# HG changeset patch # User Ivo Smits # Date 1483800439 -3600 # Node ID 5b9e742bb704f279ca0008173ce6124e619b42a8 # Parent 66d9d80215f0571d08acdd3c9ca5c28ff4e50f94 Fixed compiler warnings, removed redundant version dependencies in debian package diff -r 66d9d80215f0 -r 5b9e742bb704 debian/static/DEBIAN/control --- a/debian/static/DEBIAN/control Wed Jan 04 21:42:38 2017 +0100 +++ b/debian/static/DEBIAN/control Sat Jan 07 15:47:19 2017 +0100 @@ -3,6 +3,6 @@ Section: net Priority: optional Architecture: %ARCHITECTURE% -Depends: bash, daemon, iproute (>= 20100519-3) | iproute2 (>= 20100519-3) | openvpn, passwd, coreutils +Depends: bash, daemon, iproute (>= 20100519-1) | iproute2 | openvpn, passwd, coreutils Maintainer: Ivo Smits Description: Very simple, yet secure VPN software diff -r 66d9d80215f0 -r 5b9e742bb704 src/proto.nacl0.c --- a/src/proto.nacl0.c Wed Jan 04 21:42:38 2017 +0100 +++ b/src/proto.nacl0.c Sat Jan 07 15:47:19 2017 +0100 @@ -80,7 +80,8 @@ } else { return errorexit("Missing PRIVATE_KEY"); } - crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); + if (crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey)) + return errorexit("Encryption key calculation failed"); return 0; } diff -r 66d9d80215f0 -r 5b9e742bb704 src/proto.nacltai.c --- a/src/proto.nacltai.c Wed Jan 04 21:42:38 2017 +0100 +++ b/src/proto.nacltai.c Sat Jan 07 15:47:19 2017 +0100 @@ -34,14 +34,15 @@ }; struct qt_proto_data_nacltai { - unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; + unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; + unsigned char cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES]; unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; struct packedtaia cdtailog[5]; }; #define noncelength 16 #define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength) -static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; +static const int overhead = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength; static void taia_now_packed(unsigned char* b, int secoffset) { struct timeval now; @@ -70,7 +71,8 @@ struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data; memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES); taia_now_packed(d->cenonce + nonceoffset, 0); - if (crypto_box_curve25519xsalsa20poly1305_afternm((unsigned char*)enc, (unsigned char*)raw, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cenonce, d->cbefore)) return errorexit("Encryption failed"); + if (crypto_box_curve25519xsalsa20poly1305_afternm((unsigned char*)enc, (unsigned char*)raw, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cenonce, d->cbefore)) + return errorexit("Encryption failed"); memcpy((void*)(enc + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength), d->cenonce + nonceoffset, noncelength); len += overhead; if (debug) fprintf(stderr, "Encoded packet of %d bytes from %p to %p\n", len, raw, enc); @@ -138,7 +140,8 @@ } else { return errorexit("Missing PRIVATE_KEY"); } - crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey); + if (crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey)) + return errorexit("Encryption key calculation failed"); memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES); diff -r 66d9d80215f0 -r 5b9e742bb704 src/proto.salty.c --- a/src/proto.salty.c Wed Jan 04 21:42:38 2017 +0100 +++ b/src/proto.salty.c Sat Jan 07 15:47:19 2017 +0100 @@ -209,7 +209,10 @@ memset(d->timestamps, 0, 5 * sizeof(uint32)); if (debug) dumphex("INIT DECODER SK", lkey, 32); if (debug) dumphex("INIT DECODER RK", rkey, 32); - crypto_box_curve25519xsalsa20poly1305_beforenm(d->sharedkey, rkey, lkey); + if (crypto_box_curve25519xsalsa20poly1305_beforenm(d->sharedkey, rkey, lkey)) { + errorexit("Encryption key calculation failed"); + abort(); + } } static void sendkeyupdate(struct qtsession* sess, bool ack) { @@ -291,7 +294,8 @@ } else { return errorexit("Missing PRIVATE_KEY"); } - crypto_box_curve25519xsalsa20poly1305_beforenm(d->controlkey, cpublickey, csecretkey); + if (crypto_box_curve25519xsalsa20poly1305_beforenm(d->controlkey, cpublickey, csecretkey)) + return errorexit("Encryption key calculation failed"); unsigned char cownpublickey[PUBLICKEYBYTES]; crypto_scalarmult_curve25519_base(cownpublickey, csecretkey); int role = memcmp(cownpublickey, cpublickey, PUBLICKEYBYTES); @@ -434,7 +438,10 @@ d->datalocalkeynextid = -1; } if (lkeyid == d->datalocalkeyid) { - crypto_box_curve25519xsalsa20poly1305_beforenm(enckey->sharedkey, d->dataremotekey, enckey->privatekey); + if (crypto_box_curve25519xsalsa20poly1305_beforenm(enckey->sharedkey, d->dataremotekey, enckey->privatekey)) { + errorexit("Encryption key calculation failed"); + abort(); + } d->dataencoder = enckey; } if (debug) fprintf(stderr, "Decoded control packet: rkid=%d, lkid=%d, ack=%d, lkvalid=%d, uptodate=%d\n", d->dataremotekeyid, (cflags >> 5) & 0x01, (cflags >> 4) & 0x01, lkeyid != -1, d->datalocalkeynextid == -1);