Coverity Scan: Analysis completed for openssl/openssl

2022-10-19 Thread scan-admin 


Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D1ZHJ_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFgdrB4UuY2BF4ZpxmNRew3lJgRT3NZwdifIcWQzC9z10k5WhUndu4acYpBJ-2B5StqofPU9DEj7EPPRZsWGP4z9IO8eE4IXVWGaaxcaM-2BN4CEwUvc7SQNXIUnikykUHgSyXmyEKOt4UwbJnShtVu11hTQORmhT29eOcQ4nOn15mdPGLjdezaeI0d3C6co2oarQQ-3D

Build ID: 488201

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl/openssl] ad714b: Fix many inconsistencies in doc of CMS_verify() an...

2022-10-19 Thread David von Oheimb 
  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.com/openssl/openssl
  Commit: ad714baea86fa00666d8cc9707d6ea202f7c72b7
  
https://github.com/openssl/openssl/commit/ad714baea86fa00666d8cc9707d6ea202f7c72b7
  Author: Dr. David von Oheimb 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M doc/man3/CMS_add0_cert.pod
M doc/man3/CMS_verify.pod
M doc/man3/PKCS7_sign.pod
M doc/man3/PKCS7_sign_add_signer.pod
M doc/man3/PKCS7_verify.pod

  Log Message:
  ---
  Fix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc.

Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
Reviewed-by: David von Oheimb 
(Merged from https://github.com/openssl/openssl/pull/19108)

(cherry picked from commit 312a6b3a0327a986344c85aa6bc43e135d70bc6c)

[openssl/openssl] 312a6b: Fix many inconsistencies in doc of CMS_verify() an...

2022-10-19 Thread David von Oheimb 
  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 312a6b3a0327a986344c85aa6bc43e135d70bc6c
  
https://github.com/openssl/openssl/commit/312a6b3a0327a986344c85aa6bc43e135d70bc6c
  Author: Dr. David von Oheimb 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M doc/man3/CMS_add0_cert.pod
M doc/man3/CMS_verify.pod
M doc/man3/PKCS7_sign.pod
M doc/man3/PKCS7_sign_add_signer.pod
M doc/man3/PKCS7_verify.pod
M util/missingcrypto.txt

  Log Message:
  ---
  Fix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc.

Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
Reviewed-by: David von Oheimb 
(Merged from https://github.com/openssl/openssl/pull/19108)

[openssl/openssl] 453446: default provider: include RIPEMD160

2022-10-19 Thread Pauli 
  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 4534468866c2b29d197c48f0763c32e5a7b65868
  
https://github.com/openssl/openssl/commit/4534468866c2b29d197c48f0763c32e5a7b65868
  Author: Pauli 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M crypto/ripemd/build.info
M providers/defltprov.c
M providers/implementations/digests/build.info
M test/recipes/30-test_evp_data/evpmd_ripemd.txt

  Log Message:
  ---
  default provider: include RIPEMD160

Including RIPEMD160 in both the default and legacy providers shouldn't break
anyone and makes the algorithm available more readily.

Fixes #17722

Reviewed-by: Richard Levitte 
Reviewed-by: Tim Hudson 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19375)

(cherry picked from commit ecd831469919215b0a45693b00ec0fd7d42d5d61)


  Commit: 2f355186551c9d7d5285c96a205a8f2767173527
  
https://github.com/openssl/openssl/commit/2f355186551c9d7d5285c96a205a8f2767173527
  Author: Tomas Mraz 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M crypto/ripemd/build.info
M providers/implementations/digests/build.info

  Log Message:
  ---
  Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips 
source

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/19375)

(cherry picked from commit 155a82d1fe1c50d859081ff67f26633b9d7dada8)


  Commit: f1e990b855ce1613041d847ccd3048ca6835f95a
  
https://github.com/openssl/openssl/commit/f1e990b855ce1613041d847ccd3048ca6835f95a
  Author: Pauli 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M doc/man7/EVP_MD-RIPEMD160.pod
M doc/man7/OSSL_PROVIDER-default.pod

  Log Message:
  ---
  ripemd: document as being present in the default provider

Reviewed-by: Richard Levitte 
Reviewed-by: Tim Hudson 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19375)

(cherry picked from commit fdc5043d58900663b493147298e64f11353b35fe)


Compare: https://github.com/openssl/openssl/compare/c861c3ee142a...f1e990b855ce

[openssl/openssl] ce9317: Add changes entry for RIPEMD160 being added to the...

2022-10-19 Thread Pauli 
  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: ce9317a4cfc01541964a14745c4d09e2a846981c
  
https://github.com/openssl/openssl/commit/ce9317a4cfc01541964a14745c4d09e2a846981c
  Author: Pauli 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M CHANGES.md

  Log Message:
  ---
  Add changes entry for RIPEMD160 being added to the default provider

Reviewed-by: Richard Levitte 
Reviewed-by: Tim Hudson 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19375)


  Commit: ecd831469919215b0a45693b00ec0fd7d42d5d61
  
https://github.com/openssl/openssl/commit/ecd831469919215b0a45693b00ec0fd7d42d5d61
  Author: Pauli 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M crypto/ripemd/build.info
M providers/defltprov.c
M providers/implementations/digests/build.info
M test/recipes/30-test_evp_data/evpmd_ripemd.txt

  Log Message:
  ---
  default provider: include RIPEMD160

Including RIPEMD160 in both the default and legacy providers shouldn't break
anyone and makes the algorithm available more readily.

Fixes #17722

Reviewed-by: Richard Levitte 
Reviewed-by: Tim Hudson 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19375)


  Commit: 155a82d1fe1c50d859081ff67f26633b9d7dada8
  
https://github.com/openssl/openssl/commit/155a82d1fe1c50d859081ff67f26633b9d7dada8
  Author: Tomas Mraz 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M crypto/ripemd/build.info
M providers/implementations/digests/build.info

  Log Message:
  ---
  Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips 
source

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
Reviewed-by: Tim Hudson 
(Merged from https://github.com/openssl/openssl/pull/19375)


  Commit: fdc5043d58900663b493147298e64f11353b35fe
  
https://github.com/openssl/openssl/commit/fdc5043d58900663b493147298e64f11353b35fe
  Author: Pauli 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M doc/man7/EVP_MD-RIPEMD160.pod
M doc/man7/OSSL_PROVIDER-default.pod

  Log Message:
  ---
  ripemd: document as being present in the default provider

Reviewed-by: Richard Levitte 
Reviewed-by: Tim Hudson 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19375)


Compare: https://github.com/openssl/openssl/compare/72620ac79133...fdc5043d5890

[openssl/openssl] 3df6ae: Ensure that the key share group is allowed for our...

2022-10-19 Thread Matt Caswell 
  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 3df6aed7826640d944da382f78af5ab87ea790db
  
https://github.com/openssl/openssl/commit/3df6aed7826640d944da382f78af5ab87ea790db
  Author: Matt Caswell 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M ssl/statem/extensions_clnt.c
M ssl/statem/extensions_srvr.c

  Log Message:
  ---
  Ensure that the key share group is allowed for our protocol version

We should never send or accept a key share group that is not in the
supported groups list or a group that isn't suitable for use in TLSv1.3

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19404)


  Commit: 78d00e05a537495287b979bcad79365d5d9607d4
  
https://github.com/openssl/openssl/commit/78d00e05a537495287b979bcad79365d5d9607d4
  Author: Matt Caswell 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M test/recipes/70-test_key_share.t

  Log Message:
  ---
  Add a test for where a client sends a non-TLSv1.3 key share

This should not happen but we should tolerate and send an HRR

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19404)


  Commit: c861c3ee142ac00d5facd112fd8891e87c50bc7b
  
https://github.com/openssl/openssl/commit/c861c3ee142ac00d5facd112fd8891e87c50bc7b
  Author: Matt Caswell 
  Date:   2022-10-19 (Wed, 19 Oct 2022)

  Changed paths:
M test/ssl-tests/14-curves.cnf
M test/ssl-tests/14-curves.cnf.in

  Log Message:
  ---
  Add a test for TLSv1.3 only client sending a correct key_share

Make sure that a TLSv1.3 only client does not send a TLSv1.3 key_share.

Reviewed-by: Dmitry Belyavskiy 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19404)


Compare: https://github.com/openssl/openssl/compare/e2b2e6b166b2...c861c3ee142a