Fix some warnings found during static analysis.

lib/loopaes/loopaes.c

@@ -92,7 +92,7 @@ static int hash_keys(struct crypt_device *cd,
 		return -EINVAL;
 	}
 
-	*vk = crypt_alloc_volume_key(key_len_output * keys_count, NULL);
+	*vk = crypt_alloc_volume_key((size_t)key_len_output * keys_count, NULL);
 	if (!*vk)
 		return -ENOMEM;
 

lib/luks2/luks2.h

@@ -22,7 +22,7 @@
 #ifndef _CRYPTSETUP_LUKS2_ONDISK_H
 #define _CRYPTSETUP_LUKS2_ONDISK_H
 
-#include <stdint.h>
+#include "libcryptsetup.h"
 
 #define LUKS2_MAGIC_1ST "LUKS\xba\xbe"
 #define LUKS2_MAGIC_2ND "SKUL\xba\xbe"

lib/luks2/luks2_json_format.c

@@ -186,7 +186,7 @@ int LUKS2_generate_hdr(
 	else {
 		//FIXME
 		//offset = size_round_up(areas[7].offset + areas[7].length, alignPayload * SECTOR_SIZE);
-		offset = size_round_up(LUKS2_HDR_DEFAULT_LEN, alignPayload * sector_size);
+		offset = size_round_up(LUKS2_HDR_DEFAULT_LEN, (size_t)alignPayload * sector_size);
 		offset += alignOffset;
 	}
 

lib/luks2/luks2_json_metadata.c

@@ -107,7 +107,7 @@ json_object *LUKS2_get_keyslot_jobj(struct luks2_hdr *hdr, int keyslot)
 	json_object *jobj1, *jobj2;
 	char keyslot_name[16];
 
-	if (!hdr)
+	if (!hdr || keyslot < 0)
 		return NULL;
 
 	if (snprintf(keyslot_name, sizeof(keyslot_name), "%u", keyslot) < 1)
@@ -125,7 +125,7 @@ json_object *LUKS2_get_token_jobj(struct luks2_hdr *hdr, int token)
 	json_object *jobj1, *jobj2;
 	char token_name[16];
 
-	if (!hdr)
+	if (!hdr || token < 0)
 		return NULL;
 
 	if (snprintf(token_name, sizeof(token_name), "%u", token) < 1)
@@ -143,7 +143,7 @@ json_object *LUKS2_get_digest_jobj(struct luks2_hdr *hdr, int digest)
 	json_object *jobj1, *jobj2;
 	char digest_name[16];
 
-	if (!hdr)
+	if (!hdr || digest < 0)
 		return NULL;
 
 	if (snprintf(digest_name, sizeof(digest_name), "%u", digest) < 1)
@@ -161,7 +161,7 @@ json_object *LUKS2_get_segment_jobj(struct luks2_hdr *hdr, int segment)
 	json_object *jobj1, *jobj2;
 	char segment_name[16];
 
-	if (!hdr)
+	if (!hdr || segment < 0)
 		return NULL;
 
 	if (snprintf(segment_name, sizeof(segment_name), "%u", segment) < 1)
@@ -193,7 +193,7 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
 
 	errno = 0;
 	tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
-	if (*endptr || errno || tmp > UINT64_MAX) {
+	if (*endptr || errno) {
 		log_dbg("Failed to parse uint64_t type from string %s.",
 			json_object_get_string(jobj));
 		*value = 0;

lib/luks2/luks2_keyslot.c

@@ -306,7 +306,7 @@ int LUKS2_keyslot_open(struct crypt_device *cd,
 			password, password_len, segment, vk);
 		if (r_prio >= 0)
 			r = r_prio;
-		else if (r_prio < 0 && (r_prio != -EPERM) && (r_prio != -ENOENT))
+		else if (r_prio != -EPERM && r_prio != -ENOENT)
 			r = r_prio;
 		else
 			r = LUKS2_keyslot_open_priority(cd, hdr, CRYPT_SLOT_PRIORITY_NORMAL,

lib/setup.c

@@ -2648,7 +2648,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
 	const char *new_passphrase,
 	size_t new_passphrase_size)
 {
-	int digest, r;
+	int digest = -1, r;
 	struct luks2_keyslot_params params;
 	struct volume_key *vk = NULL;
 

lib/tcrypt/tcrypt.h

@@ -19,11 +19,11 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include "libcryptsetup.h"
-
 #ifndef _CRYPTSETUP_TCRYPT_H
 #define _CRYPTSETUP_TCRYPT_H
 
+#include <stdint.h>
+
 #define TCRYPT_HDR_SALT_LEN 64
 #define TCRYPT_HDR_IV_LEN   16
 #define TCRYPT_HDR_LEN     448
@@ -72,6 +72,8 @@ struct tcrypt_phdr {
 	};
 } __attribute__((__packed__));
 
+struct crypt_device;
+struct crypt_params_tcrypt;
 struct crypt_dm_active_device;
 struct volume_key;
 struct device;

lib/utils.c

@@ -373,9 +373,6 @@ static int keyfile_seek(int fd, uint64_t bytes)
 	if (r < 0 && errno != ESPIPE)
 		return -1;
 
-	if (bytes > SIZE_MAX)
-		return -1;
-
 	while (bytes > 0) {
 		/* figure out how much to read */
 		next_read = bytes > sizeof(tmp) ? sizeof(tmp) : (size_t)bytes;

lib/utils_device.c

@@ -48,8 +48,8 @@ struct device {
 
 	struct crypt_lock_handle *lh;
 
-	int o_direct:1;
-	int init_done:1;
+	unsigned int o_direct:1;
+	unsigned int init_done:1;
 
 	/* cached values */
 	size_t alignment;

lib/verity/verity_fec.c

@@ -51,8 +51,8 @@ struct fec_input_device {
 };
 
 struct fec_context {
-	int rsn;
-	int roots;
+	uint32_t rsn;
+	uint32_t roots;
 	uint64_t size;
 	uint64_t blocks;
 	uint64_t rounds;
@@ -141,7 +141,7 @@ static int FEC_encode_inputs(struct crypt_device *cd,
 	ctx.blocks = FEC_div_round_up(ctx.size, ctx.block_size);
 	ctx.rounds = FEC_div_round_up(ctx.blocks, ctx.rsn);
 
-	buf = malloc(ctx.block_size * ctx.rsn);
+	buf = malloc((size_t)ctx.block_size * ctx.rsn);
 	if (!buf) {
 		log_err(cd, _("Failed to allocate buffer.\n"));
 		r = -ENOMEM;

src/cryptsetup_reencrypt.c

@@ -71,8 +71,8 @@ struct reenc_ctx {
 	uint64_t device_offset;
 	uint64_t device_shift;
 
-	int stained:1;
-	int in_progress:1;
+	unsigned int stained:1;
+	unsigned int in_progress:1;
 	enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction;
 	enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode;