You are on page 1of 7

OpenSSL

:
: 17.12.2012
OpenSSL PVS-Studio.
openssl-0.9.8-stable-SNAP-20121208.

OpenSSL
", ! ?"
TOR. OpenSSL, TOR.
. ,
OpenSSL. ,
. ,
OpenSSL .
. , TOR,
OpenSSL . .
TOR , OpenSSL. PVSStudio .

OpenSSL.
, .
. , , . OpenSSL
. (Clang, Cppcheck,
Coverity, DoubleCheck, Coccinelle, Klocwork ). , .
, .
, , OpenSSL. ,
, . - . :)

N1
EVP_PKEY *STORE_get_private_key(....)
{
STORE_OBJECT *object;
....
if (!object || !object->data.key || !object->data.key)

{
STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
STORE_R_FAILED_GETTING_KEY);
return 0;
}
....
}
PVS-Studio: V501 There are identical sub-expressions '!object->data.key' to
the left and to the right of the '||' operator. str_lib.c 475
"!object->data.key". ,
. , ,
.
str_lib.c ( Copy-Paste):

V501 There are identical sub-expressions '!object->data.key' to the left and to the right of the '||'
operator. str_lib.c 616
V501 There are identical sub-expressions '!object->data.key' to the left and to the right of the '||'
operator. str_lib.c 670
V501 There are identical sub-expressions '!object->data.key' to the left and to the right of the '||'
operator. str_lib.c 811

N2
, , .
:
int OBJ_obj2txt(char *buf, int buf_len,
const ASN1_OBJECT *a, int no_name)
{
....
if ((a == NULL) || (a->data == NULL)) {
buf[0]='\0';
return(0);
}
....

if (buf)
....
}
PVS-Studio: V595 The 'buf' pointer was utilized before it was verified against
nullptr. Check lines: 448, 461. obj_dat.c 448
, 'a' 'a->data' . , 'buf'.
'buf' . '"if (buf)",
.

N3
, PVS-Studio -
.
int ssl3_get_cert_verify(SSL *s)
{
int type=0,i,j;
....
if ((peer != NULL) && (type | EVP_PKT_SIGN))
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
SSL_R_MISSING_VERIFY_MESSAGE);
goto f_err;
}
....
}
PVS-Studio: V617 Consider inspecting the condition. The '0x0010' argument
of the '|' bitwise operation contains a non-zero value. s3_srvr.c 2394
"(type | EVP_PKT_SIGN)" . , :
"type & EVP_PKT_SIGN".

N4
:
int MAIN(int argc, char **argv)
{
....
long dsa_c[DSA_NUM][2];
....
if (dsa_c[i] == 0)
{
dsa_c[i][0]=1;
dsa_c[i][1]=1;
}
....
}
PVS-Studio: V600 Consider inspecting the condition. The 'dsa_c[i]' pointer is
always not equal to NULL. speed.c 1486
'dsa_c' . "dsa_c[i] == 0"
. :
if (rsa_c[i][0] == 0)
{
rsa_c[i][0]=1;
rsa_c[i][1]=20;
}
'dsa_c' . :
if (dsa_c[i][0] == 0)
{
dsa_c[i][0]=1;
dsa_c[i][1]=1;
}

V600 Consider inspecting the condition. The 'ecdsa_c[i]' pointer is always not equal to NULL.
speed.c 1506
V600 Consider inspecting the condition. The 'ecdsa_c[i]' pointer is always not equal to NULL.
speed.c 1523
V600 Consider inspecting the condition. The 'ecdsa_c[i]' pointer is always not equal to NULL.
speed.c 1540
V600 Consider inspecting the condition. The 'ecdh_c[i]' pointer is always not equal to NULL. speed.c
1560
V600 Consider inspecting the condition. The 'ecdh_c[i]' pointer is always not equal to NULL. speed.c
1577
V600 Consider inspecting the condition. The 'ecdh_c[i]' pointer is always not equal to NULL. speed.c
1594


. . .
:
int ASN1_PRINTABLE_type(const unsigned char *s, int len)
{
int c;
....
c= *(s++);
if (!(

((c >= 'a') && (c <= 'z')) ||

((c >= 'A') && (c <= 'Z')) ||


(c == ' ') ||
((c >= '0') && (c <= '9')) ||
(c == ' ') || (c == '\'') ||
(c == '(') || (c == ')') ||
(c == '+') || (c == ',') ||
(c == '-') || (c == '.') ||
(c == '/') || (c == ':') ||
(c == '=') || (c == '?')))

ia5=1;
....
}
PVS-Studio: V501 There are identical sub-expressions '(c == ' ')' to the left and
to the right of the '||' operator. a_print.c 76
, , .
. . , .

,
, memsize- 32-
, memsize-. :
int ec_GFp_simple_points_make_affine(const EC_GROUP *group,
size_t num, EC_POINT *points[], BN_CTX *ctx)
{
BIGNUM **heap = NULL;
size_t pow2 = 0;
....
heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
....
}
PVS-Studio: V220 Suspicious sequence of types castings: memsize -> 32-bit
integer -> memsize. The value being casted: 'pow2'. ecp_smpl.c 1576
, OPENSSL_malloc .
void *CRYPTO_malloc(int num, const char *file, int line);
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
, :
heap = CRYPTO_malloc ((int)pow2 * sizeof heap[0], __FILE__,__LINE__);
. 'pow2' size_t
'int'. 'sizeof()' size_t.
CRYPTO_malloc() 'int'.
.

, , .
. , - :
int *p1, *p2;
int x, y;
....
p = OPENSSL_malloc(p1 == p2 ? x : y);
64- 'p1' ,
.
, . ,
:
#define OPENSSL_malloc(num) CRYPTO_malloc((int)(num),__FILE__,__LINE__)
'int'.
memsize-. , 'size_t'.

. , - OpenSSL.
, .
.
open-source . ,
, .