From 779f0c275f69015311c589cc0ca373429b8ff7f4 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 28 Sep 2022 15:41:32 +0200 Subject: [PATCH 01/28] treewide: make type casts explicit --- ccm.c | 14 ++++++------- crypto.c | 24 +++++++++++----------- dtls.c | 34 +++++++++++++++---------------- dtls_debug.c | 2 +- dtls_time.c | 12 +++++------ ecc/ecc.c | 2 +- hmac.c | 2 +- platform-specific/dtls_prng_win.c | 2 +- sha2/sha2.c | 16 +++++++-------- 9 files changed, 54 insertions(+), 54 deletions(-) diff --git a/ccm.c b/ccm.c index 0a5e0ce5..7c4e57ca 100644 --- a/ccm.c +++ b/ccm.c @@ -47,7 +47,7 @@ block0(size_t M, /* number of auth bytes */ unsigned char *result) { unsigned int i; - result[0] = CCM_FLAGS(la, M, L); + result[0] = (unsigned char) CCM_FLAGS(la, M, L); /* copy the nonce */ memcpy(result + 1, nonce, DTLS_CCM_BLOCKSIZE - L - 1); @@ -88,11 +88,11 @@ add_auth_data(rijndael_ctx *ctx, const unsigned char *msg, uint64_t la, #ifndef WITH_CONTIKI if (la < 0xFF00) { /* 2^16 - 2^8 */ j = 2; - dtls_int_to_uint16(B, la); + dtls_int_to_uint16(B, (uint16_t) la); } else if (la <= UINT32_MAX) { j = 6; dtls_int_to_uint16(B, 0xFFFE); - dtls_int_to_uint32(B+2, la); + dtls_int_to_uint32(B+2, (uint32_t) la); } else { j = 10; dtls_int_to_uint16(B, 0xFFFF); @@ -184,7 +184,7 @@ dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, add_auth_data(ctx, aad, la, B, X); /* initialize block template */ - A[0] = L-1; + A[0] = (unsigned char) (L-1); /* copy the nonce */ memcpy(A + 1, nonce, DTLS_CCM_BLOCKSIZE - L - 1); @@ -225,7 +225,7 @@ dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, for (i = 0; i < M; ++i) *msg++ = X[i] ^ S[i]; - return len + M; + return (long int) (len + M); } long int @@ -254,7 +254,7 @@ dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, add_auth_data(ctx, aad, la, B, X); /* initialize block template */ - A[0] = L-1; + A[0] = (unsigned char) (L-1); /* copy the nonce */ memcpy(A + 1, nonce, DTLS_CCM_BLOCKSIZE - L - 1); @@ -296,8 +296,8 @@ dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, /* return length if MAC is valid, otherwise continue with error handling */ if (equals(X, msg, M)) - return len - M; + return (long int) (len - M); error: return -1; } diff --git a/crypto.c b/crypto.c index 8cfb7e68..dad0538a 100644 --- a/crypto.c +++ b/crypto.c @@ -281,7 +281,7 @@ dtls_mac(dtls_hmac_context_t *hmac_ctx, const unsigned char *packet, size_t length, unsigned char *buf) { uint16 L; - dtls_int_to_uint16(L, length); + dtls_int_to_uint16(L, (uint16_t) length); assert(hmac_ctx); dtls_hmac_update(hmac_ctx, record +3, sizeof(uint16) + sizeof(uint48)); @@ -340,7 +340,7 @@ dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, return -1; } - dtls_int_to_uint16(p, keylen); + dtls_int_to_uint16(p, (uint16_t) keylen); p += sizeof(uint16); memset(p, 0, keylen); @@ -351,7 +351,7 @@ dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, memcpy(p, key, keylen); - return 2 * (sizeof(uint16) + keylen); + return (int) (2 * (sizeof(uint16) + keylen)); } #endif /* DTLS_PSK */ @@ -360,7 +360,7 @@ static void dtls_ec_key_to_uint32(const unsigned char *key, size_t key_size, uint32_t *result) { int i; - for (i = (key_size / sizeof(uint32_t)) - 1; i >= 0 ; i--) { + for (i = (int) ((key_size / sizeof(uint32_t)) - 1); i >= 0 ; i--) { *result = dtls_uint32_to_int(&key[i * sizeof(uint32_t)]); result++; } @@ -370,7 +370,7 @@ static void dtls_ec_key_from_uint32(const uint32_t *key, size_t key_size, unsigned char *result) { int i; - for (i = (key_size / sizeof(uint32_t)) - 1; i >= 0 ; i--) { + for (i = (int) ((key_size / sizeof(uint32_t)) - 1); i >= 0 ; i--) { dtls_int_to_uint32(result, key[i]); result += 4; } @@ -428,8 +428,8 @@ int dtls_ec_key_asn1_from_uint32(const uint32_t *key, size_t key_size, key_size++; } /* Update the length of positive ASN.1 integer */ - dtls_int_to_uint8(lptr, key_size); - return key_size + 2; + dtls_int_to_uint8(lptr, (uint8_t) key_size); + return (int) (key_size + 2); } int dtls_ecdh_pre_master_secret(unsigned char *priv_key, @@ -455,7 +455,7 @@ int dtls_ecdh_pre_master_secret(unsigned char *priv_key, ecc_ecdh(pub_x, pub_y, priv, result_x, result_y); dtls_ec_key_from_uint32(result_x, key_size, result); - return key_size; + return (int) key_size; } void @@ -568,7 +568,7 @@ dtls_encrypt_params(const dtls_ccm_params_t *params, ctx->data.tag_length = params->tag_length; ctx->data.l = params->l; - ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen); + ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, (int) (8 * keylen)); if (ret < 0) { /* cleanup everything in case the key has the wrong size */ dtls_warn("cannot set rijndael key\n"); @@ -577,7 +577,7 @@ dtls_encrypt_params(const dtls_ccm_params_t *params, if (src != buf) memmove(buf, src, length); - ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, params->nonce, aad, la); + ret = (int) dtls_ccm_encrypt(&ctx->data, src, length, buf, params->nonce, aad, la); error: dtls_cipher_context_release(); @@ -610,7 +610,7 @@ dtls_decrypt_params(const dtls_ccm_params_t *params, ctx->data.tag_length = params->tag_length; ctx->data.l = params->l; - ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen); + ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, (int) (8 * keylen)); if (ret < 0) { /* cleanup everything in case the key has the wrong size */ dtls_warn("cannot set rijndael key\n"); @@ -619,7 +619,7 @@ dtls_decrypt_params(const dtls_ccm_params_t *params, if (src != buf) memmove(buf, src, length); - ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, params->nonce, aad, la); + ret = (int) dtls_ccm_decrypt(&ctx->data, src, length, buf, params->nonce, aad, la); error: dtls_cipher_context_release(); diff --git a/dtls.c b/dtls.c index eaf84426..edd3843b 100644 --- a/dtls.c +++ b/dtls.c @@ -873,7 +873,7 @@ static int verify_ext_eliptic_curves(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { + for (i = (int) data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { /* check if this curve is supported */ curve_name = dtls_uint16_to_int(data); data += sizeof(uint16); @@ -897,7 +897,7 @@ static int verify_ext_cert_type(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { + for (i = (int) data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { /* check if this cert type is supported */ cert_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -921,7 +921,7 @@ static int verify_ext_ec_point_formats(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { + for (i = (int) data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { /* check if this ec_point_format is supported */ cert_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -945,7 +945,7 @@ static int verify_ext_sig_hash_algo(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { + for (i = (int) data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { /* check if this _sig_hash_algo is supported */ hash_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -1429,7 +1429,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, memcpy(p, data_array[i], data_len_array[i]); p += data_len_array[i]; - res += data_len_array[i]; + res += (int) data_len_array[i]; } } else { /* TLS_PSK_WITH_AES_128_CCM_8 or TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ /** @@ -1504,7 +1504,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, memcpy(p, data_array[i], data_len_array[i]); p += data_len_array[i]; - res += data_len_array[i]; + res += (int) data_len_array[i]; } memset(nonce, 0, DTLS_CCM_BLOCKSIZE); @@ -1628,10 +1628,10 @@ dtls_0_send_hello_verify_request(dtls_context_t *ctx, dtls_int_to_uint16(buf + 1, DTLS10_VERSION); /* fix length of fragment in sendbuf */ - dtls_int_to_uint16(buf + 11, DTLS_HS_LENGTH + data_length); + dtls_int_to_uint16(buf + 11, (uint16_t) (DTLS_HS_LENGTH + data_length)); - p = dtls_set_handshake_header(DTLS_HT_HELLO_VERIFY_REQUEST, &(ephemeral_peer->mseq), data_length, 0, - data_length, p); + p = dtls_set_handshake_header(DTLS_HT_HELLO_VERIFY_REQUEST, &(ephemeral_peer->mseq), (int) data_length, 0, + (int) data_length, p); memcpy(p, data, data_length); @@ -1658,8 +1658,8 @@ dtls_send_handshake_msg_hash(dtls_context_t *ctx, int i = 0; dtls_security_parameters_t *security = dtls_security_params(peer); - dtls_set_handshake_header(header_type, &(peer->handshake_params->hs_state.mseq_s), data_length, 0, - data_length, buf); + dtls_set_handshake_header(header_type, &(peer->handshake_params->hs_state.mseq_s), (int) data_length, 0, + (int) data_length, buf); if (add_hash) { update_hs_hash(peer, buf, sizeof(buf)); @@ -2066,7 +2066,7 @@ dtls_asn1_integer_to_ec_key(uint8 *data, size_t data_len, uint8 *key, /* drop leading 0s if needed */ memcpy(key, data + length - key_len, key_len); } - return length + 2; + return (int) length + 2; } static int @@ -2135,7 +2135,7 @@ dtls_check_ecdsa_signature_elem(uint8 *data, size_t data_length, data += ret; data_length -= ret; - return data - data_orig; + return (int) (data - data_orig); } static int @@ -2456,7 +2456,7 @@ dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR); } - dtls_int_to_uint16(p, len); + dtls_int_to_uint16(p, (uint16_t) len); p += sizeof(uint16); memcpy(p, psk_hint, len); @@ -2768,7 +2768,7 @@ dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer, copy_hs_hash(peer, &hs_hash); - length = dtls_hash_finalize(hash, &hs_hash); + length = (int) dtls_hash_finalize(hash, &hs_hash); dtls_prf(peer->handshake_params->tmp.master_secret, DTLS_MASTER_SECRET_LENGTH, @@ -2829,7 +2829,7 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, p += sizeof(uint8); /* cookie */ - dtls_int_to_uint8(p, cookie_length); + dtls_int_to_uint8(p, (uint8_t) cookie_length); p += sizeof(uint8); if (cookie_length != 0) { memcpy(p, cookie, cookie_length); @@ -3417,7 +3417,7 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length, int clen; *cleartext = (uint8 *)packet + sizeof(dtls_record_header_t); - clen = length - sizeof(dtls_record_header_t); + clen = (int) (length - sizeof(dtls_record_header_t)); if (!security) { dtls_alert("No security context for epoch: %i\n", dtls_get_epoch(header)); diff --git a/dtls_debug.c b/dtls_debug.c index 70c88ff6..378d5bc2 100644 --- a/dtls_debug.c +++ b/dtls_debug.c @@ -362,7 +362,7 @@ void dump(unsigned char *buf, size_t len) { void dtls_dsrv_log_addr(log_t level, const char *name, const session_t *addr) { char addrbuf[73]; - int len; + size_t len; len = dsrv_print_addr(addr, addrbuf, sizeof(addrbuf)); if (!len) diff --git a/dtls_time.c b/dtls_time.c index 9a9cecf9..e6d2b4bc 100644 --- a/dtls_time.c +++ b/dtls_time.c @@ -6,7 +6,7 @@ * and Eclipse Distribution License v. 1.0 which accompanies this distribution. * * The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html - * and the Eclipse Distribution License is available at + * and the Eclipse Distribution License is available at * http://www.eclipse.org/org/documents/edl-v10.php. * * Contributors: @@ -87,8 +87,8 @@ dtls_clock_init(void) { dtls_clock_offset = time(NULL); #else # ifdef __GNUC__ - /* Issue a warning when using gcc. Other prepropressors do - * not seem to have a similar feature. */ + /* Issue a warning when using gcc. Other prepropressors do + * not seem to have a similar feature. */ # warning "cannot initialize clock" # endif dtls_clock_offset = 0; @@ -99,15 +99,15 @@ void dtls_ticks(dtls_tick_t *t) { #ifdef HAVE_SYS_TIME_H struct timeval tv; gettimeofday(&tv, NULL); - *t = (tv.tv_sec - dtls_clock_offset) * DTLS_TICKS_PER_SECOND + *t = (tv.tv_sec - dtls_clock_offset) * DTLS_TICKS_PER_SECOND + (tv.tv_usec * DTLS_TICKS_PER_SECOND / 1000000); #elif defined(_MSC_VER) SYSTEMTIME current_time; GetSystemTime(¤t_time); - *t = (current_time.wSecond - dtls_clock_offset) * DTLS_TICKS_PER_SECOND - + (current_time.wMilliseconds * DTLS_TICKS_PER_SECOND / 1000); + *t = (dtls_tick_t) ((current_time.wSecond - dtls_clock_offset) * DTLS_TICKS_PER_SECOND + + (current_time.wMilliseconds * DTLS_TICKS_PER_SECOND / 1000)); #else #error "clock not implemented" diff --git a/ecc/ecc.c b/ecc/ecc.c index 0095f12c..2bebeeb8 100644 --- a/ecc/ecc.c +++ b/ecc/ecc.c @@ -48,7 +48,7 @@ static uint32_t add( const uint32_t *x, const uint32_t *y, uint32_t *result, uin //printf("%02x + %02x + %01x = ", x[v], y[v], d); d += (uint64_t) x[v] + (uint64_t) y[v]; //printf("%02x\n", d); - result[v] = d; + result[v] = (uint32_t) d; d = d>>32; //save carry } diff --git a/hmac.c b/hmac.c index 93db779c..962714bf 100644 --- a/hmac.c +++ b/hmac.c @@ -77,7 +77,7 @@ dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result) { len = dtls_hash_finalize(result, &ctx->data); - return len; + return (int) len; } #ifdef HMAC_TEST diff --git a/platform-specific/dtls_prng_win.c b/platform-specific/dtls_prng_win.c index 8bd96002..ffdf9923 100644 --- a/platform-specific/dtls_prng_win.c +++ b/platform-specific/dtls_prng_win.c @@ -41,7 +41,7 @@ dtls_prng(unsigned char *buf, size_t len) { } *buf++ = number & 0xFF; } - return klen; + return (int) klen; } void diff --git a/sha2/sha2.c b/sha2/sha2.c index 9acec04c..efd6c219 100644 --- a/sha2/sha2.c +++ b/sha2/sha2.c @@ -228,14 +228,14 @@ static inline sha2_word64 get64be(const sha2_byte* data) static inline void put64be(sha2_byte* data, sha2_word64 val) { #if BYTE_ORDER == LITTLE_ENDIAN - data[7] = val; val >>= 8; - data[6] = val; val >>= 8; - data[5] = val; val >>= 8; - data[4] = val; val >>= 8; - data[3] = val; val >>= 8; - data[2] = val; val >>= 8; - data[1] = val; val >>= 8; - data[0] = val; + data[7] = (sha2_byte) val; val >>= 8; + data[6] = (sha2_byte) val; val >>= 8; + data[5] = (sha2_byte) val; val >>= 8; + data[4] = (sha2_byte) val; val >>= 8; + data[3] = (sha2_byte) val; val >>= 8; + data[2] = (sha2_byte) val; val >>= 8; + data[1] = (sha2_byte) val; val >>= 8; + data[0] = (sha2_byte) val; #else /* BYTE_ORDER != LITTLE_ENDIAN */ MEMCPY_BCOPY(data, &val, sizeof(val)); #endif /* BYTE_ORDER != LITTLE_ENDIAN */ From 7dd60ff4d21f251a62080e164a77b655f84ce02c Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 19:08:08 +0200 Subject: [PATCH 02/28] Emit warnings for implicit conversions --- CMakeLists.txt | 2 +- configure.ac | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 551282f1..55f5e690 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -82,7 +82,7 @@ if(CMAKE_GENERATOR MATCHES "Visual Studio") target_compile_options(tinydtls PRIVATE -WX) endif() elseif(NOT ZEPHYR_BASE) - target_compile_options(tinydtls PRIVATE -fPIC -pedantic -std=c99 -Wall -Wextra -Wformat-security -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wshadow -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wunused) + target_compile_options(tinydtls PRIVATE -fPIC -pedantic -std=c99 -Wall -Wextra -Wformat-security -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wshadow -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wunused -Wconversion) if(${WARNING_TO_ERROR}) target_compile_options(tinydtls PRIVATE -Werror) endif() diff --git a/configure.ac b/configure.ac index bb675331..7c310f89 100644 --- a/configure.ac +++ b/configure.ac @@ -54,6 +54,7 @@ WARNING_CFLAGS="\ -Wswitch-default \ -Wswitch-enum \ -Wunused \ +-Wconversion " AC_SUBST([WARNING_CFLAGS]) From 465cb4db4bd4fea664a67bd2c1e40a14dbf5f0a9 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 19:10:20 +0200 Subject: [PATCH 03/28] fixup! Emit warnings for implicit conversions --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 7c310f89..3c451baf 100644 --- a/configure.ac +++ b/configure.ac @@ -54,7 +54,7 @@ WARNING_CFLAGS="\ -Wswitch-default \ -Wswitch-enum \ -Wunused \ --Wconversion +-Wconversion \ " AC_SUBST([WARNING_CFLAGS]) From 50b1d2218f9cfa5a5749cc8a89ec4f3b7f22c196 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 19:55:17 +0200 Subject: [PATCH 04/28] fixup! treewide: make type casts explicit --- ccm.c | 4 ++-- ccm.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ccm.c b/ccm.c index 7c4e57ca..82126342 100644 --- a/ccm.c +++ b/ccm.c @@ -164,8 +164,8 @@ mac(rijndael_ctx *ctx, } -long int dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, +size_t const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la) { @@ -225,7 +225,7 @@ dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, for (i = 0; i < M; ++i) *msg++ = X[i] ^ S[i]; - return (long int) (len + M); + return len + M; } long int diff --git a/ccm.h b/ccm.h index def7fe82..ac649580 100644 --- a/ccm.h +++ b/ccm.h @@ -46,8 +46,8 @@ * \param la The number of additional authentication octets (may be zero). * \return FIXME */ -long int dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, +size_t const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la); From 560e2feca4e2f10a66655fd4c114361696f04324 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:42:52 +0200 Subject: [PATCH 05/28] fixup! treewide: make type casts explicit --- ccm.c | 4 ++-- crypto.c | 2 +- dtls.c | 54 ++++++++++++++++++++++++++--------------------------- dtls_time.c | 2 +- ecc/ecc.c | 6 +++--- numeric.h | 41 ++++++++++++++++++++-------------------- sha2/sha2.c | 8 ++++---- 7 files changed, 59 insertions(+), 58 deletions(-) diff --git a/ccm.c b/ccm.c index 82126342..1054c0a3 100644 --- a/ccm.c +++ b/ccm.c @@ -35,7 +35,7 @@ memset((A) + DTLS_CCM_BLOCKSIZE - (L), 0, (L)); \ (C) = (cnt) & MASK_L(L); \ for (i_ = DTLS_CCM_BLOCKSIZE - 1; (C) && (i_ > (L)); --i_, (C) >>= 8) \ - (A)[i_] |= (C) & 0xFF; \ + (A)[i_] |= (unsigned char) (C) & 0xFF; \ } static inline void @@ -164,8 +164,8 @@ mac(rijndael_ctx *ctx, } -dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, size_t +dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la) { diff --git a/crypto.c b/crypto.c index dad0538a..677d2b73 100644 --- a/crypto.c +++ b/crypto.c @@ -297,7 +297,7 @@ dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen, unsigned char *buf, const unsigned char *nonce, const unsigned char *aad, size_t la) { - long int len; + size_t len; (void)src; assert(ccm_ctx); diff --git a/dtls.c b/dtls.c index edd3843b..532ab79e 100644 --- a/dtls.c +++ b/dtls.c @@ -527,14 +527,14 @@ dtls_set_record_header(uint8 type, static inline uint8 * dtls_set_handshake_header(uint8 type, uint16_t *mseqn, - int length, - int frag_offset, int frag_length, + size_t length, + int frag_offset, size_t frag_length, uint8 *buf) { dtls_int_to_uint8(buf, type); buf += sizeof(uint8); - dtls_int_to_uint24(buf, length); + dtls_int_to_uint24(buf, (uint32_t) length); buf += sizeof(uint24); /* and copy the result to buf */ @@ -547,7 +547,7 @@ dtls_set_handshake_header(uint8 type, dtls_int_to_uint24(buf, frag_offset); buf += sizeof(uint24); - dtls_int_to_uint24(buf, frag_length); + dtls_int_to_uint24(buf, (uint32_t) frag_length); buf += sizeof(uint24); return buf; @@ -873,7 +873,7 @@ static int verify_ext_eliptic_curves(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { + for (i = (int) (data_length - sizeof(uint16)); i > 0; i -= (int) sizeof(uint16)) { /* check if this curve is supported */ curve_name = dtls_uint16_to_int(data); data += sizeof(uint16); @@ -897,7 +897,7 @@ static int verify_ext_cert_type(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { + for (i = (int) (data_length - sizeof(uint8)); i > 0; i -= (int) sizeof(uint8)) { /* check if this cert type is supported */ cert_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -921,7 +921,7 @@ static int verify_ext_ec_point_formats(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { + for (i = (int) (data_length - sizeof(uint8)); i > 0; i -= (int) sizeof(uint8)) { /* check if this ec_point_format is supported */ cert_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -945,7 +945,7 @@ static int verify_ext_sig_hash_algo(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { + for (i = (int) (data_length - sizeof(uint16)); i > 0; i -= (int) sizeof(uint16)) { /* check if this _sig_hash_algo is supported */ hash_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -1148,7 +1148,7 @@ dtls_update_parameters(dtls_context_t *ctx, while ((i >= (int)sizeof(uint16)) && !ok) { config->cipher = dtls_uint16_to_int(data); ok = known_cipher(ctx, config->cipher, 0); - i -= sizeof(uint16); + i -= (int) sizeof(uint16); data += sizeof(uint16); } @@ -1190,7 +1190,7 @@ dtls_update_parameters(dtls_context_t *ctx, ok = 1; } } - i -= sizeof(uint8); + i -= (int) sizeof(uint8); data += sizeof(uint8); } @@ -1253,7 +1253,7 @@ check_client_keyexchange(dtls_context_t *ctx, #endif /* DTLS_ECC */ #ifdef DTLS_PSK if (is_tls_psk_with_aes_128_ccm_8(handshake->cipher)) { - int id_length; + uint16_t id_length; if (length < DTLS_HS_LENGTH + DTLS_CKXPSK_LENGTH_MIN) { dtls_debug("The client key exchange is too short\n"); @@ -1523,7 +1523,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, */ memcpy(A_DATA, &DTLS_RECORD_HEADER(sendbuf)->epoch, 8); /* epoch and seq_num */ memcpy(A_DATA + 8, &DTLS_RECORD_HEADER(sendbuf)->content_type, 3); /* type and version */ - dtls_int_to_uint16(A_DATA + 11, res - 8); /* length */ + dtls_int_to_uint16(A_DATA + 11, (uint16_t) (res - 8)); /* length */ res = dtls_encrypt_params(¶ms, start + 8, res - 8, start + 8, dtls_kb_local_write_key(security, peer->role), @@ -1538,7 +1538,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, } /* fix length of fragment in sendbuf */ - dtls_int_to_uint16(sendbuf + 11, res); + dtls_int_to_uint16(sendbuf + 11, (uint16_t) res); *rlen = DTLS_RH_LENGTH + res; return 0; @@ -1630,8 +1630,8 @@ dtls_0_send_hello_verify_request(dtls_context_t *ctx, /* fix length of fragment in sendbuf */ dtls_int_to_uint16(buf + 11, (uint16_t) (DTLS_HS_LENGTH + data_length)); - p = dtls_set_handshake_header(DTLS_HT_HELLO_VERIFY_REQUEST, &(ephemeral_peer->mseq), (int) data_length, 0, - (int) data_length, p); + p = dtls_set_handshake_header(DTLS_HT_HELLO_VERIFY_REQUEST, &(ephemeral_peer->mseq), data_length, 0, + data_length, p); memcpy(p, data, data_length); @@ -1658,8 +1658,8 @@ dtls_send_handshake_msg_hash(dtls_context_t *ctx, int i = 0; dtls_security_parameters_t *security = dtls_security_params(peer); - dtls_set_handshake_header(header_type, &(peer->handshake_params->hs_state.mseq_s), (int) data_length, 0, - (int) data_length, buf); + dtls_set_handshake_header(header_type, &(peer->handshake_params->hs_state.mseq_s), data_length, 0, + data_length, buf); if (add_hash) { update_hs_hash(peer, buf, sizeof(buf)); @@ -2204,8 +2204,8 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) ecdsa = is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher); - extension_size = (handshake->extended_master_secret ? 4 : 0) + - (ecdsa ? 5 + 5 + 6 : 0); + extension_size = (uint8_t) ((handshake->extended_master_secret ? 4 : 0) + + (ecdsa ? 5 + 5 + 6 : 0)); /* Handshake header */ p = buf; @@ -2352,14 +2352,14 @@ dtls_add_ecdsa_signature_elem(uint8 *p, uint32_t *point_r, uint32_t *point_s) p += sizeof(uint8); /* length of signature */ - dtls_int_to_uint16(p, len_r + len_s + 2); + dtls_int_to_uint16(p, (uint8_t) (len_r + len_s + 2)); p += sizeof(uint16); /* ASN.1 SEQUENCE */ dtls_int_to_uint8(p, 0x30); p += sizeof(uint8); - dtls_int_to_uint8(p, len_r + len_s); + dtls_int_to_uint8(p, (uint8_t) (len_r + len_s)); p += sizeof(uint8); /* ASN.1 Integer r */ @@ -2646,7 +2646,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) dtls_warn("the psk identity is too long\n"); return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR); } - handshake->keyx.psk.id_length = (unsigned int)len; + handshake->keyx.psk.id_length = (uint16_t) len; memcpy(handshake->keyx.psk.identity, p + sizeof(uint16), len); dtls_int_to_uint16(p, handshake->keyx.psk.id_length); @@ -2801,7 +2801,7 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, psk = is_psk_supported(ctx); ecdsa = is_ecdsa_supported(ctx, 1); - cipher_size = 2 + ((ecdsa) ? 2 : 0) + ((psk) ? 2 : 0); + cipher_size = (uint8_t) (2 + ((ecdsa) ? 2 : 0) + ((psk) ? 2 : 0)); extension_size = 4 + ((ecdsa) ? 6 + 6 + 8 + 6 + 8: 0); if (cipher_size == 0) { @@ -3277,7 +3277,7 @@ check_certificate_request(dtls_context_t *ctx, } auth_alg = 0; - for (; i > 0 ; i -= sizeof(uint8)) { + for (; i > 0 ; i -= (unsigned int) sizeof(uint8)) { if (dtls_uint8_to_int(data) == TLS_CLIENT_CERTIFICATE_TYPE_ECDSA_SIGN && auth_alg == 0) auth_alg = dtls_uint8_to_int(data); @@ -3306,7 +3306,7 @@ check_certificate_request(dtls_context_t *ctx, return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (; i >= sizeof(uint16); i -= sizeof(uint16)) { + for (; i >= sizeof(uint16); i -= (unsigned int) sizeof(uint16)) { int current_hash_alg; int current_sig_alg; @@ -3464,7 +3464,7 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length, memcpy(A_DATA, &DTLS_RECORD_HEADER(packet)->epoch, 8); /* epoch and seq_num */ memcpy(A_DATA + 8, &DTLS_RECORD_HEADER(packet)->content_type, 3); /* type and version */ - dtls_int_to_uint16(A_DATA + 11, clen - 8); /* length without MAC */ + dtls_int_to_uint16(A_DATA + 11, (uint16_t) (clen - 8)); /* length without MAC */ clen = dtls_decrypt_params(¶ms, *cleartext, clen, *cleartext, dtls_kb_remote_write_key(security, peer->role), @@ -4288,7 +4288,7 @@ dtls_handle_message(dtls_context_t *ctx, if (DTLS_CT_HANDSHAKE == content_type && 0 == epoch) { dtls_info("handshake message epoch 0\n"); data = msg + DTLS_RH_LENGTH; - data_length = rlen - DTLS_RH_LENGTH; + data_length = (int) (rlen - DTLS_RH_LENGTH); if ((size_t) data_length < DTLS_HS_LENGTH) { dtls_warn("ignore too short handshake message\n"); return 0; diff --git a/dtls_time.c b/dtls_time.c index e6d2b4bc..901f7230 100644 --- a/dtls_time.c +++ b/dtls_time.c @@ -99,7 +99,7 @@ void dtls_ticks(dtls_tick_t *t) { #ifdef HAVE_SYS_TIME_H struct timeval tv; gettimeofday(&tv, NULL); - *t = (tv.tv_sec - dtls_clock_offset) * DTLS_TICKS_PER_SECOND + *t = (dtls_tick_t) (tv.tv_sec - dtls_clock_offset) * DTLS_TICKS_PER_SECOND + (tv.tv_usec * DTLS_TICKS_PER_SECOND / 1000000); #elif defined(_MSC_VER) diff --git a/ecc/ecc.c b/ecc/ecc.c index 2bebeeb8..4c0f2e0a 100644 --- a/ecc/ecc.c +++ b/ecc/ecc.c @@ -168,8 +168,8 @@ static int fieldMult(const uint32_t *x, const uint32_t *y, uint32_t *result, uin for (n = 0; n < length; n++){ l = (uint64_t)x[n]*(uint64_t)y[k]; temp[n+k] = l&0xFFFFFFFF; - temp[n+k+1] = l>>32; - add(&temp[n+k], &result[n+k], &result[n+k], (length * 2) - (n + k)); + temp[n+k+1] = (uint32_t) (l>>32); + add(&temp[n+k], &result[n+k], &result[n+k], (uint8_t) ((length * 2) - (n + k))); setZero(temp, length * 2); } @@ -408,7 +408,7 @@ static void fieldInv(const uint32_t *A, const uint32_t *modulus, const uint32_t } } - t=sub(u,v,tempm,arrayLength); /* tempm=u-v */ + t = (uint8_t) sub(u,v,tempm,arrayLength); /* tempm=u-v */ if (t==0) { /* If u > 0 */ copy(tempm,u,arrayLength); /* u=u-v */ fieldSub(x1,x2,modulus,tempm); /* tempm=x1-x2 */ diff --git a/numeric.h b/numeric.h index e8d1f561..fd509a6a 100644 --- a/numeric.h +++ b/numeric.h @@ -52,34 +52,35 @@ static inline int dtls_int_to_uint24(unsigned char *field, uint32_t value) static inline int dtls_int_to_uint32(unsigned char *field, uint32_t value) { - field[0] = (value >> 24) & 0xff; - field[1] = (value >> 16) & 0xff; - field[2] = (value >> 8) & 0xff; - field[3] = value & 0xff; + const unsigned char byte_mask = 0xff; + field[0] = (unsigned char) ((value >> 24) & byte_mask); + field[1] = (unsigned char) ((value >> 16) & byte_mask); + field[2] = (unsigned char) ((value >> 8) & byte_mask); + field[3] = (unsigned char) (value & byte_mask); return 4; } static inline int dtls_int_to_uint48(unsigned char *field, uint64_t value) { - field[0] = (value >> 40) & 0xff; - field[1] = (value >> 32) & 0xff; - field[2] = (value >> 24) & 0xff; - field[3] = (value >> 16) & 0xff; - field[4] = (value >> 8) & 0xff; - field[5] = value & 0xff; + field[0] = (value >> 40) & 0xffu; + field[1] = (value >> 32) & 0xffu; + field[2] = (value >> 24) & 0xffu; + field[3] = (value >> 16) & 0xffu; + field[4] = (value >> 8) & 0xffu; + field[5] = value & 0xffu; return 6; } static inline int dtls_int_to_uint64(unsigned char *field, uint64_t value) { - field[0] = (value >> 56) & 0xff; - field[1] = (value >> 48) & 0xff; - field[2] = (value >> 40) & 0xff; - field[3] = (value >> 32) & 0xff; - field[4] = (value >> 24) & 0xff; - field[5] = (value >> 16) & 0xff; - field[6] = (value >> 8) & 0xff; - field[7] = value & 0xff; + field[0] = (unsigned char) ((value >> 56) & 0xffu); + field[1] = (value >> 48) & 0xffu; + field[2] = (value >> 40) & 0xffu; + field[3] = (value >> 32) & 0xffu; + field[4] = (value >> 24) & 0xffu; + field[5] = (value >> 16) & 0xffu; + field[6] = (value >> 8) & 0xffu; + field[7] = value & 0xffu; return 8; } @@ -90,8 +91,8 @@ static inline uint8_t dtls_uint8_to_int(const unsigned char *field) static inline uint16_t dtls_uint16_to_int(const unsigned char *field) { - return ((uint16_t)field[0] << 8) - | (uint16_t)field[1]; + return (uint16_t) ((field[0] << 8u) + | (field[1])); } static inline uint32_t dtls_uint24_to_int(const unsigned char *field) diff --git a/sha2/sha2.c b/sha2/sha2.c index efd6c219..ba73e6d7 100644 --- a/sha2/sha2.c +++ b/sha2/sha2.c @@ -196,10 +196,10 @@ static inline sha2_word32 get32be(const sha2_byte* data) static inline void put32be(sha2_byte* data, sha2_word32 val) { #if BYTE_ORDER == LITTLE_ENDIAN - data[3] = val; val >>= 8; - data[2] = val; val >>= 8; - data[1] = val; val >>= 8; - data[0] = val; + data[3] = (sha2_byte) val; val >>= 8; + data[2] = (sha2_byte) val; val >>= 8; + data[1] = (sha2_byte) val; val >>= 8; + data[0] = (sha2_byte) val; #else /* BYTE_ORDER != LITTLE_ENDIAN */ MEMCPY_BCOPY(data, &val, sizeof(val)); #endif /* BYTE_ORDER != LITTLE_ENDIAN */ From fdbee4aa0867048ff40407580e028af7a0e7367b Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:43:06 +0200 Subject: [PATCH 06/28] fixup! Emit warnings for implicit conversions --- CMakeLists.txt | 2 +- configure.ac | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 55f5e690..6531fb28 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -82,7 +82,7 @@ if(CMAKE_GENERATOR MATCHES "Visual Studio") target_compile_options(tinydtls PRIVATE -WX) endif() elseif(NOT ZEPHYR_BASE) - target_compile_options(tinydtls PRIVATE -fPIC -pedantic -std=c99 -Wall -Wextra -Wformat-security -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wshadow -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wunused -Wconversion) + target_compile_options(tinydtls PRIVATE -fPIC -pedantic -std=c99 -Wall -Wextra -Wformat-security -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wshadow -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wunused -Wconversion -Wno-sign-conversion) if(${WARNING_TO_ERROR}) target_compile_options(tinydtls PRIVATE -Werror) endif() diff --git a/configure.ac b/configure.ac index 3c451baf..c1040fc9 100644 --- a/configure.ac +++ b/configure.ac @@ -55,6 +55,7 @@ WARNING_CFLAGS="\ -Wswitch-enum \ -Wunused \ -Wconversion \ +-Wno-sign-conversion \ " AC_SUBST([WARNING_CFLAGS]) From 707532034a3088c1e309efb97b49b794e7d6626d Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:43:22 +0200 Subject: [PATCH 07/28] fixup! treewide: make type casts explicit --- numeric.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/numeric.h b/numeric.h index fd509a6a..9e0c515b 100644 --- a/numeric.h +++ b/numeric.h @@ -37,15 +37,15 @@ static inline int dtls_int_to_uint8(unsigned char *field, uint8_t value) static inline int dtls_int_to_uint16(unsigned char *field, uint16_t value) { - field[0] = (value >> 8) & 0xff; - field[1] = value & 0xff; + field[0] = (value >> 8) & 0xffu; + field[1] = value & 0xffu; return 2; } static inline int dtls_int_to_uint24(unsigned char *field, uint32_t value) { - field[0] = (value >> 16) & 0xff; - field[1] = (value >> 8) & 0xff; + field[0] = (value >> 16) & 0xffu; + field[1] = (value >> 8) & 0xffu; field[2] = value & 0xff; return 3; } From 2b22538d808f4d104abbd57d6f9e001c5810263b Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:47:23 +0200 Subject: [PATCH 08/28] fixup! treewide: make type casts explicit --- ccm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccm.h b/ccm.h index ac649580..61ed7334 100644 --- a/ccm.h +++ b/ccm.h @@ -46,8 +46,8 @@ * \param la The number of additional authentication octets (may be zero). * \return FIXME */ -dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, size_t +dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la); From c460910334e98d5ed8b6643f4626ccf5799d10b0 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:53:28 +0200 Subject: [PATCH 09/28] fixup! treewide: make type casts explicit --- dtls.c | 6 +++--- peer.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dtls.c b/dtls.c index 532ab79e..96cfb292 100644 --- a/dtls.c +++ b/dtls.c @@ -474,8 +474,8 @@ is_record(uint8 *msg, size_t msglen) { uint16_t version = dtls_uint16_to_int(msg + 1); if ((((version == DTLS_VERSION) || (version == DTLS10_VERSION)) && known_content_type(msg))) { - rlen = DTLS_RH_LENGTH + - dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->length); + rlen = (unsigned int) (DTLS_RH_LENGTH + + dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->length)); /* we do not accept wrong length field in record header */ if (rlen > msglen) @@ -2837,7 +2837,7 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, } /* add known cipher(s) */ - dtls_int_to_uint16(p, cipher_size - 2); + dtls_int_to_uint16(p, (uint16_t) (cipher_size - 2)); p += sizeof(uint16); if (ecdsa) { diff --git a/peer.h b/peer.h index bd327fa7..a17cd1be 100644 --- a/peer.h +++ b/peer.h @@ -110,7 +110,7 @@ static inline dtls_security_parameters_t *dtls_security_params_next(dtls_peer_t if (!peer->security_params[1]) { return NULL; } - peer->security_params[1]->epoch = peer->security_params[0]->epoch + 1; + peer->security_params[1]->epoch = (uint16_t) (peer->security_params[0]->epoch + 1); return peer->security_params[1]; } From 7c0d407f83fde6695139dbf2d6d22af67136da73 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:54:43 +0200 Subject: [PATCH 10/28] fixup! treewide: make type casts explicit --- dtls_time.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dtls_time.c b/dtls_time.c index 901f7230..3edc91c0 100644 --- a/dtls_time.c +++ b/dtls_time.c @@ -99,8 +99,8 @@ void dtls_ticks(dtls_tick_t *t) { #ifdef HAVE_SYS_TIME_H struct timeval tv; gettimeofday(&tv, NULL); - *t = (dtls_tick_t) (tv.tv_sec - dtls_clock_offset) * DTLS_TICKS_PER_SECOND - + (tv.tv_usec * DTLS_TICKS_PER_SECOND / 1000000); + *t = (dtls_tick_t) ((tv.tv_sec - dtls_clock_offset) * DTLS_TICKS_PER_SECOND + + (tv.tv_usec * DTLS_TICKS_PER_SECOND / 1000000)); #elif defined(_MSC_VER) From cf7a966fafea6742190f6d1d59423bc69384a78e Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:55:53 +0200 Subject: [PATCH 11/28] fixup! treewide: make type casts explicit --- dtls_debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dtls_debug.c b/dtls_debug.c index 378d5bc2..bb8f2bc0 100644 --- a/dtls_debug.c +++ b/dtls_debug.c @@ -159,7 +159,7 @@ dsrv_print_addr(const session_t *addr, char *buf, size_t len) { return append; } - if (inet_ntop(addr->addr.sa.sa_family, addrptr, p, len) == 0) { + if (inet_ntop(addr->addr.sa.sa_family, addrptr, p, (socklen_t) len) == 0) { perror("dsrv_print_addr"); return 0; } From 6ba647981bd5d181511a213492e26553b6b95796 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:57:19 +0200 Subject: [PATCH 12/28] fixup! treewide: make type casts explicit --- platform-specific/dtls_prng_posix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform-specific/dtls_prng_posix.c b/platform-specific/dtls_prng_posix.c index 0051fc73..dae6d3af 100644 --- a/platform-specific/dtls_prng_posix.c +++ b/platform-specific/dtls_prng_posix.c @@ -36,7 +36,7 @@ int dtls_prng(unsigned char *buf, size_t len) { #ifdef HAVE_GETRANDOM - return getrandom(buf, len, 0); + return (int) getrandom(buf, len, 0); #else /* !HAVE_GETRANDOM */ size_t klen = len; while (len--) From d0166c6843567bfbc474dd1a862eb1ca110a7e7c Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 20:59:02 +0200 Subject: [PATCH 13/28] fixup! treewide: make type casts explicit --- ecc/ecc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ecc/ecc.c b/ecc/ecc.c index 4c0f2e0a..872ba500 100644 --- a/ecc/ecc.c +++ b/ecc/ecc.c @@ -283,11 +283,11 @@ static void fieldModO(const uint32_t *A, uint32_t *result, uint8_t length) { return; } - rshiftby(A, length, q1_q3, 9, ecc_order_k - 1); + rshiftby(A, length, q1_q3, 9, (uint8_t) (ecc_order_k - 1)); fieldMult(ecc_order_mu, q1_q3, q2_tmp, 9); - rshiftby(q2_tmp, 18, q1_q3, 8, ecc_order_k + 1); + rshiftby(q2_tmp, 18, q1_q3, 8, (uint8_t) (ecc_order_k + 1)); // r1 = first 9 blocks of A From 53615feb9446646481b494388a33cadabbb684b5 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:03:28 +0200 Subject: [PATCH 14/28] fixup! treewide: make type casts explicit --- tests/dtls-server.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/dtls-server.c b/tests/dtls-server.c index 1f77ee3b..628d2c94 100644 --- a/tests/dtls-server.c +++ b/tests/dtls-server.c @@ -92,7 +92,7 @@ get_psk_info(struct dtls_context_t *ctx, const session_t *session, } memcpy(result, psk[i].key, psk[i].key_length); - return psk[i].key_length; + return (int) psk[i].key_length; } } } @@ -147,12 +147,12 @@ read_from_peer(struct dtls_context_t *ctx, !memcmp(data, DTLS_SERVER_CMD_CLOSE, strlen(DTLS_SERVER_CMD_CLOSE))) { printf("server: closing connection\n"); dtls_close(ctx, session); - return len; + return (int) len; } else if (len >= strlen(DTLS_SERVER_CMD_RENEGOTIATE) && !memcmp(data, DTLS_SERVER_CMD_RENEGOTIATE, strlen(DTLS_SERVER_CMD_RENEGOTIATE))) { printf("server: renegotiate connection\n"); dtls_renegotiate(ctx, session); - return len; + return (int) len; } return dtls_write(ctx, session, data, len); @@ -163,7 +163,7 @@ send_to_peer(struct dtls_context_t *ctx, session_t *session, uint8 *data, size_t len) { int fd = *(int *)dtls_get_app_data(ctx); - return sendto(fd, data, len, MSG_DONTWAIT, + return (int) sendto(fd, data, len, MSG_DONTWAIT, &session->addr.sa, session->size); } @@ -180,7 +180,7 @@ dtls_handle_read(struct dtls_context_t *ctx) { memset(&session, 0, sizeof(session_t)); session.size = sizeof(session.addr); - len = recvfrom(*fd, buf, sizeof(buf), MSG_TRUNC, + len = (int) recvfrom(*fd, buf, sizeof(buf), MSG_TRUNC, &session.addr.sa, &session.size); if (len < 0) { @@ -309,7 +309,7 @@ main(int argc, char **argv) { } break; case 'p' : - port = htons(atoi(optarg)); + port = htons((u_short) atoi(optarg)); break; case 'v' : log_level = strtol(optarg, NULL, 10); From c218b7a0f4e2803ad53857b9b1fb546ef265349d Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:07:03 +0200 Subject: [PATCH 15/28] fixup! treewide: make type casts explicit --- tests/dtls-client.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/dtls-client.c b/tests/dtls-client.c index 6058f99f..e8990d93 100644 --- a/tests/dtls-client.c +++ b/tests/dtls-client.c @@ -123,7 +123,7 @@ get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM, } memcpy(result, psk_id, psk_id_length); - return psk_id_length; + return (int) psk_id_length; case DTLS_PSK_KEY: if (id_len != psk_id_length || memcmp(psk_id, id, id_len) != 0) { dtls_warn("PSK for unknown id requested, exiting\n"); @@ -134,7 +134,7 @@ get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM, } memcpy(result, psk_key, psk_key_length); - return psk_key_length; + return (int) psk_key_length; case DTLS_PSK_HINT: default: dtls_warn("unsupported request type: %d\n", type); @@ -189,7 +189,7 @@ try_send(struct dtls_context_t *ctx, session_t *dst, size_t len, char *buf) { static void handle_stdin(size_t *len, char *buf) { - if (fgets(buf + *len, sizeof(buf) - *len, stdin)) + if (fgets(buf + *len, (int) (sizeof(buf) - *len), stdin)) *len += strlen(buf + *len); } @@ -210,7 +210,7 @@ send_to_peer(struct dtls_context_t *ctx, session_t *session, uint8 *data, size_t len) { int fd = *(int *)dtls_get_app_data(ctx); - return sendto(fd, data, len, MSG_DONTWAIT, + return (int) sendto(fd, data, len, MSG_DONTWAIT, &session->addr.sa, session->size); } @@ -229,7 +229,7 @@ dtls_handle_read(struct dtls_context_t *ctx) { memset(&session, 0, sizeof(session_t)); session.size = sizeof(session.addr); - len = recvfrom(fd, buf, MAX_READ_BUF, 0, + len = (int) recvfrom(fd, buf, MAX_READ_BUF, 0, &session.addr.sa, &session.size); if (len < 0) { From 4c11ed941bf7c89a8db2dc48cacf9462e04493b8 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:09:19 +0200 Subject: [PATCH 16/28] fixup! treewide: make type casts explicit --- tests/dtls-client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dtls-client.c b/tests/dtls-client.c index e8990d93..ea77f9f2 100644 --- a/tests/dtls-client.c +++ b/tests/dtls-client.c @@ -434,7 +434,7 @@ main(int argc, char **argv) { /* use port number from command line when specified or the listen port, otherwise */ - dst.addr.sin.sin_port = htons(atoi(optind < argc ? argv[optind++] : port_str)); + dst.addr.sin.sin_port = htons((u_short) atoi(optind < argc ? argv[optind++] : port_str)); /* init socket and set it to non-blocking */ From ca265172191dfec81bcc57871ec730e39bcf4766 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:14:50 +0200 Subject: [PATCH 17/28] fixup! treewide: make type casts explicit --- ecc/testecc.c | 2 +- tests/unit-tests/test_ccm.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ecc/testecc.c b/ecc/testecc.c index 28d2134e..3f2698ab 100644 --- a/ecc/testecc.c +++ b/ecc/testecc.c @@ -222,7 +222,7 @@ int main(int argc, char const *argv[]) (void)argc; (void)argv; - srand(time(NULL)); + srand((unsigned int) time(NULL)); addTest(); doubleTest(); multTest(); diff --git a/tests/unit-tests/test_ccm.c b/tests/unit-tests/test_ccm.c index f54df8f9..28442f29 100644 --- a/tests/unit-tests/test_ccm.c +++ b/tests/unit-tests/test_ccm.c @@ -59,7 +59,7 @@ t_test_decrypt_message(void) { assert(data[n].r_lm - data[n].la <= sizeof(buf)); memcpy(buf, data[n].result + data[n].la, data[n].r_lm - data[n].la); - len = dtls_ccm_decrypt_message(&ctx, data[n].M, data[n].L, data[n].nonce, + len = (int) dtls_ccm_decrypt_message(&ctx, data[n].M, data[n].L, data[n].nonce, buf, data[n].r_lm - data[n].la, data[n].result, data[n].la); @@ -77,7 +77,7 @@ t_test_dtls_encrypt_params(void) { dtls_ccm_params_t params = { .nonce = data[n].nonce, .tag_length = data[n].M, - .l = data[n].L + .l = (uint8_t) data[n].L }; len = dtls_encrypt_params(¶ms, @@ -102,8 +102,8 @@ t_test_dtls_decrypt_params(void) { for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { dtls_ccm_params_t params = { .nonce = data[n].nonce, - .tag_length = data[n].M, - .l = data[n].L + .tag_length = (uint8_t) data[n].M, + .l = (uint8_t) data[n].L }; assert(data[n].r_lm - data[n].la - data[n].M <= sizeof(buf)); From 759d11e6082313433419d734c63837336d60e868 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:20:12 +0200 Subject: [PATCH 18/28] fixup! treewide: make type casts explicit --- tests/unit-tests/test_ccm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit-tests/test_ccm.c b/tests/unit-tests/test_ccm.c index 28442f29..d25d1a28 100644 --- a/tests/unit-tests/test_ccm.c +++ b/tests/unit-tests/test_ccm.c @@ -76,7 +76,7 @@ t_test_dtls_encrypt_params(void) { for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { dtls_ccm_params_t params = { .nonce = data[n].nonce, - .tag_length = data[n].M, + .tag_length = (uint8_t) data[n].M, .l = (uint8_t) data[n].L }; From 367f74827dd381314ca230092a7d14d12f35fbad Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:26:01 +0200 Subject: [PATCH 19/28] fixup! treewide: make type casts explicit --- dtls.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dtls.c b/dtls.c index 96cfb292..aa5b8958 100644 --- a/dtls.c +++ b/dtls.c @@ -788,7 +788,8 @@ calculate_key_block(dtls_context_t *ctx, } #endif /* DTLS_ECC */ case TLS_NULL_WITH_NULL_NULL: - assert(!"calculate_key_block: tried to use NULL cipher\n"); + dtls_crit("calculate_key_block: tried to use NULL cipher\n"); + assert(0); return dtls_alert_fatal_create(DTLS_ALERT_INSUFFICIENT_SECURITY); /* The following cases cover the enum symbols that are not @@ -2684,7 +2685,8 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) #endif /* DTLS_ECC */ case TLS_NULL_WITH_NULL_NULL: - assert(!"NULL cipher requested"); + dtls_crit("NULL cipher requested"); + assert(0); return dtls_alert_fatal_create(DTLS_ALERT_INSUFFICIENT_SECURITY); /* The following cases cover the enum symbols that are not From a460c0290ca6dfee11e7db571bd3e49e748a2437 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:27:15 +0200 Subject: [PATCH 20/28] fixup! treewide: make type casts explicit --- dtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dtls.c b/dtls.c index aa5b8958..9d11b7ff 100644 --- a/dtls.c +++ b/dtls.c @@ -2685,7 +2685,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) #endif /* DTLS_ECC */ case TLS_NULL_WITH_NULL_NULL: - dtls_crit("NULL cipher requested"); + dtls_crit("NULL cipher requested\n"); assert(0); return dtls_alert_fatal_create(DTLS_ALERT_INSUFFICIENT_SECURITY); From 101e30162036e2a873713aa418b05322e0002bd0 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:32:11 +0200 Subject: [PATCH 21/28] fixup! treewide: make type casts explicit --- dtls.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dtls.c b/dtls.c index 9d11b7ff..30347478 100644 --- a/dtls.c +++ b/dtls.c @@ -1570,8 +1570,8 @@ dtls_0_send_alert(dtls_context_t *ctx, dtls_int_to_uint16(buf + 11, DTLS_ALERT_LENGTH); /* Alert */ - dtls_int_to_uint8(p, level); - dtls_int_to_uint8(p + 1, description); + dtls_int_to_uint8(p, (uint8_t) level); + dtls_int_to_uint8(p + 1, (uint8_t) description); dtls_debug("send alert - protocol version packet\n"); @@ -1846,7 +1846,7 @@ dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer, static inline int dtls_send_alert(dtls_context_t *ctx, dtls_peer_t *peer, dtls_alert_level_t level, dtls_alert_t description) { - uint8_t msg[] = { level, description }; + uint8_t msg[] = { (uint8_t) level, (uint8_t) description }; dtls_send(ctx, peer, DTLS_CT_ALERT, msg, sizeof(msg)); @@ -1863,8 +1863,8 @@ dtls_send_alert(dtls_context_t *ctx, dtls_peer_t *peer, dtls_alert_level_t level n->epoch = peer->security_params[0]->epoch; n->type = DTLS_CT_ALERT; n->length = 2; - n->data[0] = level; - n->data[1] = description; + n->data[0] = (uint8_t) level; + n->data[1] = (uint8_t) description; n->job = TIMEOUT; if (!netq_insert_node(&ctx->sendqueue, n)) { @@ -2225,7 +2225,7 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) if (handshake->cipher != TLS_NULL_WITH_NULL_NULL) { /* selected cipher suite */ - dtls_int_to_uint16(p, handshake->cipher); + dtls_int_to_uint16(p, (uint16_t) handshake->cipher); p += sizeof(uint16); /* selected compression method */ From 78a320b4003f72fff28e46f5e0a291afe27b5e83 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 30 Sep 2022 21:34:45 +0200 Subject: [PATCH 22/28] fixup! treewide: make type casts explicit --- platform-specific/dtls_prng_posix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform-specific/dtls_prng_posix.c b/platform-specific/dtls_prng_posix.c index dae6d3af..25646481 100644 --- a/platform-specific/dtls_prng_posix.c +++ b/platform-specific/dtls_prng_posix.c @@ -41,7 +41,7 @@ dtls_prng(unsigned char *buf, size_t len) { size_t klen = len; while (len--) *buf++ = rand() & 0xFF; - return klen; + return (int) klen; #endif /* !HAVE_GETRANDOM */ } @@ -67,7 +67,7 @@ dtls_prng_init(unsigned seed) { } fclose(urandom); - srand((unsigned long)*buf); + srand((unsigned int)*buf); #endif /* !HAVE_GETRANDOM */ } From 6c6197aa2be7a1148a750237637933b76dced42f Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 16 Nov 2022 01:23:32 +0100 Subject: [PATCH 23/28] fixup! treewide: make type casts explicit --- aes/rijndael.c | 2 +- aes/rijndael.h | 5 +- aes/rijndael_wrap.c | 2 +- alert.h | 2 +- ccm.c | 7 +- ccm.h | 6 +- crypto.c | 52 ++--- crypto.h | 54 +++--- dtls.c | 262 +++++++++++++------------- dtls.h | 24 +-- dtls_prng.h | 2 +- hmac.c | 4 +- hmac.h | 2 +- platform-specific/dtls_prng_contiki.c | 7 +- platform-specific/dtls_prng_espidf.c | 2 +- platform-specific/dtls_prng_posix.c | 6 +- platform-specific/dtls_prng_riot.c | 2 +- platform-specific/dtls_prng_win.c | 4 +- platform-specific/dtls_prng_zephyr.c | 2 +- tests/dtls-client.c | 58 +++--- tests/dtls-server.c | 57 +++--- tests/unit-tests/test_ccm.c | 12 +- 22 files changed, 293 insertions(+), 281 deletions(-) diff --git a/aes/rijndael.c b/aes/rijndael.c index 19277694..1846beda 100644 --- a/aes/rijndael.c +++ b/aes/rijndael.c @@ -728,7 +728,7 @@ static const aes_u32 rcon[] = { * @return the number of rounds for the given cipher key size. */ int -rijndaelKeySetupEnc(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], int keyBits) +rijndaelKeySetupEnc(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], size_t keyBits) { int i = 0; aes_u32 temp; diff --git a/aes/rijndael.h b/aes/rijndael.h index 31338faf..dc751b65 100644 --- a/aes/rijndael.h +++ b/aes/rijndael.h @@ -29,6 +29,7 @@ #define __RIJNDAEL_H #include +#include #define AES_MAXKEYBITS (256) #define AES_MAXKEYBYTES (AES_MAXKEYBITS/8) @@ -55,11 +56,11 @@ typedef struct { } rijndael_ctx; int rijndael_set_key(rijndael_ctx *, const u_char *, int); -int rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, int); +int rijndael_set_key_enc_only(rijndael_ctx *, const u_char *, size_t); void rijndael_decrypt(rijndael_ctx *, const u_char *, u_char *); void rijndael_encrypt(rijndael_ctx *, const u_char *, u_char *); -int rijndaelKeySetupEnc(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], int keyBits); +int rijndaelKeySetupEnc(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], size_t keyBits); int rijndaelKeySetupDec(aes_u32 rk[/*4*(Nr + 1)*/], const aes_u8 cipherKey[], int keyBits); void rijndaelEncrypt(const aes_u32 rk[/*4*(Nr + 1)*/], int Nr, const aes_u8 pt[16], aes_u8 ct[16]); #ifdef WITH_AES_DECRYPT diff --git a/aes/rijndael_wrap.c b/aes/rijndael_wrap.c index 9f7aafc1..a75bed6a 100644 --- a/aes/rijndael_wrap.c +++ b/aes/rijndael_wrap.c @@ -20,7 +20,7 @@ /* setup key context for encryption only */ int -rijndael_set_key_enc_only(rijndael_ctx *ctx, const u_char *key, int bits) +rijndael_set_key_enc_only(rijndael_ctx *ctx, const u_char *key, size_t bits) { int rounds; diff --git a/alert.h b/alert.h index a2de596a..b688613b 100644 --- a/alert.h +++ b/alert.h @@ -77,7 +77,7 @@ dtls_alert_fatal_create(dtls_alert_t desc) * \return 0 (false), if not, not 0 (true), if it represents an alert. */ static inline int -dtls_is_alert(int err) +dtls_is_alert(ssize_t err) { return (err < -(1 << 8) && err > -(3 << 8)); } diff --git a/ccm.c b/ccm.c index 1054c0a3..983fb657 100644 --- a/ccm.c +++ b/ccm.c @@ -16,6 +16,7 @@ *******************************************************************************/ #include +#include #include "tinydtls.h" #include "global.h" @@ -164,7 +165,7 @@ mac(rijndael_ctx *ctx, } -size_t +ssize_t dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, @@ -228,7 +229,7 @@ dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, return len + M; } -long int +ssize_t dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, @@ -297,7 +298,7 @@ dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, /* return length if MAC is valid, otherwise continue with error handling */ if (equals(X, msg, M)) - return (long int) (len - M); + return len - M; error: return -1; } diff --git a/ccm.h b/ccm.h index 61ed7334..c4a93c66 100644 --- a/ccm.h +++ b/ccm.h @@ -18,6 +18,8 @@ #ifndef _DTLS_CCM_H_ #define _DTLS_CCM_H_ +#include + #include "aes/rijndael.h" /* implementation of Counter Mode CBC-MAC, RFC 3610 */ @@ -46,14 +48,14 @@ * \param la The number of additional authentication octets (may be zero). * \return FIXME */ -size_t +ssize_t dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la); -long int dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, +ssize_t const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la); diff --git a/crypto.c b/crypto.c index 677d2b73..2c66dd32 100644 --- a/crypto.c +++ b/crypto.c @@ -258,7 +258,7 @@ dtls_p_hash(dtls_hashfunc_t h, return buflen; } -size_t +size_t dtls_prf(const unsigned char *key, size_t keylen, const unsigned char *label, size_t labellen, const unsigned char *random1, size_t random1len, @@ -331,7 +331,7 @@ dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, } #ifdef DTLS_PSK -int +size_t dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, unsigned char *result, size_t result_len) { unsigned char *p = result; @@ -351,16 +351,16 @@ dtls_psk_pre_master_secret(unsigned char *key, size_t keylen, memcpy(p, key, keylen); - return (int) (2 * (sizeof(uint16) + keylen)); + return 2 * (sizeof(uint16) + keylen); } #endif /* DTLS_PSK */ #ifdef DTLS_ECC static void dtls_ec_key_to_uint32(const unsigned char *key, size_t key_size, uint32_t *result) { - int i; + ssize_t i; - for (i = (int) ((key_size / sizeof(uint32_t)) - 1); i >= 0 ; i--) { + for (i = (key_size / sizeof(uint32_t)) - 1; i >= 0 ; i--) { *result = dtls_uint32_to_int(&key[i * sizeof(uint32_t)]); result++; } @@ -368,9 +368,9 @@ static void dtls_ec_key_to_uint32(const unsigned char *key, size_t key_size, static void dtls_ec_key_from_uint32(const uint32_t *key, size_t key_size, unsigned char *result) { - int i; + ssize_t i; - for (i = (int) ((key_size / sizeof(uint32_t)) - 1); i >= 0 ; i--) { + for (i = (key_size / sizeof(uint32_t)) - 1; i >= 0 ; i--) { dtls_int_to_uint32(result, key[i]); result += 4; } @@ -385,9 +385,9 @@ static void dtls_ec_key_from_uint32(const uint32_t *key, size_t key_size, * interpreted as a negative number. In order to prevent this, a zero in the * ASN.1 presentation is prepended if that bit 7 is set. */ -int dtls_ec_key_asn1_from_uint32(const uint32_t *key, size_t key_size, +ssize_t dtls_ec_key_asn1_from_uint32(const uint32_t *key, ssize_t key_size, uint8_t *buf) { - int i = 0; + ssize_t i = 0; uint8_t *lptr; /* ASN.1 Integer r */ @@ -401,16 +401,16 @@ int dtls_ec_key_asn1_from_uint32(const uint32_t *key, size_t key_size, dtls_ec_key_from_uint32(key, key_size, buf); /* skip leading 0's */ - while (i < (int)key_size && buf[i] == 0) { + while (i < key_size && buf[i] == 0) { ++i; } - assert(i != (int)key_size); - if (i == (int)key_size) { + assert(i != key_size); + if (i == key_size) { dtls_alert("ec key is all zero\n"); return 0; } if (buf[i] >= 0x80) { - /* + /* * Preserve unsigned by adding leading 0 (i may go negative which is * explicitely handled below with the assumption that buf is at least 33 * bytes in size). @@ -429,10 +429,10 @@ int dtls_ec_key_asn1_from_uint32(const uint32_t *key, size_t key_size, } /* Update the length of positive ASN.1 integer */ dtls_int_to_uint8(lptr, (uint8_t) key_size); - return (int) (key_size + 2); + return key_size + 2; } -int dtls_ecdh_pre_master_secret(unsigned char *priv_key, +ssize_t dtls_ecdh_pre_master_secret(unsigned char *priv_key, unsigned char *pub_key_x, unsigned char *pub_key_y, size_t key_size, @@ -455,7 +455,7 @@ int dtls_ecdh_pre_master_secret(unsigned char *priv_key, ecc_ecdh(pub_x, pub_y, priv, result_x, result_y); dtls_ec_key_from_uint32(result_x, key_size, result); - return (int) key_size; + return key_size; } void @@ -557,18 +557,18 @@ dtls_ecdsa_verify_sig(const unsigned char *pub_key_x, } #endif /* DTLS_ECC */ -int +ssize_t dtls_encrypt_params(const dtls_ccm_params_t *params, const unsigned char *src, size_t length, unsigned char *buf, const unsigned char *key, size_t keylen, const unsigned char *aad, size_t la) { - int ret; + ssize_t ret; struct dtls_cipher_context_t *ctx = dtls_cipher_context_get(); ctx->data.tag_length = params->tag_length; ctx->data.l = params->l; - ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, (int) (8 * keylen)); + ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen); if (ret < 0) { /* cleanup everything in case the key has the wrong size */ dtls_warn("cannot set rijndael key\n"); @@ -577,14 +577,14 @@ dtls_encrypt_params(const dtls_ccm_params_t *params, if (src != buf) memmove(buf, src, length); - ret = (int) dtls_ccm_encrypt(&ctx->data, src, length, buf, params->nonce, aad, la); + ret = dtls_ccm_encrypt(&ctx->data, src, length, buf, params->nonce, aad, la); error: dtls_cipher_context_release(); return ret; } -int +ssize_t dtls_encrypt(const unsigned char *src, size_t length, unsigned char *buf, const unsigned char *nonce, @@ -598,19 +598,19 @@ dtls_encrypt(const unsigned char *src, size_t length, return dtls_encrypt_params(¶ms, src, length, buf, key, keylen, aad, la); } -int +ssize_t dtls_decrypt_params(const dtls_ccm_params_t *params, const unsigned char *src, size_t length, unsigned char *buf, const unsigned char *key, size_t keylen, const unsigned char *aad, size_t la) { - int ret; + ssize_t ret; struct dtls_cipher_context_t *ctx = dtls_cipher_context_get(); ctx->data.tag_length = params->tag_length; ctx->data.l = params->l; - ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, (int) (8 * keylen)); + ret = rijndael_set_key_enc_only(&ctx->data.ctx, key, 8 * keylen); if (ret < 0) { /* cleanup everything in case the key has the wrong size */ dtls_warn("cannot set rijndael key\n"); @@ -619,14 +619,14 @@ dtls_decrypt_params(const dtls_ccm_params_t *params, if (src != buf) memmove(buf, src, length); - ret = (int) dtls_ccm_decrypt(&ctx->data, src, length, buf, params->nonce, aad, la); + ret = dtls_ccm_decrypt(&ctx->data, src, length, buf, params->nonce, aad, la); error: dtls_cipher_context_release(); return ret; } -int +ssize_t dtls_decrypt(const unsigned char *src, size_t length, unsigned char *buf, const unsigned char *nonce, diff --git a/crypto.h b/crypto.h index 52bda0c4..ac96d43b 100644 --- a/crypto.h +++ b/crypto.h @@ -6,7 +6,7 @@ * and Eclipse Distribution License v. 1.0 which accompanies this distribution. * * The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html - * and the Eclipse Distribution License is available at + * and the Eclipse Distribution License is available at * http://www.eclipse.org/org/documents/edl-v10.php. * * Contributors: @@ -37,9 +37,9 @@ #define DTLS_MAC_LENGTH DTLS_HMAC_DIGEST_SIZE #define DTLS_IV_LENGTH 4 /* length of nonce_explicit */ -/** - * Maximum size of the generated keyblock. Note that MAX_KEYBLOCK_LENGTH must - * be large enough to hold the pre_master_secret, i.e. twice the length of the +/** + * Maximum size of the generated keyblock. Note that MAX_KEYBLOCK_LENGTH must + * be large enough to hold the pre_master_secret, i.e. twice the length of the * pre-shared key + 1. */ #define MAX_KEYBLOCK_LENGTH \ @@ -49,7 +49,7 @@ #define DTLS_MASTER_SECRET_LENGTH 48 #define DTLS_RANDOM_LENGTH 32 -typedef enum { AES128=0 +typedef enum { AES128=0 } dtls_crypto_alg; typedef enum { @@ -109,14 +109,14 @@ typedef struct { uint16_t epoch; /**< counter for cipher state changes*/ uint64_t rseq; /**< sequence number of last record sent */ - /** + /** * The key block generated from PRF applied to client and server * random bytes. The actual size is given by the selected cipher and * can be calculated using dtls_kb_size(). Use \c dtls_kb_ macros to * access the components of the key block. */ uint8 key_block[MAX_KEYBLOCK_LENGTH]; - + seqnum_t cseq; /**h->which((Context), __VA_ARGS__) \ : -1) -static int +static ssize_t dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer, dtls_security_parameters_t *security , session_t *session, unsigned char type, uint8 *buf_array[], @@ -277,7 +277,7 @@ handle_alert(dtls_context_t *ctx, dtls_peer_t *peer, * \param buflen The actual length of \p buf. * \return Less than zero on error, the number of bytes written otherwise. */ -static int +static ssize_t dtls_send(dtls_context_t *ctx, dtls_peer_t *peer, unsigned char type, uint8 *buf, size_t buflen) { return dtls_send_multi(ctx, peer, dtls_security_params(peer), &peer->session, @@ -307,7 +307,7 @@ dtls_add_peer(dtls_context_t *ctx, dtls_peer_t *peer) { return 0; } -int +ssize_t dtls_writev(struct dtls_context_t *ctx, session_t *dst, uint8 *buf_array[], size_t buf_len_array[], size_t buf_array_len) { @@ -316,7 +316,7 @@ dtls_writev(struct dtls_context_t *ctx, /* Check if peer connection already exists */ if (!peer) { /* no ==> create one */ - int res; + ssize_t res; /* dtls_connect() returns a value greater than zero if a new * connection attempt is made, 0 for session reuse. */ @@ -335,7 +335,7 @@ dtls_writev(struct dtls_context_t *ctx, } } -int +ssize_t dtls_write(struct dtls_context_t *ctx, session_t *session, uint8 *buf, size_t len) { return dtls_writev(ctx, session, &buf, &len, 1); @@ -370,10 +370,10 @@ static int dtls_create_cookie(dtls_context_t *ctx, session_t *session, uint8 *msg, size_t msglen, - uint8 *cookie, int *clen) { + uint8 *cookie, ssize_t *clen) { unsigned char buf[DTLS_HMAC_MAX]; size_t e, fragment_length; - int len; + ssize_t len; /* create cookie with HMAC-SHA256 over: * - SECRET @@ -466,16 +466,16 @@ known_content_type(const uint8_t *msg) { * Checks if \p msg points to a valid DTLS record. If * */ -static unsigned int +static size_t is_record(uint8 *msg, size_t msglen) { - unsigned int rlen = 0; + size_t rlen = 0; if (msglen >= DTLS_RH_LENGTH) { /* FIXME allow empty records? */ uint16_t version = dtls_uint16_to_int(msg + 1); if ((((version == DTLS_VERSION) || (version == DTLS10_VERSION)) && known_content_type(msg))) { - rlen = (unsigned int) (DTLS_RH_LENGTH + - dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->length)); + rlen = DTLS_RH_LENGTH + +dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->length); /* we do not accept wrong length field in record header */ if (rlen > msglen) @@ -722,7 +722,7 @@ dtls_message_type_to_name(int type) /** * Calculate the pre master secret and after that calculate the master-secret. */ -static int +static ssize_t calculate_key_block(dtls_context_t *ctx, dtls_handshake_parameters_t *handshake, dtls_peer_t *peer, @@ -731,7 +731,7 @@ calculate_key_block(dtls_context_t *ctx, (void) ctx; (void) session; unsigned char *pre_master_secret; - int pre_master_len = 0; + ssize_t pre_master_len = 0; dtls_security_parameters_t *security = dtls_security_params_next(peer); uint8 master_secret[DTLS_MASTER_SECRET_LENGTH]; (void)role; /* The macro dtls_kb_size() does not use role. */ @@ -746,7 +746,7 @@ calculate_key_block(dtls_context_t *ctx, #ifdef DTLS_PSK case TLS_PSK_WITH_AES_128_CCM_8: { unsigned char psk[DTLS_PSK_MAX_KEY_LEN]; - int len; + ssize_t len; len = CALL(ctx, get_psk_info, session, DTLS_PSK_KEY, handshake->keyx.psk.identity, @@ -864,7 +864,8 @@ calculate_key_block(dtls_context_t *ctx, /* TODO: add a generic method which iterates over a list and searches for a specific key */ static int verify_ext_eliptic_curves(uint8 *data, size_t data_length) { - int i, curve_name; + size_t i; + int curve_name; /* length of curve list */ i = dtls_uint16_to_int(data); @@ -874,7 +875,7 @@ static int verify_ext_eliptic_curves(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) (data_length - sizeof(uint16)); i > 0; i -= (int) sizeof(uint16)) { + for (i = data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { /* check if this curve is supported */ curve_name = dtls_uint16_to_int(data); data += sizeof(uint16); @@ -888,7 +889,8 @@ static int verify_ext_eliptic_curves(uint8 *data, size_t data_length) { } static int verify_ext_cert_type(uint8 *data, size_t data_length) { - int i, cert_type; + size_t i; + int cert_type; /* length of cert type list */ i = dtls_uint8_to_int(data); @@ -898,7 +900,7 @@ static int verify_ext_cert_type(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) (data_length - sizeof(uint8)); i > 0; i -= (int) sizeof(uint8)) { + for (i = data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { /* check if this cert type is supported */ cert_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -912,7 +914,8 @@ static int verify_ext_cert_type(uint8 *data, size_t data_length) { } static int verify_ext_ec_point_formats(uint8 *data, size_t data_length) { - int i, cert_type; + size_t i; + int cert_type; /* length of ec_point_formats list */ i = dtls_uint8_to_int(data); @@ -922,7 +925,7 @@ static int verify_ext_ec_point_formats(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) (data_length - sizeof(uint8)); i > 0; i -= (int) sizeof(uint8)) { + for (i = data_length - sizeof(uint8); i > 0; i -= sizeof(uint8)) { /* check if this ec_point_format is supported */ cert_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -936,7 +939,8 @@ static int verify_ext_ec_point_formats(uint8 *data, size_t data_length) { } static int verify_ext_sig_hash_algo(uint8 *data, size_t data_length) { - int i, hash_type, sig_type; + size_t i; + int hash_type, sig_type; /* length of sig_hash_algo list */ i = dtls_uint16_to_int(data); @@ -946,7 +950,7 @@ static int verify_ext_sig_hash_algo(uint8 *data, size_t data_length) { return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - for (i = (int) (data_length - sizeof(uint16)); i > 0; i -= (int) sizeof(uint16)) { + for (i = data_length - sizeof(uint16); i > 0; i -= sizeof(uint16)) { /* check if this _sig_hash_algo is supported */ hash_type = dtls_uint8_to_int(data); data += sizeof(uint8); @@ -1099,7 +1103,7 @@ static int dtls_update_parameters(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { - int i; + size_t i; unsigned int j; int ok; dtls_handshake_parameters_t *config = peer->handshake_params; @@ -1146,10 +1150,10 @@ dtls_update_parameters(dtls_context_t *ctx, data_length -= sizeof(uint16) + i; ok = 0; - while ((i >= (int)sizeof(uint16)) && !ok) { + while ((i >= sizeof(uint16)) && !ok) { config->cipher = dtls_uint16_to_int(data); ok = known_cipher(ctx, config->cipher, 0); - i -= (int) sizeof(uint16); + i -= sizeof(uint16); data += sizeof(uint16); } @@ -1191,7 +1195,7 @@ dtls_update_parameters(dtls_context_t *ctx, ok = 1; } } - i -= (int) sizeof(uint8); + i -= sizeof(uint8); data += sizeof(uint8); } @@ -1394,14 +1398,14 @@ check_finished(dtls_context_t *ctx, dtls_peer_t *peer, * undefined. * \return Less than zero on error, or greater than zero success. */ -static int +static ssize_t dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, unsigned char type, uint8 *data_array[], size_t data_len_array[], size_t data_array_len, uint8 *sendbuf, size_t *rlen) { uint8 *p, *start; - int res; + ssize_t res; unsigned int i; if (*rlen < DTLS_RH_LENGTH) { @@ -1430,7 +1434,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, memcpy(p, data_array[i], data_len_array[i]); p += data_len_array[i]; - res += (int) data_len_array[i]; + res += data_len_array[i]; } } else { /* TLS_PSK_WITH_AES_128_CCM_8 or TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ /** @@ -1505,7 +1509,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, memcpy(p, data_array[i], data_len_array[i]); p += data_len_array[i]; - res += (int) data_len_array[i]; + res += data_len_array[i]; } memset(nonce, 0, DTLS_CCM_BLOCKSIZE); @@ -1557,7 +1561,7 @@ dtls_prepare_record(dtls_peer_t *peer, dtls_security_parameters_t *security, * \param description Alert description. * \return number of bytes sent, or less than 0 on error. */ -static int +static ssize_t dtls_0_send_alert(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer, dtls_alert_level_t level, @@ -1581,10 +1585,10 @@ dtls_0_send_alert(dtls_context_t *ctx, return CALL(ctx, write, ephemeral_peer->session, buf, sizeof(buf)); } -static int +static ssize_t dtls_0_send_alert_from_err(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer, - int err) { + ssize_t err) { assert(ephemeral_peer); @@ -1610,7 +1614,7 @@ dtls_0_send_alert_from_err(dtls_context_t *ctx, * \param data_length Length of \p msg. * \return number of bytes sent, or less than 0 on error. */ -static int +static ssize_t dtls_0_send_hello_verify_request(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer, uint8 *data, size_t data_length) @@ -1645,7 +1649,7 @@ dtls_0_send_hello_verify_request(dtls_context_t *ctx, return CALL(ctx, write, ephemeral_peer->session, buf, sizeof(buf)); } -static int +static ssize_t dtls_send_handshake_msg_hash(dtls_context_t *ctx, dtls_peer_t *peer, session_t *session, @@ -1656,7 +1660,7 @@ dtls_send_handshake_msg_hash(dtls_context_t *ctx, uint8 buf[DTLS_HS_LENGTH]; uint8 *data_array[2]; size_t data_len_array[2]; - int i = 0; + ssize_t i = 0; dtls_security_parameters_t *security = dtls_security_params(peer); dtls_set_handshake_header(header_type, &(peer->handshake_params->hs_state.mseq_s), data_length, 0, @@ -1683,7 +1687,7 @@ dtls_send_handshake_msg_hash(dtls_context_t *ctx, data_array, data_len_array, i); } -static int +static ssize_t dtls_send_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 header_type, @@ -1738,7 +1742,7 @@ static unsigned char sendbuf[DTLS_MAX_BUF]; * @return Less than zero in case of an error or the number of * bytes that have been sent otherwise. */ -static int +static ssize_t dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer, dtls_security_parameters_t *security , session_t *session, unsigned char type, uint8 *buf_array[], @@ -1754,7 +1758,7 @@ dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer, unsigned char sendbuf[DTLS_MAX_BUF]; #endif /* ! DTLS_CONSTRAINED_STACK */ size_t len = sizeof(sendbuf); - int res; + ssize_t res; unsigned int i; size_t overall_len = 0; @@ -1936,16 +1940,16 @@ dtls_destroy_peer(dtls_context_t *ctx, dtls_peer_t *peer, int flags) { * \return \c 0 if msg is a ClientHello with a valid cookie, \c 1 or * \c -1 otherwise. */ -static int +static ssize_t dtls_0_verify_peer(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer, uint8 *data, size_t data_length) { uint8 buf[DTLS_HV_LENGTH + DTLS_COOKIE_LENGTH]; uint8 *p = buf; - int len = DTLS_COOKIE_LENGTH; + ssize_t len = DTLS_COOKIE_LENGTH; uint8 *cookie = NULL; - int err; + ssize_t err; #undef mycookie #define mycookie (buf + DTLS_HV_LENGTH) @@ -1961,7 +1965,7 @@ dtls_0_verify_peer(dtls_context_t *ctx, /* Perform cookie check. */ len = dtls_get_cookie(data, data_length, &cookie); if (len < 0) { - dtls_warn("error while fetching the cookie, err: %i\n", len); + dtls_warn("error while fetching the cookie, err: %zd\n", len); if (dtls_alert_fatal_create(DTLS_ALERT_PROTOCOL_VERSION) == len) { dtls_0_send_alert(ctx, ephemeral_peer, DTLS_ALERT_LEVEL_FATAL, DTLS_ALERT_PROTOCOL_VERSION); } @@ -2035,7 +2039,7 @@ dtls_asn1_len(uint8 **data, size_t *data_len) return len; } -static int +static size_t dtls_asn1_integer_to_ec_key(uint8 *data, size_t data_len, uint8 *key, size_t key_len) { @@ -2061,21 +2065,21 @@ dtls_asn1_integer_to_ec_key(uint8 *data, size_t data_len, uint8 *key, if (length < key_len) { /* pad with leading 0s */ memset(key, 0, key_len - length); - memcpy(key + key_len - length, data, length); + memcpy(key + key_len - length, data, length); } else { /* drop leading 0s if needed */ - memcpy(key, data + length - key_len, key_len); + memcpy(key, data + length - key_len, key_len); } - return (int) length + 2; + return length + 2; } -static int +static size_t dtls_check_ecdsa_signature_elem(uint8 *data, size_t data_length, unsigned char *result_r, unsigned char *result_s) { - int ret; + size_t ret; uint8 *data_orig = data; /* @@ -2136,17 +2140,17 @@ dtls_check_ecdsa_signature_elem(uint8 *data, size_t data_length, data += ret; data_length -= ret; - return (int) (data - data_orig); + return data - data_orig; } -static int +static ssize_t check_client_certificate_verify(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { (void) ctx; dtls_handshake_parameters_t *config = peer->handshake_params; - int ret; + ssize_t ret; unsigned char result_r[DTLS_EC_KEY_SIZE]; unsigned char result_s[DTLS_EC_KEY_SIZE]; dtls_hash_ctx hs_hash; @@ -2184,14 +2188,14 @@ check_client_certificate_verify(dtls_context_t *ctx, result_r, result_s); if (ret < 0) { - dtls_alert("wrong signature err: %i\n", ret); + dtls_alert("wrong signature err: %zd\n", ret); return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } return 0; } #endif /* DTLS_ECC */ -static int +static ssize_t dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) { /* Ensure that the largest message to create fits in our source @@ -2298,7 +2302,7 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer) #ifdef DTLS_ECC #define DTLS_EC_SUBJECTPUBLICKEY_SIZE (2 * DTLS_EC_KEY_SIZE + sizeof(cert_asn1_header)) -static int +static ssize_t dtls_send_certificate_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer, const dtls_ecdsa_key_t *key) { @@ -2332,8 +2336,8 @@ dtls_send_certificate_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer, static uint8 * dtls_add_ecdsa_signature_elem(uint8 *p, uint32_t *point_r, uint32_t *point_s) { - int len_r; - int len_s; + ssize_t len_r; + ssize_t len_s; #define R_KEY_OFFSET (1 + 1 + 2 + 1 + 1) #define S_KEY_OFFSET(len_a) (R_KEY_OFFSET + (len_a)) @@ -2376,7 +2380,7 @@ dtls_add_ecdsa_signature_elem(uint8 *p, uint32_t *point_r, uint32_t *point_s) return p; } -static int +static ssize_t dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, const dtls_ecdsa_key_t *key) { @@ -2441,7 +2445,7 @@ dtls_send_server_key_exchange_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, #endif /* DTLS_ECC */ #ifdef DTLS_PSK -static int +static ssize_t dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, const unsigned char *psk_hint, size_t len) { @@ -2471,7 +2475,7 @@ dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer, #endif /* DTLS_PSK */ #ifdef DTLS_ECC -static int +static ssize_t dtls_send_server_certificate_request(dtls_context_t *ctx, dtls_peer_t *peer) { uint8 buf[8]; @@ -2513,7 +2517,7 @@ dtls_send_server_certificate_request(dtls_context_t *ctx, dtls_peer_t *peer) } #endif /* DTLS_ECC */ -static int +static ssize_t dtls_send_server_hello_done(dtls_context_t *ctx, dtls_peer_t *peer) { @@ -2525,10 +2529,10 @@ dtls_send_server_hello_done(dtls_context_t *ctx, dtls_peer_t *peer) NULL, 0); } -static int +static ssize_t dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) { - int res; + ssize_t res; res = dtls_send_server_hello(ctx, peer); @@ -2576,7 +2580,7 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) #ifdef DTLS_PSK if (is_tls_psk_with_aes_128_ccm_8(peer->handshake_params->cipher)) { unsigned char psk_hint[DTLS_PSK_MAX_CLIENT_IDENTITY_LEN]; - int len; + ssize_t len; /* The identity hint is optional, therefore we ignore the result * and check psk only. */ @@ -2608,7 +2612,7 @@ dtls_send_server_hello_msgs(dtls_context_t *ctx, dtls_peer_t *peer) return 0; } -static inline int +static inline ssize_t dtls_send_ccs(dtls_context_t *ctx, dtls_peer_t *peer) { uint8 buf[1] = {1}; @@ -2616,13 +2620,13 @@ dtls_send_ccs(dtls_context_t *ctx, dtls_peer_t *peer) { } -static int +static ssize_t dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) { uint8 buf[DTLS_CKXEC_LENGTH]; uint8 *p; dtls_handshake_parameters_t *handshake = peer->handshake_params; - int ret; + ssize_t ret; p = buf; @@ -2630,7 +2634,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) switch (handshake->cipher) { #ifdef DTLS_PSK case TLS_PSK_WITH_AES_128_CCM_8: { - int len; + ssize_t len; len = CALL(ctx, get_psk_info, &peer->session, DTLS_PSK_IDENTITY, handshake->keyx.psk.identity, handshake->keyx.psk.id_length, @@ -2722,7 +2726,7 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer) } #ifdef DTLS_ECC -static int +static ssize_t dtls_send_certificate_verify_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, const dtls_ecdsa_key_t *key) { @@ -2758,11 +2762,11 @@ dtls_send_certificate_verify_ecdh(dtls_context_t *ctx, dtls_peer_t *peer, } #endif /* DTLS_ECC */ -static int +static ssize_t dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer, const unsigned char *label, size_t labellen) { - int length; + size_t length; uint8 hash[DTLS_HMAC_MAX]; uint8 buf[DTLS_FIN_LENGTH]; dtls_hash_ctx hs_hash; @@ -2770,7 +2774,7 @@ dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer, copy_hs_hash(peer, &hs_hash); - length = (int) dtls_hash_finalize(hash, &hs_hash); + length = dtls_hash_finalize(hash, &hs_hash); dtls_prf(peer->handshake_params->tmp.master_secret, DTLS_MASTER_SECRET_LENGTH, @@ -2789,7 +2793,7 @@ dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer, buf, p - buf); } -static int +static ssize_t dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, uint8 cookie[], size_t cookie_length) { uint8 buf[DTLS_CH_LENGTH_MAX]; @@ -3046,13 +3050,13 @@ check_server_hello(dtls_context_t *ctx, return dtls_alert_fatal_create(DTLS_ALERT_DECODE_ERROR); } -static int +static ssize_t check_server_hello_verify_request(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { dtls_hello_verify_t *hv; - int res; + ssize_t res; if (data_length < DTLS_HS_LENGTH + DTLS_HV_LENGTH) return dtls_alert_fatal_create(DTLS_ALERT_DECODE_ERROR); @@ -3117,14 +3121,14 @@ check_server_certificate(dtls_context_t *ctx, return 0; } -static int +static ssize_t check_server_key_exchange_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { (void) ctx; dtls_handshake_parameters_t *config = peer->handshake_params; - int ret; + ssize_t ret; unsigned char result_r[DTLS_EC_KEY_SIZE]; unsigned char result_s[DTLS_EC_KEY_SIZE]; unsigned char *key_params; @@ -3254,7 +3258,7 @@ check_certificate_request(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { - unsigned int i; + size_t i; int auth_alg; int sig_alg; int hash_alg; @@ -3279,7 +3283,7 @@ check_certificate_request(dtls_context_t *ctx, } auth_alg = 0; - for (; i > 0 ; i -= (unsigned int) sizeof(uint8)) { + for (; i > 0 ; i -= sizeof(uint8)) { if (dtls_uint8_to_int(data) == TLS_CLIENT_CERTIFICATE_TYPE_ECDSA_SIGN && auth_alg == 0) auth_alg = dtls_uint8_to_int(data); @@ -3307,8 +3311,8 @@ check_certificate_request(dtls_context_t *ctx, dtls_alert("illegal certificate request\n"); return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE); } - - for (; i >= sizeof(uint16); i -= (unsigned int) sizeof(uint16)) { + + for (; i >= sizeof(uint16); i -= sizeof(uint16)) { int current_hash_alg; int current_sig_alg; @@ -3337,12 +3341,12 @@ check_certificate_request(dtls_context_t *ctx, } #endif /* DTLS_ECC */ -static int +static ssize_t check_server_hellodone(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { - int res; + ssize_t res; #ifdef DTLS_ECC const dtls_ecdsa_key_t *ecdsa_key; #endif /* DTLS_ECC */ @@ -3410,16 +3414,16 @@ check_server_hellodone(dtls_context_t *ctx, return dtls_send_finished(ctx, peer, PRF_LABEL(client), PRF_LABEL_SIZE(client)); } -static int +static ssize_t decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length, uint8 **cleartext) { dtls_record_header_t *header = DTLS_RECORD_HEADER(packet); dtls_security_parameters_t *security = dtls_security_params_read_epoch(peer, dtls_get_epoch(header)); - int clen; + ssize_t clen; *cleartext = (uint8 *)packet + sizeof(dtls_record_header_t); - clen = (int) (length - sizeof(dtls_record_header_t)); + clen = length - sizeof(dtls_record_header_t); if (!security) { dtls_alert("No security context for epoch: %i\n", dtls_get_epoch(header)); @@ -3475,7 +3479,7 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length, if (clen < 0) dtls_warn("decryption failed\n"); else { - dtls_debug("decrypt_verify(): found %i bytes cleartext\n", clen); + dtls_debug("decrypt_verify(): found %zd bytes cleartext\n", clen); dtls_security_params_free_other(peer); dtls_debug_dump("cleartext", *cleartext, clen); } @@ -3483,7 +3487,7 @@ decrypt_verify(dtls_peer_t *peer, uint8 *packet, size_t length, return clen; } -static int +static ssize_t dtls_send_hello_request(dtls_context_t *ctx, dtls_peer_t *peer) { return dtls_send_handshake_msg_hash(ctx, peer, &peer->session, @@ -3491,11 +3495,11 @@ dtls_send_hello_request(dtls_context_t *ctx, dtls_peer_t *peer) NULL, 0, 0); } -int +ssize_t dtls_renegotiate(dtls_context_t *ctx, const session_t *dst) { dtls_peer_t *peer = NULL; - int err; + ssize_t err; peer = dtls_get_peer(ctx, dst); @@ -3540,7 +3544,7 @@ dtls_renegotiate(dtls_context_t *ctx, const session_t *dst) * \param data_length The actual length of \p data. * \return Less than zero on error, the number of bytes written otherwise. */ -static int +static ssize_t handle_verified_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { @@ -3552,7 +3556,7 @@ handle_verified_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, * message containing a ClientHello. dtls_get_cipher() therefore * does not check again. */ - int err = dtls_update_parameters(ctx, peer, data, data_length); + ssize_t err = dtls_update_parameters(ctx, peer, data, data_length); if (err < 0) { dtls_warn("error updating security parameters\n"); return err; @@ -3574,10 +3578,10 @@ handle_verified_client_hello(dtls_context_t *ctx, dtls_peer_t *peer, return err; } -static int +static ssize_t handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { - int err = 0; + ssize_t err = 0; const dtls_peer_type role = peer->role; const dtls_state_t state = peer->state; @@ -3607,7 +3611,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t err = check_server_hello_verify_request(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_server_hello_verify_request err: %i\n", err); + dtls_warn("error in check_server_hello_verify_request err: %zd\n", err); return err; } @@ -3620,7 +3624,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t err = check_server_hello(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_server_hello err: %i\n", err); + dtls_warn("error in check_server_hello err: %zd\n", err); return err; } if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(peer->handshake_params->cipher)) @@ -3642,7 +3646,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t } err = check_server_certificate(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_server_certificate err: %i\n", err); + dtls_warn("error in check_server_certificate err: %zd\n", err); return err; } if (role == DTLS_CLIENT) { @@ -3680,7 +3684,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t #endif /* DTLS_PSK */ if (err < 0) { - dtls_warn("error in check_server_key_exchange err: %i\n", err); + dtls_warn("error in check_server_key_exchange err: %zd\n", err); return err; } peer->state = DTLS_STATE_WAIT_SERVERHELLODONE; @@ -3696,7 +3700,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t err = check_server_hellodone(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_server_hellodone err: %i\n", err); + dtls_warn("error in check_server_hellodone err: %zd\n", err); return err; } peer->state = DTLS_STATE_WAIT_CHANGECIPHERSPEC; @@ -3715,7 +3719,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t peer->optional_handshake_message = DTLS_HT_NO_OPTIONAL_MESSAGE; err = check_certificate_request(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_certificate_request err: %i\n", err); + dtls_warn("error in check_certificate_request err: %zd\n", err); return err; } @@ -3731,7 +3735,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t err = check_finished(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_finished err: %i\n", err); + dtls_warn("error in check_finished err: %zd\n", err); return err; } if (role == DTLS_SERVER) { @@ -3775,7 +3779,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t err = check_client_keyexchange(ctx, peer->handshake_params, data, data_length); if (err < 0) { - dtls_warn("error in check_client_keyexchange err: %i\n", err); + dtls_warn("error in check_client_keyexchange err: %zd\n", err); return err; } update_hs_hash(peer, data, data_length); @@ -3801,7 +3805,7 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t err = check_client_certificate_verify(ctx, peer, data, data_length); if (err < 0) { - dtls_warn("error in check_client_certificate_verify err: %i\n", err); + dtls_warn("error in check_client_certificate_verify err: %zd\n", err); return err; } @@ -3891,11 +3895,11 @@ handle_handshake_msg(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t * \param data_length The actual length of \p buf. * \return Less than zero on error, the number of bytes written otherwise. */ -static int +static ssize_t handle_0_verified_client_hello(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer, uint8 *data, size_t data_length) { - int err; + ssize_t err; dtls_peer_t *peer = dtls_get_peer(ctx, ephemeral_peer->session); if (peer) { @@ -3970,7 +3974,7 @@ handle_0_verified_client_hello(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephem * \param data_length The actual length of \p buf. * \return Less than zero on error, the number of bytes written otherwise. */ -static int +static ssize_t handle_0_client_hello(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer, uint8 *data, size_t data_length) { @@ -3978,7 +3982,7 @@ handle_0_client_hello(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer size_t packet_length; size_t fragment_length; size_t fragment_offset; - int err; + ssize_t err; hs_header = DTLS_HANDSHAKE_HEADER(data); @@ -3998,7 +4002,7 @@ handle_0_client_hello(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer ephemeral_peer->mseq = dtls_uint16_to_int(hs_header->message_seq); err = dtls_0_verify_peer(ctx, ephemeral_peer, data, data_length); if (err < 0) { - dtls_warn("error in dtls_verify_peer err: %i\n", err); + dtls_warn("error in dtls_verify_peer err: %zd\n", err); return err; } @@ -4014,11 +4018,11 @@ handle_0_client_hello(dtls_context_t *ctx, dtls_ephemeral_peer_t *ephemeral_peer return err; } -static int +static ssize_t handle_handshake(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t data_length) { dtls_handshake_header_t *hs_header; - int res; + ssize_t res; size_t packet_length; size_t fragment_length; size_t fragment_offset; @@ -4140,11 +4144,11 @@ handle_handshake(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *data, size_t dat return 0; } -static int +static ssize_t handle_ccs(dtls_context_t *ctx, dtls_peer_t *peer, uint8 *record_header, uint8 *data, size_t data_length) { - int err; + ssize_t err; (void)record_header; assert(peer); @@ -4246,7 +4250,7 @@ handle_alert(dtls_context_t *ctx, dtls_peer_t *peer, return free_peer; } -static int dtls_alert_send_from_err(dtls_context_t *ctx, dtls_peer_t *peer, int err) +static int dtls_alert_send_from_err(dtls_context_t *ctx, dtls_peer_t *peer, ssize_t err) { assert(peer); @@ -4265,16 +4269,16 @@ static int dtls_alert_send_from_err(dtls_context_t *ctx, dtls_peer_t *peer, int /** * Handles incoming data as DTLS message from given peer. */ -int +ssize_t dtls_handle_message(dtls_context_t *ctx, session_t *session, - uint8 *msg, int msglen) { + uint8 *msg, size_t msglen) { dtls_peer_t *peer = NULL; - unsigned int rlen; /* record length */ + size_t rlen; /* record length */ uint8 *data; /* (decrypted) payload */ - int data_length; /* length of decrypted payload + ssize_t data_length; /* length of decrypted payload (without MAC and padding) */ - int err; + ssize_t err; /* check for ClientHellos of epoch 0, maybe a peer's start over */ if ((rlen = is_record(msg,msglen))) { @@ -4283,14 +4287,14 @@ dtls_handle_message(dtls_context_t *ctx, uint8_t content_type = dtls_get_content_type(header); const char* content_type_name = dtls_message_type_to_name(content_type); if (content_type_name) { - dtls_info("received message (%d bytes), starting with '%s', epoch %u\n", msglen, content_type_name, epoch); + dtls_info("received message (%zu bytes), starting with '%s', epoch %u\n", msglen, content_type_name, epoch); } else { - dtls_info("received message (%d bytes), starting with unknown ct '%u', epoch %u\n", msglen, content_type, epoch); + dtls_info("received message (%zu bytes), starting with unknown ct '%u', epoch %u\n", msglen, content_type, epoch); } if (DTLS_CT_HANDSHAKE == content_type && 0 == epoch) { dtls_info("handshake message epoch 0\n"); data = msg + DTLS_RH_LENGTH; - data_length = (int) (rlen - DTLS_RH_LENGTH); + data_length = rlen - DTLS_RH_LENGTH; if ((size_t) data_length < DTLS_HS_LENGTH) { dtls_warn("ignore too short handshake message\n"); return 0; @@ -4344,11 +4348,11 @@ dtls_handle_message(dtls_context_t *ctx, uint64_t pkt_seq_nr = dtls_uint48_to_int(header->sequence_number); if (content_type_name) { - dtls_info("got '%s' epoch %u sequence %" PRIu64 " (%d bytes)\n", + dtls_info("got '%s' epoch %u sequence %" PRIu64 " (%zu bytes)\n", content_type_name, epoch, pkt_seq_nr, rlen); } else { - dtls_info("got 'unknown %u' epoch %u sequence %" PRIu64 " (%d bytes)\n", + dtls_info("got 'unknown %u' epoch %u sequence %" PRIu64 " (%zu bytes)\n", content_type, epoch, pkt_seq_nr, rlen); } @@ -4574,9 +4578,9 @@ dtls_free_context(dtls_context_t *ctx) { free_context(ctx); } -int +ssize_t dtls_connect_peer(dtls_context_t *ctx, dtls_peer_t *peer) { - int res; + ssize_t res; assert(peer); if (!peer) @@ -4613,10 +4617,10 @@ dtls_connect_peer(dtls_context_t *ctx, dtls_peer_t *peer) { return res; } -int +ssize_t dtls_connect(dtls_context_t *ctx, const session_t *dst) { dtls_peer_t *peer; - int res; + ssize_t res; peer = dtls_get_peer(ctx, dst); @@ -4652,7 +4656,7 @@ dtls_retransmit(dtls_context_t *context, netq_t *node) { unsigned char sendbuf[DTLS_MAX_BUF]; #endif /* ! DTLS_CONSTRAINED_STACK */ size_t len = sizeof(sendbuf); - int err; + ssize_t err; unsigned char *data = node->data; size_t length = node->length; dtls_tick_t now; @@ -4688,7 +4692,7 @@ dtls_retransmit(dtls_context_t *context, netq_t *node) { err = dtls_prepare_record(node->peer, security, node->type, &data, &length, 1, sendbuf, &len); if (err < 0) { - dtls_warn("can not retransmit packet, err: %i\n", err); + dtls_warn("can not retransmit packet, err: %zd\n", err); goto return_unlock; } dtls_debug_hexdump("retransmit header", sendbuf, sizeof(dtls_record_header_t)); diff --git a/dtls.h b/dtls.h index 8ee0f2cc..b246bdf8 100644 --- a/dtls.h +++ b/dtls.h @@ -86,7 +86,7 @@ typedef struct { * that were sent, or a value less than zero to indicate an * error. */ - int (*write)(struct dtls_context_t *ctx, + ssize_t (*write)(struct dtls_context_t *ctx, session_t *session, uint8 *buf, size_t len); /** @@ -101,7 +101,7 @@ typedef struct { * @param len The actual length of @p buf. * @return ignored */ - int (*read)(struct dtls_context_t *ctx, + ssize_t (*read)(struct dtls_context_t *ctx, session_t *session, uint8 *buf, size_t len); /** @@ -142,7 +142,7 @@ typedef struct { * @return The number of bytes written to @p result or a value * less than zero on error. */ - int (*get_psk_info)(struct dtls_context_t *ctx, + ssize_t (*get_psk_info)(struct dtls_context_t *ctx, const session_t *session, dtls_credentials_type_t type, const unsigned char *desc, size_t desc_len, @@ -260,7 +260,7 @@ static inline void dtls_set_handler(dtls_context_t *ctx, dtls_handler_t *h) { * @param dst The remote party to connect to. * @return A value less than zero on error, greater or equal otherwise. */ -int dtls_connect(dtls_context_t *ctx, const session_t *dst); +ssize_t dtls_connect(dtls_context_t *ctx, const session_t *dst); /** * Establishes a DTLS channel with the specified remote peer. @@ -272,7 +272,7 @@ int dtls_connect(dtls_context_t *ctx, const session_t *dst); * @param peer The peer object that describes the session. * @return A value less than zero on error, greater or equal otherwise. */ -int dtls_connect_peer(dtls_context_t *ctx, dtls_peer_t *peer); +ssize_t dtls_connect_peer(dtls_context_t *ctx, dtls_peer_t *peer); /** * Closes the DTLS connection associated with @p remote. This function @@ -289,7 +289,7 @@ int dtls_close(dtls_context_t *ctx, const session_t *remote); * @param dst The session object that describes the existing session. * @return A value less than zero on error, greater otherwise. */ -int dtls_renegotiate(dtls_context_t *ctx, const session_t *dst); +ssize_t dtls_renegotiate(dtls_context_t *ctx, const session_t *dst); /** * Writes the application data given in multiple buffers to the peer @@ -304,7 +304,7 @@ int dtls_renegotiate(dtls_context_t *ctx, const session_t *dst); * @return The number of bytes written, @c -1 on error or @c 0 * if the peer already exists but is not connected yet. */ -int dtls_writev(struct dtls_context_t *ctx, +ssize_t dtls_writev(struct dtls_context_t *ctx, session_t *session, uint8 *buf_array[], size_t buf_len_array[], size_t buf_array_len); @@ -320,7 +320,7 @@ int dtls_writev(struct dtls_context_t *ctx, * @return The number of bytes written, @c -1 on error or @c 0 * if the peer already exists but is not connected yet. */ -int dtls_write(struct dtls_context_t *ctx, session_t *session, +ssize_t dtls_write(struct dtls_context_t *ctx, session_t *session, uint8 *buf, size_t len); /** @@ -427,8 +427,8 @@ int dtls_record_read(dtls_state_t *state, uint8 *msg, int msglen); * @param msglen The actual length of @p msg. * @return A value less than zero on error, zero on success. */ -int dtls_handle_message(dtls_context_t *ctx, session_t *session, - uint8 *msg, int msglen); +ssize_t dtls_handle_message(dtls_context_t *ctx, session_t *session, + uint8 *msg, size_t msglen); /** * Check if @p session is associated with a peer object in @p context. @@ -482,8 +482,8 @@ void dtls_reset_peer(dtls_context_t *context, dtls_peer_t *peer); * * The AES implementation is taken from rijndael.{c,h} contained in the crypto * sub-system of the OpenBSD operating system. It is copyright by Vincent Rijmen, * - * Antoon Bosselaers and Paulo Barreto. See rijndael.c + * Antoon Bosselaers and Paulo Barreto. See rijndael.c * for License info. * * @section download Getting the Files diff --git a/dtls_prng.h b/dtls_prng.h index c445c80d..fdc8b74e 100644 --- a/dtls_prng.h +++ b/dtls_prng.h @@ -42,7 +42,7 @@ * * @return 1 buffer filled */ -int dtls_prng(unsigned char *buf, size_t len); +size_t dtls_prng(unsigned char *buf, size_t len); /** * Seeds the random number generator used by the function dtls_prng() diff --git a/hmac.c b/hmac.c index 962714bf..156c7c86 100644 --- a/hmac.c +++ b/hmac.c @@ -61,7 +61,7 @@ dtls_hmac_init(dtls_hmac_context_t *ctx, const unsigned char *key, size_t klen) ctx->pad[i] ^= 0x6A; } -int +size_t dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result) { unsigned char buf[DTLS_HMAC_DIGEST_SIZE]; size_t len; @@ -77,7 +77,7 @@ dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result) { len = dtls_hash_finalize(result, &ctx->data); - return (int) len; + return len; } #ifdef HMAC_TEST diff --git a/hmac.h b/hmac.h index 67ceaa7a..876ac8f8 100644 --- a/hmac.h +++ b/hmac.h @@ -144,7 +144,7 @@ void dtls_hmac_update(dtls_hmac_context_t *ctx, * \param result Output parameter where the MAC is written to. * \return Length of the MAC written to \p result. */ -int dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result); +size_t dtls_hmac_finalize(dtls_hmac_context_t *ctx, unsigned char *result); /**@}*/ diff --git a/platform-specific/dtls_prng_contiki.c b/platform-specific/dtls_prng_contiki.c index 4730f77b..20b58ab3 100644 --- a/platform-specific/dtls_prng_contiki.c +++ b/platform-specific/dtls_prng_contiki.c @@ -23,11 +23,11 @@ #include #include "random.h" -int +size_t dtls_prng(unsigned char *buf, size_t len) { #ifdef HAVE_PRNG - return contiki_prng_impl(buf, len); + contiki_prng_impl(buf, len); #else /* ! HAVE_PRNG */ /** * Fills \p buf with \p len random bytes. This is the default @@ -43,9 +43,10 @@ dtls_prng(unsigned char *buf, size_t len) } memcpy(buf, &v, len); +#endif /* ! HAVE_PRNG */ + return len; } -#endif /* ! HAVE_PRNG */ void dtls_prng_init(unsigned seed) diff --git a/platform-specific/dtls_prng_espidf.c b/platform-specific/dtls_prng_espidf.c index 084bcecb..c2140257 100644 --- a/platform-specific/dtls_prng_espidf.c +++ b/platform-specific/dtls_prng_espidf.c @@ -29,7 +29,7 @@ * implementation for prng(). You might want to change prng() to use * a better PRNG on your specific platform. */ -int +size_t dtls_prng(unsigned char *buf, size_t len) { esp_fill_random(buf, len); return len; diff --git a/platform-specific/dtls_prng_posix.c b/platform-specific/dtls_prng_posix.c index 25646481..5b3992e7 100644 --- a/platform-specific/dtls_prng_posix.c +++ b/platform-specific/dtls_prng_posix.c @@ -33,15 +33,15 @@ * implementation for prng(). You might want to change prng() to use * a better PRNG on your specific platform. */ -int +size_t dtls_prng(unsigned char *buf, size_t len) { #ifdef HAVE_GETRANDOM - return (int) getrandom(buf, len, 0); + return getrandom(buf, len, 0); #else /* !HAVE_GETRANDOM */ size_t klen = len; while (len--) *buf++ = rand() & 0xFF; - return (int) klen; + return klen; #endif /* !HAVE_GETRANDOM */ } diff --git a/platform-specific/dtls_prng_riot.c b/platform-specific/dtls_prng_riot.c index 3a03b7ff..32063d3b 100644 --- a/platform-specific/dtls_prng_riot.c +++ b/platform-specific/dtls_prng_riot.c @@ -22,7 +22,7 @@ #include "dtls_prng.h" #include "random.h" -int +size_t dtls_prng(unsigned char *buf, size_t len) { random_bytes(buf, len); return len; diff --git a/platform-specific/dtls_prng_win.c b/platform-specific/dtls_prng_win.c index ffdf9923..db96a1bb 100644 --- a/platform-specific/dtls_prng_win.c +++ b/platform-specific/dtls_prng_win.c @@ -28,7 +28,7 @@ __declspec(dllimport) int __cdecl rand_s(unsigned int*); * Fills @p buf with @p len random bytes. Returns a non-zero * value on error. */ -int +size_t dtls_prng(unsigned char *buf, size_t len) { errno_t err; unsigned int number; @@ -41,7 +41,7 @@ dtls_prng(unsigned char *buf, size_t len) { } *buf++ = number & 0xFF; } - return (int) klen; + return klen; } void diff --git a/platform-specific/dtls_prng_zephyr.c b/platform-specific/dtls_prng_zephyr.c index e2f9a703..a02f9354 100644 --- a/platform-specific/dtls_prng_zephyr.c +++ b/platform-specific/dtls_prng_zephyr.c @@ -22,7 +22,7 @@ #include "dtls_prng.h" #include "random/rand32.h" -int +size_t dtls_prng(unsigned char *buf, size_t len) { sys_csrand_get(buf, len); return len; diff --git a/tests/dtls-client.c b/tests/dtls-client.c index ea77f9f2..9669fb18 100644 --- a/tests/dtls-client.c +++ b/tests/dtls-client.c @@ -1,4 +1,4 @@ -#include "tinydtls.h" +#include "tinydtls.h" /* This is needed for apple */ #define __APPLE_USE_RFC_3542 @@ -19,9 +19,9 @@ #include #include -#include "global.h" +#include "global.h" #include "dtls_debug.h" -#include "dtls.h" +#include "dtls.h" #define DEFAULT_PORT 20220 @@ -104,7 +104,7 @@ static size_t psk_key_length = 0; /* This function is the "key store" for tinyDTLS. It is called to * retrieve a key for the given identity within this particular * session. */ -static int +static ssize_t get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM, const session_t *session UNUSED_PARAM, dtls_credentials_type_t type, @@ -123,7 +123,7 @@ get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM, } memcpy(result, psk_id, psk_id_length); - return (int) psk_id_length; + return psk_id_length; case DTLS_PSK_KEY: if (id_len != psk_id_length || memcmp(psk_id, id, id_len) != 0) { dtls_warn("PSK for unknown id requested, exiting\n"); @@ -134,7 +134,7 @@ get_psk_info(struct dtls_context_t *ctx UNUSED_PARAM, } memcpy(result, psk_key, psk_key_length); - return (int) psk_key_length; + return psk_key_length; case DTLS_PSK_HINT: default: dtls_warn("unsupported request type: %d\n", type); @@ -179,7 +179,7 @@ verify_ecdsa_key(struct dtls_context_t *ctx, static void try_send(struct dtls_context_t *ctx, session_t *dst, size_t len, char *buf) { - int res; + ssize_t res; res = dtls_write(ctx, dst, (uint8 *)buf, len); if (res >= 0) { memmove(buf, buf + res, len - res); @@ -193,8 +193,8 @@ handle_stdin(size_t *len, char *buf) { *len += strlen(buf + *len); } -static int -read_from_peer(struct dtls_context_t *ctx, +static ssize_t +read_from_peer(struct dtls_context_t *ctx, session_t *session, uint8 *data, size_t len) { size_t i; (void)ctx; @@ -205,33 +205,33 @@ read_from_peer(struct dtls_context_t *ctx, return 0; } -static int -send_to_peer(struct dtls_context_t *ctx, +static ssize_t +send_to_peer(struct dtls_context_t *ctx, session_t *session, uint8 *data, size_t len) { int fd = *(int *)dtls_get_app_data(ctx); - return (int) sendto(fd, data, len, MSG_DONTWAIT, + return sendto(fd, data, len, MSG_DONTWAIT, &session->addr.sa, session->size); } -static int +static ssize_t dtls_handle_read(struct dtls_context_t *ctx) { int fd; session_t session; #define MAX_READ_BUF 2000 static uint8 buf[MAX_READ_BUF]; - int len; + ssize_t len; fd = *(int *)dtls_get_app_data(ctx); - + if (!fd) return -1; memset(&session, 0, sizeof(session_t)); session.size = sizeof(session.addr); - len = (int) recvfrom(fd, buf, MAX_READ_BUF, 0, + len = recvfrom(fd, buf, MAX_READ_BUF, 0, &session.addr.sa, &session.size); - + if (len < 0) { perror("recvfrom"); return -1; @@ -241,7 +241,7 @@ dtls_handle_read(struct dtls_context_t *ctx) { } return dtls_handle_message(ctx, &session, buf, len); -} +} static void dtls_handle_signal(int sig) { @@ -254,7 +254,7 @@ static void dtls_handle_signal(int sig) /* stolen from libcoap: */ static int resolve_address(const char *server, struct sockaddr *dst) { - + struct addrinfo *res, *ainfo; struct addrinfo hints; static char addrstr[256]; @@ -345,7 +345,7 @@ static dtls_handler_t cb = { */ #define DTLS_CLIENT_CMD_REHANDSHAKE "client:rehandshake" -int +int main(int argc, char **argv) { fd_set rfds, wfds; struct timeval timeout; @@ -398,7 +398,7 @@ main(int argc, char **argv) { case 'o' : output_file.length = strlen(optarg); output_file.s = (unsigned char *)malloc(output_file.length + 1); - + if (!output_file.s) { dtls_crit("cannot set output file: insufficient memory\n"); exit(-1); @@ -417,12 +417,12 @@ main(int argc, char **argv) { } dtls_set_log_level(log_level); - + if (argc <= optind) { usage(argv[0], dtls_package_version()); exit(1); } - + memset(&dst, 0, sizeof(session_t)); /* resolve destination address where server should be sent */ res = resolve_address(argv[optind++], &dst.addr.sa); @@ -436,7 +436,7 @@ main(int argc, char **argv) { port, otherwise */ dst.addr.sin.sin_port = htons((u_short) atoi(optind < argc ? argv[optind++] : port_str)); - + /* init socket and set it to non-blocking */ fd = socket(dst.addr.sa.sa_family, SOCK_DGRAM, 0); @@ -493,12 +493,12 @@ main(int argc, char **argv) { FD_SET(fileno(stdin), &rfds); FD_SET(fd, &rfds); /* FD_SET(fd, &wfds); */ - + timeout.tv_sec = 5; timeout.tv_usec = 0; - + result = select(fd+1, &rfds, &wfds, 0, &timeout); - + if (result < 0) { /* error */ if (errno != EINTR) perror("select"); @@ -527,7 +527,7 @@ main(int argc, char **argv) { !memcmp(buf, DTLS_CLIENT_CMD_REHANDSHAKE, strlen(DTLS_CLIENT_CMD_REHANDSHAKE))) { printf("client: rehandshake connection\n"); if (orig_dtls_context == NULL) { - /* Cache the current context. We cannot free the current context as it will notify + /* Cache the current context. We cannot free the current context as it will notify * the Server to close the connection (which we do not want). */ orig_dtls_context = dtls_context; @@ -546,7 +546,7 @@ main(int argc, char **argv) { } } } - + dtls_free_context(dtls_context); dtls_free_context(orig_dtls_context); exit(0); diff --git a/tests/dtls-server.c b/tests/dtls-server.c index 628d2c94..a8c4824e 100644 --- a/tests/dtls-server.c +++ b/tests/dtls-server.c @@ -13,8 +13,8 @@ #endif /* HAVE_SYS_TIME_H */ #include -#include "tinydtls.h" -#include "dtls.h" +#include "tinydtls.h" +#include "dtls.h" #include "dtls_debug.h" #ifdef IS_WINDOWS @@ -56,7 +56,7 @@ static const unsigned char ecdsa_pub_key_y[] = { /* This function is the "key store" for tinyDTLS. It is called to * retrieve a key for the given identity within this particular * session. */ -static int +static ssize_t get_psk_info(struct dtls_context_t *ctx, const session_t *session, dtls_credentials_type_t type, const unsigned char *id, size_t id_len, @@ -92,7 +92,7 @@ get_psk_info(struct dtls_context_t *ctx, const session_t *session, } memcpy(result, psk[i].key, psk[i].key_length); - return (int) psk[i].key_length; + return psk[i].key_length; } } } @@ -138,8 +138,8 @@ verify_ecdsa_key(struct dtls_context_t *ctx, #define DTLS_SERVER_CMD_CLOSE "server:close" #define DTLS_SERVER_CMD_RENEGOTIATE "server:renegotiate" -static int -read_from_peer(struct dtls_context_t *ctx, +static ssize_t +read_from_peer(struct dtls_context_t *ctx, session_t *session, uint8 *data, size_t len) { if (write(STDOUT_FILENO, data, len) == -1) dtls_debug("write failed: %s\n", strerror(errno)); @@ -147,32 +147,33 @@ read_from_peer(struct dtls_context_t *ctx, !memcmp(data, DTLS_SERVER_CMD_CLOSE, strlen(DTLS_SERVER_CMD_CLOSE))) { printf("server: closing connection\n"); dtls_close(ctx, session); - return (int) len; + return len; } else if (len >= strlen(DTLS_SERVER_CMD_RENEGOTIATE) && !memcmp(data, DTLS_SERVER_CMD_RENEGOTIATE, strlen(DTLS_SERVER_CMD_RENEGOTIATE))) { printf("server: renegotiate connection\n"); dtls_renegotiate(ctx, session); - return (int) len; + return len; } return dtls_write(ctx, session, data, len); } -static int -send_to_peer(struct dtls_context_t *ctx, +static ssize_t +send_to_peer(struct dtls_context_t *ctx, session_t *session, uint8 *data, size_t len) { int fd = *(int *)dtls_get_app_data(ctx); - return (int) sendto(fd, data, len, MSG_DONTWAIT, + return sendto(fd, data, len, MSG_DONTWAIT, &session->addr.sa, session->size); } -static int +static ssize_t dtls_handle_read(struct dtls_context_t *ctx) { int *fd; session_t session; static uint8 buf[DTLS_MAX_BUF]; - int len; + ssize_t len; + size_t bytes_lost; fd = dtls_get_app_data(ctx); @@ -180,22 +181,23 @@ dtls_handle_read(struct dtls_context_t *ctx) { memset(&session, 0, sizeof(session_t)); session.size = sizeof(session.addr); - len = (int) recvfrom(*fd, buf, sizeof(buf), MSG_TRUNC, + len = recvfrom(*fd, buf, sizeof(buf), MSG_TRUNC, &session.addr.sa, &session.size); if (len < 0) { perror("recvfrom"); return -1; } else { - dtls_debug("got %d bytes from port %d\n", len, + dtls_debug("got %zd bytes from port %d\n", len, ntohs(session.addr.sin6.sin6_port)); - if (sizeof(buf) < (size_t)len) { - dtls_warn("packet was truncated (%ld bytes lost)\n", len - sizeof(buf)); + bytes_lost = len - sizeof(buf); + if (bytes_lost > 0) { + dtls_warn("packet was truncated (%lu bytes lost)\n", bytes_lost); } } return dtls_handle_message(ctx, &session, buf, len); -} +} static void dtls_handle_signal(int sig) { @@ -204,13 +206,14 @@ static void dtls_handle_signal(int sig) kill(getpid(), sig); } -static int +static ssize_t resolve_address(const char *server, struct sockaddr *dst) { - + struct addrinfo *res, *ainfo; struct addrinfo hints; static char addrstr[256]; - int error, len=-1; + int error; + ssize_t len = -1; memset(addrstr, 0, sizeof(addrstr)); if (server && strlen(server) > 0) @@ -233,7 +236,7 @@ resolve_address(const char *server, struct sockaddr *dst) { switch (ainfo->ai_family) { case AF_INET6: case AF_INET: - len = (int)ainfo->ai_addrlen; + len = ainfo->ai_addrlen; memcpy(dst, ainfo->ai_addr, len); goto finish; default: @@ -276,7 +279,7 @@ static dtls_handler_t cb = { #endif /* DTLS_ECC */ }; -int +int main(int argc, char **argv) { log_t log_level = DTLS_LOG_WARN; fd_set rfds, wfds; @@ -389,12 +392,12 @@ main(int argc, char **argv) { FD_SET(fd, &rfds); /* FD_SET(fd, &wfds); */ - + timeout.tv_sec = 5; timeout.tv_usec = 0; - + result = select( fd+1, &rfds, &wfds, 0, &timeout); - + if (result < 0) { /* error */ if (errno != EINTR) perror("select"); @@ -407,7 +410,7 @@ main(int argc, char **argv) { } } } - + error: dtls_free_context(the_context); exit(0); diff --git a/tests/unit-tests/test_ccm.c b/tests/unit-tests/test_ccm.c index d25d1a28..45ff1542 100644 --- a/tests/unit-tests/test_ccm.c +++ b/tests/unit-tests/test_ccm.c @@ -49,7 +49,7 @@ t_test_encrypt_message(void) { static void t_test_decrypt_message(void) { size_t n; - int len; + ssize_t len; rijndael_ctx ctx; for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { @@ -59,11 +59,11 @@ t_test_decrypt_message(void) { assert(data[n].r_lm - data[n].la <= sizeof(buf)); memcpy(buf, data[n].result + data[n].la, data[n].r_lm - data[n].la); - len = (int) dtls_ccm_decrypt_message(&ctx, data[n].M, data[n].L, data[n].nonce, + len = dtls_ccm_decrypt_message(&ctx, data[n].M, data[n].L, data[n].nonce, buf, data[n].r_lm - data[n].la, data[n].result, data[n].la); - CU_ASSERT((size_t)len == data[n].lm - data[n].la); + CU_ASSERT(len == data[n].lm - data[n].la); CU_ASSERT(memcmp(buf, data[n].msg + data[n].la, len) == 0); } } @@ -72,7 +72,7 @@ static void t_test_dtls_encrypt_params(void) { size_t n; int len; - + for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { dtls_ccm_params_t params = { .nonce = data[n].nonce, @@ -126,7 +126,7 @@ static void t_test_dtls_encrypt(void) { size_t n; int len; - + for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { /* The backwards-compatible dtls_encrypt() and dtls_decrypt() * only handle cipher suites with M=8 and L=3. */ @@ -149,7 +149,7 @@ static void t_test_dtls_decrypt(void) { size_t n; int len; - + for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { /* The backwards-compatible dtls_encrypt() and dtls_decrypt() * only handle cipher suites with M=8 and L=3. */ From f8e2bb0525333b4480d079ba9596361ef775a05b Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 16 Nov 2022 01:25:26 +0100 Subject: [PATCH 24/28] fixup! treewide: make type casts explicit --- ccm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccm.h b/ccm.h index c4a93c66..7a3414b4 100644 --- a/ccm.h +++ b/ccm.h @@ -54,8 +54,8 @@ dtls_ccm_encrypt_message(rijndael_ctx *ctx, size_t M, size_t L, unsigned char *msg, size_t lm, const unsigned char *aad, size_t la); -dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, ssize_t +dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, const unsigned char nonce[DTLS_CCM_BLOCKSIZE], unsigned char *msg, size_t lm, const unsigned char *aad, size_t la); From b45aab490b560293fbbc30cf458347f0cbc67080 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 16 Nov 2022 01:28:48 +0100 Subject: [PATCH 25/28] fixup! treewide: make type casts explicit --- crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto.c b/crypto.c index 2c66dd32..c4d71b8d 100644 --- a/crypto.c +++ b/crypto.c @@ -311,12 +311,12 @@ dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen, return len; } -static size_t +static ssize_t dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen, unsigned char *buf, const unsigned char *nonce, const unsigned char *aad, size_t la) { - long int len; + ssize_t len; (void)src; assert(ccm_ctx); From 439928941df0438e2d04e97ebdd1e2a5f14a6bb3 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 16 Nov 2022 01:34:20 +0100 Subject: [PATCH 26/28] fixup! treewide: make type casts explicit --- tests/unit-tests/test_ccm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/unit-tests/test_ccm.c b/tests/unit-tests/test_ccm.c index 45ff1542..be3e57f5 100644 --- a/tests/unit-tests/test_ccm.c +++ b/tests/unit-tests/test_ccm.c @@ -63,7 +63,7 @@ t_test_decrypt_message(void) { buf, data[n].r_lm - data[n].la, data[n].result, data[n].la); - CU_ASSERT(len == data[n].lm - data[n].la); + CU_ASSERT((size_t)len == data[n].lm - data[n].la); CU_ASSERT(memcmp(buf, data[n].msg + data[n].la, len) == 0); } } @@ -71,7 +71,7 @@ t_test_decrypt_message(void) { static void t_test_dtls_encrypt_params(void) { size_t n; - int len; + ssize_t len; for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { dtls_ccm_params_t params = @@ -125,7 +125,7 @@ t_test_dtls_decrypt_params(void) { static void t_test_dtls_encrypt(void) { size_t n; - int len; + ssize_t len; for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { /* The backwards-compatible dtls_encrypt() and dtls_decrypt() @@ -148,7 +148,7 @@ t_test_dtls_encrypt(void) { static void t_test_dtls_decrypt(void) { size_t n; - int len; + ssize_t len; for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { /* The backwards-compatible dtls_encrypt() and dtls_decrypt() From af47634534cbd88312649202fbd743979bc49c6a Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 16 Nov 2022 01:38:45 +0100 Subject: [PATCH 27/28] fixup! treewide: make type casts explicit --- tests/unit-tests/test_ccm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit-tests/test_ccm.c b/tests/unit-tests/test_ccm.c index be3e57f5..4e1d28d4 100644 --- a/tests/unit-tests/test_ccm.c +++ b/tests/unit-tests/test_ccm.c @@ -97,7 +97,7 @@ t_test_dtls_encrypt_params(void) { static void t_test_dtls_decrypt_params(void) { size_t n; - int len; + ssize_t len; for (n = 0; n < sizeof(data)/sizeof(struct test_vector); ++n) { dtls_ccm_params_t params = From 6f79c4f3f0050d87d0523e56f1742eb9904f14e2 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 16 Nov 2022 01:45:13 +0100 Subject: [PATCH 28/28] fixup! treewide: make type casts explicit --- tests/unit-tests/test_ecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit-tests/test_ecc.c b/tests/unit-tests/test_ecc.c index a2dc99fe..4969d56b 100644 --- a/tests/unit-tests/test_ecc.c +++ b/tests/unit-tests/test_ecc.c @@ -129,7 +129,7 @@ t_test_ecc_dh(void) { uint32_t tempBy2[8]; uint32_t secretA[8]; uint32_t secretB[8]; - int ret; + size_t ret; ret = dtls_prng((void *)secretA, sizeof(secretA)); CU_ASSERT(ret > 1);