clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name bn_exp2.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/bn/bn_exp2.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | #include <stdio.h> |
11 | #include "internal/cryptlib.h" |
12 | #include "bn_local.h" |
13 | |
14 | #define TABLE_SIZE 32 |
15 | |
16 | int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, |
17 | const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, |
18 | BN_CTX *ctx, BN_MONT_CTX *in_mont) |
19 | { |
20 | int i, j, bits, b, bits1, bits2, ret = |
21 | 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; |
22 | int r_is_one = 1; |
23 | BIGNUM *d, *r; |
24 | const BIGNUM *a_mod_m; |
25 | |
26 | BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; |
27 | BN_MONT_CTX *mont = NULL; |
28 | |
29 | bn_check_top(a1); |
30 | bn_check_top(p1); |
31 | bn_check_top(a2); |
32 | bn_check_top(p2); |
33 | bn_check_top(m); |
34 | |
35 | if (!BN_is_odd(m)) { |
| 1 | Assuming the condition is false | |
|
| |
36 | ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); |
37 | return 0; |
38 | } |
39 | bits1 = BN_num_bits(p1); |
40 | bits2 = BN_num_bits(p2); |
41 | if ((bits1 == 0) && (bits2 == 0)) { |
| 3 | | Assuming 'bits1' is not equal to 0 | |
|
42 | ret = BN_one(rr); |
43 | return ret; |
44 | } |
45 | |
46 | bits = (bits1 > bits2) ? bits1 : bits2; |
| 4 | | Assuming 'bits1' is <= 'bits2' | |
|
| |
47 | |
48 | BN_CTX_start(ctx); |
49 | d = BN_CTX_get(ctx); |
50 | r = BN_CTX_get(ctx); |
51 | val1[0] = BN_CTX_get(ctx); |
52 | val2[0] = BN_CTX_get(ctx); |
53 | if (val2[0] == NULL) |
| 6 | | Assuming the condition is false | |
|
| |
54 | goto err; |
55 | |
56 | if (in_mont != NULL) |
| 8 | | Assuming 'in_mont' is equal to NULL | |
|
| |
57 | mont = in_mont; |
58 | else { |
59 | if ((mont = BN_MONT_CTX_new()) == NULL) |
| 10 | | Assuming the condition is false | |
|
| |
60 | goto err; |
61 | if (!BN_MONT_CTX_set(mont, m, ctx)) |
| 12 | | Assuming the condition is false | |
|
62 | goto err; |
63 | } |
64 | |
65 | window1 = BN_window_bits_for_exponent_size(bits1); |
| |
| 14 | | Assuming 'bits1' is <= 671 | |
|
| |
| 16 | | Assuming 'bits1' is <= 239 | |
|
| |
| 18 | | Assuming 'bits1' is <= 79 | |
|
| |
| 20 | | Assuming 'bits1' is <= 23 | |
|
| |
66 | window2 = BN_window_bits_for_exponent_size(bits2); |
| 22 | | Assuming 'bits2' is <= 671 | |
|
| |
| 24 | | Assuming 'bits2' is <= 239 | |
|
| |
| 26 | | Assuming 'bits2' is <= 79 | |
|
| |
| 28 | | Assuming 'bits2' is <= 23 | |
|
| |
67 | |
68 | |
69 | |
70 | |
71 | if (a1->neg || BN_ucmp(a1, m) >= 0) { |
| 30 | | Assuming field 'neg' is 0 | |
|
| 31 | | Assuming the condition is false | |
|
| |
72 | if (!BN_mod(val1[0], a1, m, ctx)) |
73 | goto err; |
74 | a_mod_m = val1[0]; |
75 | } else |
76 | a_mod_m = a1; |
77 | if (BN_is_zero(a_mod_m)) { |
| 33 | | Assuming the condition is false | |
|
| |
78 | BN_zero(rr); |
79 | ret = 1; |
80 | goto err; |
81 | } |
82 | |
83 | if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx)) |
| 35 | | Assuming the condition is false | |
|
| |
84 | goto err; |
85 | if (window1 > 1) { |
86 | if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx)) |
87 | goto err; |
88 | |
89 | j = 1 << (window1 - 1); |
90 | for (i = 1; i < j; i++) { |
91 | if (((val1[i] = BN_CTX_get(ctx)) == NULL) || |
92 | !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) |
93 | goto err; |
94 | } |
95 | } |
96 | |
97 | |
98 | |
99 | |
100 | if (a2->neg || BN_ucmp(a2, m) >= 0) { |
| 37 | | Assuming field 'neg' is 0 | |
|
| 38 | | Assuming the condition is false | |
|
| |
101 | if (!BN_mod(val2[0], a2, m, ctx)) |
102 | goto err; |
103 | a_mod_m = val2[0]; |
104 | } else |
105 | a_mod_m = a2; |
106 | if (BN_is_zero(a_mod_m)) { |
| 40 | | Assuming the condition is false | |
|
| |
107 | BN_zero(rr); |
108 | ret = 1; |
109 | goto err; |
110 | } |
111 | if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx)) |
| 42 | | Assuming the condition is false | |
|
| |
112 | goto err; |
113 | if (window2 > 1) { |
| |
114 | if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx)) |
115 | goto err; |
116 | |
117 | j = 1 << (window2 - 1); |
118 | for (i = 1; i < j; i++) { |
119 | if (((val2[i] = BN_CTX_get(ctx)) == NULL) || |
120 | !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) |
121 | goto err; |
122 | } |
123 | } |
124 | |
125 | |
126 | r_is_one = 1; |
127 | wvalue1 = 0; |
128 | wvalue2 = 0; |
129 | wpos1 = 0; |
130 | |
131 | wpos2 = 0; |
132 | |
133 | |
134 | if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) |
| 45 | | Assuming the condition is false | |
|
| |
135 | goto err; |
136 | for (b = bits - 1; b >= 0; b--) { |
| |
| 48 | | Loop condition is true. Entering loop body | |
|
137 | if (!r_is_one) { |
| |
138 | if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) |
139 | goto err; |
140 | } |
141 | |
142 | if (!wvalue1) |
| |
143 | if (BN_is_bit_set(p1, b)) { |
| 51 | | Assuming the condition is false | |
|
| |
144 | |
145 | |
146 | |
147 | i = b - window1 + 1; |
148 | while (!BN_is_bit_set(p1, i)) |
149 | i++; |
150 | wpos1 = i; |
151 | wvalue1 = 1; |
152 | for (i = b - 1; i >= wpos1; i--) { |
153 | wvalue1 <<= 1; |
154 | if (BN_is_bit_set(p1, i)) |
155 | wvalue1++; |
156 | } |
157 | } |
158 | |
159 | if (!wvalue2) |
| |
160 | if (BN_is_bit_set(p2, b)) { |
| 54 | | Assuming the condition is true | |
|
| |
161 | |
162 | |
163 | |
164 | i = b - window2 + 1; |
165 | while (!BN_is_bit_set(p2, i)) |
| 56 | | Assuming the condition is false | |
|
| 57 | | Loop condition is false. Execution continues on line 167 | |
|
166 | i++; |
167 | wpos2 = i; |
168 | wvalue2 = 1; |
169 | for (i = b - 1; i >= wpos2; i--) { |
| 58 | | Assuming 'i' is >= 'wpos2' | |
|
| 59 | | Loop condition is true. Entering loop body | |
|
| 62 | | Assuming 'i' is < 'wpos2' | |
|
170 | wvalue2 <<= 1; |
171 | if (BN_is_bit_set(p2, i)) |
| 60 | | Assuming the condition is false | |
|
| |
172 | wvalue2++; |
173 | } |
174 | } |
175 | |
176 | if (wvalue1 && b == wpos1) { |
177 | |
178 | if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx)) |
179 | goto err; |
180 | wvalue1 = 0; |
181 | r_is_one = 0; |
182 | } |
183 | |
184 | if (wvalue2 && b == wpos2) { |
| |
185 | |
186 | if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx)) |
| 64 | | 3rd function call argument is an uninitialized value |
|
187 | goto err; |
188 | wvalue2 = 0; |
189 | r_is_one = 0; |
190 | } |
191 | } |
192 | if (!BN_from_montgomery(rr, r, mont, ctx)) |
193 | goto err; |
194 | ret = 1; |
195 | err: |
196 | if (in_mont == NULL) |
197 | BN_MONT_CTX_free(mont); |
198 | BN_CTX_end(ctx); |
199 | bn_check_top(rr); |
200 | return ret; |
201 | } |