Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DokH4_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEujBoK8Jp-2FSe9o8vmd9h9tnAJA4UNL4Y1yoKBkGadDs1pi-2BHnH4110s24y275kjX2bE4qCX3ZbTFLDPto3QE-2FSXu4Z50v9rMJ358-2FlUCFlPZp0-2BTpQDTC9g-2FEjW5QhPRfdw0LU02txn0BoBMKZ-2FrVhKnd01ytW3pCJ9m5a09BPecJTSsdMaYMvEKu0B4gFEV0-3D Build ID: 482439 Analysis Summary: New defects found: 7 Defects eliminated: 0 If you have difficulty understanding any defects, email us at scan-ad...@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3D2JqV_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEujBoK8Jp-2FSe9o8vmd9h9tnAJA4UNL4Y1yoKBkGadDs4zpvLrNSCfb1r5-2FcXDG3Z1v54p9c15BMad8tuVfYOodR1bYPvKNXvx9VdK0y0-2FpJuHsoEnQ2qfrb2PGUEPkKUF2QekMFIvDsbVOaqjt-2B3k4WEOHsBKHR1c-2Fcl5RKatEyWqSREswiXcUtY5gmHAND6E-3D
[openssl/openssl] e869c8: Allow PKCS12 export to set arbitrary bag attributes
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: e869c867c1c405de3b6538586f17b67937556a4b https://github.com/openssl/openssl/commit/e869c867c1c405de3b6538586f17b67937556a4b Author: Graham Woodward Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M CHANGES.md M apps/openssl-vms.cnf M apps/openssl.cnf M apps/pkcs12.c M crypto/err/openssl.txt M crypto/objects/obj_dat.h M crypto/objects/obj_mac.num M crypto/objects/objects.txt M crypto/pkcs12/p12_attr.c M crypto/pkcs12/p12_crt.c M crypto/pkcs12/pk12err.c M doc/build.info A doc/man3/PKCS12_SAFEBAG_set0_attrs.pod M doc/man3/PKCS12_create.pod M fuzz/oids.txt M include/crypto/pkcs12err.h M include/openssl/obj_mac.h M include/openssl/pkcs12.h.in M include/openssl/pkcs12err.h M test/helpers/pkcs12.c M test/helpers/pkcs12.h M test/pkcs12_api_test.c M test/pkcs12_format_test.c M test/recipes/80-test_pkcs12.t A test/recipes/80-test_pkcs12_data/jdk_trusted.cnf M util/libcrypto.num M util/other.syms Log Message: --- Allow PKCS12 export to set arbitrary bag attributes Reviewed-by: Dmitry Belyavskiy Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19025)
[openssl/openssl] d5ab48: Move the QUIC_CONNECTION typedef to internal headers
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: d5ab48a192d45ec51355ef2a186125961331eb9b https://github.com/openssl/openssl/commit/d5ab48a192d45ec51355ef2a186125961331eb9b Author: Richard Levitte Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M doc/designs/quic-design/rx-depacketizer.md A include/internal/quic_ssl.h M ssl/quic/quic_impl.c M ssl/quic/quic_local.h M ssl/quic/quic_wire.c Log Message: --- Move the QUIC_CONNECTION typedef to internal headers Also add internal functionality to get a QUIC_CONNECTION pointer from an SSL pointer, and setters / getters for the GQX and ACKM fields. Reviewed-by: Hugo Landau Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18838) Commit: 69ed6760f938975d9cdcc12ec756d58c83ac6b90 https://github.com/openssl/openssl/commit/69ed6760f938975d9cdcc12ec756d58c83ac6b90 Author: Richard Levitte Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: A include/internal/quic_rx_depack.h M ssl/quic/build.info A ssl/quic/quic_record_rx_wrap.c A ssl/quic/quic_record_rx_wrap.h A ssl/quic/quic_rx_depack.c Log Message: --- Implement the RX Depacketizer Implements the design doc/designs/quic-design/rx-depacketizer.md. Reviewed-by: Hugo Landau Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18838) Commit: 9be2693438756b5f1b789f1b8db76c3b987063dc https://github.com/openssl/openssl/commit/9be2693438756b5f1b789f1b8db76c3b987063dc Author: Richard Levitte Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M doc/designs/quic-design/rx-depacketizer.md Log Message: --- Extend the RX Depacketizer frame table with what packet types they are valid in Reviewed-by: Hugo Landau Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18838) Commit: 8a163641c1d94c877a46ade8ff2ecefdf5cbbeeb https://github.com/openssl/openssl/commit/8a163641c1d94c877a46ade8ff2ecefdf5cbbeeb Author: Richard Levitte Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/quic/quic_rx_depack.c Log Message: --- Implement packet type checks in the RX Depacketizer Reviewed-by: Hugo Landau Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18838) Commit: ecc920b3277311e859282b6d400ba8566d7ea8c1 https://github.com/openssl/openssl/commit/ecc920b3277311e859282b6d400ba8566d7ea8c1 Author: Richard Levitte Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M test/quic_record_test.c Log Message: --- Modify test/quic_record_test.c to also depacketize Reviewed-by: Hugo Landau Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18838) Compare: https://github.com/openssl/openssl/compare/9ff519542387...ecc920b32773
[openssl/openssl] a56686: Move initial TLS write record layer code into new ...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: a566864b607317fc95cbe190bbf0b8b928fcfa77 https://github.com/openssl/openssl/commit/a566864b607317fc95cbe190bbf0b8b928fcfa77 Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/methods/ktls_meth.c M ssl/record/methods/recmethod_local.h M ssl/record/methods/tls_common.c M ssl/record/rec_layer_d1.c M ssl/record/rec_layer_s3.c M ssl/record/record.h M ssl/record/recordmethod.h M ssl/s3_msg.c Log Message: --- Move initial TLS write record layer code into new structure The new write record layer architecture splits record writing into a "write_records" call and a "retry_write_records" call - where multiple records can be sent to "write_records" in one go. We restructure the code into that format in order that future commits can move these functions into the new record layer more easily. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) Commit: 2b71b042202d11854801682d48ccf4e4e34cd5cf https://github.com/openssl/openssl/commit/2b71b042202d11854801682d48ccf4e4e34cd5cf Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/dtls_meth.c M ssl/record/methods/ktls_meth.c M ssl/record/methods/recmethod_local.h M ssl/record/methods/tls_common.c M ssl/record/rec_layer_s3.c M ssl/record/record.h M ssl/record/recordmethod.h M ssl/s3_enc.c M ssl/s3_msg.c M ssl/ssl_lib.c M ssl/t1_enc.c M ssl/tls13_enc.c Log Message: --- Create the write record layer method and object and use it Make sure we set the write record layer method and create the object where appropriate. Move the newly restructured writing code into the record layer object. For now we are cheating and still accessing the underlying SSL_CONNECTION object. This will be removed in subsequent commits. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) Commit: 3eaead7166ef5aff027e571a9be0def6581ef20c https://github.com/openssl/openssl/commit/3eaead7166ef5aff027e571a9be0def6581ef20c Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/tls_common.c M ssl/record/rec_layer_s3.c Log Message: --- Move checking for alerts to dispatch out of the record layer This isn't a record layer responsibility so should be removed from write_records. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) Commit: 310590139e45116d86627dcc85e83f2e3fcbb6b4 https://github.com/openssl/openssl/commit/310590139e45116d86627dcc85e83f2e3fcbb6b4 Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/tls_common.c Log Message: --- Use the record layer msg_callback not the SSL object msg_callback This removes unnecessary usage of the SSL object from the record layer. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) Commit: b5cf81f7c9775d2502730ba126893ce8af4db90e https://github.com/openssl/openssl/commit/b5cf81f7c9775d2502730ba126893ce8af4db90e Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/ktls_meth.c M ssl/record/methods/tls_common.c M ssl/record/rec_layer_s3.c M ssl/s3_msg.c M ssl/ssl_lib.c Log Message: --- Replace references to s->wbio with rl->bio We use the record layer reference to the BIO rather than the SSL object reference. This removes an unneeded SSL object usage. Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) Commit: 151f313e53c1515f2730b3b36e3fc966e1a8010b https://github.com/openssl/openssl/commit/151f313e53c1515f2730b3b36e3fc966e1a8010b Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/recmethod_local.h M ssl/record/methods/tls_common.c M ssl/record/rec_layer_s3.c M ssl/record/ssl3_buffer.c M ssl/t1_enc.c M ssl/tls13_enc.c Log Message: --- Move write buffer management into the write record layer Reviewed-by: Hugo Landau Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/19198) Commit: e7694c69b5fed37f5cdf72b70f507c7188db7e3d https://github.com/openssl/openssl/commit/e7694c69b5fed37f5cdf72b70f507c7188db7e3d Author: Matt Caswell Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M ssl/record/methods/recmethod_local.h M ssl/record/methods/tls_common.c M ssl/record/rec_layer_d1.c M ssl/record/record.h
[openssl/openssl] 7c0521: test: Fix memory leak of asynctest
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 7c05215b872a78c48326bf6d646410bb7d30db40 https://github.com/openssl/openssl/commit/7c05215b872a78c48326bf6d646410bb7d30db40 Author: Tianjia Zhang Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M test/asynctest.c Log Message: --- test: Fix memory leak of asynctest ASYNC_init_thread() will be called automatically by ASYNC_start_job(), so ASYNC_cleanup_thread() must be called at last, otherwise it will cause memory leak. Signed-off-by: Tianjia Zhang Reviewed-by: Paul Dale Reviewed-by: David von Oheimb Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/16703) (cherry picked from commit c5d061290baa9466182b6d1a5b88aa9e5a4b2386)
[openssl/openssl] c5d061: test: Fix memory leak of asynctest
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: c5d061290baa9466182b6d1a5b88aa9e5a4b2386 https://github.com/openssl/openssl/commit/c5d061290baa9466182b6d1a5b88aa9e5a4b2386 Author: Tianjia Zhang Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M test/asynctest.c Log Message: --- test: Fix memory leak of asynctest ASYNC_init_thread() will be called automatically by ASYNC_start_job(), so ASYNC_cleanup_thread() must be called at last, otherwise it will cause memory leak. Signed-off-by: Tianjia Zhang Reviewed-by: Paul Dale Reviewed-by: David von Oheimb Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/16703)
[openssl/openssl] 6db9d0: Fix error return values from BIO_ctrl_(w)pending()
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 6db9d09f520e0137300cd11c82541cb31b47fc72 https://github.com/openssl/openssl/commit/6db9d09f520e0137300cd11c82541cb31b47fc72 Author: Tomas Mraz Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/bio/bio_lib.c M doc/man3/BIO_ctrl.pod Log Message: --- Fix error return values from BIO_ctrl_(w)pending() Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19240) (cherry picked from commit e9809f8a09147bc27f974caa908b04439c006625) Commit: 3e7ecb8627a585c05de4cfb8420609ae30c1d91a https://github.com/openssl/openssl/commit/3e7ecb8627a585c05de4cfb8420609ae30c1d91a Author: Tomas Mraz Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/bio/bio_lib.c Log Message: --- Maximum return value of BIO_ctrl_(w)pending is SIZE_MAX Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19240) (cherry picked from commit c6be0aa8ac3c172ad998ce33f392143312bfe760) Compare: https://github.com/openssl/openssl/compare/d40de2cc04b9...3e7ecb8627a5
[openssl/openssl] e9809f: Fix error return values from BIO_ctrl_(w)pending()
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: e9809f8a09147bc27f974caa908b04439c006625 https://github.com/openssl/openssl/commit/e9809f8a09147bc27f974caa908b04439c006625 Author: Tomas Mraz Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/bio/bio_lib.c M doc/man3/BIO_ctrl.pod Log Message: --- Fix error return values from BIO_ctrl_(w)pending() Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19240) Commit: c6be0aa8ac3c172ad998ce33f392143312bfe760 https://github.com/openssl/openssl/commit/c6be0aa8ac3c172ad998ce33f392143312bfe760 Author: Tomas Mraz Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/bio/bio_lib.c Log Message: --- Maximum return value of BIO_ctrl_(w)pending is SIZE_MAX Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19240) Compare: https://github.com/openssl/openssl/compare/538ee4e09774...c6be0aa8ac3c
[openssl/openssl] 4efc96: update overview with a note about many to one conn...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 4efc969852cdb7883d240e423e887a57504dcd36 https://github.com/openssl/openssl/commit/4efc969852cdb7883d240e423e887a57504dcd36 Author: Pauli Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M doc/designs/quic-design/quic-overview.md Log Message: --- update overview with a note about many to one connection ID cache Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18824) Commit: 538ee4e0977492009f8ca39d577d8a1aeb8d27fd https://github.com/openssl/openssl/commit/538ee4e0977492009f8ca39d577d8a1aeb8d27fd Author: Pauli Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: A doc/designs/quic-design/connection-id-cache.md Log Message: --- Add design document for the QUIC connection ID cache. Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18824) Compare: https://github.com/openssl/openssl/compare/8e90a12ad82d...538ee4e09774
[openssl/openssl] 8e90a1: Fix BIO_dgram_pair stochastic test failure
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 8e90a12ad82dec6d8b683eaa2e4feafa9796d377 https://github.com/openssl/openssl/commit/8e90a12ad82dec6d8b683eaa2e4feafa9796d377 Author: Hugo Landau Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M test/bio_dgram_test.c Log Message: --- Fix BIO_dgram_pair stochastic test failure Fixes #19267. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19268)
[openssl/openssl] 678b48: Clear incorrectly reported errors in d2i_CMS_Conte...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 678b489a2ae8af289cef939a538235686b448c0e https://github.com/openssl/openssl/commit/678b489a2ae8af289cef939a538235686b448c0e Author: Daniel Fiala Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/cms/cms_lib.c M test/cmsapitest.c Log Message: --- Clear incorrectly reported errors in d2i_CMS_ContentInfo Fixes openssl#19003 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19255)
[openssl/openssl] d40de2: Clear incorrectly reported errors in d2i_CMS_Conte...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: d40de2cc04b9a1b1adf42d9f2218a224e4d14de4 https://github.com/openssl/openssl/commit/d40de2cc04b9a1b1adf42d9f2218a224e4d14de4 Author: Daniel Fiala Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/cms/cms_lib.c M test/cmsapitest.c Log Message: --- Clear incorrectly reported errors in d2i_CMS_ContentInfo Fixes openssl#19003 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19255) (cherry picked from commit 678b489a2ae8af289cef939a538235686b448c0e)
[openssl/openssl] 78c44b: Add HPKE DHKEM provider support for EC, X25519 and...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 78c44b05945be07eae86f0164b9b777e2de2295b https://github.com/openssl/openssl/commit/78c44b05945be07eae86f0164b9b777e2de2295b Author: slontis Date: 2022-09-23 (Fri, 23 Sep 2022) Changed paths: M crypto/build.info M crypto/ec/build.info M crypto/ec/ec_key.c M crypto/ec/ecx_key.c M crypto/evp/evp_local.h M crypto/evp/kem.c A crypto/hpke/build.info A crypto/hpke/hpke_util.c M doc/build.info M doc/man3/EVP_PKEY_decapsulate.pod M doc/man3/EVP_PKEY_encapsulate.pod A doc/man7/EVP_KEM-EC.pod A doc/man7/EVP_KEM-X25519.pod M doc/man7/EVP_PKEY-EC.pod M doc/man7/EVP_PKEY-X25519.pod M doc/man7/OSSL_PROVIDER-default.pod M doc/man7/provider-kem.pod M include/crypto/ec.h M include/crypto/ecx.h A include/crypto/hpke.h M include/openssl/core_dispatch.h M include/openssl/core_names.h M include/openssl/evp.h M providers/defltprov.c M providers/implementations/exchange/ecx_exch.c A providers/implementations/include/prov/ecx.h M providers/implementations/include/prov/implementations.h M providers/implementations/kem/build.info A providers/implementations/kem/ec_kem.c A providers/implementations/kem/eckem.h A providers/implementations/kem/ecx_kem.c A providers/implementations/kem/kem_util.c M providers/implementations/keymgmt/ec_kmgmt.c M providers/implementations/keymgmt/ecx_kmgmt.c M test/build.info A test/dhkem_test.inc A test/evp_pkey_dhkem_test.c A test/recipes/30-test_evp_pkey_dhkem.t M util/libcrypto.num Log Message: --- Add HPKE DHKEM provider support for EC, X25519 and X448. The code is derived from @sftcd's work in PR #17172. This PR puts the DHKEM algorithms into the provider layer as KEM algorithms for EC and ECX. This PR only implements the DHKEM component of HPKE as specified in RFC 9180. crypto/hpke/hpke_util.c has been added for fuctions that will be shared between DHKEM and HPKE. API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init() have been added to support authenticated encapsulation. auth_init() functions were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support future algorithms that could possibly need different init functions. Internal code has been refactored, so that it can be shared between the DHKEM and other systems. Since DHKEM operates on low level keys it needs to be able to do low level ECDH and ECXDH calls without converting the keys back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(), ossl_ec_public_from_private() DHKEM requires API's to derive a key using a seed (IKM). This did not sit well inside the DHKEM itself as dispatch functions. This functionality fits better inside the EC and ECX keymanagers keygen, since they are just variations of keygen where the private key is generated in a different manner. This should mainly be used for testing purposes. See ossl_ec_generate_key_dhkem(). It supports this by allowing a settable param to be passed to keygen (See OSSL_PKEY_PARAM_DHKEM_IKM). The keygen calls code within ec and ecx dhkem implementation to handle this. See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private(). These 2 functions are also used by the EC/ECX DHKEM implementations to generate the sender ephemeral keys. Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/19068)
