Would this be interesting to the project?

Sat Oct 3 17:52:58 UTC 2020

Hello,

I was able to setup CodeQL for the GOST engine. As it fetches OpenSSL alpha
6, I got able to see the results.

======
openssl/test/cmp_hdr_test.c#L181
Call to gmtime is potentially dangerous

openssl/test/cmp_hdr_test.c#L171
Call to gmtime is potentially dangerous

openssl/test/asn1_time_test.c#L398
Call to localtime is potentially dangerous

openssl/crypto/ec/curve448/curve448.c#L583
Multiplication result may overflow 'int' before it is converted to
'unsigned long'.

openssl/crypto/asn1/a_time.c#L250
Multiplication result may overflow 'int' before it is converted to 'long'.
======

I can submit a PR providing the CodeQL scan for the master branch if the
Team thinks it is useful.
But I strongly suppose that someone will have to configure the OpenSSL
github project to enable it.

On Fri, Oct 2, 2020 at 6:30 PM Dmitry Belyavsky <beldmit at gmail.com> wrote:

> As setting up openssl master is required to build gost-engine, I'll have
> to.
>
> On Fri, Oct 2, 2020 at 4:29 PM Dr. Matthias St. Pierre <
> Matthias.St.Pierre at ncp-e.com> wrote:
>
>> > Do you have ideas on how to properly set it up?
>>
>>
>>
>> Congratulations, Dmitry! You just won the price of being assigned the job
>> to figure it out.  ;-)
>>
>>
>>
>> Matthias
>>
>>
>>
>>
>>
>> *[image: NCP engingeering GmbH]* *Dr. Matthias St. Pierre*
>>
>> Senior Software Engineer
>> matthias.st.pierre at ncp-e.com
>> Phone: +49 911 9968-0
>> www.ncp-e.com
>>
>>
>> * Follow us on:* Facebook <https://www.facebook.com/NCPengineering> |
>> Twitter <https://twitter.com/NCP_engineering> | Xing
>> <https://www.xing.com/companies/ncpengineeringgmbh> | YouTube
>> <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn
>> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0>
>>
>> *Headquarters Germany: *NCP engineering GmbH • Dombuehler Str. 2 • 90449
>> • Nuremberg
>> *North American HQ:* NCP engineering Inc. • 601 Cleveland Str., Suite
>> 501-25 • Clearwater, FL 33755
>>
>> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate
>> Dietrich
>> Registry Court: Lower District Court of Nuremberg
>> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE
>> 133557619
>>
>> This e-mail message including any attachments is for the sole use of the
>> intended recipient(s) and may contain privileged or confidential
>> information. Any unauthorized review, use, disclosure or distribution is
>> prohibited. If you are not the intended recipient, please immediately
>> contact the sender by reply e-mail and delete the original message and
>> destroy all copies thereof.
>>
>> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
>> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen>
>>
>> *From**:* openssl-project <openssl-project-bounces at openssl.org> *On
>> Behalf Of *Dmitry Belyavsky
>> *Sent:* Friday, October 2, 2020 2:51 PM
>> *To:* Dr Paul Dale <paul.dale at oracle.com>
>> *Cc:* openssl-project at openssl.org
>> *Subject:* Re: Would this be interesting to the project?
>>
>>
>>
>> Do you have ideas on how to properly set it up?
>>
>>
>>
>> On Thu, Oct 1, 2020 at 11:36 AM Dr Paul Dale <paul.dale at oracle.com>
>> wrote:
>>
>> https://github.blog/2020-09-30-code-scanning-is-now-available/
>>
>>
>>
>> Pauli
>>
>> --
>> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
>> Phone +61 7 3031 7217
>> Oracle Australia
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> SY, Dmitry Belyavsky
>>
>
>
> --
> SY, Dmitry Belyavsky
>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20201003/6f3df2fa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NCP_logo_2f45208a-c14d-4000-bcd3-1ab400c0e48c.gif
Type: image/gif
Size: 2815 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20201003/6f3df2fa/attachment-0001.gif>