSSL_STACK_OF_X509_free(certs);
 if (!ok)
 return 0;
 } else if (opt_own_trusted != NULL) {
@@ -2020,7 +2020,7 @@ static int save_free_certs(OSSL_CMP_CTX *ctx,
 
  end:
 BIO_free(bio);
-sk_X509_pop_free(certs, X509_free);
+OSSL_STACK_OF_X509_fr

[openssl] openssl-3.0 update

2021-12-21 Thread tomas
The branch openssl-3.0 has been updated
   via  fbadef597c906711d82d8bfd9c4d5276ea981db7 (commit)
  from  a666c647c1f96c510e83a5becd8031d940b421fe (commit)


- Log -
commit fbadef597c906711d82d8bfd9c4d5276ea981db7
Author: Pauli 
Date:   Sat Dec 18 15:21:38 2021 +1100

rsa exp: move declarations before code (3.0)

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17305)

---

Summary of changes:
 crypto/bn/rsaz_exp_x2.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c
index 15db0c1f05..0e0aff1f85 100644
--- a/crypto/bn/rsaz_exp_x2.c
+++ b/crypto/bn/rsaz_exp_x2.c
@@ -318,6 +318,8 @@ static void RSAZ_exp52x20_x2_256(BN_ULONG *out,  /* 
[2][20] */
 int exp_chunk_no = exp_bit_no / 64;
 int exp_chunk_shift = exp_bit_no % 64;
 
+BN_ULONG red_table_idx_0, red_table_idx_1;
+
 /*
  * If rem == 0, then
  *  exp_bit_no = modulus_bitsize - exp_win_size
@@ -329,8 +331,8 @@ static void RSAZ_exp52x20_x2_256(BN_ULONG *out,  /* 
[2][20] */
 OPENSSL_assert(rem != 0);
 
 /* Process 1-st exp window - just init result */
-BN_ULONG red_table_idx_0 = expz[0][exp_chunk_no];
-BN_ULONG red_table_idx_1 = expz[1][exp_chunk_no];
+red_table_idx_0 = expz[0][exp_chunk_no];
+red_table_idx_1 = expz[1][exp_chunk_no];
 /*
  * The function operates with fixed moduli sizes divisible by 64,
  * thus table index here is always in supported range [0, 
EXP_WIN_SIZE).