Coverity Scan: Analysis completed for openssl/openssl

2022-08-29 Thread scan-admin 


Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D-rbw_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHTzYsVrzixVmEDOPTHJi8dML0yh-2FTN-2BL90FmZ1AsuZEzvTQoroN36I492yehpyMt-2F0CgGyZpWAVE4EBiFt82P87nIhgDzPhdrFlI5X-2Bnq9IuWVsJ2febzPMfYucNPiaa1kQHA-2FCslgTj4DZgWAAxmvRZ1IuUO-2B8D4Nj-2BEt3RCi41MumTB3Dl-2Fas7UeSRPEiF4-3D

Build ID: 476552

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl/openssl] 209342: Tolerate a bad record version in TLSv1.3 plaintext...

2022-08-29 Thread Matt Caswell 
  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 2093428834151ea4788aa773b5aa2d35e0bbc90a
  
https://github.com/openssl/openssl/commit/2093428834151ea4788aa773b5aa2d35e0bbc90a
  Author: Matt Caswell 
  Date:   2022-08-29 (Mon, 29 Aug 2022)

  Changed paths:
M ssl/record/methods/tlsany_meth.c

  Log Message:
  ---
  Tolerate a bad record version in TLSv1.3 plaintext records

When a server responds to a second TLSv1.3 ClientHello it is required to
set the legacy_record_version to 0x0303 (TLSv1.2). The client is required
to ignore that field even if it is wrong. The recent changes to the read
record layer in PR #18132 made the record layer stricter and it was
checking that the legacy_record_version was the correct value. This
caused connection failures when talking to buggy servers that set the
wrong legacy_record_version value.

We make us more tolerant again.

Fixes #19051

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19058)


  Commit: 723844d3762c05727e8f6f21d0a1098e23302ebd
  
https://github.com/openssl/openssl/commit/723844d3762c05727e8f6f21d0a1098e23302ebd
  Author: Matt Caswell 
  Date:   2022-08-29 (Mon, 29 Aug 2022)

  Changed paths:
M test/recipes/70-test_sslrecords.t

  Log Message:
  ---
  Test that we ignore a bad record version in a plaintext TLSv1.3 record

The RFC requires us to ignore this field in plaintext records - so even
if it is set incorrectly we should tolerate it.

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19058)


Compare: https://github.com/openssl/openssl/compare/6347b86778a3...723844d3762c

[openssl/openssl] 6347b8: Add design requirements for QUIC packet demuxer

2022-08-29 Thread Tomáš Mráz 
  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 6347b86778a392c955b60b1ce107951d3552aec2
  
https://github.com/openssl/openssl/commit/6347b86778a392c955b60b1ce107951d3552aec2
  Author: Tomas Mraz 
  Date:   2022-08-29 (Mon, 29 Aug 2022)

  Changed paths:
A doc/designs/quic-design/demuxer.md

  Log Message:
  ---
  Add design requirements for QUIC packet demuxer

Reviewed-by: Paul Dale 
Reviewed-by: Hugo Landau 
(Merged from https://github.com/openssl/openssl/pull/18249)