diff --git a/lib/base64.c b/lib/base64.c index cf6aa130..bb4dce86 100644 --- a/lib/base64.c +++ b/lib/base64.c @@ -345,7 +345,7 @@ base64_decode_ctx_init (struct base64_decode_context *ctx) and return CTX->buf. In either case, advance *IN to point to the byte after the last one processed, and set *N_NON_NEWLINE to the number of verified non-newline bytes accessible through the returned pointer. */ -static char * +static const char * get_4 (struct base64_decode_context *ctx, char const *restrict *in, char const *restrict in_end, size_t *n_non_newline) @@ -361,7 +361,7 @@ get_4 (struct base64_decode_context *ctx, /* This is the common case: no newline. */ *in += 4; *n_non_newline = 4; - return (char *) t; + return (const char *) t; } } diff --git a/lib/crypto_backend/argon2/argon2.c b/lib/crypto_backend/argon2/argon2.c index 795b429e..c44c9275 100644 --- a/lib/crypto_backend/argon2/argon2.c +++ b/lib/crypto_backend/argon2/argon2.c @@ -23,6 +23,9 @@ #include "encoding.h" #include "core.h" +/* to silent gcc -Wcast-qual for const cast */ +#define CONST_CAST(x) (x)(uintptr_t) + const char *argon2_type2string(argon2_type type, int uppercase) { switch (type) { case Argon2_d: @@ -283,7 +286,7 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, goto fail; } - ctx.pwd = (uint8_t *)pwd; + ctx.pwd = CONST_CAST(uint8_t *)pwd; ctx.pwdlen = (uint32_t)pwdlen; ret = decode_string(&ctx, encoded, type); @@ -346,7 +349,7 @@ int argon2_verify_ctx(argon2_context *context, const char *hash, return ret; } - if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) { + if (argon2_compare(CONST_CAST(uint8_t *)hash, context->out, context->outlen)) { return ARGON2_VERIFY_MISMATCH; } diff --git a/lib/crypto_backend/argon2/blake2/blake2-impl.h b/lib/crypto_backend/argon2/blake2/blake2-impl.h index 241f0beb..e77ad92f 100644 --- a/lib/crypto_backend/argon2/blake2/blake2-impl.h +++ b/lib/crypto_backend/argon2/blake2/blake2-impl.h @@ -151,6 +151,4 @@ static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { return (w >> c) | (w << (64 - c)); } -void clear_internal_memory(void *v, size_t n); - #endif diff --git a/lib/crypto_backend/argon2/blake2/blake2b.c b/lib/crypto_backend/argon2/blake2/blake2b.c index ca05df59..b8651f26 100644 --- a/lib/crypto_backend/argon2/blake2/blake2b.c +++ b/lib/crypto_backend/argon2/blake2/blake2b.c @@ -22,6 +22,8 @@ #include "blake2.h" #include "blake2-impl.h" +void clear_internal_memory(void *v, size_t n); + static const uint64_t blake2b_IV[8] = { UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b), UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1), diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c index 87818524..8e0a2a5c 100644 --- a/lib/crypto_backend/argon2/core.c +++ b/lib/crypto_backend/argon2/core.c @@ -395,11 +395,11 @@ int validate_inputs(const argon2_context *context) { return ARGON2_PWD_PTR_MISMATCH; } } - +#if ARGON2_MIN_PWD_LENGTH > 0 /* cryptsetup: fix gcc warning */ if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) { return ARGON2_PWD_TOO_SHORT; } - +#endif if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { return ARGON2_PWD_TOO_LONG; } @@ -425,9 +425,11 @@ int validate_inputs(const argon2_context *context) { return ARGON2_SECRET_PTR_MISMATCH; } } else { +#if ARGON2_MIN_SECRET > 0 /* cryptsetup: fix gcc warning */ if (ARGON2_MIN_SECRET > context->secretlen) { return ARGON2_SECRET_TOO_SHORT; } +#endif if (ARGON2_MAX_SECRET < context->secretlen) { return ARGON2_SECRET_TOO_LONG; } @@ -439,9 +441,11 @@ int validate_inputs(const argon2_context *context) { return ARGON2_AD_PTR_MISMATCH; } } else { +#if ARGON2_MIN_AD_LENGTH > 0 /* cryptsetup: fix gcc warning */ if (ARGON2_MIN_AD_LENGTH > context->adlen) { return ARGON2_AD_TOO_SHORT; } +#endif if (ARGON2_MAX_AD_LENGTH < context->adlen) { return ARGON2_AD_TOO_LONG; } @@ -451,11 +455,11 @@ int validate_inputs(const argon2_context *context) { if (ARGON2_MIN_MEMORY > context->m_cost) { return ARGON2_MEMORY_TOO_LITTLE; } - +#if 0 /* UINT32_MAX, cryptsetup: fix gcc warning */ if (ARGON2_MAX_MEMORY < context->m_cost) { return ARGON2_MEMORY_TOO_MUCH; } - +#endif if (context->m_cost < 8 * context->lanes) { return ARGON2_MEMORY_TOO_LITTLE; } diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c index 7584be80..1a47bfd6 100644 --- a/lib/luks2/luks2_keyslot.c +++ b/lib/luks2/luks2_keyslot.c @@ -154,7 +154,7 @@ int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr, return -EINVAL; /* Slot encryption tries to use the same key size as for the main algorithm */ - if (integrity_key_size > key_size) + if ((size_t)integrity_key_size > key_size) return -EINVAL; params->area.raw.key_size = key_size - integrity_key_size; diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c index 97428d4c..fc8acdc1 100644 --- a/lib/luks2/luks2_luks1_convert.c +++ b/lib/luks2/luks2_luks1_convert.c @@ -610,8 +610,8 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct uint32_t key_size; int i, r, last_active = 0; uint64_t offset, area_length; - char buf[256], luksMagic[] = LUKS_MAGIC; struct luks2_keyslot_params params; + char buf[256], luksMagic[] = LUKS_MAGIC; jobj_digest = LUKS2_get_digest_jobj(hdr2, 0); if (!jobj_digest) diff --git a/lib/verity/verity_fec.c b/lib/verity/verity_fec.c index c4cf9333..9e65a1a7 100644 --- a/lib/verity/verity_fec.c +++ b/lib/verity/verity_fec.c @@ -110,7 +110,8 @@ static int FEC_encode_inputs(struct crypt_device *cd, struct fec_input_device *inputs, size_t ninputs, int fd) { - int i, r = 0; + int r = 0; + unsigned int i; struct fec_context ctx; uint32_t b; uint64_t n;