From patchwork Wed May 10 11:22:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3207 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:7b9a:b0:c3:1364:a2a2 with SMTP id j26csp3535787dyk; Wed, 10 May 2023 04:23:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7N+bR90XdX9uiQu/s+Z6QsslCgOZHGEUNijU4qAANFX87u//Mi98M3g5peR3EIy4WbjFya X-Received: by 2002:a92:d0c9:0:b0:331:40f0:69b2 with SMTP id y9-20020a92d0c9000000b0033140f069b2mr11459011ila.31.1683717802798; Wed, 10 May 2023 04:23:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683717802; cv=none; d=google.com; s=arc-20160816; b=mu9BYT9ymK2FPFQoAcZZTFqBd1lHKEeNY4Vp7V9N1V2cQNBSDnJY9W2odXJ/PGK+Lb yNkB2HU2OzP4WpdWRmkfb0JAyppgiw9A0sf+K//f85DWJ+zgFVQLrOGWHf1C55AoLImk 8khqAc8LaQjmtbLoc5dx0orL3HWIbMy/9X1IvlGNrBYGvBMcMrAsaJkUmDN1k0nc6xPA d5Wc+gN0s74W4cSrj+okFzC78yvVmmd66OiQ1E0mkqfyb88x5o4mHRsoHIsnahyrHy0b no9YW/5Q7Cfrnr5YgN8aPopNkXZKc/thTDIQPzSJFAR62lo0J5rIbS/AZZ1ht6le84T1 SOpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=gzCFJm6PpE3Wfw0MToP/LK3aRQSzMWrHXPU5ag2zk0o=; b=wUUJmzAfnTAC4b1rDaXReuSXaVbIkYeTzpr9pRajjAen3CaPN6bRBtWfFBfTc5bMeC aK+cVmOr1H37ZUGtsbt4XOH/sIqfoCHjKB5+bt+SXkKtzlEghPDE3KnYFVK54UHiYFwL +t631WNsBgzXBWuNq5IKI43SZpVwul5NDSHIgu4Vf2M8Dhn1nTrf2cKh6Xjfz7EMCz83 W8Ob7PDwjj95fmO526CX4WCMvsOZgtgoKeJL7yezfS5o9XoS5NhayfXz/ZocxNGUXszT 6ToOwT1xnDMX9c7rEkb1BxJMTkmLnHfYRvdUvTqNtyB+r+HzdptdodZjBhjPKfJ+mlTK 7SIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=heBvY+5M; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=adAeA+3j; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=B8Bt4XSd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id a18-20020a926612000000b0032b62593094si6877947ilc.143.2023.05.10.04.23.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 May 2023 04:23:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=heBvY+5M; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=adAeA+3j; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=B8Bt4XSd; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pwhuM-0003IX-IM; Wed, 10 May 2023 11:22:58 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pwhuF-0003IL-0j for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RRgHzegr5f14igDcIy+efwcVxJilzzMHFJuvyQXUnPc=; b=heBvY+5M8Dps7PZgUxE+ZjgiRB /k6IFkkX4sORE4jVQvjR+fWuyW9SDMLZxoKfsyjG5jGxImGFG9bv6y6eg06GMZf0bV7qPDMRbJ5o4 QU3PceJkLgCim+VCiSF8Kp7yluMmIsGRTINd5ZKuML0xL2sBAZV1ONxpckXmKvHR1wvs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RRgHzegr5f14igDcIy+efwcVxJilzzMHFJuvyQXUnPc=; b=adAeA+3jrvgpQ+0NE6Qec8zsJ3 N1D2XaEkSBT2O9hL7pYjQ68HxrkdabjmblvoBF2qM3w5YaUofJzn2PWnZGf81D2bgm4wjJ0SFH+nx DdY5n86kbT++mHHRdc49xIKH893B/b14BI2G+eB035CGmm7Sw6wTblsuPixMeX9j5RJM=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pwhuC-0002Ma-Am for openvpn-devel@lists.sourceforge.net; Wed, 10 May 2023 11:22:50 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4QGXgd5yr9z9skQ for ; Wed, 10 May 2023 13:22:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1683717757; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RRgHzegr5f14igDcIy+efwcVxJilzzMHFJuvyQXUnPc=; b=B8Bt4XSddbdgsXinxf/QxTUAYuebS1W+tkT7xcLIwDQhEbGlA/2i1a9Iyu4oErE/55arec JYz+FOlY9biwTFR7mfsYLSqah9jyQGxc3sv07j97hlJSYzcpatThRSzFZwq1Qj29mzpaq1 oU3L4teecwr7Hj/oPFqM9oIpGCT14zpRvxnqKBqMh7O8LpmtYcKbEZciGMUgtSokjbONUK jfWghuYxj10cRpLC9V/7Vcf+RcO2BVClrqfg31BS8nhvScT6l687GBAvNOBnjwqnkA9iEG H4zJHQopf85ORQSgYs9GTSf1g1eUvLKeAlYQdOYQ0e7sT1QQQiyzM3qZHO3qqA== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 May 2023 13:22:36 +0200 Message-Id: <20230510112236.248026-4-frank@lichtenheld.com> In-Reply-To: <20230510112236.248026-1-frank@lichtenheld.com> References: <20230510112236.248026-1-frank@lichtenheld.com> MIME-Version: 1.0 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Half of them used unsigned int, the other half size_t. Standardize on one. Could've also standardized on the other, both are much too big for the expected numbers anyway. Add a new utility function clamp_size_to_int for cases we need to change from size_t to int (there are a lot of those all over our codebase). Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.172 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1pwhuC-0002Ma-Am Subject: [Openvpn-devel] [PATCH 3/3] mss/mtu: make all size calculations use size_t X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1765506078678347419?= X-GMAIL-MSGID: =?utf-8?q?1765506078678347419?= Half of them used unsigned int, the other half size_t. Standardize on one. Could've also standardized on the other, both are much too big for the expected numbers anyway. Add a new utility function clamp_size_to_int for cases we need to change from size_t to int (there are a lot of those all over our codebase). Resolves some -Wconversion warnings. Change-Id: Ic996eca227d9e68279a454db93fcbc86a7bd0380 Signed-off-by: Frank Lichtenheld --- src/openvpn/integer.h | 11 +++++++++-- src/openvpn/mss.c | 20 ++++++++++---------- src/openvpn/mtu.c | 4 ++-- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h index 2551428e..8be7c3c2 100644 --- a/src/openvpn/integer.h +++ b/src/openvpn/integer.h @@ -36,6 +36,13 @@ ((uint64_t)ntohl((uint32_t)((x) & 0xFFFFFFFF)) << 32) | ntohl((uint32_t)((x) >> 32))) #endif +static inline int +clamp_size_to_int(size_t size) +{ + ASSERT(size <= INT_MAX); + return (int)size; +} + /* * min/max functions */ @@ -188,8 +195,8 @@ index_verify(int index, int size, const char *file, int line) /** * Rounds down num to the nearest multiple of multiple */ -static inline unsigned int -round_down_uint(unsigned int num, unsigned int multiple) +static inline size_t +round_down_size(size_t num, size_t multiple) { return (num / multiple) * multiple; } diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 44b316da..d0471ebf 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -209,8 +209,8 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss) } } -static inline unsigned int -adjust_payload_max_cbc(const struct key_type *kt, unsigned int target) +static inline size_t +adjust_payload_max_cbc(const struct key_type *kt, size_t target) { if (!cipher_kt_mode_cbc(kt->cipher)) { @@ -223,13 +223,13 @@ adjust_payload_max_cbc(const struct key_type *kt, unsigned int target) /* With CBC we need at least one extra byte for padding and then need * to ensure that the resulting CBC ciphertext length, which is always * a multiple of the block size, is not larger than the target value */ - unsigned int block_size = cipher_kt_block_size(kt->cipher); - target = round_down_uint(target, block_size); + size_t block_size = cipher_kt_block_size(kt->cipher); + target = round_down_size(target, block_size); return target - 1; } } -static unsigned int +static size_t get_ip_encap_overhead(const struct options *options, const struct link_socket_info *lsi) { @@ -260,7 +260,7 @@ frame_calculate_fragment(struct frame *frame, struct key_type *kt, struct link_socket_info *lsi) { #if defined(ENABLE_FRAGMENT) - unsigned int overhead; + size_t overhead; overhead = frame_calculate_protocol_header_size(kt, options, false); @@ -269,12 +269,12 @@ frame_calculate_fragment(struct frame *frame, struct key_type *kt, overhead += get_ip_encap_overhead(options, lsi); } - unsigned int target = options->ce.fragment - overhead; + size_t target = options->ce.fragment - overhead; /* The 4 bytes of header that fragment adds itself. The other extra payload * bytes (Ethernet header/compression) are handled by the fragment code * just as part of the payload and therefore automatically taken into * account if the packet needs to fragmented */ - frame->max_fragment_size = adjust_payload_max_cbc(kt, target) - 4; + frame->max_fragment_size = clamp_size_to_int(adjust_payload_max_cbc(kt, target)) - 4; if (cipher_kt_mode_cbc(kt->cipher)) { @@ -298,7 +298,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, return; } - unsigned int overhead, payload_overhead; + size_t overhead, payload_overhead; overhead = frame_calculate_protocol_header_size(kt, options, false); @@ -327,7 +327,7 @@ frame_calculate_mssfix(struct frame *frame, struct key_type *kt, * by ce.mssfix */ /* This is the target value our payload needs to be smaller */ - unsigned int target = options->ce.mssfix - overhead; + size_t target = options->ce.mssfix - overhead; frame->mss_fix = (uint16_t)(adjust_payload_max_cbc(kt, target) - payload_overhead); diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c index 3c8468a9..c1d55ade 100644 --- a/src/openvpn/mtu.c +++ b/src/openvpn/mtu.c @@ -176,7 +176,7 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) */ const char *ciphername = o->ciphername; - unsigned int overhead = 0; + size_t overhead = 0; if (strcmp(o->ciphername, "BF-CBC") == 0) { @@ -194,7 +194,7 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) * the ciphers are actually valid for non tls in occ calucation */ init_key_type(&occ_kt, ciphername, o->authname, true, false); - unsigned int payload = frame_calculate_payload_size(frame, o, &occ_kt); + size_t payload = frame_calculate_payload_size(frame, o, &occ_kt); overhead += frame_calculate_protocol_header_size(&occ_kt, o, true); return payload + overhead;