fix clang-analyzer warnings

This fixes #80

src/encauth/ccm/ccm_memory.c

@@ -127,11 +127,6 @@ int ccm_memory(int cipher,
       L = 15 - noncelen;
    }
 
-   /* decrease noncelen to match L */
-   if ((noncelen + L) > 15) {
-      noncelen = 15 - L;
-   }
-
    /* allocate mem for the symmetric key */
    if (uskey == NULL) {
       skey = XMALLOC(sizeof(*skey));
@@ -147,7 +142,7 @@ int ccm_memory(int cipher,
    } else {
       skey = uskey;
    }
-   
+
    /* initialize buffer for pt */
    if (direction == CCM_DECRYPT) {
       pt_work = XMALLOC(ptlen);

src/headers/tomcrypt_argchk.h

@@ -5,9 +5,15 @@
 #include <signal.h>
 
 /* this is the default LibTomCrypt macro  */
-void crypt_argchk(char *v, char *s, int d);
+#if defined(__clang__) || defined(__GNUC_MINOR__)
-#define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); }
+#define NORETURN __attribute__ ((noreturn))
-#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
+#else
+#define NORETURN
+#endif
+
+void crypt_argchk(char *v, char *s, int d) NORETURN;
+#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0)
+#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0)
 
 #elif ARGTYPE == 1
 

src/mac/hmac/hmac_init.c

@@ -68,15 +68,13 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon
         if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) {
            goto LBL_ERR;
         }
-        if(hashsize < LTC_HMAC_BLOCKSIZE) {
-            zeromem((hmac->key) + hashsize, (size_t)(LTC_HMAC_BLOCKSIZE - hashsize));
-        }
         keylen = hashsize;
     } else {
         XMEMCPY(hmac->key, key, (size_t)keylen);
-        if(keylen < LTC_HMAC_BLOCKSIZE) {
+    }
-            zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen));
+
-        }
+    if(keylen < LTC_HMAC_BLOCKSIZE) {
+       zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen));
     }
 
     /* Create the initial vector for step (3) */

src/misc/crypt/crypt_argchk.c

@@ -13,15 +13,14 @@
 /**
   @file crypt_argchk.c
   Perform argument checking, Tom St Denis
-*/  
+*/
 
 #if (ARGTYPE == 0)
-#include <signal.h>
 void crypt_argchk(char *v, char *s, int d)
 {
  fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n",
          v, d, s);
- (void)raise(SIGABRT);
+ abort();
 }
 #endif
 

src/modes/xts/xts_decrypt.c

@@ -110,7 +110,9 @@ int xts_decrypt(const unsigned char *ct, unsigned long ptlen, unsigned char *pt,
       }
 
       for (i = 0; i < lim; i++) {
-         err = tweak_uncrypt(ct, pt, T, xts);
+         if ((err = tweak_uncrypt(ct, pt, T, xts)) != CRYPT_OK) {
+            return err;
+         }
          ct += 16;
          pt += 16;
       }

src/modes/xts/xts_encrypt.c

@@ -113,7 +113,9 @@ int xts_encrypt(const unsigned char *pt, unsigned long ptlen, unsigned char *ct,
       }
 
       for (i = 0; i < lim; i++) {
-         err = tweak_crypt(pt, ct, T, xts);
+         if ((err = tweak_crypt(pt, ct, T, xts)) != CRYPT_OK) {
+            return err;
+         }
          ct += 16;
          pt += 16;
       }

src/pk/asn1/der/integer/der_length_integer.c

@@ -46,7 +46,6 @@ int der_length_integer(void *num, unsigned long *outlen)
    } else {
       /* it's negative */
       /* find power of 2 that is a multiple of eight and greater than count bits */
-      leading_zero = 0;
       z = mp_count_bits(num);
       z = z + (8 - (z & 7));
       if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --z;

src/pk/asn1/der/sequence/der_decode_sequence_multi.c

@@ -44,6 +44,8 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
        type = va_arg(args, ltc_asn1_type);
        size = va_arg(args, unsigned long);
        data = va_arg(args, void*);
+       LTC_UNUSED_PARAM(size);
+       LTC_UNUSED_PARAM(data);
 
        if (type == LTC_ASN1_EOL) {
           break;

src/pk/asn1/der/sequence/der_encode_sequence_multi.c

@@ -45,6 +45,8 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
        type = va_arg(args, ltc_asn1_type);
        size = va_arg(args, unsigned long);
        data = va_arg(args, void*);
+       LTC_UNUSED_PARAM(size);
+       LTC_UNUSED_PARAM(data);
 
        if (type == LTC_ASN1_EOL) {
           break;

src/pk/dh/dh_sys.c

@@ -246,8 +246,6 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
    if (inlen < keysize) {
       err = CRYPT_INVALID_PACKET;
       goto LBL_ERR;
-   } else {
-      inlen -= keysize;
    }
 
    if (keysize > *outlen) {

src/pk/pkcs1/pkcs_1_oaep_decode.c

@@ -85,7 +85,6 @@ int pkcs_1_oaep_decode(const unsigned char *msg,    unsigned long msglen,
 
     */
 
-   err = CRYPT_OK;
    ret = CRYPT_OK;
 
    /* must have leading 0x00 byte */

src/pk/pkcs1/pkcs_1_pss_decode.c

@@ -94,8 +94,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
 
    /* copy out the hash */
    XMEMCPY(hash, sig + x, hLen);
-   x += hLen;
+   /* x += hLen; */
-
 
    /* check the MSB */
    if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen)))) != 0) {

src/pk/pkcs1/pkcs_1_pss_encode.c

@@ -116,7 +116,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
    x += modulus_len - saltlen - hLen - 2;
    DB[x++] = 0x01;
    XMEMCPY(DB + x, salt, saltlen);
-   x += saltlen;
+   /* x += saltlen; */
 
    /* generate mask of length modulus_len - hLen - 1 from hash */
    if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {

src/prngs/sober128.c

@@ -300,7 +300,6 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state
 #endif
 
    c = &(prng->sober128);
-   t = 0;
    tlen = outlen;
 
    /* handle any previously buffered bytes */