openssl-3.5.0-3.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-465): [#def1]
openssl-3.5.0/apps/lib/opt.c:219:13: warning[-Wanalyzer-deref-before-check]: check of 'o' for NULL after already dereferencing it
openssl-3.5.0/apps/lib/opt.c:174:12: branch_true: following 'true' branch...
openssl-3.5.0/apps/lib/opt.c:218:13: branch_false: following 'false' branch...
openssl-3.5.0/apps/lib/opt.c:219:13: branch_false: ...to here
openssl-3.5.0/apps/lib/opt.c:219:13: branch_false: following 'false' branch...
openssl-3.5.0/apps/lib/opt.c:220:13: branch_false: ...to here
openssl-3.5.0/apps/lib/opt.c:221:13: branch_false: following 'false' branch...
openssl-3.5.0/apps/lib/opt.c:174:57: branch_false: ...to here
openssl-3.5.0/apps/lib/opt.c:174:12: branch_true: following 'true' branch...
openssl-3.5.0/apps/lib/opt.c:218:13: branch_false: following 'false' branch...
openssl-3.5.0/apps/lib/opt.c:219:13: branch_false: ...to here
openssl-3.5.0/apps/lib/opt.c:219:13: danger: pointer 'o' is checked for NULL here but it was already dereferenced at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  217|           if (o->name[0] == '\0') {
#  218|               OPENSSL_assert(unknown_name != NULL);
#  219|->             OPENSSL_assert(unknown == NULL);
#  220|               unknown = o;
#  221|               OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
openssl-3.5.0/apps/speed.c:4857:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup(fd[1])'
openssl-3.5.0/apps/speed.c:4844:17: branch_true: following 'true' branch (when 'n < multi')...
openssl-3.5.0/apps/speed.c:4845:13: branch_true: ...to here
openssl-3.5.0/apps/speed.c:4845:12: branch_false: following 'false' branch...
openssl-3.5.0/apps/speed.c:4849:9: branch_false: ...to here
openssl-3.5.0/apps/speed.c:4857:17: acquire_resource: opened here
openssl-3.5.0/apps/speed.c:4857:16: danger: 'dup(fd[1])' leaks here; was opened at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5)
# 4855|               close(fd[0]);
# 4856|               close(1);
# 4857|->             if (dup(fd[1]) == -1) {
# 4858|                   BIO_printf(bio_err, "dup failed\n");
# 4859|                   exit(1);

Error: CPPCHECK_WARNING (CWE-562): [#def3]
openssl-3.5.0/crypto/asn1/a_d2i_fp.c:53: error[returnDanglingLifetime]: Returning pointer to local variable 'p' that will be invalid when returning.
#   51|    err:
#   52|       BUF_MEM_free(b);
#   53|->     return ret;
#   54|   }
#   55|   

Error: CPPCHECK_WARNING (CWE-562): [#def4]
openssl-3.5.0/crypto/asn1/a_dup.c:38: error[returnDanglingLifetime]: Returning pointer to local variable 'p2' that will be invalid when returning.
#   36|       ret = d2i(NULL, &p2, i);
#   37|       OPENSSL_free(b);
#   38|->     return ret;
#   39|   }
#   40|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
openssl-3.5.0/crypto/asn1/ameth_lib.c:133:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/crypto/asn1/ameth_lib.c:106:29: enter_function: entry to 'EVP_PKEY_asn1_find_str'
openssl-3.5.0/crypto/asn1/ameth_lib.c:112:8: branch_false: following 'false' branch (when 'len != -1')...
openssl-3.5.0/crypto/asn1/ameth_lib.c:114:8: branch_false: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:114:8: branch_true: following 'true' branch (when 'pe' is non-NULL)...
openssl-3.5.0/crypto/asn1/ameth_lib.c:117:17: branch_true: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:118:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/asn1/ameth_lib.c:129:9: branch_false: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:131:14: call_function: calling 'EVP_PKEY_asn1_get_count' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.0/crypto/asn1/ameth_lib.c:131:14: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get_count'
openssl-3.5.0/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: call_function: calling 'EVP_PKEY_asn1_get0' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get0'
openssl-3.5.0/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: call_function: calling 'EVP_PKEY_asn1_get0' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get0'
openssl-3.5.0/crypto/asn1/ameth_lib.c:135:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: call_function: calling 'EVP_PKEY_asn1_get0' from 'EVP_PKEY_asn1_find_str'
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: return_function: returning to 'EVP_PKEY_asn1_find_str' from 'EVP_PKEY_asn1_get0'
openssl-3.5.0/crypto/asn1/ameth_lib.c:135:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:131:41: branch_true: following 'true' branch (when 'i > 0')...
openssl-3.5.0/crypto/asn1/ameth_lib.c:132:17: branch_true: ...to here
openssl-3.5.0/crypto/asn1/ameth_lib.c:133:13: danger: dereference of NULL 'EVP_PKEY_asn1_get0(i)'
#  131|       for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
#  132|           ameth = EVP_PKEY_asn1_get0(i);
#  133|->         if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
#  134|               continue;
#  135|           if ((int)strlen(ameth->pem_str) == len

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
openssl-3.5.0/crypto/asn1/asn_mime.c:913:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mhdr'
openssl-3.5.0/crypto/asn1/asn_mime.c:683:31: enter_function: entry to 'mime_parse_hdr'
openssl-3.5.0/crypto/asn1/asn_mime.c:693:8: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/asn1/asn_mime.c:695:12: branch_true: following 'true' branch...
openssl-3.5.0/crypto/asn1/asn_mime.c:697:12: branch_true: ...to here
openssl-3.5.0/crypto/asn1/asn_mime.c:697:12: branch_false: following 'false' branch (when 'mhdr' is NULL)...
 branch_false: ...to here
openssl-3.5.0/crypto/asn1/asn_mime.c:703:40: branch_true: following 'true' branch...
openssl-3.5.0/crypto/asn1/asn_mime.c:713:20: branch_false: following 'false' branch (when 'c != 58')...
openssl-3.5.0/crypto/asn1/asn_mime.c:704:14: branch_false: ...to here
openssl-3.5.0/crypto/asn1/asn_mime.c:703:40: branch_true: following 'true' branch...
openssl-3.5.0/crypto/asn1/asn_mime.c:703:40: branch_true: following 'true' branch...
openssl-3.5.0/crypto/asn1/asn_mime.c:757:20: branch_true: following 'true' branch (when 'c == 59')...
openssl-3.5.0/crypto/asn1/asn_mime.c:759:21: branch_true: ...to here
openssl-3.5.0/crypto/asn1/asn_mime.c:760:51: call_function: calling 'strip_ends' from 'mime_parse_hdr'
openssl-3.5.0/crypto/asn1/asn_mime.c:760:51: return_function: returning to 'mime_parse_hdr' from 'strip_ends'
openssl-3.5.0/crypto/asn1/asn_mime.c:760:21: call_function: calling 'mime_hdr_addparam' from 'mime_parse_hdr'
#  911|       mparam->param_name = tmpname;
#  912|       mparam->param_value = tmpval;
#  913|->     if (!sk_MIME_PARAM_push(mhdr->params, mparam))
#  914|           goto err;
#  915|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def7]
openssl-3.5.0/crypto/bn/bn_blind.c:106:12: warning[-Wanalyzer-deref-before-check]: check of 'b' for NULL after already dereferencing it
openssl-3.5.0/crypto/bn/bn_blind.c:91:5: enter_function: entry to 'BN_BLINDING_update'
openssl-3.5.0/crypto/bn/bn_blind.c:95:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/bn/bn_blind.c:103:8: branch_true: following 'true' branch...
openssl-3.5.0/crypto/bn/bn_blind.c:106:14: call_function: calling 'BN_BLINDING_create_param' from 'BN_BLINDING_update'
openssl-3.5.0/crypto/bn/bn_blind.c:106:14: return_function: returning to 'BN_BLINDING_update' from 'BN_BLINDING_create_param'
openssl-3.5.0/crypto/bn/bn_blind.c:106:12: danger: pointer 'b' is checked for NULL here but it was already dereferenced at [(2)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/1)
#  104|           !(b->flags & BN_BLINDING_NO_RECREATE)) {
#  105|           /* re-create blinding parameters */
#  106|->         if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
#  107|               goto err;
#  108|       } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {

Error: CPPCHECK_WARNING (CWE-758): [#def8]
openssl-3.5.0/crypto/bn/bn_lib.c:45: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   43|               mult = sizeof(int) * 8 - 1;
#   44|           bn_limit_bits = mult;
#   45|->         bn_limit_num = 1 << mult;
#   46|       }
#   47|       if (high >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def9]
openssl-3.5.0/crypto/bn/bn_lib.c:51: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   49|               high = sizeof(int) * 8 - 1;
#   50|           bn_limit_bits_high = high;
#   51|->         bn_limit_num_high = 1 << high;
#   52|       }
#   53|       if (low >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def10]
openssl-3.5.0/crypto/bn/bn_lib.c:57: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   55|               low = sizeof(int) * 8 - 1;
#   56|           bn_limit_bits_low = low;
#   57|->         bn_limit_num_low = 1 << low;
#   58|       }
#   59|       if (mont >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def11]
openssl-3.5.0/crypto/bn/bn_lib.c:63: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   61|               mont = sizeof(int) * 8 - 1;
#   62|           bn_limit_bits_mont = mont;
#   63|->         bn_limit_num_mont = 1 << mont;
#   64|       }
#   65|   }

Error: GCC_ANALYZER_WARNING (CWE-465): [#def12]
openssl-3.5.0/crypto/bn/bn_lib.c:802:12: warning[-Wanalyzer-deref-before-check]: check of 'a' for NULL after already dereferencing it
openssl-3.5.0/crypto/bn/bn_lib.c:792:5: enter_function: entry to 'BN_set_bit'
openssl-3.5.0/crypto/bn/bn_lib.c:796:8: branch_false: following 'false' branch (when 'n >= 0')...
openssl-3.5.0/crypto/bn/bn_lib.c:799:5: branch_false: ...to here
openssl-3.5.0/crypto/bn/bn_lib.c:801:8: branch_true: following 'true' branch...
openssl-3.5.0/crypto/bn/bn_lib.c:802:13: branch_true: ...to here
openssl-3.5.0/crypto/bn/bn_lib.c:802:13: call_function: calling 'bn_wexpand' from 'BN_set_bit'
openssl-3.5.0/crypto/bn/bn_lib.c:802:13: return_function: returning to 'BN_set_bit' from 'bn_wexpand'
openssl-3.5.0/crypto/bn/bn_lib.c:802:12: danger: pointer 'a' is checked for NULL here but it was already dereferenced at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  800|       j = n % BN_BITS2;
#  801|       if (a->top <= i) {
#  802|->         if (bn_wexpand(a, i + 1) == NULL)
#  803|               return 0;
#  804|           for (k = a->top; k < i + 1; k++)

Error: CPPCHECK_WARNING (CWE-786): [#def13]
openssl-3.5.0/crypto/bn/bn_nist.c:599: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  597|           BN_ULONG t_d[BN_NIST_224_TOP];
#  598|   
#  599|->         nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
#  600|           carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  601|           nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);

Error: CPPCHECK_WARNING (CWE-786): [#def14]
openssl-3.5.0/crypto/bn/bn_nist.c:601: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  599|           nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
#  600|           carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  601|->         nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
#  602|           carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  603|           nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);

Error: CPPCHECK_WARNING (CWE-786): [#def15]
openssl-3.5.0/crypto/bn/bn_nist.c:605: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  603|           nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
#  604|           carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  605|->         nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
#  606|           carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  607|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def16]
openssl-3.5.0/crypto/cast/c_skey.c:122:33: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'k[<unknown>]'
openssl-3.5.0/crypto/cast/c_skey.c:41:17: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.0/crypto/cast/c_skey.c:42:9: branch_true: ...to here
openssl-3.5.0/crypto/cast/c_skey.c:45:17: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cast/c_skey.c:47:8: branch_false: ...to here
openssl-3.5.0/crypto/cast/c_skey.c:47:8: branch_true: following 'true' branch...
openssl-3.5.0/crypto/cast/c_skey.c:48:9: branch_true: ...to here
openssl-3.5.0/crypto/cast/c_skey.c:115:12: branch_true: following 'true' branch...
 branch_true: ...to here
openssl-3.5.0/crypto/cast/c_skey.c:120:17: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.0/crypto/cast/c_skey.c:121:19: branch_true: ...to here
openssl-3.5.0/crypto/cast/c_skey.c:122:33: danger: use of uninitialized value 'k[<unknown>]' here
#  120|       for (i = 0; i < 16; i++) {
#  121|           key->data[i * 2] = k[i];
#  122|->         key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
#  123|       }
#  124|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
openssl-3.5.0/crypto/cms/cms_env.c:555:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/crypto/cms/cms_env.c:1044:5: enter_function: entry to 'CMS_RecipientInfo_encrypt'
openssl-3.5.0/crypto/cms/cms_env.c:1048:16: call_function: calling 'cms_RecipientInfo_ktri_encrypt' from 'CMS_RecipientInfo_encrypt'
#  553|       }
#  554|   
#  555|->     if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
#  556|           goto err;
#  557|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
openssl-3.5.0/crypto/cms/cms_ess.c:221:24: warning[-Wanalyzer-null-dereference]: dereference of NULL 'si'
openssl-3.5.0/crypto/cms/cms_ess.c:254:5: enter_function: entry to 'ossl_cms_Receipt_verify'
openssl-3.5.0/crypto/cms/cms_ess.c:269:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:272:9: branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:272:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:278:9: branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:278:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:284:13: branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:285:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:292:8: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:299:17: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:305:14: branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:305:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:310:10: branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:319:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/cms/cms_ess.c:324:10: branch_false: ...to here
openssl-3.5.0/crypto/cms/cms_ess.c:324:10: call_function: calling 'cms_msgSigDigest' from 'ossl_cms_Receipt_verify'
#  219|                               unsigned char *dig, unsigned int *diglen)
#  220|   {
#  221|->     const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
#  222|   
#  223|       if (md == NULL)

Error: COMPILER_WARNING: [#def19]
openssl-3.5.0/crypto/context.c:10:9: warning: '_GNU_SOURCE' redefined
#   10 | #define _GNU_SOURCE /* needed for secure_getenv */
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#    8|    */
#    9|   
#   10|-> #define _GNU_SOURCE /* needed for secure_getenv */
#   11|   #include "crypto/cryptlib.h"
#   12|   #include <openssl/conf.h>

Error: COMPILER_WARNING: [#def20]
openssl-3.5.0/crypto/context.c:10:9: warning[warning]: '_GNU_SOURCE' redefined
#    8|    */
#    9|   
#   10|-> #define _GNU_SOURCE /* needed for secure_getenv */
#   11|   #include "crypto/cryptlib.h"
#   12|   #include <openssl/conf.h>

Error: COMPILER_WARNING (CWE-1164): [#def21]
openssl-3.5.0/crypto/context.c:33:13: warning[-Wunused-function]: 'read_kernel_fips_flag' defined but not used
#   33 | static void read_kernel_fips_flag(void)
#      |             ^~~~~~~~~~~~~~~~~~~~~
#   31|   static int kernel_fips_flag;
#   32|   
#   33|-> static void read_kernel_fips_flag(void)
#   34|   {
#   35|       char buf[2] = "0";

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
openssl-3.5.0/crypto/dsa/dsa_sign.c:108:39: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
openssl-3.5.0/crypto/dsa/dsa_sign.c:87:15: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:94:14: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:94:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:98:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:99:17: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:98:9: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:100:17: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:98:9: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:106:8: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:106:8: branch_true: following 'true' branch (when 'ppout' is non-NULL)...
openssl-3.5.0/crypto/dsa/dsa_sign.c:107:13: branch_true: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:107:12: branch_true: following 'true' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:108:39: branch_true: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:108:39: danger: dereference of NULL 'buf'
#  106|       if (ppout != NULL) {
#  107|           if (*ppout == NULL) {
#  108|->             *ppout = (unsigned char *)buf->data;
#  109|               buf->data = NULL;
#  110|               BUF_MEM_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def23]
openssl-3.5.0/crypto/dsa/dsa_sign.c:210:29: warning[-Wanalyzer-null-argument]: use of NULL 'der' where non-null expected
openssl-3.5.0/crypto/dsa/dsa_sign.c:194:5: enter_function: entry to 'DSA_verify'
openssl-3.5.0/crypto/dsa/dsa_sign.c:199:20: release_memory: 'der' is NULL
openssl-3.5.0/crypto/dsa/dsa_sign.c:204:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:206:9: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:206:9: call_function: calling 'd2i_DSA_SIG' from 'DSA_verify'
openssl-3.5.0/crypto/dsa/dsa_sign.c:206:9: return_function: returning to 'DSA_verify' from 'd2i_DSA_SIG'
openssl-3.5.0/crypto/dsa/dsa_sign.c:206:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:209:14: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:209:14: call_function: calling 'i2d_DSA_SIG' from 'DSA_verify'
openssl-3.5.0/crypto/dsa/dsa_sign.c:209:14: return_function: returning to 'DSA_verify' from 'i2d_DSA_SIG'
openssl-3.5.0/crypto/dsa/dsa_sign.c:210:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/dsa/dsa_sign.c:210:29: branch_false: ...to here
openssl-3.5.0/crypto/dsa/dsa_sign.c:210:29: release_memory: 'der' is NULL
openssl-3.5.0/crypto/dsa/dsa_sign.c:210:29: danger: argument 2 ('der') NULL where non-null expected
#  208|       /* Ensure signature uses DER and doesn't have trailing garbage */
#  209|       derlen = i2d_DSA_SIG(s, &der);
#  210|->     if (derlen != siglen || memcmp(sigbuf, der, derlen))
#  211|           goto err;
#  212|       ret = DSA_do_verify(dgst, dgst_len, s, dsa);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def24]
openssl-3.5.0/crypto/ec/curve448/arch_64/f_impl.h:49:20: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'd[0].limb[7]'
openssl-3.5.0/crypto/ec/curve448/curve448.c:645:1: enter_function: entry to 'ossl_curve448_base_double_scalarmul_non_secret'
openssl-3.5.0/crypto/ec/curve448/curve448.c:656:19: call_function: calling 'recode_wnaf' from 'ossl_curve448_base_double_scalarmul_non_secret'
openssl-3.5.0/crypto/ec/curve448/curve448.c:656:19: return_function: returning to 'ossl_curve448_base_double_scalarmul_non_secret' from 'recode_wnaf'
openssl-3.5.0/crypto/ec/curve448/curve448.c:657:19: call_function: calling 'recode_wnaf' from 'ossl_curve448_base_double_scalarmul_non_secret'
openssl-3.5.0/crypto/ec/curve448/curve448.c:657:19: return_function: returning to 'ossl_curve448_base_double_scalarmul_non_secret' from 'recode_wnaf'
openssl-3.5.0/crypto/ec/curve448/curve448.c:661:5: call_function: calling 'prepare_wnaf_table' from 'ossl_curve448_base_double_scalarmul_non_secret'
#   47|   {
#   48|       uint64_t mask = (1ULL << 56) - 1;
#   49|->     uint64_t tmp = a->limb[NLIMBS - 1] >> 56;
#   50|       unsigned int i;
#   51|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def25]
openssl-3.5.0/crypto/ec/ec_asn1.c:1280:39: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
openssl-3.5.0/crypto/ec/ec_asn1.c:1259:15: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ec_asn1.c:1266:14: branch_false: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1266:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1270:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ec_asn1.c:1271:17: branch_false: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1270:9: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ec_asn1.c:1272:17: branch_false: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1270:9: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ec_asn1.c:1278:8: branch_false: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1278:8: branch_true: following 'true' branch (when 'ppout' is non-NULL)...
openssl-3.5.0/crypto/ec/ec_asn1.c:1279:13: branch_true: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1279:12: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ec_asn1.c:1280:39: branch_true: ...to here
openssl-3.5.0/crypto/ec/ec_asn1.c:1280:39: danger: dereference of NULL 'buf'
# 1278|       if (ppout != NULL) {
# 1279|           if (*ppout == NULL) {
# 1280|->             *ppout = (unsigned char *)buf->data;
# 1281|               buf->data = NULL;
# 1282|               BUF_MEM_free(buf);

Error: COMPILER_WARNING (CWE-563): [#def26]
openssl-3.5.0/crypto/ec/ec_lib.c: scope_hint: In function 'EC_GROUP_new_from_params'
openssl-3.5.0/crypto/ec/ec_lib.c:1557:9: warning[-Wunused-variable]: unused variable 'encoding_flag'
# 1557 |     int encoding_flag = -1;
#      |         ^~~~~~~~~~~~~
# 1555|       BN_CTX *bnctx = NULL;
# 1556|       const unsigned char *buf = NULL;
# 1557|->     int encoding_flag = -1;
# 1558|   #endif
# 1559|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def27]
openssl-3.5.0/crypto/ec/ecp_nistp384.c:391:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'inx2[1]'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1723:5: enter_function: entry to 'ossl_ec_GFp_nistp384_points_mul'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1752:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1755:8: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1755:8: branch_false: following 'false' branch (when 'scalar' is NULL)...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1788:8: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1788:8: branch_true: following 'true' branch (when 'num_points != 0')...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1789:12: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1798:12: branch_false: following 'false' branch (when 'mixed == 0')...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1801:13: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1801:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1802:17: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1801:13: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1809:21: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1810:16: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1810:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1819:27: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1822:16: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1824:22: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1840:20: branch_false: following 'false' branch (when 'num_bytes >= 0')...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1845:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1845:23: call_function: calling 'BN_to_felem' from 'ossl_ec_GFp_nistp384_points_mul'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1845:23: return_function: returning to 'ossl_ec_GFp_nistp384_points_mul' from 'BN_to_felem'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1845:20: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1846:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1846:23: call_function: calling 'BN_to_felem' from 'ossl_ec_GFp_nistp384_points_mul'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1846:23: return_function: returning to 'ossl_ec_GFp_nistp384_points_mul' from 'BN_to_felem'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1845:21: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1847:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1847:23: call_function: calling 'BN_to_felem' from 'ossl_ec_GFp_nistp384_points_mul'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1847:23: return_function: returning to 'ossl_ec_GFp_nistp384_points_mul' from 'BN_to_felem'
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1845:21: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1849:32: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1852:29: branch_true: following 'true' branch (when 'j != 17')...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1853:25: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1853:24: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1859:96: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistp384.c:1858:25: call_function: calling 'point_double' from 'ossl_ec_GFp_nistp384_points_mul'
#  389|       out[0] = ((uint128_t) in[0]) * in[0];
#  390|   
#  391|->     out[1] = ((uint128_t) in[0]) * inx2[1];
#  392|   
#  393|       out[2] = ((uint128_t) in[0]) * inx2[2]

Error: CPPCHECK_WARNING (CWE-823): [#def28]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 4, which is out of bounds.
#  177|       dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
#  178|       if (P256_LIMBS == 8) {
#  179|->         dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def29]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 4, which is out of bounds.
#  177|       dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
#  178|       if (P256_LIMBS == 8) {
#  179|->         dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def30]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 5, which is out of bounds.
#  178|       if (P256_LIMBS == 8) {
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|->         dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def31]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 5, which is out of bounds.
#  178|       if (P256_LIMBS == 8) {
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|->         dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def32]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 6, which is out of bounds.
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|->         dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }

Error: CPPCHECK_WARNING (CWE-823): [#def33]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 6, which is out of bounds.
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|->         dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }

Error: CPPCHECK_WARNING (CWE-823): [#def34]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 7, which is out of bounds.
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|->         dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }
#  184|   }

Error: CPPCHECK_WARNING (CWE-823): [#def35]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 7, which is out of bounds.
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|->         dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }
#  184|   }

Error: CPPCHECK_WARNING (CWE-823): [#def36]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 4, which is out of bounds.
#  202|       res |= a[3] ^ b[3];
#  203|       if (P256_LIMBS == 8) {
#  204|->         res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];

Error: CPPCHECK_WARNING (CWE-823): [#def37]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 4, which is out of bounds.
#  202|       res |= a[3] ^ b[3];
#  203|       if (P256_LIMBS == 8) {
#  204|->         res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];

Error: CPPCHECK_WARNING (CWE-823): [#def38]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 5, which is out of bounds.
#  203|       if (P256_LIMBS == 8) {
#  204|           res |= a[4] ^ b[4];
#  205|->         res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];

Error: CPPCHECK_WARNING (CWE-823): [#def39]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 5, which is out of bounds.
#  203|       if (P256_LIMBS == 8) {
#  204|           res |= a[4] ^ b[4];
#  205|->         res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];

Error: CPPCHECK_WARNING (CWE-823): [#def40]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 6, which is out of bounds.
#  204|           res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|->         res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];
#  208|       }

Error: CPPCHECK_WARNING (CWE-823): [#def41]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 6, which is out of bounds.
#  204|           res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|->         res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];
#  208|       }

Error: CPPCHECK_WARNING (CWE-823): [#def42]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 7, which is out of bounds.
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|->         res |= a[7] ^ b[7];
#  208|       }
#  209|   

Error: CPPCHECK_WARNING (CWE-823): [#def43]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 7, which is out of bounds.
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|->         res |= a[7] ^ b[7];
#  208|       }
#  209|   

Error: CPPCHECK_WARNING (CWE-823): [#def44]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:224: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
#  222|           res |= a[3] ^ ONE[3];
#  223|           if (P256_LIMBS == 8) {
#  224|->             res |= a[4] ^ ONE[4];
#  225|               res |= a[5] ^ ONE[5];
#  226|               res |= a[6] ^ ONE[6];

Error: CPPCHECK_WARNING (CWE-823): [#def45]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:225: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
#  223|           if (P256_LIMBS == 8) {
#  224|               res |= a[4] ^ ONE[4];
#  225|->             res |= a[5] ^ ONE[5];
#  226|               res |= a[6] ^ ONE[6];
#  227|               /*

Error: CPPCHECK_WARNING (CWE-823): [#def46]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:226: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
#  224|               res |= a[4] ^ ONE[4];
#  225|               res |= a[5] ^ ONE[5];
#  226|->             res |= a[6] ^ ONE[6];
#  227|               /*
#  228|                * no check for a[7] (being zero) on 32-bit platforms,

Error: GCC_ANALYZER_WARNING (CWE-121): [#def47]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1032:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1032:17: danger: out-of-bounds write at byte 33 but 'p_str' ends at byte 33
# 1030|   
# 1031|                   p_str[i + 0] = (unsigned char)d;
# 1032|->                 p_str[i + 1] = (unsigned char)(d >> 8);
# 1033|                   p_str[i + 2] = (unsigned char)(d >> 16);
# 1034|                   p_str[i + 3] = (unsigned char)(d >>= 24);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def48]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1033:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1033:17: danger: out-of-bounds write at byte 34 but 'p_str' ends at byte 33
# 1031|                   p_str[i + 0] = (unsigned char)d;
# 1032|                   p_str[i + 1] = (unsigned char)(d >> 8);
# 1033|->                 p_str[i + 2] = (unsigned char)(d >> 16);
# 1034|                   p_str[i + 3] = (unsigned char)(d >>= 24);
# 1035|                   if (BN_BYTES == 8) {

Error: GCC_ANALYZER_WARNING (CWE-121): [#def49]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1034:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1034:17: danger: out-of-bounds write at byte 35 but 'p_str' ends at byte 33
# 1032|                   p_str[i + 1] = (unsigned char)(d >> 8);
# 1033|                   p_str[i + 2] = (unsigned char)(d >> 16);
# 1034|->                 p_str[i + 3] = (unsigned char)(d >>= 24);
# 1035|                   if (BN_BYTES == 8) {
# 1036|                       d >>= 8;

Error: GCC_ANALYZER_WARNING (CWE-121): [#def50]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1037:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1037:21: danger: out-of-bounds write at byte 36 but 'p_str' ends at byte 33
# 1035|                   if (BN_BYTES == 8) {
# 1036|                       d >>= 8;
# 1037|->                     p_str[i + 4] = (unsigned char)d;
# 1038|                       p_str[i + 5] = (unsigned char)(d >> 8);
# 1039|                       p_str[i + 6] = (unsigned char)(d >> 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def51]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1038:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1038:21: danger: out-of-bounds write at byte 37 but 'p_str' ends at byte 33
# 1036|                       d >>= 8;
# 1037|                       p_str[i + 4] = (unsigned char)d;
# 1038|->                     p_str[i + 5] = (unsigned char)(d >> 8);
# 1039|                       p_str[i + 6] = (unsigned char)(d >> 16);
# 1040|                       p_str[i + 7] = (unsigned char)(d >> 24);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def52]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1039:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1039:21: danger: out-of-bounds write at byte 38 but 'p_str' ends at byte 33
# 1037|                       p_str[i + 4] = (unsigned char)d;
# 1038|                       p_str[i + 5] = (unsigned char)(d >> 8);
# 1039|->                     p_str[i + 6] = (unsigned char)(d >> 16);
# 1040|                       p_str[i + 7] = (unsigned char)(d >> 24);
# 1041|                   }

Error: GCC_ANALYZER_WARNING (CWE-121): [#def53]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1040:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/ec/ecp_nistz256.c:963:8: branch_false: following 'false' branch (when 'num <= 268435454')...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:968:5: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:971:8: branch_true: following 'true' branch (when 'scalar' is non-NULL)...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:972:21: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:973:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:979:9: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:987:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:990:42: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:991:16: branch_false: following 'false' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:997:22: branch_false: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1028:25: branch_true: following 'true' branch...
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1029:30: branch_true: ...to here
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1040:21: danger: out-of-bounds write at byte 39 but 'p_str' ends at byte 33
# 1038|                       p_str[i + 5] = (unsigned char)(d >> 8);
# 1039|                       p_str[i + 6] = (unsigned char)(d >> 16);
# 1040|->                     p_str[i + 7] = (unsigned char)(d >> 24);
# 1041|                   }
# 1042|               }

Error: CPPCHECK_WARNING (CWE-823): [#def54]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 4, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def55]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 5, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def56]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 6, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def57]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 7, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def58]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 4, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def59]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 5, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def60]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 6, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def61]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 7, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def62]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
# 1076|               p.p.Z[3] = ONE[3] & infty;
# 1077|               if (P256_LIMBS == 8) {
# 1078|->                 p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def63]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 4, which is out of bounds.
# 1076|               p.p.Z[3] = ONE[3] & infty;
# 1077|               if (P256_LIMBS == 8) {
# 1078|->                 p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def64]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
# 1077|               if (P256_LIMBS == 8) {
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|->                 p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def65]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 5, which is out of bounds.
# 1077|               if (P256_LIMBS == 8) {
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|->                 p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def66]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|->                 p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;
# 1082|               }

Error: CPPCHECK_WARNING (CWE-823): [#def67]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 6, which is out of bounds.
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|->                 p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;
# 1082|               }

Error: CPPCHECK_WARNING (CWE-823): [#def68]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 7, which is out of bounds.
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|->                 p.p.Z[7] = ONE[7] & infty;
# 1082|               }
# 1083|   

Error: CPPCHECK_WARNING (CWE-823): [#def69]
openssl-3.5.0/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 7, which is out of bounds.
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|->                 p.p.Z[7] = ONE[7] & infty;
# 1082|               }
# 1083|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def70]
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1073:14: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:763:12: enter_function: entry to 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:796:8: branch_false: following 'false' branch (when 'params' is non-NULL)...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:815:44: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:816:19: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:816:19: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:853:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:856:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:861:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:862:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:866:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:867:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:871:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:900:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:919:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:922:16: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:922:8: branch_false: following 'false' branch (when 'loc >= 0')...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:927:17: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:927:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:932:10: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:932:48: branch_true: following 'true' branch (when 'i != 0')...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:934:13: branch_true: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:936:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:936:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:939:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder_ctx' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:939:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder_ctx'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:941:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_type' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:941:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_type'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:944:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_structure' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:944:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_structure'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:995:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1009:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1009:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1027:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1053:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1068:9: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1073:14: danger: dereference of NULL 'OSSL_DECODER_INSTANCE_get_decoder(OPENSSL_sk_value(*ctx.decoder_insts, (int)i))'
# 1071|           new_data.flag_input_structure_checked
# 1072|               = data->flag_input_structure_checked;
# 1073|->         ok = new_decoder->decode(new_decoderctx, cbio,
# 1074|                                    new_data.ctx->selection,
# 1075|                                    decoder_process, &new_data,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def71]
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1073:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'decoder'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:763:12: enter_function: entry to 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:796:8: branch_false: following 'false' branch (when 'params' is non-NULL)...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:815:44: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:816:19: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:816:19: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:853:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:856:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:861:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:862:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:866:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:867:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:871:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:900:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:919:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:922:16: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:922:8: branch_false: following 'false' branch (when 'loc >= 0')...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:927:17: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:927:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:932:10: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:932:48: branch_true: following 'true' branch (when 'i != 0')...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:934:13: branch_true: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:936:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:936:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:939:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder_ctx' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:939:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder_ctx'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:941:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_type' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:941:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_type'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:944:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_structure' from 'decoder_process'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:944:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_structure'
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:963:12: branch_true: following 'true' branch (when 'decoder' is NULL)...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:963:32: branch_true: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:995:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1009:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1009:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1027:13: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1053:12: branch_false: following 'false' branch...
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1068:9: branch_false: ...to here
openssl-3.5.0/crypto/encode_decode/decoder_lib.c:1073:14: danger: dereference of NULL 'OSSL_DECODER_INSTANCE_get_decoder(OPENSSL_sk_value(*ctx.decoder_insts, (int)i))'
# 1071|           new_data.flag_input_structure_checked
# 1072|               = data->flag_input_structure_checked;
# 1073|->         ok = new_decoder->decode(new_decoderctx, cbio,
# 1074|                                    new_data.ctx->selection,
# 1075|                                    decoder_process, &new_data,

Error: GCC_ANALYZER_WARNING (CWE-835): [#def72]
openssl-3.5.0/crypto/evp/bio_ok.c:361:16: warning[-Wanalyzer-infinite-loop]: infinite loop
openssl-3.5.0/crypto/evp/bio_ok.c:361:16: danger: infinite loop here
openssl-3.5.0/crypto/evp/bio_ok.c:361:16: branch_true: if it ever follows 'true' branch, it will always do so...
 branch_true: ...to here
#  359|                   return 0;
#  360|   
#  361|->         while (ctx->blockout) {
#  362|               i = ok_write(b, NULL, 0);
#  363|               if (i < 0) {

Error: CPPCHECK_WARNING (CWE-562): [#def73]
openssl-3.5.0/crypto/evp/ctrl_params_translate.c:1163: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 1161|            */
# 1162|           p2 = ctx->name_buf;
# 1163|->         ctx->p2 = &p2;
# 1164|           ctx->sz = sizeof(ctx->name_buf);
# 1165|       }

Error: CPPCHECK_WARNING (CWE-457): [#def74]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:184: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  182|   
#  183|       /* ask for IVs in bulk */
#  184|->     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
#  185|           return 0;
#  186|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def75]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:208:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  206|   
#  207|       for (i = 1; i < x4; i++) {
#  208|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def76]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:208:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  206|   
#  207|       for (i = 1; i < x4; i++) {
#  208|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def77]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:209:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  207|       for (i = 1; i < x4; i++) {
#  208|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  211|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def78]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:211:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  211|->         memcpy(ciph_d[i].iv, IVs, 16);
#  212|           IVs += 16;
#  213|       }

Error: CPPCHECK_WARNING (CWE-758): [#def79]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:715: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  713|                       c = p[j];
#  714|                       cmask =
#  715|->                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
#  716|                                                                    8 - 1);
#  717|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def80]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha1.c:718: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  716|                                                                    8 - 1);
#  717|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  718|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  719|                       res |= (c ^ pmac->c[i]) & cmask;
#  720|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-457): [#def81]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:178: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  176|   
#  177|       /* ask for IVs in bulk */
#  178|->     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
#  179|           return 0;
#  180|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def82]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:203:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  201|   
#  202|       for (i = 1; i < x4; i++) {
#  203|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def83]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:203:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  201|   
#  202|       for (i = 1; i < x4; i++) {
#  203|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def84]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:204:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  202|       for (i = 1; i < x4; i++) {
#  203|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  206|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def85]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:206:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  206|->         memcpy(ciph_d[i].iv, IVs, 16);
#  207|           IVs += 16;
#  208|       }

Error: CPPCHECK_WARNING (CWE-758): [#def86]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:713: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  711|                       c = p[j];
#  712|                       cmask =
#  713|->                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
#  714|                           (sizeof(int) * 8 - 1);
#  715|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def87]
openssl-3.5.0/crypto/evp/e_aes_cbc_hmac_sha256.c:716: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  714|                           (sizeof(int) * 8 - 1);
#  715|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  716|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  717|                       res |= (c ^ pmac->c[i]) & cmask;
#  718|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-190): [#def88]
openssl-3.5.0/crypto/evp/evp_enc.c:31: error[integerOverflow]: Signed integer underflow for expression '(~((int)1<<(sizeof(int)*8-1)))-b'.
#   29|   #include "evp_local.h"
#   30|   
#   31|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   32|   
#   33|   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

Error: CPPCHECK_WARNING (CWE-758): [#def89]
openssl-3.5.0/crypto/evp/evp_enc.c:31: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   29|   #include "evp_local.h"
#   30|   
#   31|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   32|   
#   33|   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def90]
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:24:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'skeymgmt'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:20:7: enter_function: entry to 'evp_skeymgmt_generate'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:22:21: call_function: calling 'EVP_SKEYMGMT_get0_provider' from 'evp_skeymgmt_generate'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:22:21: return_function: returning to 'evp_skeymgmt_generate' from 'EVP_SKEYMGMT_get0_provider'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:24:13: danger: dereference of NULL 'skeymgmt'
#   22|       void *provctx = ossl_provider_ctx(EVP_SKEYMGMT_get0_provider(skeymgmt));
#   23|   
#   24|->     return (skeymgmt->generate != NULL) ? skeymgmt->generate(provctx, params) : NULL;
#   25|   }
#   26|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def91]
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:32:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'skeymgmt'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:27:7: enter_function: entry to 'evp_skeymgmt_import'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:29:21: call_function: calling 'EVP_SKEYMGMT_get0_provider' from 'evp_skeymgmt_import'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:29:21: return_function: returning to 'evp_skeymgmt_import' from 'EVP_SKEYMGMT_get0_provider'
openssl-3.5.0/crypto/evp/skeymgmt_meth.c:32:12: danger: dereference of NULL 'skeymgmt'
#   30|   
#   31|       /* This is mandatory, no need to check for its presence */
#   32|->     return skeymgmt->import(provctx, selection, params);
#   33|   }
#   34|   

Error: COMPILER_WARNING (CWE-590): [#def92]
openssl-3.5.0/crypto/mem.c:353:5: warning[-Wfree-nonheap-object]: 'free' called on unallocated object 'recp'
#  353 |     free(str);
#      |     ^
openssl-3.5.0/crypto/bn/bn_exp.c: scope_hint: In function 'BN_mod_exp_recp'
openssl-3.5.0/crypto/bn/bn_exp.c:177:17: note: declared here
#  177 |     BN_RECP_CTX recp;
#      |                 ^
#  351|       }
#  352|   
#  353|->     free(str);
#  354|   }
#  355|   

Error: CPPCHECK_WARNING (CWE-758): [#def93]
openssl-3.5.0/crypto/ml_dsa/ml_dsa_key_compress.c:72: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   70|       } else {
#   71|           r1 = (r1 * 11275 + (1 << 23)) >> 24;
#   72|->         r1 ^= ((43 - r1) >> 31) & r1;
#   73|           return r1;
#   74|       }

Error: CPPCHECK_WARNING (CWE-758): [#def94]
openssl-3.5.0/crypto/ml_dsa/ml_dsa_key_compress.c:92: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   90|   
#   91|       *r0 = r - *r1 * 2 * (int32_t)gamma2;
#   92|->     *r0 -= (((int32_t)ML_DSA_Q_MINUS1_DIV2 - *r0) >> 31) & (int32_t)ML_DSA_Q;
#   93|   }
#   94|   

Error: CPPCHECK_WARNING (CWE-758): [#def95]
openssl-3.5.0/crypto/modes/xts128.c:74: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   72|               unsigned int carry, res;
#   73|   
#   74|->             res = 0x87 & (((int)tweak.d[3]) >> 31);
#   75|               carry = (unsigned int)(tweak.u[0] >> 63);
#   76|               tweak.u[0] = (tweak.u[0] << 1) ^ res;

Error: CPPCHECK_WARNING (CWE-758): [#def96]
openssl-3.5.0/crypto/modes/xts128.c:113: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  111|               unsigned int carry, res;
#  112|   
#  113|->             res = 0x87 & (((int)tweak.d[3]) >> 31);
#  114|               carry = (unsigned int)(tweak.u[0] >> 63);
#  115|               tweak1.u[0] = (tweak.u[0] << 1) ^ res;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def97]
openssl-3.5.0/crypto/param_build.c:340:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
openssl-3.5.0/crypto/param_build.c:361:13: enter_function: entry to 'OSSL_PARAM_BLD_to_param'
openssl-3.5.0/crypto/param_build.c:370:8: branch_false: following 'false' branch (when 'ss == 0')...
openssl-3.5.0/crypto/param_build.c:377:14: branch_false: ...to here
openssl-3.5.0/crypto/param_build.c:378:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/param_build.c:382:18: branch_false: ...to here
openssl-3.5.0/crypto/param_build.c:383:12: call_function: calling 'param_bld_convert' from 'OSSL_PARAM_BLD_to_param'
#  338|                      || pd->type == OSSL_PARAM_UTF8_PTR) {
#  339|               /* PTR */
#  340|->             *(const void **)p = pd->string;
#  341|           } else if (pd->type == OSSL_PARAM_OCTET_STRING
#  342|                      || pd->type == OSSL_PARAM_UTF8_STRING) {

Error: CPPCHECK_WARNING (CWE-190): [#def98]
openssl-3.5.0/crypto/params.c:1273: error[floatConversionOverflow]: Undefined behaviour: float (4.29497e+09) to integer conversion overflow.
# 1271|               if (val >= 0 && val < d_pow_32) {
# 1272|                   p->return_size = sizeof(uint32_t);
# 1273|->                 *(uint32_t *)p->data = (uint32_t)val;
# 1274|                   return 1;
# 1275|               }

Error: CPPCHECK_WARNING (CWE-190): [#def99]
openssl-3.5.0/crypto/params.c:1281: error[floatConversionOverflow]: Undefined behaviour: float (1.84467e+19) to integer conversion overflow.
# 1279|               if (val >= 0 && val < d_pow_64) {
# 1280|                   p->return_size = sizeof(uint64_t);
# 1281|->                 *(uint64_t *)p->data = (uint64_t)val;
# 1282|                   return 1;
# 1283|               }

Error: CPPCHECK_WARNING (CWE-457): [#def100]
openssl-3.5.0/crypto/slh_dsa/slh_dsa.c:85: error[uninitvar]: Uninitialized variable: m_digest
#   83|       if (!WPACKET_init_static_len(wpkt, sig, sig_len_expected, 0))
#   84|           return 0;
#   85|->     if (!PACKET_buf_init(rpkt, m_digest, params->m))
#   86|           return 0;
#   87|   

Error: CPPCHECK_WARNING (CWE-457): [#def101]
openssl-3.5.0/crypto/slh_dsa/slh_dsa.c:283: warning[uninitvar]: Uninitialized variable: m
#  281|               return 0;
#  282|       }
#  283|->     ret = slh_sign_internal(slh_ctx, m, m_len, sig, siglen, sigsize, add_rand);
#  284|       if (m != msg && m != m_tmp)
#  285|           OPENSSL_free(m);

Error: CPPCHECK_WARNING (CWE-758): [#def102]
openssl-3.5.0/crypto/stack/stack.c:18: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   16|   #include <openssl/e_os2.h>      /* For ossl_inline */
#   17|   
#   18|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   19|   
#   20|   /*

Error: COMPILER_WARNING: [#def103]
openssl-3.5.0/crypto/thread/arch/thread_posix.c:13:10: warning: '_GNU_SOURCE' redefined
#   13 | # define _GNU_SOURCE
#      |          ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   11|   
#   12|   #if defined(OPENSSL_THREADS_POSIX)
#   13|-> # define _GNU_SOURCE
#   14|   # include <errno.h>
#   15|   # include <sys/types.h>

Error: COMPILER_WARNING: [#def104]
openssl-3.5.0/crypto/thread/arch/thread_posix.c:13:10: warning[warning]: '_GNU_SOURCE' redefined
#   11|   
#   12|   #if defined(OPENSSL_THREADS_POSIX)
#   13|-> # define _GNU_SOURCE
#   14|   # include <errno.h>
#   15|   # include <sys/types.h>

Error: CPPCHECK_WARNING (CWE-758): [#def105]
openssl-3.5.0/crypto/x509/v3_ncons.c:25: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   23|   #include "ext_dat.h"
#   24|   
#   25|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   26|   
#   27|   static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def106]
openssl-3.5.0/crypto/x509/x509_vfy.c:3007:13: warning[-Wanalyzer-null-argument]: use of NULL 'cmpbuf' where non-null expected
openssl-3.5.0/crypto/x509/x509_vfy.c:3199:12: enter_function: entry to 'dane_verify'
openssl-3.5.0/crypto/x509/x509_vfy.c:3220:15: call_function: calling 'dane_match_cert' from 'dane_verify'
# 3005|            */
# 3006|           if (cmplen == t->dlen &&
# 3007|->             memcmp(cmpbuf, t->data, cmplen) == 0) {
# 3008|               if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 3009|                   matched = 1;

Error: GCC_ANALYZER_WARNING (CWE-1335): [#def107]
openssl-3.5.0/crypto/x509/x509_vfy.c:3008:17: warning[-Wanalyzer-shift-count-overflow]: shift by count ('256') >= precision of type ('32')
openssl-3.5.0/crypto/x509/x509_vfy.c:3199:12: enter_function: entry to 'dane_verify'
openssl-3.5.0/crypto/x509/x509_vfy.c:3220:15: call_function: calling 'dane_match_cert' from 'dane_verify'
# 3006|           if (cmplen == t->dlen &&
# 3007|               memcmp(cmpbuf, t->data, cmplen) == 0) {
# 3008|->             if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 3009|                   matched = 1;
# 3010|               if (matched || dane->mdpth < 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def108]
openssl-3.5.0/crypto/x509/x509name.c:41:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/crypto/x509/x509name.c:30:5: enter_function: entry to 'X509_NAME_get_text_by_OBJ'
openssl-3.5.0/crypto/x509/x509name.c:37:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/x509/x509name.c:39:37: branch_false: ...to here
openssl-3.5.0/crypto/x509/x509name.c:39:12: call_function: calling 'X509_NAME_ENTRY_get_data' from 'X509_NAME_get_text_by_OBJ'
openssl-3.5.0/crypto/x509/x509name.c:39:12: return_function: returning to 'X509_NAME_get_text_by_OBJ' from 'X509_NAME_ENTRY_get_data'
openssl-3.5.0/crypto/x509/x509name.c:40:8: branch_true: following 'true' branch (when 'buf' is NULL)...
openssl-3.5.0/crypto/x509/x509name.c:41:16: branch_true: ...to here
openssl-3.5.0/crypto/x509/x509name.c:41:16: danger: dereference of NULL 'X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,  X509_NAME_get_index_by_OBJ(name,  obj, -1)))'
#   39|       data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
#   40|       if (buf == NULL)
#   41|->         return data->length;
#   42|       if (len <= 0)
#   43|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def109]
openssl-3.5.0/crypto/x509/x509name.c:44:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/crypto/x509/x509name.c:30:5: enter_function: entry to 'X509_NAME_get_text_by_OBJ'
openssl-3.5.0/crypto/x509/x509name.c:37:8: branch_false: following 'false' branch...
openssl-3.5.0/crypto/x509/x509name.c:39:37: branch_false: ...to here
openssl-3.5.0/crypto/x509/x509name.c:39:12: call_function: calling 'X509_NAME_ENTRY_get_data' from 'X509_NAME_get_text_by_OBJ'
openssl-3.5.0/crypto/x509/x509name.c:39:12: return_function: returning to 'X509_NAME_get_text_by_OBJ' from 'X509_NAME_ENTRY_get_data'
openssl-3.5.0/crypto/x509/x509name.c:40:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
openssl-3.5.0/crypto/x509/x509name.c:42:8: branch_false: ...to here
openssl-3.5.0/crypto/x509/x509name.c:42:8: branch_false: following 'false' branch (when 'len > 0')...
openssl-3.5.0/crypto/x509/x509name.c:44:10: branch_false: ...to here
openssl-3.5.0/crypto/x509/x509name.c:44:10: danger: dereference of NULL 'X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,  X509_NAME_get_index_by_OBJ(name,  obj, -1)))'
#   42|       if (len <= 0)
#   43|           return 0;
#   44|->     i = (data->length > (len - 1)) ? (len - 1) : data->length;
#   45|       memcpy(buf, data->data, i);
#   46|       buf[i] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def110]
openssl-3.5.0/fuzz/test-corpus.c:51:18: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(pathname, "rb")'
openssl-3.5.0/fuzz/test-corpus.c:61:5: enter_function: entry to 'main'
openssl-3.5.0/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch...
openssl-3.5.0/fuzz/test-corpus.c:67:41: branch_true: ...to here
openssl-3.5.0/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')...
openssl-3.5.0/fuzz/test-corpus.c:96:26: branch_true: ...to here
openssl-3.5.0/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main'
#   49|       if (f == NULL)
#   50|           return;
#   51|->     buf = malloc(st.st_size);
#   52|       if (buf != NULL) {
#   53|           s = fread(buf, 1, st.st_size, f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def111]
openssl-3.5.0/fuzz/test-corpus.c:51:18: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(pathname, "rb")'
openssl-3.5.0/fuzz/test-corpus.c:61:5: enter_function: entry to 'main'
openssl-3.5.0/fuzz/test-corpus.c:66:17: branch_true: following 'true' branch...
openssl-3.5.0/fuzz/test-corpus.c:67:41: branch_true: ...to here
openssl-3.5.0/fuzz/test-corpus.c:95:12: branch_true: following 'true' branch (when 'wasdir == 0')...
openssl-3.5.0/fuzz/test-corpus.c:96:26: branch_true: ...to here
openssl-3.5.0/fuzz/test-corpus.c:96:13: call_function: calling 'testfile' from 'main'
#   49|       if (f == NULL)
#   50|           return;
#   51|->     buf = malloc(st.st_size);
#   52|       if (buf != NULL) {
#   53|           s = fread(buf, 1, st.st_size, f);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def112]
openssl-3.5.0/include/internal/ktls.h:416:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cmsg'
openssl-3.5.0/include/internal/ktls.h:396:8: branch_false: following 'false' branch (when 'length > 20')...
openssl-3.5.0/include/internal/ktls.h:401:5: branch_false: ...to here
openssl-3.5.0/include/internal/ktls.h:411:8: branch_false: following 'false' branch (when 'ret >= 0')...
openssl-3.5.0/include/internal/ktls.h:414:9: branch_false: ...to here
openssl-3.5.0/include/internal/ktls.h:414:8: branch_true: following 'true' branch...
openssl-3.5.0/include/internal/ktls.h:415:16: branch_true: ...to here
openssl-3.5.0/include/internal/ktls.h:415:16: branch_false: following 'false' branch...
openssl-3.5.0/include/internal/ktls.h:416:13: branch_false: ...to here
openssl-3.5.0/include/internal/ktls.h:416:13: danger: dereference of NULL 'cmsg'
#  414|       if (msg.msg_controllen > 0) {
#  415|           cmsg = CMSG_FIRSTHDR(&msg);
#  416|->         if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
#  417|               p[0] = *((unsigned char *)CMSG_DATA(cmsg));
#  418|               p[1] = TLS1_2_VERSION_MAJOR;

Error: CPPCHECK_WARNING (CWE-457): [#def113]
openssl-3.5.0/include/openssl/asn1.h:234: warning[uninitvar]: Uninitialized variables: ptr.minsize, ptr.maxsize, ptr.mask, ptr.flags
#  232|   };
#  233|   
#  234|-> SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING_TABLE, ASN1_STRING_TABLE, ASN1_STRING_TABLE)
#  235|   #define sk_ASN1_STRING_TABLE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk))
#  236|   #define sk_ASN1_STRING_TABLE_value(sk, idx) ((ASN1_STRING_TABLE *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def114]
openssl-3.5.0/include/openssl/comp.h:66: warning[uninitvar]: Uninitialized variables: ptr.name, ptr.method
#   64|   typedef struct ssl_comp_st SSL_COMP;
#   65|   
#   66|-> SKM_DEFINE_STACK_OF_INTERNAL(SSL_COMP, SSL_COMP, SSL_COMP)
#   67|   #define sk_SSL_COMP_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_COMP_sk_type(sk))
#   68|   #define sk_SSL_COMP_value(sk, idx) ((SSL_COMP *)OPENSSL_sk_value(ossl_check_const_SSL_COMP_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def115]
openssl-3.5.0/include/openssl/conf.h:70: warning[uninitvar]: Uninitialized variable: ptr.value
#   68|   #define sk_CONF_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_copyfunc_type(copyfunc), ossl_check_CONF_VALUE_freefunc_type(freefunc)))
#   69|   #define sk_CONF_VALUE_set_cmp_func(sk, cmp) ((sk_CONF_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_compfunc_type(cmp)))
#   70|-> DEFINE_LHASH_OF_INTERNAL(CONF_VALUE);
#   71|   #define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp)), lh_CONF_VALUE_hash_thunk, lh_CONF_VALUE_comp_thunk, lh_CONF_VALUE_doall_thunk, lh_CONF_VALUE_doall_arg_thunk))
#   72|   #define lh_CONF_VALUE_free(lh) OPENSSL_LH_free(ossl_check_CONF_VALUE_lh_type(lh))

Error: CPPCHECK_WARNING (CWE-457): [#def116]
openssl-3.5.0/include/openssl/err.h:374: warning[uninitvar]: Uninitialized variable: ptr.string
#  372|   } ERR_STRING_DATA;
#  373|   
#  374|-> DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA);
#  375|   #define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp)), lh_ERR_STRING_DATA_hash_thunk, lh_ERR_STRING_DATA_comp_thunk, lh_ERR_STRING_DATA_doall_thunk, lh_ERR_STRING_DATA_doall_arg_thunk))
#  376|   #define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh))

Error: CPPCHECK_WARNING (CWE-457): [#def117]
openssl-3.5.0/include/openssl/x509.h:104: warning[uninitvar]: Uninitialized variables: ptr.revocationDate, ptr.extensions, ptr.issuer, ptr.reason, ptr.sequence
#  102|   #define sk_X509_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_sk_type(sk), ossl_check_X509_copyfunc_type(copyfunc), ossl_check_X509_freefunc_type(freefunc)))
#  103|   #define sk_X509_set_cmp_func(sk, cmp) ((sk_X509_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_sk_type(sk), ossl_check_X509_compfunc_type(cmp)))
#  104|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_REVOKED, X509_REVOKED, X509_REVOKED)
#  105|   #define sk_X509_REVOKED_num(sk) OPENSSL_sk_num(ossl_check_const_X509_REVOKED_sk_type(sk))
#  106|   #define sk_X509_REVOKED_value(sk, idx) ((X509_REVOKED *)OPENSSL_sk_value(ossl_check_const_X509_REVOKED_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def118]
openssl-3.5.0/include/openssl/x509_vfy.h:120: warning[uninitvar]: Uninitialized variables: ptr.check_time, ptr.inh_flags, ptr.flags, ptr.purpose, ptr.trust, ptr.depth, ptr.auth_level, ptr.policies, ptr.hosts, ptr.hostflags, ptr.peername, ptr.email, ptr.emaillen, ptr.ip, ptr.iplen
#  118|   #define sk_X509_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_copyfunc_type(copyfunc), ossl_check_X509_OBJECT_freefunc_type(freefunc)))
#  119|   #define sk_X509_OBJECT_set_cmp_func(sk, cmp) ((sk_X509_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_compfunc_type(cmp)))
#  120|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_VERIFY_PARAM, X509_VERIFY_PARAM, X509_VERIFY_PARAM)
#  121|   #define sk_X509_VERIFY_PARAM_num(sk) OPENSSL_sk_num(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk))
#  122|   #define sk_X509_VERIFY_PARAM_value(sk, idx) ((X509_VERIFY_PARAM *)OPENSSL_sk_value(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def119]
openssl-3.5.0/include/openssl/x509_vfy.h:157: warning[uninitvar]: Uninitialized variables: ptr.flags, ptr.check_trust, ptr.name, ptr.arg1, ptr.arg2
#  155|       void *arg2;
#  156|   } X509_TRUST;
#  157|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_TRUST, X509_TRUST, X509_TRUST)
#  158|   #define sk_X509_TRUST_num(sk) OPENSSL_sk_num(ossl_check_const_X509_TRUST_sk_type(sk))
#  159|   #define sk_X509_TRUST_value(sk, idx) ((X509_TRUST *)OPENSSL_sk_value(ossl_check_const_X509_TRUST_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def120]
openssl-3.5.0/include/openssl/x509v3.h:716: warning[uninitvar]: Uninitialized variables: ptr.trust, ptr.flags, ptr.check_purpose, ptr.name, ptr.sname, ptr.usr_data
#  714|   } X509_PURPOSE;
#  715|   
#  716|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
#  717|   #define sk_X509_PURPOSE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_PURPOSE_sk_type(sk))
#  718|   #define sk_X509_PURPOSE_value(sk, idx) ((X509_PURPOSE *)OPENSSL_sk_value(ossl_check_const_X509_PURPOSE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def121]
openssl-3.5.0/include/openssl/x509v3.h:1065: warning[uninitvar]: Uninitialized variables: ptr.parent, ptr.nchild
# 1063|   
# 1064|   void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
# 1065|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_POLICY_NODE, X509_POLICY_NODE, X509_POLICY_NODE)
# 1066|   #define sk_X509_POLICY_NODE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(sk))
# 1067|   #define sk_X509_POLICY_NODE_value(sk, idx) ((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def122]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:146: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  144|   
#  145|       /* ask for IVs in bulk */
#  146|->     if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
#  147|           return 0;
#  148|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def123]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  168|   
#  169|       for (i = 1; i < x4; i++) {
#  170|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def124]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  168|   
#  169|       for (i = 1; i < x4; i++) {
#  170|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def125]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:171:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  169|       for (i = 1; i < x4; i++) {
#  170|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  173|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def126]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:173:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  173|->         memcpy(ciph_d[i].iv, IVs, 16);
#  174|           IVs += 16;
#  175|       }

Error: CPPCHECK_WARNING (CWE-758): [#def127]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:609: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  607|                       c = p[j];
#  608|                       cmask =
#  609|->                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
#  610|                                                                    8 - 1);
#  611|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def128]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:612: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  610|                                                                    8 - 1);
#  611|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  612|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  613|                       res |= (c ^ pmac->c[i]) & cmask;
#  614|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-457): [#def129]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:150: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  148|   
#  149|       /* ask for IVs in bulk */
#  150|->     if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
#  151|           return 0;
#  152|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def130]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  172|   
#  173|       for (i = 1; i < x4; i++) {
#  174|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def131]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  172|   
#  173|       for (i = 1; i < x4; i++) {
#  174|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def132]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:175:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  173|       for (i = 1; i < x4; i++) {
#  174|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  177|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def133]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:177:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  177|->         memcpy(ciph_d[i].iv, IVs, 16);
#  178|           IVs += 16;
#  179|       }

Error: CPPCHECK_WARNING (CWE-758): [#def134]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:663: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  661|                       c = p[j];
#  662|                       cmask =
#  663|->                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
#  664|                           (sizeof(int) * 8 - 1);
#  665|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def135]
openssl-3.5.0/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:666: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  664|                           (sizeof(int) * 8 - 1);
#  665|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  666|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  667|                       res |= (c ^ pmac->c[i]) & cmask;
#  668|                       i += 1 & cmask;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def136]
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:234:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'm[1]'
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:185:17: branch_true: following 'true' branch (when 'i != 8')...
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:186:16: branch_true: ...to here
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:190:21: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:191:36: branch_true: ...to here
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:190:21: branch_false: following 'false' branch (when 'i == 16')...
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:195:9: branch_false: ...to here
openssl-3.5.0/providers/implementations/digests/blake2b_prov.c:234:9: danger: use of uninitialized value 'm[1]' here
#  232|           }
#  233|   #else
#  234|->         ROUND(0);
#  235|           ROUND(1);
#  236|           ROUND(2);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def137]
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:224:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'm[1]'
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:175:17: branch_true: following 'true' branch (when 'i != 8')...
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:176:16: branch_true: ...to here
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:180:21: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:181:36: branch_true: ...to here
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:180:21: branch_false: following 'false' branch (when 'i == 16')...
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:185:9: branch_false: ...to here
openssl-3.5.0/providers/implementations/digests/blake2s_prov.c:224:9: danger: use of uninitialized value 'm[1]' here
#  222|           }
#  223|   #else
#  224|->         ROUND(0);
#  225|           ROUND(1);
#  226|           ROUND(2);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def138]
openssl-3.5.0/providers/implementations/kdfs/argon2.c:884:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&outbuf'
openssl-3.5.0/providers/implementations/kdfs/argon2.c:861:8: branch_false: following 'false' branch...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:865:5: branch_false: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:867:8: branch_false: following 'false' branch...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:870:17: branch_false: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:875:12: branch_true: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:876:12: branch_true: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:877:12: branch_true: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:883:8: branch_true: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:883:8: branch_true: following 'true' branch (when 'outlen > 64')...
openssl-3.5.0/providers/implementations/kdfs/argon2.c:884:9: branch_true: ...to here
openssl-3.5.0/providers/implementations/kdfs/argon2.c:884:9: danger: use of uninitialized value '&outbuf' here
#  882|   
#  883|       if (outlen > BLAKE2B_OUTBYTES) {
#  884|->         memcpy(out, outbuf, BLAKE2B_OUTBYTES / 2);
#  885|           out += BLAKE2B_OUTBYTES / 2;
#  886|           outlen_curr = (uint32_t) outlen - BLAKE2B_OUTBYTES / 2;

Error: CPPCHECK_WARNING (CWE-758): [#def139]
openssl-3.5.0/providers/implementations/keymgmt/ml_kem_kmgmt.c:347: error[ctuPointerArith]: Pointer arithmetic overflow; 'seed' buffer size is 64
#  345|       size_t zlen = ML_KEM_RANDOM_BYTES;
#  346|   
#  347|->     if (memcmp(seed + ML_KEM_SEED_BYTES - zlen,
#  348|                  prvenc + key->vinfo->prvkey_bytes - zlen, zlen) == 0)
#  349|           return 1;

Error: CPPCHECK_WARNING (CWE-476): [#def140]
openssl-3.5.0/providers/implementations/keymgmt/ml_kem_kmgmt.c:525: error[nullPointer]: Null pointer dereference: key
#  523|               goto err;
#  524|           /* Generate the key now, if it holds only a stashed seed. */
#  525|->         if (ossl_ml_kem_have_seed(key)
#  526|               && (encoded_dk == NULL
#  527|                   || (key->prov_flags & ML_KEM_KEY_PREFER_SEED))) {

Error: CPPCHECK_WARNING (CWE-457): [#def141]
openssl-3.5.0/providers/implementations/signature/dsa_sig.c:404: warning[uninitvar]: Uninitialized variable: digest
#  402|       }
#  403|   
#  404|->     return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen);
#  405|   }
#  406|   

Error: CPPCHECK_WARNING (CWE-457): [#def142]
openssl-3.5.0/providers/implementations/signature/rsa_sig.c:883: warning[uninitvar]: Uninitialized variable: digest
#  881|       }
#  882|   
#  883|->     return rsa_sign_directly(prsactx, sig, siglen, sigsize, digest, dlen);
#  884|   }
#  885|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def143]
openssl-3.5.0/ssl/d1_lib.c:871:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/ssl/d1_lib.c:864:26: branch_true: following 'true' branch (when 's' is non-NULL)...
openssl-3.5.0/ssl/d1_lib.c:864:26: branch_true: ...to here
openssl-3.5.0/ssl/d1_lib.c:864:26: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/ssl/d1_lib.c:870:8: branch_true: following 'true' branch...
openssl-3.5.0/ssl/d1_lib.c:871:11: danger: dereference of NULL 'sc'
#  869|       wbio = SSL_get_wbio(s);
#  870|       if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
#  871|->         !(sc->shutdown & SSL_SENT_SHUTDOWN)) {
#  872|           ret = BIO_dgram_sctp_wait_for_dry(wbio);
#  873|           if (ret < 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def144]
openssl-3.5.0/ssl/quic/quic_port.c:539:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/ssl/quic/quic_port.c:526:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_port.c:532:15: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_port.c:532:15: branch_true: following 'true' branch (when 'tls' is NULL)...
openssl-3.5.0/ssl/quic/quic_port.c:532:37: branch_true: ...to here
openssl-3.5.0/ssl/quic/quic_port.c:532:5: release_memory: '0' is NULL
openssl-3.5.0/ssl/quic/quic_port.c:539:9: danger: dereference of NULL '<unknown>'
#  537|        */
#  538|       ch->use_qlog = 1;
#  539|->     if (ch->tls->ctx->qlog_title != NULL) {
#  540|           if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) {
#  541|               OPENSSL_free(ch);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def145]
openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:37:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'slot'
openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:64:6: enter_function: entry to 'ossl_quic_reactor_wait_ctx_leave'
openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:69:5: branch_false: following 'false' branch (when 'slot' is NULL)...
openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:74:5: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:74:5: call_function: calling 'slot_deactivate' from 'ossl_quic_reactor_wait_ctx_leave'
#   35|       assert(slot->blocking_count > 0);
#   36|   
#   37|->     if (--slot->blocking_count > 0)
#   38|           return;
#   39|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def146]
openssl-3.5.0/ssl/quic/quic_record_shared.c:49:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/ssl/quic/quic_record_shared.c:44:5: enter_function: entry to 'ossl_qrl_enc_level_set_have_el'
openssl-3.5.0/ssl/quic/quic_record_shared.c:47:30: call_function: calling 'ossl_qrl_enc_level_set_get' from 'ossl_qrl_enc_level_set_have_el'
openssl-3.5.0/ssl/quic/quic_record_shared.c:47:30: return_function: returning to 'ossl_qrl_enc_level_set_have_el' from 'ossl_qrl_enc_level_set_get'
openssl-3.5.0/ssl/quic/quic_record_shared.c:49:13: danger: dereference of NULL 'ossl_qrl_enc_level_set_get(els,  enc_level, 0)'
#   47|       OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
#   48|   
#   49|->     switch (el->state) {
#   50|           case QRL_EL_STATE_UNPROV:
#   51|               return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def147]
openssl-3.5.0/ssl/quic/quic_record_shared.c:90:61: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/ssl/quic/quic_record_shared.c:84:13: enter_function: entry to 'el_teardown_keyslot'
openssl-3.5.0/ssl/quic/quic_record_shared.c:88:30: call_function: calling 'ossl_qrl_enc_level_set_get' from 'el_teardown_keyslot'
openssl-3.5.0/ssl/quic/quic_record_shared.c:88:30: return_function: returning to 'el_teardown_keyslot' from 'ossl_qrl_enc_level_set_get'
openssl-3.5.0/ssl/quic/quic_record_shared.c:90:61: danger: dereference of NULL 'ossl_qrl_enc_level_set_get(els,  enc_level, 0)'
#   88|       OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
#   89|   
#   90|->     if (!ossl_qrl_enc_level_set_has_keyslot(els, enc_level, el->state, keyslot))
#   91|           return;
#   92|   

Error: CPPCHECK_WARNING (CWE-476): [#def148]
openssl-3.5.0/ssl/quic/quic_record_tx.c:42: error[ctunullpointer]: Null pointer dereference: elem
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: CPPCHECK_WARNING (CWE-476): [#def149]
openssl-3.5.0/ssl/quic/quic_record_tx.c:42: error[ctunullpointer]: Null pointer dereference: list
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def150]
openssl-3.5.0/ssl/quic/quic_record_tx.c:42:1: warning[-Wanalyzer-null-dereference]: dereference of NULL 'list'
openssl-3.5.0/ssl/quic/quic_record_tx.c:793:5: enter_function: entry to 'ossl_qtx_write_pkt'
openssl-3.5.0/ssl/quic/quic_record_tx.c:802:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_record_tx.c:805:49: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_record_tx.c:810:13: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_record_tx.c:811:19: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_record_tx.c:810:14: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_record_tx.c:816:23: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_record_tx.c:833:12: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_record_tx.c:840:14: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_record_tx.c:840:14: call_function: inlined call to 'qtx_reserve_txe' from 'ossl_qtx_write_pkt'
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def151]
openssl-3.5.0/ssl/quic/quic_tls_api.c:146:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/ssl/quic/quic_tls_api.c:134:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/quic/quic_tls_api.c:137:10: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_tls_api.c:137:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_tls_api.c:142:10: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_tls_api.c:142:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_tls_api.c:146:5: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_tls_api.c:146:5: danger: dereference of NULL 'sc'
#  144|           return 0;
#  145|   
#  146|->     sc->qtarg = arg;
#  147|   
#  148|       ossl_quic_tls_free(sc->qtls);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def152]
openssl-3.5.0/ssl/quic/quic_tls_api.c:202:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/ssl/quic/quic_tls_api.c:195:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/quic/quic_tls_api.c:197:10: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_tls_api.c:197:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/quic/quic_tls_api.c:202:9: branch_false: ...to here
openssl-3.5.0/ssl/quic/quic_tls_api.c:202:9: danger: dereference of NULL 'sc'
#  200|       }
#  201|   
#  202|->     if (sc->qtls == NULL) {
#  203|           ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
#  204|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def153]
openssl-3.5.0/ssl/record/methods/ktls_meth.c:225:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.0/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.0/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.0/ssl/record/methods/ktls_meth.c:225:9: danger: dereference of NULL 'eiv'
#  223|           crypto_info->gcm128.info.version = version;
#  224|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
#  225|->         memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
#  226|           memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
#  227|           memcpy(crypto_info->gcm128.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def154]
openssl-3.5.0/ssl/record/methods/ktls_meth.c:242:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.0/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.0/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.0/ssl/record/methods/ktls_meth.c:242:9: danger: dereference of NULL 'eiv'
#  240|           crypto_info->gcm256.info.version = version;
#  241|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
#  242|->         memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
#  243|           memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
#  244|           memcpy(crypto_info->gcm256.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def155]
openssl-3.5.0/ssl/record/methods/ktls_meth.c:260:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.0/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.0/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.0/ssl/record/methods/ktls_meth.c:260:9: danger: dereference of NULL 'eiv'
#  258|           crypto_info->ccm128.info.version = version;
#  259|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
#  260|->         memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
#  261|           memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
#  262|           memcpy(crypto_info->ccm128.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def156]
openssl-3.5.0/ssl/record/rec_layer_s3.c:668:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/record/rec_layer_s3.c:628:9: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/rec_layer_s3.c:636:8: branch_false: ...to here
openssl-3.5.0/ssl/record/rec_layer_s3.c:666:8: branch_true: following 'true' branch...
openssl-3.5.0/ssl/record/rec_layer_s3.c:668:13: danger: dereference of NULL 's'
#  666|       if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) {
#  667|           /* type == SSL3_RT_APPLICATION_DATA */
#  668|->         i = s->handshake_func(ssl);
#  669|           /* SSLfatal() already called */
#  670|           if (i < 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def157]
openssl-3.5.0/ssl/record/rec_layer_s3.c:676:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/record/rec_layer_s3.c:628:9: branch_false: following 'false' branch...
openssl-3.5.0/ssl/record/rec_layer_s3.c:636:8: branch_false: ...to here
openssl-3.5.0/ssl/record/rec_layer_s3.c:676:5: danger: dereference of NULL 's'
#  674|       }
#  675|    start:
#  676|->     s->rwstate = SSL_NOTHING;
#  677|   
#  678|       /*-

Error: COMPILER_WARNING: [#def158]
openssl-3.5.0/ssl/ssl_ciph.c:12:9: warning: '_GNU_SOURCE' redefined
#   12 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   10|    */
#   11|   
#   12|-> #define _GNU_SOURCE
#   13|   #include <stdio.h>
#   14|   #include <ctype.h>

Error: COMPILER_WARNING: [#def159]
openssl-3.5.0/ssl/ssl_ciph.c:12:9: warning[warning]: '_GNU_SOURCE' redefined
#   10|    */
#   11|   
#   12|-> #define _GNU_SOURCE
#   13|   #include <stdio.h>
#   14|   #include <ctype.h>

Error: GCC_ANALYZER_WARNING (CWE-476): [#def160]
openssl-3.5.0/ssl/ssl_lib.c:988:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:985:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:988:9: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:988:9: danger: dereference of NULL 's'
#  986|   
#  987|   #ifndef OPENSSL_NO_QUIC
#  988|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
#  989|           return 0;
#  990|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def161]
openssl-3.5.0/ssl/ssl_lib.c:1003:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:1000:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:1003:9: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:1003:9: danger: dereference of NULL 's'
# 1001|   
# 1002|   #ifndef OPENSSL_NO_QUIC
# 1003|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 1004|           return 0;
# 1005|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def162]
openssl-3.5.0/ssl/ssl_lib.c:1745:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:1740:5: enter_function: entry to 'SSL_set_wfd'
openssl-3.5.0/ssl/ssl_lib.c:1742:17: call_function: calling 'SSL_get_rbio' from 'SSL_set_wfd'
openssl-3.5.0/ssl/ssl_lib.c:1742:17: return_function: returning to 'SSL_set_wfd' from 'SSL_get_rbio'
openssl-3.5.0/ssl/ssl_lib.c:1743:24: branch_false: following 'false' branch (when 's' is NULL)...
 branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:1745:9: danger: dereference of NULL 's'
# 1743|       int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
# 1744|   
# 1745|->     if (s->type == SSL_TYPE_QUIC_XSO) {
# 1746|           ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
# 1747|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def163]
openssl-3.5.0/ssl/ssl_lib.c:1782:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:1777:5: enter_function: entry to 'SSL_set_rfd'
openssl-3.5.0/ssl/ssl_lib.c:1779:17: call_function: calling 'SSL_get_wbio' from 'SSL_set_rfd'
openssl-3.5.0/ssl/ssl_lib.c:1779:17: return_function: returning to 'SSL_set_rfd' from 'SSL_get_wbio'
openssl-3.5.0/ssl/ssl_lib.c:1780:24: branch_false: following 'false' branch (when 's' is NULL)...
 branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:1782:9: danger: dereference of NULL 's'
# 1780|       int desired_type = IS_QUIC(s) ? BIO_TYPE_DGRAM : BIO_TYPE_SOCKET;
# 1781|   
# 1782|->     if (s->type == SSL_TYPE_QUIC_XSO) {
# 1783|           ERR_raise(ERR_LIB_SSL, SSL_R_CONN_USE_ONLY);
# 1784|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def164]
openssl-3.5.0/ssl/ssl_lib.c:4948:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/ssl/ssl_lib.c:4941:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:4948:9: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:4948:9: danger: dereference of NULL 'sc'
# 4946|   #endif
# 4947|   
# 4948|->     if (sc->handshake_func == NULL) {
# 4949|           ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
# 4950|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def165]
openssl-3.5.0/ssl/ssl_lib.c:4985:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/ssl/ssl_lib.c:4976:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:4985:5: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:4985:5: danger: dereference of NULL 'sc'
# 4983|   #endif
# 4984|   
# 4985|->     sc->server = 1;
# 4986|       sc->shutdown = 0;
# 4987|       ossl_statem_clear(sc);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def166]
openssl-3.5.0/ssl/ssl_lib.c:5004:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/ssl/ssl_lib.c:4995:26: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:5004:5: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:5004:5: danger: dereference of NULL 'sc'
# 5002|   #endif
# 5003|   
# 5004|->     sc->server = 0;
# 5005|       sc->shutdown = 0;
# 5006|       ossl_statem_clear(sc);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def167]
openssl-3.5.0/ssl/ssl_lib.c:5062:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:5058:32: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:5062:9: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:5062:9: danger: dereference of NULL 's'
# 5060|   #ifndef OPENSSL_NO_QUIC
# 5061|       /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5062|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5063|           return "QUICv1";
# 5064|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def168]
openssl-3.5.0/ssl/ssl_lib.c:5424:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:5420:32: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:5424:9: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:5424:9: danger: dereference of NULL 's'
# 5422|   #ifndef OPENSSL_NO_QUIC
# 5423|       /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5424|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5425|           return OSSL_QUIC1_VERSION;
# 5426|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def169]
openssl-3.5.0/ssl/ssl_lib.c:5439:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/ssl/ssl_lib.c:5435:32: branch_false: following 'false' branch (when 's' is NULL)...
openssl-3.5.0/ssl/ssl_lib.c:5439:9: branch_false: ...to here
openssl-3.5.0/ssl/ssl_lib.c:5439:9: danger: dereference of NULL 's'
# 5437|   #ifndef OPENSSL_NO_QUIC
# 5438|       /* We only support QUICv1 - so if its QUIC its QUICv1 */
# 5439|->     if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO)
# 5440|           return OSSL_QUIC1_VERSION;
# 5441|   #endif

Error: CPPCHECK_WARNING (CWE-476): [#def170]
openssl-3.5.0/ssl/ssl_rsa.c:990: warning[nullPointer]: Possible null pointer dereference: ctx
#  988|           return 0;
#  989|   
#  990|->     c = sc != NULL ? sc->cert : ctx->cert;
#  991|       /* Do all security checks before anything else */
#  992|       rv = ssl_security_cert(sc, ctx, x509, 0, 1);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def171]
openssl-3.5.0/ssl/t1_lib.c:4772:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'lu'
openssl-3.5.0/ssl/t1_lib.c:4655:12: branch_false: following 'false' branch...
openssl-3.5.0/ssl/t1_lib.c:4657:14: branch_false: ...to here
openssl-3.5.0/ssl/t1_lib.c:4660:12: branch_true: following 'true' branch...
openssl-3.5.0/ssl/t1_lib.c:4662:17: branch_true: ...to here
openssl-3.5.0/ssl/t1_lib.c:4662:16: branch_true: following 'true' branch...
openssl-3.5.0/ssl/t1_lib.c:4664:26: branch_true: ...to here
openssl-3.5.0/ssl/t1_lib.c:4667:20: branch_false: following 'false' branch...
openssl-3.5.0/ssl/t1_lib.c:4675:17: branch_false: ...to here
openssl-3.5.0/ssl/t1_lib.c:4675:29: branch_false: following 'false' branch...
openssl-3.5.0/ssl/t1_lib.c:4709:26: branch_false: ...to here
openssl-3.5.0/ssl/t1_lib.c:4724:20: branch_false: following 'false' branch...
openssl-3.5.0/ssl/t1_lib.c:4771:8: branch_false: ...to here
openssl-3.5.0/ssl/t1_lib.c:4771:8: branch_true: following 'true' branch (when 'sig_idx == -1')...
openssl-3.5.0/ssl/t1_lib.c:4772:9: branch_true: ...to here
openssl-3.5.0/ssl/t1_lib.c:4772:9: danger: dereference of NULL 'lu'
# 4770|       }
# 4771|       if (sig_idx == -1)
# 4772|->         sig_idx = lu->sig_idx;
# 4773|       s->s3.tmp.cert = &s->cert->pkeys[sig_idx];
# 4774|       s->cert->key = s->s3.tmp.cert;

Error: COMPILER_WARNING (CWE-1164): [#def172]
openssl-3.5.0/test/acvp_test.c:553:12: warning[-Wunused-function]: 'dsa_keygen_test' defined but not used
#  553 | static int dsa_keygen_test(int id)
#      |            ^~~~~~~~~~~~~~~
#  551|   }
#  552|   
#  553|-> static int dsa_keygen_test(int id)
#  554|   {
#  555|       int ret = 0, i;

Error: COMPILER_WARNING (CWE-1164): [#def173]
openssl-3.5.0/test/acvp_test.c:595:12: warning[-Wunused-function]: 'dsa_paramgen_test' defined but not used
#  595 | static int dsa_paramgen_test(int id)
#      |            ^~~~~~~~~~~~~~~~~
#  593|   }
#  594|   
#  595|-> static int dsa_paramgen_test(int id)
#  596|   {
#  597|       int ret = 0, counter = 0;

Error: COMPILER_WARNING (CWE-1164): [#def174]
openssl-3.5.0/test/acvp_test.c:714:12: warning[-Wunused-function]: 'dsa_pqver_test' defined but not used
#  714 | static int dsa_pqver_test(int id)
#      |            ^~~~~~~~~~~~~~
#  712|   }
#  713|   
#  714|-> static int dsa_pqver_test(int id)
#  715|   {
#  716|       int ret = 0;

Error: COMPILER_WARNING (CWE-1164): [#def175]
openssl-3.5.0/test/acvp_test.c:783:12: warning[-Wunused-function]: 'dsa_siggen_test' defined but not used
#  783 | static int dsa_siggen_test(int id)
#      |            ^~~~~~~~~~~~~~~
#  781|   }
#  782|   
#  783|-> static int dsa_siggen_test(int id)
#  784|   {
#  785|       int ret = 0;

Error: COMPILER_WARNING (CWE-1164): [#def176]
openssl-3.5.0/test/acvp_test.c:813:12: warning[-Wunused-function]: 'dsa_sigver_test' defined but not used
#  813 | static int dsa_sigver_test(int id)
#      |            ^~~~~~~~~~~~~~~
#  811|   }
#  812|   
#  813|-> static int dsa_sigver_test(int id)
#  814|   {
#  815|       int ret = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def177]
openssl-3.5.0/test/cert_comp_test.c:216: warning[nullPointer]: Possible null pointer dereference: sc
#  214|   
#  215|           /* expect that the pre-compressed cert won't be used */
#  216|->         if (!TEST_int_eq(sc->cert->key->cert_comp_used, 0))
#  217|               goto end;
#  218|   

Error: CPPCHECK_WARNING (CWE-476): [#def178]
openssl-3.5.0/test/cert_comp_test.c:224: warning[nullPointer]: Possible null pointer dereference: sc
#  222|           SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(serverssl);
#  223|   
#  224|->         if (!TEST_int_gt(sc->cert->key->cert_comp_used, 0))
#  225|               goto end;
#  226|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def179]
openssl-3.5.0/test/cert_comp_test.c:224:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.0/test/cert_comp_test.c:157:8: branch_false: following 'false' branch (when 'test != 3')...
openssl-3.5.0/test/cert_comp_test.c:162:10: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:162:8: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:177:14: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:177:12: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:179:14: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:179:12: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:182:8: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:193:8: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:197:10: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:197:8: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:199:10: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:199:8: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:201:5: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:209:8: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:222:30: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:222:30: branch_false: following 'false' branch...
openssl-3.5.0/test/cert_comp_test.c:224:14: branch_false: ...to here
openssl-3.5.0/test/cert_comp_test.c:224:14: danger: dereference of NULL 'sc'
#  222|           SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(serverssl);
#  223|   
#  224|->         if (!TEST_int_gt(sc->cert->key->cert_comp_used, 0))
#  225|               goto end;
#  226|   

Error: COMPILER_WARNING (CWE-1164): [#def180]
openssl-3.5.0/test/cipherlist_test.c:197:12: warning[-Wunused-function]: 'test_default_cipherlist_implicit' defined but not used
#  197 | static int test_default_cipherlist_implicit(void)
#      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  195|       EXECUTE_TEST(execute_test, tear_down)
#  196|   
#  197|-> static int test_default_cipherlist_implicit(void)
#  198|   {
#  199|       SETUP_CIPHERLIST_TEST_FIXTURE();

Error: GCC_ANALYZER_WARNING (CWE-476): [#def181]
openssl-3.5.0/test/drbgtest.c:101:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'drbg'
openssl-3.5.0/test/drbgtest.c:802:12: enter_function: entry to 'test_rand_prediction_resistance'
openssl-3.5.0/test/drbgtest.c:812:8: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:813:13: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:812:9: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:814:13: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:812:9: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:815:13: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:812:9: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:816:13: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:812:9: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:817:13: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:812:9: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:818:13: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:812:9: branch_false: following 'false' branch...
openssl-3.5.0/test/drbgtest.c:825:5: branch_false: ...to here
openssl-3.5.0/test/drbgtest.c:825:5: call_function: calling 'inc_reseed_counter' from 'test_rand_prediction_resistance'
#   99|   static PROV_DRBG *prov_rand(EVP_RAND_CTX *drbg)
#  100|   {
#  101|->     return (PROV_DRBG *)drbg->algctx;
#  102|   }
#  103|   

Error: COMPILER_WARNING (CWE-563): [#def182]
openssl-3.5.0/test/ectest.c:170:19: warning[-Wunused-but-set-variable]: variable 'buf' set but not used
#  170 |     unsigned char buf[100];
#      |                   ^~~
#  168|       const BIGNUM *scalars[4];
#  169|   #endif
#  170|->     unsigned char buf[100];
#  171|       size_t len, r = 0;
#  172|       int k;

Error: COMPILER_WARNING (CWE-563): [#def183]
openssl-3.5.0/test/ectest.c:171:12: warning[-Wunused-variable]: unused variable 'len'
#  171 |     size_t len, r = 0;
#      |            ^~~
#  169|   #endif
#  170|       unsigned char buf[100];
#  171|->     size_t len, r = 0;
#  172|       int k;
#  173|   

Error: COMPILER_WARNING (CWE-563): [#def184]
openssl-3.5.0/test/ectest.c: scope_hint: In function 'prime_field_tests'
openssl-3.5.0/test/ectest.c:172:9: warning[-Wunused-variable]: unused variable 'k'
#  172 |     int k;
#      |         ^
#  170|       unsigned char buf[100];
#  171|       size_t len, r = 0;
#  172|->     int k;
#  173|   
#  174|       if (!TEST_ptr(ctx = BN_CTX_new())

Error: COMPILER_WARNING (CWE-1164): [#def185]
openssl-3.5.0/test/ectest.c: scope_hint: At top level
openssl-3.5.0/test/ectest.c:2079:12: warning[-Wunused-function]: 'cofactor_range_test' defined but not used
# 2079 | static int cofactor_range_test(void)
#      |            ^~~~~~~~~~~~~~~~~~~
# 2077|    * conform to that -- this is just robustness testing.
# 2078|    */
# 2079|-> static int cofactor_range_test(void)
# 2080|   {
# 2081|       EC_GROUP *group = NULL;

Error: COMPILER_WARNING (CWE-563): [#def186]
openssl-3.5.0/test/ectest.c:2345:18: warning[-Wunused-variable]: unused variable 'i_out'
# 2345 |     int ret = 0, i_out;
#      |                  ^~~~~
# 2343|                                               unsigned char *gen, int gen_size)
# 2344|   {
# 2345|->     int ret = 0, i_out;
# 2346|       EVP_PKEY_CTX *pctx = NULL;
# 2347|       EVP_PKEY *pkeyparam = NULL;

Error: COMPILER_WARNING (CWE-563): [#def187]
openssl-3.5.0/test/ectest.c:2351:23: warning[-Wunused-variable]: unused variable 'gettable'
# 2351 |     const OSSL_PARAM *gettable;
#      |                       ^~~~~~~~
# 2349|       const char *field_name;
# 2350|       OSSL_PARAM *params = NULL;
# 2351|->     const OSSL_PARAM *gettable;
# 2352|       BIGNUM *p, *a, *b;
# 2353|       BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL;

Error: COMPILER_WARNING (CWE-563): [#def188]
openssl-3.5.0/test/ectest.c:2355:10: warning[-Wunused-variable]: unused variable 'name'
# 2355 |     char name[80];
#      |          ^~~~
# 2353|       BIGNUM *p_out = NULL, *a_out = NULL, *b_out = NULL;
# 2354|       BIGNUM *order_out = NULL, *cofactor_out = NULL;
# 2355|->     char name[80];
# 2356|       unsigned char buf[1024];
# 2357|       size_t buf_len, name_len;

Error: COMPILER_WARNING (CWE-563): [#def189]
openssl-3.5.0/test/ectest.c:2356:19: warning[-Wunused-variable]: unused variable 'buf'
# 2356 |     unsigned char buf[1024];
#      |                   ^~~
# 2354|       BIGNUM *order_out = NULL, *cofactor_out = NULL;
# 2355|       char name[80];
# 2356|->     unsigned char buf[1024];
# 2357|       size_t buf_len, name_len;
# 2358|   #ifndef OPENSSL_NO_EC2M

Error: COMPILER_WARNING (CWE-563): [#def190]
openssl-3.5.0/test/ectest.c:2357:12: warning[-Wunused-variable]: unused variable 'buf_len'
# 2357 |     size_t buf_len, name_len;
#      |            ^~~~~~~
# 2355|       char name[80];
# 2356|       unsigned char buf[1024];
# 2357|->     size_t buf_len, name_len;
# 2358|   #ifndef OPENSSL_NO_EC2M
# 2359|       unsigned int k1 = 0, k2 = 0, k3 = 0;

Error: COMPILER_WARNING (CWE-563): [#def191]
openssl-3.5.0/test/ectest.c: scope_hint: In function 'do_test_custom_explicit_fromdata'
openssl-3.5.0/test/ectest.c:2357:21: warning[-Wunused-variable]: unused variable 'name_len'
# 2357 |     size_t buf_len, name_len;
#      |                     ^~~~~~~~
# 2355|       char name[80];
# 2356|       unsigned char buf[1024];
# 2357|->     size_t buf_len, name_len;
# 2358|   #ifndef OPENSSL_NO_EC2M
# 2359|       unsigned int k1 = 0, k2 = 0, k3 = 0;

Error: COMPILER_WARNING (CWE-563): [#def192]
openssl-3.5.0/test/ectest.c:2667:12: warning[-Wunused-variable]: unused variable 'sslen'
# 2667 |     size_t sslen, t;
#      |            ^~~~~
# 2665|       EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
# 2666|       EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
# 2667|->     size_t sslen, t;
# 2668|       unsigned char *pub1 = NULL , *pub2 = NULL;
# 2669|       OSSL_PARAM_BLD *param_bld = NULL;

Error: COMPILER_WARNING (CWE-563): [#def193]
openssl-3.5.0/test/ectest.c: scope_hint: In function 'custom_params_test'
openssl-3.5.0/test/ectest.c:2667:19: warning[-Wunused-variable]: unused variable 't'
# 2667 |     size_t sslen, t;
#      |                   ^
# 2665|       EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
# 2666|       EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
# 2667|->     size_t sslen, t;
# 2668|       unsigned char *pub1 = NULL , *pub2 = NULL;
# 2669|       OSSL_PARAM_BLD *param_bld = NULL;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def194]
openssl-3.5.0/test/endecode_test.c:782:12: warning[-Wanalyzer-null-argument]: use of NULL 'data' where non-null expected
openssl-3.5.0/test/endecode_test.c:785:12: enter_function: entry to 'test_protected_via_legacy_PEM'
openssl-3.5.0/test/endecode_test.c:790:12: call_function: calling 'test_encode_decode' from 'test_protected_via_legacy_PEM'
#argument 1 of '__builtin_strstr' must be non-null
#  780|                                    "-----BEGIN %s PRIVATE KEY-----", type), 0)
#  781|           && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
#  782|->         && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
#  783|   }
#  784|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def195]
openssl-3.5.0/test/endecoder_legacy_test.c:519:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/test/endecoder_legacy_test.c:504:12: enter_function: entry to 'test_key'
openssl-3.5.0/test/endecoder_legacy_test.c:514:8: branch_false: following 'false' branch...
openssl-3.5.0/test/endecoder_legacy_test.c:515:13: branch_false: ...to here
openssl-3.5.0/test/endecoder_legacy_test.c:515:13: call_function: calling 'lookup_key' from 'test_key'
openssl-3.5.0/test/endecoder_legacy_test.c:515:13: return_function: returning to 'test_key' from 'lookup_key'
openssl-3.5.0/test/endecoder_legacy_test.c:514:9: branch_false: following 'false' branch...
openssl-3.5.0/test/endecoder_legacy_test.c:519:10: branch_false: ...to here
openssl-3.5.0/test/endecoder_legacy_test.c:519:10: danger: dereference of NULL 'lookup_key(test_stanzas[idx].keytype)'
#  517|   
#  518|       /* Set up the keys */
#  519|->     if (!TEST_ptr(pkey = key->key)
#  520|           || !TEST_true(evp_pkey_copy_downgraded(&downgraded_pkey, pkey))
#  521|           || !TEST_ptr(downgraded_pkey)

Error: CPPCHECK_WARNING (CWE-416): [#def196]
openssl-3.5.0/test/evp_extra_test2.c:519: error[deallocuse]: Dereferencing 'fp' after it is deallocated / released
#  517|           || !TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "EC", "P-256"))
#  518|           || !TEST_true(i2d_PUBKEY_fp(fp, key))
#  519|->         || !TEST_int_eq(fclose(fp), 0))
#  520|           goto err;
#  521|       fp = NULL;

Error: GCC_ANALYZER_WARNING (CWE-910): [#def197]
openssl-3.5.0/test/evp_extra_test2.c:533:5: warning[-Wanalyzer-double-fclose]: double 'fclose' of FILE 'fp'
openssl-3.5.0/test/evp_extra_test2.c:516:10: acquire_resource: opened here
openssl-3.5.0/test/evp_extra_test2.c:516:8: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_extra_test2.c:517:13: branch_false: ...to here
openssl-3.5.0/test/evp_extra_test2.c:516:9: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_extra_test2.c:518:13: branch_false: ...to here
openssl-3.5.0/test/evp_extra_test2.c:516:9: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_extra_test2.c:519:13: branch_false: ...to here
openssl-3.5.0/test/evp_extra_test2.c:519:13: release_resource: first 'fclose' here
openssl-3.5.0/test/evp_extra_test2.c:516:9: branch_true: following 'true' branch...
 branch_true: ...to here
openssl-3.5.0/test/evp_extra_test2.c:533:5: danger: second 'fclose' here; first 'fclose' was at [(8)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/7)
#  531|       EVP_PKEY_free(outkey);
#  532|       EVP_PKEY_free(key);
#  533|->     fclose(fp);
#  534|       return ret;
#  535|   }

Error: GCC_ANALYZER_WARNING (CWE-415): [#def198]
openssl-3.5.0/test/evp_extra_test2.c:533:5: warning[-Wanalyzer-double-free]: double-'fclose' of 'fp'
openssl-3.5.0/test/evp_extra_test2.c:516:10: acquire_memory: allocated here
openssl-3.5.0/test/evp_extra_test2.c:516:8: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_extra_test2.c:517:13: branch_false: ...to here
openssl-3.5.0/test/evp_extra_test2.c:516:9: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_extra_test2.c:518:13: branch_false: ...to here
openssl-3.5.0/test/evp_extra_test2.c:516:9: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_extra_test2.c:519:13: branch_false: ...to here
openssl-3.5.0/test/evp_extra_test2.c:519:13: release_memory: first 'fclose' here
openssl-3.5.0/test/evp_extra_test2.c:516:9: branch_true: following 'true' branch...
 branch_true: ...to here
openssl-3.5.0/test/evp_extra_test2.c:533:5: danger: second 'fclose' here; first 'fclose' was at [(8)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/7)
#  531|       EVP_PKEY_free(outkey);
#  532|       EVP_PKEY_free(key);
#  533|->     fclose(fp);
#  534|       return ret;
#  535|   }

Error: GCC_ANALYZER_WARNING (CWE-688): [#def199]
openssl-3.5.0/test/evp_extra_test2.c:533:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'fp' where non-null expected
openssl-3.5.0/test/evp_extra_test2.c:516:10: acquire_memory: this call could return NULL
openssl-3.5.0/test/evp_extra_test2.c:516:8: branch_true: following 'true' branch...
openssl-3.5.0/test/evp_extra_test2.c:520:9: branch_true: ...to here
openssl-3.5.0/test/evp_extra_test2.c:533:5: danger: argument 1 ('fp') from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  531|       EVP_PKEY_free(outkey);
#  532|       EVP_PKEY_free(key);
#  533|->     fclose(fp);
#  534|       return ret;
#  535|   }

Error: GCC_ANALYZER_WARNING (CWE-121): [#def200]
openssl-3.5.0/test/evp_fetch_prov_test.c:96:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.0/test/evp_fetch_prov_test.c:308:12: enter_function: entry to 'test_explicit_EVP_CIPHER_fetch'
openssl-3.5.0/test/evp_fetch_prov_test.c:315:8: branch_true: following 'true' branch...
openssl-3.5.0/test/evp_fetch_prov_test.c:315:34: branch_true: ...to here
openssl-3.5.0/test/evp_fetch_prov_test.c:315:34: call_function: calling 'load_providers' from 'test_explicit_EVP_CIPHER_fetch'
#   94|       for (i = 0; i < test_get_argument_count(); ++i) {
#   95|           char *provname = test_get_argument(i);
#   96|->         prov[i] = OSSL_PROVIDER_load(ctx, provname);
#   97|           if (!TEST_ptr(prov[i]))
#   98|               goto err;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def201]
openssl-3.5.0/test/evp_test.c:4178:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'pub'
openssl-3.5.0/test/evp_test.c:4173:8: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_test.c:4174:17: branch_false: ...to here
openssl-3.5.0/test/evp_test.c:4173:9: branch_false: following 'false' branch...
openssl-3.5.0/test/evp_test.c:4178:6: branch_false: ...to here
openssl-3.5.0/test/evp_test.c:4178:5: danger: dereference of NULL 'pub'
# 4176|           goto end;
# 4177|       }
# 4178|->     *pub++ = '\0';
# 4179|   
# 4180|       if (!TEST_true(find_key(&pk, priv, private_keys))) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def202]
openssl-3.5.0/test/fake_rsaprov.c:89:5: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/test/fake_rsaprov.c:611:12: enter_function: entry to 'fake_rsa_st_load'
openssl-3.5.0/test/fake_rsaprov.c:623:12: branch_false: following 'false' branch...
openssl-3.5.0/test/fake_rsaprov.c:629:14: branch_false: ...to here
openssl-3.5.0/test/fake_rsaprov.c:629:14: call_function: calling 'fake_rsa_keymgmt_new' from 'fake_rsa_st_load'
openssl-3.5.0/test/fake_rsaprov.c:629:14: return_function: returning to 'fake_rsa_st_load' from 'fake_rsa_keymgmt_new'
openssl-3.5.0/test/fake_rsaprov.c:629:12: branch_false: following 'false' branch...
openssl-3.5.0/test/fake_rsaprov.c:631:14: branch_false: ...to here
openssl-3.5.0/test/fake_rsaprov.c:631:14: release_memory: 'key' is NULL
openssl-3.5.0/test/fake_rsaprov.c:631:14: call_function: inlined call to 'fake_rsa_keymgmt_import' from 'fake_rsa_st_load'
#   87|   
#   88|       /* key was imported */
#   89|->     fake_rsa_key->status = 1;
#   90|   
#   91|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def203]
openssl-3.5.0/test/fake_rsaprov.c:261:5: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/test/fake_rsaprov.c:248:14: enter_function: entry to 'fake_rsa_gen'
openssl-3.5.0/test/fake_rsaprov.c:254:8: branch_false: following 'false' branch...
openssl-3.5.0/test/fake_rsaprov.c:255:13: branch_false: ...to here
openssl-3.5.0/test/fake_rsaprov.c:254:9: branch_false: following 'false' branch...
openssl-3.5.0/test/fake_rsaprov.c:258:10: branch_false: ...to here
openssl-3.5.0/test/fake_rsaprov.c:258:10: call_function: calling 'fake_rsa_keymgmt_new' from 'fake_rsa_gen'
openssl-3.5.0/test/fake_rsaprov.c:258:10: return_function: returning to 'fake_rsa_gen' from 'fake_rsa_keymgmt_new'
openssl-3.5.0/test/fake_rsaprov.c:258:8: branch_false: following 'false' branch...
openssl-3.5.0/test/fake_rsaprov.c:261:5: branch_false: ...to here
openssl-3.5.0/test/fake_rsaprov.c:261:5: danger: dereference of NULL 'fake_rsa_keymgmt_new(0)'
#  259|           return NULL;
#  260|   
#  261|->     keydata->status = 2;
#  262|       return keydata;
#  263|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def204]
openssl-3.5.0/test/helpers/quictestlib.c:278:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'fault'
openssl-3.5.0/test/helpers/quictestlib.c:140:8: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:143:5: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:150:8: branch_false: following 'false' branch (when 'fault' is NULL)...
openssl-3.5.0/test/helpers/quictestlib.c:158:9: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:158:8: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:167:8: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:171:8: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:174:10: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:174:8: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:177:9: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:185:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:187:16: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:188:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:193:16: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:194:12: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:244:8: branch_true: following 'true' branch...
openssl-3.5.0/test/helpers/quictestlib.c:246:36: branch_true: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:251:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:254:20: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:256:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:258:16: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:259:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:265:20: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:267:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:269:16: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:270:12: branch_false: following 'false' branch...
openssl-3.5.0/test/helpers/quictestlib.c:276:9: branch_false: ...to here
openssl-3.5.0/test/helpers/quictestlib.c:278:9: danger: dereference of NULL 'fault'
#  276|           (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 2, NULL);
#  277|   
#  278|->         (*fault)->noiseargs.cbio = cbio;
#  279|           (*fault)->noiseargs.sbio = sbio;
#  280|           (*fault)->noiseargs.tracebio = tmpbio;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def205]
openssl-3.5.0/test/lhash_test.c:201:19: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/test/lhash_test.c:198:12: enter_function: entry to 'int_foreach'
openssl-3.5.0/test/lhash_test.c:200:15: call_function: inlined call to 'ossl_ht_test_int_from_value' from 'int_foreach'
openssl-3.5.0/test/lhash_test.c:201:19: branch_true: ...to here
openssl-3.5.0/test/lhash_test.c:201:19: danger: dereference of NULL '<unknown>'
#  199|   {
#  200|       int *vd = ossl_ht_test_int_from_value(v);
#  201|->     const int n = int_find(*vd);
#  202|   
#  203|       if (n < 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def206]
openssl-3.5.0/test/lhash_test.c:468:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/test/lhash_test.c:402:12: enter_function: entry to 'test_hashtable_stress'
openssl-3.5.0/test/lhash_test.c:426:8: branch_false: following 'false' branch...
openssl-3.5.0/test/lhash_test.c:432:5: branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:435:17: branch_true: following 'true' branch (when 'i != 2500000')...
openssl-3.5.0/test/lhash_test.c:436:13: branch_true: ...to here
openssl-3.5.0/test/lhash_test.c:437:12: branch_false: following 'false' branch...
openssl-3.5.0/test/lhash_test.c:441:14: branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:443:14: call_function: calling 'ossl_ht_test_int_insert' from 'test_hashtable_stress'
openssl-3.5.0/test/lhash_test.c:443:14: return_function: returning to 'test_hashtable_stress' from 'ossl_ht_test_int_insert'
openssl-3.5.0/test/lhash_test.c:443:12: branch_false: following 'false' branch...
openssl-3.5.0/test/lhash_test.c:435:24: branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:435:17: branch_true: following 'true' branch (when 'i != 2500000')...
openssl-3.5.0/test/lhash_test.c:436:13: branch_true: ...to here
openssl-3.5.0/test/lhash_test.c:437:12: branch_false: following 'false' branch...
openssl-3.5.0/test/lhash_test.c:441:14: branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:443:14: call_function: calling 'ossl_ht_test_int_insert' from 'test_hashtable_stress'
openssl-3.5.0/test/lhash_test.c:443:14: return_function: returning to 'test_hashtable_stress' from 'ossl_ht_test_int_insert'
openssl-3.5.0/test/lhash_test.c:443:12: branch_false: following 'false' branch...
openssl-3.5.0/test/lhash_test.c:435:24: branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:451:8: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:455:17: branch_true: following 'true' branch (when 'i != 2500000')...
openssl-3.5.0/test/lhash_test.c:456:24: branch_true: ...to here
openssl-3.5.0/test/lhash_test.c:467:16: branch_false: following 'false' branch...
openssl-3.5.0/test/lhash_test.c:468:21: branch_false: ...to here
openssl-3.5.0/test/lhash_test.c:468:21: danger: dereference of NULL 'ossl_ht_test_int_get(ossl_ht_new(&hash_conf), &key.key_header, & v)'
#  466|           case 1:
#  467|               if (!TEST_ptr(p = ossl_ht_test_int_get(h, TO_HT_KEY(&key), &v))
#  468|->                 || !TEST_int_eq(*p, j)) {
#  469|                   TEST_info("hashtable didn't get key %d\n", j);
#  470|                   goto end;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def207]
openssl-3.5.0/test/params_test.c:92:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'vobj'
openssl-3.5.0/test/params_test.c:437:12: enter_function: entry to 'test_case_variant'
openssl-3.5.0/test/params_test.c:447:10: call_function: calling 'init_object' from 'test_case_variant'
openssl-3.5.0/test/params_test.c:447:10: return_function: returning to 'test_case_variant' from 'init_object'
openssl-3.5.0/test/params_test.c:447:8: branch_true: following 'true' branch...
openssl-3.5.0/test/params_test.c:450:9: branch_true: ...to here
openssl-3.5.0/test/params_test.c:533:5: call_function: calling 'cleanup_object' from 'test_case_variant'
#   90|       struct object_st *obj = vobj;
#   91|   
#   92|->     BN_free(obj->p3);
#   93|       obj->p3 = NULL;
#   94|       OPENSSL_free(obj->p4);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def208]
openssl-3.5.0/test/params_test.c:489:14: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.0/test/params_test.c:447:8: branch_false: following 'false' branch...
openssl-3.5.0/test/params_test.c:448:13: branch_false: ...to here
openssl-3.5.0/test/params_test.c:447:9: branch_false: following 'false' branch...
openssl-3.5.0/test/params_test.c:457:5: branch_false: ...to here
openssl-3.5.0/test/params_test.c:484:8: branch_false: following 'false' branch...
openssl-3.5.0/test/params_test.c:489:14: branch_false: ...to here
openssl-3.5.0/test/params_test.c:489:14: danger: dereference of NULL 'init_object()'
#  487|           struct object_st *sneakpeek = obj;
#  488|   
#  489|->         if (!TEST_int_eq(sneakpeek->p1, app_p1)         /* app value set */
#  490|               || !TEST_double_eq(sneakpeek->p2, p2_init)  /* Should remain untouched */
#  491|               || !TEST_BN_eq(sneakpeek->p3, app_p3)       /* app value set */

Error: GCC_ANALYZER_WARNING (CWE-124): [#def209]
openssl-3.5.0/test/quic_multistream_test.c:1221:16: warning[-Wanalyzer-out-of-bounds]: stack-based buffer underwrite
openssl-3.5.0/test/quic_multistream_test.c:5973:12: enter_function: entry to 'test_script'
openssl-3.5.0/test/quic_multistream_test.c:5986:8: branch_false: following 'false' branch...
openssl-3.5.0/test/quic_multistream_test.c:5996:5: branch_false: ...to here
openssl-3.5.0/test/quic_multistream_test.c:6000:12: call_function: calling 'run_script' from 'test_script'
# 1219|                   goto out;
# 1220|   
# 1221|->             if (++repeat_stack_done[repeat_stack_len - 1]
# 1222|                   == repeat_stack_limit[repeat_stack_len - 1]) {
# 1223|                   --repeat_stack_len;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def210]
openssl-3.5.0/test/quic_multistream_test.c:1221:19: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
openssl-3.5.0/test/quic_multistream_test.c:5973:12: enter_function: entry to 'test_script'
openssl-3.5.0/test/quic_multistream_test.c:5986:8: branch_false: following 'false' branch...
openssl-3.5.0/test/quic_multistream_test.c:5996:5: branch_false: ...to here
openssl-3.5.0/test/quic_multistream_test.c:6000:12: call_function: calling 'run_script' from 'test_script'
# 1219|                   goto out;
# 1220|   
# 1221|->             if (++repeat_stack_done[repeat_stack_len - 1]
# 1222|                   == repeat_stack_limit[repeat_stack_len - 1]) {
# 1223|                   --repeat_stack_len;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def211]
openssl-3.5.0/test/quic_multistream_test.c:1222:20: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
openssl-3.5.0/test/quic_multistream_test.c:5973:12: enter_function: entry to 'test_script'
openssl-3.5.0/test/quic_multistream_test.c:5986:8: branch_false: following 'false' branch...
openssl-3.5.0/test/quic_multistream_test.c:5996:5: branch_false: ...to here
openssl-3.5.0/test/quic_multistream_test.c:6000:12: call_function: calling 'run_script' from 'test_script'
# 1220|   
# 1221|               if (++repeat_stack_done[repeat_stack_len - 1]
# 1222|->                 == repeat_stack_limit[repeat_stack_len - 1]) {
# 1223|                   --repeat_stack_len;
# 1224|               } else {

Error: GCC_ANALYZER_WARNING (CWE-127): [#def212]
openssl-3.5.0/test/quic_multistream_test.c:1225:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
openssl-3.5.0/test/quic_multistream_test.c:5973:12: enter_function: entry to 'test_script'
openssl-3.5.0/test/quic_multistream_test.c:5986:8: branch_false: following 'false' branch...
openssl-3.5.0/test/quic_multistream_test.c:5996:5: branch_false: ...to here
openssl-3.5.0/test/quic_multistream_test.c:6000:12: call_function: calling 'run_script' from 'test_script'
# 1223|                   --repeat_stack_len;
# 1224|               } else {
# 1225|->                 op_idx = repeat_stack_idx[repeat_stack_len - 1];
# 1226|                   no_advance = 1;
# 1227|                   continue;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def213]
openssl-3.5.0/test/quicapitest.c:620:21: warning[-Wanalyzer-null-argument]: use of NULL 'tokenval' where non-null expected
openssl-3.5.0/test/quicapitest.c:596:12: branch_true: following 'true' branch...
openssl-3.5.0/test/quicapitest.c:599:9: branch_true: ...to here
openssl-3.5.0/test/quicapitest.c:601:16: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/test/quicapitest.c:596:12: branch_true: following 'true' branch...
openssl-3.5.0/test/quicapitest.c:599:9: branch_true: ...to here
openssl-3.5.0/test/quicapitest.c:619:16: branch_true: following 'true' branch (when 'tmpstring' is non-NULL)...
openssl-3.5.0/test/quicapitest.c:620:21: branch_true: ...to here
openssl-3.5.0/test/quicapitest.c:620:21: danger: argument 2 ('tokenval') NULL where non-null expected
#  618|               tmpstring = strstr(buf, "Token: ");
#  619|               if (tmpstring != NULL
#  620|->                 && !strcmp(tmpstring, tokenval)) {
#  621|                   state = SUCCESS;
#  622|                   TEST_info("Matched next connection token %s\n", tmpstring);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def214]
openssl-3.5.0/test/radix/quic_bindings.c:571:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'rt'
openssl-3.5.0/test/radix/main.c:22:12: enter_function: entry to 'test_script'
openssl-3.5.0/test/radix/main.c:28:10: call_function: calling 'bindings_process_init' from 'test_script'
#  569|           return 0;
#  570|   
#  571|->     set_override_bio_out(rt->debug_bio);
#  572|       set_override_bio_err(rt->debug_bio);
#  573|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def215]
openssl-3.5.0/test/radix/terp.c:770:23: warning[-Wanalyzer-jump-through-null]: jump through null pointer
openssl-3.5.0/test/radix/quic_bindings.c:743:21: enter_function: entry to 'RADIX_THREAD_worker_main'
openssl-3.5.0/test/radix/quic_bindings.c:755:18: call_function: calling 'RADIX_THREAD_worker_run' from 'RADIX_THREAD_worker_main'
#  768|                       goto err;
#  769|   
#  770|->                 ret = v(&terp->fctx);
#  771|   
#  772|                   if (terp->fctx.skip_rest) {

Error: CPPCHECK_WARNING (CWE-758): [#def216]
openssl-3.5.0/test/safe_math_test.c:24: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   22|   
#   23|   /* Create the safe math instances we're interested in */
#   24|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   25|   OSSL_SAFE_MATH_UNSIGNED(uint, unsigned int)
#   26|   OSSL_SAFE_MATH_UNSIGNED(size_t, size_t)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def217]
openssl-3.5.0/test/ssl_handshake_rtt_test.c:81:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:70:17: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:9: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:74:9: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:75:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:81:9: danger: dereference of NULL 's'
#   79|       switch (tst) {
#   80|       case 0:
#   81|->         st->hand_state = TLS_ST_CW_CLNT_HELLO;
#   82|           ossl_statem_client_write_transition(s);
#   83|           OSSL_sleep(1);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def218]
openssl-3.5.0/test/ssl_handshake_rtt_test.c:88:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:70:17: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:9: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:74:9: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:75:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:88:9: danger: dereference of NULL 's'
#   86|           break;
#   87|       case 1:
#   88|->         st->hand_state = TLS_ST_SW_SRVR_DONE;
#   89|           ossl_statem_server_write_transition(s);
#   90|           OSSL_sleep(1);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def219]
openssl-3.5.0/test/ssl_handshake_rtt_test.c:95:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:70:17: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:9: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:74:9: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:75:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:95:9: danger: dereference of NULL 's'
#   93|           break;
#   94|       case 2:
#   95|->         st->hand_state = TLS_ST_CW_CLNT_HELLO;
#   96|           ossl_statem_client_write_transition(s);
#   97|           OSSL_sleep(1);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def220]
openssl-3.5.0/test/ssl_handshake_rtt_test.c:102:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:70:17: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:9: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:74:9: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:75:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:102:9: danger: dereference of NULL 's'
#  100|           break;
#  101|       case 3:
#  102|->         st->hand_state = TLS_ST_SW_SRVR_DONE;
#  103|           ossl_statem_server_write_transition(s);
#  104|           OSSL_sleep(1);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def221]
openssl-3.5.0/test/ssl_handshake_rtt_test.c:109:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:70:17: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:64:9: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:74:9: branch_false: ...to here
openssl-3.5.0/test/ssl_handshake_rtt_test.c:75:8: branch_false: following 'false' branch...
openssl-3.5.0/test/ssl_handshake_rtt_test.c:109:9: danger: dereference of NULL 's'
#  107|           break;
#  108|       case 4:
#  109|->         st->hand_state = TLS_ST_EARLY_DATA;
#  110|           ossl_statem_client_write_transition(s);
#  111|           OSSL_sleep(1);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def222]
openssl-3.5.0/test/sslapitest.c:233:18: warning[-Wanalyzer-null-argument]: use of NULL 'token' where non-null expected
openssl-3.5.0/test/sslapitest.c:223:41: branch_true: following 'true' branch (when 'token' is non-NULL)...
openssl-3.5.0/test/sslapitest.c:225:13: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:225:12: branch_true: following 'true' branch (when the strings are equal)...
openssl-3.5.0/test/sslapitest.c:231:18: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:231:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:233:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:233:18: danger: argument 1 ('token') NULL where non-null expected
#argument 1 of '__builtin_strlen' must be non-null
#  231|               if (!TEST_ptr(token = strtok(NULL, " \n")))
#  232|                   return 0;
#  233|->             if (!TEST_size_t_eq(strlen(token), 16))
#  234|                   return 0;
#  235|               if (!TEST_ptr(token = strtok(NULL, " \n")))

Error: GCC_ANALYZER_WARNING (CWE-688): [#def223]
openssl-3.5.0/test/sslapitest.c:256:18: warning[-Wanalyzer-null-argument]: use of NULL 'token' where non-null expected
openssl-3.5.0/test/sslapitest.c:223:41: branch_true: following 'true' branch (when 'token' is non-NULL)...
openssl-3.5.0/test/sslapitest.c:225:13: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:225:12: branch_false: following 'false' branch (when the strings are non-equal)...
openssl-3.5.0/test/sslapitest.c:243:20: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:243:19: branch_true: following 'true' branch (when the strings are equal)...
openssl-3.5.0/test/sslapitest.c:248:34: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:251:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:254:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:254:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:256:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:256:18: danger: argument 1 ('token') NULL where non-null expected
#argument 1 of '__builtin_strlen' must be non-null
#  254|               if (!TEST_ptr(token = strtok(NULL, " \n")))
#  255|                   return 0;
#  256|->             if (!TEST_size_t_eq(strlen(token), 64))
#  257|                   return 0;
#  258|               if (!TEST_false(compare_hex_encoded_buffer(token, 64,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def224]
openssl-3.5.0/test/sslapitest.c:270:18: warning[-Wanalyzer-null-argument]: use of NULL 'token' where non-null expected
openssl-3.5.0/test/sslapitest.c:223:41: branch_true: following 'true' branch (when 'token' is non-NULL)...
openssl-3.5.0/test/sslapitest.c:225:13: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:225:12: branch_false: following 'false' branch (when the strings are non-equal)...
openssl-3.5.0/test/sslapitest.c:243:20: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:243:19: branch_true: following 'true' branch (when the strings are equal)...
openssl-3.5.0/test/sslapitest.c:248:34: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:251:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:254:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:254:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:256:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:256:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:258:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:258:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:263:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:263:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:265:31: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:268:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:270:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:270:18: danger: argument 1 ('token') NULL where non-null expected
#argument 1 of '__builtin_strlen' must be non-null
#  268|               if (!TEST_size_t_ne(master_key_size, 0))
#  269|                   return 0;
#  270|->             if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
#  271|                                                          actual_master_key,
#  272|                                                          master_key_size)))

Error: GCC_ANALYZER_WARNING (CWE-688): [#def225]
openssl-3.5.0/test/sslapitest.c:311:18: warning[-Wanalyzer-null-argument]: use of NULL 'token' where non-null expected
openssl-3.5.0/test/sslapitest.c:223:41: branch_true: following 'true' branch (when 'token' is non-NULL)...
openssl-3.5.0/test/sslapitest.c:225:13: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:225:12: branch_false: following 'false' branch (when the strings are non-equal)...
openssl-3.5.0/test/sslapitest.c:243:20: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:243:19: branch_false: following 'false' branch (when the strings are non-equal)...
openssl-3.5.0/test/sslapitest.c:275:20: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:306:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:309:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:309:16: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:311:18: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:311:18: danger: argument 1 ('token') NULL where non-null expected
#argument 1 of '__builtin_strlen' must be non-null
#  309|               if (!TEST_ptr(token = strtok(NULL, " \n")))
#  310|                   return 0;
#  311|->             if (!TEST_size_t_eq(strlen(token), 64))
#  312|                   return 0;
#  313|               if (!TEST_false(compare_hex_encoded_buffer(token, 64,

Error: COMPILER_WARNING (CWE-563): [#def226]
openssl-3.5.0/test/sslapitest.c: scope_hint: In function 'test_client_cert_verify_cb'
openssl-3.5.0/test/sslapitest.c:578:25: warning[-Wunused-variable]: unused variable 'status'
#  578 |     int testresult = 0, status;
#      |                         ^~~~~~
#  576|       SSL_CTX *cctx = NULL, *sctx = NULL;
#  577|       SSL *clientssl = NULL, *serverssl = NULL;
#  578|->     int testresult = 0, status;
#  579|   
#  580|       if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),

Error: GCC_ANALYZER_WARNING (CWE-476): [#def227]
openssl-3.5.0/test/sslapitest.c:1783:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'serversc'
openssl-3.5.0/test/sslapitest.c:1725:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1750:10: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1750:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1754:10: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1754:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1757:10: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1757:8: branch_false: following 'false' branch...
 branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1761:17: branch_true: following 'true' branch (when 'i != 16000')...
openssl-3.5.0/test/sslapitest.c:1762:9: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:1765:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1768:10: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1768:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1771:10: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1771:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1779:10: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1779:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:1783:13: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:1783:13: danger: dereference of NULL 'serversc'
# 1781|       rr = serversc->rlayer.tlsrecs;
# 1782|   
# 1783|->     zbuf = &rr->data[rr->off];
# 1784|       if (!TEST_int_eq(rr->length, sizeof(cbuf)))
# 1785|           goto end;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def228]
openssl-3.5.0/test/sslapitest.c:8933:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'x509'
openssl-3.5.0/test/sslapitest.c:8950:12: enter_function: entry to 'cert_cb'
openssl-3.5.0/test/sslapitest.c:8958:8: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:8962:15: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:8962:15: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:8977:15: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:8977:15: branch_true: following 'true' branch...
openssl-3.5.0/test/sslapitest.c:8980:17: branch_true: ...to here
openssl-3.5.0/test/sslapitest.c:8981:12: branch_false: following 'false' branch...
openssl-3.5.0/test/sslapitest.c:8982:17: branch_false: ...to here
openssl-3.5.0/test/sslapitest.c:8982:17: call_function: calling 'load_chain' from 'cert_cb'
# 8931|               goto out;
# 8932|           if (chain == NULL)
# 8933|->             *x509 = x;
# 8934|           else if (!sk_X509_push(chain, x))
# 8935|               goto out;

Error: CPPCHECK_WARNING (CWE-476): [#def229]
openssl-3.5.0/test/sslbuffertest.c:55: warning[nullPointer]: Possible null pointer dereference: sc
#   53|   {
#   54|       SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
#   55|->     OSSL_RECORD_LAYER *rrl = sc->rlayer.rrl;
#   56|       OSSL_RECORD_LAYER *wrl = sc->rlayer.wrl;
#   57|   

Error: CPPCHECK_WARNING (CWE-476): [#def230]
openssl-3.5.0/test/sslbuffertest.c:56: warning[nullPointer]: Possible null pointer dereference: sc
#   54|       SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
#   55|       OSSL_RECORD_LAYER *rrl = sc->rlayer.rrl;
#   56|->     OSSL_RECORD_LAYER *wrl = sc->rlayer.wrl;
#   57|   
#   58|       if (isalloced)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def231]
openssl-3.5.0/test/testutil/stanza.c:99:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
openssl-3.5.0/test/testutil/stanza.c:93:27: branch_true: following 'true' branch...
openssl-3.5.0/test/testutil/stanza.c:94:9: branch_true: ...to here
openssl-3.5.0/test/testutil/stanza.c:95:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:99:9: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:99:9: danger: dereference of NULL 'p'
#   97|               return 0;
#   98|           }
#   99|->         *p = '\0';
#  100|   
#  101|           /* Blank line marks end of tests. */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def232]
openssl-3.5.0/test/testutil/stanza.c:114:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'equals'
openssl-3.5.0/test/testutil/stanza.c:93:27: branch_true: following 'true' branch...
openssl-3.5.0/test/testutil/stanza.c:94:9: branch_true: ...to here
openssl-3.5.0/test/testutil/stanza.c:95:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:99:9: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:102:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:106:12: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:106:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:110:14: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:110:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:114:10: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:114:9: danger: dereference of NULL 'equals'
#  112|               return 0;
#  113|           }
#  114|->         *equals++ = '\0';
#  115|           if (!TEST_ptr(key = strip_spaces(buff))) {
#  116|               TEST_info("Empty field at line %d\n", s->curr);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def233]
openssl-3.5.0/test/testutil/stanza.c:122:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssl-3.5.0/test/testutil/stanza.c:86:5: enter_function: entry to 'test_readstanza'
openssl-3.5.0/test/testutil/stanza.c:93:27: branch_true: following 'true' branch...
openssl-3.5.0/test/testutil/stanza.c:94:9: branch_true: ...to here
openssl-3.5.0/test/testutil/stanza.c:95:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:99:9: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:102:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:106:12: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:106:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:110:14: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:110:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:114:10: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:115:12: branch_false: following 'false' branch...
openssl-3.5.0/test/testutil/stanza.c:119:22: branch_false: ...to here
openssl-3.5.0/test/testutil/stanza.c:119:22: call_function: calling 'strip_spaces' from 'test_readstanza'
openssl-3.5.0/test/testutil/stanza.c:119:22: return_function: returning to 'test_readstanza' from 'strip_spaces'
openssl-3.5.0/test/testutil/stanza.c:119:12: branch_true: following 'true' branch...
 branch_true: ...to here
openssl-3.5.0/test/testutil/stanza.c:122:13: danger: argument 1 ('strip_spaces(&buff)') NULL where non-null expected
#  120|               value = "";
#  121|   
#  122|->         if (strcmp(key, "Title") == 0) {
#  123|               TEST_info("Starting \"%s\" tests at line %d", value, s->curr);
#  124|               continue;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def234]
openssl-3.5.0/test/timing_load_creds.c:152:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'fopen(*av, "r")' where non-null expected
openssl-3.5.0/test/timing_load_creds.c:140:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:142:9: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:142:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:146:16: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:147:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:151:10: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:151:10: acquire_memory: this call could return NULL
openssl-3.5.0/test/timing_load_creds.c:152:15: danger: argument 4 ('fopen(*av, "r")') from [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) could be NULL where non-null expected
#  150|       }
#  151|       fp = fopen(av[0], "r");
#  152|->     if ((long)fread(contents, 1, sb.st_size, fp) != sb.st_size) {
#  153|           perror("fread");
#  154|           exit(EXIT_FAILURE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def235]
openssl-3.5.0/test/timing_load_creds.c:152:34: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(*av, "r")'
openssl-3.5.0/test/timing_load_creds.c:140:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:142:9: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:142:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:146:16: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:147:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:151:10: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:151:10: acquire_resource: opened here
openssl-3.5.0/test/timing_load_creds.c:152:34: danger: 'fopen(*av, "r")' leaks here; was opened at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  150|       }
#  151|       fp = fopen(av[0], "r");
#  152|->     if ((long)fread(contents, 1, sb.st_size, fp) != sb.st_size) {
#  153|           perror("fread");
#  154|           exit(EXIT_FAILURE);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def236]
openssl-3.5.0/test/timing_load_creds.c:152:34: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(*av, "r")'
openssl-3.5.0/test/timing_load_creds.c:140:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:142:9: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:142:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:146:16: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:147:8: branch_false: following 'false' branch...
openssl-3.5.0/test/timing_load_creds.c:151:10: branch_false: ...to here
openssl-3.5.0/test/timing_load_creds.c:151:10: acquire_memory: allocated here
openssl-3.5.0/test/timing_load_creds.c:152:34: danger: 'fopen(*av, "r")' leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  150|       }
#  151|       fp = fopen(av[0], "r");
#  152|->     if ((long)fread(contents, 1, sb.st_size, fp) != sb.st_size) {
#  153|           perror("fread");
#  154|           exit(EXIT_FAILURE);

Error: CPPCHECK_WARNING (CWE-457): [#def237]
openssl-3.5.0/test/tls-provider.c:2895: warning[uninitvar]: Uninitialized variable: digest
# 2893|       }
# 2894|   
# 2895|->     return xor_sig_sign(vpxor_sigctx, sig, siglen, sigsize, digest, (size_t)dlen);
# 2896|   
# 2897|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def238]
openssl-3.5.0/test/tls-provider.c:3260:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
openssl-3.5.0/test/tls-provider.c:3216:5: enter_function: entry to 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: call_function: calling 'xor_newprovctx' from 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: return_function: returning to 'tls_provider_init' from 'xor_newprovctx'
openssl-3.5.0/test/tls-provider.c:3226:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3229:5: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3260:10: danger: jump through null pointer here
# 3258|        * key & cert generation...
# 3259|        */
# 3260|->     if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) {
# 3261|           ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3262|           goto err;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def239]
openssl-3.5.0/test/tls-provider.c:3265:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
openssl-3.5.0/test/tls-provider.c:3216:5: enter_function: entry to 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: call_function: calling 'xor_newprovctx' from 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: return_function: returning to 'tls_provider_init' from 'xor_newprovctx'
openssl-3.5.0/test/tls-provider.c:3226:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3229:5: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3260:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3265:10: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3265:10: danger: jump through null pointer here
# 3263|       }
# 3264|   
# 3265|->     if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) {
# 3266|           ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3267|           goto err;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def240]
openssl-3.5.0/test/tls-provider.c:3269:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
openssl-3.5.0/test/tls-provider.c:3216:5: enter_function: entry to 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: call_function: calling 'xor_newprovctx' from 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: return_function: returning to 'tls_provider_init' from 'xor_newprovctx'
openssl-3.5.0/test/tls-provider.c:3226:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3229:5: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3260:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3265:10: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3265:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3269:10: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3269:10: danger: jump through null pointer here
# 3267|           goto err;
# 3268|       }
# 3269|->     if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) {
# 3270|           ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3271|           goto err;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def241]
openssl-3.5.0/test/tls-provider.c:3274:10: warning[-Wanalyzer-jump-through-null]: jump through null pointer
openssl-3.5.0/test/tls-provider.c:3216:5: enter_function: entry to 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: call_function: calling 'xor_newprovctx' from 'tls_provider_init'
openssl-3.5.0/test/tls-provider.c:3224:34: return_function: returning to 'tls_provider_init' from 'xor_newprovctx'
openssl-3.5.0/test/tls-provider.c:3226:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3229:5: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3260:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3265:10: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3265:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3269:10: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3269:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls-provider.c:3274:10: branch_false: ...to here
openssl-3.5.0/test/tls-provider.c:3274:10: danger: jump through null pointer here
# 3272|       }
# 3273|   
# 3274|->     if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) {
# 3275|           ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
# 3276|           goto err;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def242]
openssl-3.5.0/test/tls13secretstest.c:305:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.0/test/tls13secretstest.c:298:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls13secretstest.c:301:11: branch_false: ...to here
openssl-3.5.0/test/tls13secretstest.c:302:8: branch_false: following 'false' branch...
openssl-3.5.0/test/tls13secretstest.c:305:5: danger: dereference of NULL 's'
#  303|           goto err;
#  304|   
#  305|->     s->session = SSL_SESSION_new();
#  306|       if (!TEST_ptr(s->session))
#  307|           goto err;

Scan Properties