Task #134 - openssl-3.2.1-6.fc41/scan-results.err
back to task #134download
Error: SHELLCHECK_WARNING:
/usr/bin/make-dummy-cert:15:7: warning[SC3004]: In POSIX sh, $".." is undefined.
# 13|
# 14| if [ $# -eq 0 ] ; then
# 15|-> echo $"Usage: `basename $0` filename [...]"
# 16| exit 0
# 17| fi
Error: SHELLCHECK_WARNING (CWE-88):
/usr/bin/make-dummy-cert:19:15: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
# 17| fi
# 18|
# 19|-> for target in $@ ; do
# 20| PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
# 21| PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/make-dummy-cert:22:14: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
# 20| PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
# 21| PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
# 22|-> trap "rm -f $PEM1 $PEM2" SIGINT
# 23| answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
# 24| cat $PEM1 > ${target}
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/make-dummy-cert:22:20: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
# 20| PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
# 21| PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
# 22|-> trap "rm -f $PEM1 $PEM2" SIGINT
# 23| answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
# 24| cat $PEM1 > ${target}
Error: SHELLCHECK_WARNING:
/usr/bin/make-dummy-cert:22:27: warning[SC3048]: In POSIX sh, prefixing signal names with 'SIG' is undefined.
# 20| PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
# 21| PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
# 22|-> trap "rm -f $PEM1 $PEM2" SIGINT
# 23| answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
# 24| cat $PEM1 > ${target}
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/renew-dummy-cert:14:13: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
# 12| NEW=${PEM}_
# 13|
# 14|-> trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
# 15|
# 16| if [ ! -f $PEM ]; then
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/renew-dummy-cert:14:18: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
# 12| NEW=${PEM}_
# 13|
# 14|-> trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
# 15|
# 16| if [ ! -f $PEM ]; then
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/renew-dummy-cert:14:23: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
# 12| NEW=${PEM}_
# 13|
# 14|-> trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
# 15|
# 16| if [ ! -f $PEM ]; then
Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/renew-dummy-cert:14:28: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
# 12| NEW=${PEM}_
# 13|
# 14|-> trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
# 15|
# 16| if [ ! -f $PEM ]; then
Error: CLANG_WARNING:
openssl-3.2.1/apps/ca.c:1054:9: warning[deadcode.DeadStores]: Value stored to 'outdirlen' is never read
# 1052| }
# 1053|
# 1054|-> outdirlen = OPENSSL_strlcpy(new_cert, outdir, sizeof(new_cert));
# 1055| #ifndef OPENSSL_SYS_VMS
# 1056| outdirlen = OPENSSL_strlcat(new_cert, "/", sizeof(new_cert));
Error: CLANG_WARNING:
openssl-3.2.1/apps/cms.c:718:5: warning[deadcode.DeadStores]: Value stored to 'argc' is never read
# 716|
# 717| /* Remaining args are files to process. */
# 718|-> argc = opt_num_rest();
# 719| argv = opt_rest();
# 720|
Error: CLANG_WARNING:
openssl-3.2.1/apps/dsaparam.c:239:13: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 237| assert(private);
# 238| if (outformat == FORMAT_ASN1)
# 239|-> i = i2d_PrivateKey_bio(out, pkey);
# 240| else
# 241| i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
Error: CLANG_WARNING:
openssl-3.2.1/apps/dsaparam.c:241:13: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 239| i = i2d_PrivateKey_bio(out, pkey);
# 240| else
# 241|-> i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
# 242| }
# 243| ret = 0;
Error: CLANG_WARNING:
openssl-3.2.1/apps/engine.c:364:5: warning[deadcode.DeadStores]: Value stored to 'argc' is never read
# 362|
# 363| /* Any remaining arguments are engine names. */
# 364|-> argc = opt_num_rest();
# 365| argv = opt_rest();
# 366| for ( ; *argv; argv++) {
Error: CLANG_WARNING:
openssl-3.2.1/apps/fipsinstall.c:359:17: warning[deadcode.DeadStores]: Value stored to 'section_name' during its initialization is never read
# 357| {
# 358| int ret = 1, verify = 0, gotkey = 0, gotdigest = 0, pedantic = 0;
# 359|-> const char *section_name = "fips_sect";
# 360| const char *mac_name = "HMAC";
# 361| const char *prov_name = "fips";
Error: CLANG_WARNING:
openssl-3.2.1/apps/fipsinstall.c:360:17: warning[deadcode.DeadStores]: Value stored to 'mac_name' during its initialization is never read
# 358| int ret = 1, verify = 0, gotkey = 0, gotdigest = 0, pedantic = 0;
# 359| const char *section_name = "fips_sect";
# 360|-> const char *mac_name = "HMAC";
# 361| const char *prov_name = "fips";
# 362| BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL;
Error: CLANG_WARNING:
openssl-3.2.1/apps/fipsinstall.c:361:17: warning[deadcode.DeadStores]: Value stored to 'prov_name' during its initialization is never read
# 359| const char *section_name = "fips_sect";
# 360| const char *mac_name = "HMAC";
# 361|-> const char *prov_name = "fips";
# 362| BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL;
# 363| char *in_fname = NULL, *out_fname = NULL, *prog;
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/app_params.c:69:9: warning[deadcode.DeadStores]: Value stored to 'bufsz' is never read
# 67| if (printed_len > 0) {
# 68| buf += printed_len;
# 69|-> bufsz -= printed_len;
# 70| }
# 71| *buf = '\0';
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/app_provider.c:70:15: warning[deadcode.DeadStores]: Value stored to 'given' during its initialization is never read
# 68| int opt_provider(int opt)
# 69| {
# 70|-> const int given = provider_option_given;
# 71|
# 72| provider_option_given = 1;
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1573:9: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1571| } else {
# 1572| #ifndef OPENSSL_SYS_VMS
# 1573|-> j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
# 1574| #else
# 1575| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1617:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1615| }
# 1616| #ifndef OPENSSL_SYS_VMS
# 1617|-> j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
# 1618| j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
# 1619| #else
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1618:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1616| #ifndef OPENSSL_SYS_VMS
# 1617| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
# 1618|-> j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
# 1619| #else
# 1620| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1773:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1771| }
# 1772| #ifndef OPENSSL_SYS_VMS
# 1773|-> j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
# 1774| j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
# 1775| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1774:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1772| #ifndef OPENSSL_SYS_VMS
# 1773| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
# 1774|-> j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
# 1775| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
# 1776| #else
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1775:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1773| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
# 1774| j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
# 1775|-> j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
# 1776| #else
# 1777| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1823:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1821| }
# 1822| #ifndef OPENSSL_SYS_VMS
# 1823|-> j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
# 1824| j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
# 1825| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1824:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1822| #ifndef OPENSSL_SYS_VMS
# 1823| j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
# 1824|-> j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
# 1825| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
# 1826| j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1825:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1823| j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
# 1824| j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
# 1825|-> j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
# 1826| j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
# 1827| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1826:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1824| j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
# 1825| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
# 1826|-> j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
# 1827| j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
# 1828| #else
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:1827:5: warning[deadcode.DeadStores]: Value stored to 'j' is never read
# 1825| j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
# 1826| j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
# 1827|-> j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
# 1828| #else
# 1829| j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/apps.c:3363:11: warning[deadcode.DeadStores]: Value stored to 'opt' during its initialization is never read
# 3361| size_t sz = (size_t)sk_OPENSSL_STRING_num(opts);
# 3362| size_t params_n;
# 3363|-> char *opt = "", *stmp, *vtmp = NULL;
# 3364| int found = 1;
# 3365|
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/s_cb.c:1241:10: warning[deadcode.DeadStores]: Although the value stored to 'mdpth' is used in the enclosing expression, the value is never actually read from 'mdpth'
# 1239| }
# 1240|
# 1241|-> if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
# 1242| uint8_t usage, selector, mtype;
# 1243| const unsigned char *data = NULL;
Error: CLANG_WARNING:
openssl-3.2.1/apps/lib/s_socket.c:185:21: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'ba_ret')
# 183| /* Save the address */
# 184| if (tfo || !doconn)
# 185|-> *ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
# 186|
# 187| /* Success, don't try any more addresses */
Error: CLANG_WARNING:
openssl-3.2.1/apps/passwd.c:189:5: warning[deadcode.DeadStores]: Value stored to 'argc' is never read
# 187|
# 188| /* All remaining arguments are the password text */
# 189|-> argc = opt_num_rest();
# 190| argv = opt_rest();
# 191| if (*argv != NULL) {
Error: CLANG_WARNING:
openssl-3.2.1/apps/passwd.c:194:9: warning[deadcode.DeadStores]: Value stored to 'pw_source_defined' is never read
# 192| if (pw_source_defined)
# 193| goto opthelp;
# 194|-> pw_source_defined = 1;
# 195| passwds = argv;
# 196| }
Error: CLANG_WARNING:
openssl-3.2.1/apps/pkeyutl.c:501:9: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 499| BIO_dump(out, (char *)buf_out, buf_outlen);
# 500| } else {
# 501|-> BIO_write(out, buf_out, buf_outlen);
# 502| }
# 503|
Error: CLANG_WARNING:
openssl-3.2.1/apps/rehash.c:550:5: warning[deadcode.DeadStores]: Value stored to 'argc' is never read
# 548|
# 549| /* Optional arguments are directories to scan. */
# 550|-> argc = opt_num_rest();
# 551| argv = opt_rest();
# 552|
Error: CLANG_WARNING:
openssl-3.2.1/apps/s_client.c:1586:9: warning[deadcode.DeadStores]: Value stored to 'connect_type' is never read
# 1584| goto opthelp;
# 1585| }
# 1586|-> connect_type = use_inet;
# 1587| freeandcopy(&connectstr, *opt_rest());
# 1588| } else if (!opt_check_rest_arg(NULL)) {
Error: CLANG_WARNING:
openssl-3.2.1/apps/s_client.c:2325:5: warning[deadcode.DeadStores]: Value stored to 'tty_on' is never read
# 2323| read_tty = 1;
# 2324| write_tty = 0;
# 2325|-> tty_on = 0;
# 2326| read_ssl = 1;
# 2327| write_ssl = 1;
Error: CLANG_WARNING:
openssl-3.2.1/apps/s_server.c:2751:17: warning[deadcode.DeadStores]: Although the value stored to 'k' is used in the enclosing expression, the value is never actually read from 'k'
# 2749| ebcdic2ascii(buf, buf, i);
# 2750| #endif
# 2751|-> l = k = 0;
# 2752| for (;;) {
# 2753| /* should do a select for the write */
Error: CLANG_WARNING:
openssl-3.2.1/apps/s_time.c:313:5: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 311| totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
# 312|
# 313|-> i = (int)((long)time(NULL) - finishtime + maxtime);
# 314| printf
# 315| ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
Error: CLANG_WARNING:
openssl-3.2.1/apps/s_time.c:341:17: warning[deadcode.DeadStores]: Although the value stored to 'i' is used in the enclosing expression, the value is never actually read from 'i'
# 339| if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
# 340| goto end;
# 341|-> while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
# 342| continue;
# 343| }
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:806:17: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 804| if (rc != 1) {
# 805| /* reset iv in case of counter overflow */
# 806|-> rc = EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
# 807| }
# 808| }
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:814:17: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 812| if (rc != 1) {
# 813| /* reset iv in case of counter overflow */
# 814|-> rc = EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
# 815| }
# 816| }
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:2903:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 2901| "RSA sign setup failure. No RSA sign will be done.\n");
# 2902| ERR_print_errors(bio_err);
# 2903|-> op_count = 1;
# 2904| } else {
# 2905| pkey_print_message("private", "rsa sign",
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:2916:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 2914| count, rsa_keys[testnum].bits, d);
# 2915| rsa_results[testnum][0] = (double)count / d;
# 2916|-> op_count = count;
# 2917| }
# 2918|
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:2963:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 2961| "RSA encrypt setup failure. No RSA encrypt will be done.\n");
# 2962| ERR_print_errors(bio_err);
# 2963|-> op_count = 1;
# 2964| } else {
# 2965| pkey_print_message("private", "rsa encrypt",
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:2976:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 2974| count, rsa_keys[testnum].bits, d);
# 2975| rsa_results[testnum][2] = (double)count / d;
# 2976|-> op_count = count;
# 2977| }
# 2978|
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:3850:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 3848| kem_name, d);
# 3849| kems_results[testnum][0] = (double)count / d;
# 3850|-> op_count = count;
# 3851| kskey_print_message(kem_name, "encaps", seconds.kem);
# 3852| Time_F(START);
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:3861:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 3859| kem_name, d);
# 3860| kems_results[testnum][1] = (double)count / d;
# 3861|-> op_count = count;
# 3862| kskey_print_message(kem_name, "decaps", seconds.kem);
# 3863| Time_F(START);
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:4030:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 4028| sig_name, d);
# 4029| sigs_results[testnum][0] = (double)count / d;
# 4030|-> op_count = count;
# 4031| kskey_print_message(sig_name, "signs", seconds.sig);
# 4032| Time_F(START);
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:4041:13: warning[deadcode.DeadStores]: Value stored to 'op_count' is never read
# 4039| sig_name, d);
# 4040| sigs_results[testnum][1] = (double)count / d;
# 4041|-> op_count = count;
# 4042|
# 4043| kskey_print_message(sig_name, "verify", seconds.sig);
Error: CLANG_WARNING:
openssl-3.2.1/apps/speed.c:4266:5: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 4264| kems_results[k][0], kems_results[k][1], kems_results[k][2]);
# 4265| }
# 4266|-> ret = 0;
# 4267|
# 4268| testnum = 1;
Error: GCC_ANALYZER_WARNING (CWE-775):
openssl-3.2.1/apps/speed.c: scope_hint: In function 'do_multi'
openssl-3.2.1/apps/speed.c:4496:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup(fd[1])'
# 4494| close(fd[0]);
# 4495| close(1);
# 4496|-> if (dup(fd[1]) == -1) {
# 4497| BIO_printf(bio_err, "dup failed\n");
# 4498| exit(1);
Error: CLANG_WARNING:
openssl-3.2.1/apps/srp.c:513:30: warning[deadcode.DeadStores]: Although the value stored to 'user_gN' is used in the enclosing expression, the value is never actually read from 'user_gN'
# 511| "Verifying password for user \"%s\"\n",
# 512| user);
# 513|-> if ((user_gN =
# 514| get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
# 515| irow =
Error: CLANG_WARNING:
openssl-3.2.1/crypto/aria/aria.c:596:10: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 594| reg3 = w1[3];
# 595|
# 596|-> reg0 ^= ck[4];
# 597| reg1 ^= ck[5];
# 598| reg2 ^= ck[6];
Error: CPPCHECK_WARNING (CWE-562):
openssl-3.2.1/crypto/asn1/a_d2i_fp.c:53: error[returnDanglingLifetime]: Returning pointer to local variable 'p' that will be invalid when returning.
# 51| err:
# 52| BUF_MEM_free(b);
# 53|-> return ret;
# 54| }
# 55|
Error: CPPCHECK_WARNING (CWE-562):
openssl-3.2.1/crypto/asn1/a_dup.c:38: error[returnDanglingLifetime]: Returning pointer to local variable 'p2' that will be invalid when returning.
# 36| ret = d2i(NULL, &p2, i);
# 37| OPENSSL_free(b);
# 38|-> return ret;
# 39| }
# 40|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/a_object.c:162:24: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 160| while (--i > 0)
# 161| out[len++] = tmp[i] | 0x80;
# 162|-> out[len++] = tmp[0];
# 163| } else
# 164| len += i;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/a_verify.c:71:5: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 69| goto err;
# 70| }
# 71|-> ret = -1;
# 72|
# 73| if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/asn1/ameth_lib.c: scope_hint: In function 'EVP_PKEY_asn1_find_str'
openssl-3.2.1/crypto/asn1/ameth_lib.c:133:18: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 131| for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
# 132| ameth = EVP_PKEY_asn1_get0(i);
# 133|-> if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
# 134| continue;
# 135| if ((int)strlen(ameth->pem_str) == len
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/asn_mime.c:619:5: warning[deadcode.DeadStores]: Value stored to 'state' is never read
# 617| blen = strlen(bound);
# 618| part = 0;
# 619|-> state = 0;
# 620| first = 1;
# 621| parts = sk_BIO_new_null();
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/asn_mime.c:693:13: warning[deadcode.DeadStores]: Although the value stored to 'len' is used in the enclosing expression, the value is never actually read from 'len'
# 691| if (headers == NULL)
# 692| return NULL;
# 693|-> while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
# 694| /* If whitespace at line start then continuation line */
# 695| if (mhdr && ossl_isspace(linebuf[0]))
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/asn1/asn_mime.c: scope_hint: In function 'mime_hdr_addparam'
openssl-3.2.1/crypto/asn1/asn_mime.c:911:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mhdr'
openssl-3.2.1/include/internal/e_os.h:17: included_from: Included from here.
openssl-3.2.1/include/internal/common.h:18: included_from: Included from here.
openssl-3.2.1/include/internal/cryptlib.h:21: included_from: Included from here.
openssl-3.2.1/crypto/asn1/asn_mime.c:12: included_from: Included from here.
openssl-3.2.1/crypto/asn1/asn_mime.c:906:14: note: in expansion of macro 'OPENSSL_malloc'
# 909| mparam->param_name = tmpname;
# 910| mparam->param_value = tmpval;
# 911|-> if (!sk_MIME_PARAM_push(mhdr->params, mparam))
# 912| goto err;
# 913| return 1;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/bio_asn1.c:167:5: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 165|
# 166| wrlen = 0;
# 167|-> ret = -1;
# 168|
# 169| for (;;) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/f_string.c:116:28: warning[core.NullDereference]: Array access (from variable 's') results in a null pointer dereference
# 114| return 0;
# 115| }
# 116|-> s[num + j] <<= 4;
# 117| s[num + j] |= m;
# 118| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/tasn_dec.c:261:13: warning[core.NullDereference]: Access to field 'asn1_ex_d2i_ex' results in a dereference of a null pointer (loaded from variable 'ef')
# 259| /* Use new style d2i */
# 260| ef = it->funcs;
# 261|-> if (ef->asn1_ex_d2i_ex != NULL)
# 262| return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx,
# 263| libctx, propq);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/asn1/tasn_enc.c:144:16: warning[core.NullDereference]: Access to field 'asn1_ex_i2d' results in a dereference of a null pointer (loaded from variable 'ef')
# 142| /* If new style i2d it does all the work */
# 143| ef = it->funcs;
# 144|-> return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
# 145|
# 146| case ASN1_ITYPE_NDEF_SEQUENCE:
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_cfb64.c:78:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_cfb64.c:78:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_cfb64.c:78:31: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_cfb64.c:78:35: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_cfb64.c:78:39: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_ecb.c:48:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 46| l = d[1];
# 47| l2n(l, out);
# 48|-> l = d[0] = d[1] = 0;
# 49| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_enc.c:179:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 177| l2n(xor1, ivec);
# 178| }
# 179|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 180| tin[0] = tin[1] = 0;
# 181| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_enc.c:179:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 177| l2n(xor1, ivec);
# 178| }
# 179|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 180| tin[0] = tin[1] = 0;
# 181| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_enc.c:179:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 177| l2n(xor1, ivec);
# 178| }
# 179|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 180| tin[0] = tin[1] = 0;
# 181| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_enc.c:179:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 177| l2n(xor1, ivec);
# 178| }
# 179|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 180| tin[0] = tin[1] = 0;
# 181| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_enc.c:179:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 177| l2n(xor1, ivec);
# 178| }
# 179|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 180| tin[0] = tin[1] = 0;
# 181| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_enc.c:179:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 177| l2n(xor1, ivec);
# 178| }
# 179|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 180| tin[0] = tin[1] = 0;
# 181| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_ofb64.c:65:5: warning[deadcode.DeadStores]: Value stored to 't' is never read
# 63| l2n(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_ofb64.c:65:9: warning[deadcode.DeadStores]: Although the value stored to 'v0' is used in the enclosing expression, the value is never actually read from 'v0'
# 63| l2n(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bf/bf_ofb64.c:65:14: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 63| l2n(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bio/bss_acpt.c:271:13: warning[deadcode.DeadStores]: Value stored to 's' is never read
# 269| BIO_ADDR_service_string(&c->cache_accepting_addr, 1);
# 270| c->state = ACPT_S_ACCEPT;
# 271|-> s = -1;
# 272| ret = 1;
# 273| goto end;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bio/bss_dgram.c:564:9: warning[deadcode.DeadStores]: Value stored to 'num' is never read
# 562| switch (cmd) {
# 563| case BIO_CTRL_RESET:
# 564|-> num = 0;
# 565| ret = 0;
# 566| break;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bio/bss_dgram.c:654:18: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 652| switch (addr.sa.sa_family) {
# 653| case AF_INET:
# 654|-> if ((ret =
# 655| getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
# 656| &sockopt_len)) < 0 || sockopt_val < 0) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bio/bss_dgram.c:669:18: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 667| # if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
# 668| case AF_INET6:
# 669|-> if ((ret =
# 670| getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
# 671| (void *)&sockopt_val, &sockopt_len)) < 0
Error: GCC_ANALYZER_WARNING (CWE-465):
openssl-3.2.1/crypto/bn/bn_blind.c: scope_hint: In function 'BN_BLINDING_update'
openssl-3.2.1/crypto/bn/bn_blind.c:106:12: warning[-Wanalyzer-deref-before-check]: check of 'b' for NULL after already dereferencing it
# 104| !(b->flags & BN_BLINDING_NO_RECREATE)) {
# 105| /* re-create blinding parameters */
# 106|-> if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
# 107| goto err;
# 108| } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_conv.c:165:5: warning[deadcode.DeadStores]: Value stored to 'm' is never read
# 163|
# 164| j = i; /* least significant 'hex' */
# 165|-> m = 0;
# 166| h = 0;
# 167| while (j > 0) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_exp.c:243:5: warning[deadcode.DeadStores]: Value stored to 'wend' is never read
# 241| * buffer. */
# 242| wstart = bits - 1; /* The top bit of the window */
# 243|-> wend = 0; /* The bottom bit of the window */
# 244|
# 245| if (r == p) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_exp.c:396:5: warning[deadcode.DeadStores]: Value stored to 'wend' is never read
# 394| * buffer. */
# 395| wstart = bits - 1; /* The top bit of the window */
# 396|-> wend = 0; /* The bottom bit of the window */
# 397|
# 398| #if 1 /* by Shay Gueron's suggestion */
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_exp.c:1375:5: warning[deadcode.DeadStores]: Value stored to 'wend' is never read
# 1373| * buffer. */
# 1374| wstart = bits - 1; /* The top bit of the window */
# 1375|-> wend = 0; /* The bottom bit of the window */
# 1376|
# 1377| if (r == p) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_exp2.c:178:18: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 176| if (wvalue1 && b == wpos1) {
# 177| /* wvalue1 is odd and < 2^window1 */
# 178|-> if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
# 179| goto err;
# 180| wvalue1 = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_exp2.c:186:18: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 184| if (wvalue2 && b == wpos2) {
# 185| /* wvalue2 is odd and < 2^window2 */
# 186|-> if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
# 187| goto err;
# 188| wvalue2 = 0;
Error: GCC_ANALYZER_WARNING (CWE-465):
openssl-3.2.1/crypto/bn/bn_lib.c: scope_hint: In function 'BN_set_bit'
openssl-3.2.1/crypto/bn/bn_lib.c:785:12: warning[-Wanalyzer-deref-before-check]: check of 'a' for NULL after already dereferencing it
# 783| j = n % BN_BITS2;
# 784| if (a->top <= i) {
# 785|-> if (bn_wexpand(a, i + 1) == NULL)
# 786| return 0;
# 787| for (k = a->top; k < i + 1; k++)
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_mod.c:75:25: warning[core.UndefinedBinaryOperatorResult]: The left operand of '&' is a garbage value
# 73| for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
# 74| mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
# 75|-> temp = ((ap[ai] & mask) + carry) & BN_MASK2;
# 76| carry = (temp < carry);
# 77|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_mod.c:79:26: warning[core.UndefinedBinaryOperatorResult]: The left operand of '&' is a garbage value
# 77|
# 78| mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
# 79|-> tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
# 80| carry += (tp[i] < temp);
# 81|
Error: CPPCHECK_WARNING (CWE-786):
openssl-3.2.1/crypto/bn/bn_nist.c:599: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
# 597| BN_ULONG t_d[BN_NIST_224_TOP];
# 598|
# 599|-> nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
# 600| carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 601| nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
Error: CPPCHECK_WARNING (CWE-786):
openssl-3.2.1/crypto/bn/bn_nist.c:601: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
# 599| nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
# 600| carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 601|-> nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
# 602| carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 603| nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
Error: CPPCHECK_WARNING (CWE-786):
openssl-3.2.1/crypto/bn/bn_nist.c:605: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
# 603| nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
# 604| carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 605|-> nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
# 606| carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 607|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_nist.c:606:9: warning[deadcode.DeadStores]: Value stored to 'carry' is never read
# 604| carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 605| nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
# 606|-> carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
# 607|
# 608| # if BN_BITS2==64
Error: CLANG_WARNING:
openssl-3.2.1/crypto/bn/bn_nist.c:615:9: warning[deadcode.DeadStores]: Value stored to 'carry' is never read
# 613| adjust = bn_sub_words;
# 614| if (carry > 0) {
# 615|-> carry =
# 616| (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
# 617| BN_NIST_224_TOP);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_cfb64.c:78:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_cfb64.c:78:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_cfb64.c:78:31: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_cfb64.c:78:35: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_cfb64.c:78:39: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_ecb.c:37:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 35| l = d[1];
# 36| l2n(l, out);
# 37|-> l = d[0] = d[1] = 0;
# 38| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_enc.c:155:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 153| l2n(xor1, iv);
# 154| }
# 155|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 156| tin[0] = tin[1] = 0;
# 157| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_enc.c:155:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 153| l2n(xor1, iv);
# 154| }
# 155|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 156| tin[0] = tin[1] = 0;
# 157| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_enc.c:155:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 153| l2n(xor1, iv);
# 154| }
# 155|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 156| tin[0] = tin[1] = 0;
# 157| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_enc.c:155:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 153| l2n(xor1, iv);
# 154| }
# 155|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 156| tin[0] = tin[1] = 0;
# 157| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_enc.c:155:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 153| l2n(xor1, iv);
# 154| }
# 155|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 156| tin[0] = tin[1] = 0;
# 157| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_enc.c:155:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 153| l2n(xor1, iv);
# 154| }
# 155|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 156| tin[0] = tin[1] = 0;
# 157| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_ofb64.c:65:5: warning[deadcode.DeadStores]: Value stored to 't' is never read
# 63| l2n(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_ofb64.c:65:9: warning[deadcode.DeadStores]: Although the value stored to 'v0' is used in the enclosing expression, the value is never actually read from 'v0'
# 63| l2n(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cast/c_ofb64.c:65:14: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 63| l2n(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/crypto/cast/c_skey.c: scope_hint: In function 'CAST_set_key'
openssl-3.2.1/crypto/cast/c_skey.c:122:35: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'k[<unknown>]'
# 120| for (i = 0; i < 16; i++) {
# 121| key->data[i * 2] = k[i];
# 122|-> key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
# 123| }
# 124| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cmp/cmp_ctx.c:364:9: warning[deadcode.DeadStores]: Value stored to 'level_str' is never read
# 362| file = "(unset file name)";
# 363| if (level_str == NULL)
# 364|-> level_str = "(unset level string)";
# 365|
# 366| #ifndef OPENSSL_NO_TRACE
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cms/cms_enc.c:173:13: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 171| }
# 172| if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
# 173|-> memcpy(aparams.iv, piv, ivlen);
# 174| aparams.iv_len = ivlen;
# 175| aparams.tag_len = EVP_CIPHER_CTX_get_tag_length(ctx);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/cms/cms_env.c: scope_hint: In function 'cms_RecipientInfo_ktri_encrypt'
openssl-3.2.1/crypto/cms/cms_env.c:558:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/crypto/cms/cms_env.c:17: included_from: Included from here.
openssl-3.2.1/crypto/cms/cms_env.c:552:13: note: in expansion of macro 'FIPS_mode'
# 556| }
# 557|
# 558|-> if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
# 559| goto err;
# 560|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cms/cms_ess.c:221:44: warning[core.NullDereference]: Access to field 'digestAlgorithm' results in a dereference of a null pointer (loaded from variable 'si')
# 219| unsigned char *dig, unsigned int *diglen)
# 220| {
# 221|-> const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
# 222|
# 223| if (md == NULL)
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/include/openssl/pem.h:22: included_from: Included from here.
openssl-3.2.1/crypto/cms/cms_ess.c:12: included_from: Included from here.
openssl-3.2.1/crypto/cms/cms_ess.c: scope_hint: In function 'cms_msgSigDigest'
openssl-3.2.1/crypto/cms/cms_ess.c:221:46: warning[-Wanalyzer-null-dereference]: dereference of NULL 'si'
openssl-3.2.1/include/openssl/evp.h:531:65: note: in definition of macro 'EVP_get_digestbynid'
openssl-3.2.1/crypto/cms/cms_ess.c:221:24: note: in expansion of macro 'EVP_get_digestbyobj'
openssl-3.2.1/crypto/cms/cms_ess.c:16: included_from: Included from here.
openssl-3.2.1/crypto/cms/cms_ess.c:272:9: note: in expansion of macro 'sk_CMS_SignerInfo_num'
openssl-3.2.1/crypto/cms/cms_ess.c:305:14: note: in expansion of macro 'sk_CMS_SignerInfo_num'
openssl-3.2.1/crypto/cms/cms_ess.c:310:10: note: in expansion of macro 'sk_CMS_SignerInfo_value'
openssl-3.2.1/include/openssl/evp.h:531:65: note: in definition of macro 'EVP_get_digestbynid'
openssl-3.2.1/crypto/cms/cms_ess.c:221:24: note: in expansion of macro 'EVP_get_digestbyobj'
# 219| unsigned char *dig, unsigned int *diglen)
# 220| {
# 221|-> const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
# 222|
# 223| if (md == NULL)
Error: CLANG_WARNING:
openssl-3.2.1/crypto/cms/cms_pwri.c:67:9: warning[deadcode.DeadStores]: Value stored to 'pbe_nid' is never read
# 65|
# 66| if (pbe_nid <= 0)
# 67|-> pbe_nid = NID_id_pbkdf2;
# 68|
# 69| /* Get from enveloped data */
Error: CLANG_WARNING:
openssl-3.2.1/crypto/conf/conf_mod.c:632:18: warning[deadcode.DeadStores]: Value stored to 'sep' during its initialization is never read
# 630| {
# 631| const char *t;
# 632|-> char *file, *sep = "";
# 633| size_t size;
# 634|
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/crypto/context.c:30:13: warning[-Wunused-function]: 'read_kernel_fips_flag' defined but not used
# 30 | static void read_kernel_fips_flag(void)
# | ^~~~~~~~~~~~~~~~~~~~~
# 28| static int kernel_fips_flag;
# 29|
# 30|-> static void read_kernel_fips_flag(void)
# 31| {
# 32| char buf[2] = "0";
Error: CLANG_WARNING:
openssl-3.2.1/crypto/core_namemap.c:327:13: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 325| q = p + l;
# 326| } else {
# 327|-> l = q - p; /* offset to the next separator */
# 328| *q++ = '\0';
# 329| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/core_namemap.c:406:9: warning[deadcode.DeadStores]: Value stored to 'num' is never read
# 404| }
# 405| if (pem_name != NULL)
# 406|-> num = ossl_namemap_add_name(arg, num, pem_name);
# 407| }
# 408|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cbc_cksm.c:49:5: warning[deadcode.DeadStores]: Value stored to 'tout0' is never read
# 47| l2c(tout1, out);
# 48| }
# 49|-> tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
# 50| /*
# 51| * Transform the data in tout1 so that it will match the return value
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cbc_cksm.c:49:13: warning[deadcode.DeadStores]: Although the value stored to 'tin0' is used in the enclosing expression, the value is never actually read from 'tin0'
# 47| l2c(tout1, out);
# 48| }
# 49|-> tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
# 50| /*
# 51| * Transform the data in tout1 so that it will match the return value
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cbc_cksm.c:49:20: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 47| l2c(tout1, out);
# 48| }
# 49|-> tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
# 50| /*
# 51| * Transform the data in tout1 so that it will match the return value
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:82:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 80| }
# 81| }
# 82|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 83| *num = n;
# 84| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:82:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 80| }
# 81| }
# 82|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 83| *num = n;
# 84| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:82:31: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 80| }
# 81| }
# 82|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 83| *num = n;
# 84| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:82:35: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 80| }
# 81| }
# 82|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 83| *num = n;
# 84| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:194:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 192| l2c(v0, iv);
# 193| l2c(v1, iv);
# 194|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 195| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:194:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 192| l2c(v0, iv);
# 193| l2c(v1, iv);
# 194|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 195| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:194:15: warning[deadcode.DeadStores]: Although the value stored to 'd0' is used in the enclosing expression, the value is never actually read from 'd0'
# 192| l2c(v0, iv);
# 193| l2c(v1, iv);
# 194|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 195| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64ede.c:194:20: warning[deadcode.DeadStores]: Although the value stored to 'd1' is used in the enclosing expression, the value is never actually read from 'd1'
# 192| l2c(v0, iv);
# 193| l2c(v1, iv);
# 194|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 195| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64enc.c:77:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 75| }
# 76| }
# 77|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 78| *num = n;
# 79| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64enc.c:77:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 75| }
# 76| }
# 77|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 78| *num = n;
# 79| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64enc.c:77:31: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 75| }
# 76| }
# 77|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 78| *num = n;
# 79| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb64enc.c:77:35: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 75| }
# 76| }
# 77|-> v0 = v1 = ti[0] = ti[1] = c = cc = 0;
# 78| *num = n;
# 79| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb_enc.c:155:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 153| l2c(v0, iv);
# 154| l2c(v1, iv);
# 155|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 156| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb_enc.c:155:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 153| l2c(v0, iv);
# 154| l2c(v1, iv);
# 155|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 156| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb_enc.c:155:15: warning[deadcode.DeadStores]: Although the value stored to 'd0' is used in the enclosing expression, the value is never actually read from 'd0'
# 153| l2c(v0, iv);
# 154| l2c(v1, iv);
# 155|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 156| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cfb_enc.c:155:20: warning[deadcode.DeadStores]: Although the value stored to 'd1' is used in the enclosing expression, the value is never actually read from 'd1'
# 153| l2c(v0, iv);
# 154| l2c(v1, iv);
# 155|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
# 156| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:88:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 86| data[0] = l;
# 87| data[1] = r;
# 88|-> l = r = t = u = 0;
# 89| }
# 90|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:88:9: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 86| data[0] = l;
# 87| data[1] = r;
# 88|-> l = r = t = u = 0;
# 89| }
# 90|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:88:13: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 86| data[0] = l;
# 87| data[1] = r;
# 88|-> l = r = t = u = 0;
# 89| }
# 90|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:88:17: warning[deadcode.DeadStores]: Although the value stored to 'u' is used in the enclosing expression, the value is never actually read from 'u'
# 86| data[0] = l;
# 87| data[1] = r;
# 88|-> l = r = t = u = 0;
# 89| }
# 90|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:152:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 150| data[0] = ROTATE(l, 3) & 0xffffffffL;
# 151| data[1] = ROTATE(r, 3) & 0xffffffffL;
# 152|-> l = r = t = u = 0;
# 153| }
# 154|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:152:9: warning[deadcode.DeadStores]: Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
# 150| data[0] = ROTATE(l, 3) & 0xffffffffL;
# 151| data[1] = ROTATE(r, 3) & 0xffffffffL;
# 152|-> l = r = t = u = 0;
# 153| }
# 154|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:152:13: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 150| data[0] = ROTATE(l, 3) & 0xffffffffL;
# 151| data[1] = ROTATE(r, 3) & 0xffffffffL;
# 152|-> l = r = t = u = 0;
# 153| }
# 154|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:152:17: warning[deadcode.DeadStores]: Although the value stored to 'u' is used in the enclosing expression, the value is never actually read from 'u'
# 150| data[0] = ROTATE(l, 3) & 0xffffffffL;
# 151| data[1] = ROTATE(r, 3) & 0xffffffffL;
# 152|-> l = r = t = u = 0;
# 153| }
# 154|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:301:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 299| l2c(xor1, iv);
# 300| }
# 301|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 302| tin[0] = tin[1] = 0;
# 303| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:301:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 299| l2c(xor1, iv);
# 300| }
# 301|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 302| tin[0] = tin[1] = 0;
# 303| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:301:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 299| l2c(xor1, iv);
# 300| }
# 301|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 302| tin[0] = tin[1] = 0;
# 303| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:301:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 299| l2c(xor1, iv);
# 300| }
# 301|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 302| tin[0] = tin[1] = 0;
# 303| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:301:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 299| l2c(xor1, iv);
# 300| }
# 301|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 302| tin[0] = tin[1] = 0;
# 303| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/des_enc.c:301:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 299| l2c(xor1, iv);
# 300| }
# 301|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 302| tin[0] = tin[1] = 0;
# 303| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ecb_enc.c:53:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 51| l = ll[1];
# 52| l2c(l, out);
# 53|-> l = ll[0] = ll[1] = 0;
# 54| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/cbc_enc.c:18: included_from: Included from here.
openssl-3.2.1/crypto/des/ncbc_enc.c:104:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 102| #endif
# 103| }
# 104|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 105| tin[0] = tin[1] = 0;
# 106| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ncbc_enc.c:104:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 102| #endif
# 103| }
# 104|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 105| tin[0] = tin[1] = 0;
# 106| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ncbc_enc.c:104:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 102| #endif
# 103| }
# 104|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 105| tin[0] = tin[1] = 0;
# 106| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ncbc_enc.c:104:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 102| #endif
# 103| }
# 104|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 105| tin[0] = tin[1] = 0;
# 106| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ncbc_enc.c:104:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 102| #endif
# 103| }
# 104|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 105| tin[0] = tin[1] = 0;
# 106| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ncbc_enc.c:104:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 102| #endif
# 103| }
# 104|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 105| tin[0] = tin[1] = 0;
# 106| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb64ede.c:66:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 64| l2c(v1, iv);
# 65| }
# 66|-> v0 = v1 = ti[0] = ti[1] = 0;
# 67| *num = n;
# 68| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb64ede.c:66:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 64| l2c(v1, iv);
# 65| }
# 66|-> v0 = v1 = ti[0] = ti[1] = 0;
# 67| *num = n;
# 68| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb64enc.c:64:5: warning[deadcode.DeadStores]: Value stored to 't' is never read
# 62| l2c(v1, iv);
# 63| }
# 64|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 65| *num = n;
# 66| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb64enc.c:64:9: warning[deadcode.DeadStores]: Although the value stored to 'v0' is used in the enclosing expression, the value is never actually read from 'v0'
# 62| l2c(v1, iv);
# 63| }
# 64|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 65| *num = n;
# 66| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb64enc.c:64:14: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 62| l2c(v1, iv);
# 63| }
# 64|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 65| *num = n;
# 66| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb_enc.c:87:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 85| l2c(v0, iv);
# 86| l2c(v1, iv);
# 87|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
# 88| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb_enc.c:87:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 85| l2c(v0, iv);
# 86| l2c(v1, iv);
# 87|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
# 88| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb_enc.c:87:15: warning[deadcode.DeadStores]: Although the value stored to 'd0' is used in the enclosing expression, the value is never actually read from 'd0'
# 85| l2c(v0, iv);
# 86| l2c(v1, iv);
# 87|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
# 88| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb_enc.c:87:20: warning[deadcode.DeadStores]: Although the value stored to 'd1' is used in the enclosing expression, the value is never actually read from 'd1'
# 85| l2c(v0, iv);
# 86| l2c(v1, iv);
# 87|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
# 88| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb_enc.c:87:41: warning[deadcode.DeadStores]: Although the value stored to 'vv0' is used in the enclosing expression, the value is never actually read from 'vv0'
# 85| l2c(v0, iv);
# 86| l2c(v1, iv);
# 87|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
# 88| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/ofb_enc.c:87:47: warning[deadcode.DeadStores]: Although the value stored to 'vv1' is used in the enclosing expression, the value is never actually read from 'vv1'
# 85| l2c(v0, iv);
# 86| l2c(v1, iv);
# 87|-> v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
# 88| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/pcbc_enc.c:71:5: warning[deadcode.DeadStores]: Value stored to 'sin0' is never read
# 69| }
# 70| tin[0] = tin[1] = 0;
# 71|-> sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
# 72| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/pcbc_enc.c:71:12: warning[deadcode.DeadStores]: Although the value stored to 'sin1' is used in the enclosing expression, the value is never actually read from 'sin1'
# 69| }
# 70| tin[0] = tin[1] = 0;
# 71|-> sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
# 72| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/pcbc_enc.c:71:19: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 69| }
# 70| tin[0] = tin[1] = 0;
# 71|-> sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
# 72| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/pcbc_enc.c:71:26: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 69| }
# 70| tin[0] = tin[1] = 0;
# 71|-> sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
# 72| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/pcbc_enc.c:71:33: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 69| }
# 70| tin[0] = tin[1] = 0;
# 71|-> sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
# 72| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/pcbc_enc.c:71:41: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 69| }
# 70| tin[0] = tin[1] = 0;
# 71|-> sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
# 72| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:106:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 104| l2c(xor1, iv);
# 105| }
# 106|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107| inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:106:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 104| l2c(xor1, iv);
# 105| }
# 106|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107| inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:106:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 104| l2c(xor1, iv);
# 105| }
# 106|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107| inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:106:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 104| l2c(xor1, iv);
# 105| }
# 106|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107| inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:106:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 104| l2c(xor1, iv);
# 105| }
# 106|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107| inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:106:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 104| l2c(xor1, iv);
# 105| }
# 106|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107| inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:107:5: warning[deadcode.DeadStores]: Value stored to 'inW0' is never read
# 105| }
# 106| tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107|-> inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
# 109| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:107:12: warning[deadcode.DeadStores]: Although the value stored to 'inW1' is used in the enclosing expression, the value is never actually read from 'inW1'
# 105| }
# 106| tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107|-> inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
# 109| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:107:19: warning[deadcode.DeadStores]: Although the value stored to 'outW0' is used in the enclosing expression, the value is never actually read from 'outW0'
# 105| }
# 106| tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107|-> inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
# 109| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/des/xcbc_enc.c:107:27: warning[deadcode.DeadStores]: Although the value stored to 'outW1' is used in the enclosing expression, the value is never actually read from 'outW1'
# 105| }
# 106| tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 107|-> inW0 = inW1 = outW0 = outW1 = 0;
# 108| tin[0] = tin[1] = 0;
# 109| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/dsa/dsa_key.c:191:5: warning[deadcode.DeadStores]: Value stored to 'ok' is never read
# 189| dsa->pub_key = pub_key;
# 190|
# 191|-> ok = 1;
# 192| #ifdef FIPS_MODULE
# 193| {
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/dsa/dsa_sign.c: scope_hint: In function 'i2d_DSA_SIG'
openssl-3.2.1/crypto/dsa/dsa_sign.c:108:42: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
# 106| if (ppout != NULL) {
# 107| if (*ppout == NULL) {
# 108|-> *ppout = (unsigned char *)buf->data;
# 109| buf->data = NULL;
# 110| BUF_MEM_free(buf);
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/crypto/dsa/dsa_sign.c: scope_hint: In function 'DSA_verify'
openssl-3.2.1/crypto/dsa/dsa_sign.c:205:29: warning[-Wanalyzer-null-argument]: use of NULL 'der' where non-null expected
openssl-3.2.1/include/internal/common.h:15: included_from: Included from here.
openssl-3.2.1/include/internal/cryptlib.h:21: included_from: Included from here.
openssl-3.2.1/crypto/dsa/dsa_sign.c:17: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 2 of 'memcmp' must be non-null
# 203| /* Ensure signature uses DER and doesn't have trailing garbage */
# 204| derlen = i2d_DSA_SIG(s, &der);
# 205|-> if (derlen != siglen || memcmp(sigbuf, der, derlen))
# 206| goto err;
# 207| ret = DSA_do_verify(dgst, dgst_len, s, dsa);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4670:5: warning[deadcode.DeadStores]: Value stored to 's23' is never read
# 4668| s15 += s23 * 136657;
# 4669| s16 -= s23 * 683901;
# 4670|-> s23 = 0;
# 4671|
# 4672| s10 += s22 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4678:5: warning[deadcode.DeadStores]: Value stored to 's22' is never read
# 4676| s14 += s22 * 136657;
# 4677| s15 -= s22 * 683901;
# 4678|-> s22 = 0;
# 4679|
# 4680| s9 += s21 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4686:5: warning[deadcode.DeadStores]: Value stored to 's21' is never read
# 4684| s13 += s21 * 136657;
# 4685| s14 -= s21 * 683901;
# 4686|-> s21 = 0;
# 4687|
# 4688| s8 += s20 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4694:5: warning[deadcode.DeadStores]: Value stored to 's20' is never read
# 4692| s12 += s20 * 136657;
# 4693| s13 -= s20 * 683901;
# 4694|-> s20 = 0;
# 4695|
# 4696| s7 += s19 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4702:5: warning[deadcode.DeadStores]: Value stored to 's19' is never read
# 4700| s11 += s19 * 136657;
# 4701| s12 -= s19 * 683901;
# 4702|-> s19 = 0;
# 4703|
# 4704| s6 += s18 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4710:5: warning[deadcode.DeadStores]: Value stored to 's18' is never read
# 4708| s10 += s18 * 136657;
# 4709| s11 -= s18 * 683901;
# 4710|-> s18 = 0;
# 4711|
# 4712| carry6 = (s6 + (1 << 20)) >> 21;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4753:5: warning[deadcode.DeadStores]: Value stored to 's17' is never read
# 4751| s9 += s17 * 136657;
# 4752| s10 -= s17 * 683901;
# 4753|-> s17 = 0;
# 4754|
# 4755| s4 += s16 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4761:5: warning[deadcode.DeadStores]: Value stored to 's16' is never read
# 4759| s8 += s16 * 136657;
# 4760| s9 -= s16 * 683901;
# 4761|-> s16 = 0;
# 4762|
# 4763| s3 += s15 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4769:5: warning[deadcode.DeadStores]: Value stored to 's15' is never read
# 4767| s7 += s15 * 136657;
# 4768| s8 -= s15 * 683901;
# 4769|-> s15 = 0;
# 4770|
# 4771| s2 += s14 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4777:5: warning[deadcode.DeadStores]: Value stored to 's14' is never read
# 4775| s6 += s14 * 136657;
# 4776| s7 -= s14 * 683901;
# 4777|-> s14 = 0;
# 4778|
# 4779| s1 += s13 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4785:5: warning[deadcode.DeadStores]: Value stored to 's13' is never read
# 4783| s5 += s13 * 136657;
# 4784| s6 -= s13 * 683901;
# 4785|-> s13 = 0;
# 4786|
# 4787| s0 += s12 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:4884:5: warning[deadcode.DeadStores]: Value stored to 's12' is never read
# 4882| s4 += s12 * 136657;
# 4883| s5 -= s12 * 683901;
# 4884|-> s12 = 0;
# 4885|
# 4886| carry0 = s0 >> 21;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5153:5: warning[deadcode.DeadStores]: Value stored to 's23' is never read
# 5151| s15 += s23 * 136657;
# 5152| s16 -= s23 * 683901;
# 5153|-> s23 = 0;
# 5154|
# 5155| s10 += s22 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5161:5: warning[deadcode.DeadStores]: Value stored to 's22' is never read
# 5159| s14 += s22 * 136657;
# 5160| s15 -= s22 * 683901;
# 5161|-> s22 = 0;
# 5162|
# 5163| s9 += s21 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5169:5: warning[deadcode.DeadStores]: Value stored to 's21' is never read
# 5167| s13 += s21 * 136657;
# 5168| s14 -= s21 * 683901;
# 5169|-> s21 = 0;
# 5170|
# 5171| s8 += s20 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5177:5: warning[deadcode.DeadStores]: Value stored to 's20' is never read
# 5175| s12 += s20 * 136657;
# 5176| s13 -= s20 * 683901;
# 5177|-> s20 = 0;
# 5178|
# 5179| s7 += s19 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5185:5: warning[deadcode.DeadStores]: Value stored to 's19' is never read
# 5183| s11 += s19 * 136657;
# 5184| s12 -= s19 * 683901;
# 5185|-> s19 = 0;
# 5186|
# 5187| s6 += s18 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5193:5: warning[deadcode.DeadStores]: Value stored to 's18' is never read
# 5191| s10 += s18 * 136657;
# 5192| s11 -= s18 * 683901;
# 5193|-> s18 = 0;
# 5194|
# 5195| carry6 = (s6 + (1 << 20)) >> 21;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5236:5: warning[deadcode.DeadStores]: Value stored to 's17' is never read
# 5234| s9 += s17 * 136657;
# 5235| s10 -= s17 * 683901;
# 5236|-> s17 = 0;
# 5237|
# 5238| s4 += s16 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5244:5: warning[deadcode.DeadStores]: Value stored to 's16' is never read
# 5242| s8 += s16 * 136657;
# 5243| s9 -= s16 * 683901;
# 5244|-> s16 = 0;
# 5245|
# 5246| s3 += s15 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5252:5: warning[deadcode.DeadStores]: Value stored to 's15' is never read
# 5250| s7 += s15 * 136657;
# 5251| s8 -= s15 * 683901;
# 5252|-> s15 = 0;
# 5253|
# 5254| s2 += s14 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5260:5: warning[deadcode.DeadStores]: Value stored to 's14' is never read
# 5258| s6 += s14 * 136657;
# 5259| s7 -= s14 * 683901;
# 5260|-> s14 = 0;
# 5261|
# 5262| s1 += s13 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5268:5: warning[deadcode.DeadStores]: Value stored to 's13' is never read
# 5266| s5 += s13 * 136657;
# 5267| s6 -= s13 * 683901;
# 5268|-> s13 = 0;
# 5269|
# 5270| s0 += s12 * 666643;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/curve25519.c:5367:5: warning[deadcode.DeadStores]: Value stored to 's12' is never read
# 5365| s4 += s12 * 136657;
# 5366| s5 -= s12 * 683901;
# 5367|-> s12 = 0;
# 5368|
# 5369| carry0 = s0 >> 21;
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/crypto/ec/curve448/arch_64/f_impl.h:49:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'd[0].limb[7]'
openssl-3.2.1/crypto/ec/curve448/curve448.c: scope_hint: In function 'point_double_internal'
openssl-3.2.1/crypto/ec/curve448/curve448.c:68:5: note: in expansion of macro 'gf_add_nr'
openssl-3.2.1/crypto/ec/curve448/arch_64/f_impl.h: scope_hint: In function 'point_double_internal'
# 47| {
# 48| uint64_t mask = (1ULL << 56) - 1;
# 49|-> uint64_t tmp = a->limb[NLIMBS - 1] >> 56;
# 50| unsigned int i;
# 51|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/ec/ec_asn1.c: scope_hint: In function 'i2d_ECDSA_SIG'
openssl-3.2.1/crypto/ec/ec_asn1.c:1280:42: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
# 1278| if (ppout != NULL) {
# 1279| if (*ppout == NULL) {
# 1280|-> *ppout = (unsigned char *)buf->data;
# 1281| buf->data = NULL;
# 1282| BUF_MEM_free(buf);
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/crypto/ec/ec_lib.c: scope_hint: In function 'EC_GROUP_new_from_params'
openssl-3.2.1/crypto/ec/ec_lib.c:1556:9: warning[-Wunused-variable]: unused variable 'encoding_flag'
# 1556 | int encoding_flag = -1;
# | ^~~~~~~~~~~~~
# 1554| BN_CTX *bnctx = NULL;
# 1555| const unsigned char *buf = NULL;
# 1556|-> int encoding_flag = -1;
# 1557| #endif
# 1558|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ec_mult.c:574:17: warning[deadcode.DeadStores]: Value stored to 'numblocks' is never read
# 572| */
# 573|
# 574|-> numblocks = 1;
# 575| totalnum = num + 1; /* don't use wNAF splitting */
# 576| wNAF[num] = tmp_wNAF;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp224.c:1565:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 1563| goto err;
# 1564| }
# 1565|-> num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 1566| } else {
# 1567| num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp224.c:1567:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 1565| num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 1566| } else {
# 1567|-> num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
# 1568| }
# 1569| /* do the multiplication with generator precomputation */
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp256.c:2183:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 2181| goto err;
# 2182| }
# 2183|-> num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 2184| } else {
# 2185| num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp256.c:2185:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 2183| num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 2184| } else {
# 2185|-> num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
# 2186| }
# 2187| /* do the multiplication with generator precomputation */
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/crypto/ec/ecp_nistp384.c: scope_hint: In function 'felem_square_ref'
openssl-3.2.1/crypto/ec/ecp_nistp384.c:380:40: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'inx2[1]'
openssl-3.2.1/crypto/ec/ecp_nistp384.c:731:5: note: in expansion of macro 'felem_square'
openssl-3.2.1/crypto/ec/ecp_nistp384.c: scope_hint: In function 'felem_square_ref'
# 378| out[0] = ((uint128_t) in[0]) * in[0];
# 379|
# 380|-> out[1] = ((uint128_t) in[0]) * inx2[1];
# 381|
# 382| out[2] = ((uint128_t) in[0]) * inx2[2]
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp384.c:1857:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 1855| goto err;
# 1856| }
# 1857|-> num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 1858| } else {
# 1859| num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp384.c:1859:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 1857| num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 1858| } else {
# 1859|-> num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
# 1860| }
# 1861| /* do the multiplication with generator precomputation */
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp521.c:2071:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 2069| goto err;
# 2070| }
# 2071|-> num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 2072| } else {
# 2073| num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ec/ecp_nistp521.c:2073:13: warning[deadcode.DeadStores]: Value stored to 'num_bytes' is never read
# 2071| num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
# 2072| } else {
# 2073|-> num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
# 2074| }
# 2075| /* do the multiplication with generator precomputation */
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 4, which is out of bounds.
# 177| dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
# 178| if (P256_LIMBS == 8) {
# 179|-> dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
# 180| dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181| dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 4, which is out of bounds.
# 177| dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
# 178| if (P256_LIMBS == 8) {
# 179|-> dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
# 180| dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181| dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 5, which is out of bounds.
# 178| if (P256_LIMBS == 8) {
# 179| dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
# 180|-> dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181| dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
# 182| dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 5, which is out of bounds.
# 178| if (P256_LIMBS == 8) {
# 179| dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
# 180|-> dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181| dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
# 182| dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 6, which is out of bounds.
# 179| dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
# 180| dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181|-> dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
# 182| dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
# 183| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 6, which is out of bounds.
# 179| dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
# 180| dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181|-> dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
# 182| dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
# 183| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 7, which is out of bounds.
# 180| dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181| dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
# 182|-> dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
# 183| }
# 184| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 7, which is out of bounds.
# 180| dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
# 181| dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
# 182|-> dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
# 183| }
# 184| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 4, which is out of bounds.
# 202| res |= a[3] ^ b[3];
# 203| if (P256_LIMBS == 8) {
# 204|-> res |= a[4] ^ b[4];
# 205| res |= a[5] ^ b[5];
# 206| res |= a[6] ^ b[6];
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 4, which is out of bounds.
# 202| res |= a[3] ^ b[3];
# 203| if (P256_LIMBS == 8) {
# 204|-> res |= a[4] ^ b[4];
# 205| res |= a[5] ^ b[5];
# 206| res |= a[6] ^ b[6];
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 5, which is out of bounds.
# 203| if (P256_LIMBS == 8) {
# 204| res |= a[4] ^ b[4];
# 205|-> res |= a[5] ^ b[5];
# 206| res |= a[6] ^ b[6];
# 207| res |= a[7] ^ b[7];
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 5, which is out of bounds.
# 203| if (P256_LIMBS == 8) {
# 204| res |= a[4] ^ b[4];
# 205|-> res |= a[5] ^ b[5];
# 206| res |= a[6] ^ b[6];
# 207| res |= a[7] ^ b[7];
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 6, which is out of bounds.
# 204| res |= a[4] ^ b[4];
# 205| res |= a[5] ^ b[5];
# 206|-> res |= a[6] ^ b[6];
# 207| res |= a[7] ^ b[7];
# 208| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 6, which is out of bounds.
# 204| res |= a[4] ^ b[4];
# 205| res |= a[5] ^ b[5];
# 206|-> res |= a[6] ^ b[6];
# 207| res |= a[7] ^ b[7];
# 208| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 7, which is out of bounds.
# 205| res |= a[5] ^ b[5];
# 206| res |= a[6] ^ b[6];
# 207|-> res |= a[7] ^ b[7];
# 208| }
# 209|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 7, which is out of bounds.
# 205| res |= a[5] ^ b[5];
# 206| res |= a[6] ^ b[6];
# 207|-> res |= a[7] ^ b[7];
# 208| }
# 209|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:224: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
# 222| res |= a[3] ^ ONE[3];
# 223| if (P256_LIMBS == 8) {
# 224|-> res |= a[4] ^ ONE[4];
# 225| res |= a[5] ^ ONE[5];
# 226| res |= a[6] ^ ONE[6];
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:225: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
# 223| if (P256_LIMBS == 8) {
# 224| res |= a[4] ^ ONE[4];
# 225|-> res |= a[5] ^ ONE[5];
# 226| res |= a[6] ^ ONE[6];
# 227| /*
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:226: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
# 224| res |= a[4] ^ ONE[4];
# 225| res |= a[5] ^ ONE[5];
# 226|-> res |= a[6] ^ ONE[6];
# 227| /*
# 228| * no check for a[7] (being zero) on 32-bit platforms,
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c: scope_hint: In function 'ecp_nistz256_points_mul'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1032:30: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1032:30: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1032:30: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] || |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | |
# 1030|
# 1031| p_str[i + 0] = (unsigned char)d;
# 1032|-> p_str[i + 1] = (unsigned char)(d >> 8);
# 1033| p_str[i + 2] = (unsigned char)(d >> 16);
# 1034| p_str[i + 3] = (unsigned char)(d >>= 24);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1033:30: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1033:30: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1033:30: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] | | |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | | |
# 1031| p_str[i + 0] = (unsigned char)d;
# 1032| p_str[i + 1] = (unsigned char)(d >> 8);
# 1033|-> p_str[i + 2] = (unsigned char)(d >> 16);
# 1034| p_str[i + 3] = (unsigned char)(d >>= 24);
# 1035| if (BN_BYTES == 8) {
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1034:30: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1034:30: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1034:30: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] | | |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | | |
# 1032| p_str[i + 1] = (unsigned char)(d >> 8);
# 1033| p_str[i + 2] = (unsigned char)(d >> 16);
# 1034|-> p_str[i + 3] = (unsigned char)(d >>= 24);
# 1035| if (BN_BYTES == 8) {
# 1036| d >>= 8;
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1037:34: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1037:34: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1037:34: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] | | |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | | |
# 1035| if (BN_BYTES == 8) {
# 1036| d >>= 8;
# 1037|-> p_str[i + 4] = (unsigned char)d;
# 1038| p_str[i + 5] = (unsigned char)(d >> 8);
# 1039| p_str[i + 6] = (unsigned char)(d >> 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1038:34: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1038:34: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1038:34: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] | | |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | | |
# 1036| d >>= 8;
# 1037| p_str[i + 4] = (unsigned char)d;
# 1038|-> p_str[i + 5] = (unsigned char)(d >> 8);
# 1039| p_str[i + 6] = (unsigned char)(d >> 16);
# 1040| p_str[i + 7] = (unsigned char)(d >> 24);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1039:34: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1039:34: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1039:34: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] | | |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | | |
# 1037| p_str[i + 4] = (unsigned char)d;
# 1038| p_str[i + 5] = (unsigned char)(d >> 8);
# 1039|-> p_str[i + 6] = (unsigned char)(d >> 16);
# 1040| p_str[i + 7] = (unsigned char)(d >> 24);
# 1041| }
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1040:34: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1040:34: note: write of 1 byte to beyond the end of 'p_str'
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1040:34: note: valid subscripts for 'p_str' are '[0]' to '[32]'
# +---------------------------------+
# |
# | [0] | ... | [32] | | |
# |~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~|
# | | |
# 1038| p_str[i + 5] = (unsigned char)(d >> 8);
# 1039| p_str[i + 6] = (unsigned char)(d >> 16);
# 1040|-> p_str[i + 7] = (unsigned char)(d >> 24);
# 1041| }
# 1042| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 4, which is out of bounds.
# 1065| p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066| if (P256_LIMBS == 8)
# 1067|-> infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068| p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 5, which is out of bounds.
# 1065| p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066| if (P256_LIMBS == 8)
# 1067|-> infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068| p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 6, which is out of bounds.
# 1065| p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066| if (P256_LIMBS == 8)
# 1067|-> infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068| p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 7, which is out of bounds.
# 1065| p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066| if (P256_LIMBS == 8)
# 1067|-> infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068| p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 4, which is out of bounds.
# 1066| if (P256_LIMBS == 8)
# 1067| infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|-> p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
# 1070| infty = 0 - is_zero(infty);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 5, which is out of bounds.
# 1066| if (P256_LIMBS == 8)
# 1067| infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|-> p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
# 1070| infty = 0 - is_zero(infty);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 6, which is out of bounds.
# 1066| if (P256_LIMBS == 8)
# 1067| infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|-> p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
# 1070| infty = 0 - is_zero(infty);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 7, which is out of bounds.
# 1066| if (P256_LIMBS == 8)
# 1067| infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|-> p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|
# 1070| infty = 0 - is_zero(infty);
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
# 1076| p.p.Z[3] = ONE[3] & infty;
# 1077| if (P256_LIMBS == 8) {
# 1078|-> p.p.Z[4] = ONE[4] & infty;
# 1079| p.p.Z[5] = ONE[5] & infty;
# 1080| p.p.Z[6] = ONE[6] & infty;
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 4, which is out of bounds.
# 1076| p.p.Z[3] = ONE[3] & infty;
# 1077| if (P256_LIMBS == 8) {
# 1078|-> p.p.Z[4] = ONE[4] & infty;
# 1079| p.p.Z[5] = ONE[5] & infty;
# 1080| p.p.Z[6] = ONE[6] & infty;
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
# 1077| if (P256_LIMBS == 8) {
# 1078| p.p.Z[4] = ONE[4] & infty;
# 1079|-> p.p.Z[5] = ONE[5] & infty;
# 1080| p.p.Z[6] = ONE[6] & infty;
# 1081| p.p.Z[7] = ONE[7] & infty;
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 5, which is out of bounds.
# 1077| if (P256_LIMBS == 8) {
# 1078| p.p.Z[4] = ONE[4] & infty;
# 1079|-> p.p.Z[5] = ONE[5] & infty;
# 1080| p.p.Z[6] = ONE[6] & infty;
# 1081| p.p.Z[7] = ONE[7] & infty;
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
# 1078| p.p.Z[4] = ONE[4] & infty;
# 1079| p.p.Z[5] = ONE[5] & infty;
# 1080|-> p.p.Z[6] = ONE[6] & infty;
# 1081| p.p.Z[7] = ONE[7] & infty;
# 1082| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 6, which is out of bounds.
# 1078| p.p.Z[4] = ONE[4] & infty;
# 1079| p.p.Z[5] = ONE[5] & infty;
# 1080|-> p.p.Z[6] = ONE[6] & infty;
# 1081| p.p.Z[7] = ONE[7] & infty;
# 1082| }
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 7, which is out of bounds.
# 1079| p.p.Z[5] = ONE[5] & infty;
# 1080| p.p.Z[6] = ONE[6] & infty;
# 1081|-> p.p.Z[7] = ONE[7] & infty;
# 1082| }
# 1083|
Error: CPPCHECK_WARNING (CWE-823):
openssl-3.2.1/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 7, which is out of bounds.
# 1079| p.p.Z[5] = ONE[5] & infty;
# 1080| p.p.Z[6] = ONE[6] & infty;
# 1081|-> p.p.Z[7] = ONE[7] & infty;
# 1082| }
# 1083|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:718:10: warning[deadcode.DeadStores]: Value stored to 'bio' during its initialization is never read
# 716| OSSL_DECODER *decoder = NULL;
# 717| OSSL_CORE_BIO *cbio = NULL;
# 718|-> BIO *bio = data->bio;
# 719| long loc;
# 720| size_t i;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:828:9: warning[deadcode.DeadStores]: Value stored to 'trace_data_structure' is never read
# 826| * too special knowledge.
# 827| */
# 828|-> trace_data_structure = data_structure;
# 829| if (data_type != NULL && data_structure != NULL
# 830| && OPENSSL_strcasecmp(data_structure, "type-specific") == 0)
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:1000:25: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:851:16: note: in expansion of macro 'BIO_tell'
# 998| new_data.flag_input_structure_checked
# 999| = data->flag_input_structure_checked;
# 1000|-> ok = new_decoder->decode(new_decoderctx, cbio,
# 1001| new_data.ctx->selection,
# 1002| decoder_process, &new_data,
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/encode_decode/decoder_lib.c: scope_hint: In function 'decoder_process'
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:1000:25: warning[-Wanalyzer-null-dereference]: dereference of NULL 'decoder'
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:11: included_from: Included from here.
openssl-3.2.1/crypto/encode_decode/decoder_lib.c:851:16: note: in expansion of macro 'BIO_tell'
# 998| new_data.flag_input_structure_checked
# 999| = data->flag_input_structure_checked;
# 1000|-> ok = new_decoder->decode(new_decoderctx, cbio,
# 1001| new_data.ctx->selection,
# 1002| decoder_process, &new_data,
Error: CLANG_WARNING:
openssl-3.2.1/crypto/encode_decode/encoder_lib.c:632:22: warning[core.NullDereference]: Access to field 'encode' results in a dereference of a null pointer (loaded from variable 'current_encoder')
# 630| ok = (cbio = ossl_core_bio_new_from_bio(current_out)) != NULL;
# 631| if (ok) {
# 632|-> ok = current_encoder->encode(current_encoder_ctx, cbio,
# 633| original_data, current_abstract,
# 634| data->ctx->selection,
Error: CLANG_WARNING:
openssl-3.2.1/crypto/engine/eng_dyn.c:222:13: warning[deadcode.DeadStores]: Value stored to 'new_idx' is never read
# 220| /* Good, someone didn't beat us to it */
# 221| dynamic_ex_data_idx = new_idx;
# 222|-> new_idx = -1;
# 223| }
# 224| CRYPTO_THREAD_unlock(global_engine_lock);
Error: GCC_ANALYZER_WARNING (CWE-835):
openssl-3.2.1/crypto/evp/bio_ok.c: scope_hint: In function 'ok_ctrl'
openssl-3.2.1/crypto/evp/bio_ok.c:361:19: warning[-Wanalyzer-infinite-loop]: infinite loop
# 359| return 0;
# 360|
# 361|-> while (ctx->blockout) {
# 362| i = ok_write(b, NULL, 0);
# 363| if (i < 0) {
Error: CPPCHECK_WARNING (CWE-562):
openssl-3.2.1/crypto/evp/ctrl_params_translate.c:1163: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 1161| */
# 1162| p2 = ctx->name_buf;
# 1163|-> ctx->p2 = &p2;
# 1164| ctx->sz = sizeof(ctx->name_buf);
# 1165| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/ctrl_params_translate.c:1489:13: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 1487| return 0;
# 1488| if (state == POST_CTRL_TO_PARAMS)
# 1489|-> ret = str_value_map[i].id;
# 1490| else
# 1491| ctx->p1 = str_value_map[i].id;
Error: CPPCHECK_WARNING (CWE-457):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:184: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
# 182|
# 183| /* ask for IVs in bulk */
# 184|-> if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
# 185| return 0;
# 186|
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c: scope_hint: In function 'tls1_1_multi_block_encrypt'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:208:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:208:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:208:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 206|
# 207| for (i = 1; i < x4; i++) {
# 208|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 209| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 210| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:208:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:208:39: note: write of 8 bytes to beyond the end of 'hash_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:208:39: note: valid subscripts for 'hash_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 206|
# 207| for (i = 1; i < x4; i++) {
# 208|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 209| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 210| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:209:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:209:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:209:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~|
# | | |
# 207| for (i = 1; i < x4; i++) {
# 208| ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 209|-> ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 210| memcpy(ciph_d[i].out - 16, IVs, 16);
# 211| memcpy(ciph_d[i].iv, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:211:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:211:9: note: write of 16 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha1.c:211:9: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +-------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~|
# | | |
# 209| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 210| memcpy(ciph_d[i].out - 16, IVs, 16);
# 211|-> memcpy(ciph_d[i].iv, IVs, 16);
# 212| IVs += 16;
# 213| }
Error: CPPCHECK_WARNING (CWE-457):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:178: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
# 176|
# 177| /* ask for IVs in bulk */
# 178|-> if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
# 179| return 0;
# 180|
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c: scope_hint: In function 'tls1_1_multi_block_encrypt'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:203:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:203:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:203:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 201|
# 202| for (i = 1; i < x4; i++) {
# 203|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 204| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 205| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:203:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:203:39: note: write of 8 bytes to beyond the end of 'hash_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:203:39: note: valid subscripts for 'hash_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 201|
# 202| for (i = 1; i < x4; i++) {
# 203|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 204| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 205| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:204:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:204:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:204:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~|
# | | |
# 202| for (i = 1; i < x4; i++) {
# 203| ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 204|-> ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 205| memcpy(ciph_d[i].out - 16, IVs, 16);
# 206| memcpy(ciph_d[i].iv, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:206:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:206:9: note: write of 16 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/crypto/evp/e_aes_cbc_hmac_sha256.c:206:9: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +-------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~|
# | | |
# 204| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 205| memcpy(ciph_d[i].out - 16, IVs, 16);
# 206|-> memcpy(ciph_d[i].iv, IVs, 16);
# 207| IVs += 16;
# 208| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/keymgmt_lib.c:118:13: warning[core.NullDereference]: Access to field 'name_id' results in a dereference of a null pointer (loaded from field 'keymgmt')
# 116| */
# 117| if (pk->keymgmt == keymgmt
# 118|-> || (pk->keymgmt->name_id == keymgmt->name_id
# 119| && pk->keymgmt->prov == keymgmt->prov))
# 120| return pk->keydata;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/m_sigver.c:520:17: warning[core.NullDereference]: Access to field 'digest_custom' results in a dereference of a null pointer (loaded from field 'pmeth')
# 518| /* do_sigver_init() checked that |digest_custom| is non-NULL */
# 519| if (pctx->flag_call_digest_custom
# 520|-> && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
# 521| return 0;
# 522| pctx->flag_call_digest_custom = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/m_sigver.c:555:17: warning[core.NullDereference]: Access to field 'digest_custom' results in a dereference of a null pointer (loaded from field 'pmeth')
# 553| /* do_sigver_init() checked that |digest_custom| is non-NULL */
# 554| if (pctx->flag_call_digest_custom
# 555|-> && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx))
# 556| return 0;
# 557| pctx->flag_call_digest_custom = 0;
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/m_sigver.c:603:9: warning[core.NullDereference]: Access to field 'digest_sign_final' results in a dereference of a null pointer (loaded from field 'signature')
# 601| return r;
# 602| #else
# 603|-> r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
# 604| sigret, siglen,
# 605| sigret == NULL ? 0 : *siglen);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/m_sigver.c:709:13: warning[core.NullDereference]: Access to field 'pmeth' results in a dereference of a null pointer (loaded from field 'pctx')
# 707| } else {
# 708| /* legacy */
# 709|-> if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL)
# 710| return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
# 711| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/evp/m_sigver.c:830:13: warning[core.NullDereference]: Access to field 'pmeth' results in a dereference of a null pointer (loaded from field 'pctx')
# 828| } else {
# 829| /* legacy */
# 830|-> if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL)
# 831| return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
# 832| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/http/http_client.c:738:17: warning[deadcode.DeadStores]: Value stored to 'got_text' is never read
# 736| }
# 737| if (OPENSSL_strcasecmp(key, "Content-Type") == 0) {
# 738|-> got_text = OPENSSL_strncasecmp(value, "text/", 5) == 0;
# 739| if (rctx->state == OHS_HEADERS
# 740| && rctx->expected_ct != NULL) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/http/http_lib.c:87:23: warning[deadcode.DeadStores]: Although the value stored to 'host' is used in the enclosing expression, the value is never actually read from 'host'
# 85|
# 86| /* parse optional "userinfo@" */
# 87|-> user = user_end = host = p;
# 88| host = strchr(p, '@');
# 89| if (host != NULL)
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cbc.c:92:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 90| l2n(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cbc.c:92:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 90| l2n(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cbc.c:92:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 90| l2n(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cbc.c:92:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 90| l2n(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cbc.c:92:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 90| l2n(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cbc.c:92:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 90| l2n(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cfb64.c:84:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 82| }
# 83| }
# 84|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 85| *num = n;
# 86| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cfb64.c:84:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 82| }
# 83| }
# 84|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 85| *num = n;
# 86| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cfb64.c:84:31: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 82| }
# 83| }
# 84|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 85| *num = n;
# 86| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cfb64.c:84:35: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 82| }
# 83| }
# 84|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 85| *num = n;
# 86| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_cfb64.c:84:39: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 82| }
# 83| }
# 84|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 85| *num = n;
# 86| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_ecb.c:40:5: warning[deadcode.DeadStores]: Value stored to 'l0' is never read
# 38| l1 = d[1];
# 39| l2n(l1, out);
# 40|-> l0 = l1 = d[0] = d[1] = 0;
# 41| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_ecb.c:40:10: warning[deadcode.DeadStores]: Although the value stored to 'l1' is used in the enclosing expression, the value is never actually read from 'l1'
# 38| l1 = d[1];
# 39| l2n(l1, out);
# 40|-> l0 = l1 = d[0] = d[1] = 0;
# 41| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_ofb64.c:71:5: warning[deadcode.DeadStores]: Value stored to 't' is never read
# 69| l2n(v1, iv);
# 70| }
# 71|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 72| *num = n;
# 73| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_ofb64.c:71:9: warning[deadcode.DeadStores]: Although the value stored to 'v0' is used in the enclosing expression, the value is never actually read from 'v0'
# 69| l2n(v1, iv);
# 70| }
# 71|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 72| *num = n;
# 73| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/idea/i_ofb64.c:71:14: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 69| l2n(v1, iv);
# 70| }
# 71|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 72| *num = n;
# 73| }
Error: COMPILER_WARNING (CWE-590):
openssl-3.2.1/crypto/mem.c:282:5: warning[-Wfree-nonheap-object]: 'free' called on unallocated object 'recp'
# 282 | free(str);
# | ^
openssl-3.2.1/crypto/bn/bn_exp.c: scope_hint: In function 'BN_mod_exp_recp'
openssl-3.2.1/crypto/bn/bn_exp.c:177:17: note: declared here
# 177 | BN_RECP_CTX recp;
# | ^
# 280| }
# 281|
# 282|-> free(str);
# 283| }
# 284|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/objects/obj_dat.c:600:13: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 598| }
# 599| n += i;
# 600|-> l = 0;
# 601| }
# 602| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ocsp/ocsp_vfy.c:411:10: warning[deadcode.DeadStores]: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
# 409| flags |= OCSP_NOVERIFY;
# 410|
# 411|-> if ((ret = ocsp_verify(req, NULL, signer, flags)) <= 0)
# 412| return 0; /* not returning 'ret' here for backward compatibility*/
# 413| if ((flags & OCSP_NOVERIFY) != 0)
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/param_build.c: scope_hint: In function 'param_bld_convert'
openssl-3.2.1/crypto/param_build.c:356:31: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
openssl-3.2.1/include/openssl/bio.h:30: included_from: Included from here.
openssl-3.2.1/include/openssl/err.h:29: included_from: Included from here.
openssl-3.2.1/crypto/param_build.c:12: included_from: Included from here.
openssl-3.2.1/crypto/param_build.c:393:14: note: in expansion of macro 'OPENSSL_malloc'
# 354| || pd->type == OSSL_PARAM_UTF8_PTR) {
# 355| /* PTR */
# 356|-> *(const void **)p = pd->string;
# 357| } else if (pd->type == OSSL_PARAM_OCTET_STRING
# 358| || pd->type == OSSL_PARAM_UTF8_STRING) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/param_build.c:356:31: warning[core.NullDereference]: Dereference of null pointer
# 354| || pd->type == OSSL_PARAM_UTF8_PTR) {
# 355| /* PTR */
# 356|-> *(const void **)p = pd->string;
# 357| } else if (pd->type == OSSL_PARAM_OCTET_STRING
# 358| || pd->type == OSSL_PARAM_UTF8_STRING) {
Error: CLANG_WARNING:
openssl-3.2.1/crypto/param_build.c:360:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 358| || pd->type == OSSL_PARAM_UTF8_STRING) {
# 359| if (pd->string != NULL)
# 360|-> memcpy(p, pd->string, pd->size);
# 361| else
# 362| memset(p, 0, pd->size);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/param_build.c:362:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 360| memcpy(p, pd->string, pd->size);
# 361| else
# 362|-> memset(p, 0, pd->size);
# 363| if (pd->type == OSSL_PARAM_UTF8_STRING)
# 364| ((char *)p)[pd->size] = '\0';
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/crypto/param_build.c:368:17: warning[-Wanalyzer-null-argument]: use of NULL 'p' where non-null expected
openssl-3.2.1/crypto/param_build.c:393:14: note: in expansion of macro 'OPENSSL_malloc'
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 366| /* Number, but could also be a NULL BIGNUM */
# 367| if (pd->size > sizeof(pd->num))
# 368|-> memset(p, 0, pd->size);
# 369| else if (pd->size > 0)
# 370| memcpy(p, &pd->num, pd->size);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/param_build.c:368:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 366| /* Number, but could also be a NULL BIGNUM */
# 367| if (pd->size > sizeof(pd->num))
# 368|-> memset(p, 0, pd->size);
# 369| else if (pd->size > 0)
# 370| memcpy(p, &pd->num, pd->size);
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/crypto/param_build.c:370:17: warning[-Wanalyzer-null-argument]: use of NULL 'p' where non-null expected
openssl-3.2.1/crypto/param_build.c:393:14: note: in expansion of macro 'OPENSSL_malloc'
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 368| memset(p, 0, pd->size);
# 369| else if (pd->size > 0)
# 370|-> memcpy(p, &pd->num, pd->size);
# 371| }
# 372| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/param_build.c:370:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 368| memset(p, 0, pd->size);
# 369| else if (pd->size > 0)
# 370|-> memcpy(p, &pd->num, pd->size);
# 371| }
# 372| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/pkcs12/p12_npas.c:216:9: warning[deadcode.DeadStores]: Value stored to 'pbenid' is never read
# 214|
# 215| X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
# 216|-> pbenid = OBJ_obj2nid(aoid);
# 217| X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
# 218| encnid = OBJ_obj2nid(aoid);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/pkcs12/p12_npas.c:248:9: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 246| *psaltlen = pbe->salt->length;
# 247| *cipherid = NID_undef;
# 248|-> ret = 1;
# 249| break;
# 250| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_cbc.c:90:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 88| l2c(xor1, iv);
# 89| }
# 90|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 91| tin[0] = tin[1] = 0;
# 92| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_cbc.c:90:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 88| l2c(xor1, iv);
# 89| }
# 90|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 91| tin[0] = tin[1] = 0;
# 92| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_cbc.c:90:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 88| l2c(xor1, iv);
# 89| }
# 90|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 91| tin[0] = tin[1] = 0;
# 92| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_cbc.c:90:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 88| l2c(xor1, iv);
# 89| }
# 90|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 91| tin[0] = tin[1] = 0;
# 92| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_cbc.c:90:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 88| l2c(xor1, iv);
# 89| }
# 90|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 91| tin[0] = tin[1] = 0;
# 92| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_cbc.c:90:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 88| l2c(xor1, iv);
# 89| }
# 90|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 91| tin[0] = tin[1] = 0;
# 92| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2_ecb.c:45:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 43| l = d[1];
# 44| l2c(l, out);
# 45|-> l = d[0] = d[1] = 0;
# 46| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2cfb64.c:78:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2cfb64.c:78:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2cfb64.c:78:31: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2cfb64.c:78:35: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2cfb64.c:78:39: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2ofb64.c:65:5: warning[deadcode.DeadStores]: Value stored to 't' is never read
# 63| l2c(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2ofb64.c:65:9: warning[deadcode.DeadStores]: Although the value stored to 'v0' is used in the enclosing expression, the value is never actually read from 'v0'
# 63| l2c(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc2/rc2ofb64.c:65:14: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 63| l2c(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_ecb.c:37:5: warning[deadcode.DeadStores]: Value stored to 'l' is never read
# 35| l = d[1];
# 36| l2c(l, out);
# 37|-> l = d[0] = d[1] = 0;
# 38| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_enc.c:92:5: warning[deadcode.DeadStores]: Value stored to 'tin0' is never read
# 90| l2c(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_enc.c:92:12: warning[deadcode.DeadStores]: Although the value stored to 'tin1' is used in the enclosing expression, the value is never actually read from 'tin1'
# 90| l2c(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_enc.c:92:19: warning[deadcode.DeadStores]: Although the value stored to 'tout0' is used in the enclosing expression, the value is never actually read from 'tout0'
# 90| l2c(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_enc.c:92:27: warning[deadcode.DeadStores]: Although the value stored to 'tout1' is used in the enclosing expression, the value is never actually read from 'tout1'
# 90| l2c(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_enc.c:92:35: warning[deadcode.DeadStores]: Although the value stored to 'xor0' is used in the enclosing expression, the value is never actually read from 'xor0'
# 90| l2c(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5_enc.c:92:42: warning[deadcode.DeadStores]: Although the value stored to 'xor1' is used in the enclosing expression, the value is never actually read from 'xor1'
# 90| l2c(xor1, iv);
# 91| }
# 92|-> tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
# 93| tin[0] = tin[1] = 0;
# 94| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5cfb64.c:78:5: warning[deadcode.DeadStores]: Value stored to 'v0' is never read
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5cfb64.c:78:10: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5cfb64.c:78:31: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5cfb64.c:78:35: warning[deadcode.DeadStores]: Although the value stored to 'c' is used in the enclosing expression, the value is never actually read from 'c'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5cfb64.c:78:39: warning[deadcode.DeadStores]: Although the value stored to 'cc' is used in the enclosing expression, the value is never actually read from 'cc'
# 76| }
# 77| }
# 78|-> v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
# 79| *num = n;
# 80| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5ofb64.c:65:5: warning[deadcode.DeadStores]: Value stored to 't' is never read
# 63| l2c(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5ofb64.c:65:9: warning[deadcode.DeadStores]: Although the value stored to 'v0' is used in the enclosing expression, the value is never actually read from 'v0'
# 63| l2c(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: CLANG_WARNING:
openssl-3.2.1/crypto/rc5/rc5ofb64.c:65:14: warning[deadcode.DeadStores]: Although the value stored to 'v1' is used in the enclosing expression, the value is never actually read from 'v1'
# 63| l2c(v1, iv);
# 64| }
# 65|-> t = v0 = v1 = ti[0] = ti[1] = 0;
# 66| *num = n;
# 67| }
Error: COMPILER_WARNING:
openssl-3.2.1/crypto/thread/arch/thread_posix.c:13:10: warning: "_GNU_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
# 11|
# 12| #if defined(OPENSSL_THREADS_POSIX)
# 13|-> # define _GNU_SOURCE
# 14| # include <errno.h>
# 15| # include <sys/types.h>
Error: CLANG_WARNING:
openssl-3.2.1/crypto/ts/ts_rsp_verify.c:143:13: warning[deadcode.DeadStores]: Although the value stored to 'i' is used in the enclosing expression, the value is never actually read from 'i'
# 141|
# 142| /* We now have to 'read' from p7bio to calculate digests etc. */
# 143|-> while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
# 144| continue;
# 145|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/x509/v3_addr.c:1328:9: warning[core.NullDereference]: Access to field 'rfc3779_addr' results in a dereference of a null pointer (loaded from variable 'x')
# 1326| * Trust anchor can't inherit.
# 1327| */
# 1328|-> if (x->rfc3779_addr != NULL) {
# 1329| for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
# 1330| IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
Error: CLANG_WARNING:
openssl-3.2.1/crypto/x509/v3_ist.c:135:9: warning[deadcode.DeadStores]: Value stored to 'new_line' is never read
# 133| BIO_printf(out, "%*scAToolCert : ", indent, "");
# 134| BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length);
# 135|-> new_line = 1;
# 136| }
# 137| return 1;
Error: CPPCHECK_WARNING (CWE-562):
openssl-3.2.1/crypto/x509/v3_lib.c:144: error[returnDanglingLifetime]: Returning pointer to local variable 'p' that will be invalid when returning.
# 142| if (method->it)
# 143| return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
# 144|-> return method->d2i(NULL, &p, extlen);
# 145| }
# 146|
Error: CLANG_WARNING:
openssl-3.2.1/crypto/x509/v3_ncons.c:765:17: warning[deadcode.DeadStores]: Value stored to 'hostptr' during its initialization is never read
# 763| {
# 764| const char *baseptr = (char *)base->data;
# 765|-> const char *hostptr = (char *)uri->data;
# 766| const char *p = ia5memchr(uri, (char *)uri->data, ':');
# 767| int hostlen;
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/crypto/x509/x509_vfy.c: scope_hint: In function 'dane_match_cert'
openssl-3.2.1/crypto/x509/x509_vfy.c:2935:13: warning[-Wanalyzer-null-argument]: use of NULL 'cmpbuf' where non-null expected
openssl-3.2.1/include/internal/common.h:15: included_from: Included from here.
openssl-3.2.1/include/internal/cryptlib.h:21: included_from: Included from here.
openssl-3.2.1/crypto/x509/x509_vfy.c:18: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 1 of 'memcmp' must be non-null
# 2933| */
# 2934| if (cmplen == t->dlen &&
# 2935|-> memcmp(cmpbuf, t->data, cmplen) == 0) {
# 2936| if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 2937| matched = 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/x509/x509name.c: scope_hint: In function 'X509_NAME_get_text_by_OBJ'
openssl-3.2.1/crypto/x509/x509name.c:41:20: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 39| data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
# 40| if (buf == NULL)
# 41|-> return data->length;
# 42| if (len <= 0)
# 43| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/x509/x509name.c:44:14: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 42| if (len <= 0)
# 43| return 0;
# 44|-> i = (data->length > (len - 1)) ? (len - 1) : data->length;
# 45| memcpy(buf, data->data, i);
# 46| buf[i] = '\0';
Error: CLANG_WARNING:
openssl-3.2.1/engines/e_loader_attic.c:1244:13: warning[deadcode.DeadStores]: Although the value stored to 't' is used in the enclosing expression, the value is never actually read from 't'
# 1242|
# 1243| if (result != NULL
# 1244|-> && (t = OSSL_STORE_INFO_get_type(result)) == STORE_INFO_EMBEDDED) {
# 1245| struct embedded_st *embedded = get0_EMBEDDED(result);
# 1246|
Error: CPPCHECK_WARNING (CWE-562):
openssl-3.2.1/engines/e_loader_attic.c:1284: error[returnDanglingLifetime]: Returning pointer to local variable 'try_matchcount' that will be invalid when returning.
# 1282| }
# 1283| }
# 1284|-> return result;
# 1285| }
# 1286|
Error: CLANG_WARNING:
openssl-3.2.1/engines/e_ossltest.c:835:17: warning[deadcode.DeadStores]: Value stored to 'in' is never read
# 833|
# 834| /* omit explicit iv */
# 835|-> in += AES_BLOCK_SIZE;
# 836| out += AES_BLOCK_SIZE;
# 837| len -= AES_BLOCK_SIZE;
Error: GCC_ANALYZER_WARNING (CWE-775):
openssl-3.2.1/fuzz/test-corpus.c: scope_hint: In function 'testfile'
openssl-3.2.1/fuzz/test-corpus.c:51:20: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(pathname, "rb")'
# 49| if (f == NULL)
# 50| return;
# 51|-> buf = malloc(st.st_size);
# 52| if (buf != NULL) {
# 53| s = fread(buf, 1, st.st_size, f);
Error: GCC_ANALYZER_WARNING (CWE-401):
openssl-3.2.1/fuzz/test-corpus.c:51:20: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(pathname, "rb")'
# 49| if (f == NULL)
# 50| return;
# 51|-> buf = malloc(st.st_size);
# 52| if (buf != NULL) {
# 53| s = fread(buf, 1, st.st_size, f);
Error: GCC_ANALYZER_WARNING (CWE-1335):
openssl-3.2.1/crypto/x509/x509_vfy.c:27: included_from: Included from here.
openssl-3.2.1/include/internal/dane.h:82:32: warning[-Wanalyzer-shift-count-overflow]: shift by count ('256') >= precision of type ('32')
openssl-3.2.1/crypto/x509/x509_vfy.c:2936:17: note: in expansion of macro 'DANETLS_USAGE_BIT'
openssl-3.2.1/crypto/x509/x509_vfy.c:2936:17: note: in expansion of macro 'DANETLS_USAGE_BIT'
openssl-3.2.1/crypto/x509/x509_vfy.c:2936:17: note: in expansion of macro 'DANETLS_USAGE_BIT'
# 80| ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
# 81|
# 82|-> #define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u)
# 83|
# 84| #define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA))
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/crypto/bio/bss_conn.c:15: included_from: Included from here.
openssl-3.2.1/include/internal/ktls.h: scope_hint: In function 'ktls_read_record'
openssl-3.2.1/include/internal/ktls.h:416:17: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
/usr/include/sys/socket.h:33: included_from: Included from here.
/usr/include/netinet/in.h:23: included_from: Included from here.
/usr/include/netdb.h:27: included_from: Included from here.
openssl-3.2.1/include/internal/sockets.h:91: included_from: Included from here.
openssl-3.2.1/crypto/bio/bio_local.h:11: included_from: Included from here.
openssl-3.2.1/crypto/bio/bss_conn.c:13: included_from: Included from here.
# 414| if (msg.msg_controllen > 0) {
# 415| cmsg = CMSG_FIRSTHDR(&msg);
# 416|-> if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
# 417| p[0] = *((unsigned char *)CMSG_DATA(cmsg));
# 418| p[1] = TLS1_2_VERSION_MAJOR;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/quic/quic_record_tx.c:14: included_from: Included from here.
openssl-3.2.1/ssl/quic/quic_record_tx.c: scope_hint: In function 'ossl_list_txe_remove'
openssl-3.2.1/include/internal/list.h:95:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'list'
openssl-3.2.1/ssl/quic/quic_record_tx.c:41:1: note: in expansion of macro 'DEFINE_LIST_OF'
openssl-3.2.1/ssl/quic/quic_record_tx.c: scope_hint: In function 'ossl_list_txe_remove'
openssl-3.2.1/ssl/quic/quic_record_tx.c:41:1: note: in expansion of macro 'DEFINE_LIST_OF'
openssl-3.2.1/ssl/quic/quic_record_tx.c: scope_hint: In function 'ossl_list_txe_remove'
openssl-3.2.1/ssl/quic/quic_record_tx.c:41:1: note: in expansion of macro 'DEFINE_LIST_OF'
openssl-3.2.1/ssl/quic/quic_record_tx.c:41:1: note: in expansion of macro 'DEFINE_LIST_OF'
# 93| assert(elem->ossl_list_ ## name.list == list); \
# 94| OSSL_LIST_DBG(elem->ossl_list_ ## name.list = NULL) \
# 95|-> if (list->alpha == elem) \
# 96| list->alpha = elem->ossl_list_ ## name.next; \
# 97| if (list->omega == elem) \
Error: CLANG_WARNING:
openssl-3.2.1/test/servername_test.c:21: included_from: Included from here.
openssl-3.2.1/include/internal/packet.h:493:12: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 491| static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
# 492| {
# 493|-> return memchr(pkt->curr, 0, pkt->remaining) != NULL;
# 494| }
# 495|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/uint_set.c:10: included_from: Included from here.
openssl-3.2.1/include/internal/uint_set.h:37:1: warning[core.NullDereference]: Dereference of null pointer
# 35| };
# 36|
# 37|-> DEFINE_LIST_OF(uint_set, UINT_SET_ITEM);
# 38|
# 39| typedef OSSL_LIST(uint_set) UINT_SET;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/sslapitest.c:22: included_from: Included from here.
openssl-3.2.1/test/sslapitest.c: scope_hint: In function 'ping_pong_query'
openssl-3.2.1/include/openssl/bio.h:202:7: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/sslapitest.c:1085:10: note: in expansion of macro 'BIO_get_ktls_send'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/test/sslapitest.c:1045:33: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
openssl-3.2.1/test/sslapitest.c:1085:10: note: in expansion of macro 'BIO_get_ktls_send'
openssl-3.2.1/test/sslapitest.c:1085:10: note: in expansion of macro 'BIO_get_ktls_send'
# 200| # ifndef OPENSSL_NO_KTLS
# 201| # define BIO_get_ktls_send(b) \
# 202|-> (BIO_ctrl(b, BIO_CTRL_GET_KTLS_SEND, 0, NULL) > 0)
# 203| # define BIO_get_ktls_recv(b) \
# 204| (BIO_ctrl(b, BIO_CTRL_GET_KTLS_RECV, 0, NULL) > 0)
Error: GCC_ANALYZER_WARNING (CWE-465):
openssl-3.2.1/include/openssl/bio.h:30: included_from: Included from here.
openssl-3.2.1/include/openssl/err.h:29: included_from: Included from here.
openssl-3.2.1/apps/lib/opt.c:27: included_from: Included from here.
openssl-3.2.1/apps/lib/opt.c: scope_hint: In function 'opt_init'
openssl-3.2.1/include/openssl/crypto.h:421:5: warning[-Wanalyzer-deref-before-check]: check of 'o' for NULL after already dereferencing it
openssl-3.2.1/apps/lib/opt.c:219:13: note: in expansion of macro 'OPENSSL_assert'
openssl-3.2.1/apps/lib/opt.c:218:13: note: in expansion of macro 'OPENSSL_assert'
openssl-3.2.1/include/openssl/crypto.h:421:13: note: in definition of macro 'OPENSSL_assert'
openssl-3.2.1/apps/lib/opt.c:219:13: note: in expansion of macro 'OPENSSL_assert'
openssl-3.2.1/apps/lib/opt.c:221:13: note: in expansion of macro 'OPENSSL_assert'
openssl-3.2.1/apps/lib/opt.c:218:13: note: in expansion of macro 'OPENSSL_assert'
openssl-3.2.1/include/openssl/crypto.h:421:13: note: in definition of macro 'OPENSSL_assert'
openssl-3.2.1/apps/lib/opt.c:219:13: note: in expansion of macro 'OPENSSL_assert'
# 419| # endif
# 420| # define OPENSSL_assert(e) \
# 421|-> (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
# 422|
# 423| int OPENSSL_isservice(void);
Error: CLANG_WARNING:
openssl-3.2.1/providers/common/provider_util.c:257:17: warning[deadcode.DeadStores]: Value stored to 'engine' is never read
# 255| if (p->data_type != OSSL_PARAM_UTF8_STRING)
# 256| return 0;
# 257|-> engine = p->data;
# 258| }
# 259| }
Error: COMPILER_WARNING (CWE-704):
openssl-3.2.1/providers/fips/self_test.c: scope_hint: In function 'SELF_TEST_post'
openssl-3.2.1/providers/fips/self_test.c:521:25: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 519|
# 520| if (st->module_checksum_data == NULL) {
# 521|-> module_checksum = fips_hmac_container;
# 522| checksum_len = sizeof(fips_hmac_container);
# 523| } else {
Error: CLANG_WARNING:
openssl-3.2.1/providers/fips/self_test.c:584:13: warning[deadcode.DeadStores]: Value stored to 'kats_already_passed' is never read
# 582| goto end;
# 583| } else {
# 584|-> kats_already_passed = 1;
# 585| }
# 586| }
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/providers/fips/self_test_kats.c: scope_hint: In function 'self_test_sign'
openssl-3.2.1/providers/fips/self_test_kats.c:461:32: warning[-Wunused-variable]: unused variable 'dgst'
# 461 | static const unsigned char dgst[] = {
# | ^~~~
# 459| unsigned char sig[256];
# 460| size_t siglen = sizeof(sig);
# 461|-> static const unsigned char dgst[] = {
# 462| 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
# 463| 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
Error: CPPCHECK_WARNING (CWE-457):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:146: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
# 144|
# 145| /* ask for IVs in bulk */
# 146|-> if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
# 147| return 0;
# 148|
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c: scope_hint: In function 'tls1_multi_block_encrypt'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 168|
# 169| for (i = 1; i < x4; i++) {
# 170|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 171| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 172| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:39: note: write of 8 bytes to beyond the end of 'hash_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:39: note: valid subscripts for 'hash_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 168|
# 169| for (i = 1; i < x4; i++) {
# 170|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 171| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 172| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:171:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:171:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:171:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~|
# | | |
# 169| for (i = 1; i < x4; i++) {
# 170| ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 171|-> ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 172| memcpy(ciph_d[i].out - 16, IVs, 16);
# 173| memcpy(ciph_d[i].iv, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:173:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:173:9: note: write of 16 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:173:9: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +-------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~|
# | | |
# 171| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 172| memcpy(ciph_d[i].out - 16, IVs, 16);
# 173|-> memcpy(ciph_d[i].iv, IVs, 16);
# 174| IVs += 16;
# 175| }
Error: CPPCHECK_WARNING (CWE-457):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:150: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
# 148|
# 149| /* ask for IVs in bulk */
# 150|-> if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
# 151| return 0;
# 152|
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c: scope_hint: In function 'tls1_multi_block_encrypt'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 172|
# 173| for (i = 1; i < x4; i++) {
# 174|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 175| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 176| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:39: note: write of 8 bytes to beyond the end of 'hash_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:39: note: valid subscripts for 'hash_d' are '[0]' to '[7]'
# +------------------------------------------+
# |
# | [0] | ... | [7] || |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 172|
# 173| for (i = 1; i < x4; i++) {
# 174|-> ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 175| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 176| memcpy(ciph_d[i].out - 16, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:175:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:175:23: note: write of 8 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:175:23: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +------------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~|
# | | |
# 173| for (i = 1; i < x4; i++) {
# 174| ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
# 175|-> ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 176| memcpy(ciph_d[i].out - 16, IVs, 16);
# 177| memcpy(ciph_d[i].iv, IVs, 16);
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:177:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:177:9: note: write of 16 bytes to beyond the end of 'ciph_d'
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:177:9: note: valid subscripts for 'ciph_d' are '[0]' to '[7]'
# +-------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~||||~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~|
# | | |
# 175| ciph_d[i].out = ciph_d[i - 1].out + packlen;
# 176| memcpy(ciph_d[i].out - 16, IVs, 16);
# 177|-> memcpy(ciph_d[i].iv, IVs, 16);
# 178| IVs += 16;
# 179| }
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/ciphers/cipher_aes_gcm_siv_polyval.c:56:20: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 54|
# 55| for (i = 0; i < 16; i++)
# 56|-> out[i] = in[15 - i];
# 57| }
# 58| }
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/providers/implementations/digests/blake2b_prov.c: scope_hint: In function 'blake2b_compress'
openssl-3.2.1/providers/implementations/digests/blake2b_prov.c:283:26: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'm[1]'
openssl-3.2.1/providers/implementations/digests/blake2b_prov.c:290:13: note: in expansion of macro 'G'
openssl-3.2.1/providers/implementations/digests/blake2b_prov.c:305:9: note: in expansion of macro 'ROUND'
openssl-3.2.1/providers/implementations/digests/blake2b_prov.c:290:13: note: in expansion of macro 'G'
openssl-3.2.1/providers/implementations/digests/blake2b_prov.c:305:9: note: in expansion of macro 'ROUND'
# 281| c = c + d; \
# 282| b = rotr64(b ^ c, 24); \
# 283|-> a = a + b + m[blake2b_sigma[r][2*i+1]]; \
# 284| d = rotr64(d ^ a, 16); \
# 285| c = c + d; \
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/providers/implementations/digests/blake2s_prov.c: scope_hint: In function 'blake2s_compress'
openssl-3.2.1/providers/implementations/digests/blake2s_prov.c:204:26: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'm[1]'
openssl-3.2.1/providers/implementations/digests/blake2s_prov.c:211:13: note: in expansion of macro 'G'
openssl-3.2.1/providers/implementations/digests/blake2s_prov.c:226:9: note: in expansion of macro 'ROUND'
openssl-3.2.1/providers/implementations/digests/blake2s_prov.c:211:13: note: in expansion of macro 'G'
openssl-3.2.1/providers/implementations/digests/blake2s_prov.c:226:9: note: in expansion of macro 'ROUND'
# 202| c = c + d; \
# 203| b = rotr32(b ^ c, 12); \
# 204|-> a = a + b + m[blake2s_sigma[r][2*i+1]]; \
# 205| d = rotr32(d ^ a, 8); \
# 206| c = c + d; \
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/kdfs/argon2.c:272:27: warning[core.UndefinedBinaryOperatorResult]: The left operand of '<<' is a garbage value
# 270| {
# 271| return
# 272|-> (((uint64_t)src[0]) << 0)
# 273| | (((uint64_t)src[1]) << 8)
# 274| | (((uint64_t)src[2]) << 16)
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/providers/implementations/kdfs/argon2.c: scope_hint: In function 'blake2b_long'
openssl-3.2.1/providers/implementations/kdfs/argon2.c:884:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&outbuf'
# 882|
# 883| if (outlen > BLAKE2B_OUTBYTES) {
# 884|-> memcpy(out, outbuf, BLAKE2B_OUTBYTES / 2);
# 885| out += BLAKE2B_OUTBYTES / 2;
# 886| outlen_curr = (uint32_t) outlen - BLAKE2B_OUTBYTES / 2;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/providers/implementations/kdfs/tls1_prf.c: scope_hint: In function 'kdf_tls1_prf_free'
openssl-3.2.1/providers/implementations/kdfs/tls1_prf.c:131:19: warning[-Wunused-variable]: unused variable 'libctx'
# 131 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
# | ^~~~~~
# 129| {
# 130| TLS1_PRF *ctx = (TLS1_PRF *)vctx;
# 131|-> OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
# 132|
# 133| if (ctx != NULL) {
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/kdfs/tls1_prf.c:131:19: warning[deadcode.DeadStores]: Value stored to 'libctx' during its initialization is never read
# 129| {
# 130| TLS1_PRF *ctx = (TLS1_PRF *)vctx;
# 131|-> OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
# 132|
# 133| if (ctx != NULL) {
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/macs/cmac_prov.c:204:10: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 202| return 1;
# 203|
# 204|-> if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
# 205| if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx))
# 206| return 0;
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/macs/gmac_prov.c:215:10: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 213| return 0;
# 214|
# 215|-> if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
# 216| if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx))
# 217| return 0;
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/storemgmt/file_store_any2obj.c:147:5: warning[deadcode.DeadStores]: Value stored to 'ok' is never read
# 145| goto next;
# 146|
# 147|-> ok = 0;
# 148| mem_want = ossl_blob_length(bitlen, isdss, ispub);
# 149| if (!BUF_MEM_grow(mem, mem_len + mem_want)) {
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/storemgmt/file_store_any2obj.c:156:5: warning[deadcode.DeadStores]: Value stored to 'mem_len' is never read
# 154| ERR_set_mark();
# 155| ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want;
# 156|-> mem_len += mem_want;
# 157| ERR_pop_to_mark();
# 158|
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/storemgmt/file_store_any2obj.c:214:5: warning[deadcode.DeadStores]: Value stored to 'ok' is never read
# 212| goto next;
# 213|
# 214|-> ok = 0;
# 215| mem_want = saltlen + keylen;
# 216| if (!BUF_MEM_grow(mem, mem_len + mem_want)) {
Error: CLANG_WARNING:
openssl-3.2.1/providers/implementations/storemgmt/file_store_any2obj.c:223:5: warning[deadcode.DeadStores]: Value stored to 'mem_len' is never read
# 221| ERR_set_mark();
# 222| ok = BIO_read(in, &mem->data[mem_len], mem_want) == (int)mem_want;
# 223|-> mem_len += mem_want;
# 224| ERR_pop_to_mark();
# 225|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/d1_lib.c: scope_hint: In function 'dtls1_shutdown'
openssl-3.2.1/ssl/d1_lib.c:869:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/d1_lib.c:14: included_from: Included from here.
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/ssl/d1_lib.c:862:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/ssl/d1_lib.c:862:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/ssl/d1_lib.c:862:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
# 867| wbio = SSL_get_wbio(s);
# 868| if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
# 869|-> !(sc->shutdown & SSL_SENT_SHUTDOWN)) {
# 870| ret = BIO_dgram_sctp_wait_for_dry(wbio);
# 871| if (ret < 0)
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:310:28: warning[core.NullDereference]: Access to field 'mutex' results in a dereference of a null pointer (loaded from variable 'qc')
# 308| {
# 309| #if defined(OPENSSL_THREADS)
# 310|-> ossl_crypto_mutex_lock(qc->mutex);
# 311| #endif
# 312| }
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:622:9: warning[core.NullDereference]: Access to field 'is_thread_assisted' results in a dereference of a null pointer (loaded from field 'qc')
# 620|
# 621| #if !defined(OPENSSL_NO_QUIC_THREAD_ASSIST)
# 622|-> if (ctx.qc->is_thread_assisted && ctx.qc->started)
# 623| ossl_quic_thread_assist_notify_deadline_changed(&ctx.qc->thread_assist);
# 624| #endif
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:872:9: warning[core.NullDereference]: Access to field 'net_rbio' results in a dereference of a null pointer (loaded from field 'qc')
# 870| return;
# 871|
# 872|-> if (ctx.qc->net_rbio == net_rbio)
# 873| return;
# 874|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:899:9: warning[core.NullDereference]: Access to field 'net_wbio' results in a dereference of a null pointer (loaded from field 'qc')
# 897| return;
# 898|
# 899|-> if (ctx.qc->net_wbio == net_wbio)
# 900| return;
# 901|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:926:12: warning[core.NullDereference]: Access to field 'net_rbio' results in a dereference of a null pointer (loaded from field 'qc')
# 924| return NULL;
# 925|
# 926|-> return ctx.qc->net_rbio;
# 927| }
# 928|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:936:12: warning[core.NullDereference]: Access to field 'net_wbio' results in a dereference of a null pointer (loaded from field 'qc')
# 934| return NULL;
# 935|
# 936|-> return ctx.qc->net_wbio;
# 937| }
# 938|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1010:9: warning[core.NullDereference]: Access to field 'started' results in a dereference of a null pointer (loaded from field 'qc')
# 1008| return 0;
# 1009|
# 1010|-> if (ctx.qc->started)
# 1011| return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
# 1012| NULL);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1036:12: warning[core.NullDereference]: Access to field 'blocking' results in a dereference of a null pointer (loaded from variable 'qc')
# 1034| static int qc_blocking_mode(const QUIC_CONNECTION *qc)
# 1035| {
# 1036|-> return qc->blocking;
# 1037| }
# 1038|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1074:15: warning[deadcode.DeadStores]: Value stored to 'deadline' during its initialization is never read
# 1072| {
# 1073| QCTX ctx;
# 1074|-> OSSL_TIME deadline = ossl_time_infinite();
# 1075|
# 1076| if (!expect_quic(s, &ctx))
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1112:25: warning[core.NullDereference]: Access to field 'net_rbio' results in a dereference of a null pointer (loaded from field 'qc')
# 1110| return 0;
# 1111|
# 1112|-> if (desc == NULL || ctx.qc->net_rbio == NULL)
# 1113| return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
# 1114| NULL);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1127:25: warning[core.NullDereference]: Access to field 'net_wbio' results in a dereference of a null pointer (loaded from field 'qc')
# 1125| return 0;
# 1126|
# 1127|-> if (desc == NULL || ctx.qc->net_wbio == NULL)
# 1128| return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, ERR_R_PASSED_INVALID_ARGUMENT,
# 1129| NULL);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1346:38: warning[core.NullDereference]: Access to field 'default_ssl_mode' results in a dereference of a null pointer (loaded from field 'qc')
# 1344| /* If called on a QCSO, update the default mode. */
# 1345| if (!ctx.is_stream)
# 1346|-> ctx.qc->default_ssl_mode |= (uint32_t)larg;
# 1347|
# 1348| /*
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1364:38: warning[core.NullDereference]: Access to field 'default_ssl_mode' results in a dereference of a null pointer (loaded from field 'qc')
# 1362| case SSL_CTRL_CLEAR_MODE:
# 1363| if (!ctx.is_stream)
# 1364|-> ctx.qc->default_ssl_mode &= ~(uint32_t)larg;
# 1365|
# 1366| if (ctx.xso != NULL) {
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1374:48: warning[core.NullDereference]: Access to field 'ch' results in a dereference of a null pointer (loaded from field 'qc')
# 1372|
# 1373| case SSL_CTRL_SET_MSG_CALLBACK_ARG:
# 1374|-> ossl_quic_channel_set_msg_callback_arg(ctx.qc->ch, parg);
# 1375| /* This ctrl also needs to be passed to the internal SSL object */
# 1376| return SSL_ctrl(ctx.qc->tls, cmd, larg, parg);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1421:9: warning[core.NullDereference]: Access to field 'started' results in a dereference of a null pointer (loaded from field 'qc')
# 1419|
# 1420| /* Cannot be changed after handshake started */
# 1421|-> if (ctx.qc->started || ctx.is_stream)
# 1422| return;
# 1423|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:1436:9: warning[core.NullDereference]: Access to field 'started' results in a dereference of a null pointer (loaded from field 'qc')
# 1434|
# 1435| /* Cannot be changed after handshake started */
# 1436|-> if (ctx.qc->started || ctx.is_stream)
# 1437| return;
# 1438|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:2925:13: warning[core.NullDereference]: Access to field 'default_xso_created' results in a dereference of a null pointer (loaded from field 'qc')
# 2923| * SSL_read() or SSL_write() first.
# 2924| */
# 2925|-> if (ctx.qc->default_xso_created
# 2926| || ctx.qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE)
# 2927| return SSL_STREAM_TYPE_NONE;
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:3487:48: warning[core.NullDereference]: Access to field 'ch' results in a dereference of a null pointer (loaded from field 'qc')
# 3485| return -1;
# 3486|
# 3487|-> tc = ossl_quic_channel_get_terminate_cause(ctx.qc->ch);
# 3488| if (tc == NULL)
# 3489| return 0;
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:3576:44: warning[core.NullDereference]: Access to field 'ch' results in a dereference of a null pointer (loaded from field 'qc')
# 3574| switch (cmd) {
# 3575| case SSL_CTRL_SET_MSG_CALLBACK:
# 3576|-> ossl_quic_channel_set_msg_callback(ctx.qc->ch, (ossl_msg_cb)fp,
# 3577| &ctx.qc->ssl);
# 3578| /* This callback also needs to be set on the internal SSL object */
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:3583:35: warning[core.NullDereference]: Access to field 'tls' results in a dereference of a null pointer (loaded from field 'qc')
# 3581| default:
# 3582| /* Probably a TLS related ctrl. Defer to our internal SSL object */
# 3583|-> return ssl3_callback_ctrl(ctx.qc->tls, cmd, fp);
# 3584| }
# 3585| }
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:3635:39: warning[core.NullDereference]: Access to field 'ch' results in a dereference of a null pointer (loaded from field 'qc')
# 3633| return 0;
# 3634|
# 3635|-> if (ossl_quic_channel_is_term_any(ctx.qc->ch)) {
# 3636| shut |= SSL_SENT_SHUTDOWN;
# 3637| if (!ossl_quic_channel_is_closing(ctx.qc->ch))
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_impl.c:3656:12: warning[core.NullDereference]: Access to field 'ch' results in a dereference of a null pointer (loaded from field 'qc')
# 3654| return NULL;
# 3655|
# 3656|-> return ctx.qc->ch;
# 3657| }
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/quic/quic_record_shared.c: scope_hint: In function 'ossl_qrl_enc_level_set_have_el'
openssl-3.2.1/ssl/quic/quic_record_shared.c:49:15: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 47| OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
# 48|
# 49|-> switch (el->state) {
# 50| case QRL_EL_STATE_UNPROV:
# 51| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/quic/quic_record_shared.c: scope_hint: In function 'el_teardown_keyslot'
openssl-3.2.1/ssl/quic/quic_record_shared.c:90:63: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 88| OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
# 89|
# 90|-> if (!ossl_qrl_enc_level_set_has_keyslot(els, enc_level, el->state, keyslot))
# 91| return;
# 92|
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/ssl/quic/quic_record_tx.c:41: error[ctunullpointer]: Null pointer dereference: elem
# 39| };
# 40|
# 41|-> DEFINE_LIST_OF(txe, TXE);
# 42| typedef OSSL_LIST(txe) TXE_LIST;
# 43|
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/ssl/quic/quic_record_tx.c:41: error[ctunullpointer]: Null pointer dereference: list
# 39| };
# 40|
# 41|-> DEFINE_LIST_OF(txe, TXE);
# 42| typedef OSSL_LIST(txe) TXE_LIST;
# 43|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_record_tx.c:41:1: warning[core.NullDereference]: Access to field 'alpha' results in a dereference of a null pointer (loaded from variable 'list')
# 39| };
# 40|
# 41|-> DEFINE_LIST_OF(txe, TXE);
# 42| typedef OSSL_LIST(txe) TXE_LIST;
# 43|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/quic/quic_tls.c: scope_hint: In function 'ossl_quic_tls_tick'
openssl-3.2.1/ssl/quic/quic_tls.c:758:54: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/quic/quic_tls.c:12: included_from: Included from here.
openssl-3.2.1/ssl/ssl_local.h:1824:7: note: in definition of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/quic/quic_tls.c:734:30: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
openssl-3.2.1/ssl/quic/quic_tls.c:9: included_from: Included from here.
openssl-3.2.1/ssl/quic/quic_tls.c:752:14: note: in expansion of macro 'SSL_set_min_proto_version'
# 756| ossl_ssl_set_custom_record_layer(sc, &quic_tls_record_method, qtls);
# 757|
# 758|-> if (!ossl_tls_add_custom_ext_intern(NULL, &sc->cert->custext,
# 759| qtls->args.is_server ? ENDPOINT_SERVER
# 760| : ENDPOINT_CLIENT,
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_txp.c:2758:13: warning[deadcode.DeadStores]: Value stored to 'done_pre_token' is never read
# 2756| chosen_for_conn_close,
# 2757| &can_be_non_inflight))
# 2758|-> done_pre_token = 1;
# 2759|
# 2760| /* CRYPTO Frames */
Error: CLANG_WARNING:
openssl-3.2.1/ssl/quic/quic_txpim.c:163:12: warning[deadcode.DeadStores]: Value stored to 'new_alloc_chunks' during its initialization is never read
# 161| QUIC_TXPIM_PKT_EX *ex = (QUIC_TXPIM_PKT_EX *)fpkt;
# 162| QUIC_TXPIM_CHUNK *new_chunk;
# 163|-> size_t new_alloc_chunks = ex->alloc_chunks;
# 164|
# 165| if (ex->num_chunks == ex->alloc_chunks) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/record/methods/ktls_meth.c: scope_hint: In function 'ktls_configure_crypto'
openssl-3.2.1/ssl/record/methods/ktls_meth.c:225:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
# 223| crypto_info->gcm128.info.version = version;
# 224| crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
# 225|-> memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
# 226| memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
# 227| memcpy(crypto_info->gcm128.key, key, keylen);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/record/methods/ktls_meth.c:225:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 223| crypto_info->gcm128.info.version = version;
# 224| crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
# 225|-> memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
# 226| memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
# 227| memcpy(crypto_info->gcm128.key, key, keylen);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/record/methods/ktls_meth.c:242:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
# 240| crypto_info->gcm256.info.version = version;
# 241| crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
# 242|-> memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
# 243| memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
# 244| memcpy(crypto_info->gcm256.key, key, keylen);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/record/methods/ktls_meth.c:242:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 240| crypto_info->gcm256.info.version = version;
# 241| crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
# 242|-> memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
# 243| memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
# 244| memcpy(crypto_info->gcm256.key, key, keylen);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/record/methods/ktls_meth.c:260:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
# 258| crypto_info->ccm128.info.version = version;
# 259| crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
# 260|-> memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
# 261| memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
# 262| memcpy(crypto_info->ccm128.key, key, keylen);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/record/methods/ktls_meth.c:260:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 258| crypto_info->ccm128.info.version = version;
# 259| crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
# 260|-> memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
# 261| memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
# 262| memcpy(crypto_info->ccm128.key, key, keylen);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/record/rec_layer_s3.c:95:51: warning[core.NullDereference]: Dereference of null pointer
# 93| max_early_data = s->recv_max_early_data;
# 94| else
# 95|-> max_early_data = s->recv_max_early_data < sess->ext.max_early_data
# 96| ? s->recv_max_early_data : sess->ext.max_early_data;
# 97|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/record/rec_layer_s3.c: scope_hint: In function 'ssl3_read_bytes'
openssl-3.2.1/ssl/record/rec_layer_s3.c:622:14: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 620| if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) {
# 621| /* type == SSL3_RT_APPLICATION_DATA */
# 622|-> i = s->handshake_func(ssl);
# 623| /* SSLfatal() already called */
# 624| if (i < 0)
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/record/rec_layer_s3.c:630:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 628| }
# 629| start:
# 630|-> s->rwstate = SSL_NOTHING;
# 631|
# 632| /*-
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_cert_comp.c:416: warning[nullPointer]: Possible null pointer dereference: sc
# 414| CERT_PKEY *cpk = NULL;
# 415|
# 416|-> if (sc->cert != NULL)
# 417| cpk = sc->cert->key;
# 418| else
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_cert_comp.c: scope_hint: In function 'SSL_get1_compressed_cert'
openssl-3.2.1/ssl/ssl_cert_comp.c:416:11: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/ssl_cert_comp.c:11: included_from: Included from here.
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_cert_comp.c:413:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 414| CERT_PKEY *cpk = NULL;
# 415|
# 416|-> if (sc->cert != NULL)
# 417| cpk = sc->cert->key;
# 418| else
Error: COMPILER_WARNING (CWE-704):
openssl-3.2.1/ssl/ssl_ciph.c: scope_hint: In function 'ssl_create_cipher_list'
openssl-3.2.1/ssl/ssl_ciph.c:1526:19: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
# 1524|
# 1525| if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
# 1526|-> char *p = rule_str + 14;
# 1527|
# 1528| new_rules = load_system_str(p);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/ssl_lib.c:465:13: warning[deadcode.DeadStores]: Value stored to 'min_version' is never read
# 463| if (min_version == 0)
# 464| /* Ignore DTLS1_BAD_VER */
# 465|-> min_version = DTLS1_VERSION;
# 466| if (max_version == 0)
# 467| max_version = DTLS1_2_VERSION;
Error: CLANG_WARNING:
openssl-3.2.1/ssl/ssl_lib.c:467:13: warning[deadcode.DeadStores]: Value stored to 'max_version' is never read
# 465| min_version = DTLS1_VERSION;
# 466| if (max_version == 0)
# 467|-> max_version = DTLS1_2_VERSION;
# 468| #ifdef OPENSSL_NO_DTLS1_2
# 469| if (max_version == DTLS1_2_VERSION)
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_is_dtls'
openssl-3.2.1/ssl/ssl_lib.c:965:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_lib.c:13: included_from: Included from here.
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:962:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 963|
# 964| #ifndef OPENSSL_NO_QUIC
# 965|-> if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 966| return 0;
# 967| #endif
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_is_tls'
openssl-3.2.1/ssl/ssl_lib.c:980:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:977:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 978|
# 979| #ifndef OPENSSL_NO_QUIC
# 980|-> if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 981| return 0;
# 982| #endif
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_set_wfd'
openssl-3.2.1/ssl/ssl_lib.c:1722:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:1610:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 1720| int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
# 1721|
# 1722|-> if (s->type == SSL_TYPE_QUIC_XSO) {
# 1723| ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
# 1724| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_set_rfd'
openssl-3.2.1/ssl/ssl_lib.c:1758:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:1625:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 1756| int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
# 1757|
# 1758|-> if (s->type == SSL_TYPE_QUIC_XSO) {
# 1759| ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
# 1760| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_do_handshake'
openssl-3.2.1/ssl/ssl_lib.c:4728:11: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:4721:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 4726| #endif
# 4727|
# 4728|-> if (sc->handshake_func == NULL) {
# 4729| ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
# 4730| return -1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_set_accept_state'
openssl-3.2.1/ssl/ssl_lib.c:4763:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/ssl/ssl_lib.c:4754:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
# 4761| #endif
# 4762|
# 4763|-> sc->server = 1;
# 4764| sc->shutdown = 0;
# 4765| ossl_statem_clear(sc);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_set_connect_state'
openssl-3.2.1/ssl/ssl_lib.c:4782:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/ssl/ssl_lib.c:4773:26: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
# 4780| #endif
# 4781|
# 4782|-> sc->server = 0;
# 4783| sc->shutdown = 0;
# 4784| ossl_statem_clear(sc);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_get_version'
openssl-3.2.1/ssl/ssl_lib.c:4852:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:4848:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 4850| #ifndef OPENSSL_NO_QUIC
# 4851| /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 4852|-> if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 4853| return "QUICv1";
# 4854| #endif
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_version'
openssl-3.2.1/ssl/ssl_lib.c:5214:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:5210:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 5212| #ifndef OPENSSL_NO_QUIC
# 5213| /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5214|-> if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5215| return OSSL_QUIC1_VERSION;
# 5216| #endif
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_client_version'
openssl-3.2.1/ssl/ssl_lib.c:5229:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:5225:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 5227| #ifndef OPENSSL_NO_QUIC
# 5228| /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5229|-> if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5230| return OSSL_QUIC1_VERSION;
# 5231| #endif
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_get0_client_cert_type'
openssl-3.2.1/ssl/ssl_lib.c:7794:12: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:7789:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 7792| return 0;
# 7793|
# 7794|-> *t = sc->client_cert_type;
# 7795| *len = sc->client_cert_type_len;
# 7796| return 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_lib.c: scope_hint: In function 'SSL_get0_server_cert_type'
openssl-3.2.1/ssl/ssl_lib.c:7806:12: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/ssl/ssl_local.h:1833:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/ssl/ssl_lib.c:7801:32: note: in expansion of macro 'SSL_CONNECTION_FROM_CONST_SSL'
# 7804| return 0;
# 7805|
# 7806|-> *t = sc->server_cert_type;
# 7807| *len = sc->server_cert_type_len;
# 7808| return 1;
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/ssl/ssl_rsa.c:961: warning[nullPointer]: Possible null pointer dereference: ctx
# 959| return 0;
# 960|
# 961|-> c = sc != NULL ? sc->cert : ctx->cert;
# 962| /* Do all security checks before anything else */
# 963| rv = ssl_security_cert(sc, ctx, x509, 0, 1);
Error: CPPCHECK_WARNING (CWE-562):
openssl-3.2.1/ssl/ssl_sess.c:535: error[returnDanglingLifetime]: Returning pointer to local variable 'copy' that will be invalid when returning.
# 533| }
# 534|
# 535|-> return ret;
# 536| }
# 537|
Error: CLANG_WARNING:
openssl-3.2.1/ssl/statem/extensions_clnt.c:289:17: warning[core.NullDereference]: Dereference of null pointer
# 287|
# 288| if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
# 289|-> || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
# 290| SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
# 291| return EXT_RETURN_FAIL;
Error: CLANG_WARNING:
openssl-3.2.1/ssl/statem/statem_clnt.c:1435:43: warning[core.NullDereference]: Access to field 'algorithm2' results in a dereference of a null pointer (loaded from field 'cipher')
# 1433| */
# 1434| if (md == NULL
# 1435|-> || md != ssl_md(sctx, s->session->cipher->algorithm2)) {
# 1436| SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
# 1437| SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);
Error: CLANG_WARNING:
openssl-3.2.1/ssl/statem/statem_dtls.c:678:13: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 676| item = pitem_new(seq64be, frag);
# 677| if (item == NULL) {
# 678|-> i = -1;
# 679| goto err;
# 680| }
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/ssl/statem/statem_dtls.c: scope_hint: In function 'dtls1_buffer_message'
openssl-3.2.1/ssl/statem/statem_dtls.c:1127:5: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1125| return 0;
# 1126|
# 1127|-> memcpy(frag->fragment, s->init_buf->data, s->init_num);
# 1128|
# 1129| if (is_ccs) {
Error: CLANG_WARNING:
openssl-3.2.1/ssl/statem/statem_dtls.c:1127:5: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1125| return 0;
# 1126|
# 1127|-> memcpy(frag->fragment, s->init_buf->data, s->init_num);
# 1128|
# 1129| if (is_ccs) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/ssl/t1_lib.c: scope_hint: In function 'tls_choose_sigalg'
openssl-3.2.1/ssl/t1_lib.c:3948:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'lu'
# 3946| }
# 3947| if (sig_idx == -1)
# 3948|-> sig_idx = lu->sig_idx;
# 3949| s->s3.tmp.cert = &s->cert->pkeys[sig_idx];
# 3950| s->cert->key = s->s3.tmp.cert;
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/acvp_test.c:369:12: warning[-Wunused-function]: 'dsa_keygen_test' defined but not used
# 369 | static int dsa_keygen_test(int id)
# | ^~~~~~~~~~~~~~~
# 367| }
# 368|
# 369|-> static int dsa_keygen_test(int id)
# 370| {
# 371| int ret = 0, i;
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/acvp_test.c:409:12: warning[-Wunused-function]: 'dsa_paramgen_test' defined but not used
# 409 | static int dsa_paramgen_test(int id)
# | ^~~~~~~~~~~~~~~~~
# 407| }
# 408|
# 409|-> static int dsa_paramgen_test(int id)
# 410| {
# 411| int ret = 0, counter = 0;
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/acvp_test.c:520:12: warning[-Wunused-function]: 'dsa_pqver_test' defined but not used
# 520 | static int dsa_pqver_test(int id)
# | ^~~~~~~~~~~~~~
# 518| }
# 519|
# 520|-> static int dsa_pqver_test(int id)
# 521| {
# 522| int ret = 0;
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/acvp_test.c:589:12: warning[-Wunused-function]: 'dsa_siggen_test' defined but not used
# 589 | static int dsa_siggen_test(int id)
# | ^~~~~~~~~~~~~~~
# 587| }
# 588|
# 589|-> static int dsa_siggen_test(int id)
# 590| {
# 591| int ret = 0;
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/acvp_test.c:615:12: warning[-Wunused-function]: 'dsa_sigver_test' defined but not used
# 615 | static int dsa_sigver_test(int id)
# | ^~~~~~~~~~~~~~~
# 613| }
# 614|
# 615|-> static int dsa_sigver_test(int id)
# 616| {
# 617| int ret = 0;
Error: CLANG_WARNING:
openssl-3.2.1/test/asynciotest.c:342:14: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 340| * (the first one might be a retryable fail).
# 341| */
# 342|-> for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
# 343| i++) {
# 344| ret = SSL_write(clientssl, testdata + len,
Error: CLANG_WARNING:
openssl-3.2.1/test/asynciotest.c:364:14: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 362| * bytes from the record header/padding etc.
# 363| */
# 364|-> for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
# 365| i < MAX_ATTEMPTS; i++) {
# 366| ret = SSL_read(serverssl, buf + len, sizeof(buf) - len);
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/test/cert_comp_test.c:215: warning[nullPointer]: Possible null pointer dereference: sc
# 213|
# 214| /* expect that the pre-compressed cert won't be used */
# 215|-> if (!TEST_int_eq(sc->cert->key->cert_comp_used, 0))
# 216| goto end;
# 217|
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/test/cert_comp_test.c:223: warning[nullPointer]: Possible null pointer dereference: sc
# 221| SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(serverssl);
# 222|
# 223|-> if (!TEST_int_gt(sc->cert->key->cert_comp_used, 0))
# 224| goto end;
# 225|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/cert_comp_test.c:21: included_from: Included from here.
openssl-3.2.1/test/cert_comp_test.c: scope_hint: In function 'test_ssl_cert_comp'
openssl-3.2.1/test/cert_comp_test.c:223:28: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:436:71: note: in definition of macro 'TEST_int_gt'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/cert_comp_test.c:196:20: note: in expansion of macro 'SSL_set_app_data'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/cert_comp_test.c:198:20: note: in expansion of macro 'SSL_set_app_data'
openssl-3.2.1/test/cert_comp_test.c:22: included_from: Included from here.
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/cert_comp_test.c:221:30: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/cert_comp_test.c:221:30: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
openssl-3.2.1/test/testutil.h:436:71: note: in definition of macro 'TEST_int_gt'
openssl-3.2.1/test/testutil.h:436:71: note: in definition of macro 'TEST_int_gt'
# 221| SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(serverssl);
# 222|
# 223|-> if (!TEST_int_gt(sc->cert->key->cert_comp_used, 0))
# 224| goto end;
# 225|
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/cipherlist_test.c:197:12: warning[-Wunused-function]: 'test_default_cipherlist_implicit' defined but not used
# 197 | static int test_default_cipherlist_implicit(void)
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 195| EXECUTE_TEST(execute_test, tear_down)
# 196|
# 197|-> static int test_default_cipherlist_implicit(void)
# 198| {
# 199| SETUP_CIPHERLIST_TEST_FIXTURE();
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/test/cmp_vfy_test.c:340: warning[nullPointer]: Possible null pointer dereference: fixture
# 338| fixture = NULL;
# 339| }
# 340|-> fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */
# 341| EXECUTE_TEST(execute_validate_msg_test, tear_down);
# 342| return result;
Error: CLANG_WARNING:
openssl-3.2.1/test/cmp_vfy_test.c:340:35: warning[core.NullDereference]: Access to field 'msg' results in a dereference of a null pointer (loaded from variable 'fixture')
# 338| fixture = NULL;
# 339| }
# 340|-> fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */
# 341| EXECUTE_TEST(execute_validate_msg_test, tear_down);
# 342| return result;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/include/openssl/x509v3.h:25: included_from: Included from here.
openssl-3.2.1/include/openssl/crmf.h:28: included_from: Included from here.
openssl-3.2.1/include/openssl/cmp.h:23: included_from: Included from here.
openssl-3.2.1/test/helpers/cmp_testlib.h:15: included_from: Included from here.
openssl-3.2.1/test/cmp_vfy_test.c:12: included_from: Included from here.
openssl-3.2.1/test/cmp_vfy_test.c: scope_hint: In function 'test_validate_msg_signature_sender_cert_extracert'
openssl-3.2.1/test/cmp_vfy_test.c:340:42: warning[-Wanalyzer-null-dereference]: dereference of NULL 'fixture'
openssl-3.2.1/include/openssl/x509.h:80:88: note: in definition of macro 'sk_X509_value'
openssl-3.2.1/test/helpers/cmp_testlib.h:20: included_from: Included from here.
openssl-3.2.1/test/testutil.h:100:34: note: in definition of macro 'SETUP_TEST_FIXTURE'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/cmp_vfy_test.c:64:17: note: in expansion of macro 'OSSL_CMP_CTX_set0_trusted'
openssl-3.2.1/test/testutil.h:100:34: note: in definition of macro 'SETUP_TEST_FIXTURE'
openssl-3.2.1/test/cmp_vfy_test.c:333:5: note: in expansion of macro 'SETUP_TEST_FIXTURE'
openssl-3.2.1/include/openssl/x509.h:80:88: note: in definition of macro 'sk_X509_value'
# 338| fixture = NULL;
# 339| }
# 340|-> fixture->cert = sk_X509_value(fixture->msg->extraCerts, 1); /* Insta CA */
# 341| EXECUTE_TEST(execute_validate_msg_test, tear_down);
# 342| return result;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/drbgtest.c:107:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'drbg'
openssl-3.2.1/test/drbgtest.c: scope_hint: In function 'inc_reseed_counter'
openssl-3.2.1/test/drbgtest.c:43: included_from: Included from here.
openssl-3.2.1/test/drbgtest.c:819:13: note: in expansion of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
# 105| static PROV_DRBG *prov_rand(EVP_RAND_CTX *drbg)
# 106| {
# 107|-> return (PROV_DRBG *)drbg->algctx;
# 108| }
# 109|
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:170:19: warning[-Wunused-but-set-variable]: variable 'buf' set but not used
# 170 | unsigned char buf[100];
# | ^~~
# 168| const BIGNUM *scalars[4];
# 169| #endif
# 170|-> unsigned char buf[100];
# 171| size_t len, r = 0;
# 172| int k;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:171:12: warning[-Wunused-variable]: unused variable 'len'
# 171 | size_t len, r = 0;
# | ^~~
# 169| #endif
# 170| unsigned char buf[100];
# 171|-> size_t len, r = 0;
# 172| int k;
# 173|
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c: scope_hint: In function 'prime_field_tests'
openssl-3.2.1/test/ectest.c:172:9: warning[-Wunused-variable]: unused variable 'k'
# 172 | int k;
# | ^
# 170| unsigned char buf[100];
# 171| size_t len, r = 0;
# 172|-> int k;
# 173|
# 174| if (!TEST_ptr(ctx = BN_CTX_new())
Error: COMPILER_WARNING (CWE-1164):
openssl-3.2.1/test/ectest.c: scope_hint: At top level
openssl-3.2.1/test/ectest.c:2079:12: warning[-Wunused-function]: 'cofactor_range_test' defined but not used
# 2079 | static int cofactor_range_test(void)
# | ^~~~~~~~~~~~~~~~~~~
# 2077| * conform to that -- this is just robustness testing.
# 2078| */
# 2079|-> static int cofactor_range_test(void)
# 2080| {
# 2081| EC_GROUP *group = NULL;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:2345:18: warning[-Wunused-variable]: unused variable 'i_out'
# 2345 | int ret = 0, i_out;
# | ^~~~~
# 2343| unsigned char *gen, int gen_size)
# 2344| {
# 2345|-> int ret = 0, i_out;
# 2346| EVP_PKEY_CTX *pctx = NULL;
# 2347| EVP_PKEY *pkeyparam = NULL;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:2351:23: warning[-Wunused-variable]: unused variable 'gettable'
# 2351 | const OSSL_PARAM *gettable;
# | ^~~~~~~~
# 2349| const char *field_name;
# 2350| OSSL_PARAM *params = NULL;
# 2351|-> const OSSL_PARAM *gettable;
# 2352| BIGNUM *p, *a, *b;
# 2353| BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:2355:10: warning[-Wunused-variable]: unused variable 'name'
# 2355 | char name[80];
# | ^~~~
# 2353| BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL;
# 2354| BIGNUM *order_out = NULL, *cofactor_out = NULL;
# 2355|-> char name[80];
# 2356| unsigned char buf[1024];
# 2357| size_t buf_len, name_len;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:2356:19: warning[-Wunused-variable]: unused variable 'buf'
# 2356 | unsigned char buf[1024];
# | ^~~
# 2354| BIGNUM *order_out = NULL, *cofactor_out = NULL;
# 2355| char name[80];
# 2356|-> unsigned char buf[1024];
# 2357| size_t buf_len, name_len;
# 2358| #ifndef OPENSSL_NO_EC2M
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:2357:12: warning[-Wunused-variable]: unused variable 'buf_len'
# 2357 | size_t buf_len, name_len;
# | ^~~~~~~
# 2355| char name[80];
# 2356| unsigned char buf[1024];
# 2357|-> size_t buf_len, name_len;
# 2358| #ifndef OPENSSL_NO_EC2M
# 2359| unsigned int k1 = 0, k2 = 0, k3 = 0;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c: scope_hint: In function 'do_test_custom_explicit_fromdata'
openssl-3.2.1/test/ectest.c:2357:21: warning[-Wunused-variable]: unused variable 'name_len'
# 2357 | size_t buf_len, name_len;
# | ^~~~~~~~
# 2355| char name[80];
# 2356| unsigned char buf[1024];
# 2357|-> size_t buf_len, name_len;
# 2358| #ifndef OPENSSL_NO_EC2M
# 2359| unsigned int k1 = 0, k2 = 0, k3 = 0;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c:2667:12: warning[-Wunused-variable]: unused variable 'sslen'
# 2667 | size_t sslen, t;
# | ^~~~~
# 2665| EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
# 2666| EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
# 2667|-> size_t sslen, t;
# 2668| unsigned char *pub1 = NULL , *pub2 = NULL;
# 2669| OSSL_PARAM_BLD *param_bld = NULL;
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/ectest.c: scope_hint: In function 'custom_params_test'
openssl-3.2.1/test/ectest.c:2667:19: warning[-Wunused-variable]: unused variable 't'
# 2667 | size_t sslen, t;
# | ^
# 2665| EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
# 2666| EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
# 2667|-> size_t sslen, t;
# 2668| unsigned char *pub1 = NULL , *pub2 = NULL;
# 2669| OSSL_PARAM_BLD *param_bld = NULL;
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/test/endecode_test.c: scope_hint: In function 'check_protected_legacy_PEM'
openssl-3.2.1/test/endecode_test.c:776:24: warning[-Wanalyzer-null-argument]: use of NULL 'data' where non-null expected
openssl-3.2.1/test/endecode_test.c:34:63: note: in definition of macro 'TEST_FL_ptr'
openssl-3.2.1/test/endecode_test.c:27: included_from: Included from here.
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/endecode_test.c:775:12: note: in expansion of macro 'TEST_FL_strn_eq'
openssl-3.2.1/test/endecode_test.c:34:63: note: in definition of macro 'TEST_FL_ptr'
openssl-3.2.1/test/endecode_test.c:34:63: note: in definition of macro 'TEST_FL_ptr'
<built-in>: note: argument 1 of '__builtin_strstr' must be non-null
# 774| "-----BEGIN %s PRIVATE KEY-----", type), 0)
# 775| && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
# 776|-> && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
# 777| }
# 778|
Error: CLANG_WARNING:
openssl-3.2.1/test/endecode_test.c:776:24: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 774| "-----BEGIN %s PRIVATE KEY-----", type), 0)
# 775| && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
# 776|-> && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
# 777| }
# 778|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/endecoder_legacy_test.c:59: included_from: Included from here.
openssl-3.2.1/test/endecoder_legacy_test.c: scope_hint: In function 'test_key'
openssl-3.2.1/test/endecoder_legacy_test.c:519:24: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
# 517|
# 518| /* Set up the keys */
# 519|-> if (!TEST_ptr(pkey = key->key)
# 520| || !TEST_true(evp_pkey_copy_downgraded(&downgraded_pkey, pkey))
# 521| || !TEST_ptr(downgraded_pkey)
Error: CLANG_WARNING:
openssl-3.2.1/test/evp_extra_test.c:3326:9: warning[deadcode.DeadStores]: Value stored to 'keytype' is never read
# 3324| break;
# 3325| case 1:
# 3326|-> keytype = "SM2";
# 3327| expect_null = 1;
# 3328| #ifdef OPENSSL_NO_EC
Error: CLANG_WARNING:
openssl-3.2.1/test/evp_extra_test.c:3327:9: warning[deadcode.DeadStores]: Value stored to 'expect_null' is never read
# 3325| case 1:
# 3326| keytype = "SM2";
# 3327|-> expect_null = 1;
# 3328| #ifdef OPENSSL_NO_EC
# 3329| TEST_info("EC disable, skipping SM2 check...");
Error: GCC_ANALYZER_WARNING (CWE-910):
openssl-3.2.1/test/evp_extra_test2.c:479:5: warning[-Wanalyzer-double-fclose]: double 'fclose' of FILE 'fp'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/evp_extra_test2.c:465:13: note: in expansion of macro 'TEST_int_eq'
openssl-3.2.1/test/evp_extra_test2.c:465:13: note: in expansion of macro 'TEST_int_eq'
# 477| EVP_PKEY_free(outkey);
# 478| EVP_PKEY_free(key);
# 479|-> fclose(fp);
# 480| return ret;
# 481| }
Error: GCC_ANALYZER_WARNING (CWE-415):
openssl-3.2.1/test/evp_extra_test2.c:479:5: warning[-Wanalyzer-double-free]: double-'fclose' of 'fp'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/evp_extra_test2.c:465:13: note: in expansion of macro 'TEST_int_eq'
openssl-3.2.1/test/evp_extra_test2.c:465:13: note: in expansion of macro 'TEST_int_eq'
# 477| EVP_PKEY_free(outkey);
# 478| EVP_PKEY_free(key);
# 479|-> fclose(fp);
# 480| return ret;
# 481| }
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/test/evp_extra_test2.c: scope_hint: In function 'test_ec_d2i_i2d_pubkey'
openssl-3.2.1/test/evp_extra_test2.c:479:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'fp' where non-null expected
openssl-3.2.1/test/evp_extra_test2.c:28: included_from: Included from here.
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/include/openssl/evp.h:22: included_from: Included from here.
openssl-3.2.1/test/evp_extra_test2.c:20: included_from: Included from here.
/usr/include/stdio.h:184:12: note: argument 1 of 'fclose' must be non-null
# 477| EVP_PKEY_free(outkey);
# 478| EVP_PKEY_free(key);
# 479|-> fclose(fp);
# 480| return ret;
# 481| }
Error: GCC_ANALYZER_WARNING (CWE-121):
openssl-3.2.1/test/evp_fetch_prov_test.c: scope_hint: In function 'load_providers'
openssl-3.2.1/test/evp_fetch_prov_test.c:96:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.2.1/test/evp_fetch_prov_test.c:22: included_from: Included from here.
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/evp_fetch_prov_test.c:96:17: note: write of 8 bytes to beyond the end of 'prov'
openssl-3.2.1/test/evp_fetch_prov_test.c:96:17: note: valid subscripts for 'prov' are '[0]' to '[1]'
# +-------------------------------------------+
# |
# | [0] | [1] || |
# |~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~||~~~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~~~|
# | |
# 94| for (i = 0; i < test_get_argument_count(); ++i) {
# 95| char *provname = test_get_argument(i);
# 96|-> prov[i] = OSSL_PROVIDER_load(ctx, provname);
# 97| if (!TEST_ptr(prov[i]))
# 98| goto err;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/evp_test.c: scope_hint: In function 'keypair_test_init'
openssl-3.2.1/test/evp_test.c:3143:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'pub'
openssl-3.2.1/test/evp_test.c:29: included_from: Included from here.
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
# 3141| goto end;
# 3142| }
# 3143|-> *pub++ = '\0';
# 3144|
# 3145| if (!TEST_true(find_key(&pk, priv, private_keys))) {
Error: CLANG_WARNING:
openssl-3.2.1/test/evp_test.c:3988:20: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 3986| }
# 3987| if (klist == &private_keys)
# 3988|-> pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
# 3989| keylen);
# 3990| else
Error: CLANG_WARNING:
openssl-3.2.1/test/evp_test.c:3991:20: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 3989| keylen);
# 3990| else
# 3991|-> pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
# 3992| keylen);
# 3993| if (pkey == NULL && !key_unsupported()) {
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/fake_rsaprov.c:89:26: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/fake_rsaprov.c: scope_hint: In function 'fake_rsa_st_load'
openssl-3.2.1/test/fake_rsaprov.c:16: included_from: Included from here.
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/fake_rsaprov.c:631:14: note: in expansion of macro 'TEST_int_gt'
openssl-3.2.1/test/fake_rsaprov.c:631:14: note: in expansion of macro 'TEST_int_gt'
openssl-3.2.1/test/fake_rsaprov.c:631:14: note: in expansion of macro 'TEST_int_gt'
# 87|
# 88| /* key was imported */
# 89|-> fake_rsa_key->status = 1;
# 90|
# 91| return 1;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/fake_rsaprov.c: scope_hint: In function 'fake_rsa_gen'
openssl-3.2.1/test/fake_rsaprov.c:261:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/fake_rsaprov.c:255:13: note: in expansion of macro 'TEST_mem_eq'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
# 259| return NULL;
# 260|
# 261|-> keydata->status = 2;
# 262| return keydata;
# 263| }
Error: GCC_ANALYZER_WARNING (CWE-457):
openssl-3.2.1/test/helpers/noisydgrambio.c: scope_hint: In function 'noisy_dgram_recvmmsg'
openssl-3.2.1/test/helpers/noisydgrambio.c:266:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'flip_offset'
# 264| }
# 265|
# 266|-> flip_bits(thismsg->data, thismsg->data_len, flip, flip_offset);
# 267|
# 268| /*
Error: CLANG_WARNING:
openssl-3.2.1/test/helpers/noisydgrambio.c:266:9: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 264| }
# 265|
# 266|-> flip_bits(thismsg->data, thismsg->data_len, flip, flip_offset);
# 267|
# 268| /*
Error: CLANG_WARNING:
openssl-3.2.1/test/helpers/quictestlib.c:250:9: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'fault')
# 248| (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
# 249|
# 250|-> (*fault)->noiseargs.cbio = cbio;
# 251| (*fault)->noiseargs.sbio = sbio;
# 252| (*fault)->noiseargs.tracebio = tmpbio;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/helpers/quictestlib.c: scope_hint: In function 'qtest_create_quic_objects'
openssl-3.2.1/test/helpers/quictestlib.c:250:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'fault'
openssl-3.2.1/test/helpers/quictestlib.c:16: included_from: Included from here.
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/helpers/quictestlib.c:227:14: note: in expansion of macro 'TEST_ptr'
# 248| (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
# 249|
# 250|-> (*fault)->noiseargs.cbio = cbio;
# 251| (*fault)->noiseargs.sbio = sbio;
# 252| (*fault)->noiseargs.tracebio = tmpbio;
Error: CLANG_WARNING:
openssl-3.2.1/test/helpers/ssltestlib.c:638:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 636| err:
# 637| for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++)
# 638|-> mempacket_free(allpkts[i]);
# 639| return -1;
# 640| }
Error: CLANG_WARNING:
openssl-3.2.1/test/modes_internal_test.c:177:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 175| memcpy(out + len, in + len + 16, tail);
# 176| memcpy(out + len + tail, in + len, 16);
# 177|-> len += 16 + tail;
# 178| tail = 16;
# 179|
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/params_test.c: scope_hint: In function 'cleanup_object'
openssl-3.2.1/test/params_test.c:92:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'vobj'
openssl-3.2.1/test/params_test.c:22: included_from: Included from here.
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
# 90| struct object_st *obj = vobj;
# 91|
# 92|-> BN_free(obj->p3);
# 93| obj->p3 = NULL;
# 94| OPENSSL_free(obj->p4);
Error: CLANG_WARNING:
openssl-3.2.1/test/params_test.c:338:13: warning[deadcode.DeadStores]: Although the value stored to 'l' is used in the enclosing expression, the value is never actually read from 'l'
# 336| app_p2 = app_p2_init;
# 337| if (!BN_hex2bn(&app_p3, app_p3_init)
# 338|-> || (l = BN_bn2nativepad(app_p3, bignumbin, sizeof(bignumbin))) < 0)
# 339| return 0;
# 340| strcpy(app_p4, app_p4_init);
Error: CLANG_WARNING:
openssl-3.2.1/test/quic_ackm_test.c:546:26: warning[core.NullDereference]: Dereference of null pointer
# 544| case TX_ACK_TIME_OP_PKT:
# 545| for (i = 0; i < s->num_pn; ++i) {
# 546|-> tx = h.pkts[pkt_idx + i].pkt;
# 547|
# 548| tx->pkt_num = s->pn + i;
Error: CLANG_WARNING:
openssl-3.2.1/test/quic_multistream_test.c:861:10: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 859| return NULL;
# 860|
# 861|-> if (!strcmp(stream_name, "DEFAULT"))
# 862| return NULL;
# 863|
Error: CLANG_WARNING:
openssl-3.2.1/test/quic_multistream_test.c:914:10: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 912| STREAM_INFO *info;
# 913|
# 914|-> if (!strcmp(stream_name, "DEFAULT"))
# 915| return 0;
# 916|
Error: CLANG_WARNING:
openssl-3.2.1/test/quic_multistream_test.c:1011:15: warning[deadcode.DeadStores]: Value stored to 'op_start_time' during its initialization is never read
# 1009| int end_wait_warning = 0;
# 1010| #endif
# 1011|-> OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero();
# 1012| struct helper_local hl_, *hl = &hl_;
# 1013| #define REPEAT_SLOTS 8
Error: GCC_ANALYZER_WARNING (CWE-124):
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1179:16: warning[-Wanalyzer-out-of-bounds]: stack-based buffer underwrite
openssl-3.2.1/test/quic_multistream_test.c:16: included_from: Included from here.
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/include/internal/quic_stream.h:15: included_from: Included from here.
openssl-3.2.1/include/internal/quic_tserver.h:15: included_from: Included from here.
openssl-3.2.1/test/quic_multistream_test.c:13: included_from: Included from here.
openssl-3.2.1/include/internal/safe_math.h:432:5: note: in expansion of macro 'OSSL_SAFE_MATH_ADDU'
openssl-3.2.1/include/internal/time.h:53:1: note: in expansion of macro 'OSSL_SAFE_MATH_UNSIGNED'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1179:16: note: valid subscripts for 'repeat_stack_done' are '[0]' to '[7]'
# +--------------------------------------+
# |
# | [0] | ... | [7] | | |
# |~~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~| |~~~~~~~~~~~~~~~~~~+~~~~~~~~~~~~~~~~~~~|
# | |
# 1177| goto out;
# 1178|
# 1179|-> if (++repeat_stack_done[repeat_stack_len - 1]
# 1180| == repeat_stack_limit[repeat_stack_len - 1]) {
# 1181| --repeat_stack_len;
Error: CLANG_WARNING:
openssl-3.2.1/test/quic_multistream_test.c:1179:17: warning[core.uninitialized.Assign]: The expression is an uninitialized value. The computed value will also be garbage
# 1177| goto out;
# 1178|
# 1179|-> if (++repeat_stack_done[repeat_stack_len - 1]
# 1180| == repeat_stack_limit[repeat_stack_len - 1]) {
# 1181| --repeat_stack_len;
Error: GCC_ANALYZER_WARNING (CWE-127):
openssl-3.2.1/test/quic_multistream_test.c:1179:36: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/include/internal/safe_math.h:432:5: note: in expansion of macro 'OSSL_SAFE_MATH_ADDU'
openssl-3.2.1/include/internal/time.h:53:1: note: in expansion of macro 'OSSL_SAFE_MATH_UNSIGNED'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1179:36: note: valid subscripts for 'repeat_stack_done' are '[0]' to '[7]'
# +--------------------------+
# ^
# +------------+------------+-------------+ +--------------------------+
# | [0] | ... | [7] | | |
# | |
# 1177| goto out;
# 1178|
# 1179|-> if (++repeat_stack_done[repeat_stack_len - 1]
# 1180| == repeat_stack_limit[repeat_stack_len - 1]) {
# 1181| --repeat_stack_len;
Error: GCC_ANALYZER_WARNING (CWE-127):
openssl-3.2.1/test/quic_multistream_test.c:1180:38: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/include/internal/safe_math.h:432:5: note: in expansion of macro 'OSSL_SAFE_MATH_ADDU'
openssl-3.2.1/include/internal/time.h:53:1: note: in expansion of macro 'OSSL_SAFE_MATH_UNSIGNED'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1180:38: note: valid subscripts for 'repeat_stack_limit' are '[0]' to '[7]'
# +--------------------------+
# ^
# +------------+------------+--------------+ +--------------------------+
# | [0] | ... | [7] | | |
# | |
# 1178|
# 1179| if (++repeat_stack_done[repeat_stack_len - 1]
# 1180|-> == repeat_stack_limit[repeat_stack_len - 1]) {
# 1181| --repeat_stack_len;
# 1182| } else {
Error: GCC_ANALYZER_WARNING (CWE-127):
openssl-3.2.1/test/quic_multistream_test.c:1183:24: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/include/internal/safe_math.h:432:5: note: in expansion of macro 'OSSL_SAFE_MATH_ADDU'
openssl-3.2.1/include/internal/time.h:53:1: note: in expansion of macro 'OSSL_SAFE_MATH_UNSIGNED'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c: scope_hint: In function 'run_script_worker'
openssl-3.2.1/test/quic_multistream_test.c:1059:14: note: in expansion of macro 'TEST_int_le'
openssl-3.2.1/test/quic_multistream_test.c:1183:24: note: valid subscripts for 'repeat_stack_idx' are '[0]' to '[7]'
# +--------------------------+
# ^
# +------------+------------+------------+ +--------------------------+
# | [0] | ... | [7] | | |
# | |
# 1181| --repeat_stack_len;
# 1182| } else {
# 1183|-> op_idx = repeat_stack_idx[repeat_stack_len - 1];
# 1184| no_advance = 1;
# 1185| continue;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/ssl_handshake_rtt_test.c: scope_hint: In function 'test_handshake_rtt'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:80:24: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:28: included_from: Included from here.
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:31: included_from: Included from here.
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:73:9: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 78| switch (tst) {
# 79| case 0:
# 80|-> st->hand_state = TLS_ST_CW_CLNT_HELLO;
# 81| ossl_statem_client_write_transition(s);
# 82| OSSL_sleep(1);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/ssl_handshake_rtt_test.c:87:24: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:73:9: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 85| break;
# 86| case 1:
# 87|-> st->hand_state = TLS_ST_SW_SRVR_DONE;
# 88| ossl_statem_server_write_transition(s);
# 89| OSSL_sleep(1);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/ssl_handshake_rtt_test.c:94:24: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:73:9: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 92| break;
# 93| case 2:
# 94|-> st->hand_state = TLS_ST_CW_CLNT_HELLO;
# 95| ossl_statem_client_write_transition(s);
# 96| OSSL_sleep(1);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/ssl_handshake_rtt_test.c:101:24: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:73:9: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 99| break;
# 100| case 3:
# 101|-> st->hand_state = TLS_ST_SW_SRVR_DONE;
# 102| ossl_statem_server_write_transition(s);
# 103| OSSL_sleep(1);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/ssl_handshake_rtt_test.c:108:24: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/ssl/ssl_local.h:1831:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_int'
openssl-3.2.1/test/ssl_handshake_rtt_test.c:73:9: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL'
# 106| break;
# 107| case 4:
# 108|-> st->hand_state = TLS_ST_EARLY_DATA;
# 109| ossl_statem_client_write_transition(s);
# 110| OSSL_sleep(1);
Error: CLANG_WARNING:
openssl-3.2.1/test/ssl_old_test.c:354:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 352|
# 353| if (client_proto != NULL &&
# 354|-> memcmp(client_proto, server_proto, client_proto_len) != 0) {
# 355| BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
# 356| goto err;
Error: CLANG_WARNING:
openssl-3.2.1/test/ssl_old_test.c:366:10: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 364| if (alpn_expected != NULL &&
# 365| (client_proto_len != strlen(alpn_expected) ||
# 366|-> memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
# 367| BIO_printf(bio_stdout,
# 368| "ALPN selected protocols not equal to expected protocol: %s\n",
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/test/sslapitest.c:268:29: warning[-Wanalyzer-null-argument]: use of NULL 'token' where non-null expected
openssl-3.2.1/test/testutil.h:525:67: note: in definition of macro 'TEST_false'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/sslapitest.c:254:18: note: in expansion of macro 'TEST_size_t_eq'
openssl-3.2.1/test/testutil.h:525:67: note: in definition of macro 'TEST_false'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:525:67: note: in definition of macro 'TEST_false'
openssl-3.2.1/test/testutil.h:525:67: note: in definition of macro 'TEST_false'
<built-in>: note: argument 1 of '__builtin_strlen' must be non-null
# 266| if (!TEST_size_t_ne(master_key_size, 0))
# 267| return 0;
# 268|-> if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
# 269| actual_master_key,
# 270| master_key_size)))
Error: COMPILER_WARNING (CWE-563):
openssl-3.2.1/test/sslapitest.c: scope_hint: In function 'test_client_cert_verify_cb'
openssl-3.2.1/test/sslapitest.c:576:25: warning[-Wunused-variable]: unused variable 'status'
# 576 | int testresult = 0, status;
# | ^~~~~~
# 574| SSL_CTX *cctx = NULL, *sctx = NULL;
# 575| SSL *clientssl = NULL, *serverssl = NULL;
# 576|-> int testresult = 0, status;
# 577|
# 578| if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/sslapitest.c: scope_hint: In function 'execute_cleanse_plaintext'
openssl-3.2.1/test/sslapitest.c:1778:15: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/sslapitest.c:1763:10: note: in expansion of macro 'TEST_int_eq'
openssl-3.2.1/test/sslapitest.c:1766:10: note: in expansion of macro 'TEST_mem_eq'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/ssl/ssl_local.h:1816:5: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY_int'
openssl-3.2.1/test/sslapitest.c:1774:30: note: in expansion of macro 'SSL_CONNECTION_FROM_SSL_ONLY'
# 1776| rr = serversc->rlayer.tlsrecs;
# 1777|
# 1778|-> zbuf = &rr->data[rr->off];
# 1779| if (!TEST_int_eq(rr->length, sizeof(cbuf)))
# 1780| goto end;
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/test/sslbuffertest.c:40: warning[nullPointer]: Possible null pointer dereference: sc
# 38| {
# 39| SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
# 40|-> OSSL_RECORD_LAYER *rrl = sc->rlayer.rrl;
# 41| OSSL_RECORD_LAYER *wrl = sc->rlayer.wrl;
# 42|
Error: CPPCHECK_WARNING (CWE-476):
openssl-3.2.1/test/sslbuffertest.c:41: warning[nullPointer]: Possible null pointer dereference: sc
# 39| SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
# 40| OSSL_RECORD_LAYER *rrl = sc->rlayer.rrl;
# 41|-> OSSL_RECORD_LAYER *wrl = sc->rlayer.wrl;
# 42|
# 43| if (isalloced)
Error: CLANG_WARNING:
openssl-3.2.1/test/sslbuffertest.c:95:14: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 93| * (the first one might be a retryable fail).
# 94| */
# 95|-> for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
# 96| i++) {
# 97| /* test == 0 mean to free/allocate = control */
Error: CLANG_WARNING:
openssl-3.2.1/test/sslbuffertest.c:133:14: warning[deadcode.DeadStores]: Value stored to 'ret' is never read
# 131| * bytes from the record header/padding etc.
# 132| */
# 133|-> for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
# 134| i < MAX_ATTEMPTS; i++)
# 135| {
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/params_test.c: scope_hint: In function 'test_case_variant'
openssl-3.2.1/test/testutil.h:432:31: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.2.1/test/params_test.c:489:14: note: in expansion of macro 'TEST_int_eq'
openssl-3.2.1/test/testutil.h:524:66: note: in definition of macro 'TEST_true'
openssl-3.2.1/test/params_test.c:489:14: note: in expansion of macro 'TEST_int_eq'
openssl-3.2.1/test/params_test.c:489:14: note: in expansion of macro 'TEST_int_eq'
# 430| * if (!TEST_ptr(ptr))
# 431| */
# 432|-> # define TEST_int_eq(a, b) test_int_eq(__FILE__, __LINE__, #a, #b, a, b)
# 433| # define TEST_int_ne(a, b) test_int_ne(__FILE__, __LINE__, #a, #b, a, b)
# 434| # define TEST_int_lt(a, b) test_int_lt(__FILE__, __LINE__, #a, #b, a, b)
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/test/sslapitest.c:39: included_from: Included from here.
openssl-3.2.1/test/sslapitest.c: scope_hint: In function 'test_keylog_output'
openssl-3.2.1/test/testutil.h:488:31: warning[-Wanalyzer-null-argument]: use of NULL 'token' where non-null expected
openssl-3.2.1/test/sslapitest.c:231:18: note: in expansion of macro 'TEST_size_t_eq'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/sslapitest.c:231:18: note: in expansion of macro 'TEST_size_t_eq'
openssl-3.2.1/test/sslapitest.c:231:18: note: in expansion of macro 'TEST_size_t_eq'
<built-in>: note: argument 1 of '__builtin_strlen' must be non-null
# 486| # define TEST_uint64_t_ge(a, b) test_uint64_t_ge(__FILE__, __LINE__, #a, #b, a, b)
# 487|
# 488|-> # define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b)
# 489| # define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b)
# 490| # define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b)
Error: CLANG_WARNING:
openssl-3.2.1/test/testutil/driver.c:324:11: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 322|
# 323| for (ii = 0; ii != num_tests; ++ii) {
# 324|-> i = permute[ii];
# 325|
# 326| if (single_test != -1 && ((i+1) != single_test)) {
Error: CLANG_WARNING:
openssl-3.2.1/test/testutil/format_output.c:229:24: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'q')
# 227| if ((in[bytes] & 0xf0) != 0 && BN_is_negative(bn)) {
# 228| *lz = 0;
# 229|-> *q = '-';
# 230| n++;
# 231| }
Error: CLANG_WARNING:
openssl-3.2.1/test/testutil/format_output.c:239:24: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'q')
# 237| * the number holds.
# 238| */
# 239|-> *q = '-';
# 240| n++;
# 241| }
Error: CLANG_WARNING:
openssl-3.2.1/test/testutil/format_output.c:323:9: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 321|
# 322| diff = real_diff = 0;
# 323|-> i = 0;
# 324| p = bdiff;
# 325| for (i=0; b1[i] != '\0'; i++)
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/testutil/stanza.c: scope_hint: In function 'test_readstanza'
openssl-3.2.1/test/testutil/stanza.c:98:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
openssl-3.2.1/test/testutil/stanza.c:16: included_from: Included from here.
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
# 96| return 0;
# 97| }
# 98|-> *p = '\0';
# 99|
# 100| /* Blank line marks end of tests. */
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/testutil/stanza.c:113:19: warning[-Wanalyzer-null-dereference]: dereference of NULL 'equals'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
# 111| return 0;
# 112| }
# 113|-> *equals++ = '\0';
# 114| if (!TEST_ptr(key = strip_spaces(s->buff))) {
# 115| TEST_info("Empty field at line %d\n", s->curr);
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/test/testutil/stanza.c:121:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil.h:511:64: note: in definition of macro 'TEST_ptr'
openssl-3.2.1/test/testutil/stanza.c:12: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 1 of 'strcmp' must be non-null
# 119| value = "";
# 120|
# 121|-> if (strcmp(key, "Title") == 0) {
# 122| TEST_info("Starting \"%s\" tests at line %d", value, s->curr);
# 123| continue;
Error: CLANG_WARNING:
openssl-3.2.1/test/timing_load_creds.c:136:5: warning[deadcode.DeadStores]: Value stored to 'ac' is never read
# 134| }
# 135| }
# 136|-> ac -= optind;
# 137| av += optind;
# 138|
Error: GCC_ANALYZER_WARNING (CWE-688):
openssl-3.2.1/test/timing_load_creds.c: scope_hint: In function 'main'
openssl-3.2.1/test/timing_load_creds.c:152:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'fopen(*av, "r")' where non-null expected
openssl-3.2.1/include/openssl/bio.h:30: included_from: Included from here.
openssl-3.2.1/include/openssl/pem.h:20: included_from: Included from here.
openssl-3.2.1/test/timing_load_creds.c:18: included_from: Included from here.
openssl-3.2.1/include/openssl/crypto.h:97:23: note: in definition of macro 'OPENSSL_malloc'
openssl-3.2.1/test/timing_load_creds.c:10: included_from: Included from here.
/usr/include/stdio.h:738:15: note: argument 4 of 'fread' must be non-null
# 150| }
# 151| fp = fopen(av[0], "r");
# 152|-> if ((long)fread(contents, 1, sb.st_size, fp) != sb.st_size) {
# 153| perror("fread");
# 154| exit(EXIT_FAILURE);
Error: GCC_ANALYZER_WARNING (CWE-775):
openssl-3.2.1/test/timing_load_creds.c:152:36: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(*av, "r")'
openssl-3.2.1/include/openssl/crypto.h:97:23: note: in definition of macro 'OPENSSL_malloc'
# 150| }
# 151| fp = fopen(av[0], "r");
# 152|-> if ((long)fread(contents, 1, sb.st_size, fp) != sb.st_size) {
# 153| perror("fread");
# 154| exit(EXIT_FAILURE);
Error: GCC_ANALYZER_WARNING (CWE-401):
openssl-3.2.1/test/timing_load_creds.c:152:36: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(*av, "r")'
openssl-3.2.1/include/openssl/crypto.h:97:23: note: in definition of macro 'OPENSSL_malloc'
# 150| }
# 151| fp = fopen(av[0], "r");
# 152|-> if ((long)fread(contents, 1, sb.st_size, fp) != sb.st_size) {
# 153| perror("fread");
# 154| exit(EXIT_FAILURE);
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/tls-provider.c: scope_hint: In function 'tls_provider_init'
openssl-3.2.1/test/tls-provider.c:3248:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
# 3246| * key & cert generation...
# 3247| */
# 3248|-> if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) {
# 3249| ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3250| return 0;
Error: CLANG_WARNING:
openssl-3.2.1/test/tls-provider.c:3248:10: warning[core.CallAndMessage]: Called function pointer is null (null dereference)
# 3246| * key & cert generation...
# 3247| */
# 3248|-> if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) {
# 3249| ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3250| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/tls-provider.c:3253:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
# 3251| }
# 3252|
# 3253|-> if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) {
# 3254| ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3255| return 0;
Error: CLANG_WARNING:
openssl-3.2.1/test/tls-provider.c:3253:10: warning[core.CallAndMessage]: Called function pointer is null (null dereference)
# 3251| }
# 3252|
# 3253|-> if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) {
# 3254| ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3255| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/tls-provider.c:3257:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
# 3255| return 0;
# 3256| }
# 3257|-> if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) {
# 3258| ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3259| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/tls-provider.c:3262:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
# 3260| }
# 3261|
# 3262|-> if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) {
# 3263| ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3264| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476):
openssl-3.2.1/test/tls13secretstest.c: scope_hint: In function 'test_handshake_secrets'
openssl-3.2.1/test/tls13secretstest.c:297:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 295| goto err;
# 296|
# 297|-> s->session = SSL_SESSION_new();
# 298| if (!TEST_ptr(s->session))
# 299| goto err;