Fix compiler warnings from Clang 10 and GCC 9.

diff --git a/catta b/catta
index 08ac450b42b7533e97c02c02bbbef8946b9582fb..bb173469810e4c7de19e53793d4af2e27e6e222c 160000 (submodule)
--- a/catta
+++ b/catta
@@ -1 +1 @@
-Subproject commit 08ac450b42b7533e97c02c02bbbef8946b9582fb
+Subproject commit bb173469810e4c7de19e53793d4af2e27e6e222c

diff --git a/src/chacha-poly1305/chacha-poly1305.c b/src/chacha-poly1305/chacha-poly1305.c
index 2711abb29eb04455ac38a77f0c9a14b3cb66b5a7..3b89b749e923e9c8fa5a1319ef48085c1d0f8a45 100644 (file)
--- a/src/chacha-poly1305/chacha-poly1305.c
+++ b/src/chacha-poly1305/chacha-poly1305.c
@@ -68,6 +68,30 @@ bool chacha_poly1305_encrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const v
        return true;
 }
 
+bool chacha_poly1305_verify(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen) {
+       uint8_t seqbuf[8];
+       uint8_t expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
+
+       /*
+        * Run ChaCha20 once to generate the Poly1305 key. The IV is the
+        * packet sequence number.
+        */
+       memset(poly_key, 0, sizeof(poly_key));
+       put_u64(seqbuf, seqnr);
+       chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL);
+       chacha_encrypt_bytes(&ctx->main_ctx, poly_key, poly_key, sizeof(poly_key));
+
+       /* Check tag before anything else */
+       inlen -= POLY1305_TAGLEN;
+       const uint8_t *tag = (const uint8_t *)indata + inlen;
+
+       poly1305_auth(expected_tag, indata, inlen, poly_key);
+       if (memcmp(expected_tag, tag, POLY1305_TAGLEN))
+               return false;
+
+       return true;
+}
+
 bool chacha_poly1305_decrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen, void *outdata, size_t *outlen) {
        uint8_t seqbuf[8];
        const uint8_t one[8] = { 1, 0, 0, 0, 0, 0, 0, 0 };      /* NB little-endian */

diff --git a/src/chacha-poly1305/chacha-poly1305.h b/src/chacha-poly1305/chacha-poly1305.h
index f6fbbb670d00e910bbdb3671123ba92baaa11a56..7c6c30a9d7e4bbb958d752293b10a08c6a69412c 100644 (file)
--- a/src/chacha-poly1305/chacha-poly1305.h
+++ b/src/chacha-poly1305/chacha-poly1305.h
@@ -10,6 +10,7 @@ extern void chacha_poly1305_exit(chacha_poly1305_ctx_t *);
 extern bool chacha_poly1305_set_key(chacha_poly1305_ctx_t *ctx, const void *key);
 
 extern bool chacha_poly1305_encrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen, void *outdata, size_t *outlen);
+extern bool chacha_poly1305_verify(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen);
 extern bool chacha_poly1305_decrypt(chacha_poly1305_ctx_t *ctx, uint64_t seqnr, const void *indata, size_t inlen, void *outdata, size_t *outlen);
 
 extern bool chacha_poly1305_encrypt_iv96(chacha_poly1305_ctx_t *ctx, const uint8_t *seqbuf, const void *indata, size_t inlen, void *outdata, size_t *outlen);

diff --git a/src/meshlink.c b/src/meshlink.c
index a9e1b551df18362848fc68a7b5e1f7a0f1192850..1b33e88d47d3e3a9801c907f44be42d1a617f306 100644 (file)
--- a/src/meshlink.c
+++ b/src/meshlink.c
@@ -1196,7 +1196,8 @@ meshlink_handle_t *meshlink_open_encrypted(const char *confbase, const char *nam
        }
 
        /* Create a temporary struct on the stack, to avoid allocating and freeing one. */
-       meshlink_open_params_t params = {NULL};
+       meshlink_open_params_t params;
+       memset(&params, 0, sizeof(params));
 
        params.confbase = (char *)confbase;
        params.name = (char *)name;
@@ -1213,7 +1214,8 @@ meshlink_handle_t *meshlink_open_encrypted(const char *confbase, const char *nam
 
 meshlink_handle_t *meshlink_open_ephemeral(const char *name, const char *appname, dev_class_t devclass) {
        /* Create a temporary struct on the stack, to avoid allocating and freeing one. */
-       meshlink_open_params_t params = {NULL};
+       meshlink_open_params_t params;
+       memset(&params, 0, sizeof(params));
 
        params.name = (char *)name;
        params.appname = (char *)appname;
@@ -2298,7 +2300,8 @@ char *meshlink_invite_ex(meshlink_handle_t *mesh, meshlink_submesh_t *submesh, c
         * Note: make sure we only add config files of nodes that are in the core mesh or the same submesh,
         * and are not blacklisted.
         */
-       config_t configs[5] = {NULL};
+       config_t configs[5];
+       memset(configs, 0, sizeof(configs));
        int count = 0;
 
        if(config_read(mesh, "current", mesh->self->name, &configs[count], mesh->config_key)) {

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 1193b43ce6c3b09df65a995db5a783f55f752f31..5ae4501e2cbb6feee7f7d62f954b50b9f3ba1fa1 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -329,7 +329,7 @@ bool id_h(meshlink_handle_t *mesh, connection_t *c, const char *request) {
        }
 
        if(n->status.blacklisted) {
-               logger(mesh, MESHLINK_EPEER, "Peer %s is blacklisted", c->name);
+               logger(mesh, MESHLINK_WARNING, "Peer %s is blacklisted", c->name);
                return false;
        }
 

diff --git a/src/sptps.c b/src/sptps.c
index 9017656a353802bd6deeb4e656407a1a9f05971a..be16d5ea2d71c8768b9aae623f2492bfc4363d96 100644 (file)
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -443,9 +443,7 @@ bool sptps_verify_datagram(sptps_t *s, const void *data, size_t len) {
        seqno = ntohl(seqno);
        // TODO: check whether seqno makes sense, to avoid CPU intensive decrypt
 
-       char buffer[len];
-       size_t outlen;
-       return chacha_poly1305_decrypt(s->incipher, seqno, (const char *)data + 4, len - 4, buffer, &outlen);
+       return chacha_poly1305_verify(s->incipher, seqno, (const char *)data + 4, len - 4);
 }
 
 // Receive incoming data, datagram version.
@@ -478,11 +476,20 @@ static bool sptps_receive_data_datagram(sptps_t *s, const void *vdata, size_t le
 
        // Decrypt
 
-       char buffer[len];
+       if(len > s->decrypted_buffer_len) {
+               s->decrypted_buffer_len *= 2;
+               char *new_buffer = realloc(s->decrypted_buffer, s->decrypted_buffer_len);
+
+               if(!new_buffer) {
+                       return error(s, errno, strerror(errno));
+               }
+
+               s->decrypted_buffer = new_buffer;
+       }
 
        size_t outlen;
 
-       if(!chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, buffer, &outlen)) {
+       if(!chacha_poly1305_decrypt(s->incipher, seqno, data + 4, len - 4, s->decrypted_buffer, &outlen)) {
                return error(s, EIO, "Failed to decrypt and verify packet");
        }
 
@@ -526,20 +533,20 @@ static bool sptps_receive_data_datagram(sptps_t *s, const void *vdata, size_t le
        }
 
        // Append a NULL byte for safety.
-       buffer[len - 20] = 0;
+       s->decrypted_buffer[len - 20] = 0;
 
-       uint8_t type = buffer[0];
+       uint8_t type = s->decrypted_buffer[0];
 
        if(type < SPTPS_HANDSHAKE) {
                if(!s->instate) {
                        return error(s, EIO, "Application record received before handshake finished");
                }
 
-               if(!s->receive_record(s->handle, type, buffer + 1, len - 21)) {
+               if(!s->receive_record(s->handle, type, s->decrypted_buffer + 1, len - 21)) {
                        abort();
                }
        } else if(type == SPTPS_HANDSHAKE) {
-               if(!receive_handshake(s, buffer + 1, len - 21)) {
+               if(!receive_handshake(s, s->decrypted_buffer + 1, len - 21)) {
                        abort();
                }
        } else {
@@ -669,6 +676,12 @@ bool sptps_start(sptps_t *s, void *handle, bool initiator, bool datagram, ecdsa_
        s->mykey = mykey;
        s->hiskey = hiskey;
        s->replaywin = 32;
+       s->decrypted_buffer_len = 1024;
+       s->decrypted_buffer = malloc(s->decrypted_buffer_len);
+
+       if(!s->decrypted_buffer) {
+               return error(s, errno, strerror(errno));
+       }
 
        if(s->replaywin) {
                s->late = malloc(s->replaywin);
@@ -719,6 +732,8 @@ bool sptps_stop(sptps_t *s) {
        free(s->key);
        free(s->label);
        free(s->late);
+       memset(s->decrypted_buffer, 0, s->decrypted_buffer_len);
+       free(s->decrypted_buffer);
        memset(s, 0, sizeof(*s));
        return true;
 }

diff --git a/src/sptps.h b/src/sptps.h
index 23066846d56d4f8f7c0ca09c32d820a42b573502..66ac564a4a3d6bf6fbfc31d35f926c37af6cd71b 100644 (file)
--- a/src/sptps.h
+++ b/src/sptps.h
@@ -66,6 +66,9 @@ typedef struct sptps {
 
        char *late;
 
+       char *decrypted_buffer;
+       size_t decrypted_buffer_len;
+
        // Callbacks
        void *handle;
        send_data_t send_data;