diff mbox series

[Openvpn-devel,v3] crypto_backend: fix type of enc parameter

Message ID 20240327162621.1792414-1-frank@lichtenheld.com
State Accepted
Headers show
Series [Openvpn-devel,v3] crypto_backend: fix type of enc parameter | expand

Commit Message

Frank Lichtenheld March 27, 2024, 4:26 p.m. UTC 
We had parts of a abstraction, but it wasn't consistent.
GCC 13 now complains about the type mismatch with mbedtls now:

crypto_mbedtls.c:568:1: error:
conflicting types for ‘cipher_ctx_init’ due to enum/integer mismatch;
have ‘void(mbedtls_cipher_context_t *, const uint8_t *, const char *, const mbedtls_operation_t)’
[...] [-Werror=enum-int-mismatch]
crypto_backend.h:341:6: note:
previous declaration of ‘cipher_ctx_init’ with type
‘void(cipher_ctx_t *, const uint8_t *, const char *, int)’ [...]

Previous compiler versions did not complain.

v2:
 - clean solution instead of quick solution. Fix the actual API
   definition

Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/548
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

Comments

Gert Doering March 31, 2024, 2:17 p.m. UTC | #1 
Lightly tested on a FreeBSD/MbedTLS 2.28.7, resulting code still works :-)

Your patch has been applied to the master branch.

commit 4d907bf46a470ccbd2940b9ecb64d6502d9d86bf
Author: Frank Lichtenheld
Date:   Wed Mar 27 17:26:21 2024 +0100

     crypto_backend: fix type of enc parameter

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Message-Id: <20240327162621.1792414-1-frank@lichtenheld.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28498.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
Gert Doering March 14, 2025, 2:48 p.m. UTC | #2 
Hi,

On Sun, Mar 31, 2024 at 04:17:35PM +0200, Gert Doering wrote:
> Lightly tested on a FreeBSD/MbedTLS 2.28.7, resulting code still works :-)
> 
> Your patch has been applied to the master branch.
> 
> commit 4d907bf46a470ccbd2940b9ecb64d6502d9d86bf
> Author: Frank Lichtenheld
> Date:   Wed Mar 27 17:26:21 2024 +0100

Recent pushes to release/2.6 have caused buildbot breakage on mbedTLS
builds on "very recent" Linux systems (newer GCC).  The patch referenced
fixes this in master already.

Given that it's a quite non-intrusive patch (replacing "int" with
a typedef mapped to the appropriate mbedTLS and OpenSSL [int] type)
we've decided to file it under "long term compat" and so it goes into
release/2.6 as well now :-)

commit a421e94344aa2a2f15575eb5c6d57af48d669599 (release/2.6)
Author: Frank Lichtenheld <frank@lichtenheld.com>
Date:   Wed Mar 27 17:26:21 2024 +0100

    crypto_backend: fix type of enc parameter

Buildbot and Github claim "warnings gone, compiles and tests fine" :-)

gert
diff mbox series

Patch

diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 8d37e64..c454c64 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -336,10 +336,10 @@ 
  * @param key           Buffer containing the key to use
  * @param ciphername    Ciphername of the cipher to use
  * @param enc           Whether to encrypt or decrypt (either
- *                      \c MBEDTLS_OP_ENCRYPT or \c MBEDTLS_OP_DECRYPT).
+ *                      \c OPENVPN_OP_ENCRYPT or \c OPENVPN_OP_DECRYPT).
  */
 void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key,
-                     const char *cipername, int enc);
+                     const char *cipername, crypto_operation_t enc);
 
 /**
  * Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 1a39752..c230292 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -566,7 +566,7 @@ 
 
 void
 cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key,
-                const char *ciphername, const mbedtls_operation_t operation)
+                const char *ciphername, crypto_operation_t enc)
 {
     ASSERT(NULL != ciphername && NULL != ctx);
     CLEAR(*ctx);
@@ -580,7 +580,7 @@ 
         msg(M_FATAL, "mbed TLS cipher context init #1");
     }
 
-    if (!mbed_ok(mbedtls_cipher_setkey(ctx, key, (int)key_bitlen, operation)))
+    if (!mbed_ok(mbedtls_cipher_setkey(ctx, key, (int)key_bitlen, enc)))
     {
         msg(M_FATAL, "mbed TLS cipher set key");
     }
diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h
index 46f76e2..48d1e20 100644
--- a/src/openvpn/crypto_mbedtls.h
+++ b/src/openvpn/crypto_mbedtls.h
@@ -63,6 +63,8 @@ 
 /** Cipher is in GCM mode */
 #define OPENVPN_MODE_GCM        MBEDTLS_MODE_GCM
 
+typedef mbedtls_operation_t crypto_operation_t;
+
 /** Cipher should encrypt */
 #define OPENVPN_OP_ENCRYPT      MBEDTLS_ENCRYPT
 
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 50683b6..bfc5e37 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -840,7 +840,7 @@ 
 
 void
 cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key,
-                const char *ciphername, int enc)
+                const char *ciphername, crypto_operation_t enc)
 {
     ASSERT(NULL != ciphername && NULL != ctx);
     evp_cipher_type *kt = cipher_get(ciphername);
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
index c0e95b4..4cd988a 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
@@ -85,6 +85,8 @@ 
 /** Cipher is in GCM mode */
 #define OPENVPN_MODE_GCM        EVP_CIPH_GCM_MODE
 
+typedef int crypto_operation_t;
+
 /** Cipher should encrypt */
 #define OPENVPN_OP_ENCRYPT      1