Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Dy3E2_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGvWwIIgqFKSr8RIUXcqDh5u-2BADZaBzsVj-2FMTuwQVP5V90UG2Ezuw2lR3jwQVT0hh0H5M5-2FtrtVotA-2FToAuTNonzo4QUVzi1TY5YNdCz3xrRBd9Vhg7CE3TIFi-2BEuayli66SMK8-2FpDOFQN-2Be0Xvu3nf9XfH58nxlpITOJAB3LhPx5WESyY53-2BcelUe95rLaVWk-3D Build ID: 474562 Analysis Summary: New defects found: 0 Defects eliminated: 76
[openssl/openssl] 6a9255: Update gitignore
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 6a9255054b345026bc847ddad72f2da93f30ce4c https://github.com/openssl/openssl/commit/6a9255054b345026bc847ddad72f2da93f30ce4c Author: Todd Short Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M .gitignore Log Message: --- Update gitignore Add test/timing_load_creds Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19021)
[openssl/openssl] 87ceff: evp enc: cache cipher IV length
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 87ceff925f5f1d43dac0413f36c8b7bba94e4a41 https://github.com/openssl/openssl/commit/87ceff925f5f1d43dac0413f36c8b7bba94e4a41 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M crypto/evp/evp_enc.c M crypto/evp/evp_lib.c M crypto/evp/evp_local.h Log Message: --- evp enc: cache cipher IV length Instead of doing a heavy params based query every time a context is asked for its IV length, this value is cached in the context and only queried if it could have been modified. Fixes #17064 Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18995) Commit: 2e4b074800a293c5f3049286116a0a5030ea9312 https://github.com/openssl/openssl/commit/2e4b074800a293c5f3049286116a0a5030ea9312 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M crypto/evp/evp_lib.c Log Message: --- Fix bug in EVP_CIPHER_CTX_get_iv_length() Out of range values could possibly be returned due to a lack of range checking. Very unlikely to be exploitable for our provider because sensible values are returned for all ciphers. Also fixed the defaulting code so that the cipher's IV length is returned if the cipher ctx doesn't support getting. Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18995) Compare: https://github.com/openssl/openssl/compare/d3072f3f3ba3...2e4b074800a2
[openssl/openssl] e0c4e4: BIO_sendmmsg/BIO_recvmmsg (API only)
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: e0c4e43e40390e44614d14817e34b47e1c17d630 https://github.com/openssl/openssl/commit/e0c4e43e40390e44614d14817e34b47e1c17d630 Author: Hugo Landau Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M crypto/bio/bio_cb.c M crypto/bio/bio_err.c M crypto/bio/bio_lib.c M crypto/bio/bio_meth.c M doc/build.info M doc/man3/BIO_meth_new.pod A doc/man3/BIO_sendmmsg.pod M include/internal/bio.h M include/openssl/bio.h.in M include/openssl/bioerr.h M util/libcrypto.num M util/other.syms Log Message: --- BIO_sendmmsg/BIO_recvmmsg (API only) Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18923)
[openssl/openssl] d3072f: Limit the size of various MAXCHUNK definitions
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: d3072f3f3ba3a6385bd41473483c9ee81443b684 https://github.com/openssl/openssl/commit/d3072f3f3ba3a6385bd41473483c9ee81443b684 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M include/crypto/evp.h M providers/implementations/include/prov/ciphercommon.h Log Message: --- Limit the size of various MAXCHUNK definitions The current code has issues when sizeof(long) <> sizeof(size_t). The two types are assumed to be interchangeable and them being different will cause crashes and endless loops. This fix limits the maximum chunk size for many of the symmetric ciphers to 2^30 bytes. This chunk size limits the amount of data that will be encrypted/decrypted in one lump. The code internally handles block of data later than the chunk limit, so this will present no difference to the caller. Any loss of efficiency due to limiting the chunking to 1Gbyte rather than more should be insignificant. Fixes Coverity issues: 1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533, 1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 & 1508571 - 1508582. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18997) (cherry picked from commit 709d4be78f64a8ba0707fb5682b90039e848dad4)
[openssl/openssl] 709d4b: Limit the size of various MAXCHUNK definitions
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 709d4be78f64a8ba0707fb5682b90039e848dad4 https://github.com/openssl/openssl/commit/709d4be78f64a8ba0707fb5682b90039e848dad4 Author: Pauli Date: 2022-08-19 (Fri, 19 Aug 2022) Changed paths: M include/crypto/evp.h M providers/implementations/include/prov/ciphercommon.h Log Message: --- Limit the size of various MAXCHUNK definitions The current code has issues when sizeof(long) <> sizeof(size_t). The two types are assumed to be interchangeable and them being different will cause crashes and endless loops. This fix limits the maximum chunk size for many of the symmetric ciphers to 2^30 bytes. This chunk size limits the amount of data that will be encrypted/decrypted in one lump. The code internally handles block of data later than the chunk limit, so this will present no difference to the caller. Any loss of efficiency due to limiting the chunking to 1Gbyte rather than more should be insignificant. Fixes Coverity issues: 1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533, 1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 & 1508571 - 1508582. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18997)
