Bug Summary

File:out/../deps/openssl/openssl/crypto/bn/bn_exp2.c
Warning:line 186, column 18
3rd function call argument is an uninitialized value

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name bn_exp2.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/bn/bn_exp2.c
1/*
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include "bn_local.h"
13
14#define TABLE_SIZE32 32
15
16int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
17 const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
18 BN_CTX *ctx, BN_MONT_CTX *in_mont)
19{
20 int i, j, bits, b, bits1, bits2, ret =
21 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
22 int r_is_one = 1;
23 BIGNUM *d, *r;
24 const BIGNUM *a_mod_m;
25 /* Tables of variables obtained from 'ctx' */
26 BIGNUM *val1[TABLE_SIZE32], *val2[TABLE_SIZE32];
27 BN_MONT_CTX *mont = NULL((void*)0);
28
29 bn_check_top(a1);
30 bn_check_top(p1);
31 bn_check_top(a2);
32 bn_check_top(p2);
33 bn_check_top(m);
34
35 if (!BN_is_odd(m)) {
1
Assuming the condition is false
2
Taking false branch
36 ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/bn/bn_exp2.c"
,36,__func__), ERR_set_error)((3),(102),((void*)0))
;
37 return 0;
38 }
39 bits1 = BN_num_bits(p1);
40 bits2 = BN_num_bits(p2);
41 if ((bits1 == 0) && (bits2 == 0)) {
3
Assuming 'bits1' is not equal to 0
42 ret = BN_one(rr)(BN_set_word((rr),1));
43 return ret;
44 }
45
46 bits = (bits1 > bits2) ? bits1 : bits2;
4
Assuming 'bits1' is <= 'bits2'
5
'?' condition is false
47
48 BN_CTX_start(ctx);
49 d = BN_CTX_get(ctx);
50 r = BN_CTX_get(ctx);
51 val1[0] = BN_CTX_get(ctx);
52 val2[0] = BN_CTX_get(ctx);
53 if (val2[0] == NULL((void*)0))
6
Assuming the condition is false
7
Taking false branch
54 goto err;
55
56 if (in_mont != NULL((void*)0))
8
Assuming 'in_mont' is equal to NULL
9
Taking false branch
57 mont = in_mont;
58 else {
59 if ((mont = BN_MONT_CTX_new()) == NULL((void*)0))
10
Assuming the condition is false
11
Taking false branch
60 goto err;
61 if (!BN_MONT_CTX_set(mont, m, ctx))
12
Assuming the condition is false
62 goto err;
63 }
64
65 window1 = BN_window_bits_for_exponent_size(bits1)((bits1) > 671 ? 6 : (bits1) > 239 ? 5 : (bits1) > 79
? 4 : (bits1) > 23 ? 3 : 1)
;
13
Taking false branch
14
Assuming 'bits1' is <= 671
15
'?' condition is false
16
Assuming 'bits1' is <= 239
17
'?' condition is false
18
Assuming 'bits1' is <= 79
19
'?' condition is false
20
Assuming 'bits1' is <= 23
21
'?' condition is false
66 window2 = BN_window_bits_for_exponent_size(bits2)((bits2) > 671 ? 6 : (bits2) > 239 ? 5 : (bits2) > 79
? 4 : (bits2) > 23 ? 3 : 1)
;
22
Assuming 'bits2' is <= 671
23
'?' condition is false
24
Assuming 'bits2' is <= 239
25
'?' condition is false
26
Assuming 'bits2' is <= 79
27
'?' condition is false
28
Assuming 'bits2' is <= 23
29
'?' condition is false
67
68 /*
69 * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
70 */
71 if (a1->neg || BN_ucmp(a1, m) >= 0) {
30
Assuming field 'neg' is 0
31
Assuming the condition is false
32
Taking false branch
72 if (!BN_mod(val1[0], a1, m, ctx)BN_div(((void*)0),(val1[0]),(a1),(m),(ctx)))
73 goto err;
74 a_mod_m = val1[0];
75 } else
76 a_mod_m = a1;
77 if (BN_is_zero(a_mod_m)) {
33
Assuming the condition is false
34
Taking false branch
78 BN_zero(rr)BN_zero_ex(rr);
79 ret = 1;
80 goto err;
81 }
82
83 if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
35
Assuming the condition is false
36
Taking false branch
84 goto err;
85 if (window1
36.1
'window1' is <= 1
> 1) {
86 if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
87 goto err;
88
89 j = 1 << (window1 - 1);
90 for (i = 1; i < j; i++) {
91 if (((val1[i] = BN_CTX_get(ctx)) == NULL((void*)0)) ||
92 !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
93 goto err;
94 }
95 }
96
97 /*
98 * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
99 */
100 if (a2->neg || BN_ucmp(a2, m) >= 0) {
37
Assuming field 'neg' is 0
38
Assuming the condition is false
39
Taking false branch
101 if (!BN_mod(val2[0], a2, m, ctx)BN_div(((void*)0),(val2[0]),(a2),(m),(ctx)))
102 goto err;
103 a_mod_m = val2[0];
104 } else
105 a_mod_m = a2;
106 if (BN_is_zero(a_mod_m)) {
40
Assuming the condition is false
41
Taking false branch
107 BN_zero(rr)BN_zero_ex(rr);
108 ret = 1;
109 goto err;
110 }
111 if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
42
Assuming the condition is false
43
Taking false branch
112 goto err;
113 if (window2
43.1
'window2' is <= 1
> 1) {
44
Taking false branch
114 if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
115 goto err;
116
117 j = 1 << (window2 - 1);
118 for (i = 1; i < j; i++) {
119 if (((val2[i] = BN_CTX_get(ctx)) == NULL((void*)0)) ||
120 !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
121 goto err;
122 }
123 }
124
125 /* Now compute the power product, using independent windows. */
126 r_is_one = 1;
127 wvalue1 = 0; /* The 'value' of the first window */
128 wvalue2 = 0; /* The 'value' of the second window */
129 wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the
130 * first window */
131 wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the
132 * second window */
133
134 if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
45
Assuming the condition is false
46
Taking false branch
135 goto err;
136 for (b = bits - 1; b >= 0; b--) {
47
Assuming 'b' is >= 0
48
Loop condition is true. Entering loop body
137 if (!r_is_one
48.1
'r_is_one' is 1
) {
49
Taking false branch
138 if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
139 goto err;
140 }
141
142 if (!wvalue1
49.1
'wvalue1' is 0
)
50
Taking true branch
143 if (BN_is_bit_set(p1, b)) {
51
Assuming the condition is false
52
Taking false branch
144 /*
145 * consider bits b-window1+1 .. b for this window
146 */
147 i = b - window1 + 1;
148 while (!BN_is_bit_set(p1, i)) /* works for i<0 */
149 i++;
150 wpos1 = i;
151 wvalue1 = 1;
152 for (i = b - 1; i >= wpos1; i--) {
153 wvalue1 <<= 1;
154 if (BN_is_bit_set(p1, i))
155 wvalue1++;
156 }
157 }
158
159 if (!wvalue2
52.1
'wvalue2' is 0
)
53
Taking true branch
160 if (BN_is_bit_set(p2, b)) {
54
Assuming the condition is true
55
Taking true branch
161 /*
162 * consider bits b-window2+1 .. b for this window
163 */
164 i = b - window2 + 1;
165 while (!BN_is_bit_set(p2, i))
56
Assuming the condition is false
57
Loop condition is false. Execution continues on line 167
166 i++;
167 wpos2 = i;
168 wvalue2 = 1;
169 for (i = b - 1; i >= wpos2; i--) {
58
Assuming 'i' is >= 'wpos2'
59
Loop condition is true. Entering loop body
62
Assuming 'i' is < 'wpos2'
170 wvalue2 <<= 1;
171 if (BN_is_bit_set(p2, i))
60
Assuming the condition is false
61
Taking false branch
172 wvalue2++;
173 }
174 }
175
176 if (wvalue1
62.1
'wvalue1' is 0
&& b == wpos1) {
177 /* wvalue1 is odd and < 2^window1 */
178 if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
179 goto err;
180 wvalue1 = 0;
181 r_is_one = 0;
182 }
183
184 if (wvalue2
62.2
'wvalue2' is 2
&& b
62.3
'b' is equal to 'wpos2'
== wpos2) {
63
Taking true branch
185 /* wvalue2 is odd and < 2^window2 */
186 if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
64
3rd function call argument is an uninitialized value
187 goto err;
188 wvalue2 = 0;
189 r_is_one = 0;
190 }
191 }
192 if (!BN_from_montgomery(rr, r, mont, ctx))
193 goto err;
194 ret = 1;
195 err:
196 if (in_mont == NULL((void*)0))
197 BN_MONT_CTX_free(mont);
198 BN_CTX_end(ctx);
199 bn_check_top(rr);
200 return ret;
201}