Fixes for compiler warnings

The code has been cleaned up to
1. provide proper prototypes for functions that take no arguments (void),
2. avoid signedness issues, and
3. provide missing cases for switch statements.

Change-Id: I9e84ddb9ef6594c374ad817330a43b22642ebb33

ccm.c

@@ -31,11 +31,11 @@
 #define MASK_L(_L) ((1 << 8 * _L) - 1)
 
 #define SET_COUNTER(A,L,cnt,C) {					\
-    int i;								\
+    unsigned int i_;                                                    \
     memset((A) + DTLS_CCM_BLOCKSIZE - (L), 0, (L));			\
     (C) = (cnt) & MASK_L(L);						\
-    for (i = DTLS_CCM_BLOCKSIZE - 1; (C) && (i > (L)); --i, (C) >>= 8)	\
-      (A)[i] |= (C) & 0xFF;						\
+    for (i_ = DTLS_CCM_BLOCKSIZE - 1; (C) && (i_ > (L)); --i_, (C) >>= 8) \
+      (A)[i_] |= (C) & 0xFF;						\
   }
 
 static inline void 
@@ -45,7 +45,7 @@ block0(size_t M,       /* number of auth bytes */
        size_t lm,      /* l(m) message length */
        unsigned char nonce[DTLS_CCM_BLOCKSIZE],
        unsigned char *result) {
-  int i;
+  unsigned int i;
 
   result[0] = CCM_FLAGS(la, M, L);
 

crypto.c

@@ -63,11 +63,11 @@ static void dtls_cipher_context_release(void)
 }
 
 #ifndef WITH_CONTIKI
-void crypto_init()
+void crypto_init(void)
 {
 }
 
-static dtls_handshake_parameters_t *dtls_handshake_malloc() {
+static dtls_handshake_parameters_t *dtls_handshake_malloc(void) {
   return malloc(sizeof(dtls_handshake_parameters_t));
 }
 
@@ -75,7 +75,7 @@ static void dtls_handshake_dealloc(dtls_handshake_parameters_t *handshake) {
   free(handshake);
 }
 
-static dtls_security_parameters_t *dtls_security_malloc() {
+static dtls_security_parameters_t *dtls_security_malloc(void) {
   return malloc(sizeof(dtls_security_parameters_t));
 }
 
@@ -88,12 +88,12 @@ static void dtls_security_dealloc(dtls_security_parameters_t *security) {
 MEMB(handshake_storage, dtls_handshake_parameters_t, DTLS_HANDSHAKE_MAX);
 MEMB(security_storage, dtls_security_parameters_t, DTLS_SECURITY_MAX);
 
-void crypto_init() {
+void crypto_init(void) {
   memb_init(&handshake_storage);
   memb_init(&security_storage);
 }
 
-static dtls_handshake_parameters_t *dtls_handshake_malloc() {
+static dtls_handshake_parameters_t *dtls_handshake_malloc(void) {
   return memb_alloc(&handshake_storage);
 }
 
@@ -101,7 +101,7 @@ static void dtls_handshake_dealloc(dtls_handshake_parameters_t *handshake) {
   memb_free(&handshake_storage, handshake);
 }
 
-static dtls_security_parameters_t *dtls_security_malloc() {
+static dtls_security_parameters_t *dtls_security_malloc(void) {
   return memb_alloc(&security_storage);
 }
 
@@ -110,7 +110,7 @@ static void dtls_security_dealloc(dtls_security_parameters_t *security) {
 }
 #endif /* WITH_CONTIKI */
 
-dtls_handshake_parameters_t *dtls_handshake_new()
+dtls_handshake_parameters_t *dtls_handshake_new(void)
 {
   dtls_handshake_parameters_t *handshake;
 
@@ -142,7 +142,7 @@ void dtls_handshake_free(dtls_handshake_parameters_t *handshake)
   dtls_handshake_dealloc(handshake);
 }
 
-dtls_security_parameters_t *dtls_security_new()
+dtls_security_parameters_t *dtls_security_new(void)
 {
   dtls_security_parameters_t *security;
 
@@ -182,6 +182,7 @@ dtls_p_hash(dtls_hashfunc_t h,
   unsigned char tmp[DTLS_HMAC_DIGEST_SIZE];
   size_t dlen;			/* digest length */
   size_t len = 0;			/* result length */
+  (void)h;
 
   hmac_a = dtls_hmac_new(key, keylen);
   if (!hmac_a)
@@ -275,6 +276,7 @@ dtls_ccm_encrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src, size_t srclen,
 		 unsigned char *nounce,
 		 const unsigned char *aad, size_t la) {
   long int len;
+  (void)src;
 
   assert(ccm_ctx);
 
@@ -292,6 +294,7 @@ dtls_ccm_decrypt(aes128_ccm_t *ccm_ctx, const unsigned char *src,
 		 unsigned char *nounce,
 		 const unsigned char *aad, size_t la) {
   long int len;
+  (void)src;
 
   assert(ccm_ctx);
 

dtls.c

@@ -168,7 +168,7 @@ PROCESS(dtls_retransmit_process, "DTLS retransmit process");
 static dtls_context_t the_dtls_context;
 
 static inline dtls_context_t *
-malloc_context() {
+malloc_context(void) {
   return &the_dtls_context;
 }
 
@@ -179,7 +179,7 @@ free_context(dtls_context_t *context) {
 #else /* WITH_CONTIKI */
 
 static inline dtls_context_t *
-malloc_context() {
+malloc_context(void) {
   return (dtls_context_t *)malloc(sizeof(dtls_context_t));
 }
 
@@ -190,7 +190,7 @@ free_context(dtls_context_t *context) {
 #endif
 
 void
-dtls_init() {
+dtls_init(void) {
   dtls_clock_init();
   crypto_init();
   netq_init();
@@ -312,7 +312,8 @@ dtls_create_cookie(dtls_context_t *ctx,
 		   uint8 *msg, size_t msglen,
 		   uint8 *cookie, int *clen) {
   unsigned char buf[DTLS_HMAC_MAX];
-  size_t len, e;
+  size_t e;
+  int len;
 
   /* create cookie with HMAC-SHA256 over:
    * - SECRET
@@ -487,6 +488,7 @@ static inline int is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(dtls_cipher_t cipher)
 #ifdef DTLS_ECC
   return cipher == TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
 #else
+  (void)cipher;
   return 0;
 #endif /* DTLS_ECC */
 }
@@ -518,6 +520,8 @@ static inline int is_ecdsa_supported(dtls_context_t *ctx, int is_client)
   return ctx && ctx->h && ((!is_client && ctx->h->get_ecdsa_key) || 
 			   (is_client && ctx->h->verify_ecdsa_key));
 #else
+  (void)ctx;
+  (void)is_client;
   return 0;
 #endif /* DTLS_ECC */
 }
@@ -529,6 +533,7 @@ static inline int is_ecdsa_client_auth_supported(dtls_context_t *ctx)
 #ifdef DTLS_ECC
   return ctx && ctx->h && ctx->h->get_ecdsa_key && ctx->h->verify_ecdsa_key;
 #else
+  (void)ctx;
   return 0;
 #endif /* DTLS_ECC */
 }
@@ -569,6 +574,7 @@ static int
 hs_attempt_with_existing_peer(uint8_t *msg, size_t msglen,
     dtls_peer_t *peer)
 {
+  (void)msglen;
     if ((peer) && (peer->state == DTLS_STATE_CONNECTED)) {
       if (msg[0] == DTLS_CT_HANDSHAKE) {
         uint16_t msg_epoch = dtls_uint16_to_int(DTLS_RECORD_HEADER(msg)->epoch);
@@ -659,6 +665,7 @@ calculate_key_block(dtls_context_t *ctx,
   int pre_master_len = 0;
   dtls_security_parameters_t *security = dtls_security_params_next(peer);
   uint8 master_secret[DTLS_MASTER_SECRET_LENGTH];
+  (void)role; /* The macro dtls_kb_size() does not use role. */
 
   if (!security) {
     return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
@@ -711,8 +718,26 @@ calculate_key_block(dtls_context_t *ctx,
     break;
   }
 #endif /* DTLS_ECC */
+  case TLS_NULL_WITH_NULL_NULL:
+    assert(!"calculate_key_block: tried to use NULL cipher\n");
+    return dtls_alert_fatal_create(DTLS_ALERT_INSUFFICIENT_SECURITY);
+
+    /* The following cases cover the enum symbols that are not
+     * included in this build. These must be kept just above the
+     * default case as they do nothing but fall through.
+     */
+#ifndef DTLS_PSK
+  case TLS_PSK_WITH_AES_128_CCM_8:
+    /* fall through to default */
+#endif /* !DTLS_PSK */
+
+#ifndef DTLS_ECC
+  case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+    /* fall through to default */
+#endif /* !DTLS_ECC */
+
   default:
-    dtls_crit("calculate_key_block: unknown cipher\n");
+    dtls_crit("calculate_key_block: unknown cipher %x04 \n", handshake->cipher);
     return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
   }
 
@@ -954,7 +979,8 @@ static int
 dtls_update_parameters(dtls_context_t *ctx, 
 		       dtls_peer_t *peer,
 		       uint8 *data, size_t data_length) {
-  int i, j;
+  int i;
+  unsigned int j;
   int ok;
   dtls_handshake_parameters_t *config = peer->handshake_params;
   dtls_security_parameters_t *security = dtls_security_params(peer);
@@ -1059,7 +1085,7 @@ static inline int
 check_client_keyexchange(dtls_context_t *ctx, 
 			 dtls_handshake_parameters_t *handshake,
 			 uint8 *data, size_t length) {
-
+  (void)ctx;
 #ifdef DTLS_ECC
   if (is_tls_ecdhe_ecdsa_with_aes_128_ccm_8(handshake->cipher)) {
 
@@ -1160,6 +1186,7 @@ check_finished(dtls_context_t *ctx, dtls_peer_t *peer,
   size_t digest_length, label_size;
   const unsigned char *label;
   unsigned char buf[DTLS_HMAC_MAX];
+  (void)ctx;
 
   if (data_length < DTLS_HS_LENGTH + DTLS_FIN_LENGTH)
     return dtls_alert_fatal_create(DTLS_ALERT_HANDSHAKE_FAILURE);
@@ -1532,7 +1559,7 @@ dtls_send_multi(dtls_context_t *ctx, dtls_peer_t *peer,
   /* Guess number of bytes application data actually sent:
    * dtls_prepare_record() tells us in len the number of bytes to
    * send, res will contain the bytes actually sent. */
-  return res <= 0 ? res : overall_len - (len - res);
+  return res <= 0 ? res : (int)(overall_len - (len - (unsigned int)res));
 }
 
 static inline int
@@ -1874,7 +1901,7 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer)
     p += sizeof(uint8);
   }
 
-  assert(p - buf <= sizeof(buf));
+  assert((buf <= p) && ((unsigned int)(p - buf) <= sizeof(buf)));
 
   /* TODO use the same record sequence number as in the ClientHello,
      see 4.2.1. Denial-of-Service Countermeasures */
@@ -2060,7 +2087,7 @@ dtls_send_server_key_exchange_psk(dtls_context_t *ctx, dtls_peer_t *peer,
   memcpy(p, psk_hint, len);
   p += len;
 
-  assert(p - buf <= sizeof(buf));
+  assert((buf <= p) && ((unsigned int)(p - buf) <= sizeof(buf)));
 
   return dtls_send_handshake_msg(ctx, peer, DTLS_HT_SERVER_KEY_EXCHANGE,
 				 buf, p - buf);
@@ -2278,12 +2305,31 @@ dtls_send_client_key_exchange(dtls_context_t *ctx, dtls_peer_t *peer)
     break;
   }
 #endif /* DTLS_ECC */
+
+  case TLS_NULL_WITH_NULL_NULL:
+    assert(!"NULL cipher requested");
+    return dtls_alert_fatal_create(DTLS_ALERT_INSUFFICIENT_SECURITY);
+
+    /* The following cases cover the enum symbols that are not
+     * included in this build. These must be kept just above the
+     * default case as they do nothing but fall through.
+     */
+#ifndef DTLS_PSK
+  case TLS_PSK_WITH_AES_128_CCM_8:
+    /* fall through to default */
+#endif /* !DTLS_PSK */
+
+#ifndef DTLS_ECC
+  case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
+    /* fall through to default */
+#endif /* !DTLS_ECC */
+
   default:
-    dtls_crit("cipher not supported\n");
+    dtls_crit("cipher %x04 not supported\n", handshake->cipher);
     return dtls_alert_fatal_create(DTLS_ALERT_INTERNAL_ERROR);
   }
 
-  assert(p - buf <= sizeof(buf));
+  assert((buf <= p) && ((unsigned int)(p - buf) <= sizeof(buf)));
 
   return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CLIENT_KEY_EXCHANGE,
 				 buf, p - buf);
@@ -2351,7 +2397,7 @@ dtls_send_finished(dtls_context_t *ctx, dtls_peer_t *peer,
 
   p += DTLS_FIN_LENGTH;
 
-  assert(p - buf <= sizeof(buf));
+  assert((buf <= p) && ((unsigned int)(p - buf) <= sizeof(buf)));
 
   return dtls_send_handshake_msg(ctx, peer, DTLS_HT_FINISHED,
 				 buf, p - buf);
@@ -2499,7 +2545,7 @@ dtls_send_client_hello(dtls_context_t *ctx, dtls_peer_t *peer,
     p += sizeof(uint8);
   }
 
-  assert(p - buf <= sizeof(buf));
+  assert((buf <= p) && ((unsigned int)(p - buf) <= sizeof(buf)));
 
   if (cookie_length != 0)
     clear_hs_hash(peer);
@@ -2738,6 +2784,7 @@ check_server_key_exchange_psk(dtls_context_t *ctx,
 {
   dtls_handshake_parameters_t *config = peer->handshake_params;
   uint16_t len;
+  (void)ctx;
 
   update_hs_hash(peer, data, data_length);
 
@@ -2779,6 +2826,7 @@ check_certificate_request(dtls_context_t *ctx,
   int auth_alg;
   int sig_alg;
   int hash_alg;
+  (void)ctx;
 
   update_hs_hash(peer, data, data_length);
 
@@ -3522,6 +3570,7 @@ handle_ccs(dtls_context_t *ctx, dtls_peer_t *peer,
 {
   int err;
   dtls_handshake_parameters_t *handshake = peer->handshake_params;
+  (void)record_header;
 
   /* A CCS message is handled after a KeyExchange message was
    * received from the client. When security parameters have been
@@ -3559,6 +3608,7 @@ static int
 handle_alert(dtls_context_t *ctx, dtls_peer_t *peer, 
 	     uint8 *record_header, uint8 *data, size_t data_length) {
   int free_peer = 0;		/* indicates whether to free peer */
+  (void)record_header;
 
   if (data_length < 2)
     return dtls_alert_fatal_create(DTLS_ALERT_DECODE_ERROR);
@@ -3727,7 +3777,7 @@ dtls_handle_message(dtls_context_t *ctx,
           state = DTLS_STATE_WAIT_CLIENTHELLO;
           role = DTLS_SERVER;       
         } else {
-	  int err =  dtls_alert_fatal_create(DTLS_ALERT_DECRYPT_ERROR);
+	  err =  dtls_alert_fatal_create(DTLS_ALERT_DECRYPT_ERROR);
           dtls_info("decrypt_verify() failed\n");
 	  if (peer->state < DTLS_STATE_CONNECTED) {
 	    dtls_alert_send_from_err(ctx, peer, &peer->session, err);

dtls_debug.c

@@ -213,7 +213,7 @@ dsrv_log(log_t level, char *format, ...) {
   va_list ap;
   FILE *log_fd;
 
-  if (maxlog < level)
+  if (maxlog < (int)level)
     return;
 
   log_fd = level <= DTLS_LOG_CRIT ? stderr : stdout;
@@ -295,7 +295,7 @@ dtls_dsrv_hexdump_log(log_t level, const char *name, const unsigned char *buf, s
   FILE *log_fd;
   int n = 0;
 
-  if (maxlog < level)
+  if (maxlog < (int)level)
     return;
 
   log_fd = level <= DTLS_LOG_CRIT ? stderr : stdout;

dtls_debug.h

@@ -33,7 +33,7 @@
 #ifdef CONTIKI_TARGET_MBXXX
 extern char __Stack_Init, _estack;
 
-static inline void check_stack() {
+static inline void check_stack(void) {
   const char *p = &__Stack_Init;
   while (p < &_estack && *p == 0x38) {
     p++;
@@ -42,13 +42,13 @@ static inline void check_stack() {
   PRINTF("Stack: %d bytes used (%d free)\n", &_estack - p, p - &__Stack_Init);
 }
 #else /* CONTIKI_TARGET_MBXXX */
-static inline void check_stack() {
+static inline void check_stack(void) {
 }
 #endif /* CONTIKI_TARGET_MBXXX */
 #else /* WITH_CONTKI */
 #define PRINTF(...)
 
-static inline void check_stack() {
+static inline void check_stack(void) {
 }
 #endif
 
@@ -60,14 +60,14 @@ typedef enum { DTLS_LOG_EMERG=0, DTLS_LOG_ALERT, DTLS_LOG_CRIT, DTLS_LOG_WARN,
 #ifndef WITH_CONTIKI
 /* Contiki does not have the required PACKAGE_ variables configured */
 /** Returns a zero-terminated string with the name of this library. */
-const char *dtls_package_name();
+const char *dtls_package_name(void);
 
 /** Returns a zero-terminated string with the library version. */
-const char *dtls_package_version();
+const char *dtls_package_version(void);
 #endif /* WITH_CONTIKI */
 
 /** Returns the current log level. */
-log_t dtls_get_log_level();
+log_t dtls_get_log_level(void);
 
 /** Sets the log level to the specified value. */
 void dtls_set_log_level(log_t level);

hmac.c

@@ -33,7 +33,7 @@
 #include <stdlib.h>
 
 static inline dtls_hmac_context_t *
-dtls_hmac_context_new() {
+dtls_hmac_context_new(void) {
   return (dtls_hmac_context_t *)malloc(sizeof(dtls_hmac_context_t));
 }
 
@@ -47,7 +47,7 @@ dtls_hmac_context_free(dtls_hmac_context_t *ctx) {
 MEMB(hmac_context_storage, dtls_hmac_context_t, DTLS_HASH_MAX);
 
 static inline dtls_hmac_context_t *
-dtls_hmac_context_new() {
+dtls_hmac_context_new(void) {
   return (dtls_hmac_context_t *)memb_alloc(&hmac_context_storage);
 }
 
@@ -57,7 +57,7 @@ dtls_hmac_context_free(dtls_hmac_context_t *ctx) {
 }
 
 void
-dtls_hmac_storage_init() {
+dtls_hmac_storage_init(void) {
   memb_init(&hmac_context_storage);
 }
 #endif /* WITH_CONTIKI */

netq.h

@@ -64,10 +64,10 @@ typedef struct netq_t {
 } netq_t;
 
 #ifndef WITH_CONTIKI
-static inline void netq_init()
+static inline void netq_init(void)
 { }
 #else
-void netq_init();
+void netq_init(void);
 #endif
 
 /** 

peer.c

@@ -20,12 +20,12 @@
 #include "dtls_debug.h"
 
 #ifndef WITH_CONTIKI
-void peer_init()
+void peer_init(void)
 {
 }
 
 static inline dtls_peer_t *
-dtls_malloc_peer() {
+dtls_malloc_peer(void) {
   return (dtls_peer_t *)malloc(sizeof(dtls_peer_t));
 }
 
@@ -42,12 +42,12 @@ dtls_free_peer(dtls_peer_t *peer) {
 MEMB(peer_storage, dtls_peer_t, DTLS_PEER_MAX);
 
 void
-peer_init() {
+peer_init(void) {
   memb_init(&peer_storage);
 }
 
 static inline dtls_peer_t *
-dtls_malloc_peer() {
+dtls_malloc_peer(void) {
   return memb_alloc(&peer_storage);
 }