static analysis warnings on today's tip

Hi,

I just completed a build on today's tip with Coverity static analysis and it found some potential issues. I suspect these may be false positives, but I thought I should report them:

File: lib/include/kasumi_internal.h

 850 static inline void
 851 kasumi_f8_1_buffer_bit(const kasumi_key_sched_t *pCtx, const uint64_t IV,
 852                       const void *pIn, void *pOut,
 853                       const uint32_t lengthInBits,
 854                       const uint32_t offsetInBits)
 855 {
 856 #ifdef SAFE_DATA
 857        CLEAR_SCRATCH_SIMD_REGS();
 858 #endif /* SAFE_DATA */
 859
 860        const uint8_t *pBufferIn = (const uint8_t *) pIn;
 861        uint8_t *pBufferOut = (uint8_t *) pOut;
 862        uint32_t cipherLengthInBits = lengthInBits;
 863        uint32_t blkcnt;
 864        uint64_t shiftrem = 0;
 865        kasumi_union_t a, b, c; /* the modifier */
 866        const uint8_t *pcBufferIn = pBufferIn + (offsetInBits / 8);
 867        uint8_t *pcBufferOut = pBufferOut + (offsetInBits / 8);
 868        /* Offset into the first byte (0 - 7 bits) */
 869        uint32_t remainOffset = offsetInBits % 8;
 870        uint32_t byteLength = (cipherLengthInBits + 7) / 8;
 871        SafeBuf safeOutBuf = {0};

    1. var_decl: Declaring variable safeInBuf without initializer.

 872        SafeBuf safeInBuf;
 873
 874        /* IV Endianity  */
 875        a.b64[0] = BSWAP64(IV);
 876
 877        /* First encryption to create modifier */
 878        kasumi_1_block(pCtx->msk16, a.b16);
 879
 880        /* Final initialisation steps */
 881        blkcnt = 0;
 882        b.b64[0] = a.b64[0];
 883        /* Now run the block cipher */
 884
 885        /* Start with potential partial block (due to offset and length) */
 886        kasumi_1_block(pCtx->sk16, b.b16);
 887        c.b64[0] = b.b64[0] >> remainOffset;
 888        /* Only one block to encrypt */

    2. Condition cipherLengthInBits < 64 - remainOffset, taking true branch.

 889        if (cipherLengthInBits < (64 - remainOffset)) {
 890                byteLength = (cipherLengthInBits + 7) / 8;
 891                memcpy_keystrm(safeInBuf.b8, pcBufferIn, byteLength);
 892                /*
 893                 * If operation is Out-of-place and there is offset
 894                 * to be applied, "remainOffset" bits from the output buffer
 895                 * need to be preserved (only applicable to first byte,
 896                 * since remainOffset is up to 7 bits)
 897                 */

    3. Condition pIn != pOut, taking true branch.
    4. Condition remainOffset, taking true branch.

 898                if ((pIn != pOut) && remainOffset) {
 899                        const uint8_t mask8 =
 900                                (const uint8_t)(1 << (8 - remainOffset)) - 1;
 901

    CID 102314 (#1 of 1): Uninitialized scalar variable (UNINIT)5. uninit_use: Using uninitialized value safeInBuf.b8[0].

 902                        safeInBuf.b8[0] = (safeInBuf.b8[0] & mask8) |
 903                                        (pcBufferOut[0] & ~mask8);
 904                }
 905
 906                /* If last byte is a partial byte, the last bits of the output
 907                 * need to be preserved */
 908                const uint8_t bitlen_with_off = remainOffset +
 909                                        cipherLengthInBits;
 910
 911                if ((bitlen_with_off & 0x7) != 0) {
 912                        preserve_bits(&c, pcBufferOut, pcBufferIn, &safeOutBuf,
 913                                      &safeInBuf, bitlen_with_off, byteLength);
 914                }
 915                xor_keystrm_rev(safeOutBuf.b8, safeInBuf.b8, c.b64[0]);
 916                memcpy_keystrm(pcBufferOut, safeOutBuf.b8, byteLength);
 917                return;
 918        }

File: test/main.c:


123 int
124 main(int argc, char **argv)
125 {

   1. var_decl: Declaring variable arch_support without initializer.

126        uint8_t arch_support[IMB_ARCH_NUM];
127        int i, atype, auto_detect = 0;
128        uint64_t flags = 0;
129        int errors = 0;
130
131        /* Check version number */

   2. Condition imb_get_version() < 12800U /* (0 << 16) + (0x32 << 8) + 0 */, taking false branch.

132        if (imb_get_version() < IMB_VERSION(0, 50, 0))
133                printf("Library version detection unsupported!\n");
134        else
135                printf("Detected library version: %s\n", imb_get_version_str());
136
137        /* Print available CPU features */
138        print_hw_features();
139
140        /* Detect available architectures and features */

   3. Condition detect_arch(arch_support) < 0, taking false branch.

141        if (detect_arch(arch_support) < 0)
142                return EXIT_FAILURE;
143

   4. Condition i < argc, taking true branch.
   8. Condition i < argc, taking true branch.
   12. Condition i < argc, taking true branch.
   16. Condition i < argc, taking false branch.

144        for (i = 1; i < argc; i++) {

   5. Condition strcmp(argv[i], "-h") == 0, taking false branch.
   9. Condition strcmp(argv[i], "-h") == 0, taking false branch.
   13. Condition strcmp(argv[i], "-h") == 0, taking false branch.

145                if (strcmp(argv[i], "-h") == 0) {
146                        usage(argv[0]);
147                        return EXIT_SUCCESS;

    6. Condition update_flags_and_archs(argv[i], arch_support, &flags), taking true branch.
   10. Condition update_flags_and_archs(argv[i], arch_support, &flags), taking true branch.
   14. Condition update_flags_and_archs(argv[i], arch_support, &flags), taking true branch.

148                } else if (update_flags_and_archs(argv[i],
149                                                   arch_support,
150                                                   &flags))

   7. Continuing loop.
   11. Continuing loop.
   15. Continuing loop.

151                        continue;
152                else if (strcmp(argv[i], "--auto-detect") == 0)
153                        (void) auto_detect; /* legacy option - to be removed */
154                else {
155                        usage(argv[0]);
156                        return EXIT_FAILURE;
157                }
158        }
159
160        /* Go through architectures */

   17. Condition atype < IMB_ARCH_NUM, taking true branch.

161        for (atype = IMB_ARCH_NOAESNI; atype < IMB_ARCH_NUM; atype++) {
162                IMB_MGR *p_mgr = NULL;
163

   CID 106252 (#1 of 1): Uninitialized scalar variable (UNINIT)18. uninit_use: Using uninitialized value arch_support[atype].

164                if (!arch_support[atype])
165                        continue;

File: lib/avx512/zuc_avx512_top.c

261 static inline
262 void _zuc_eea3_16_buffer_avx512(const void * const pKey[NUM_AVX512_BUFS],
263                                const void * const pIv[NUM_AVX512_BUFS],
264                                const void * const pBufferIn[NUM_AVX512_BUFS],
265                                void *pBufferOut[NUM_AVX512_BUFS],
266                                const uint32_t length[NUM_AVX512_BUFS],
267                                const unsigned use_gfni)
268 {

   1. var_decl: Declaring variable state without initializer.

269        DECLARE_ALIGNED(ZucState16_t state, 64);
270        DECLARE_ALIGNED(ZucState_t singlePktState, 64);
271        unsigned int i = 0;
272        /* Calculate the minimum input packet size from all packets */
273        uint16_t bytes = (uint16_t) find_min_length32(length);
274
275        uint32_t numKeyStreamsPerPkt;
276        uint16_t remainBytes[NUM_AVX512_BUFS] = {0};
277        DECLARE_ALIGNED(uint8_t keyStr[NUM_AVX512_BUFS][64], 64);
278        /* structure to store the 16 keys */
279        DECLARE_ALIGNED(ZucKey16_t keys, 64);
280        /* structure to store the 16 IV's */
281        DECLARE_ALIGNED(ZucIv16_t ivs, 64);
282        uint32_t numBytesLeftOver = 0;
283        const uint8_t *pTempBufInPtr = NULL;
284        uint8_t *pTempBufOutPtr = NULL;
285
286        const uint64_t *pIn64[NUM_AVX512_BUFS]= {NULL};
287        uint64_t *pOut64[NUM_AVX512_BUFS] = {NULL};
288        uint64_t *pKeyStream64 = NULL;
289
290        /*
291         * Calculate the number of bytes left over for each packet,
292         * and setup the Keys and IVs
293         */

   2. Condition i < 16, taking true branch.
   4. Condition i < 16, taking true branch.
   6. Condition i < 16, taking false branch.

294        for (i = 0; i < NUM_AVX512_BUFS; i++) {
295                remainBytes[i] = length[i];
296                keys.pKeys[i] = pKey[i];
297                ivs.pIvs[i] = pIv[i];

   3. Jumping back to the beginning of the loop.
   5. Jumping back to the beginning of the loop.

298        }
299
300        init_16(&keys, &ivs, &state, 0xFFFF, use_gfni);
301

   7. Condition i < 16, taking true branch.
   9. Condition i < 16, taking true branch.
   11. Condition i < 16, taking false branch.

302        for (i = 0; i < NUM_AVX512_BUFS; i++) {
303                pOut64[i] = (uint64_t *) pBufferOut[i];
304                pIn64[i] = (const uint64_t *) pBufferIn[i];

   8. Jumping back to the beginning of the loop.
   10. Jumping back to the beginning of the loop.

305        }
306
307        cipher_16(&state, pIn64, pOut64, remainBytes, bytes, use_gfni);
308
309        /* process each packet separately for the remaining bytes */

   12. Condition i < 16, taking true branch.

310        for (i = 0; i < NUM_AVX512_BUFS; i++) {

   13. Condition remainBytes[i], taking true branch.

311                if (remainBytes[i]) {
312                        /* need to copy the zuc state to single packet state */

   CID 106253 (#3 of 3): Uninitialized scalar variable (UNINIT) [select issue]

313                        singlePktState.lfsrState[0] = state.lfsrState[0][i];
314                        singlePktState.lfsrState[1] = state.lfsrState[1][i];
315                        singlePktState.lfsrState[2] = state.lfsrState[2][i];
316                        singlePktState.lfsrState[3] = state.lfsrState[3][i];
317                        singlePktState.lfsrState[4] = state.lfsrState[4][i];
318                        singlePktState.lfsrState[5] = state.lfsrState[5][i];
319                        singlePktState.lfsrState[6] = state.lfsrState[6][i];
320                        singlePktState.lfsrState[7] = state.lfsrState[7][i];
321                        singlePktState.lfsrState[8] = state.lfsrState[8][i];
322                        singlePktState.lfsrState[9] = state.lfsrState[9][i];
323                        singlePktState.lfsrState[10] = state.lfsrState[10][i];
324                        singlePktState.lfsrState[11] = state.lfsrState[11][i];
325                        singlePktState.lfsrState[12] = state.lfsrState[12][i];
326                        singlePktState.lfsrState[13] = state.lfsrState[13][i];
327                        singlePktState.lfsrState[14] = state.lfsrState[14][i];
328                        singlePktState.lfsrState[15] = state.lfsrState[15][i];

File: lib/avx512/zuc_avx512_top.c

594 static inline
595 void _zuc_eia3_16_buffer_avx512(const void * const pKey[NUM_AVX512_BUFS],
596                                const void * const pIv[NUM_AVX512_BUFS],
597                                const void * const pBufferIn[NUM_AVX512_BUFS],
598                                const uint32_t lengthInBits[NUM_AVX512_BUFS],
599                                uint32_t *pMacI[NUM_AVX512_BUFS],
600                                const unsigned use_gfni)
601 {
602        unsigned int i = 0;

   1. var_decl: Declaring variable state without initializer.

603        DECLARE_ALIGNED(ZucState16_t state, 64);
604        DECLARE_ALIGNED(ZucState_t singlePktState, 64);
605        /* Calculate the minimum input packet size from all packets */
606        uint32_t commonBits = find_min_length32(lengthInBits);
607
608        DECLARE_ALIGNED(uint8_t keyStr[NUM_AVX512_BUFS][2*64], 64);
609        /* structure to store the 16 keys */
610        DECLARE_ALIGNED(ZucKey16_t keys, 64);
611        /* structure to store the 16 IV's */
612        DECLARE_ALIGNED(ZucIv16_t ivs, 64);
613        const uint8_t *pIn8[NUM_AVX512_BUFS] = {NULL};
614        uint32_t remainCommonBits = commonBits;
615        uint32_t numKeyStr = 0;
616        uint32_t T[NUM_AVX512_BUFS] = {0};
617        const uint32_t keyStreamLengthInBits = ZUC_KEYSTR_LEN * 8;
618        DECLARE_ALIGNED(uint32_t *pKeyStrArr0[NUM_AVX512_BUFS], 64) = {NULL};
619        DECLARE_ALIGNED(uint32_t *pKeyStrArr64[NUM_AVX512_BUFS], 64) = {NULL};
620        DECLARE_ALIGNED(uint16_t lens[NUM_AVX512_BUFS], 32);
621

   2. Condition i < 16, taking true branch.
   4. Condition i < 16, taking true branch.
   6. Condition i < 16, taking false branch.

622        for (i = 0; i < NUM_AVX512_BUFS; i++) {
623                pIn8[i] = (const uint8_t *) pBufferIn[i];
624                pKeyStrArr0[i] = (uint32_t *) &keyStr[i][0];
625                keys.pKeys[i] = pKey[i];
626                ivs.pIvs[i] = pIv[i];
627                lens[i] = (uint16_t) lengthInBits[i];

   3. Jumping back to the beginning of the loop.
   5. Jumping back to the beginning of the loop.

628        }
629
630        init_16(&keys, &ivs, &state, 0xFFFF, use_gfni);
631        /* Generate 64 bytes at a time */
632        keystr_64B_gen_16(&state, pKeyStrArr0, use_gfni);
633
634        /* Point at the next 64 bytes of the key */

   7. Condition i < 16, taking true branch.
   9. Condition i < 16, taking true branch.
   11. Condition i < 16, taking false branch.
635        for (i = 0; i < NUM_AVX512_BUFS; i++)
   8. Jumping back to the beginning of the loop.
   10. Jumping back to the beginning of the loop.

636                pKeyStrArr64[i] = (uint32_t *) &keyStr[i][64];
637
638        /* loop over the message bits */

   12. Condition remainCommonBits >= 512U /* keyStreamLengthInBits */, taking true branch.
   16. Condition remainCommonBits >= 512U /* keyStreamLengthInBits */, taking false branch.

639        while (remainCommonBits >= keyStreamLengthInBits) {
640                remainCommonBits -= keyStreamLengthInBits;
641                numKeyStr++;
642                /* Generate the next key stream 8 bytes or 64 bytes */

   13. Condition !remainCommonBits, taking true branch.

643                if (!remainCommonBits)
644                        keystr_8B_gen_16(&state, pKeyStrArr64, 0x0000FFFF,

   14. Falling through to end of if statement.

645                                     use_gfni);
646                else
647                        keystr_64B_gen_16(&state, pKeyStrArr64, use_gfni);
648                round64B_16(T, (const void * const *)pKeyStrArr0,
649                            (const void **)pIn8, lens, use_gfni);

   15. Jumping back to the beginning of the loop.

650        }
651
652        /* Process each packet separately for the remaining bits */

   17. Condition i < 16, taking true branch.

653        for (i = 0; i < NUM_AVX512_BUFS; i++) {
654                const uint32_t N = lengthInBits[i] + (2 * ZUC_WORD_BITS);
655                uint32_t L = ((N + 31) / ZUC_WORD_BITS) -
656                             numKeyStr*(keyStreamLengthInBits / 32);
657                uint32_t remainBits = lengthInBits[i] -
658                                      numKeyStr*keyStreamLengthInBits;
659                uint32_t *keyStr32 = (uint32_t *) keyStr[i];
660
661                /* If remaining bits are more than 56 bytes, we need to generate
662                 * at least 8B more of keystream, so we need to copy
663                 * the zuc state to single packet state first */

   18. Condition remainBits > 448U /* 14 * 32 */, taking true branch.

664                if (remainBits > (14*32)) {

   CID 106260 (#3 of 3): Uninitialized scalar variable (UNINIT) [select issue]

665                        singlePktState.lfsrState[0] = state.lfsrState[0][i];
666                        singlePktState.lfsrState[1] = state.lfsrState[1][i];
667                        singlePktState.lfsrState[2] = state.lfsrState[2][i];
668                        singlePktState.lfsrState[3] = state.lfsrState[3][i];
669                        singlePktState.lfsrState[4] = state.lfsrState[4][i];
670                        singlePktState.lfsrState[5] = state.lfsrState[5][i];
671                        singlePktState.lfsrState[6] = state.lfsrState[6][i];
672                        singlePktState.lfsrState[7] = state.lfsrState[7][i];
673                        singlePktState.lfsrState[8] = state.lfsrState[8][i];
674                        singlePktState.lfsrState[9] = state.lfsrState[9][i];
675                        singlePktState.lfsrState[10] = state.lfsrState[10][i];
676                        singlePktState.lfsrState[11] = state.lfsrState[11][i];
677                        singlePktState.lfsrState[12] = state.lfsrState[12][i];
678                        singlePktState.lfsrState[13] = state.lfsrState[13][i];
679                        singlePktState.lfsrState[14] = state.lfsrState[14][i];
680                        singlePktState.lfsrState[15] = state.lfsrState[15][i];
681

   CID 106260 (#2 of 3): Uninitialized scalar variable (UNINIT) [select issue]

682                        singlePktState.fR1 = state.fR1[i];

   CID 106260 (#1 of 3): Uninitialized scalar variable (UNINIT)19. uninit_use: Using uninitialized value state.fR2[i].

683                        singlePktState.fR2 = state.fR2[i];
684                }

intel / intel-ipsec-mb

static analysis warnings on today's tip #73