From 2c6b2d70e6640f39563ad7bb0aa0ba87f883848c Mon Sep 17 00:00:00 2001 From: Kirill Isakov Date: Mon, 2 Aug 2021 15:55:05 +0600 Subject: [PATCH] Assign more suitable types and fix narrowing conversion warns. --- src/Makefile.am | 1 + src/autoconnect.c | 2 +- src/bsd/device.c | 4 +- src/bsd/tunemu.c | 28 ++++----- src/bsd/tunemu.h | 6 +- src/buffer.h | 2 + src/cipher.h | 2 + src/compression.h | 25 ++++++++ src/conf.c | 5 +- src/connection.h | 38 ++++++------ src/control.h | 2 + src/crypto.h | 2 + src/digest.h | 11 ++-- src/dropin.c | 4 ++ src/dropin.h | 2 + src/ecdh.h | 2 + src/ecdsa.h | 2 + src/ed25519/ecdsa.c | 6 +- src/ed25519/fixedint.h | 4 +- src/ethernet.h | 2 + src/event.h | 1 + src/fd_device.c | 10 +-- src/gcrypt/cipher.c | 2 +- src/gcrypt/cipher.h | 4 +- src/gcrypt/digest.c | 34 +++++------ src/gcrypt/digest.h | 10 +-- src/gcrypt/prf.c | 12 ++-- src/gcrypt/rsa.c | 5 +- src/hash.h | 4 +- src/ifconfig.h | 2 + src/info.c | 2 +- src/invitation.c | 26 ++++---- src/ipv4.h | 2 + src/ipv6.h | 2 + src/linux/device.c | 2 +- src/logger.c | 18 +++--- src/logger.h | 5 +- src/meta.c | 14 ++--- src/meta.h | 4 +- src/multicast_device.c | 4 +- src/names.c | 2 +- src/names.h | 2 + src/net.h | 4 +- src/net_packet.c | 131 ++++++++++++++++++++-------------------- src/net_setup.c | 32 +++++----- src/net_socket.c | 8 +-- src/node.c | 6 +- src/node.h | 32 +++++----- src/nolegacy/crypto.c | 2 +- src/nolegacy/prf.c | 12 ++-- src/openssl/cipher.c | 8 +-- src/openssl/crypto.c | 2 +- src/openssl/digest.c | 12 ++-- src/openssl/digest.h | 2 +- src/openssl/prf.c | 8 +-- src/openssl/rsa.c | 4 +- src/openssl/rsagen.c | 2 +- src/prf.h | 4 +- src/process.h | 2 + src/protocol.c | 2 +- src/protocol.h | 2 +- src/protocol_auth.c | 20 +++--- src/protocol_key.c | 46 +++++++------- src/protocol_misc.c | 6 +- src/raw_socket_device.c | 2 +- src/route.c | 4 +- src/rsa.h | 2 + src/script.c | 2 +- src/script.h | 2 + src/solaris/device.c | 2 +- src/sptps.c | 10 +-- src/sptps.h | 26 ++++---- src/sptps_keypair.c | 3 +- src/sptps_speed.c | 7 ++- src/sptps_test.c | 12 ++-- src/subnet.h | 10 +-- src/subnet_parse.c | 32 +++++----- src/tincctl.c | 60 +++++++++--------- src/tincctl.h | 5 +- src/tincd.c | 12 +++- src/top.c | 29 ++++----- src/uml_device.c | 4 +- src/utils.c | 20 +++--- src/utils.h | 2 + src/vde_device.c | 3 +- src/xalloc.h | 2 + 86 files changed, 505 insertions(+), 410 deletions(-) create mode 100644 src/compression.h diff --git a/src/Makefile.am b/src/Makefile.am index 9a776dcb..12bfe176 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -55,6 +55,7 @@ tincd_SOURCES = \ autoconnect.c autoconnect.h \ buffer.c buffer.h \ cipher.h \ + compression.h \ conf.c conf.h \ conf_net.c conf_net.h \ connection.c connection.h \ diff --git a/src/autoconnect.c b/src/autoconnect.c index d25d65e3..d819ee46 100644 --- a/src/autoconnect.c +++ b/src/autoconnect.c @@ -80,7 +80,7 @@ static void connect_to_unreachable() { * are only a few reachable nodes, and many unreachable ones, we're * going to try harder to connect to them. */ - int r = rand() % node_tree->count; + unsigned int r = rand() % node_tree->count; for splay_each(node_t, n, node_tree) { if(r--) { diff --git a/src/bsd/device.c b/src/bsd/device.c index db506e5a..57029d5d 100644 --- a/src/bsd/device.c +++ b/src/bsd/device.c @@ -85,7 +85,7 @@ static bool setup_utun(void) { return false; } - int unit = -1; + long unit = -1; char *p = strstr(device, "utun"), *e = NULL; if(p) { @@ -351,7 +351,7 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int inlen; + ssize_t inlen; switch(device_type) { case DEVICE_TYPE_TUN: diff --git a/src/bsd/tunemu.c b/src/bsd/tunemu.c index bf3eacb5..6867c47b 100644 --- a/src/bsd/tunemu.c +++ b/src/bsd/tunemu.c @@ -50,10 +50,10 @@ #define PPPIOCGUNIT _IOR('t', 86, int) struct sockaddr_ppp { - u_int8_t ppp_len; - u_int8_t ppp_family; - u_int16_t ppp_proto; - u_int32_t ppp_cookie; + uint8_t ppp_len; + uint8_t ppp_family; + uint16_t ppp_proto; + uint32_t ppp_cookie; }; enum NPmode { @@ -77,8 +77,8 @@ char tunemu_error[ERROR_BUFFER_SIZE]; static int pcap_use_count = 0; static pcap_t *pcap = NULL; -static int data_buffer_length = 0; -static char *data_buffer = NULL; +static size_t data_buffer_length = 0; +static uint8_t *data_buffer = NULL; static void tun_error(char *format, ...) { va_list vl; @@ -244,7 +244,7 @@ static void close_pcap() { } } -static void allocate_data_buffer(int size) { +static void allocate_data_buffer(size_t size) { if(data_buffer_length < size) { free(data_buffer); data_buffer_length = size; @@ -320,10 +320,10 @@ int tunemu_close(int ppp_sockfd) { return ret; } -int tunemu_read(int ppp_sockfd, char *buffer, int length) { - allocate_data_buffer(length + 2); +ssize_t tunemu_read(int ppp_sockfd, uint8_t *buffer, size_t buflen) { + allocate_data_buffer(buflen + 2); - length = read(ppp_sockfd, data_buffer, length + 2); + ssize_t length = read(ppp_sockfd, data_buffer, buflen + 2); if(length < 0) { tun_error("reading packet: %s", strerror(errno)); @@ -343,22 +343,22 @@ int tunemu_read(int ppp_sockfd, char *buffer, int length) { return length; } -int tunemu_write(char *buffer, int length) { - allocate_data_buffer(length + 4); +ssize_t tunemu_write(uint8_t *buffer, size_t buflen) { + allocate_data_buffer(buflen + 4); data_buffer[0] = 0x02; data_buffer[1] = 0x00; data_buffer[2] = 0x00; data_buffer[3] = 0x00; - memcpy(data_buffer + 4, buffer, length); + memcpy(data_buffer + 4, buffer, buflen); if(pcap == NULL) { tun_error("pcap not open"); return -1; } - length = pcap_inject(pcap, data_buffer, length + 4); + ssize_t length = pcap_inject(pcap, data_buffer, buflen + 4); if(length < 0) { tun_error("injecting packet: %s", pcap_geterr(pcap)); diff --git a/src/bsd/tunemu.h b/src/bsd/tunemu.h index 279e1976..c67cfae3 100644 --- a/src/bsd/tunemu.h +++ b/src/bsd/tunemu.h @@ -20,13 +20,15 @@ #ifndef TUNEMU_H #define TUNEMU_H +#include "system.h" + typedef char tunemu_device[7]; extern char tunemu_error[]; int tunemu_open(tunemu_device dev); int tunemu_close(int fd); -int tunemu_read(int fd, char *buffer, int length); -int tunemu_write(char *buffer, int length); +ssize_t tunemu_read(int fd, uint8_t *buffer, size_t buflen); +ssize_t tunemu_write(uint8_t *buffer, size_t buflen); #endif diff --git a/src/buffer.h b/src/buffer.h index b25c8adc..4ba17773 100644 --- a/src/buffer.h +++ b/src/buffer.h @@ -1,6 +1,8 @@ #ifndef TINC_BUFFER_H #define TINC_BUFFER_H +#include "system.h" + typedef struct buffer_t { char *data; uint32_t maxlen; diff --git a/src/cipher.h b/src/cipher.h index 2845be8d..68332be3 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #define CIPHER_MAX_BLOCK_SIZE 32 #define CIPHER_MAX_IV_SIZE 16 #define CIPHER_MAX_KEY_SIZE 32 diff --git a/src/compression.h b/src/compression.h new file mode 100644 index 00000000..96fc9ea8 --- /dev/null +++ b/src/compression.h @@ -0,0 +1,25 @@ +#ifndef TINC_COMPRESSION_H +#define TINC_COMPRESSION_H + +typedef enum compression_level_t { + COMPRESS_NONE = 0, + + COMPRESS_ZLIB_1 = 1, + COMPRESS_ZLIB_2 = 2, + COMPRESS_ZLIB_3 = 3, + COMPRESS_ZLIB_4 = 4, + COMPRESS_ZLIB_5 = 5, + COMPRESS_ZLIB_6 = 6, + COMPRESS_ZLIB_7 = 7, + COMPRESS_ZLIB_8 = 8, + COMPRESS_ZLIB_9 = 9, + + COMPRESS_LZO_LO = 10, + COMPRESS_LZO_HI = 11, + + COMPRESS_LZ4 = 12, + + COMPRESS_GUARD = INT_MAX, /* ensure that sizeof(compression_level_t) == sizeof(int) */ +} compression_level_t; + +#endif diff --git a/src/conf.c b/src/conf.c index de632af3..a0107d02 100644 --- a/src/conf.c +++ b/src/conf.c @@ -203,7 +203,7 @@ static char *readline(FILE *fp, char *buf, size_t buflen) { return NULL; } - p = fgets(buf, buflen, fp); + p = fgets(buf, (int) buflen, fp); if(!p) { return NULL; @@ -227,7 +227,6 @@ static char *readline(FILE *fp, char *buf, size_t buflen) { config_t *parse_config_line(char *line, const char *fname, int lineno) { config_t *cfg; - int len; char *variable, *value, *eol; variable = value = line; @@ -237,7 +236,7 @@ config_t *parse_config_line(char *line, const char *fname, int lineno) { *eol = '\0'; } - len = strcspn(value, "\t ="); + size_t len = strcspn(value, "\t ="); value += len; value += strspn(value, "\t "); diff --git a/src/connection.h b/src/connection.h index bddcee28..4a9ef446 100644 --- a/src/connection.h +++ b/src/connection.h @@ -35,22 +35,22 @@ #define OPTION_VERSION(x) ((x) >> 24) /* Top 8 bits are for protocol minor version */ typedef struct connection_status_t { - unsigned int pinged: 1; /* sent ping */ - unsigned int unused_active: 1; - unsigned int connecting: 1; /* 1 if we are waiting for a non-blocking connect() to finish */ - unsigned int unused_termreq: 1; /* the termination of this connection was requested */ - unsigned int remove_unused: 1; /* Set to 1 if you want this connection removed */ - unsigned int timeout_unused: 1; /* 1 if gotten timeout */ - unsigned int encryptout: 1; /* 1 if we can encrypt outgoing traffic */ - unsigned int decryptin: 1; /* 1 if we have to decrypt incoming traffic */ - unsigned int mst: 1; /* 1 if this connection is part of a minimum spanning tree */ - unsigned int control: 1; /* 1 if this is a control connection */ - unsigned int pcap: 1; /* 1 if this is a control connection requesting packet capture */ - unsigned int log: 1; /* 1 if this is a control connection requesting log dump */ - unsigned int invitation: 1; /* 1 if this is an invitation */ - unsigned int invitation_used: 1; /* 1 if the invitation has been consumed */ - unsigned int tarpit: 1; /* 1 if the connection should be added to the tarpit */ - unsigned int unused: 17; + bool pinged: 1; /* sent ping */ + bool unused_active: 1; + bool connecting: 1; /* 1 if we are waiting for a non-blocking connect() to finish */ + bool unused_termreq: 1; /* the termination of this connection was requested */ + bool remove_unused: 1; /* Set to 1 if you want this connection removed */ + bool timeout_unused: 1; /* 1 if gotten timeout */ + bool encryptout: 1; /* 1 if we can encrypt outgoing traffic */ + bool decryptin: 1; /* 1 if we have to decrypt incoming traffic */ + bool mst: 1; /* 1 if this connection is part of a minimum spanning tree */ + bool control: 1; /* 1 if this is a control connection */ + bool pcap: 1; /* 1 if this is a control connection requesting packet capture */ + bool log: 1; /* 1 if this is a control connection requesting log dump */ + bool invitation: 1; /* 1 if this is an invitation */ + bool invitation_used: 1; /* 1 if the invitation has been consumed */ + bool tarpit: 1; /* 1 if the connection should be added to the tarpit */ + uint32_t unused: 17; } connection_status_t; #include "ecdsa.h" @@ -90,10 +90,10 @@ typedef struct connection_t { sptps_t sptps; int outmaclength; - int outcompression; + int outcompression; /* compression level from compression_level_t */ - char *hischallenge; /* The challenge we sent to him */ - char *mychallenge; /* The challenge we received */ + uint8_t *hischallenge; /* The challenge we sent to him */ + uint8_t *mychallenge; /* The challenge we received */ struct buffer_t inbuf; struct buffer_t outbuf; diff --git a/src/control.h b/src/control.h index 93984102..4c25fc16 100644 --- a/src/control.h +++ b/src/control.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + extern bool init_control(void); extern void exit_control(void); extern char controlcookie[]; diff --git a/src/crypto.h b/src/crypto.h index 74bab1b0..4c7d23bf 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -1,6 +1,8 @@ #ifndef TINC_CRYPTO_H #define TINC_CRYPTO_H +#include "system.h" + /* crypto.h -- header for crypto.c Copyright (C) 2007-2013 Guus Sliepen diff --git a/src/digest.h b/src/digest.h index 6d7cb417..1cebf582 100644 --- a/src/digest.h +++ b/src/digest.h @@ -20,14 +20,17 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #define DIGEST_MAX_SIZE 64 +#define DIGEST_ALGO_SIZE ((size_t) -1) #ifndef DISABLE_LEGACY typedef struct digest digest_t; -extern digest_t *digest_open_by_name(const char *name, int maclength) __attribute__((__malloc__)); -extern digest_t *digest_open_by_nid(int nid, int maclength) __attribute__((__malloc__)); +extern digest_t *digest_open_by_name(const char *name, size_t maclength) __attribute__((__malloc__)); +extern digest_t *digest_open_by_nid(int nid, size_t maclength) __attribute__((__malloc__)); extern void digest_close(digest_t *digest); extern bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *outdata) __attribute__((__warn_unused_result__)); extern bool digest_verify(digest_t *digest, const void *indata, size_t inlen, const void *digestdata) __attribute__((__warn_unused_result__)); @@ -37,6 +40,6 @@ extern size_t digest_keylength(const digest_t *digest); extern size_t digest_length(const digest_t *digest); extern bool digest_active(const digest_t *digest); -#endif +#endif // DISABLE_LEGACY -#endif +#endif // TINC_DIGEST_H diff --git a/src/dropin.c b/src/dropin.c index 2d08dc46..3c950ada 100644 --- a/src/dropin.c +++ b/src/dropin.c @@ -20,6 +20,10 @@ #include "system.h" +#ifndef HAVE_ASPRINTF +#include "xalloc.h" +#endif + #ifndef HAVE_DAEMON /* Replacement for the daemon() function. diff --git a/src/dropin.h b/src/dropin.h index 5033f90d..bc1951d3 100644 --- a/src/dropin.h +++ b/src/dropin.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #ifndef HAVE_DAEMON extern int daemon(int, int); #endif diff --git a/src/ecdh.h b/src/ecdh.h index 0bfc2715..bcd6b167 100644 --- a/src/ecdh.h +++ b/src/ecdh.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #define ECDH_SIZE 32 #define ECDH_SHARED_SIZE 32 diff --git a/src/ecdsa.h b/src/ecdsa.h index 6cb54344..d06b9684 100644 --- a/src/ecdsa.h +++ b/src/ecdsa.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #ifndef TINC_ECDSA_INTERNAL typedef struct ecdsa ecdsa_t; #endif diff --git a/src/ed25519/ecdsa.c b/src/ed25519/ecdsa.c index 4bd71556..8dee1246 100644 --- a/src/ed25519/ecdsa.c +++ b/src/ed25519/ecdsa.c @@ -35,10 +35,10 @@ typedef struct { // Get and set ECDSA keys // ecdsa_t *ecdsa_set_base64_public_key(const char *p) { - int len = strlen(p); + size_t len = strlen(p); if(len != 43) { - logger(DEBUG_ALWAYS, LOG_ERR, "Invalid size %d for public key!", len); + logger(DEBUG_ALWAYS, LOG_ERR, "Invalid size %zu for public key!", len); return 0; } @@ -46,7 +46,7 @@ ecdsa_t *ecdsa_set_base64_public_key(const char *p) { len = b64decode(p, ecdsa->public, len); if(len != 32) { - logger(DEBUG_ALWAYS, LOG_ERR, "Invalid format of public key! len = %d", len); + logger(DEBUG_ALWAYS, LOG_ERR, "Invalid format of public key! len = %zu", len); free(ecdsa); return 0; } diff --git a/src/ed25519/fixedint.h b/src/ed25519/fixedint.h index af031e9a..553f8880 100644 --- a/src/ed25519/fixedint.h +++ b/src/ed25519/fixedint.h @@ -77,11 +77,11 @@ static inline unsigned char shlu8(unsigned char a, uint32_t b) { } static inline int32_t shl32(uint32_t a, uint32_t b) { - return a << b; + return (int32_t)(a << b); } static inline int64_t shl64(uint64_t a, uint32_t b) { - return a << b; + return (int64_t)(a << b); } static inline uint64_t shlu64(uint64_t a, uint32_t b) { diff --git a/src/ethernet.h b/src/ethernet.h index 086f5727..3b074b7f 100644 --- a/src/ethernet.h +++ b/src/ethernet.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #ifndef ETH_ALEN #define ETH_ALEN 6 #endif diff --git a/src/event.h b/src/event.h index 7adaf85e..74224d40 100644 --- a/src/event.h +++ b/src/event.h @@ -20,6 +20,7 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" #include "splay_tree.h" #define IO_READ 1 diff --git a/src/fd_device.c b/src/fd_device.c index 205b628b..7360d17e 100644 --- a/src/fd_device.c +++ b/src/fd_device.c @@ -42,7 +42,7 @@ static int read_fd(int socket) { struct iovec iov = {0}; char cmsgbuf[CMSG_SPACE(sizeof(device_fd))]; struct msghdr msg = {0}; - int ret; + ssize_t ret; struct cmsghdr *cmsgptr; iov.iov_base = &iobuf; @@ -53,7 +53,7 @@ static int read_fd(int socket) { msg.msg_controllen = sizeof(cmsgbuf); if((ret = recvmsg(socket, &msg, 0)) < 1) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not read from unix socket (error %d)!", ret); + logger(DEBUG_ALWAYS, LOG_ERR, "Could not read from unix socket (error %zd)!", ret); return -1; } @@ -83,8 +83,8 @@ static int read_fd(int socket) { } if(cmsgptr->cmsg_len != CMSG_LEN(sizeof(device_fd))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG data length: %lu, expected %lu!", - (unsigned long)cmsgptr->cmsg_len, (unsigned long)CMSG_LEN(sizeof(device_fd))); + logger(DEBUG_ALWAYS, LOG_ERR, "Wrong CMSG data length: %zu, expected %zu!", + cmsgptr->cmsg_len, CMSG_LEN(sizeof(device_fd))); return -1; } @@ -201,7 +201,7 @@ static inline void set_etherheader(vpn_packet_t *packet, uint16_t ethertype) { } static bool read_packet(vpn_packet_t *packet) { - int lenin = read(device_fd, DATA(packet) + ETH_HLEN, MTU - ETH_HLEN); + ssize_t lenin = read(device_fd, DATA(packet) + ETH_HLEN, MTU - ETH_HLEN); if(lenin <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from fd/%d: %s!", device_fd, strerror(errno)); diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c index 3eed8e95..83065317 100644 --- a/src/gcrypt/cipher.c +++ b/src/gcrypt/cipher.c @@ -261,7 +261,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou size_t origlen = inlen - padbyte; - for(int i = inlen - 1; i >= origlen; i--) + for(size_t i = inlen - 1; i >= origlen; i--) if(((uint8_t *)outdata)[i] != padbyte) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while decrypting: invalid padding"); return false; diff --git a/src/gcrypt/cipher.h b/src/gcrypt/cipher.h index 64cb42dd..41450c41 100644 --- a/src/gcrypt/cipher.h +++ b/src/gcrypt/cipher.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #include #define CIPHER_MAX_BLOCK_SIZE 32 @@ -28,7 +30,7 @@ typedef struct cipher { gcry_cipher_hd_t handle; - char *key; + uint8_t *key; int nid; uint16_t keylen; uint16_t blklen; diff --git a/src/gcrypt/digest.c b/src/gcrypt/digest.c index fce48ee2..3333f5f2 100644 --- a/src/gcrypt/digest.c +++ b/src/gcrypt/digest.c @@ -24,7 +24,7 @@ static struct { const char *name; - int algo; + enum gcry_md_algos algo; int nid; } digesttable[] = { {"none", GCRY_MD_NONE, 0}, @@ -34,7 +34,7 @@ static struct { {"sha512", GCRY_MD_SHA512, 674}, }; -static bool nametodigest(const char *name, int *algo) { +static bool nametodigest(const char *name, enum gcry_md_algos *algo) { int i; for(i = 0; i < sizeof(digesttable) / sizeof(*digesttable); i++) { @@ -47,10 +47,8 @@ static bool nametodigest(const char *name, int *algo) { return false; } -static bool nidtodigest(int nid, int *algo) { - int i; - - for(i = 0; i < sizeof(digesttable) / sizeof(*digesttable); i++) { +static bool nidtodigest(int nid, enum gcry_md_algos *algo) { + for(int i = 0; i < sizeof(digesttable) / sizeof(*digesttable); i++) { if(nid == digesttable[i].nid) { *algo = digesttable[i].algo; return true; @@ -60,10 +58,8 @@ static bool nidtodigest(int nid, int *algo) { return false; } -static bool digesttonid(int algo, int *nid) { - int i; - - for(i = 0; i < sizeof(digesttable) / sizeof(*digesttable); i++) { +static bool digesttonid(enum gcry_md_algos algo, int *nid) { + for(int i = 0; i < sizeof(digesttable) / sizeof(*digesttable); i++) { if(algo == digesttable[i].algo) { *nid = digesttable[i].nid; return true; @@ -73,7 +69,7 @@ static bool digesttonid(int algo, int *nid) { return false; } -static bool digest_open(digest_t *digest, int algo, int maclength) { +static bool digest_open(digest_t *digest, enum gcry_md_algos algo, size_t maclength) { if(!digesttonid(algo, &digest->nid)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "Digest %d has no corresponding nid!", algo); return false; @@ -93,8 +89,8 @@ static bool digest_open(digest_t *digest, int algo, int maclength) { return true; } -bool digest_open_by_name(digest_t *digest, const char *name, int maclength) { - int algo; +bool digest_open_by_name(digest_t *digest, const char *name, size_t maclength) { + enum gcry_md_algos algo; if(!nametodigest(name, &algo)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown digest name '%s'!", name); @@ -104,8 +100,8 @@ bool digest_open_by_name(digest_t *digest, const char *name, int maclength) { return digest_open(digest, algo, maclength); } -bool digest_open_by_nid(digest_t *digest, int nid, int maclength) { - int algo; +bool digest_open_by_nid(digest_t *digest, int nid, size_t maclength) { + enum gcry_md_algos algo; if(!nidtodigest(nid, &algo)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "Unknown digest ID %d!", nid); @@ -115,7 +111,7 @@ bool digest_open_by_nid(digest_t *digest, int nid, int maclength) { return digest_open(digest, algo, maclength); } -bool digest_open_sha1(digest_t *digest, int maclength) { +bool digest_open_sha1(digest_t *digest, size_t maclength) { return digest_open(digest, GCRY_MD_SHA1, maclength); } @@ -143,7 +139,7 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out unsigned int len = gcry_md_get_algo_dlen(digest->algo); if(digest->hmac) { - char *tmpdata; + uint8_t *tmpdata; gcry_md_reset(digest->hmac); gcry_md_write(digest->hmac, indata, inlen); tmpdata = gcry_md_read(digest->hmac, digest->algo); @@ -163,8 +159,8 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out } bool digest_verify(digest_t *digest, const void *indata, size_t inlen, const void *cmpdata) { - unsigned int len = digest->maclength; - char outdata[len]; + size_t len = digest->maclength; + uint8_t outdata[len]; return digest_create(digest, indata, inlen, outdata) && !memcmp(cmpdata, outdata, len); } diff --git a/src/gcrypt/digest.h b/src/gcrypt/digest.h index 42404fcd..9a9c611e 100644 --- a/src/gcrypt/digest.h +++ b/src/gcrypt/digest.h @@ -25,15 +25,15 @@ #define DIGEST_MAX_SIZE 64 typedef struct digest { - int algo; + enum gcry_md_algos algo; int nid; - int maclength; + size_t maclength; gcry_md_hd_t hmac; } digest_t; -extern bool digest_open_by_name(struct digest *, const char *name, int maclength); -extern bool digest_open_by_nid(struct digest *, int nid, int maclength); -extern bool digest_open_sha1(struct digest *, int maclength); +extern bool digest_open_by_name(struct digest *, const char *name, size_t maclength); +extern bool digest_open_by_nid(struct digest *, int nid, size_t maclength); +extern bool digest_open_sha1(struct digest *, size_t maclength); extern void digest_close(struct digest *); extern bool digest_create(struct digest *, const void *indata, size_t inlen, void *outdata); extern bool digest_verify(struct digest *, const void *indata, size_t inlen, const void *digestdata); diff --git a/src/gcrypt/prf.c b/src/gcrypt/prf.c index ce80f8cf..1e5bb9f9 100644 --- a/src/gcrypt/prf.c +++ b/src/gcrypt/prf.c @@ -22,7 +22,7 @@ #include "../prf.h" #include "../ed25519/sha512.h" -static void memxor(char *buf, char c, size_t len) { +static void memxor(uint8_t *buf, uint8_t c, size_t len) { for(size_t i = 0; i < len; i++) { buf[i] ^= c; } @@ -31,8 +31,8 @@ static void memxor(char *buf, char c, size_t len) { static const size_t mdlen = 64; static const size_t blklen = 128; -static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) { - char tmp[blklen + mdlen]; +static bool hmac_sha512(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *out) { + uint8_t tmp[blklen + mdlen]; sha512_context md; if(keylen <= blklen) { @@ -81,16 +81,16 @@ static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t We use SHA512 instead of MD5 and SHA1. */ -bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) { +bool prf(const uint8_t *secret, size_t secretlen, uint8_t *seed, size_t seedlen, uint8_t *out, size_t outlen) { /* Data is what the "inner" HMAC function processes. It consists of the previous HMAC result plus the seed. */ - char data[mdlen + seedlen]; + uint8_t data[mdlen + seedlen]; memset(data, 0, mdlen); memcpy(data + mdlen, seed, seedlen); - char hash[mdlen]; + uint8_t hash[mdlen]; while(outlen > 0) { /* Inner HMAC */ diff --git a/src/gcrypt/rsa.c b/src/gcrypt/rsa.c index eb9f58db..c026968a 100644 --- a/src/gcrypt/rsa.c +++ b/src/gcrypt/rsa.c @@ -297,7 +297,8 @@ bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) { gcry_mpi_t outmpi = gcry_mpi_new(len * 8); gcry_mpi_powm(outmpi, inmpi, rsa->e, rsa->n); - int pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8; + size_t out_bytes = (gcry_mpi_get_nbits(outmpi) + 7) / 8; + size_t pad = len - MIN(out_bytes, len); while(pad--) { *(char *)out++ = 0; @@ -315,7 +316,7 @@ bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) { gcry_mpi_t outmpi = gcry_mpi_new(len * 8); gcry_mpi_powm(outmpi, inmpi, rsa->d, rsa->n); - int pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8; + size_t pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8; while(pad--) { *(char *)out++ = 0; diff --git a/src/hash.h b/src/hash.h index e4b14995..1a6ce32f 100644 --- a/src/hash.h +++ b/src/hash.h @@ -20,10 +20,12 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + typedef struct hash_t { size_t n; size_t size; - char *keys; + uint8_t *keys; const void **values; } hash_t; diff --git a/src/ifconfig.h b/src/ifconfig.h index 854780b7..52fcc26b 100644 --- a/src/ifconfig.h +++ b/src/ifconfig.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + extern void ifconfig_dhcp(FILE *out); extern void ifconfig_dhcp6(FILE *out); extern void ifconfig_slaac(FILE *out); diff --git a/src/info.c b/src/info.c index bae3125a..1649be06 100644 --- a/src/info.c +++ b/src/info.c @@ -38,7 +38,7 @@ void logger(int level, int priority, const char *format, ...) { } char *strip_weight(char *netstr) { - int len = strlen(netstr); + size_t len = strlen(netstr); if(len >= 3 && !strcmp(netstr + len - 3, "#10")) { netstr[len - 3] = 0; diff --git a/src/invitation.c b/src/invitation.c index b2e35f98..3c23a170 100644 --- a/src/invitation.c +++ b/src/invitation.c @@ -136,7 +136,7 @@ char *get_my_hostname() { if(s >= 0) { send(s, request, sizeof(request) - 1, 0); - int len = recv(s, line, sizeof(line) - 1, MSG_WAITALL); + ssize_t len = recv(s, line, sizeof(line) - 1, MSG_WAITALL); if(len > 0) { line[len] = 0; @@ -170,7 +170,7 @@ char *get_my_hostname() { // Check that the hostname is reasonable if(hostname) { for(char *p = hostname; *p; p++) { - if(isalnum(*p) || *p == '-' || *p == '.' || *p == ':') { + if(isalnum((uint8_t) *p) || *p == '-' || *p == '.' || *p == ':') { continue; } @@ -216,7 +216,7 @@ again: } for(char *p = line; *p; p++) { - if(isalnum(*p) || *p == '-' || *p == '.') { + if(isalnum((uint8_t) *p) || *p == '-' || *p == '.') { continue; } @@ -457,7 +457,7 @@ int cmd_invite(int argc, char *argv[]) { randomize(cookie, 18); // Create a filename that doesn't reveal the cookie itself - char buf[18 + strlen(fingerprint)]; + uint8_t buf[18 + strlen(fingerprint)]; char cookiehash[64]; memcpy(buf, cookie, 18); memcpy(buf + 18, fingerprint, sizeof(buf) - 18); @@ -572,7 +572,7 @@ static char *get_line(const char **data) { return NULL; } - if(len && !isprint(**data)) { + if(len && !isprint((uint8_t) **data)) { abort(); } @@ -615,7 +615,7 @@ static char *grep(const char *data, const char *var) { static char value[1024]; const char *p = data; - int varlen = strlen(var); + size_t varlen = strlen(var); // Skip all lines not starting with var while(strncasecmp(p, var, varlen) || !strchr(" \t=", p[varlen])) { @@ -781,7 +781,7 @@ make_names: } // Split line into variable and value - int len = strcspn(l, "\t ="); + size_t len = strcspn(l, "\t ="); value = l + len; value += strspn(value, "\t "); @@ -886,7 +886,7 @@ make_names: continue; } - int len = strcspn(l, "\t ="); + size_t len = strcspn(l, "\t ="); if(len == 4 && !strncasecmp(l, "Name", 4)) { value = l + len; @@ -1087,10 +1087,10 @@ ask_netname: static bool invitation_send(void *handle, uint8_t type, const void *vdata, size_t len) { (void)handle; (void)type; - const char *data = vdata; + const uint8_t *data = vdata; while(len) { - int result = send(sock, data, len, 0); + ssize_t result = send(sock, data, len, 0); if(result == -1 && sockwouldblock(sockerrno)) { continue; @@ -1286,7 +1286,7 @@ next: fprintf(stderr, "Connected to %s port %s...\n", address, port); // Tell him we have an invitation, and give him our throw-away key. - int len = snprintf(line, sizeof(line), "0 ?%s %d.%d\n", b64key, PROT_MAJOR, PROT_MINOR); + ssize_t len = snprintf(line, sizeof(line), "0 ?%s %d.%d\n", b64key, PROT_MAJOR, PROT_MINOR); if(len <= 0 || (size_t)len >= sizeof(line)) { abort(); @@ -1368,13 +1368,13 @@ next: char *p = line; while(len) { - int done = sptps_receive_data(&sptps, p, len); + size_t done = sptps_receive_data(&sptps, p, len); if(!done) { return 1; } - len -= done; + len -= (ssize_t) done; p += done; } } diff --git a/src/ipv4.h b/src/ipv4.h index 2761582f..708e5c1f 100644 --- a/src/ipv4.h +++ b/src/ipv4.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #ifndef AF_INET #define AF_INET 2 #endif diff --git a/src/ipv6.h b/src/ipv6.h index 17bc5864..cfa6f239 100644 --- a/src/ipv6.h +++ b/src/ipv6.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #ifndef AF_INET6 #define AF_INET6 10 #endif diff --git a/src/linux/device.c b/src/linux/device.c index d782c764..3050fe2f 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -142,7 +142,7 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int inlen; + size_t inlen; switch(device_type) { case DEVICE_TYPE_TUN: diff --git a/src/logger.c b/src/logger.c index 21e04315..55616fba 100644 --- a/src/logger.c +++ b/src/logger.c @@ -28,8 +28,9 @@ #include "control_common.h" #include "process.h" #include "sptps.h" +#include "compression.h" -int debug_level = DEBUG_NOTHING; +debug_t debug_level = DEBUG_NOTHING; static logmode_t logmode = LOGMODE_STDERR; static pid_t logpid; static FILE *logfile = NULL; @@ -40,11 +41,11 @@ static const char *logident = NULL; bool logcontrol = false; // controlled by REQ_LOG int umbilical = 0; -static bool should_log(int level) { +static bool should_log(debug_t level) { return (level <= debug_level && logmode != LOGMODE_NULL) || logcontrol; } -static void real_logger(int level, int priority, const char *message) { +static void real_logger(debug_t level, int priority, const char *message) { char timestr[32] = ""; static bool suppress = false; @@ -85,6 +86,7 @@ static void real_logger(int level, int priority, const char *message) { break; case LOGMODE_NULL: + default: break; } @@ -105,13 +107,13 @@ static void real_logger(int level, int priority, const char *message) { logcontrol = true; - if(level > (c->outcompression >= 0 ? c->outcompression : debug_level)) { + if(level > (c->outcompression >= COMPRESS_NONE ? c->outcompression : debug_level)) { continue; } - int len = strlen(message); + size_t len = strlen(message); - if(send_request(c, "%d %d %d", CONTROL, REQ_LOG, len)) { + if(send_request(c, "%d %d %zu", CONTROL, REQ_LOG, len)) { send_meta(c, message, len); } } @@ -120,7 +122,7 @@ static void real_logger(int level, int priority, const char *message) { } } -void logger(int level, int priority, const char *format, ...) { +void logger(debug_t level, int priority, const char *format, ...) { va_list ap; char message[1024] = ""; @@ -207,6 +209,7 @@ void openlogger(const char *ident, logmode_t mode) { #endif case LOGMODE_NULL: + default: break; } @@ -254,6 +257,7 @@ void closelogger(void) { case LOGMODE_NULL: case LOGMODE_STDERR: + default: break; } } diff --git a/src/logger.h b/src/logger.h index 611fe387..66c32ab3 100644 --- a/src/logger.h +++ b/src/logger.h @@ -22,6 +22,7 @@ */ typedef enum debug_t { + DEBUG_UNSET = -1, /* Used by tinc as the default debug level. */ DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ DEBUG_ALWAYS = 0, DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ @@ -67,12 +68,12 @@ enum { #include -extern int debug_level; +extern debug_t debug_level; extern bool logcontrol; extern int umbilical; extern void openlogger(const char *ident, logmode_t mode); extern void reopenlogger(void); -extern void logger(int level, int priority, const char *format, ...) __attribute__((__format__(printf, 3, 4))); +extern void logger(debug_t level, int priority, const char *format, ...) __attribute__((__format__(printf, 3, 4))); extern void closelogger(void); #endif diff --git a/src/meta.c b/src/meta.c index 084c6a7f..afc98ab2 100644 --- a/src/meta.c +++ b/src/meta.c @@ -50,14 +50,14 @@ bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t leng return true; } -bool send_meta(connection_t *c, const char *buffer, size_t length) { +bool send_meta(connection_t *c, const void *buffer, size_t length) { if(!c) { logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!"); abort(); } - logger(DEBUG_META, LOG_DEBUG, "Sending %lu bytes of metadata to %s (%s)", (unsigned long)length, - c->name, c->hostname); + logger(DEBUG_META, LOG_DEBUG, "Sending %zu bytes of metadata to %s (%s)", + length, c->name, c->hostname); if(c->protocol_minor >= 2) { return sptps_send_record(&c->sptps, 0, buffer, length); @@ -94,14 +94,14 @@ bool send_meta(connection_t *c, const char *buffer, size_t length) { return true; } -void send_meta_raw(connection_t *c, const char *buffer, size_t length) { +void send_meta_raw(connection_t *c, const void *buffer, size_t length) { if(!c) { logger(DEBUG_ALWAYS, LOG_ERR, "send_meta() called with NULL pointer!"); abort(); } - logger(DEBUG_META, LOG_DEBUG, "Sending %lu bytes of raw metadata to %s (%s)", (unsigned long)length, - c->name, c->hostname); + logger(DEBUG_META, LOG_DEBUG, "Sending %zu bytes of raw metadata to %s (%s)", + length, c->name, c->hostname); buffer_add(&c->outbuf, buffer, length); @@ -227,7 +227,7 @@ bool receive_meta(connection_t *c) { } bufp += len; - inlen -= len; + inlen -= (ssize_t)len; continue; } diff --git a/src/meta.h b/src/meta.h index dcf2419b..1ad6e1f3 100644 --- a/src/meta.h +++ b/src/meta.h @@ -23,8 +23,8 @@ #include "connection.h" -extern bool send_meta(struct connection_t *c, const char *buffer, size_t length); -extern void send_meta_raw(struct connection_t *c, const char *buffer, size_t length); +extern bool send_meta(struct connection_t *c, const void *buffer, size_t length); +extern void send_meta_raw(struct connection_t *c, const void *buffer, size_t length); extern bool send_meta_sptps(void *handle, uint8_t type, const void *data, size_t length); extern bool receive_meta_sptps(void *handle, uint8_t type, const void *data, uint16_t length); extern void broadcast_meta(struct connection_t *from, const char *buffer, size_t length); diff --git a/src/multicast_device.c b/src/multicast_device.c index fbb9aeab..82f7fec0 100644 --- a/src/multicast_device.c +++ b/src/multicast_device.c @@ -179,7 +179,7 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int lenin; + ssize_t lenin; if((lenin = recv(device_fd, (void *)DATA(packet), MTU, 0)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, @@ -188,7 +188,7 @@ static bool read_packet(vpn_packet_t *packet) { } if(!memcmp(&ignore_src, DATA(packet) + 6, sizeof(ignore_src))) { - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Ignoring loopback packet of %d bytes from %s", lenin, device_info); + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Ignoring loopback packet of %zd bytes from %s", lenin, device_info); return false; } diff --git a/src/names.c b/src/names.c index 4f543c92..c9318faf 100644 --- a/src/names.c +++ b/src/names.c @@ -150,7 +150,7 @@ void make_names(bool daemon) { #endif if(!unixsocketname) { - int len = strlen(pidfilename); + size_t len = strlen(pidfilename); unixsocketname = xmalloc(len + 8); memcpy(unixsocketname, pidfilename, len); diff --git a/src/names.h b/src/names.h index f1096866..b3830e0d 100644 --- a/src/names.h +++ b/src/names.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + extern char *confdir; extern char *confbase; extern bool confbase_given; diff --git a/src/net.h b/src/net.h index 419f961f..28f8cb5e 100644 --- a/src/net.h +++ b/src/net.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #include "ipv6.h" #include "cipher.h" #include "digest.h" @@ -182,7 +184,7 @@ extern void handle_new_meta_connection(void *data, int flags); extern void handle_new_unix_connection(void *data, int flags); extern int setup_listen_socket(const sockaddr_t *sa); extern int setup_vpn_in_socket(const sockaddr_t *sa); -extern bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_t len); +extern bool send_sptps_data(struct node_t *to, struct node_t *from, int type, const void *data, size_t len); extern bool receive_sptps_record(void *handle, uint8_t type, const void *data, uint16_t len); extern void send_packet(struct node_t *n, vpn_packet_t *packet); extern void receive_tcppacket(struct connection_t *c, const char *buffer, size_t length); diff --git a/src/net_packet.c b/src/net_packet.c index f9907ee7..dab74e5d 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -41,6 +41,7 @@ #include "cipher.h" #include "conf.h" #include "connection.h" +#include "compression.h" #include "crypto.h" #include "digest.h" #include "device.h" @@ -166,7 +167,7 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { gettimeofday(&now, NULL); struct timeval rtt; timersub(&now, &n->udp_ping_sent, &rtt); - n->udp_ping_rtt = rtt.tv_sec * 1000000 + rtt.tv_usec; + n->udp_ping_rtt = (int)(rtt.tv_sec * 1000000 + rtt.tv_usec); n->status.ping_sent = false; logger(DEBUG_TRAFFIC, LOG_INFO, "Got type %d UDP probe reply %d from %s (%s) rtt=%d.%03d", DATA(packet)[0], len, n->name, n->hostname, n->udp_ping_rtt / 1000, n->udp_ping_rtt % 1000); } else { @@ -238,15 +239,15 @@ static length_t compress_packet_lz4(uint8_t *dest, const uint8_t *source, length #endif /* HAVE_LZ4 */ #ifdef HAVE_LZO -static length_t compress_packet_lzo(uint8_t *dest, const uint8_t *source, length_t len, int level) { - assert(level == 10 || level == 11); +static length_t compress_packet_lzo(uint8_t *dest, const uint8_t *source, length_t len, compression_level_t level) { + assert(level == COMPRESS_LZO_LO || level == COMPRESS_LZO_HI); lzo_uint lzolen = MAXSIZE; int result; - if(level == 11) { + if(level == COMPRESS_LZO_HI) { result = lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem); - } else { // level == 10 + } else { // level == COMPRESS_LZO_LO result = lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); } @@ -258,34 +259,34 @@ static length_t compress_packet_lzo(uint8_t *dest, const uint8_t *source, length } #endif -static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { +static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, compression_level_t level) { switch(level) { #ifdef HAVE_LZ4 - case 12: + case COMPRESS_LZ4: return compress_packet_lz4(dest, source, len); #endif #ifdef HAVE_LZO - case 11: - case 10: + case COMPRESS_LZO_HI: + case COMPRESS_LZO_LO: return compress_packet_lzo(dest, source, len, level); #endif #ifdef HAVE_ZLIB - case 9: - case 8: - case 7: - case 6: - case 5: - case 4: - case 3: - case 2: - case 1: { + case COMPRESS_ZLIB_9: + case COMPRESS_ZLIB_8: + case COMPRESS_ZLIB_7: + case COMPRESS_ZLIB_6: + case COMPRESS_ZLIB_5: + case COMPRESS_ZLIB_4: + case COMPRESS_ZLIB_3: + case COMPRESS_ZLIB_2: + case COMPRESS_ZLIB_1: { unsigned long dest_len = MAXSIZE; - if(compress2(dest, (unsigned long *) &dest_len, source, len, level) == Z_OK) { + if(compress2(dest, &dest_len, source, len, level) == Z_OK) { return dest_len; } else { return 0; @@ -294,7 +295,7 @@ static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t l #endif - case 0: + case COMPRESS_NONE: memcpy(dest, source, len); return len; @@ -303,21 +304,21 @@ static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t l } } -static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { +static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, compression_level_t level) { switch(level) { #ifdef HAVE_LZ4 - case 12: + case COMPRESS_LZ4: return LZ4_decompress_safe((char *)source, (char *) dest, len, MAXSIZE); #endif #ifdef HAVE_LZO - case 11: - case 10: { + case COMPRESS_LZO_HI: + case COMPRESS_LZO_LO: { lzo_uint dst_len = MAXSIZE; - if(lzo1x_decompress_safe(source, len, dest, (lzo_uint *) &dst_len, NULL) == LZO_E_OK) { + if(lzo1x_decompress_safe(source, len, dest, &dst_len, NULL) == LZO_E_OK) { return dst_len; } else { return 0; @@ -327,15 +328,15 @@ static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t #endif #ifdef HAVE_ZLIB - case 9: - case 8: - case 7: - case 6: - case 5: - case 4: - case 3: - case 2: - case 1: { + case COMPRESS_ZLIB_9: + case COMPRESS_ZLIB_8: + case COMPRESS_ZLIB_7: + case COMPRESS_ZLIB_6: + case COMPRESS_ZLIB_5: + case COMPRESS_ZLIB_4: + case COMPRESS_ZLIB_3: + case COMPRESS_ZLIB_2: + case COMPRESS_ZLIB_1: { unsigned long destlen = MAXSIZE; static z_stream stream; @@ -360,7 +361,7 @@ static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t #endif - case 0: + case COMPRESS_NONE: memcpy(dest, source, len); return len; @@ -534,7 +535,7 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { length_t origlen = inpkt->len; - if(n->incompression) { + if(n->incompression != COMPRESS_NONE) { vpn_packet_t *outpkt = pkt[nextpkt++]; if(!(outpkt->len = uncompress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->incompression))) { @@ -665,7 +666,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { int offset = 0; if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) { - sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len); + sptps_send_record(&n->sptps, PKT_PROBE, DATA(origpkt), origpkt->len); return; } @@ -681,7 +682,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { vpn_packet_t outpkt; - if(n->outcompression) { + if(n->outcompression != COMPRESS_NONE) { outpkt.offset = 0; length_t len = compress_packet(DATA(&outpkt) + offset, DATA(origpkt) + offset, origpkt->len - offset, n->outcompression); @@ -703,11 +704,9 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { } else { sptps_send_record(&n->sptps, type, DATA(origpkt) + offset, origpkt->len - offset); } - - return; } -static void adapt_socket(const sockaddr_t *sa, int *sock) { +static void adapt_socket(const sockaddr_t *sa, size_t *sock) { /* Make sure we have a suitable socket for the chosen address */ if(listen_socket[*sock].sa.sa.sa_family != sa->sa.sa_family) { for(int i = 0; i < listen_sockets; i++) { @@ -719,7 +718,7 @@ static void adapt_socket(const sockaddr_t *sa, int *sock) { } } -static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock) { +static void choose_udp_address(const node_t *n, const sockaddr_t **sa, size_t *sock) { /* Latest guess */ *sa = &n->address; *sock = n->sock; @@ -743,8 +742,8 @@ static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock /* Otherwise, address are found in edges to this node. So we pick a random edge and a random socket. */ - int i = 0; - int j = rand() % n->edge_tree->count; + unsigned int i = 0; + unsigned int j = rand() % n->edge_tree->count; edge_t *candidate = NULL; for splay_each(edge_t, e, n->edge_tree) { @@ -762,13 +761,13 @@ static void choose_udp_address(const node_t *n, const sockaddr_t **sa, int *sock adapt_socket(*sa, sock); } -static void choose_local_address(const node_t *n, const sockaddr_t **sa, int *sock) { +static void choose_local_address(const node_t *n, const sockaddr_t **sa, size_t *sock) { *sa = NULL; /* Pick one of the edges from this node at random, then use its local address. */ - int i = 0; - int j = rand() % n->edge_tree->count; + unsigned int i = 0; + unsigned int j = rand() % n->edge_tree->count; edge_t *candidate = NULL; for splay_each(edge_t, e, n->edge_tree) { @@ -837,7 +836,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Compress the packet */ - if(n->outcompression) { + if(n->outcompression != COMPRESS_NONE) { outpkt = pkt[nextpkt++]; if(!(outpkt->len = compress_packet(DATA(outpkt), DATA(inpkt), inpkt->len, n->outcompression))) { @@ -884,7 +883,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) { /* Send the packet */ const sockaddr_t *sa = NULL; - int sock; + size_t sock; if(n->status.send_locally) { choose_local_address(n, &sa, &sock); @@ -957,8 +956,8 @@ bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_ if(type == SPTPS_HANDSHAKE || tcponly || (!direct && !relay_supported) || (type != PKT_PROBE && (len - SPTPS_DATAGRAM_OVERHEAD) > relay->minmtu)) { if(type != SPTPS_HANDSHAKE && (to->nexthop->connection->options >> 24) >= 7) { - char buf[len + sizeof(to->id) + sizeof(from->id)]; - char *buf_ptr = buf; + uint8_t buf[len + sizeof(to->id) + sizeof(from->id)]; + uint8_t *buf_ptr = buf; memcpy(buf_ptr, &to->id, sizeof(to->id)); buf_ptr += sizeof(to->id); memcpy(buf_ptr, &from->id, sizeof(from->id)); @@ -988,8 +987,8 @@ bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_ overhead += sizeof(to->id) + sizeof(from->id); } - char buf[len + overhead]; - char *buf_ptr = buf; + uint8_t buf[len + overhead]; + uint8_t *buf_ptr = buf; if(relay_supported) { if(direct) { @@ -1012,7 +1011,7 @@ bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_ buf_ptr += len; const sockaddr_t *sa = NULL; - int sock; + size_t sock; if(relay->status.send_locally) { choose_local_address(relay, &sa, &sock); @@ -1168,11 +1167,11 @@ static void try_sptps(node_t *n) { return; } -static void send_udp_probe_packet(node_t *n, int len) { +static void send_udp_probe_packet(node_t *n, size_t len) { vpn_packet_t packet; if(len > sizeof(packet.data)) { - logger(DEBUG_TRAFFIC, LOG_INFO, "Truncating probe length %d to %s (%s)", len, n->name, n->hostname); + logger(DEBUG_TRAFFIC, LOG_INFO, "Truncating probe length %zu to %s (%s)", len, n->name, n->hostname); len = sizeof(packet.data); } @@ -1182,7 +1181,7 @@ static void send_udp_probe_packet(node_t *n, int len) { packet.len = len; packet.priority = 0; - logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %d to %s (%s)", len, n->name, n->hostname); + logger(DEBUG_TRAFFIC, LOG_INFO, "Sending UDP probe length %zu to %s (%s)", len, n->name, n->hostname); send_udppacket(n, &packet); } @@ -1221,7 +1220,9 @@ static void try_udp(node_t *n) { struct timeval ping_tx_elapsed; timersub(&now, &n->udp_ping_sent, &ping_tx_elapsed); - int interval = n->status.udp_confirmed ? udp_discovery_keepalive_interval : udp_discovery_interval; + int interval = n->status.udp_confirmed + ? udp_discovery_keepalive_interval + : udp_discovery_interval; if(ping_tx_elapsed.tv_sec >= interval) { gettimeofday(&now, NULL); @@ -1243,7 +1244,7 @@ static length_t choose_initial_maxmtu(node_t *n) { int sock = -1; const sockaddr_t *sa = NULL; - int sockindex; + size_t sockindex; choose_udp_address(n, &sa, &sockindex); if(!sa) { @@ -1412,11 +1413,11 @@ static void try_mtu(node_t *n) { This fine-tuning is only valid for maxmtu = MTU; if maxmtu is smaller, then it's better to use a multiplier of 1. Indeed, this leads to an interesting scenario if choose_initial_maxmtu() returns the actual MTU value - it will get confirmed with one single probe. */ - const float multiplier = (n->maxmtu == MTU) ? 0.97 : 1; + const float multiplier = (n->maxmtu == MTU) ? 0.97f : 1.0f; - const float cycle_position = probes_per_cycle - (n->mtuprobes % probes_per_cycle) - 1; + const float cycle_position = (float) probes_per_cycle - (float)(n->mtuprobes % probes_per_cycle) - 1.0f; const length_t minmtu = MAX(n->minmtu, 512); - const float interval = n->maxmtu - minmtu; + const float interval = (float)(n->maxmtu - minmtu); length_t offset = 0; @@ -1429,7 +1430,7 @@ static void try_mtu(node_t *n) { on the precise MTU as we are approaching it. The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one reply per cycle so that we can make progress. */ - offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1)); + offset = (length_t) powf(interval, multiplier * cycle_position / ((float) probes_per_cycle - 1.0f)); } length_t maxmtu = n->maxmtu; @@ -1830,7 +1831,7 @@ void handle_incoming_vpn_data(void *data, int flags) { #ifdef HAVE_RECVMMSG #define MAX_MSG 64 - static int num = MAX_MSG; + static ssize_t num = MAX_MSG; static vpn_packet_t pkt[MAX_MSG]; static sockaddr_t addr[MAX_MSG]; static struct mmsghdr msg[MAX_MSG]; @@ -1878,7 +1879,7 @@ void handle_incoming_vpn_data(void *data, int flags) { socklen_t addrlen = sizeof(addr); pkt.offset = 0; - int len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen); + ssize_t len = recvfrom(ls->udp.fd, (void *)DATA(&pkt), MAXSIZE, 0, &addr.sa, &addrlen); if(len <= 0 || (size_t)len > MAXSIZE) { if(!sockwouldblock(sockerrno)) { diff --git a/src/net_setup.c b/src/net_setup.c index f3a4bcca..c2e0825e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -26,6 +26,7 @@ #include "conf_net.h" #include "conf.h" #include "connection.h" +#include "compression.h" #include "control.h" #include "device.h" #include "digest.h" @@ -859,10 +860,9 @@ static bool setup_myself(void) { #endif /* Compression */ - if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) { switch(myself->incompression) { - case 12: + case COMPRESS_LZ4: #ifdef HAVE_LZ4 break; #else @@ -871,8 +871,8 @@ static bool setup_myself(void) { return false; #endif - case 11: - case 10: + case COMPRESS_LZO_HI: + case COMPRESS_LZO_LO: #ifdef HAVE_LZO break; #else @@ -881,15 +881,15 @@ static bool setup_myself(void) { return false; #endif - case 9: - case 8: - case 7: - case 6: - case 5: - case 4: - case 3: - case 2: - case 1: + case COMPRESS_ZLIB_9: + case COMPRESS_ZLIB_8: + case COMPRESS_ZLIB_7: + case COMPRESS_ZLIB_6: + case COMPRESS_ZLIB_5: + case COMPRESS_ZLIB_4: + case COMPRESS_ZLIB_3: + case COMPRESS_ZLIB_2: + case COMPRESS_ZLIB_1: #ifdef HAVE_ZLIB break; #else @@ -898,7 +898,7 @@ static bool setup_myself(void) { return false; #endif - case 0: + case COMPRESS_NONE: break; default: @@ -907,10 +907,10 @@ static bool setup_myself(void) { return false; } } else { - myself->incompression = 0; + myself->incompression = COMPRESS_NONE; } - myself->connection->outcompression = 0; + myself->connection->outcompression = COMPRESS_NONE; /* Done */ diff --git a/src/net_socket.c b/src/net_socket.c index 24a9804e..40671db0 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -704,8 +704,8 @@ void handle_new_meta_connection(void *data, int flags) { static sockaddr_t prev_sa; if(!sockaddrcmp_noport(&sa, &prev_sa)) { - static int samehost_burst; - static int samehost_burst_time; + static time_t samehost_burst; + static time_t samehost_burst_time; if(now.tv_sec - samehost_burst_time > samehost_burst) { samehost_burst = 0; @@ -726,8 +726,8 @@ void handle_new_meta_connection(void *data, int flags) { // Check if we get many connections from different hosts - static int connection_burst; - static int connection_burst_time; + static time_t connection_burst; + static time_t connection_burst_time; if(now.tv_sec - connection_burst_time > connection_burst) { connection_burst = 0; diff --git a/src/node.c b/src/node.c index 78c9a9fa..b9897e89 100644 --- a/src/node.c +++ b/src/node.c @@ -203,12 +203,12 @@ bool dump_nodes(connection_t *c) { } id[sizeof(id) - 1] = 0; - send_request(c, "%d %d %s %s %s %d %d %d %d %x %x %s %s %d %d %d %d %ld %d %"PRIu64" %"PRIu64" %"PRIu64" %"PRIu64, CONTROL, REQ_DUMP_NODES, + send_request(c, "%d %d %s %s %s %d %d %zu %d %x %x %s %s %d %d %d %d %ld %d %"PRIu64" %"PRIu64" %"PRIu64" %"PRIu64, CONTROL, REQ_DUMP_NODES, n->name, id, n->hostname ? n->hostname : "unknown port unknown", #ifdef DISABLE_LEGACY - 0, 0, 0, + 0, 0, 0UL, #else - cipher_get_nid(n->outcipher), digest_get_nid(n->outdigest), (int)digest_length(n->outdigest), + cipher_get_nid(n->outcipher), digest_get_nid(n->outdigest), digest_length(n->outdigest), #endif n->outcompression, n->options, bitfield_to_int(&n->status, sizeof(n->status)), n->nexthop ? n->nexthop->name : "-", n->via && n->via->name ? n->via->name : "-", n->distance, diff --git a/src/node.h b/src/node.h index fc872d31..edb3408b 100644 --- a/src/node.h +++ b/src/node.h @@ -29,20 +29,20 @@ #include "subnet.h" typedef struct node_status_t { - unsigned int unused_active: 1; /* 1 if active (not used for nodes) */ - unsigned int validkey: 1; /* 1 if we currently have a valid key for him */ - unsigned int waitingforkey: 1; /* 1 if we already sent out a request */ - unsigned int visited: 1; /* 1 if this node has been visited by one of the graph algorithms */ - unsigned int reachable: 1; /* 1 if this node is reachable in the graph */ - unsigned int indirect: 1; /* 1 if this node is not directly reachable by us */ - unsigned int sptps: 1; /* 1 if this node supports SPTPS */ - unsigned int udp_confirmed: 1; /* 1 if the address is one that we received UDP traffic on */ - unsigned int send_locally: 1; /* 1 if the next UDP packet should be sent on the local network */ - unsigned int udppacket: 1; /* 1 if the most recently received packet was UDP */ - unsigned int validkey_in: 1; /* 1 if we have sent a valid key to him */ - unsigned int has_address: 1; /* 1 if we know an external address for this node */ - unsigned int ping_sent: 1; /* 1 if we sent a UDP probe but haven't received the reply yet */ - unsigned int unused: 19; + bool unused_active: 1; /* 1 if active (not used for nodes) */ + bool validkey: 1; /* 1 if we currently have a valid key for him */ + bool waitingforkey: 1; /* 1 if we already sent out a request */ + bool visited: 1; /* 1 if this node has been visited by one of the graph algorithms */ + bool reachable: 1; /* 1 if this node is reachable in the graph */ + bool indirect: 1; /* 1 if this node is not directly reachable by us */ + bool sptps: 1; /* 1 if this node supports SPTPS */ + bool udp_confirmed: 1; /* 1 if the address is one that we received UDP traffic on */ + bool send_locally: 1; /* 1 if the next UDP packet should be sent on the local network */ + bool udppacket: 1; /* 1 if the most recently received packet was UDP */ + bool validkey_in: 1; /* 1 if we have sent a valid key to him */ + bool has_address: 1; /* 1 if we know an external address for this node */ + bool ping_sent: 1; /* 1 if we sent a UDP probe but haven't received the reply yet */ + uint32_t unused: 19; } node_status_t; typedef struct node_t { @@ -51,7 +51,7 @@ typedef struct node_t { node_id_t id; /* unique node ID (name hash) */ uint32_t options; /* options turned on for this node */ - int sock; /* Socket to use for outgoing UDP packets */ + size_t sock; /* Socket to use for outgoing UDP packets */ sockaddr_t address; /* his real (internet) ip to send UDP packets to */ node_status_t status; @@ -87,7 +87,7 @@ typedef struct node_t { uint32_t received_seqno; /* Sequence number last received from this node */ uint32_t received; /* Total valid packets received from this node */ uint32_t farfuture; /* Packets in a row that have arrived from the far future */ - unsigned char *late; /* Bitfield marking late packets */ + uint8_t *late; /* Bitfield marking late packets */ struct timeval udp_reply_sent; /* Last time a (gratuitous) UDP probe reply was sent */ struct timeval udp_ping_sent; /* Last time a UDP probe was sent */ diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c index 73c49163..424fac27 100644 --- a/src/nolegacy/crypto.c +++ b/src/nolegacy/crypto.c @@ -43,7 +43,7 @@ static void random_exit(void) { } void randomize(void *vout, size_t outlen) { - char *out = vout; + uint8_t *out = vout; while(outlen) { ssize_t len = read(random_fd, out, outlen); diff --git a/src/nolegacy/prf.c b/src/nolegacy/prf.c index ce80f8cf..1e5bb9f9 100644 --- a/src/nolegacy/prf.c +++ b/src/nolegacy/prf.c @@ -22,7 +22,7 @@ #include "../prf.h" #include "../ed25519/sha512.h" -static void memxor(char *buf, char c, size_t len) { +static void memxor(uint8_t *buf, uint8_t c, size_t len) { for(size_t i = 0; i < len; i++) { buf[i] ^= c; } @@ -31,8 +31,8 @@ static void memxor(char *buf, char c, size_t len) { static const size_t mdlen = 64; static const size_t blklen = 128; -static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) { - char tmp[blklen + mdlen]; +static bool hmac_sha512(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *out) { + uint8_t tmp[blklen + mdlen]; sha512_context md; if(keylen <= blklen) { @@ -81,16 +81,16 @@ static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t We use SHA512 instead of MD5 and SHA1. */ -bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) { +bool prf(const uint8_t *secret, size_t secretlen, uint8_t *seed, size_t seedlen, uint8_t *out, size_t outlen) { /* Data is what the "inner" HMAC function processes. It consists of the previous HMAC result plus the seed. */ - char data[mdlen + seedlen]; + uint8_t data[mdlen + seedlen]; memset(data, 0, mdlen); memcpy(data + mdlen, seed, seedlen); - char hash[mdlen]; + uint8_t hash[mdlen]; while(outlen > 0) { /* Inner HMAC */ diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c index 974fbeb2..45d101df 100644 --- a/src/openssl/cipher.c +++ b/src/openssl/cipher.c @@ -149,7 +149,7 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou int len, pad; if(EVP_EncryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL) - && EVP_EncryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) + && EVP_EncryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, (int)inlen) && EVP_EncryptFinal_ex(cipher->ctx, (unsigned char *)outdata + len, &pad)) { if(outlen) { *outlen = len + pad; @@ -160,7 +160,7 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou } else { int len; - if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) { + if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, (int)inlen)) { if(outlen) { *outlen = len; } @@ -178,7 +178,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou int len, pad; if(EVP_DecryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL) - && EVP_DecryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) + && EVP_DecryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, (int)inlen) && EVP_DecryptFinal_ex(cipher->ctx, (unsigned char *)outdata + len, &pad)) { if(outlen) { *outlen = len + pad; @@ -189,7 +189,7 @@ bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou } else { int len; - if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) { + if(EVP_DecryptUpdate(cipher->ctx, outdata, &len, indata, (int)inlen)) { if(outlen) { *outlen = len; } diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index bf9fe08a..7cfdbbaf 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -46,7 +46,7 @@ static void random_exit(void) { } void randomize(void *vout, size_t outlen) { - char *out = vout; + uint8_t *out = vout; while(outlen) { ssize_t len = read(random_fd, out, outlen); diff --git a/src/openssl/digest.c b/src/openssl/digest.c index 20e45b64..82364e71 100644 --- a/src/openssl/digest.c +++ b/src/openssl/digest.c @@ -27,13 +27,13 @@ #include "../digest.h" #include "../logger.h" -static digest_t *digest_open(const EVP_MD *evp_md, int maclength) { +static digest_t *digest_open(const EVP_MD *evp_md, size_t maclength) { digest_t *digest = xzalloc(sizeof(*digest)); digest->digest = evp_md; - int digestlen = EVP_MD_size(digest->digest); + size_t digestlen = EVP_MD_size(digest->digest); - if(maclength > digestlen || maclength < 0) { + if(maclength == DIGEST_ALGO_SIZE || maclength > digestlen) { digest->maclength = digestlen; } else { digest->maclength = maclength; @@ -42,7 +42,7 @@ static digest_t *digest_open(const EVP_MD *evp_md, int maclength) { return digest; } -digest_t *digest_open_by_name(const char *name, int maclength) { +digest_t *digest_open_by_name(const char *name, size_t maclength) { const EVP_MD *evp_md = EVP_get_digestbyname(name); if(!evp_md) { @@ -53,7 +53,7 @@ digest_t *digest_open_by_name(const char *name, int maclength) { return digest_open(evp_md, maclength); } -digest_t *digest_open_by_nid(int nid, int maclength) { +digest_t *digest_open_by_nid(int nid, size_t maclength) { const EVP_MD *evp_md = EVP_get_digestbynid(nid); if(!evp_md) { @@ -66,7 +66,7 @@ digest_t *digest_open_by_nid(int nid, int maclength) { bool digest_set_key(digest_t *digest, const void *key, size_t len) { digest->hmac_ctx = HMAC_CTX_new(); - HMAC_Init_ex(digest->hmac_ctx, key, len, digest->digest, NULL); + HMAC_Init_ex(digest->hmac_ctx, key, (int)len, digest->digest, NULL); if(!digest->hmac_ctx) { abort(); diff --git a/src/openssl/digest.h b/src/openssl/digest.h index 420b11e0..35153532 100644 --- a/src/openssl/digest.h +++ b/src/openssl/digest.h @@ -27,7 +27,7 @@ struct digest { const EVP_MD *digest; HMAC_CTX *hmac_ctx; EVP_MD_CTX *md_ctx; - int maclength; + size_t maclength; }; #endif diff --git a/src/openssl/prf.c b/src/openssl/prf.c index f1f3d172..62770859 100644 --- a/src/openssl/prf.c +++ b/src/openssl/prf.c @@ -29,8 +29,8 @@ We use SHA512 instead of MD5 and SHA1. */ -static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) { - digest_t *digest = digest_open_by_nid(nid, -1); +static bool prf_xor(int nid, const uint8_t *secret, size_t secretlen, uint8_t *seed, size_t seedlen, uint8_t *out, size_t outlen) { + digest_t *digest = digest_open_by_nid(nid, DIGEST_ALGO_SIZE); if(!digest) { return false; @@ -51,7 +51,7 @@ static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, s memset(data, 0, len); memcpy(data + len, seed, seedlen); - char hash[len]; + uint8_t hash[len]; while(outlen > 0) { /* Inner HMAC */ @@ -80,7 +80,7 @@ static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, s return true; } -bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) { +bool prf(const uint8_t *secret, size_t secretlen, uint8_t *seed, size_t seedlen, uint8_t *out, size_t outlen) { /* This construction allows us to easily switch back to a scheme where the PRF is calculated using two different digest algorithms. */ memset(out, 0, outlen); diff --git a/src/openssl/rsa.c b/src/openssl/rsa.c index 5d3fe062..e7428add 100644 --- a/src/openssl/rsa.c +++ b/src/openssl/rsa.c @@ -107,7 +107,7 @@ size_t rsa_size(const rsa_t *rsa) { } bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) { - if((size_t)RSA_public_encrypt(len, in, out, rsa, RSA_NO_PADDING) == len) { + if((size_t)RSA_public_encrypt((int) len, in, out, rsa, RSA_NO_PADDING) == len) { return true; } @@ -116,7 +116,7 @@ bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) { } bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) { - if((size_t)RSA_private_decrypt(len, in, out, rsa, RSA_NO_PADDING) == len) { + if((size_t)RSA_private_decrypt((int) len, in, out, rsa, RSA_NO_PADDING) == len) { return true; } diff --git a/src/openssl/rsagen.c b/src/openssl/rsagen.c index 3dd34e23..277df231 100644 --- a/src/openssl/rsagen.c +++ b/src/openssl/rsagen.c @@ -81,7 +81,7 @@ rsa_t *rsa_generate(size_t bits, unsigned long exponent) { BN_set_word(bn_e, exponent); BN_GENCB_set(cb, indicator, NULL); - int result = RSA_generate_key_ex(rsa, bits, bn_e, cb); + int result = RSA_generate_key_ex(rsa, (int) bits, bn_e, cb); BN_GENCB_free(cb); BN_free(bn_e); diff --git a/src/prf.h b/src/prf.h index 9e649890..7e5e4e6d 100644 --- a/src/prf.h +++ b/src/prf.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -extern bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) __attribute__((__warn_unused_result__)); +#include "system.h" + +extern bool prf(const uint8_t *secret, size_t secretlen, uint8_t *seed, size_t seedlen, uint8_t *out, size_t outlen) __attribute__((__warn_unused_result__)); #endif diff --git a/src/process.h b/src/process.h index 5726df2c..5849752c 100644 --- a/src/process.h +++ b/src/process.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + extern bool do_detach; extern bool detach(void); diff --git a/src/protocol.c b/src/protocol.c index 3a0ae1d7..ed34f523 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -103,7 +103,7 @@ void forward_request(connection_t *from, const char *request) { logger(DEBUG_META, LOG_DEBUG, "Forwarding %s from %s (%s): %s", request_name[atoi(request)], from->name, from->hostname, request); // Create a temporary newline-terminated copy of the request - int len = strlen(request); + size_t len = strlen(request); char tmp[len + 1]; memcpy(tmp, request, len); tmp[len] = '\n'; diff --git a/src/protocol.h b/src/protocol.h index 42981cca..4ea0c8c7 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -107,7 +107,7 @@ extern void send_key_changed(void); extern bool send_req_key(struct node_t *to); extern bool send_ans_key(struct node_t *to); extern bool send_tcppacket(struct connection_t *c, const struct vpn_packet_t *packet); -extern bool send_sptps_tcppacket(struct connection_t *c, const char *packet, int len); +extern bool send_sptps_tcppacket(struct connection_t *c, const void *packet, size_t len); extern bool send_udp_info(struct node_t *from, struct node_t *to); extern bool send_mtu_info(struct node_t *from, struct node_t *to, int mtu); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index a40c87f3..e16fe4fc 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -68,7 +68,7 @@ static bool send_proxyrequest(connection_t *c) { return false; } - char s4req[9 + (proxyuser ? strlen(proxyuser) : 0)]; + uint8_t s4req[9 + (proxyuser ? strlen(proxyuser) : 0)]; s4req[0] = 4; s4req[1] = 1; memcpy(s4req + 2, &c->address.in.sin_port, 2); @@ -84,15 +84,15 @@ static bool send_proxyrequest(connection_t *c) { } case PROXY_SOCKS5: { - int len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16); + size_t len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16); c->tcplen = 2; if(proxypass) { len += 3 + strlen(proxyuser) + strlen(proxypass); } - char s5req[len]; - int i = 0; + uint8_t s5req[len]; + size_t i = 0; s5req[i++] = 5; s5req[i++] = 1; @@ -508,7 +508,7 @@ bool send_metakey(connection_t *c) { by Cipher. */ - int keylen = cipher_keylength(myself->incipher); + size_t keylen = cipher_keylength(myself->incipher); if(keylen <= 16) { c->outcipher = cipher_open_by_name("aes-128-cfb"); @@ -518,13 +518,9 @@ bool send_metakey(connection_t *c) { c->outcipher = cipher_open_by_name("aes-256-cfb"); } - if(!c) { - return false; - } - c->outbudget = cipher_budget(c->outcipher); - if(!(c->outdigest = digest_open_by_name("sha256", -1))) { + if(!(c->outdigest = digest_open_by_name("sha256", DIGEST_ALGO_SIZE))) { return false; } @@ -639,7 +635,7 @@ bool metakey_h(connection_t *c, const char *request) { c->inbudget = cipher_budget(c->incipher); if(digest) { - if(!(c->indigest = digest_open_by_nid(digest, -1))) { + if(!(c->indigest = digest_open_by_nid(digest, DIGEST_ALGO_SIZE))) { logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname); return false; } @@ -845,7 +841,7 @@ bool send_ack(connection_t *c) { /* Estimate weight */ gettimeofday(&now, NULL); - c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; + c->estimated_weight = (int)((now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000); /* Check some options */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 77b829b3..29fe5090 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -31,6 +31,7 @@ #include "route.h" #include "sptps.h" #include "utils.h" +#include "compression.h" void send_key_changed(void) { #ifndef DISABLE_LEGACY @@ -145,7 +146,7 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, no /* This is a SPTPS data packet. */ char buf[MAX_STRING_SIZE]; - int len; + size_t len; if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s) to %s (%s): %s", "SPTPS_PACKET", from->name, from->hostname, to->name, to->hostname, "invalid SPTPS data"); @@ -355,7 +356,8 @@ bool send_ans_key(node_t *to) { } if(myself->indigest) { - to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest)); + to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), + digest_length(myself->indigest)); if(!to->indigest) { abort(); @@ -380,11 +382,11 @@ bool send_ans_key(node_t *to) { to->status.validkey_in = true; - return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, + return send_request(to->nexthop->connection, "%d %s %s %s %d %d %zu %d", ANS_KEY, myself->name, to->name, key, cipher_get_nid(to->incipher), digest_get_nid(to->indigest), - (int)digest_length(to->indigest), + digest_length(to->indigest), to->incompression); #endif } @@ -395,10 +397,12 @@ bool ans_key_h(connection_t *c, const char *request) { char key[MAX_STRING_SIZE]; char address[MAX_STRING_SIZE] = ""; char port[MAX_STRING_SIZE] = ""; - int cipher, digest, maclength, compression; + int cipher, digest; + size_t maclength; + int compression; node_t *from, *to; - if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING, + if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %zu %d "MAX_STRING" "MAX_STRING, from_name, to_name, key, &cipher, &digest, &maclength, &compression, address, port) < 7) { logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name, @@ -464,7 +468,7 @@ bool ans_key_h(connection_t *c, const char *request) { } switch(compression) { - case 12: + case COMPRESS_LZ4: #ifdef HAVE_LZ4 break; #else @@ -473,8 +477,8 @@ bool ans_key_h(connection_t *c, const char *request) { return true; #endif - case 11: - case 10: + case COMPRESS_LZO_HI: + case COMPRESS_LZO_LO: #ifdef HAVE_LZO break; #else @@ -483,15 +487,15 @@ bool ans_key_h(connection_t *c, const char *request) { return true; #endif - case 9: - case 8: - case 7: - case 6: - case 5: - case 4: - case 3: - case 2: - case 1: + case COMPRESS_ZLIB_9: + case COMPRESS_ZLIB_8: + case COMPRESS_ZLIB_7: + case COMPRESS_ZLIB_6: + case COMPRESS_ZLIB_5: + case COMPRESS_ZLIB_4: + case COMPRESS_ZLIB_3: + case COMPRESS_ZLIB_2: + case COMPRESS_ZLIB_1: #ifdef HAVE_ZLIB break; #else @@ -500,7 +504,7 @@ bool ans_key_h(connection_t *c, const char *request) { return true; #endif - case 0: + case COMPRESS_NONE: break; default: @@ -514,7 +518,7 @@ bool ans_key_h(connection_t *c, const char *request) { /* SPTPS or old-style key exchange? */ if(from->status.sptps) { - char buf[strlen(key)]; + uint8_t buf[strlen(key)]; size_t len = b64decode(key, buf, strlen(key)); if(!len || !sptps_receive_data(&from->sptps, buf, len)) { @@ -568,7 +572,7 @@ bool ans_key_h(connection_t *c, const char *request) { from->outdigest = NULL; } - if((size_t)maclength != digest_length(from->outdigest)) { + if(maclength != digest_length(from->outdigest)) { logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname); return false; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 27125da8..7994f00d 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -91,7 +91,7 @@ bool send_tcppacket(connection_t *c, const vpn_packet_t *packet) { return false; } - return send_meta(c, (char *)DATA(packet), packet->len); + return send_meta(c, DATA(packet), packet->len); } bool tcppacket_h(connection_t *c, const char *request) { @@ -110,7 +110,7 @@ bool tcppacket_h(connection_t *c, const char *request) { return true; } -bool send_sptps_tcppacket(connection_t *c, const char *packet, int len) { +bool send_sptps_tcppacket(connection_t *c, const void *packet, size_t len) { /* If there already is a lot of data in the outbuf buffer, discard this packet. We use a very simple Random Early Drop algorithm. */ @@ -118,7 +118,7 @@ bool send_sptps_tcppacket(connection_t *c, const char *packet, int len) { return true; } - if(!send_request(c, "%d %d", SPTPS_PACKET, len)) { + if(!send_request(c, "%d %zu", SPTPS_PACKET, len)) { return false; } diff --git a/src/raw_socket_device.c b/src/raw_socket_device.c index 30f8b3cc..4dd18e2b 100644 --- a/src/raw_socket_device.c +++ b/src/raw_socket_device.c @@ -94,7 +94,7 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int inlen; + ssize_t inlen; if((inlen = read(device_fd, DATA(packet), MTU)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, diff --git a/src/route.c b/src/route.c index aa5634c0..e11a7922 100644 --- a/src/route.c +++ b/src/route.c @@ -587,7 +587,7 @@ static void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet, length_t et todo = ntohs(ip.ip_len) - ip_size; if(ether_size + ip_size + todo != packet->len) { - logger(DEBUG_TRAFFIC, LOG_WARNING, "Length of packet (%d) doesn't match length in IPv4 header (%d)", packet->len, (int)(ether_size + ip_size + todo)); + logger(DEBUG_TRAFFIC, LOG_WARNING, "Length of packet (%d) doesn't match length in IPv4 header (%zu)", packet->len, ether_size + ip_size + todo); return; } @@ -1124,7 +1124,7 @@ static void send_pcap(vpn_packet_t *packet) { } if(send_request(c, "%d %d %d", CONTROL, REQ_PCAP, len)) { - send_meta(c, (char *)DATA(packet), len); + send_meta(c, DATA(packet), len); } } } diff --git a/src/rsa.h b/src/rsa.h index 9db9a8f6..4410d5c2 100644 --- a/src/rsa.h +++ b/src/rsa.h @@ -20,6 +20,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + #ifndef TINC_RSA_INTERNAL typedef struct rsa rsa_t; #endif diff --git a/src/script.c b/src/script.c index e465ab7b..1336ff37 100644 --- a/src/script.c +++ b/src/script.c @@ -35,7 +35,7 @@ static void unputenv(const char *p) { return; } - int len = e - p; + ptrdiff_t len = e - p; #ifndef HAVE_UNSETENV #ifdef HAVE_MINGW // Windows requires putenv("FOO=") to unset %FOO% diff --git a/src/script.h b/src/script.h index dfad55b8..381f9523 100644 --- a/src/script.h +++ b/src/script.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + typedef struct environment { int n; int size; diff --git a/src/solaris/device.c b/src/solaris/device.c index f27954b1..d1e114ae 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -104,7 +104,7 @@ static bool setup_device(void) { char *ptr = device; get_config_string(lookup_config(config_tree, "Interface"), &ptr); - while(*ptr && !isdigit(*ptr)) { + while(*ptr && !isdigit((uint8_t) *ptr)) { ptr++; } diff --git a/src/sptps.c b/src/sptps.c index 6ad1c8d6..38ff16cc 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -205,7 +205,7 @@ static bool send_sig(sptps_t *s) { } // Generate key material from the shared secret created from the ECDHE key exchange. -static bool generate_key_material(sptps_t *s, const char *shared, size_t len) { +static bool generate_key_material(sptps_t *s, const uint8_t *shared, size_t len) { // Initialise cipher and digest structures if necessary if(!s->outstate) { s->incipher = chacha_poly1305_init(); @@ -226,7 +226,7 @@ static bool generate_key_material(sptps_t *s, const char *shared, size_t len) { } // Create the HMAC seed, which is "key expansion" + session label + server nonce + client nonce - char seed[s->labellen + 64 + 13]; + uint8_t seed[s->labellen + 64 + 13]; memcpy(seed, "key expansion", 13); if(s->initiator) { @@ -330,7 +330,7 @@ static bool receive_sig(sptps_t *s, const uint8_t *data, uint16_t len) { } // Compute shared secret. - char shared[ECDH_SHARED_SIZE]; + uint8_t shared[ECDH_SHARED_SIZE]; if(!ecdh_compute_shared(s->ecdh, s->hiskex + 1 + 32, shared)) { return error(s, EINVAL, "Failed to compute ECDH shared secret"); @@ -513,7 +513,7 @@ bool sptps_verify_datagram(sptps_t *s, const void *vdata, size_t len) { return error(s, EIO, "Received short packet"); } - const char *data = vdata; + const uint8_t *data = vdata; uint32_t seqno; memcpy(&seqno, data, 4); seqno = ntohl(seqno); @@ -522,7 +522,7 @@ bool sptps_verify_datagram(sptps_t *s, const void *vdata, size_t len) { return false; } - char buffer[len]; + uint8_t buffer[len]; size_t outlen; return chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen); } diff --git a/src/sptps.h b/src/sptps.h index 1da0af8a..96edc366 100644 --- a/src/sptps.h +++ b/src/sptps.h @@ -33,22 +33,24 @@ #define SPTPS_ALERT 129 // Warning or error messages #define SPTPS_CLOSE 130 // Application closed the connection -// Key exchange states -#define SPTPS_KEX 1 // Waiting for the first Key EXchange record -#define SPTPS_SECONDARY_KEX 2 // Ready to receive a secondary Key EXchange record -#define SPTPS_SIG 3 // Waiting for a SIGnature record -#define SPTPS_ACK 4 // Waiting for an ACKnowledgement record - // Overhead for datagrams #define SPTPS_DATAGRAM_OVERHEAD 21 typedef bool (*send_data_t)(void *handle, uint8_t type, const void *data, size_t len); typedef bool (*receive_record_t)(void *handle, uint8_t type, const void *data, uint16_t len); +// Key exchange states +typedef enum sptps_state_t { + SPTPS_KEX = 1, // Waiting for the first Key EXchange record + SPTPS_SECONDARY_KEX = 2, // Ready to receive a secondary Key EXchange record + SPTPS_SIG = 3, // Waiting for a SIGnature record + SPTPS_ACK = 4, // Waiting for an ACKnowledgement record +} sptps_state_t; + typedef struct sptps { bool initiator; bool datagram; - int state; + sptps_state_t state; uint8_t *inbuf; size_t buflen; @@ -60,7 +62,7 @@ typedef struct sptps { uint32_t received; unsigned int replaywin; unsigned int farfuture; - char *late; + uint8_t *late; bool outstate; chacha_poly1305_ctx_t *outcipher; @@ -70,10 +72,10 @@ typedef struct sptps { ecdsa_t *hiskey; ecdh_t *ecdh; - char *mykex; - char *hiskex; - char *key; - char *label; + uint8_t *mykex; + uint8_t *hiskex; + uint8_t *key; + uint8_t *label; size_t labellen; void *handle; diff --git a/src/sptps_keypair.c b/src/sptps_keypair.c index 4dbd2ba1..bf7de125 100644 --- a/src/sptps_keypair.c +++ b/src/sptps_keypair.c @@ -23,10 +23,11 @@ #include "crypto.h" #include "ecdsagen.h" +#include "logger.h" static char *program_name; -void logger(int level, int priority, const char *format, ...) { +void logger(debug_t level, int priority, const char *format, ...) { (void)level; (void)priority; va_list ap; diff --git a/src/sptps_speed.c b/src/sptps_speed.c index db7314eb..8e6f5bed 100644 --- a/src/sptps_speed.c +++ b/src/sptps_speed.c @@ -51,7 +51,7 @@ static bool receive_record(void *handle, uint8_t type, const void *data, uint16_ } static void receive_data(sptps_t *sptps) { - char buf[4096], *bufp = buf; + uint8_t buf[4096], *bufp = buf; int fd = *(int *)sptps->handle; size_t len = recv(fd, buf, sizeof(buf), 0); @@ -80,7 +80,8 @@ static void clock_start() { static bool clock_countto(double seconds) { clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &end); - elapsed = end.tv_sec + end.tv_nsec * 1e-9 - start.tv_sec - start.tv_nsec * 1e-9; + elapsed = (double) end.tv_sec + (double) end.tv_nsec * 1e-9 + - (double) start.tv_sec - (double) start.tv_nsec * 1e-9; if(elapsed < seconds) { return ++count; @@ -94,7 +95,7 @@ int main(int argc, char *argv[]) { ecdsa_t *key1, *key2; ecdh_t *ecdh1, *ecdh2; sptps_t sptps1, sptps2; - char buf1[4096], buf2[4096], buf3[4096]; + uint8_t buf1[4096], buf2[4096], buf3[4096]; double duration = argc > 1 ? atof(argv[1]) : 10; crypto_init(); diff --git a/src/sptps_test.c b/src/sptps_test.c index 64b8cb22..3406a97e 100644 --- a/src/sptps_test.c +++ b/src/sptps_test.c @@ -76,7 +76,7 @@ static bool send_data(void *handle, uint8_t type, const void *data, size_t len) bin2hex(data, hex, len); if(verbose) { - fprintf(stderr, "Sending %d bytes of data:\n%s\n", (int)len, hex); + fprintf(stderr, "Sending %zu bytes of data:\n%s\n", len, hex); } const int *sock = handle; @@ -162,7 +162,7 @@ void *stdin_reader_thread(void *arg) { fprintf(stderr, "New connection received from :%d\n", ntohs(sa.sin_port)); } - char buf[1024]; + uint8_t buf[1024]; ssize_t nread; while((nread = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { @@ -170,7 +170,7 @@ void *stdin_reader_thread(void *arg) { fprintf(stderr, "Read %lld bytes from input\n", nread); } - char *start = buf; + uint8_t *start = buf; ssize_t nleft = nread; while(nleft) { @@ -479,7 +479,7 @@ int main(int argc, char *argv[]) { } else { fprintf(stderr, "Listening...\n"); - char buf[65536]; + uint8_t buf[65536]; struct sockaddr addr; socklen_t addrlen = sizeof(addr); @@ -648,7 +648,7 @@ int main(int argc, char *argv[]) { if(verbose) { char hex[len * 2 + 1]; bin2hex(buf, hex, len); - fprintf(stderr, "Received %d bytes of data:\n%s\n", (int)len, hex); + fprintf(stderr, "Received %zd bytes of data:\n%s\n", len, hex); } if(packetloss && (rand() % 100) < packetloss) { @@ -673,7 +673,7 @@ int main(int argc, char *argv[]) { } bufp += done; - len -= done; + len -= (ssize_t) done; } } } diff --git a/src/subnet.h b/src/subnet.h index 56d55d13..f50b13ba 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -75,12 +75,12 @@ extern void free_subnet_tree(splay_tree_t *); extern void subnet_add(struct node_t *owner, subnet_t *subnet); extern void subnet_del(struct node_t *owner, subnet_t *subnet); extern void subnet_update(struct node_t *owner, subnet_t *subnet, bool up); -extern int maskcmp(const void *a, const void *b, int masklen); -extern void maskcpy(void *dest, const void *src, int masklen, int len); -extern void mask(void *mask, int masklen, int len); +extern int maskcmp(const void *a, const void *b, size_t masklen); +extern void maskcpy(void *dest, const void *src, size_t masklen, size_t len); +extern void mask(void *mask, size_t masklen, size_t len); extern bool subnetcheck(const subnet_t subnet); -extern bool maskcheck(const void *mask, int masklen, int len); -extern bool net2str(char *netstr, int len, const subnet_t *subnet); +extern bool maskcheck(const void *mask, size_t masklen, size_t len); +extern bool net2str(char *netstr, size_t len, const subnet_t *subnet); extern bool str2net(subnet_t *subnet, const char *netstr); extern subnet_t *lookup_subnet(const struct node_t *owner, const subnet_t *subnet); extern subnet_t *lookup_subnet_mac(const struct node_t *owner, const mac_t *address); diff --git a/src/subnet_parse.c b/src/subnet_parse.c index 9e651458..e9271c12 100644 --- a/src/subnet_parse.c +++ b/src/subnet_parse.c @@ -29,13 +29,13 @@ static const int DEFAULT_WEIGHT = 10; /* Subnet mask handling */ -int maskcmp(const void *va, const void *vb, int masklen) { - int i, m, result; - const char *a = va; - const char *b = vb; +int maskcmp(const void *va, const void *vb, size_t masklen) { + size_t i, m; + const uint8_t *a = va; + const uint8_t *b = vb; for(m = masklen, i = 0; m >= 8; m -= 8, i++) { - result = a[i] - b[i]; + int result = a[i] - b[i]; if(result) { return result; @@ -49,9 +49,9 @@ int maskcmp(const void *va, const void *vb, int masklen) { return 0; } -void mask(void *va, int masklen, int len) { - int i; - char *a = va; +void mask(void *va, size_t masklen, size_t len) { + size_t i; + uint8_t *a = va; i = masklen / 8; masklen %= 8; @@ -65,10 +65,10 @@ void mask(void *va, int masklen, int len) { } } -void maskcpy(void *va, const void *vb, int masklen, int len) { - int i, m; - char *a = va; - const char *b = vb; +void maskcpy(void *va, const void *vb, size_t masklen, size_t len) { + size_t i, m; + uint8_t *a = va; + const uint8_t *b = vb; for(m = masklen, i = 0; m >= 8; m -= 8, i++) { a[i] = b[i]; @@ -95,9 +95,9 @@ bool subnetcheck(const subnet_t subnet) { return true; } -bool maskcheck(const void *va, int masklen, int len) { - int i; - const char *a = va; +bool maskcheck(const void *va, size_t masklen, size_t len) { + size_t i; + const uint8_t *a = va; i = masklen / 8; masklen %= 8; @@ -310,7 +310,7 @@ bool str2net(subnet_t *subnet, const char *subnetstr) { return false; } -bool net2str(char *netstr, int len, const subnet_t *subnet) { +bool net2str(char *netstr, size_t len, const subnet_t *subnet) { if(!netstr || !subnet) { logger(DEBUG_ALWAYS, LOG_ERR, "net2str() was called with netstr=%p, subnet=%p!", (void *)netstr, (void *)subnet); return false; diff --git a/src/tincctl.c b/src/tincctl.c index 4dd9726f..ef29c992 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -463,15 +463,15 @@ bool recvline(int fd, char *line, size_t len) { } while(!(newline = memchr(buffer, '\n', blen))) { - int result = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); + ssize_t nrecv = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); - if(result == -1 && sockerrno == EINTR) { + if(nrecv == -1 && sockerrno == EINTR) { continue; - } else if(result <= 0) { + } else if(nrecv <= 0) { return false; } - blen += result; + blen += nrecv; } if((size_t)(newline - buffer) >= len) { @@ -490,15 +490,15 @@ bool recvline(int fd, char *line, size_t len) { static bool recvdata(int fd, char *data, size_t len) { while(blen < len) { - int result = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); + ssize_t nrecv = recv(fd, buffer + blen, sizeof(buffer) - blen, 0); - if(result == -1 && sockerrno == EINTR) { + if(nrecv == -1 && sockerrno == EINTR) { continue; - } else if(result <= 0) { + } else if(nrecv <= 0) { return false; } - blen += result; + blen += nrecv; } memcpy(data, buffer, len); @@ -511,7 +511,7 @@ static bool recvdata(int fd, char *data, size_t len) { bool sendline(int fd, char *format, ...) { static char buffer[4096]; char *p = buffer; - int blen; + ssize_t blen; va_list ap; va_start(ap, format); @@ -527,16 +527,16 @@ bool sendline(int fd, char *format, ...) { blen++; while(blen) { - int result = send(fd, p, blen, MSG_NOSIGNAL); + ssize_t nsend = send(fd, p, blen, MSG_NOSIGNAL); - if(result == -1 && sockerrno == EINTR) { + if(nsend == -1 && sockerrno == EINTR) { continue; - } else if(result <= 0) { + } else if(nsend <= 0) { return false; } - p += result; - blen -= result; + p += nsend; + blen -= nsend; } return true; @@ -577,11 +577,12 @@ static void pcap(int fd, FILE *out, uint32_t snaplen) { char line[32]; while(recvline(fd, line, sizeof(line))) { - int code, req, len; - int n = sscanf(line, "%d %d %d", &code, &req, &len); + int code, req; + size_t len; + int n = sscanf(line, "%d %d %zd", &code, &req, &len); gettimeofday(&tv, NULL); - if(n != 3 || code != CONTROL || req != REQ_PCAP || len < 0 || (size_t)len > sizeof(data)) { + if(n != 3 || code != CONTROL || req != REQ_PCAP || len > sizeof(data)) { break; } @@ -970,7 +971,6 @@ static int cmd_start(int argc, char *argv[]) { free(nargv); - int status = -1, result; #ifdef SIGINT signal(SIGINT, SIG_IGN); #endif @@ -978,7 +978,7 @@ static int cmd_start(int argc, char *argv[]) { // Pass all log messages from the umbilical to stderr. // A nul-byte right before closure means tincd started successfully. bool failure = true; - char buf[1024]; + uint8_t buf[1024]; ssize_t len; while((len = read(pfd[0], buf, sizeof(buf))) > 0) { @@ -998,7 +998,8 @@ static int cmd_start(int argc, char *argv[]) { close(pfd[0]); // Make sure the child process is really gone. - result = waitpid(pid, &status, 0); + int status = -1; + pid_t result = waitpid(pid, &status, 0); #ifdef SIGINT signal(SIGINT, SIG_DFL); @@ -1302,7 +1303,7 @@ static int cmd_dump(int argc, char *argv[]) { } if(do_graph) { - float w = 1 + 65536.0 / weight; + float w = 1.0f + 65536.0f / (float)weight; if(do_graph == 1 && strcmp(node1, node2) > 0) { printf(" \"%s\" -- \"%s\" [w = %f, weight = %f];\n", node1, node2, w, w); @@ -1553,8 +1554,8 @@ static int cmd_pid(int argc, char *argv[]) { return 0; } -int rstrip(char *value) { - int len = strlen(value); +size_t rstrip(char *value) { + size_t len = strlen(value); while(len && strchr("\t\r\n ", value[len - 1])) { value[--len] = 0; @@ -1578,7 +1579,7 @@ char *get_my_name(bool verbose) { char *value; while(fgets(buf, sizeof(buf), f)) { - int len = strcspn(buf, "\t ="); + size_t len = strcspn(buf, "\t ="); value = buf + len; value += strspn(value, "\t "); @@ -1617,7 +1618,7 @@ ecdsa_t *get_pubkey(FILE *f) { char *value; while(fgets(buf, sizeof(buf), f)) { - int len = strcspn(buf, "\t ="); + size_t len = strcspn(buf, "\t ="); value = buf + len; value += strspn(value, "\t "); @@ -1944,9 +1945,8 @@ static int cmd_config(int argc, char *argv[]) { // Parse line in a simple way char *bvalue; - int len; - len = strcspn(buf2, "\t ="); + size_t len = strcspn(buf2, "\t ="); bvalue = buf2 + len; bvalue += strspn(bvalue, "\t "); @@ -2170,7 +2170,7 @@ static int cmd_init(int argc, char *argv[]) { return 1; } - int len = rstrip(buf); + size_t len = rstrip(buf); if(!len) { fprintf(stderr, "No name given!\n"); @@ -2787,7 +2787,7 @@ static int cmd_sign(int argc, char *argv[]) { long t = time(NULL); char *trailer; xasprintf(&trailer, " %s %ld", name, t); - int trailer_len = strlen(trailer); + size_t trailer_len = strlen(trailer); data = xrealloc(data, len + trailer_len); memcpy(data + len, trailer, trailer_len); @@ -2902,7 +2902,7 @@ static int cmd_verify(int argc, char *argv[]) { char *trailer; xasprintf(&trailer, " %s %ld", signer, t); - int trailer_len = strlen(trailer); + size_t trailer_len = strlen(trailer); data = xrealloc(data, len + trailer_len); memcpy(data + len, trailer, trailer_len); diff --git a/src/tincctl.h b/src/tincctl.h index 3f7d0037..d09013d8 100644 --- a/src/tincctl.h +++ b/src/tincctl.h @@ -20,6 +20,9 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" +#include "ecdsa.h" + extern bool tty; extern bool force; extern char line[4096]; @@ -43,7 +46,7 @@ typedef struct { extern const var_t variables[]; -extern int rstrip(char *value); +extern size_t rstrip(char *value); extern char *get_my_name(bool verbose); extern bool connect_tincd(bool verbose); extern bool sendline(int fd, char *format, ...); diff --git a/src/tincd.c b/src/tincd.c index 35a84be1..95872c34 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -313,7 +313,9 @@ static bool drop_privs(void) { uid = pw->pw_uid; - if(initgroups(switchuser, pw->pw_gid) != 0 || + // The second parameter to initgroups on macOS requires int, + // but __gid_t is unsigned int. There's not much we can do here. + if(initgroups(switchuser, pw->pw_gid) != 0 || // NOLINT(bugprone-narrowing-conversions) setgid(pw->pw_gid) != 0) { logger(DEBUG_ALWAYS, LOG_ERR, "System call `%s' failed: %s", "initgroups", strerror(errno)); @@ -505,8 +507,12 @@ int main(int argc, char **argv) { return 1; } - if(!debug_level) { - get_config_int(lookup_config(config_tree, "LogLevel"), &debug_level); + if(debug_level == DEBUG_NOTHING) { + int level = 0; + + if(get_config_int(lookup_config(config_tree, "LogLevel"), &level)) { + debug_level = level; + } } #ifdef HAVE_LZO diff --git a/src/top.c b/src/top.c index ab146195..910e7ef3 100644 --- a/src/top.c +++ b/src/top.c @@ -76,7 +76,7 @@ static bool update(int fd) { timersub(&cur, &prev, &diff); prev = cur; - float interval = diff.tv_sec + diff.tv_usec * 1e-6; + float interval = (float) diff.tv_sec + (float) diff.tv_usec * 1e-6f; char line[4096]; char name[4096]; @@ -131,10 +131,10 @@ static bool update(int fd) { } found->known = true; - found->in_packets_rate = (in_packets - found->in_packets) / interval; - found->in_bytes_rate = (in_bytes - found->in_bytes) / interval; - found->out_packets_rate = (out_packets - found->out_packets) / interval; - found->out_bytes_rate = (out_bytes - found->out_bytes) / interval; + found->in_packets_rate = (float)(in_packets - found->in_packets) / interval; + found->in_bytes_rate = (float)(in_bytes - found->in_bytes) / interval; + found->out_packets_rate = (float)(out_packets - found->out_packets) / interval; + found->out_bytes_rate = (float)(out_bytes - found->out_bytes) / interval; found->in_packets = in_packets; found->in_bytes = in_bytes; found->out_packets = out_packets; @@ -280,7 +280,8 @@ static void redraw(void) { if(cumulative) mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f", - node->name, node->in_packets * pscale, node->in_bytes * bscale, node->out_packets * pscale, node->out_bytes * bscale); + node->name, (float) node->in_packets * pscale, (float) node->in_bytes * bscale, + (float) node->out_packets * pscale, (float) node->out_bytes * bscale); else mvprintw(row, 0, "%-16s %10.0f %10.0f %10.0f %10.0f", node->name, node->in_packets_rate * pscale, node->in_bytes_rate * bscale, node->out_packets_rate * pscale, node->out_bytes_rate * bscale); @@ -307,15 +308,15 @@ void top(int fd) { switch(getch()) { case 's': { timeout(-1); - float input = delay * 1e-3; + float input = (float)delay * 1e-3f; mvprintw(1, 0, "Change delay from %.1fs to: ", input); scanw("%f", &input); if(input < 0.1) { - input = 0.1; + input = 0.1f; } - delay = input * 1e3; + delay = (int)(input * 1e3f); timeout(delay); break; } @@ -361,23 +362,23 @@ void top(int fd) { case 'k': bunit = "kbyte"; - bscale = 1e-3; + bscale = 1e-3f; punit = "pkts"; pscale = 1; break; case 'M': bunit = "Mbyte"; - bscale = 1e-6; + bscale = 1e-6f; punit = "kpkt"; - pscale = 1e-3; + pscale = 1e-3f; break; case 'G': bunit = "Gbyte"; - bscale = 1e-9; + bscale = 1e-9f; punit = "Mpkt"; - pscale = 1e-6; + pscale = 1e-6f; break; case 'q': diff --git a/src/uml_device.c b/src/uml_device.c index 4b574e81..a8bedc09 100644 --- a/src/uml_device.c +++ b/src/uml_device.c @@ -108,7 +108,7 @@ static bool setup_device(void) { name.zero = 0; name.pid = getpid(); gettimeofday(&tv, NULL); - name.usecs = tv.tv_usec; + name.usecs = (int) tv.tv_usec; memcpy(&data_sun.sun_path, &name, sizeof(name)); if(bind(data_fd, (struct sockaddr *)&data_sun, sizeof(data_sun)) < 0) { @@ -196,7 +196,7 @@ void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int inlen; + ssize_t inlen; switch(state) { case 0: { diff --git a/src/utils.c b/src/utils.c index d0d10627..57983241 100644 --- a/src/utils.c +++ b/src/utils.c @@ -45,11 +45,13 @@ static const char base64_decode[256] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, }; -static int charhex2bin(char c) { - if(isdigit(c)) { - return c - '0'; +static uint8_t charhex2bin(char c) { + uint8_t cu = (uint8_t) c; + + if(isdigit(cu)) { + return cu - '0'; } else { - return toupper(c) - 'A' + 10; + return toupper(cu) - 'A' + 10; } } @@ -57,7 +59,7 @@ size_t hex2bin(const char *src, void *vdst, size_t length) { uint8_t *dst = vdst; size_t i; - for(i = 0; i < length && isxdigit(src[i * 2]) && isxdigit(src[i * 2 + 1]); i++) { + for(i = 0; i < length && isxdigit((uint8_t) src[i * 2]) && isxdigit((uint8_t) src[i * 2 + 1]); i++) { dst[i] = charhex2bin(src[i * 2]) * 16 + charhex2bin(src[i * 2 + 1]); } @@ -210,7 +212,7 @@ bool check_id(const char *id) { } for(; *id; id++) - if(!isalnum(*id) && *id != '_') { + if(!isalnum((uint8_t) *id) && *id != '_') { return false; } @@ -223,7 +225,7 @@ bool check_netname(const char *netname, bool strict) { } for(const char *c = netname; *c; c++) { - if(iscntrl(*c)) { + if(iscntrl((uint8_t) *c)) { return false; } @@ -269,7 +271,7 @@ char *replace_name(const char *name) { ret_name = xstrdup(envname); for(char *c = ret_name; *c; c++) - if(!isalnum(*c)) { + if(!isalnum((uint8_t) *c)) { *c = '_'; } } else { @@ -302,7 +304,7 @@ FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { #ifdef HAVE_FCHMOD - if((perms & 0444) && f) { + if(perms & 0444) { fchmod(fileno(f), perms); } diff --git a/src/utils.h b/src/utils.h index a0cb4d23..a966adb1 100644 --- a/src/utils.h +++ b/src/utils.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + extern size_t hex2bin(const char *src, void *dst, size_t length); extern size_t bin2hex(const void *src, char *dst, size_t length); diff --git a/src/vde_device.c b/src/vde_device.c index 0170af32..b5f0785e 100644 --- a/src/vde_device.c +++ b/src/vde_device.c @@ -26,7 +26,6 @@ #include "names.h" #include "net.h" #include "logger.h" -#include "utils.h" #include "route.h" #include "xalloc.h" @@ -102,7 +101,7 @@ static void close_device(void) { } static bool read_packet(vpn_packet_t *packet) { - int lenin = (ssize_t)plug.vde_recv(conn, DATA(packet), MTU, 0); + ssize_t lenin = (ssize_t) plug.vde_recv(conn, DATA(packet), MTU, 0); if(lenin <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); diff --git a/src/xalloc.h b/src/xalloc.h index 34f02d0e..33f30d02 100644 --- a/src/xalloc.h +++ b/src/xalloc.h @@ -21,6 +21,8 @@ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include "system.h" + static inline void *xmalloc(size_t n) __attribute__((__malloc__)); static inline void *xmalloc(size_t n) { void *p = malloc(n); -- 2.20.1