crypto: coverity issues

Change-Id: I9db1b74097c9df587b9265b14a969d347bcb731a
Signed-off-by: Damjan Marion <damarion@cisco.com>

diff --git a/src/plugins/crypto_ia32/aes_cbc.c b/src/plugins/crypto_ia32/aes_cbc.c
index 281cc83..091f7b6 100644 (file)
--- a/src/plugins/crypto_ia32/aes_cbc.c
+++ b/src/plugins/crypto_ia32/aes_cbc.c
@@ -95,10 +95,12 @@ aesni_ops_enc_aes_cbc (vlib_main_t * vm, vnet_crypto_op_t * ops[],
                                                         vm->thread_index);
   int rounds = AESNI_KEY_ROUNDS (ks);
   u8 dummy[8192];
-  u8 *src[4], *dst[4], *key[4];
+  u8 *src[4] = { };
+  u8 *dst[4] = { };
+  u8 *key[4] = { };
   u32x4 dummy_mask, len = { };
   u32 i, j, count, n_left = n_ops;
-  __m128i r[4], k[4][rounds + 1];
+  __m128i r[4] = { }, k[4][rounds + 1];
 
 more:
   for (i = 0; i < 4; i++)
@@ -187,22 +189,30 @@ aesni_ops_dec_aes_cbc (vlib_main_t * vm, vnet_crypto_op_t * ops[],
                       u32 n_ops, aesni_key_size_t ks)
 {
   int rounds = AESNI_KEY_ROUNDS (ks);
-  u8 *last_key = 0;
-  u32 i;
+  vnet_crypto_op_t *op = ops[0];
+  u32 n_left = n_ops;
+  u8 *last_key;
   __m128i k[rounds + 1];
 
-  for (i = 0; i < n_ops; i++)
+  ASSERT (n_ops >= 1);
+
+key_expand:
+  last_key = op->key;
+  aes_key_expand (k, op->key, ks);
+  aes_key_enc_to_dec (k, ks);
+
+decrypt:
+  aes_cbc_dec (k, op->src, op->dst, op->iv, op->len, rounds);
+  op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
+
+  if (--n_left)
     {
-      vnet_crypto_op_t *op = ops[i];
+      op += 1;
       if (last_key != op->key)
-       {
-         aes_key_expand (k, op->key, ks);
-         last_key = op->key;
-         aes_key_enc_to_dec (k, rounds);
-       }
-      aes_cbc_dec (k, op->src, op->dst, op->iv, op->len, rounds);
-      op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
+       goto key_expand;
+      goto decrypt;
     }
+
   return n_ops;
 }
 
@@ -237,7 +247,8 @@ crypto_ia32_aesni_cbc_init (vlib_main_t * vm)
     {
       for (int i = 0; i < 4; i++)
        {
-         if (read(fd, ptd->cbc_iv, sizeof (ptd->cbc_iv)) < 0)
+         if (read(fd, ptd->cbc_iv, sizeof (ptd->cbc_iv)) !=
+             sizeof (ptd->cbc_iv))
            {
              err = clib_error_return_unix (0, "'/dev/urandom' read failure");
              goto error;

diff --git a/src/plugins/crypto_ia32/aesni.h b/src/plugins/crypto_ia32/aesni.h
index 077889a..28e09fc 100644 (file)
--- a/src/plugins/crypto_ia32/aesni.h
+++ b/src/plugins/crypto_ia32/aesni.h
@@ -195,8 +195,9 @@ aes_key_expand (__m128i * k, u8 * key, aesni_key_size_t ks)
 
 
 static_always_inline void
-aes_key_enc_to_dec (__m128i * k, aesni_key_size_t rounds)
+aes_key_enc_to_dec (__m128i * k, aesni_key_size_t ks)
 {
+  int rounds = AESNI_KEY_ROUNDS (ks);
   __m128i r;
 
   r = k[rounds];

diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c
index 3dcb2ec..9d0ad8b 100644 (file)
--- a/src/vnet/crypto/crypto.c
+++ b/src/vnet/crypto/crypto.c
@@ -30,7 +30,7 @@ vnet_crypto_process_ops_call_handler (vlib_main_t * vm,
 
   if (cm->ops_handlers[opt] == 0)
     {
-      while (n_ops)
+      while (n_ops--)
        {
          ops[0]->status = VNET_CRYPTO_OP_STATUS_FAIL_NO_HANDLER;
          ops++;