Hello, I was able to setup CodeQL for the GOST engine. As it fetches OpenSSL alpha 6, I got able to see the results.
====== openssl/test/cmp_hdr_test.c#L181 Call to gmtime is potentially dangerous openssl/test/cmp_hdr_test.c#L171 Call to gmtime is potentially dangerous  openssl/test/asn1_time_test.c#L398 Call to localtime is potentially dangerous  openssl/crypto/ec/curve448/curve448.c#L583 Multiplication result may overflow 'int' before it is converted to 'unsigned long'.  openssl/crypto/asn1/a_time.c#L250 Multiplication result may overflow 'int' before it is converted to 'long'. ====== I can submit a PR providing the CodeQL scan for the master branch if the Team thinks it is useful. But I strongly suppose that someone will have to configure the OpenSSL github project to enable it. On Fri, Oct 2, 2020 at 6:30 PM Dmitry Belyavsky <beld...@gmail.com> wrote: > As setting up openssl master is required to build gost-engine, I'll have > to. > > On Fri, Oct 2, 2020 at 4:29 PM Dr. Matthias St. Pierre < > matthias.st.pie...@ncp-e.com> wrote: > >> > Do you have ideas on how to properly set it up? >> >> >> >> Congratulations, Dmitry! You just won the price of being assigned the job >> to figure it out. ;-) >> >> >> >> Matthias >> >> >> >> >> >> *[image: NCP engingeering GmbH]* *Dr. Matthias St. Pierre* >> >> Senior Software Engineer >> matthias.st.pie...@ncp-e.com >> Phone: +49 911 9968-0 >> www.ncp-e.com >> >> >> * Follow us on:* Facebook <https://www.facebook.com/NCPengineering> | >> Twitter <https://twitter.com/NCP_engineering> | Xing >> <https://www.xing.com/companies/ncpengineeringgmbh> | YouTube >> <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn >> <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0> >> >> *Headquarters Germany: *NCP engineering GmbH • Dombuehler Str. 2 • 90449 >> • Nuremberg >> *North American HQ:* NCP engineering Inc. • 601 Cleveland Str., Suite >> 501-25 • Clearwater, FL 33755 >> >> Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate >> Dietrich >> Registry Court: Lower District Court of Nuremberg >> Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE >> 133557619 >> >> This e-mail message including any attachments is for the sole use of the >> intended recipient(s) and may contain privileged or confidential >> information. Any unauthorized review, use, disclosure or distribution is >> prohibited. If you are not the intended recipient, please immediately >> contact the sender by reply e-mail and delete the original message and >> destroy all copies thereof. >> >> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen> >> <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen> >> >> *From**:* openssl-project <openssl-project-boun...@openssl.org> *On >> Behalf Of *Dmitry Belyavsky >> *Sent:* Friday, October 2, 2020 2:51 PM >> *To:* Dr Paul Dale <paul.d...@oracle.com> >> *Cc:* openssl-project@openssl.org >> *Subject:* Re: Would this be interesting to the project? >> >> >> >> Do you have ideas on how to properly set it up? >> >> >> >> On Thu, Oct 1, 2020 at 11:36 AM Dr Paul Dale <paul.d...@oracle.com> >> wrote: >> >> https://github.blog/2020-09-30-code-scanning-is-now-available/ >> >> >> >> Pauli >> >> -- >> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations >> Phone +61 7 3031 7217 >> Oracle Australia >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> SY, Dmitry Belyavsky >> > > > -- > SY, Dmitry Belyavsky > -- SY, Dmitry Belyavsky
