Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DtPT6_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHO-2BDy1JRpoEmb1AuNtM34v0DGFzrz5HlCJQulbnVWZ23UpC8SY-2Berp3OuBDtScyEGT-2FXgMru-2FPk17IgGkkugzBVViRMmkkeb-2BzGl3aVsu1dF7t9ZvXQWKWgM85lofTLqFg1OkufGqP8AyRqTs5Dr38egw1-2FTSnM2qhlIguTa-2BPvwMnETP34Ya4wzsdscJTeic-3D Build ID: 474392 Analysis Summary: New defects found: 3 Defects eliminated: 5 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DN9pu_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHO-2BDy1JRpoEmb1AuNtM34v0DGFzrz5HlCJQulbnVWZ290ST4pvkDnTBcDofCdhquzZBEv-2FNxGNe034QdEVzTSFy3mqX2akiE02ux5djZs5o6LrthoqJEVJPuC2x6afENU-2FkI9t05vSKJd5disCKv6mzPpM4tejM-2F-2F3BKdw402DZVToZnWak3ybmVJi-2FETuwu8-3D
[openssl/openssl] 552603: Coverity 1508534 & 1508540: misuses of time_t
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 552603edfed18f30466277d29b70939390fea65b https://github.com/openssl/openssl/commit/552603edfed18f30466277d29b70939390fea65b Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c Log Message: --- Coverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit a6cadcbdc3b4f3fbd0fd228e41177f0661b68264)
[openssl/openssl] a6cadc: Coverity 1508534 & 1508540: misuses of time_t
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: a6cadcbdc3b4f3fbd0fd228e41177f0661b68264 https://github.com/openssl/openssl/commit/a6cadcbdc3b4f3fbd0fd228e41177f0661b68264 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c Log Message: --- Coverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d)
[openssl/openssl] e8a557: Coverity: misuses of time_t
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d https://github.com/openssl/openssl/commit/e8a557dc3c1ed16faff4aeb39268f8f5a3f8b81d Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M ssl/statem/extensions_clnt.c M ssl/statem/extensions_srvr.c Log Message: --- Coverity: misuses of time_t Coverity 1508506: Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Coverity 1508534 & 1508540: Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19004)
[openssl/openssl] 79a1f3: Add the recordmethod header from the draft design
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 79a1f3e4bb62c10d9604718f6814bb8bdde4ffd6 https://github.com/openssl/openssl/commit/79a1f3e4bb62c10d9604718f6814bb8bdde4ffd6 Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: A ssl/record/recordmethod.h Log Message: --- Add the recordmethod header from the draft design Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: 11653dcd6ecbc7ff3c53f694474ece08ce4473aa https://github.com/openssl/openssl/commit/11653dcd6ecbc7ff3c53f694474ece08ce4473aa Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M ssl/record/recordmethod.h Log Message: --- Fix compilation issues in the imported recordmethod.h Also, rename the "new" function pointer to "new_record_layer" to avoid a C++ reserved name Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: 34a4068cc402c38e2134a6b46d9633ad3112bfa5 https://github.com/openssl/openssl/commit/34a4068cc402c38e2134a6b46d9633ad3112bfa5 Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M ssl/build.info A ssl/record/tlsrecord.c Log Message: --- Add a skeleton TLS record method It doesn't yet do anything. This is a placeholder which will be filled in by susbsequent commits. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: 0c974fc754e4b0525819ca9f6c3e124141b690ad https://github.com/openssl/openssl/commit/0c974fc754e4b0525819ca9f6c3e124141b690ad Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M ssl/record/recordmethod.h Log Message: --- Make settings and options parameters const in recordmethod.h Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: e2d5742b1460c45bf39094ea08e4e85a8f507ea8 https://github.com/openssl/openssl/commit/e2d5742b1460c45bf39094ea08e4e85a8f507ea8 Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M crypto/err/openssl.txt M include/openssl/core_names.h M include/openssl/sslerr.h M ssl/d1_lib.c M ssl/ktls.c M ssl/record/rec_layer_d1.c M ssl/record/rec_layer_s3.c M ssl/record/record_local.h M ssl/record/recordmethod.h M ssl/record/ssl3_buffer.c M ssl/record/ssl3_record.c M ssl/record/tlsrecord.c M ssl/ssl_err.c M ssl/ssl_lib.c M ssl/ssl_local.h M ssl/sslerr.h M ssl/t1_enc.c Log Message: --- Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: 26dad42e9ca609569073463165263173ab2a27ab https://github.com/openssl/openssl/commit/26dad42e9ca609569073463165263173ab2a27ab Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M test/dtlstest.c M test/helpers/ssltestlib.c M test/helpers/ssltestlib.h M test/quicapitest.c M test/sslapitest.c Log Message: --- Add a DTLSv1_listen() test Add a test to ensure that a connection started via DTLSv1_listen() can be completed through to handshake success. Previous DTLSv1_listen() testing only tested the function itself and did not confirm that a connection can actually be achieved using it. This is important to test some codepaths being affected by the record layer refactor. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: 4030869d24309bfb5292e7bec41cd2b3012ba99d https://github.com/openssl/openssl/commit/4030869d24309bfb5292e7bec41cd2b3012ba99d Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M crypto/err/openssl.txt M include/openssl/sslerr.h M ssl/record/rec_layer_s3.c M ssl/record/record.h M ssl/record/record_local.h M ssl/record/recordmethod.h M ssl/record/ssl3_record.c M ssl/record/tlsrecord.c M ssl/ssl_err.c M ssl/statem/statem_lib.c M test/sslapitest.c Log Message: --- Convert ssl3_get_record to tls_read_record We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18132) Commit: aedbb71b6334a6cb616cf31cbb5de02109a2c5ed
[openssl/openssl] 340fe5: Update session timeout code with OSSL_TIME
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 340fe504e42e3e4b6399caff165097cedc994c5e https://github.com/openssl/openssl/commit/340fe504e42e3e4b6399caff165097cedc994c5e Author: Todd Short Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M include/internal/time.h M ssl/ssl_local.h M ssl/ssl_sess.c Log Message: --- Update session timeout code with OSSL_TIME Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18985)
[openssl/openssl] 405d6d: Add some documentation for X509_gmtime_adj()
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 405d6dcd09388d34cad8290601dd726d9484f6c0 https://github.com/openssl/openssl/commit/405d6dcd09388d34cad8290601dd726d9484f6c0 Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M doc/man3/X509_cmp_time.pod M util/missingcrypto.txt Log Message: --- Add some documentation for X509_gmtime_adj() Other very similar functions were documented, but this one was missing. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18974) (cherry picked from commit 425e972dfaf867affb5b3d438d9ca67bb6aeed65)
[openssl/openssl] 425e97: Add some documentation for X509_gmtime_adj()
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 425e972dfaf867affb5b3d438d9ca67bb6aeed65 https://github.com/openssl/openssl/commit/425e972dfaf867affb5b3d438d9ca67bb6aeed65 Author: Matt Caswell Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M doc/man3/X509_cmp_time.pod M util/missingcrypto.txt Log Message: --- Add some documentation for X509_gmtime_adj() Other very similar functions were documented, but this one was missing. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18974)
[openssl/openssl] 63df86: Add CODE-OF-CONDUCT.md
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 63df86b041aaafba3e4998b2e3872fa8695a2377 https://github.com/openssl/openssl/commit/63df86b041aaafba3e4998b2e3872fa8695a2377 Author: Dr. Matthias St. Pierre Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: A CODE-OF-CONDUCT.md Log Message: --- Add CODE-OF-CONDUCT.md Fixes #18820 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19002)
[openssl/openssl] 1a68a3: crypto/x509/x509_vpm.c: update format of X509_VERI...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 1a68a3e42142a2c188f4b69c7337438c89502143 https://github.com/openssl/openssl/commit/1a68a3e42142a2c188f4b69c7337438c89502143 Author: Lutz Jaenicke Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M crypto/x509/x509_vpm.c Log Message: --- crypto/x509/x509_vpm.c: update format of X509_VERIFY_PARAM default_table Put "}," on separate lines as suggested in PR #18567 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18567) Commit: 178696d6020878361a088086243d56203e0beaa9 https://github.com/openssl/openssl/commit/178696d6020878361a088086243d56203e0beaa9 Author: Lutz Jaenicke Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M crypto/x509/v3_purp.c M crypto/x509/x509_vpm.c M doc/man1/openssl-verification-options.pod M doc/man3/X509_STORE_CTX_new.pod M doc/man3/X509_check_purpose.pod M include/openssl/x509v3.h.in Log Message: --- X509: Add "code sign" as purpose for verification of certificates Code signing certificates have other properties as for example described in CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when verifying signed objects. This patch adds the purpose "codesign" to the table in X.509 certificate verification and the verification parameter "code_sign" to X509_VERIFY_PARAM. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18567) Commit: 61a97676914df358dd014a9b6fe2ba01b0ebe508 https://github.com/openssl/openssl/commit/61a97676914df358dd014a9b6fe2ba01b0ebe508 Author: Lutz Jaenicke Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: A test/certs/ee-codesign-anyextkeyusage.pem A test/certs/ee-codesign-crlsign.pem A test/certs/ee-codesign-keycertsign.pem A test/certs/ee-codesign-noncritical.pem A test/certs/ee-codesign-serverauth.pem A test/certs/ee-codesign.pem M test/certs/mkcert.sh M test/certs/setup.sh M test/recipes/25-test_verify.t Log Message: --- X509: add tests for purpose code signing in verify application Correct configuration according to CA Browser forum: KU: critical,digitalSignature XKU: codeSiging Note: I did not find any other document formally defining the requirements for code signing certificates. Some combinations are explicitly forbidden, some flags can be ignored Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18567) Commit: 19914fec9bac08ca7c7917eddc1b7d1dba67e4a7 https://github.com/openssl/openssl/commit/19914fec9bac08ca7c7917eddc1b7d1dba67e4a7 Author: Lutz Jaenicke Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M test/recipes/80-test_cms.t M test/smime-certs/ca.cnf A test/smime-certs/csrsa1.pem M test/smime-certs/mksmime-certs.sh Log Message: --- cms: Create test for for purpose verification in cms application The tests only cover the correct handling of the codesigning purpose in the certificates in the context of the cms command line tool. The interpretation of the certificate purpose is tested in the context of the "verify" app. The correct handling of the cms objects is tested by other tests in 80-test_cms.t. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18567) Compare: https://github.com/openssl/openssl/compare/58135cb3c020...19914fec9bac
[openssl/openssl] 93bb2c: ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PA...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 93bb2c45ecdaa531c0215969d5f3f0d93c1ec18f https://github.com/openssl/openssl/commit/93bb2c45ecdaa531c0215969d5f3f0d93c1ec18f Author: Tomas Mraz Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M providers/implementations/keymgmt/ec_kmgmt.c Log Message: --- ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY If the public key is not set on the key, return error instead of crash. Fixes #18495 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18902) (cherry picked from commit b5db237def7e22ccea1a540ec777045b3ce4600e) Commit: d6d977c807343112d137ced096dece84303ded46 https://github.com/openssl/openssl/commit/d6d977c807343112d137ced096dece84303ded46 Author: Tomas Mraz Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M test/evp_extra_test.c Log Message: --- Add testcases for EVP_PKEY_get1_encoded_public_key Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18902) (cherry picked from commit 3a1596f4e3d710c163279a20e6b844d371886e73) Commit: e2fccd7b1eed8d4ec4fe74eae9320ced2bac203b https://github.com/openssl/openssl/commit/e2fccd7b1eed8d4ec4fe74eae9320ced2bac203b Author: Tomas Mraz Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M doc/man3/EVP_PKEY_fromdata.pod M doc/man7/EVP_PKEY-EC.pod Log Message: --- Clarify documentation in regards to EC key parameters Also clarify that EVP_PKEY_fromdata ignores parameters that are unknown or incorrect for given selection. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18902) (cherry picked from commit 58135cb3c020805354ecc869aca040934d1299c8) Compare: https://github.com/openssl/openssl/compare/682d4a1204bc...e2fccd7b1eed
[openssl/openssl] b5db23: ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PA...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: b5db237def7e22ccea1a540ec777045b3ce4600e https://github.com/openssl/openssl/commit/b5db237def7e22ccea1a540ec777045b3ce4600e Author: Tomas Mraz Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M providers/implementations/keymgmt/ec_kmgmt.c Log Message: --- ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY If the public key is not set on the key, return error instead of crash. Fixes #18495 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18902) Commit: 3a1596f4e3d710c163279a20e6b844d371886e73 https://github.com/openssl/openssl/commit/3a1596f4e3d710c163279a20e6b844d371886e73 Author: Tomas Mraz Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M test/evp_extra_test.c Log Message: --- Add testcases for EVP_PKEY_get1_encoded_public_key Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18902) Commit: 58135cb3c020805354ecc869aca040934d1299c8 https://github.com/openssl/openssl/commit/58135cb3c020805354ecc869aca040934d1299c8 Author: Tomas Mraz Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M doc/man3/EVP_PKEY_fromdata.pod M doc/man7/EVP_PKEY-EC.pod Log Message: --- Clarify documentation in regards to EC key parameters Also clarify that EVP_PKEY_fromdata ignores parameters that are unknown or incorrect for given selection. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18902) Compare: https://github.com/openssl/openssl/compare/2c05607cd91f...58135cb3c020
[openssl/openssl] 2c0560: Fix ossl_x509v3_cache_extensions(): EXFLAG_NO_FING...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 2c05607cd91fc5aab6d61f0324104d63a091d705 https://github.com/openssl/openssl/commit/2c05607cd91fc5aab6d61f0324104d63a091d705 Author: Dr. David von Oheimb Date: 2022-08-18 (Thu, 18 Aug 2022) Changed paths: M crypto/x509/v3_purp.c M test/cmp_ctx_test.c M test/recipes/65-test_cmp_ctx.t Log Message: --- Fix ossl_x509v3_cache_extensions(): EXFLAG_NO_FINGERPRINT should not be an error This allows reverting the recent workaround on cmp_ctx_test regarding X509_new() Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/16043)