Make Tor compile with no warnings with gcc4.0 on OSX

svn:r4184

configure.in

@@ -186,6 +186,11 @@ AC_CHECK_SIZEOF(long long)
 AC_CHECK_SIZEOF(__int64)
 AC_CHECK_SIZEOF(void *)
 AC_CHECK_SIZEOF(time_t)
+AC_CHECK_SIZEOF(socklen_t, , [AC_INCLUDES_DEFAULT()
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+])
 
 # We want to make sure that we _don't_ have a cell_t defined, like IRIX does.
 

src/common/aes.c

@@ -84,9 +84,10 @@ aes_new_cipher()
  * the counter to 0.
  */
 void
-aes_set_key(aes_cnt_cipher_t *cipher, const unsigned char *key, int key_bits)
+aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
 {
-  cipher->nr = rijndaelKeySetupEnc(cipher->rk, key, key_bits);
+  cipher->nr = rijndaelKeySetupEnc(cipher->rk, (const unsigned char*)key,
+                                   key_bits);
   cipher->counter0 = 0;
   cipher->counter1 = 0;
   cipher->pos = 0;
@@ -108,7 +109,7 @@ aes_free_cipher(aes_cnt_cipher_t *cipher)
  * by <b>len</b> bytes as it encrypts.
  */
 void
-aes_crypt(aes_cnt_cipher_t *cipher, const char *input, int len, char *output)
+aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, char *output)
 {
   int c = cipher->pos;
   if (!len) return;

src/common/aes.h

@@ -21,8 +21,8 @@ typedef struct aes_cnt_cipher aes_cnt_cipher_t;
 
 aes_cnt_cipher_t* aes_new_cipher(void);
 void aes_free_cipher(aes_cnt_cipher_t *cipher);
-void aes_set_key(aes_cnt_cipher_t *cipher, const unsigned char *key, int key_bits);
-void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, int len, char *output);
+void aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits);
+void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len, char *output);
 uint64_t aes_get_counter(aes_cnt_cipher_t *cipher);
 void aes_set_counter(aes_cnt_cipher_t *cipher, uint64_t counter);
 void aes_adjust_counter(aes_cnt_cipher_t *cipher, long delta);

src/common/compat.h

@@ -135,6 +135,10 @@ int replace_file(const char *from, const char *to);
 #define tor_close_socket(s) close(s)
 #endif
 
+#if (SIZEOF_SOCKLEN_T == 0)
+typedef int socklen_t;
+#endif
+
 /* Now that we use libevent, all real sockets are safe for polling ... or
  * if they aren't, libevent will help us. */
 #define SOCKET_IS_POLLABLE(fd) ((fd)>=0)

src/common/crypto.c

@@ -93,7 +93,7 @@ struct crypto_pk_env_t
 
 struct crypto_cipher_env_t
 {
-  unsigned char key[CIPHER_KEY_LEN];
+  char key[CIPHER_KEY_LEN];
   aes_cnt_cipher_t *cipher;
 };
 
@@ -597,12 +597,12 @@ int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b) {
 }
 
 /** Return the size of the public key modulus in <b>env</b>, in bytes. */
-int crypto_pk_keysize(crypto_pk_env_t *env)
+size_t crypto_pk_keysize(crypto_pk_env_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
 
-  return RSA_size(env->key);
+  return (size_t) RSA_size(env->key);
 }
 
 /** Increase the reference count of <b>env</b>, and return it.
@@ -621,16 +621,16 @@ crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *env) {
  * written.  On failure, return -1.
  */
 int
-crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *to,
-                         const unsigned char *from, int fromlen, int padding)
+crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to,
+                         const char *from, size_t fromlen, int padding)
 {
   int r;
   tor_assert(env);
   tor_assert(from);
   tor_assert(to);
 
-  r = RSA_public_encrypt(fromlen, (unsigned char*)from, to, env->key,
-                            crypto_get_rsa_padding(padding));
+  r = RSA_public_encrypt(fromlen, (unsigned char*)from, (unsigned char*)to,
+                         env->key, crypto_get_rsa_padding(padding));
   if (r<0) {
     crypto_log_errors(LOG_WARN, "performing RSA encryption");
     return -1;
@@ -644,8 +644,8 @@ crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *to,
  * written.  On failure, return -1.
  */
 int
-crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *to,
-                          const unsigned char *from, int fromlen,
+crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to,
+                          const char *from, size_t fromlen,
                           int padding, int warnOnFailure)
 {
   int r;
@@ -657,8 +657,9 @@ crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *to,
     /* Not a private key */
     return -1;
 
-  r = RSA_private_decrypt(fromlen, (unsigned char*)from, to, env->key,
-                             crypto_get_rsa_padding(padding));
+  r = RSA_private_decrypt(fromlen, (unsigned char*)from, (unsigned char*)to,
+                          env->key, crypto_get_rsa_padding(padding));
+
   if (r<0) {
     crypto_log_errors(warnOnFailure?LOG_WARN:LOG_INFO,
                       "performing RSA decryption");
@@ -673,14 +674,14 @@ crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *to,
  * On failure, return -1.
  */
 int
-crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *to,
-                          const unsigned char *from, int fromlen)
+crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
+                          const char *from, size_t fromlen)
 {
   int r;
   tor_assert(env);
   tor_assert(from);
   tor_assert(to);
-  r = RSA_public_decrypt(fromlen, (unsigned char*)from, to, env->key, RSA_PKCS1_PADDING);
+  r = RSA_public_decrypt(fromlen, (unsigned char*)from, (unsigned char*)to, env->key, RSA_PKCS1_PADDING);
 
   if (r<0) {
     crypto_log_errors(LOG_WARN, "checking RSA signature");
@@ -695,8 +696,8 @@ crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *to,
  * SHA1(data).  Else return -1.
  */
 int
-crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data,
-                                 int datalen, const unsigned char *sig, int siglen)
+crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
+                                 int datalen, const char *sig, int siglen)
 {
   char digest[DIGEST_LEN];
   char buf[PK_BYTES+1];
@@ -729,8 +730,8 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data
  * -1.
  */
 int
-crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *to,
-                       const unsigned char *from, int fromlen)
+crypto_pk_private_sign(crypto_pk_env_t *env, char *to,
+                       const char *from, size_t fromlen)
 {
   int r;
   tor_assert(env);
@@ -740,7 +741,7 @@ crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *to,
     /* Not a private key */
     return -1;
 
-  r = RSA_private_encrypt(fromlen, (unsigned char*)from, to, env->key, RSA_PKCS1_PADDING);
+  r = RSA_private_encrypt(fromlen, (unsigned char*)from, (unsigned char*)to, env->key, RSA_PKCS1_PADDING);
   if (r<0) {
     crypto_log_errors(LOG_WARN, "generating RSA signature");
     return -1;
@@ -754,8 +755,8 @@ crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *to,
  * success, and -1 on failure.
  */
 int
-crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *to,
-                              const unsigned char *from, int fromlen)
+crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to,
+                              const char *from, size_t fromlen)
 {
   char digest[DIGEST_LEN];
   if (crypto_digest(digest,from,fromlen)<0)
@@ -781,12 +782,13 @@ crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *to,
  *     the source data encrypted in AES-CTR mode with the symmetric key.
  */
 int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
-                                    unsigned char *to,
-                                    const unsigned char *from,
-                                    int fromlen,
+                                    char *to,
+                                    const char *from,
+                                    size_t fromlen,
                                     int padding, int force)
 {
-  int overhead, pkeylen, outlen, r, symlen;
+  int overhead, outlen, r, symlen;
+  size_t pkeylen;
   crypto_cipher_env_t *cipher = NULL;
   char buf[PK_BYTES+1];
 
@@ -825,7 +827,7 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
   symlen = fromlen-(pkeylen-overhead-CIPHER_KEY_LEN);
 
   outlen = crypto_pk_public_encrypt(env,to,buf,pkeylen-overhead,padding);
-  if (outlen!=pkeylen) {
+  if (outlen!=(int)pkeylen) {
     goto err;
   }
   r = crypto_cipher_encrypt(cipher, to+outlen,
@@ -843,12 +845,13 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
 
 /** Invert crypto_pk_public_hybrid_encrypt. */
 int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
-                                     unsigned char *to,
-                                     const unsigned char *from,
-                                     int fromlen,
+                                     char *to,
+                                     const char *from,
+                                     size_t fromlen,
                                      int padding, int warnOnFailure)
 {
-  int overhead, pkeylen, outlen, r;
+  int overhead, outlen, r;
+  size_t pkeylen;
   crypto_cipher_env_t *cipher = NULL;
   char buf[PK_BYTES+1];
 
@@ -913,7 +916,7 @@ int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len)
 /** Decode an ASN.1-encoded public key from <b>str</b>; return the result on
  * success and NULL on failure.
  */
-crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len)
+crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, size_t len)
 {
   RSA *rsa;
   unsigned char *buf;
@@ -955,7 +958,7 @@ int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out)
     free(buf);
     return -1;
   }
-  if (crypto_digest(digest_out, buf, len) < 0) {
+  if (crypto_digest(digest_out, (char*)buf, len) < 0) {
     free(buf);
     return -1;
   }
@@ -976,8 +979,8 @@ int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out)
 int
 crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out, int add_space)
 {
-  unsigned char digest[DIGEST_LEN];
-  unsigned char hexdigest[HEX_DIGEST_LEN+1];
+  char digest[DIGEST_LEN];
+  char hexdigest[HEX_DIGEST_LEN+1];
   if (crypto_pk_get_digest(pk, digest)) {
     return -1;
   }
@@ -1025,7 +1028,7 @@ int crypto_cipher_generate_key(crypto_cipher_env_t *env)
  * CIPHER_KEY_LEN bytes of <b>key</b>. Does not initialize the cipher.
  * Return 0 on success, -1 on failure.
  */
-int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key)
+int crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key)
 {
   tor_assert(env);
   tor_assert(key);
@@ -1040,7 +1043,7 @@ int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key)
 
 /** Return a pointer to the key set for the cipher in <b>env</b>.
  */
-const unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env)
+const char *crypto_cipher_get_key(crypto_cipher_env_t *env)
 {
   return env->key;
 }
@@ -1072,8 +1075,8 @@ int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env)
  * On failure, return -1.
  */
 int
-crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *to,
-                      const unsigned char *from, unsigned int fromlen)
+crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
+                      const char *from, size_t fromlen)
 {
   tor_assert(env);
   tor_assert(env->cipher);
@@ -1090,8 +1093,8 @@ crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *to,
  * On failure, return -1.
  */
 int
-crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *to,
-                      const unsigned char *from, unsigned int fromlen)
+crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
+                      const char *from, size_t fromlen)
 {
   tor_assert(env);
   tor_assert(from);
@@ -1126,11 +1129,11 @@ crypto_cipher_advance(crypto_cipher_env_t *env, long delta)
  * <b>m</b>.  Write the DIGEST_LEN byte result into <b>digest</b>.
  * Return 0 on success, -1 on failure.
  */
-int crypto_digest(unsigned char *digest, const unsigned char *m, int len)
+int crypto_digest(char *digest, const char *m, size_t len)
 {
   tor_assert(m);
   tor_assert(digest);
-  return (SHA1(m,len,digest) == NULL);
+  return (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL);
 }
 
 struct crypto_digest_env_t {
@@ -1178,7 +1181,7 @@ crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
 void crypto_digest_get_digest(crypto_digest_env_t *digest,
                               char *out, size_t out_len)
 {
-  static char r[DIGEST_LEN];
+  static unsigned char r[DIGEST_LEN];
   SHA_CTX tmpctx;
   tor_assert(digest);
   tor_assert(out);
@@ -1337,7 +1340,7 @@ int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey, size_t pubkey_len)
     return -1;
 
   memset(pubkey, 0, pubkey_len);
-  BN_bn2bin(dh->dh->pub_key, pubkey+(pubkey_len-bytes));
+  BN_bn2bin(dh->dh->pub_key, (unsigned char*)(pubkey+(pubkey_len-bytes)));
 
   return 0;
 }
@@ -1358,8 +1361,8 @@ int crypto_dh_compute_secret(crypto_dh_env_t *dh,
                              const char *pubkey, size_t pubkey_len,
                              char *secret_out, size_t secret_bytes_out)
 {
-  unsigned char hash[DIGEST_LEN];
-  unsigned char *secret_tmp = NULL;
+  char hash[DIGEST_LEN];
+  char *secret_tmp = NULL;
   BIGNUM *pubkey_bn = NULL;
   size_t secret_len=0;
   unsigned int i;
@@ -1367,10 +1370,10 @@ int crypto_dh_compute_secret(crypto_dh_env_t *dh,
   tor_assert(dh);
   tor_assert(secret_bytes_out/DIGEST_LEN <= 255);
 
-  if (!(pubkey_bn = BN_bin2bn(pubkey, pubkey_len, NULL)))
+  if (!(pubkey_bn = BN_bin2bn((const unsigned char*)pubkey, pubkey_len, NULL)))
     goto error;
   secret_tmp = tor_malloc(crypto_dh_get_bytes(dh)+1);
-  result = DH_compute_key(secret_tmp, pubkey_bn, dh->dh);
+  result = DH_compute_key((unsigned char*)secret_tmp, pubkey_bn, dh->dh);
   if (result < 0) {
     log_fn(LOG_WARN,"DH_compute_key() failed.");
     goto error;
@@ -1475,11 +1478,11 @@ int crypto_seed_rng(void)
 /** Write n bytes of strong random data to <b>to</b>. Return 0 on
  * success, -1 on failure.
  */
-int crypto_rand(unsigned char *to, unsigned int n)
+int crypto_rand(char *to, size_t n)
 {
   int r;
   tor_assert(to);
-  r = RAND_bytes(to, n);
+  r = RAND_bytes((unsigned char*)to, n);
   if (r == 0)
     crypto_log_errors(LOG_WARN, "generating random data");
   return (r == 1) ? 0 : -1;
@@ -1488,10 +1491,10 @@ int crypto_rand(unsigned char *to, unsigned int n)
 /** Write n bytes of pseudorandom data to <b>to</b>. Return 0 on
  * success, -1 on failure.
  */
-void crypto_pseudo_rand(unsigned char *to, unsigned int n)
+void crypto_pseudo_rand(char *to, size_t n)
 {
   tor_assert(to);
-  if (RAND_pseudo_bytes(to, n) == -1) {
+  if (RAND_pseudo_bytes((unsigned char*)to, n) == -1) {
     log_fn(LOG_ERR, "RAND_pseudo_bytes failed unexpectedly.");
     crypto_log_errors(LOG_WARN, "generating random data");
     exit(1);
@@ -1512,7 +1515,7 @@ int crypto_pseudo_rand_int(unsigned int max) {
    */
   cutoff = UINT_MAX - (UINT_MAX%max);
   while (1) {
-    crypto_pseudo_rand((unsigned char*) &val, sizeof(val));
+    crypto_pseudo_rand((char*)&val, sizeof(val));
     if (val < cutoff)
       return val % max;
   }
@@ -1548,8 +1551,8 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen)
     return -1;
 
   EVP_EncodeInit(&ctx);
-  EVP_EncodeUpdate(&ctx, dest, &len, (char*) src, srclen);
-  EVP_EncodeFinal(&ctx, dest+len, &ret);
+  EVP_EncodeUpdate(&ctx, (unsigned char*)dest, &len, (unsigned char*)src, srclen);
+  EVP_EncodeFinal(&ctx, (unsigned char*)(dest+len), &ret);
   ret += len;
   return ret;
 }
@@ -1577,8 +1580,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
     return -1;
 
   EVP_DecodeInit(&ctx);
-  EVP_DecodeUpdate(&ctx, dest, &len, (char*) src, srclen);
-  EVP_DecodeFinal(&ctx, dest, &ret);
+  EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len, (unsigned char*)src, srclen);
+  EVP_DecodeFinal(&ctx, (unsigned char*)dest, &ret);
   ret += len;
   return ret;
 }

src/common/crypto.h

@@ -73,53 +73,53 @@ crypto_pk_env_t *crypto_pk_DER64_decode_public_key(const char *in);
 
 int crypto_pk_check_key(crypto_pk_env_t *env);
 int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
-int crypto_pk_keysize(crypto_pk_env_t *env);
+size_t crypto_pk_keysize(crypto_pk_env_t *env);
 crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
 
-int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *to,
-                             const unsigned char *from, int fromlen, int padding);
-int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *to,
-                              const unsigned char *from, int fromlen,
+int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to,
+                             const char *from, size_t fromlen, int padding);
+int crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to,
+                              const char *from, size_t fromlen,
                               int padding, int warnOnFailure);
-int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *to,
-                              const unsigned char *from, int fromlen);
-int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data,
-                                     int datalen, const unsigned char *sig, int siglen);
-int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *to,
-                           const unsigned char *from, int fromlen);
-int crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *to,
-                                  const unsigned char *from, int fromlen);
-int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *to,
-                                    const unsigned char *from, int fromlen,
+int crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
+                              const char *from, size_t fromlen);
+int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
+                                     int datalen, const char *sig, int siglen);
+int crypto_pk_private_sign(crypto_pk_env_t *env, char *to,
+                           const char *from, size_t fromlen);
+int crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to,
+                                  const char *from, size_t fromlen);
+int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, char *to,
+                                    const char *from, size_t fromlen,
                                     int padding, int force);
-int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, unsigned char *to,
-                                     const unsigned char *from, int fromlen,
+int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, char *to,
+                                     const char *from, size_t fromlen,
                                      int padding, int warnOnFailure);
 
 int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len);
-crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len);
+crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, size_t len);
 int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out);
 int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out,int add_space);
 int crypto_pk_check_fingerprint_syntax(const char *s);
 
 /* symmetric crypto */
 int crypto_cipher_generate_key(crypto_cipher_env_t *env);
-int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key);
-const unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
+int crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key);
+const char *crypto_cipher_get_key(crypto_cipher_env_t *env);
 int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
 int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
 
-int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *to,
-                          const unsigned char *from, unsigned int fromlen);
-int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *to,
-                          const unsigned char *from, unsigned int fromlen);
+int crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
+                          const char *from, size_t fromlen);
+int crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
+                          const char *from, size_t fromlen);
 
 /* only implemented for CRYPTO_CIPHER_AES_CTR */
 int crypto_cipher_rewind(crypto_cipher_env_t *env, long delta);
 int crypto_cipher_advance(crypto_cipher_env_t *env, long delta);
 
 /* SHA-1 */
-int crypto_digest(unsigned char *digest, const unsigned char *m, int len);
+int crypto_digest(char *digest, const char *m, size_t len);
 crypto_digest_env_t *crypto_new_digest_env(void);
 void crypto_free_digest_env(crypto_digest_env_t *digest);
 void crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
@@ -143,8 +143,8 @@ void crypto_dh_free(crypto_dh_env_t *dh);
 
 /* random numbers */
 int crypto_seed_rng(void);
-int crypto_rand(unsigned char *to, unsigned int n);
-void crypto_pseudo_rand(unsigned char *to, unsigned int n);
+int crypto_rand(char *to, size_t n);
+void crypto_pseudo_rand(char *to, size_t n);
 int crypto_pseudo_rand_int(unsigned int max);
 
 struct smartlist_t;

src/common/torgzip.c

@@ -94,7 +94,7 @@ tor_gzip_compress(char **out, size_t *out_len,
   out_size = in_len / 2;
   if (out_size < 1024) out_size = 1024;
   *out = tor_malloc(out_size);
-  stream->next_out = *out;
+  stream->next_out = (unsigned char*)*out;
   stream->avail_out = out_size;
 
   while (1) {
@@ -110,7 +110,7 @@ tor_gzip_compress(char **out, size_t *out_len,
         offset = stream->next_out - ((unsigned char*)*out);
         out_size *= 2;
         *out = tor_realloc(*out, out_size);
-        stream->next_out = *out + offset;
+        stream->next_out = (unsigned char*)(*out + offset);
         stream->avail_out = out_size - offset;
         break;
       default:
@@ -179,7 +179,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
   if (out_size < 1024) out_size = 1024;
 
   *out = tor_malloc(out_size);
-  stream->next_out = *out;
+  stream->next_out = (unsigned char*)*out;
   stream->avail_out = out_size;
 
   while (1) {
@@ -195,7 +195,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
         offset = stream->next_out - ((unsigned char*)*out);
         out_size *= 2;
         *out = tor_realloc(*out, out_size);
-        stream->next_out = *out + offset;
+        stream->next_out = (unsigned char*)(*out + offset);
         stream->avail_out = out_size - offset;
         break;
       default:

src/common/tortls.c

@@ -221,10 +221,10 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
     goto error;
   if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   (char*)"TOR", -1, -1, 0))) goto error;
+                                   (unsigned char*)"TOR", -1, -1, 0))) goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
-                                   (char*)cname, -1, -1, 0))) goto error;
+                                   (unsigned char*)cname, -1, -1, 0))) goto error;
   if (!(X509_set_subject_name(x509, name)))
     goto error;
 
@@ -232,10 +232,10 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
     goto error;
   if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
-                                   (char*)"TOR", -1, -1, 0))) goto error;
+                                   (unsigned char*)"TOR", -1, -1, 0))) goto error;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
   if (!(X509_NAME_add_entry_by_NID(name_issuer, nid, MBSTRING_ASC,
-                                (char*)cname_sign, -1, -1, 0))) goto error;
+                              (unsigned char*)cname_sign, -1, -1, 0))) goto error;
   if (!(X509_set_issuer_name(x509, name_issuer)))
     goto error;
 

src/or/circuitbuild.c

@@ -676,7 +676,7 @@ int circuit_init_cpath_crypto(crypt_path_t *cpath, char *key_data, int reverse)
  * Return -1 if we want to mark circ for close, else return 0.
  */
 int circuit_finish_handshake(circuit_t *circ, uint8_t reply_type, char *reply) {
-  unsigned char keys[CPATH_KEY_MATERIAL_LEN];
+  char keys[CPATH_KEY_MATERIAL_LEN];
   crypt_path_t *hop;
 
   tor_assert(CIRCUIT_IS_ORIGIN(circ));
@@ -778,7 +778,7 @@ int circuit_truncated(circuit_t *circ, crypt_path_t *layer) {
 /** Given a response payload and keys, initialize, then send a created
  * cell back.
  */
-int onionskin_answer(circuit_t *circ, uint8_t cell_type, unsigned char *payload, unsigned char *keys) {
+int onionskin_answer(circuit_t *circ, uint8_t cell_type, char *payload, char *keys) {
   cell_t cell;
   crypt_path_t *tmp_cpath;
 

src/or/command.c

@@ -196,8 +196,8 @@ static void command_process_create_cell(cell_t *cell, connection_t *conn) {
     }
     log_fn(LOG_DEBUG,"success: handed off onionskin.");
   } else {
-    unsigned char keys[CPATH_KEY_MATERIAL_LEN];
-    unsigned char reply[DIGEST_LEN*2];
+    char keys[CPATH_KEY_MATERIAL_LEN];
+    char reply[DIGEST_LEN*2];
     tor_assert(cell->command == CELL_CREATE_FAST);
     if (fast_server_handshake(cell->payload, reply, keys, sizeof(keys))<0) {
       log_fn(LOG_WARN,"Failed to generate key material. Closing.");

src/or/connection.c

@@ -533,8 +533,8 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) {
   /* information about the remote peer when connecting to other routers */
   struct sockaddr_in remote;
   char addrbuf[256];
-  /* length of the remote address. Must be an int, since accept() needs that. */
-  int remotelen = 256;
+  /* length of the remote address. Must be whatever accept() needs. */
+  socklen_t remotelen = 256;
   char tmpbuf[INET_NTOA_BUF_LEN];
   tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
   memset(addrbuf, 0, sizeof(addrbuf));
@@ -1046,7 +1046,7 @@ static int connection_read_to_buf(connection_t *conn, int *max_to_read) {
 
   bytes_in_buf = buf_capacity(conn->inbuf) - buf_datalen(conn->inbuf);
  again:
-  if (at_most > bytes_in_buf && bytes_in_buf >= 1024) {
+  if ((size_t)at_most > bytes_in_buf && bytes_in_buf >= 1024) {
     more_to_read = at_most - bytes_in_buf;
     at_most = bytes_in_buf;
   } else {
@@ -1167,7 +1167,8 @@ int connection_outbuf_too_full(connection_t *conn) {
  * return 0.
  */
 int connection_handle_write(connection_t *conn) {
-  int e, len=sizeof(e);
+  int e;
+  socklen_t len=sizeof(e);
   int result;
   time_t now = time(NULL);
 

src/or/connection_edge.c

@@ -258,7 +258,7 @@ int connection_edge_finished_flushing(connection_t *conn) {
  * any pending data that may have been received. */
 int connection_edge_finished_connecting(connection_t *conn)
 {
-  unsigned char connected_payload[4];
+  char connected_payload[4];
 
   tor_assert(conn);
   tor_assert(conn->type == CONN_TYPE_EXIT);
@@ -1474,7 +1474,7 @@ int connection_exit_begin_resolve(cell_t *cell, circuit_t *circ) {
  */
 void
 connection_exit_connect(connection_t *conn) {
-  unsigned char connected_payload[4];
+  char connected_payload[4];
   uint32_t addr;
   uint16_t port;
 

src/or/cpuworker.c

@@ -117,7 +117,7 @@ int connection_cpu_reached_eof(connection_t *conn) {
  */
 int connection_cpu_process_inbuf(connection_t *conn) {
   char success;
-  unsigned char buf[LEN_ONION_RESPONSE];
+  char buf[LEN_ONION_RESPONSE];
   uint32_t addr;
   uint16_t port;
   uint16_t circ_id;
@@ -199,15 +199,15 @@ done_processing:
  * connections, not with routers (where we'd use identity).)
  */
 static int cpuworker_main(void *data) {
-  unsigned char question[ONIONSKIN_CHALLENGE_LEN];
-  unsigned char question_type;
+  char question[ONIONSKIN_CHALLENGE_LEN];
+  uint8_t question_type;
   int *fdarray = data;
   int fd;
 
   /* variables for onion processing */
-  unsigned char keys[CPATH_KEY_MATERIAL_LEN];
-  unsigned char reply_to_proxy[ONIONSKIN_REPLY_LEN];
-  unsigned char buf[LEN_ONION_RESPONSE];
+  char keys[CPATH_KEY_MATERIAL_LEN];
+  char reply_to_proxy[ONIONSKIN_REPLY_LEN];
+  char buf[LEN_ONION_RESPONSE];
   char tag[TAG_LEN];
   crypto_pk_env_t *onion_key = NULL, *last_onion_key = NULL;
 
@@ -390,7 +390,7 @@ cull_wedged_cpuworkers(void) {
  * If question_type is CPUWORKER_TASK_ONION then task is a circ.
  * No other question_types are allowed.
  */
-int assign_to_cpuworker(connection_t *cpuworker, unsigned char question_type,
+int assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type,
                         void *task) {
   circuit_t *circ;
   char tag[TAG_LEN];
@@ -424,7 +424,7 @@ int assign_to_cpuworker(connection_t *cpuworker, unsigned char question_type,
     cpuworker->state = CPUWORKER_STATE_BUSY_ONION;
     num_cpuworkers_busy++;
 
-    connection_write_to_buf(&question_type, 1, cpuworker);
+    connection_write_to_buf((char*)&question_type, 1, cpuworker);
     connection_write_to_buf(tag, sizeof(tag), cpuworker);
     connection_write_to_buf(circ->onionskin, ONIONSKIN_CHALLENGE_LEN, cpuworker);
   }

src/or/dns.c

@@ -330,7 +330,7 @@ static int assign_to_dnsworker(connection_t *exitconn) {
   num_dnsworkers_busy++;
 
   len = strlen(dnsconn->address);
-  connection_write_to_buf(&len, 1, dnsconn);
+  connection_write_to_buf((char*)&len, 1, dnsconn);
   connection_write_to_buf(dnsconn->address, len, dnsconn);
 
   return 0;

src/or/onion.c

@@ -347,7 +347,7 @@ fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */
   tmp[DIGEST_LEN+DIGEST_LEN] = 0;
   crypto_digest(handshake_reply_out+DIGEST_LEN, tmp, sizeof(tmp));
 
-  for (i = 0; i*DIGEST_LEN < key_out_len; ++i) {
+  for (i = 0; i*DIGEST_LEN < (int)key_out_len; ++i) {
     size_t len;
     tmp[DIGEST_LEN+DIGEST_LEN] = i+1;
     crypto_digest(digest, tmp, sizeof(tmp));
@@ -380,7 +380,7 @@ fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
     return -1;
   }
 
-  for (i = 0; i*DIGEST_LEN < key_out_len; ++i) {
+  for (i = 0; i*DIGEST_LEN < (int)key_out_len; ++i) {
     size_t len;
     tmp[DIGEST_LEN+DIGEST_LEN] = i+1;
     crypto_digest(digest, tmp, sizeof(tmp));

src/or/or.h

@@ -521,9 +521,9 @@ typedef enum {
  * OR-to-OR, is via cells. */
 typedef struct {
   uint16_t circ_id; /**< Circuit which received the cell. */
-  unsigned char command; /**< Type of the cell: one of PADDING, CREATE, RELAY,
-                          * or DESTROY. */
-  unsigned char payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */
+  uint8_t command; /**< Type of the cell: one of PADDING, CREATE, RELAY,
+                    * or DESTROY. */
+  char payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */
 } cell_t;
 
 /** Beginning of a RELAY cell payload. */
@@ -1166,7 +1166,7 @@ int circuit_extend(cell_t *cell, circuit_t *circ);
 int circuit_init_cpath_crypto(crypt_path_t *cpath, char *key_data, int reverse);
 int circuit_finish_handshake(circuit_t *circ, uint8_t cell_type, char *reply);
 int circuit_truncated(circuit_t *circ, crypt_path_t *layer);
-int onionskin_answer(circuit_t *circ, uint8_t cell_type, unsigned char *payload, unsigned char *keys);
+int onionskin_answer(circuit_t *circ, uint8_t cell_type, char *payload, char *keys);
 int circuit_all_predicted_ports_handled(time_t now, int *need_uptime,
                                         int *need_capacity);
 
@@ -1445,7 +1445,7 @@ void cpuworkers_rotate(void);
 int connection_cpu_finished_flushing(connection_t *conn);
 int connection_cpu_reached_eof(connection_t *conn);
 int connection_cpu_process_inbuf(connection_t *conn);
-int assign_to_cpuworker(connection_t *cpuworker, unsigned char question_type,
+int assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type,
                         void *task);
 
 /********************************* directory.c ***************************/

src/or/routerparse.c

@@ -930,7 +930,7 @@ routerinfo_t *router_parse_entry_from_string(const char *s,
   }
   if (crypto_pk_keysize(tok->key) != PK_BYTES) {
     log_fn(LOG_WARN, "Wrong size on onion key: %d bits!",
-           crypto_pk_keysize(tok->key)*8);
+           (int)crypto_pk_keysize(tok->key)*8);
     goto err;
   }
   router->onion_pkey = tok->key;
@@ -941,7 +941,7 @@ routerinfo_t *router_parse_entry_from_string(const char *s,
   }
   if (crypto_pk_keysize(tok->key) != PK_BYTES) {
     log_fn(LOG_WARN, "Wrong size on identity key: %d bits!",
-           crypto_pk_keysize(tok->key)*8);
+           (int)crypto_pk_keysize(tok->key)*8);
     goto err;
   }
   router->identity_pkey = tok->key;