Bug Summary

File:programs/pluto/crypto.c
Warning:line 121, column 27
Value stored to 'sep' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name crypto.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model pic -pic-level 2 -pic-is-pie -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir /usr/lib64/clang/8.0.0 -D TimeZoneOffset=timezone -D linux -D PIE -D NSS_IPSEC_PROFILE -D XFRM_SUPPORT -D USE_XFRM_INTERFACE -D USE_DNSSEC -D DEFAULT_DNSSEC_ROOTKEY_FILE="/var/lib/unbound/root.key" -D HAVE_LABELED_IPSEC -D HAVE_SECCOMP -D LIBCURL -D USE_LINUX_AUDIT -D USE_SYSTEMD_WATCHDOG -D HAVE_NM -D XAUTH_HAVE_PAM -D USE_3DES -D USE_AES -D USE_CAMELLIA -D USE_CHACHA -D USE_DH31 -D USE_MD5 -D USE_SHA1 -D USE_SHA2 -D USE_PRF_AES_XCBC -D DEFAULT_RUNDIR="/run/pluto" -D IPSEC_CONF="/etc/ipsec.conf" -D IPSEC_CONFDDIR="/etc/ipsec.d" -D IPSEC_NSSDIR="/etc/ipsec.d" -D IPSEC_CONFDIR="/etc" -D IPSEC_EXECDIR="/usr/local/libexec/ipsec" -D IPSEC_SBINDIR="/usr/local/sbin" -D IPSEC_VARDIR="/var" -D POLICYGROUPSDIR="/etc/ipsec.d/policies" -D IPSEC_SECRETS_FILE="/etc/ipsec.secrets" -D FORCE_PR_ASSERT -D USE_FORK=1 -D USE_VFORK=0 -D USE_DAEMON=0 -D USE_PTHREAD_SETSCHEDPRIO=1 -D GCC_LINT -D HAVE_LIBCAP_NG -I . -I ../../OBJ.linux.x86_64/programs/pluto -I ../../include -I /usr/include/nss3 -I /usr/include/nspr4 -I /home/build/libreswan/programs/pluto/linux-copy -D HERE_BASENAME="crypto.c" -internal-isystem /usr/local/include -internal-isystem /usr/lib64/clang/8.0.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wno-missing-field-initializers -std=gnu99 -fdebug-compilation-dir /home/build/libreswan/programs/pluto -ferror-limit 19 -fmessage-length 0 -stack-protector 3 -fobjc-runtime=gcc -fdiagnostics-show-option -analyzer-output=html -o /tmp/scan-build-2020-09-09-193337-25440-1 -x c /home/build/libreswan/programs/pluto/crypto.c -faddrsig
1/* crypto interfaces
2 * Copyright (C) 1998-2001,2013 D. Hugh Redelmeier <hugh@mimosa.com>
3 * Copyright (C) 2003-2008 Michael C. Richardson <mcr@xelerance.com>
4 * Copyright (C) 2003-2010 Paul Wouters <paul@xelerance.com>
5 * Copyright (C) 2009-2012 Avesh Agarwal <avagarwa@redhat.com>
6 * Copyright (C) 2012-2013 Paul Wouters <paul@libreswan.org>
7 * Copyright (C) 2013 Florian Weimer <fweimer@redhat.com>
8 * Copyright (C) 2016-2019 Andrew Cagney <cagney@gnu.org>
9 * Copyright (C) 2019 Paul Wouters <pwouters@redhat.com>
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
18 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * for more details.
20 *
21 */
22
23#include <stdio.h>
24#include <string.h>
25#include <stddef.h>
26#include <sys/types.h>
27
28
29#include <errno(*__errno_location ()).h>
30
31#include "constants.h"
32#include "defs.h"
33#include "state.h"
34#include "log.h"
35#include "crypto.h"
36#include "ike_alg.h"
37#include "test_buffer.h"
38#include "connections.h"
39#include "ike_alg_integ.h"
40#include "kernel_alg.h"
41
42/*
43 * Show IKE algorithms for
44 * - this connection (result from ike= string)
45 * - newest SA
46 */
47void show_ike_alg_connection(struct show *s,
48 const struct connection *c,
49 const char *instance)
50{
51 if (c->ike_proposals.p != NULL((void*)0)
52 && !default_proposals(c->ike_proposals.p)) {
53 /*
54 * List the algorithms as found in alg_info_ike and as
55 * will be fed into the proposal code.
56 *
57 * XXX:
58 *
59 * An earlier variant of this code would append the
60 * "default" encryption key-length if it wasn't
61 * specified on the ike= line. It isn't clear how
62 * helpful this is so it was removed:
63 *
64 * - it becomes hard to differentiate between ike=aes
65 * and ike=aes_128
66 *
67 * - proposal code will likely generate a single
68 * proposal containing TWO keys - max then default -
69 * so just displaying default is very misleading.
70 * MAX will probably be selected.
71 *
72 * - for 3DES_CBC, which has only one default, knowing
73 * it is _192 probably isn't useful
74 *
75 * What is needed is a way to display all key lengths
76 * in the order that they will be proposed (remember
77 * ESP reverses this). Something like
78 * AES_CBC_256+AES_CBC_128-... (which we hope is not
79 * impossible to parse)?
80 */
81 SHOW_JAMBUF(RC_COMMENT, s, buf)for (struct jambuf *buf = show_jambuf(s); buf != ((void*)0); jambuf_to_show
(buf, s, RC_COMMENT), buf = ((void*)0)) {
82 jam(buf, "\"%s\"%s: IKE algorithms: ",
83 c->name, instance);
84 jam_proposals(buf, c->ike_proposals.p);
85 }
86 }
87
88 const struct state *st = state_with_serialno(c->newest_isakmp_sa);
89
90 if (st != NULL((void*)0)) {
91 SHOW_JAMBUF(RC_COMMENT, s, buf)for (struct jambuf *buf = show_jambuf(s); buf != ((void*)0); jambuf_to_show
(buf, s, RC_COMMENT), buf = ((void*)0)) {
92 jam(buf,
93 "\"%s\"%s: %s algorithm newest: ",
94 c->name, instance,
95 enum_name(&ike_version_names, st->st_ike_version));
96 const struct trans_attrs *ta = &st->st_oakley;
97 const char *sep = "";
98 if (ta->ta_encrypt != NULL((void*)0)) {
99 jam_string(buf, sep); sep = "-";
100 jam_string(buf, ta->ta_encrypt->common.fqn);
101 if (ta->enckeylen != 0) {
102 jam(buf, "_%d", ta->enckeylen);
103 }
104 }
105 if (ta->ta_prf != NULL((void*)0)) {
106 jam_string(buf, sep); sep = "-";
107 jam_string(buf, ta->ta_prf->common.fqn);
108 }
109 /* XXX: should just print everything */
110 if (ta->ta_integ != NULL((void*)0)) {
111 if ((ta->ta_prf == NULL((void*)0)) ||
112 (encrypt_desc_is_aead(ta->ta_encrypt) &&
113 ta->ta_integ != &ike_alg_integ_none) ||
114 (!encrypt_desc_is_aead(ta->ta_encrypt) &&
115 ta->ta_integ->prf != ta->ta_prf)) {
116 jam_string(buf, sep); sep = "-";
117 jam_string(buf, ta->ta_integ->common.fqn);
118 }
119 }
120 if (ta->ta_dh != NULL((void*)0)) {
121 jam_string(buf, sep); sep = "-";
Value stored to 'sep' is never read
122 jam_string(buf, ta->ta_dh->common.fqn);
123 }
124 }
125 }
126}
127
128/*
129 * Show registered IKE algorithms
130 */
131void show_ike_alg_status(struct show *s)
132{
133 show_separator(s);
134 show_comment(s, "IKE algorithms supported:");
135 show_separator(s);
136
137 for (const struct encrypt_desc **algp = next_encrypt_desc(NULL((void*)0));
138 algp != NULL((void*)0); algp = next_encrypt_desc(algp)) {
139 const struct encrypt_desc *alg = (*algp);
140 if (ike_alg_is_ike(&(alg)->common)) {
141 struct esb_buf v1namebuf, v2namebuf;
142 passert(alg->common.ikev1_oakley_id >= 0 || alg->common.id[IKEv2_ALG_ID] >= 0){ _Bool assertion__ = alg->common.id[IKEv1_OAKLEY_ID] >=
0 || alg->common.id[IKEv2_ALG_ID] >= 0; if (!assertion__
) { lsw_passert_fail((where_t) { .func = __func__, .basename =
"crypto.c" , .line = 142}, "%s", "alg->common.ikev1_oakley_id >= 0 || alg->common.id[IKEv2_ALG_ID] >= 0"
); } };
143 show_comment(s,
144 "algorithm IKE encrypt: v1id=%d, v1name=%s, v2id=%d, v2name=%s, blocksize=%zu, keydeflen=%u",
145 alg->common.ikev1_oakley_idid[IKEv1_OAKLEY_ID],
146 (alg->common.ikev1_oakley_idid[IKEv1_OAKLEY_ID] >= 0
147 ? enum_showb(&oakley_enc_names,
148 alg->common.ikev1_oakley_idid[IKEv1_OAKLEY_ID],
149 &v1namebuf)
150 : "n/a"),
151 alg->common.id[IKEv2_ALG_ID],
152 (alg->common.id[IKEv2_ALG_ID] >= 0
153 ? enum_showb(&ikev2_trans_type_encr_names,
154 alg->common.id[IKEv2_ALG_ID],
155 &v2namebuf)
156 : "n/a"),
157 alg->enc_blocksize,
158 alg->keydeflen);
159 }
160 }
161
162 for (const struct prf_desc **algp = next_prf_desc(NULL((void*)0));
163 algp != NULL((void*)0); algp = next_prf_desc(algp)) {
164 const struct prf_desc *alg = (*algp);
165 if (ike_alg_is_ike(&(alg)->common)) {
166 show_comment(s,
167 "algorithm IKE PRF: name=%s, hashlen=%zu",
168 alg->common.fqn, alg->prf_output_size);
169 }
170 }
171
172 for (const struct dh_desc **gdescp = next_dh_desc(NULL((void*)0));
173 gdescp != NULL((void*)0); gdescp = next_dh_desc(gdescp)) {
174 const struct dh_desc *gdesc = *gdescp;
175 if (gdesc->bytes > 0) {
176 /* nothing crazy like 'none' */
177 show_comment(s,
178 "algorithm IKE DH Key Exchange: name=%s, bits=%d",
179 gdesc->common.fqn,
180 (int)gdesc->bytes * BITS_PER_BYTE8);
181 }
182 }
183}